Download
| Alert*
|
oval:org.secpod.oval:def:24849
The host is installed with Microsoft Windows Server 2003 SP2, Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8, Windows 8.1, Server 2012 or Server 2012 R2 and is prone to a Win32k null pointer dereference vulnerability. A flaw is present in the application, which fails to pro ... oval:org.secpod.oval:def:21558 The host is installed with Microsoft Windows Vista, Server 2008, Windows 7, Server 2008 R2, Windows 8, Windows 8.1, Server 2012 or Server 2012 R2 and is prone to a security bypass vulnerability. A flaw is present in the application, which fails to properly handle failed logon attempts. Successful ex ... oval:org.secpod.oval:def:10947 The host is installed with .NET Framework 4.5 and is prone to authentication bypass vulnerability. A flaw is present in the application, which fails to create policy requirements for custom Windows Communication Foundation (WCF) endpoint authentication in certain situations involving passwords over ... oval:org.secpod.oval:def:10946 The host is installed with .NET Framework 2.0, 3.5, 3.5.1, 4.0 or 4.5 and is prone to spoofing vulnerability. A flaw is present in the application, which fails to check signatures in XML file. Successful exploitation allows attackers to make undetected changes to signed XML documents via unspecified ... oval:org.secpod.oval:def:23103 The host is installed with Microsoft Windows Server 2003, Server 2008, Server 2008 R2, Windows Vista, Windows 7, Server 2012, Server 2012 R2, Windows 8 or Windows 8.1 and is prone to a remote code execution vulnerability. A flaw is present in the OLE automation array, which fails to handle specially ... oval:org.secpod.oval:def:24855 The host is installed with Microsoft Windows Server 2003 SP2, Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8, Windows 8.1, Server 2012 or Server 2012 R2 and is prone to a Win32k Pool buffer overflow vulnerability. A flaw is present in the application, which fails to properl ... oval:org.secpod.oval:def:24856 The host is installed with Microsoft Windows Server 2003 SP2, Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8, Windows 8.1, Server 2012 or Server 2012 R2 and is prone to a Win32k elevation of privilege vulnerability. A flaw is present in the application, which fails to prope ... oval:org.secpod.oval:def:24853 The host is installed with Microsoft Windows Server 2003 SP2, Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8, Windows 8.1, Server 2012 or Server 2012 R2 and is prone to a Win32k buffer overflow vulnerability. A flaw is present in the application, which fails to properly val ... oval:org.secpod.oval:def:23759 The host is installed with Microsoft Windows Server 2003, 2008, 2008 R2, 2012, 2012 R2, Windows Vista, 7, 8 or 8.1 and is prone to a remote code execution vulnerability. A flaw is present in the application, which fails to properly handle a specially crafted file or website. Successful exploitation ... oval:org.secpod.oval:def:23758 The host is installed with Microsoft Windows Server 2003, 2008, 2008 R2, 2012, 2012 R2, Windows Vista, 7, 8 or 8.1 and is prone to a remote code execution vulnerability. A flaw is present in the application, which fails to properly handle a specially crafted file or website. Successful exploitation ... oval:org.secpod.oval:def:23757 The host is installed with Microsoft Windows Server 2003, 2008, 2008 R2, 2012, 2012 R2, Windows Vista, 7, 8 or 8.1 and is prone to a remote code execution vulnerability. A flaw is present in the application, which fails to properly handle a specially crafted file or website. Successful exploitation ... oval:org.secpod.oval:def:23756 The host is installed with Microsoft Windows Server 2003, 2008, 2008 R2, 2012, 2012 R2, Windows Vista, 7, 8 or 8.1 and is prone to a remote code execution vulnerability. A flaw is present in the application, which fails to properly handle a specially crafted file or website. Successful exploitation ... oval:org.secpod.oval:def:23755 The host is installed with Microsoft Windows Server 2003, 2008, 2008 R2, 2012, 2012 R2, Windows Vista, 7, 8 or 8.1 and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to properly read or display certain fonts. Successful exploitation could allow ... oval:org.secpod.oval:def:23754 The host is installed with Microsoft Windows Server 2003, 2008, 2008 R2, 2012, 2012 R2, Windows Vista, 7, 8 or 8.1 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to properly manage memory when parsing fonts. Successful exploitation could allow at ... oval:org.secpod.oval:def:20770 The host is installed with Microsoft Server 2008, Server 2008 R2, Windows Vista, Windows 7, Server 2012, Server 2012 R2, Windows 8 or Windows 8.1 and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to handle a crafted application. An attacker wh ... oval:org.secpod.oval:def:24301 The host is installed with Microsoft Windows Vista, Server 2008, Windows 7, 2008 R2, Windows 8, 8.1, Server 2012 or Server 2012 R2 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to handle a specially crafted .msc file. Successful exploitation cou ... oval:org.secpod.oval:def:18533 The host is installed with .NET Framework 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4.0, 4.5 or 4.5.1 and is prone to privilege escalation vulnerability. A flaw is present in the application, which fails to handles TypeFilterLevel checks for some malformed objects. Successful exploitation allows attacker to exe ... oval:org.secpod.oval:def:21362 The host is installed with Microsoft Windows Server 2003, Server 2008, Server 2008 R2, Windows Vista, Windows 7, Server 2012, Server 2012 R2, Windows 8 or Windows 8.1 and is prone to a remote code execution vulnerability. A flaw is present in the application, which fails to properly handle TrueType ... oval:org.secpod.oval:def:20126 The host is installed with Windows journal in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, Windows 8.1 or Windows Server 2012 R2 and is prone to a remote code execution vulnerability. A flaw is present in the application, which fails ... oval:org.secpod.oval:def:21554 The host is installed with Microsoft Windows Server 2003 SP2, Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8, 8.1, Server 2012 or Server 2012 R2 and is prone to a remote code execution vulnerability. A flaw is present in the application, which fails to properly handle proce ... oval:org.secpod.oval:def:21549 The host is installed with Microsoft Windows Server 2008, Server 2008 R2, Windows Vista, Windows 7, Server 2012, Server 2012 R2, Windows 8 or Windows 8.1 and is prone to a remote code execution vulnerability. A flaw is present in the application, which fails to handle crafted OLE objects. Successful ... oval:org.secpod.oval:def:21548 The host is installed with Microsoft Windows Server 2003, Server 2008, Server 2008 R2, Windows Vista, Windows 7, Server 2012, Server 2012 R2, Windows 8 or Windows 8.1 and is prone to a remote code execution vulnerability. A flaw is present in the OLE automation array, which fails to handle crafted O ... oval:org.secpod.oval:def:21543 The host is installed with Microsoft XML Core Services 3.0 on Microsoft Windows Server 2003 SP2, Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8, 8.1, Server 2012 or Server 2012 R2 and is prone to a remote code execution vulnerability. A flaw is present in the application, w ... oval:org.secpod.oval:def:23477 The host is installed with Microsoft Windows Server 2003, Server 2008, Server 2008 R2, Windows Vista, Windows 7, Server 2012, Server 2012 R2, Windows 8 or Windows 8.1 and is prone to a security feature bypass vulnerability. A flaw is present in the group policy application of security configuration ... oval:org.secpod.oval:def:6709 The host is installed with Internet Explorer 6 through 9 and is prone to an asynchronous null object access remote code execution vulnerability. A flaw is present in the application, which fails to handle deleted objects in memory. Successful exploitation could allow attackers to execute arbitrary c ... oval:org.secpod.oval:def:6712 The host is missing a critical security update, according to Microsoft security bulletin MS12-052. The update is required to fix multiple vulnerabilities. A flaw is present in the application, which fails to handle deleted objects in memory. Successful exploitation could allow attackers to execute a ... oval:org.secpod.oval:def:6711 The host is installed with Internet Explorer 6 through 9 and is prone to a virtual function table corruption vulnerability. A flaw is present in the application, which fails to handle deleted objects in memory. Successful exploitation could allow attackers to execute arbitrary code. oval:org.secpod.oval:def:24084 The host is installed with Microsoft Windows 7 SP1, Server 2008 R2 SP1, Windows 8, 8.1, Server 2012 or Server 2012 R2 and is prone to a remote code execution vulnerability. A flaw is present in the HTTP.sys, which improperly parses specially crafted HTTP requests. Successful exploitation could allow ... oval:org.secpod.oval:def:24086 The host is installed with Microsoft Windows Server 2003 SP2, Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1 and is prone to a remote code execution vulnerability. A flaw is present in the application, which fails to process certain specially crafted Enhanced Metafile (EMF) image form ... oval:org.mitre.oval:def:7633 The extSetOwner function in the UfProxyBrowserCtrl ActiveX control (UfPBCtrl.dll) in Trend Micro Internet Security Pro 2010 allows remote attackers to execute arbitrary code via an invalid address that is dereferenced as a pointer. oval:org.secpod.oval:def:3433 The host is installed with Microsoft Time component and is prone to remote code execution vulnerability. A flaw is present in the application which is caused by a specially crafted Web page. Successful exploitation allows remote attacker gain user rights as the logged-on user. oval:org.secpod.oval:def:3434 The host is missing a critical security update according to Microsoft security bulletin, MS11-090. The update is required to fix remote code execution vulnerability. A flaw is present in Internet Explorer, which fails to handle a specially crafted web page. Successful exploitation could allow an at ... oval:org.secpod.oval:def:23767 The host is installed with Microsoft Windows 7 SP1, Server 2008 R2 SP1, Windows 8, 8.1, Server 2012 or Server 2012 R2 and is prone to a security feature bypass vulnerability. A flaw is present in the Windows Task Scheduler,which fails to properly validate and enforce impersonation levels. Successful ... oval:org.secpod.oval:def:23760 The host is installed with Microsoft Windows Server 2003, 2008, 2008 R2, 2012, 2012 R2, Windows Vista, 7, 8 or 8.1 and is prone to a remote code execution vulnerability. A flaw is present in the application, which fails to properly handle a specially crafted file or website. Successful exploitation ... oval:org.secpod.oval:def:24290 The host is installed with Windows journal in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, Windows 8.1 or Windows Server 2012 R2 and is prone to a remote code execution vulnerability. A flaw is present in the application, which fails ... oval:org.secpod.oval:def:24291 The host is installed with Windows journal in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, Windows 8.1 or Windows Server 2012 R2 and is prone to a remote code execution vulnerability. A flaw is present in the application, which fails ... oval:org.secpod.oval:def:24292 The host is installed with Windows journal in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, Windows 8.1 or Windows Server 2012 R2 and is prone to a remote code execution vulnerability. A flaw is present in the application, which fails ... oval:org.secpod.oval:def:24293 The host is installed with Windows journal in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, Windows 8.1 or Windows Server 2012 R2 and is prone to a remote code execution vulnerability. A flaw is present in the application, which fails ... oval:org.secpod.oval:def:24294 The host is installed with Windows journal in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, Windows 8.1 or Windows Server 2012 R2 and is prone to a remote code execution vulnerability. A flaw is present in the application, which fails ... oval:org.secpod.oval:def:24295 The host is installed with Windows journal in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, Windows 8.1 or Windows Server 2012 R2 and is prone to a remote code execution vulnerability. A flaw is present in the application, which fails ... oval:org.secpod.oval:def:25806 The host is installed with Microsoft XML Core Services 3.0 or Microsoft XML Core Services 6.0 on Microsoft Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8, 8.1, Server 2012 or Server 2012 R2 or Microsoft XML Core Services 5.0 on Microsoft Office 2007 SP2, SP3 or Micr ... oval:org.secpod.oval:def:24847 The host is installed with Microsoft Windows Server 2003 SP2, Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8, Windows 8.1, Server 2012 or Server 2012 R2 and is prone to an information disclosure vulnerability. A flaw is present in the Windows kernel-mode driver, which fails ... oval:org.secpod.oval:def:25349 The host is installed with Microsoft Windows Server 2003 SP2, Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8, Windows 8.1, Server 2012 or Server 2012 R2 and is prone to an elevation of privilege vulnerability. A flaw is present in the Windows kernel-mode driver, which fails ... oval:org.secpod.oval:def:25353 The host is installed with Microsoft Windows 7 SP1, Server 2008 R2 SP1, Windows 8, Windows 8.1, Server 2012 or Server 2012 R2 and is prone to an elevation of privilege vulnerability. A flaw is present in the Windows kernel-mode driver, which fails to properly handle objects in memory. Successful exp ... oval:org.secpod.oval:def:25354 The host is installed with Microsoft Windows Server 2003 SP2, Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8 or Server 2012 and is prone to an elevation of privilege vulnerability. A flaw is present in the Windows kernel-mode driver, which fails to properly handle objects i ... oval:org.secpod.oval:def:25350 The host is installed with Microsoft Windows Server 2003 SP2, Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8, Windows 8.1, Server 2012 or Server 2012 R2 and is prone to an information disclosure vulnerability. A flaw is present in the Windows kernel-mode driver, which fails ... oval:org.secpod.oval:def:23743 The host is installed with Microsoft Windows Server 2003 SP2, Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8, Windows 8.1, Server 2012 or Server 2012 R2 and is prone to an information disclosure vulnerability. A flaw is present in the Windows kernel-mode driver, which deref ... oval:org.secpod.oval:def:23752 The host is installed with Microsoft Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8, Windows 8.1, Server 2012 or Server 2012 R2 and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to properly handle uninitialize ... oval:org.secpod.oval:def:23742 The host is installed with Microsoft Windows Server 2003 SP2, Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8, Windows 8.1, Server 2012 or Server 2012 R2 and is prone to an information disclosure vulnerability. A flaw is present in the Windows kernel-mode driver, which leaks ... oval:org.secpod.oval:def:23741 The host is installed with Microsoft Windows Server 2003 SP2, Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8, Windows 8.1, Server 2012 or Server 2012 R2 and is prone to an information disclosure vulnerability. A flaw is present in the Windows kernel-mode driver, which fails ... oval:org.secpod.oval:def:23761 The host is installed with Microsoft Windows Server 2003, 2008, 2008 R2, 2012, 2012 R2, Windows Vista, 7, 8 or 8.1 and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to properly read or display certain fonts. Successful exploitation could allow ... oval:org.secpod.oval:def:24280 The host is installed with Microsoft Windows Server 2003 SP2, Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8, Windows 8.1, Server 2012 or Server 2012 R2 and is prone to an information disclosure vulnerability. A flaw is present in the Windows kernel-mode driver, which leaks ... oval:org.secpod.oval:def:24281 The host is installed with Microsoft Windows Server 2003 SP2, Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8, Windows 8.1, Server 2012 or Server 2012 R2 and is prone to an information disclosure vulnerability. A flaw is present in the Windows kernel-mode driver, which leaks ... oval:org.secpod.oval:def:24282 The host is installed with Microsoft Windows Server 2003 SP2, Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8, Windows 8.1, Server 2012 or Server 2012 R2 and is prone to an information disclosure vulnerability. A flaw is present in the Windows kernel-mode driver, which leaks ... oval:org.secpod.oval:def:24283 The host is installed with Microsoft Windows Server 2003 SP2, Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8, Windows 8.1, Server 2012 or Server 2012 R2 and is prone to an information disclosure vulnerability. A flaw is present in the Windows kernel-mode driver, which leaks ... oval:org.secpod.oval:def:24279 The host is installed with Microsoft Windows Server 2003 SP2, Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8, Windows 8.1, Server 2012 or Server 2012 R2 and is prone to an information disclosure vulnerability. A flaw is present in the Windows kernel-mode driver, which leaks ... oval:org.secpod.oval:def:24299 The host is installed with Microsoft Windows Server 2003, 2008, 2008 R2, 2012, 2012 R2, Windows 7, 8, 8.1 and is prone to an information disclosure vulnerability. A flaw is present in the application, which allows the use of a weak Diffie-Hellman ephemeral (DFE) key length of 512 bits in an encrypte ... oval:org.secpod.oval:def:21373 The host is installed with .Net framework 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1 or 4.5.2 and is prone to a remote code execution vulnerability. A flaw is present in the application, which fails to properly parse specially crafted internationalized resource identifiers resulting in memory corruption. Su ... oval:org.secpod.oval:def:10741 The host is installed with Microsoft Internet Explorer 6 through 10 and is prone to an use-after-free vulnerability. A flaw is present in the application, which fails to handle a crafted web site that triggers access to a deleted object. Successful exploitation could allow attackers to execute arbit ... oval:org.secpod.oval:def:10742 The host is installed with Microsoft Internet Explorer 6 through 10 and is prone to an use-after-free vulnerability. A flaw is present in the application, which fails to handle a crafted web site that triggers access to a deleted object. Successful exploitation could allow attackers to execute arbit ... oval:org.secpod.oval:def:10743 The host is missing a critical security update according to Microsoft Security bulletin MS13-028. The update is required to fix multiple use-after-free vulnerabilities. The flaws are present in the application, which fails to handle a crafted web site that triggers access to a deleted object. Succes ... oval:org.secpod.oval:def:10847 The host is installed with Microsoft Internet Explorer 6 through 10 and is prone to use-after-free vulnerability. A flaw is present in the application, which fails to handle a crafted web site that triggers access to a deleted object. Successful exploitation allows attackers to execute arbitrary cod ... oval:org.secpod.oval:def:21590 The host is installed with Internet Explorer 6, 7, 8, 9 or 10 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle a crafted website. Successful exploitation could allow attackers to gain the same user rights as the current user. oval:org.secpod.oval:def:21095 The host is installed with .Net framework 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1 or 4.5.2 and is prone to denial of service vulnerability. A flaw are present in the applications, which does not properly use a hash table for request data. Successful exploitation allows for an unauthenti ... oval:org.secpod.oval:def:23769 The host is installed with Microsoft Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 or Windows Server 2012 R2 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to properly free objects in memory. An unauthenticated attacker could use thi ... oval:org.secpod.oval:def:20766 The host is installed with Microsoft Windows 7, 8, 8.1, Server 2008 R2, 2012 or 2012 R2 and is prone to a security feature bypass vulnerability. A flaw is present in the application, which fails to free messages after considering it as an error. Successful exploitation could allow attackers to fill ... oval:org.secpod.oval:def:19797 The host is installed with Microsoft Windows Vista, Server 2008, Windows 7, Windows 8, Windows Server 2012, Windows Server 2008 R2, Windows 8.1 or Windows Server 2012 R2 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to properly processes special ... oval:org.secpod.oval:def:23112 The host is installed with Microsoft Windows Server 2008 R2, Windows Vista, Windows 7, Server 2012, Server 2012 R2, Windows 8 or Windows 8.1 and is prone to a directory traversal elevation of privilege vulnerability. A flaw is present in the TS WebProxy Windows component, which fails to properly san ... oval:org.secpod.oval:def:33792 The host is installed with Microsoft Server 2008, Server 2008 R2, Windows Vista, Windows 7, Server 2012, Server 2012 R2 or Windows 8.1 and is prone to an OLE Remote code execution vulnerability. A flaw is present in the application, which fails to properly validate user input. An attacker who succes ... oval:org.secpod.oval:def:3559 The host is installed with Serv-U FTP Server before 11.1.0.5 and is prone to directory traversal vulnerability. A flaw is present in the application, which fails to properly validate the given input. Successful exploitation allows remote attackers to disclose potentially sensitive information and ma ... oval:org.secpod.oval:def:51367 The host is missing a security update according to Microsoft advisory, ADV190009. oval:org.secpod.oval:def:6016 The host is missing a critical security update according to Microsoft Security Advisory, 2718704. The update is required to fix spoofing vulnerability. A flaw is present in the application, which fails to properly handle authorization of digital certificates. Successful exploitation could allow atta ... oval:org.secpod.oval:def:6975 The host is missing a security update according to Microsoft security advisory, 2736233. The update is required to provide a security feature in IE, which prevents ActiveX control from ever being loaded by the Internet Explorer HTML-rendering engine. Successful exploitation could allow attackers to ... oval:org.secpod.oval:def:5642 The host is missing a critical security update according to Microsoft Security Advisory, 2695962. The update is required to fix remote code execution vulnerability. A flaw is present in the application, which fails to prevent few ActiveX controls from being run in Internet Explorer. Successful explo ... oval:org.secpod.oval:def:4749 The host is missing a critical security update according to Microsoft Security Advisory, 2647518. The update is required to fix remote code execution vulnerability. A flaw is present in the application, which fails to prevent few ActiveX controls from being run in Internet Explorer. Successful explo ... oval:org.secpod.oval:def:24841 The host is installed with Microsoft Windows Vista, Windows 7, Windows 8, Windows Server 2008, Windows Server 2008 R2 or Windows Server 2012 and is prone to an elevation of privilege vulnerability. A flaw is present in the application, which fails to properly validate user input. Successful exploita ... oval:org.secpod.oval:def:25357 The host is installed with Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 or Windows Server 2012 R2 and is prone to a remote code execution vulnerability. A flaw is present in the application, which fails to handle crafted DLL. Successful exploitation could allow attackers to take ... oval:org.secpod.oval:def:25358 The host is installed with Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 and is prone to a dll planting remote code execution vulnerability. A flaw is present in the application, which fails to properly load crafted DLLs. Successful explo ... oval:org.secpod.oval:def:25334 The host is installed with Microsoft Windows 7, SP1, Windows 8, Windows 8.1, Windows Server 2012 or Windows Server 2012 R2 and is prone to a remote code execution vulnerability. A flaw is present in the application, which fails to properly handle a sequence of crafted packets. Successful exploitatio ... oval:org.secpod.oval:def:24110 The host is installed with .NET Framework 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4.0, 4.5 or 4.5.1 and is prone to an information disclosure vulnerability. A flaw is present in the application, which improperly handles certain requests on systems that have custom error messages disabled. Successful exploitat ... oval:org.secpod.oval:def:23773 The host is installed with Microsoft Windows Server 2003, 2008, 2008 R2, 2012, 2012 R2, Windows Vista, 7, 8, 8.1 and is prone to a WTS remote code execution vulnerability. A flaw is present in the application, which fails to properly handle objects in memory. Successful exploitation could allow atta ... oval:org.secpod.oval:def:24339 The host is installed with Microsoft .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2 and is prone to an opentype font parsing vulnerability. A flaw is present in the applications, which fail to handle a crafted OpenType font. Successful exploitation could allow attackers to execute arbi ... oval:org.secpod.oval:def:21365 The host is installed with Microsoft Windows Server 2008, Server 2008 R2, Windows Vista, Windows 7, Server 2012, Server 2012 R2, Windows 8 or Windows 8.1 and is prone to a remote code execution vulnerability. A flaw is present in the application, which fails to handle crafted OLE objects. Successful ... oval:org.secpod.oval:def:10744 The host is missing an important security update according to Microsoft bulletin, MS13-032. The update is required to fix a denial of service vulnerability. A flaw is present in an application, which fails to handle a crafted query. Successful exploitation could allow attackers to cause memory consu ... oval:org.secpod.oval:def:10745 The host is installed with Microsoft Active Directory or Active Directory Application Mode (ADAM) or Active Directory Lightweight Directory Service (AD LDS) or Active Directory Services and is prone to a denial of service vulnerability. A flaw is present in an application, which fails to handle a cr ... oval:org.secpod.oval:def:25844 The host is installed with Microsoft Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8, Server 2012, Windows 8.1 or Server 2012 R2 and is prone to an Onetype font parsing vulnerability. A flaw is present in the application, which fails to handle a crafted OpenType font ... oval:org.secpod.oval:def:25847 The host is installed with Microsoft Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8, Server 2012, Windows 8.1 or Server 2012 R2 and is prone to an elevation of privilege vulnerability. A flaw is present in the application, which terminates a process when a user logs ... oval:org.secpod.oval:def:25848 The host is installed with Microsoft Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8, Server 2012, Windows 8.1 or Server 2012 R2 and is prone to a security feature bypass vulnerability. A flaw is present in the Windows kernel-mode driver, which fails to properly vali ... oval:org.secpod.oval:def:25853 The host is installed with Microsoft Microsoft Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8, Server 2012, Windows 8.1, Server 2012 R2, .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2 or 4.6 and is prone to an Onetype font parsing vulnerability. A flaw ... oval:org.secpod.oval:def:25814 The host is installed with Microsoft Windows Server 2008 R2, Server 2008, Windows Vista, Windows 7, Server 2012, Server 2012 R2, Windows 8 or Windows 8.1 and is prone to a remote desktop session host spoofing vulnerability. A flaw is present in the application, which fails to properly validate certi ... oval:org.secpod.oval:def:25815 The host is installed with Microsoft Windows Server 2008 R2 or Windows 7 and is prone to a remote desktop protocol DLL planting remote code execution vulnerability. A flaw is present in the application, which fails to properly load certain specially crafted files. Successful exploitation could allow ... oval:org.secpod.oval:def:21556 The host is installed with Microsoft Windows Vista, Server 2008, Windows 7, Server 2008 R2, Windows 8, Windows 8.1, Server 2012 or Server 2012 R2 and is prone to an elevation of privilege vulnerability. A flaw is present in the application, which fails to validate permissions under specific conditio ... oval:org.secpod.oval:def:21564 The host is installed with .NET Framework 1.1 SP1, 2.0 SP2, 3.5.1, 4.0, 4.5 or 4.5.1 and is prone to elevation of privilege vulnerability. A flaw is present in the application, which fails to handle TypeFilterLevel checks for some malformed objects. Successful exploitation allows attacker to execute ... oval:org.secpod.oval:def:25346 The host is installed with Microsoft Server 2003, Server 2008, Server 2008 R2, Windows Vista, Windows 7, Server 2012, Server 2012 R2, Windows 8 or Windows 8.1 and is prone to an OLE elevation of privilege vulnerability. A flaw is present in the application, which fails to properly validate user inpu ... oval:org.secpod.oval:def:25347 The host is installed with Microsoft Server 2003, Server 2008, Server 2008 R2, Windows Vista, Windows 7, Server 2012, Server 2012 R2, Windows 8 or Windows 8.1 and is prone to an OLE elevation of privilege vulnerability. A flaw is present in the application, which fails to properly validate user inpu ... oval:org.secpod.oval:def:34315 The host is installed with Windows Media Center on Microsoft Windows Vista, 7 or 8.1 and is prone to a remote Code Execution Vulnerability. A flaw is present in the application, which fails to handle a specially crafted Media Center link (.mcl) file that references malicious code. Successful exploit ... oval:org.secpod.oval:def:18530 The host is installed with Microsoft Windows Vista, Server 2008, Windows 7, Server 2008 R2, Windows 8, Server 2012, Windows 8.1 or Server 2012 R2 and is prone to an elevation of privilege vulnerability. A flaw is present in the application, which fails to properly handle passwords being distributed ... oval:org.secpod.oval:def:19801 The host is installed with Microsoft XML Core Services 3.0 on Microsoft Windows Server 2003 SP2, Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8, 8.1, Server 2012 or Server 2012 R2 or Microsoft XML Core Services 6.0 on Microsoft Windows Server 2003 SP2, Vista SP2, Server 200 ... oval:org.secpod.oval:def:20814 The host is installed with .Net framework 2.0, 3.0 or 3.5.1 and is prone to an security feature bypass vulnerability. A flaw is present in the application, which fails to handle a crafted web site. Successful exploitation could allow an attacker to bypass the Address Space Layout Randomization (ASLR ... oval:org.secpod.oval:def:23099 The host is installed with Microsoft Windows Server 2003, Server 2008, Server 2008 R2, Windows Vista, Windows 7, Server 2012, Server 2012 R2, Windows 8 or Windows 8.1 and is prone to an elevation of privilege vulnerability. A flaw is present in the WebDAV Kernel-Mode Driver, which fails to properly ... oval:org.secpod.oval:def:23106 The host is installed with Microsoft Windows Server 2008 R2, Windows 7, Windows 8, Windows 8.1, Windows Server 2012 or Windows Server 2012 R2 and is prone to an elevation of privilege vulnerability. The flaw is present in the Windows application compatibility cache, which fails to handle a specially ... oval:org.secpod.oval:def:23110 The host is installed with Microsoft Windows Server 2003, Windows 7, 8, 8.1, Server 2008, 2008 R2, 2012 or 2012 R2 and is prone to an elevation of privilege vulnerability. A flaw is present in the application, which fails to validate user privileges to load registry hives. Successful exploitation co ... oval:org.secpod.oval:def:23104 The host is installed with Microsoft Windows 7, 8, 8.1, Server 2008, 2008 R2, 2012 or 2012 R2 and is prone to a security feature bypass vulnerability. A flaw is present in the application, which fails to fails to properly validate whether a domain-connected computer is connected to the domain or to ... oval:org.secpod.oval:def:20093 The host is installed with DirectShow in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, Windows 8.1 or Windows Server 2012 R2 and is prone to a elevation of privilege vulnerability. A flaw is present in the application, which fails to ... oval:org.secpod.oval:def:20094 The host is installed with Microsoft Windows Server 2008, Server 2008 R2, Windows Vista, Windows 7, Server 2012, Server 2012 R2, Windows 8 or Windows 8.1 and is prone to an elevation of privilege vulnerability. A flaw is present in the application, which fails to properly handle objects in memory. S ... oval:org.secpod.oval:def:21374 The host is installed with .Net framework 2.0 SP2 or 3.5.1 and is prone to a ASLR execution vulnerability. A flaw is present in the application, which fails to properly handle a specially crafted content. Successful exploitation allows attacker to bypass the ASLR security feature. oval:org.secpod.oval:def:21372 The host is installed with .Net framework 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1 or 4.5.2 and is prone to an elevation of privilege vulnerability. A flaw is present in the application, which inadvertently processes data prior to verification. Successful exploitation allows attacker to take complete cont ... oval:org.secpod.oval:def:21361 The host is installed with Microsoft Windows Server 2003, Server 2008, Server 2008 R2, Windows Vista, Windows 7, Server 2012, Server 2012 R2, Windows 8 or Windows 8.1 and is prone to an elevation of privilege vulnerability. A flaw is present in the application, which fails to properly handle objects ... oval:org.secpod.oval:def:32914 The host is installed with Vista SP2, Server 2008 SP2, Windows 7 SP1 or Server 2008 R2 SP1 and is prone to an elevation of privilege vulnerability. A flaw is present in the Windows kernel, which fails to properly handle objects in memory. Successful exploitation could run arbitrary code in kernel mo ... oval:org.secpod.oval:def:25810 The host is installed with Microsoft Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8, Server 2012, Windows 8.1 or Server 2012 R2 and is prone to an elevation of privilege vulnerability. A flaw is present in the application, which fails to properly validate and enforc ... oval:org.secpod.oval:def:25811 The host is installed with Microsoft Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8, Server 2012, Windows 8.1 or Server 2012 R2 and is prone to an elevation of privilege vulnerability. A flaw is present in the application, which improperly allows certain registry in ... oval:org.secpod.oval:def:25812 The host is installed with Microsoft Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8, Server 2012, Windows 8.1 or Server 2012 R2 and is prone to an elevation of privilege vulnerability. A flaw is present in the application, which improperly allows certain filesystem ... oval:org.secpod.oval:def:21569 The host is installed with Microsoft Input method editor Japanese on Microsoft Windows Server 2003, Server 2008, Server 2008 R2 or Windows 7 and is prone to an elevation of privilege vulnerability. A flaw is present in the application, which fails to properly handle a specially crafted file. Success ... oval:org.secpod.oval:def:37929 The host is installed with Microsoft Windows Vista SP2, Server 2008 SP2, Windows 7 SP1 or Server 2008 R2 SP1 and is prone to an elevation of privilege vulnerability. A flaw is present in the application, which fails to properly handle Windows Kernel API. An attacker who successfully exploited the vu ... oval:org.secpod.oval:def:21615 The host is installed with Microsoft Windows 2003 SP2, Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8, 8.1, Server 2012 or Server 2012 R2 and is prone to a remote elevation of privilege vulnerability. A flaw is present in the application, which fails to handle a forged sign ... oval:org.secpod.oval:def:23492 The host is installed with Microsoft Windows Server 2003 SP2, Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8, 8.1, Server 2012 or Server 2012 R2 and is prone to an elevation of privilege vulnerability. A flaw is present in the application, which improperly handles objects i ... oval:org.secpod.oval:def:23491 The host is missing an important security update according to Microsoft security bulletin MS15-010. The update is required to fix multiple vulnerabilities. The flaw is present in the Windows Kernel-Mode driver, which fails to handle crafted vectors. Successful exploitation could allow attackers to g ... oval:org.secpod.oval:def:23497 The host is installed with Microsoft Windows 7 SP1, Server 2008 R2 SP1, Windows 8, 8.1, Server 2012 or Server 2012 R2 and is prone to a remote code execution vulnerability. A flaw is present in the application, which improperly handles TrueType fonts. An attacker who successfully exploited this vuln ... oval:org.secpod.oval:def:23495 The host is installed with Microsoft Windows Server 2003 SP2, Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8, 8.1, Server 2012 or Server 2012 R2 and is prone to a denial of service vulnerability. A flaw is present in the application, which improperly handles a malicious fil ... oval:org.secpod.oval:def:23494 The host is installed with Microsoft Windows Server 2003 SP2, Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8, 8.1, Server 2012 or Server 2012 R2 and is prone to an elevation of privilege vulnerability. A flaw is present in the application, which improperly handles objects i ... oval:org.secpod.oval:def:23479 The host is installed with Microsoft Windows Server 2008 R2, Windows 7, Windows 8, Windows 8.1, Windows Server 2012 or Windows Server 2012 R2 and is prone to an elevation of privilege vulnerability. The flaw is present in the windows create process, which fails to properly validate and enforce imper ... oval:org.secpod.oval:def:18180 The host is installed with Windows Server 2003, Server 2008, Vista, Windows 7, Server 2008 R2, Server 2012, Windows 8.1 or Server 2012 R2 and is prone to an elevation of privilege vulnerability. A flaw is present in the application, which fails to properly handle file association. Successful exploit ... oval:org.secpod.oval:def:33815 The host is installed with Microsoft .NET Framework 4.6 or .NET Framework 4.6.1 on Microsoft Windows Vista SP2, Server 2008 SP2, Windows 7 SP1 or Server 2008 R2 SP1 and is prone to a remote code execution vulnerability. A flaw is present in the application, which fails to properly validate input bef ... oval:org.secpod.oval:def:25338 The host is installed with Microsoft Windows 2003 SP2, Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8, 8.1, Server 2012 or Server 2012 R2 and is prone to a RPC elevation of privilege vulnerability. A flaw is present in the application, which inadvertently allows DCE/RPC con ... oval:org.secpod.oval:def:25341 The host is missing an important security update according to Microsoft security bulletin, MS15-077. The update is required to fix a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle objects in memory. An attacker who successfully exploited this vu ... oval:org.secpod.oval:def:25344 The host is installed with Microsoft Windows Server 2003 SP2, Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8, 8.1, Server 2012, 2012 R2 and is prone to an elevation of privilege vulnerability. A flaw is present in the application, which fails to process certain specially cr ... oval:org.secpod.oval:def:25340 The host is installed with Microsoft Windows Server 2003, 2008, 2008 R2, 2012, 2012 R2, Windows Vista, 7, 8 or 8.1 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle objects in memory. An attacker who successfully exploited this vu ... oval:org.secpod.oval:def:24082 The host is installed with Microsoft XML Core Services 3.0 in Microsoft Windows Server 2003 SP2, Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1 and is prone to a same origin policy SFB vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful ... oval:org.secpod.oval:def:24107 The host is installed with Microsoft Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8, Server 2012, Windows 8.1 or Server 2012 R2 and is prone to a NtCreateTransactionManager type confusion vulnerability. A flaw is present in the application, which fails to properly validate ... oval:org.secpod.oval:def:24109 The host is installed with Microsoft Server 2003, Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8, Server 2012, Windows 8.1 or Server 2012 R2 and is prone to MS-DOS device name vulnerability. A flaw is present in the application, which fails to properly validate and enforce ... oval:org.secpod.oval:def:3427 The host is installed with Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7 (32 bit versions) and is prone to a privilege escalation vulnerability. A flaw is present in the applications, which fail to properly handle the way the kernel accesses an object that has not be ... oval:org.secpod.oval:def:3428 The host is missing an important security update according to Microsoft security bulletin, MS11-098. The update is required to fix a privilege escalation vulnerability. A flaw is present in the applications, which fail to properly handle the way the kernel accesses an object that has not been correc ... oval:org.secpod.oval:def:23776 The host is installed with Microsoft Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8, 8.1, Server 2012 or Server 2012 R2 and is prone to an elevation of privilege vulnerability. The flaw is present in the application, which exists in the way that Windows Registry Vir ... oval:org.secpod.oval:def:23775 The host is installed with Microsoft Windows Server 2003 SP2, Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1 and is prone to an elevation of privilege vulnerability. The flaw is present in the application, when Windows fails to properly validate and enforce impersonation levels. An at ... oval:org.secpod.oval:def:32717 The host is installed with Microsoft Windows 7 or Server 2008 R2 and is prone to security bypass vulnerability. The flaws are present in the application, which fails to handle a macro or scripting feature in an application. Successful exploitation allows attackers to bypass intended access restricti ... oval:org.secpod.oval:def:20768 The host is installed with Microsoft Server 2003, Server 2008, Server 2008 R2, Windows Vista, Windows 7, Server 2012, Server 2012 R2, Windows 8 or Windows 8.1 and is prone to an elevation of privilege vulnerability. A flaw is present in the application, which fails to handle a crafted application. S ... oval:org.secpod.oval:def:20769 The host is installed with Microsoft Server 2003, Server 2008, Server 2008 R2, Windows Vista, Windows 7, Server 2012, Server 2012 R2, Windows 8 or Windows 8.1 and is prone to an elevation of privilege vulnerability. A flaw is present in the application, which fails to handle a crafted application. S ... oval:org.secpod.oval:def:20772 The host is installed with Microsoft Server 2003, Server 2008, Server 2008 R2, Windows Vista, Windows 7, Server 2012, Server 2012 R2, Windows 8 or Windows 8.1 and is prone to an elevation of privilege vulnerability. A flaw is present in the application, which improperly handles the repair of a previ ... oval:org.secpod.oval:def:24297 The host is installed with Windows Vista, 7, 8 or 8.1, Server 2008, 2008 R2, 2012 or 2012 R2 and is prone to an elevation of privilege vulnerability. A flaw is present in the application, which improperly verifies impersonation levels. Successful exploitation could allow attackers to gain elevated p ... oval:org.secpod.oval:def:24303 The host is installed with .NET Framework 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4.0, 4.5, 4.5.1 or 4.5.2 and is prone to an elevation of privilege vulnerability. A flaw is present in the Windows Forms, which improperly handle objects in memory. Successful exploitation allows attackers to take complete contr ... oval:org.secpod.oval:def:20096 The host is installed with Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, Windows 8.1 or Windows Server 2012 R2 and is prone to a privilege escalation vulnerability. A flaw is present in the application, which fails to properly validat ... oval:org.secpod.oval:def:24854 The host is installed with Microsoft Windows Server 2003 SP2, Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8, Windows 8.1, Server 2012 or Server 2012 R2 and is prone to a Microsoft Windows Kernel brush object use after free vulnerability. A flaw is present in the applicatio ... oval:org.secpod.oval:def:24845 The host is installed with Microsoft Windows Vista, Windows 7, Windows 8, Windows Server 2008, Windows Server 2008 R2, Windows 8.1, Windows Server 2012 or Windows Server 2012 R2 and is prone to an use after free vulnerability. A flaw is present in the application, which fails to properly access an o ... oval:org.secpod.oval:def:24848 The host is installed with Microsoft Windows Server 2003 SP2, Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8, Windows 8.1, Server 2012 or Server 2012 R2 and is prone to an use after free vulnerability. A flaw is present in the Windows kernel-mode driver, which fails to prop ... oval:org.secpod.oval:def:24850 The host is installed with Microsoft Windows Server 2003 SP2, Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8, Windows 8.1, Server 2012 or Server 2012 R2 and is prone to a kernel bitmap handling use after free vulnerability. A flaw is present in the application, which fails ... oval:org.secpod.oval:def:24851 The host is installed with Microsoft Windows Server 2003 SP2, Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8, Windows 8.1, Server 2012 or Server 2012 R2 and is prone to a Microsoft Windows station use after free vulnerability. A flaw is present in the application, which fai ... oval:org.secpod.oval:def:24852 The host is installed with Microsoft Windows Server 2003 SP2, Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8, Windows 8.1, Server 2012 or Server 2012 R2 and is prone to a Microsoft Windows Kernel object use after free vulnerability. A flaw is present in the application, whi ... oval:org.secpod.oval:def:20774 The host is installed with Windows Media Center in Microsoft Windows Vista, 7, 8 or 8.1 and is prone to a CSyncBasePlayer use after free vulnerability. A flaw is present in the application, which fails to specially crafted Microsoft Office file that invokes Windows Media Center resources. Successful ... oval:org.secpod.oval:def:17389 The host is installed with Windows XP, Windows Vista, Windows Server 2008, Windows Server 2008 R2, Windows Server 2003, Windows 7, Windows 8, Windows Server 2012, Windows 8.1 or Windows Server 2012 R2 and is prone to a remote code execution vulnerability. A flaw is present in the application, which ... oval:org.secpod.oval:def:23774 The host is installed with Microsoft Windows Server 2003, 2008, 2008 R2, 2012, 2012 R2, Windows Vista, 7, 8, 8.1 and is prone to a DLL planting remote code execution vulnerability. A flaw is present in the application, which fails to properly handle loading of DLL files. Successful exploitation coul ... oval:org.secpod.oval:def:25808 The host is installed with Microsoft XML Core Services 3.0 or on Microsoft Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8, 8.1, Server 2012 or Server 2012 R2 or Microsoft XML Core Services 5.0 on Microsoft Office 2007 SP2 and is prone to an information disclosure vu ... oval:org.secpod.oval:def:25802 The host is installed with Microsoft Windows Vista, Server 2008, Windows Server 2008 R2, Windows 7, Windows 8, Windows 8.1, Windows Server 2012 or Windows Server 2012 R2 and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to handle crafted data. ... oval:org.secpod.oval:def:25807 The host is installed with Microsoft XML Core Services 3.0 or on Microsoft Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8, 8.1, Server 2012 or Server 2012 R2 or Microsoft XML Core Services 5.0 on Microsoft Office 2007 SP2 and is prone to an information disclosure vu ... oval:org.secpod.oval:def:23765 The host is installed with Microsoft Windows Server 2003 SP2, Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8, 8.1, Server 2012 or Server 2012 R2 and is prone to a security feature bypass vulnerability. A flaw is present in the application, that is caused by an issue in the ... oval:org.secpod.oval:def:19799 The host is installed with Microsoft Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 or Windows Server 2012 R2 and is prone to tampering vulnerability. A flaw is present in the applications, which fail to properly handle robust encryption for an RDP session. Successful exploitation allows ... oval:org.secpod.oval:def:24304 The host is installed with .NET Framework 2.0 SP2, 3.5, 3.5.1, 4.0, 4.5, 4.5.1 or 4.5.2 and is prone to a denial of service vulnerability. A flaw is present in the application, which improperly handle crafted XML data. Successful exploitation allows attackers to degrade the performance of a .NET-ena ... oval:org.mitre.oval:def:7604 Unspecified vulnerability in Apple iTunes before 9.1 allows local users to gain console privileges via vectors related to log files, "insecure file operation," and syncing an iPhone, iPad, or iPod touch. oval:org.secpod.oval:def:21540 The host is installed with Microsoft Windows Server 2003, Server 2008, Server 2008 R2, Windows Vista, Windows 7, Server 2012, Server 2012 R2, Windows 8 or Windows 8.1 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to properly handle a specially c ... oval:org.secpod.oval:def:24844 The host is installed with Microsoft Windows Media Player 9 through 12 and is prone to remote code execution vulnerability. A flaw is present in the application, which fails to handle crafted DataObject on a web site. Successful exploitation could allow attackers to execute arbitrary code on the aff ... oval:org.secpod.oval:def:6769 The host is installed with Wireshark 1.8.x before 1.8.2 and is prone to denial of service vulnerability. A flaw is present in the application, which fails to handle the pcapng_read_packet_block function in wiretap/pcapng.c in the pcap-ng file parser. Successful exploitation allows remote attackers t ... oval:org.secpod.oval:def:6781 The host is installed with Wireshark 1.8.x before 1.8.2 and is prone to an integer signedness error vulnerability. A flaw is present in the application, which fails to handle the vwr_read_rec_data_ethernet function in wiretap/vwr.c in the Ixia IxVeriWave file parser. Successful exploitation allows u ... oval:org.secpod.oval:def:5096 The host is installed with Microsoft Internet Explorer 6 through 8 and is prone to a VML style remote code execution vulnerability. A flaw is present in the application, which fails to properly handle a deleted object in memory. Successful exploitation could allow attackers to execute arbitrary code ... oval:org.secpod.oval:def:1450 The host is installed with Microsoft Internet Explorer and is prone to memory corruption vulnerability. A flaw is present in the browser, which fails to access an object that has not been properly initialized or has been deleted. Successful exploitation could allow remote attackers to execute arbitr ... oval:org.secpod.oval:def:1451 The host is installed with Microsoft Internet Explorer and is prone to HTTP Redirect memory corruption vulnerability. A flaw is present in the browser, which fails to access an object that has not been properly initialized or has been deleted. Successful exploitation could allow remote attackers to ... oval:org.secpod.oval:def:1448 The host is installed with Microsoft Internet Explorer and is prone to drag and drop information disclosure vulnerability. A flaw is present in the browser, which fails to handle a crafted Web page. Successful exploitation could allow remote attackers to execute arbitrary code or gain sensitive info ... oval:org.secpod.oval:def:5093 The host is installed with Microsoft Internet Explorer 9 and is prone to a remote code execution vulnerability. A flaw is present in the application, which fails to handle objects in memory that have been deleted. Successful exploitation could allow attackers to execute arbitrary code. oval:org.secpod.oval:def:5092 The host is installed with Microsoft Internet Explorer 6 through 9 and is prone to a remote code execution vulnerability. A flaw is present in the application, which fails to handle a crafted HTML document. Successful exploitation could allow attackers to execute arbitrary code. oval:org.secpod.oval:def:5097 The host is missing a critical security update according to Microsoft security bulletin, MS12-023. The update is required to fix multiple remote code execution vulnerabilities. The flaws are present in the application, which fails to properly handle malicious data. Successful exploitation could allo ... oval:org.secpod.oval:def:5095 The host is installed with Microsoft Internet Explorer 6 through 9 and is prone to a SelectAll remote code execution vulnerability. A flaw is present in the application, which fails to properly handle a deleted object in memory. Successful exploitation could allow attackers to execute arbitrary code ... oval:org.secpod.oval:def:5586 The host is missing a critical security update according to Microsoft security bulletin, MS12-035. The update is required to fix a remote code execution vulnerability. The flaws are present in .NET Framework, which fail to handle a specially crafted webpage. Successful exploitation could allow remot ... oval:org.secpod.oval:def:5583 The host is missing an important security update according to Microsoft security bulletin, MS12-032. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to properly handle crafted data. Successful exploitation could allow attackers to gain pr ... oval:org.secpod.oval:def:5589 The host is installed with Microsoft .Net Framework 1.1 SP1 or 2.0 SP2 or 3.0 SP2 or 3.5 SP1 or 3.5.1 or 4.0 and is prone to remote code execution vulnerability. A flaw is present in the Microsoft .NET Framework, which fails due to the improper serialization of untrusted input through partially trus ... oval:org.secpod.oval:def:5588 The host is installed with Microsoft .Net Framework 1.1 SP1 or 2.0 SP2 or 3.0 SP2 or 3.5 SP1 or 3.5.1 or 4.0 and is prone to remote code execution vulnerability. A flaw is present in the Microsoft .NET Framework, which fails due to the improper serialization of untrusted input. Successful exploitati ... oval:org.secpod.oval:def:5582 The host is installed with Microsoft Windows Vista SP2, Windows Server 2008 R2 or R2 SP1, Windows 7 Gold or SP1 and is prone to a privilege escalation vulnerability. A flaw is present in the application, which fails to properly handle a crafted application that binds an IPv6 address to a local inter ... oval:org.secpod.oval:def:5581 The host is installed with Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2 or R2 SP1, or Windows 7 or SP1 and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to properly enforce firewall rules for outbound broadcast packets. Successful ... oval:org.secpod.oval:def:1199 The host is installed with Microsoft Internet Explorer and is prone to link properties handling memory corruption vulnerability. A flaw is present in the browser, which fails to handle link properties object. Successful exploitation could allow remote attackers to execute arbitrary code or gain sens ... oval:org.secpod.oval:def:1200 The host is installed with Microsoft Internet Explorer and is prone to DOM manipulation memory corruption vulnerability. A flaw is present in the browser, which fails to access an object that has not been properly initialized or has been deleted. Successful exploitation could allow remote attackers ... oval:org.secpod.oval:def:1203 The host is installed with Microsoft Internet Explorer and is prone to time element memory corruption vulnerability. A flaw is present in the browser, which fails to access an object that has not been properly initialized or has been deleted. Successful exploitation could allow remote attackers to e ... oval:org.secpod.oval:def:1202 The host is installed with Microsoft Internet Explorer and is prone to drag and drop memory corruption vulnerability. A flaw is present in the browser, which fails to access an object that has not been properly initialized or has been deleted. Successful exploitation could allow remote attackers to ... oval:org.secpod.oval:def:1204 The host is installed with Microsoft Internet Explorer and is prone to DOM modification memory corruption vulnerability. A flaw is present in the browser, which fails to access an object that has not been properly initialized or has been deleted. Successful exploitation could allow remote attackers ... oval:org.secpod.oval:def:1206 The host is missing a Critical security update according to Microsoft security bulletin, MS11-052. The update is required to fix remote code execution vulnerability. A flaw is present in the way that Microsoft Internet Explorer 6/7/8 accesses an object that has not been correctly initialized or has ... oval:org.secpod.oval:def:1271 The host is installed with Microsoft Internet Explorer and is prone to MIME sniffing information disclosure vulnerability. A flaw is present in the browser, which allows to view content from a different domain or zone when a user downloads Web content. Successful exploitation could allow remote atta ... oval:org.secpod.oval:def:1383 The host is missing a critical security update according to Microsoft security bulletin, MS10-041. The update is required to fix data tampering vulnerability. A flaw is present in the Microsoft .NET Framework, which allows data tampering of signed XML content without being detected. Successful explo ... oval:org.secpod.oval:def:4137 The host is installed with Internet Explorer 6,7,8 or 9 and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to properly perform copy-and-paste operations. Successful exploitation could allow attackers to read content from a different (1) domain ... oval:org.secpod.oval:def:4138 The host is installed with Internet Explorer 7,8 or 9 and is prone to a remote code execution vulnerability. A flaw is present in the application, which fails to properly handle access to a deleted object. Successful exploitation could allow attackers to execute arbitrary code. oval:org.secpod.oval:def:4136 The host is missing a critical security update according to Microsoft bulletin, MS12-010. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle a specially crafted web page. Successful exploitation could allow attackers to execute arb ... oval:org.secpod.oval:def:4139 The host is installed with Internet Explorer 9 and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to properly handle the creation and initialization of string objects. Successful exploitation could allow remote attackers to read data from arbit ... oval:org.secpod.oval:def:4140 The host is installed with Internet Explorer 9 and is prone to a remote code execution vulnerability. A flaw is present in the application, which fails to properly handle access to a deleted object. Successful exploitation could allow remote attackers to execute arbitrary code. oval:org.secpod.oval:def:5130 The host is missing an important security update according to Microsoft security bulletin, MS12-025. The update is required to fix a remote code execution vulnerability. A flaw is present in the application, which fails to properly validate parameters when passing data to a function. Successful expl ... oval:org.secpod.oval:def:5129 The host is installed with Microsoft .NET Framework 1.1 SP1 or 2.0 SP2 or 3.5.1 or 4 and is prone to remote code execution vulnerability. A flaw is present in the application, which fails to properly validate parameters when passing data to a function. Successful exploitation allows remote attackers ... oval:org.secpod.oval:def:3430 The host is installed with Internet Explorer 9 and is prone to remote code execution vulnerability. A flaw is present in thr application, which fails to properly restrict the path used for loading external libraries. Successful exploitation allows attackers to run arbitrary code. oval:org.secpod.oval:def:3431 The host is installed with Internet Explorer 6 or 7 or 8 or 9 and is prone to information disclosure vulnerability. A flaw is present in the application, which fails to properly handle Web pages. Successful exploitation allows attackers to to view content from a different domain or Internet Explorer ... oval:org.secpod.oval:def:3432 The host is missing an important security update according to Microsoft security bulletin, MS11-099. The update is required to fix information disclosure and remote code execution vulnerabilities. The flaws are present in the applications, which fail to properly handle XSS Filter and loading of libr ... oval:org.secpod.oval:def:3429 The host is installed with Internet Explorer 9 and is prone to information disclosure vulnerability. A flaw is present in the application, which fails to properly handle XSS Filter. Successful exploitation allows attackers to view content from another domain or Internet Explorer zone. oval:org.secpod.oval:def:1764 The host is installed with Microsoft Internet Explorer and is prone to memory corruption vulnerability. A flaw is present in the browser, which fails to validate a specially crafted Web page disguised as legitimate content. Successful exploitation could allow remote attackers to execute arbitrary co ... oval:org.secpod.oval:def:1763 The host is installed with Microsoft Internet Explorer and is prone to window open race condition remote code execution vulnerability. A flaw is present in the browser, which fails to handle a object that has been corrupted due to a race condition. Successful exploitation could allow remote attacker ... oval:org.secpod.oval:def:1766 The host is installed with Microsoft Internet Explorer and is prone to memory corruption vulnerability. A flaw is present in the browser, which allow script to gain access to information in another domain or Internet Explorer zone when a specially crafted strings in to a web site. Successful exploit ... oval:org.secpod.oval:def:1765 The host is installed with Microsoft Internet Explorer and is prone to memory corruption vulnerability. A flaw is present in the browser telnet URI handler, which fails to access an object that has not been properly initialized or has been deleted. Successful exploitation could allow remote attacker ... oval:org.secpod.oval:def:1768 The host is installed with Microsoft Internet Explorer and is prone to memory corruption vulnerability. A flaw is present in the browser, which fails to access an object that has not been properly initialized or has been deleted. Successful exploitation could allow remote attackers to execute arbitr ... oval:org.secpod.oval:def:1767 The host is installed with Microsoft Internet Explorer and is prone to memory corruption vulnerability. A flaw is present in the browser, which fails to access an object that has not been properly initialized or has been deleted. Successful exploitation could allow remote attackers to execute arbitr ... oval:org.secpod.oval:def:1737 The host is installed with Windows Server 2008 or Windows 7 and is prone to remote code execution vulnerability. A flaw is present in the Windows data access tracing component, as it fails to properly load the DLL files. Successful exploitation could allow an attacker to take complete control of an ... oval:org.secpod.oval:def:1736 The host is missing an important security update according to Microsoft security bulletin, MS11-059. The update is required to fix a remote code execution vulnerability. A flaw is present in the Windows data access tracing component, as it fails to properly load the DLL files. Successful exploitatio ... oval:org.secpod.oval:def:1392 The host is missing a critical security update according to Microsoft security bulletin, MS11-053. The update is required to fix a remote code execution vulnerability. A flaw is present in in the Windows Bluetooth 2.1 Stack due to the way an object in memory is accessed when it has not been correctl ... oval:org.secpod.oval:def:1391 The host is installed with Windows Vista Sp1 or Sp2 or Windows 7 and is prone to a remote code execution vulnerability. A flaw is present in the Bluetooth 2.1 stack, due to the way an object in memory is accessed when it has not been correctly initialized or has been deleted. Successful exploitation ... oval:org.secpod.oval:def:1524 The host is missing a Critical security update according to Microsoft security bulletin, MS11-046.. The update is required to fix a privilege escalation vulnerability. The flaw is present in the application, as it fails to validate input passed from the user mode to the kernel. Successful exploiatio ... oval:org.secpod.oval:def:1589 The host is missing a critical security update according to Microsoft security bulletin, MS10-065. The update is required to fix multiple vulnerability. Multiple flaws are present in the asp.dll in Internet Information Services (IIS) in Microsoft Windows, which is due to improper ASP implementation ... oval:org.secpod.oval:def:1197 The host is missing a Critical security update according to Microsoft security bulletin, MS11-048. The update is required to fix denial of service vulnerability. A flaw is present in SMB protocol software, which fails to handle crafted SMB requests. Successful exploitation could cause a user's syste ... oval:org.secpod.oval:def:1196 The host is installed with Microsoft Windows and is prone to denial of service vulnerability. A flaw is present in SMB protocol software, which fails to handle crafted SMB requests. Successful exploitation could cause a user's system to stop responding until manually restarted. oval:org.secpod.oval:def:1193 The host is installed with Windows XP, Windows Vista, Windows Server 2008, Windows Server 2003 and Windows 7 and is prone to denial of service vulnerability. A flaw is present in distributed file system (DFS) client which fails to handle specially crafted DFS referral responses. Successful exploitat ... oval:org.secpod.oval:def:1214 The host is missing a critical security update according to Microsoft security bulletin, MS10-051. The update is required to fix a remote code execution vulnerability. The flaws are present in the Microsoft XML Core Services (MSXML) which fails to handle HTTP responses. Successful exploitation allow ... oval:org.secpod.oval:def:6994 The host is installed with Microsoft Internet Explorer 9 and is prone to an event listener use-after-free vulnerability. A flaw is present in the application, which fails to handle a crafted web site. Successful exploitation could allow attackers to execute arbitrary code. oval:org.secpod.oval:def:6993 The host is installed with Microsoft Internet Explorer 8 or 9 and is prone to an onmove use-after-free vulnerability. A flaw is present in the application, which fails to handle a crafted web site that triggers access to an object that was not properly initialized or is deleted. Successful exploitat ... oval:org.secpod.oval:def:6992 The host is installed with Microsoft Internet Explorer 6 through 9 and is prone to an use-after-free vulnerability. A flaw is present in the application, which fails to handle a crafted web site. Successful exploitation could allow attackers to execute arbitrary code. oval:org.secpod.oval:def:6997 The host is missing a critical security update according to Microsoft security bulletin, MS12-063. The update is required to fix multiple use after free vulnerabilities. The flaws are present in the application, which fails to handle a crafted web site. Successful exploitation could allow attackers ... oval:org.secpod.oval:def:6996 The host is installed with Microsoft Internet Explorer 6 through 8 and is prone to an cloneNode use-after-free vulnerability. A flaw is present in the application, which fails to handle a crafted web site that triggers access to a deleted object. Successful exploitation could allow attackers to exec ... oval:org.secpod.oval:def:6995 The host is installed with Microsoft Internet Explorer 9 and is prone to an layout use-after-free vulnerability. A flaw is present in the application, which fails to handle a crafted web site that triggers access to a deleted object. Successful exploitation could allow attackers to execute arbitrary ... oval:org.secpod.oval:def:1276 The host is missing a critical security update according to Microsoft security bulletin, MS10-095. The update is required to fix remote code execution vulnerability. A flaw is present in Microsoft Windows, which fails to load a BranchCache DLL library. Successful exploitation could allow a local att ... oval:org.secpod.oval:def:1381 The host is missing a critical security update according to Microsoft security bulletin, MS10-083. The update is required to fix remote code execution vulnerability. A flaw is present in the Windows Shell and WordPad in Microsoft Windows, which fails to validate COM objects during instantiation. Suc ... oval:org.secpod.oval:def:1034 The host is missing an Important security update according to Microsoft security bulletin, MS11-009. The update is required to fix information disclosure vulnerability in JScript and VBScript scripting engines. A flaw is present in the JScript and VBScript scripting engines, which fails to properly ... oval:org.secpod.oval:def:1743 The host is installed with Windows Vista, Windows Server 2008, Windows Server 2008 R2, Windows Server 2008 R2 SP1, Windows 7 or Windows 7 SP1 and is prone to a denial of service vulnerability. A flaw is present in the application, as it fails to handle URL's in memory when URL-based Quality of Servi ... oval:org.mitre.oval:def:7602 Trend Micro Internet Security is installed oval:org.secpod.oval:def:1036 The host is missing an Important security update according to Microsoft security bulletin, MS11-011. The update is required to fix elevation of privilege vulnerability in Windows 7 or Windows Server 2003 or Windows Server 2008 or Windows Vista or Windows XP. A flaw is present in the Microsoft Window ... oval:org.secpod.oval:def:1038 The host is missing an important security update according to Microsoft security bulletin, MS11-013. The update is required to fix elevation of privilege vulnerability in Windows 7 or Windows Server 2003 or Windows Server 2008 R2 x64 or Windows XP. The flaws are present in the implementation of Kerb ... oval:org.secpod.oval:def:1044 The host is missing an critical security update according to Microsoft security bulletin, MS11-004. The update is required to fix a heap buffer overrun vulnerability in Microsoft FTP Service for Internet Information Services (IIS). A flaw is present in the TELNET_STREAM_CONTEXT::OnSendData function ... oval:org.secpod.oval:def:10777 The host is missing an important security update according to Microsoft security bulletin, MS13-029. The update is required to fix remote code execution vulnerability in Microsoft Windows Remote Desktop Client. A flaw is present in the application which fails to handle the specially crafted webpage. ... oval:org.secpod.oval:def:10778 The host is installed with Microsoft Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, Server 2008 R2 and is prone to remote code execution vulnerability. A flaw is present in the application, which fails to handle specially crafted webpage. Successful exploitation coul ... oval:org.secpod.oval:def:10948 The host is installed with Microsoft Internet Explorer 6 through 10 and is prone to an use after free vulnerability. A flaw is present in the application, which fails to handle a crafted web site that triggers access to a deleted object. Successful exploitation could allow attackers to execute arbit ... oval:org.secpod.oval:def:10949 The host is installed with Microsoft Internet Explorer 8 or 9 and is prone to an use after free vulnerability. A flaw is present in the application, which fails to handle a crafted web site that triggers access to a deleted object. Successful exploitation could allow attackers to execute arbitrary c ... oval:org.secpod.oval:def:10950 The host is installed with Microsoft Internet Explorer 6 through 8 and is prone to JSON array information disclosure vulnerability. A flaw is present in the application, which fails to properly restrict data access by VBScript. Successful exploitation could allow attackers to perform cross-domain re ... oval:org.secpod.oval:def:10951 The host is installed with Microsoft Internet Explorer 9 and is prone to an use after free vulnerability. A flaw is present in the application, which fails to handle a crafted web site that triggers access to a deleted object. Successful exploitation could allow attackers to execute arbitrary code. oval:org.secpod.oval:def:10952 The host is installed with Microsoft Internet Explorer 6 through 10 and is prone to an use after free vulnerability. A flaw is present in the application, which fails to handle a crafted web site that triggers access to a deleted object. Successful exploitation could allow attackers to execute arbit ... oval:org.secpod.oval:def:10953 The host is installed with Microsoft Internet Explorer 6 through 10 and is prone to an use after free vulnerability. A flaw is present in the application, which fails to handle a crafted web site that triggers access to a deleted object. Successful exploitation could allow attackers to execute arbit ... oval:org.secpod.oval:def:10955 The host is installed with Microsoft Internet Explorer 8 and is prone to an use after free vulnerability. A flaw is present in the application, which fails to handle a crafted web site that triggers access to a deleted object. Successful exploitation could allow attackers to execute arbitrary code. oval:org.secpod.oval:def:10956 The host is installed with Microsoft Internet Explorer 9 or 10 and is prone to an use after free vulnerability. A flaw is present in the application, which fails to handle a crafted web site that triggers access to a deleted object. Successful exploitation could allow attackers to execute arbitrary ... oval:org.secpod.oval:def:10957 The host is installed with Microsoft Internet Explorer 6 through 10 and is prone to an use after free vulnerability. A flaw is present in the application, which fails to handle a crafted web site that triggers access to a deleted object. Successful exploitation could allow attackers to execute arbit ... oval:org.secpod.oval:def:11705 The host is installed with Microsoft Internet Explorer 9 or 10 and is prone to an use after free vulnerability. A flaw is present in the application, which fails to handle a crafted web site that triggers access to a deleted object. Successful exploitation could allow attackers to execute arbitrary ... oval:org.secpod.oval:def:14192 The host is installed with Microsoft Internet Explorer 8 or 9 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle a deleted object in memory. Successful exploitation could allow attackers to execute arbitrary code. oval:org.secpod.oval:def:14193 The host is installed with Microsoft Internet Explorer 6 through 10 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle a deleted object in memory. Successful exploitation could allow attackers to execute arbitrary code. oval:org.secpod.oval:def:14190 The host is installed with Microsoft Internet Explorer 9 or 10 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly process a script while debugging a webpage. Successful exploitation could allow attackers to execute arbitrary code. oval:org.secpod.oval:def:14191 The host is installed with Microsoft Internet Explorer 6 through 10 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle a deleted object in memory. Successful exploitation could allow attackers to execute arbitrary code. oval:org.secpod.oval:def:14195 The host is installed with Microsoft Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7 or Windows 8 and is prone to a kernel information disclosure vulnerability. A flaw is present in the application, which fails to properly handle objects in memory. Successful exploita ... oval:org.secpod.oval:def:63120 An elevation of privilege vulnerability exists in .NET Framework which could allow an attacker to elevate their privilege level. To exploit the vulnerability, an attacker would first have to access the local machine, and then run a malicious program. oval:org.secpod.oval:def:14178 The host is installed with Microsoft Internet Explorer 6 through 10 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle a deleted object in memory. Successful exploitation could allow attackers to execute arbitrary code. oval:org.secpod.oval:def:14179 The host is installed with Microsoft Internet Explorer 9 or 10 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle a deleted object in memory. Successful exploitation could allow attackers to execute arbitrary code. oval:org.secpod.oval:def:14176 The host is installed with Microsoft Internet Explorer 8 or 9 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle a deleted object in memory. Successful exploitation could allow attackers to execute arbitrary code. oval:org.secpod.oval:def:14177 The host is installed with Microsoft Internet Explorer 8 through 10 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle a deleted object in memory. Successful exploitation could allow attackers to execute arbitrary code. oval:org.secpod.oval:def:14175 The host is installed with Microsoft Internet Explorer 6 through 10 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle a deleted object in memory. Successful exploitation could allow attackers to execute arbitrary code. oval:org.secpod.oval:def:14189 The host is installed with Microsoft Internet Explorer 10 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle a deleted object in memory. Successful exploitation could allow attackers to execute arbitrary code. oval:org.secpod.oval:def:14187 The host is installed with Microsoft Internet Explorer 8 through 10 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle a deleted object in memory. Successful exploitation could allow attackers to execute arbitrary code. oval:org.secpod.oval:def:14188 The host is installed with Microsoft Internet Explorer 9 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle a deleted object in memory. Successful exploitation could allow attackers to execute arbitrary code. oval:org.secpod.oval:def:14181 The host is installed with Microsoft Internet Explorer 9 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle a deleted object in memory. Successful exploitation could allow attackers to execute arbitrary code. oval:org.secpod.oval:def:14182 The host is installed with Microsoft Internet Explorer 10 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle a deleted object in memory. Successful exploitation could allow attackers to execute arbitrary code. oval:org.secpod.oval:def:14180 The host is installed with Microsoft Internet Explorer 7, 8 or 9 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle a deleted object in memory. Successful exploitation could allow attackers to execute arbitrary code. oval:org.secpod.oval:def:14185 The host is installed with Microsoft Internet Explorer 6 through 10 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle a deleted object in memory. Successful exploitation could allow attackers to execute arbitrary code. oval:org.secpod.oval:def:14186 The host is installed with Microsoft Internet Explorer 9 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle a deleted object in memory. Successful exploitation could allow attackers to execute arbitrary code. oval:org.secpod.oval:def:14183 The host is installed with Microsoft Internet Explorer 9 or 10 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle a deleted object in memory. Successful exploitation could allow attackers to execute arbitrary code. oval:org.secpod.oval:def:14184 The host is installed with Microsoft Internet Explorer 10 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle a deleted object in memory. Successful exploitation could allow attackers to execute arbitrary code. oval:org.secpod.oval:def:16775 The host is installed with Microsoft Internet Explorer 8 and is prone to memory corruption vulnerability. A flaw is present in the application, which fails to properly handle the access of an object in memory. Successful exploitation allows attackers to execute arbitrary code or cause a denial of se ... oval:org.secpod.oval:def:16774 The host is installed with Microsoft Internet Explorer 8 and is prone to memory corruption vulnerability. A flaw is present in the application, which fails to properly handle the access of an object in memory. Successful exploitation allows attackers to execute arbitrary code or cause a denial of se ... oval:org.secpod.oval:def:16773 The host is installed with Microsoft Internet Explorer 8 and is prone to memory corruption vulnerability. A flaw is present in the application, which fails to properly handle the access of an object in memory. Successful exploitation allows attackers to execute arbitrary code or cause a denial of se ... oval:org.secpod.oval:def:16772 The host is installed with Microsoft Internet Explorer 8 or 9 and is prone to memory corruption vulnerability. A flaw is present in the application, which fails to properly handle the access of an object in memory. Successful exploitation allows attackers to execute arbitrary code or cause a denial ... oval:org.secpod.oval:def:16779 The host is installed with Microsoft Internet Explorer 9 or 10 and is prone to memory corruption vulnerability. A flaw is present in the application, which fails to properly handle the access of an object in memory. Successful exploitation allows attackers to execute arbitrary code or cause a denial ... oval:org.secpod.oval:def:16778 The host is installed with Microsoft Internet Explorer 9 and is prone to memory corruption vulnerability. A flaw is present in the application, which fails to properly handle the access of an object in memory. Successful exploitation allows attackers to execute arbitrary code or cause a denial of se ... oval:org.secpod.oval:def:16776 The host is installed with Microsoft Internet Explorer 6, 7 or 8 and is prone to memory corruption vulnerability. A flaw is present in the application, which fails to properly handle the access of an object in memory. Successful exploitation allows attackers to execute arbitrary code or cause a deni ... oval:org.secpod.oval:def:39408 Multiple information disclosure vulnerabilities exist in the way that the Color Management Module (ICM32.dll) handles objects in memory. These vulnerabilities allow an attacker to retrieve information to bypassusermode ASLR (Address Space Layout Randomization) on a targeted system. By itself, the in ... oval:org.secpod.oval:def:16789 The host is installed with .NET Framework 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4.0, 4.5 or 4.5.1 and is prone to type traversal vulnerability. A flaw is present in the application, which improperly verifies that a method is safe for execution. Successful exploitation allows attacker to take complete contro ... oval:org.secpod.oval:def:16788 The host is installed with .NET Framework 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4.0, 4.5 or 4.5.1 and is prone to post request denial of service vulnerability. A flaw is present in the application, which improperly identifies stale or closed HTTP client connections. Successful exploitation allows attackers ... oval:org.secpod.oval:def:16753 The host is installed with Microsoft XML Core Services 3.0 on Microsoft Windows XP SP3, Server 2003 SP2, Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8, 8.1, Server 2012 or Server 2012 R2 and is prone to information disclosure vulnerability. A flaw is present in the applica ... oval:org.secpod.oval:def:16755 The host is installed with Microsoft Windows 7 SP1, Server 2008 R2 SP1, Windows 8, Windows 8.1, Server 2012 or Server 2012 R2 and is prone to memory corruption vulnerability. The flaw is present in microsoft graphic component, which fails to handle a specially crafted 2D geometric figure. Successful ... oval:org.secpod.oval:def:40431 An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. An authenticated attacker could exploit this vulnerability by runnin ... oval:org.secpod.oval:def:16768 The host is installed with Microsoft Internet Explorer 8, 9 or 10 and is prone to memory corruption vulnerability. A flaw is present in the application, which fails to properly handle the access of an object in memory. Successful exploitation allows attackers to execute arbitrary code or cause a den ... oval:org.secpod.oval:def:40436 An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. An authenticated attacker could exploit this vulnerability by runnin ... oval:org.secpod.oval:def:40437 An elevation of privilege vulnerability exists in the way that the Windows Kernel handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. On systems with Windows 7 for x64-based Systems or later installed, this vulnerability c ... oval:org.secpod.oval:def:16766 The host is installed with Microsoft Internet Explorer 6, 7, 8, 9 or 10 and is prone to memory corruption vulnerability. A flaw is present in the application, which fails to properly handle the access of an object in memory. Successful exploitation allows attackers to execute arbitrary code or cause ... oval:org.secpod.oval:def:40438 An information disclosure vulnerability exists when the win32k component improperly provides kernel information. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system.To exploit the vulnerability, an attacker would have to either log ... oval:org.secpod.oval:def:15428 The host is installed with Microsoft Windows 7 or Windows Server 2008 R2 and is prone to elevation of privilege vulnerability. The flaw is present in the Windows Service Control Manager, which fails to properly handle crafted objects. Successful exploitation allows attackers to run arbitrary code or ... oval:org.secpod.oval:def:57288 An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system.There are multiple ways an attacker could exploit th ... oval:org.secpod.oval:def:57287 An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system.There are multiple ways an attacker could exploit th ... oval:org.secpod.oval:def:57286 An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system.There are multiple ways an attacker could exploit th ... oval:org.secpod.oval:def:57285 An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system.There are multiple ways an attacker could exploit th ... oval:org.secpod.oval:def:57291 An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system.There are multiple ways an attacker could exploit th ... oval:org.secpod.oval:def:15461 The host is installed with Internet Explorer 6, 7, 8, 9, or 10 and is prone to remote code execution vulnerability. The flaw is present in the application, which fails to properly handle an object in memory that has been deleted or has not been properly allocated. Successful exploitation allows atta ... oval:org.secpod.oval:def:16790 The host is installed with .NET Framework 2.0 SP2 or 3.5.1 and is prone to address space layout randomization vulnerability. A flaw is present in the application, which fails to handle ASLR security feature. Successful exploitation allows attacker to bypass the ASLR security feature. oval:org.secpod.oval:def:61311 An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system.An authenticated attacker could exploit this vulnerability by running ... oval:org.secpod.oval:def:39419 A remote code execution vulnerability exists when Windows improperly validates input before loading dynamic link library (DLL) files. An attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete da ... oval:org.secpod.oval:def:49699 An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. An authenticated attacker could exploit this vulnerability by runnin ... oval:org.secpod.oval:def:49698 An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. An authenticated attacker could exploit this vulnerability by runnin ... oval:org.mitre.oval:def:6524 Maxthon Browser 3.0.0.145 Alpha with Ultramode does not properly block javascript: and data: URIs in Refresh headers in HTTP responses, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Refresh header that contains a javascript: URI, ( ... oval:org.secpod.oval:def:584 The host is installed with Microsoft Windows and is prone to buffer overflow vulnerability. A flaw is present in BowserWriteErrorLogEntry function in Common Internet File System (CIFS) browser service in Mrxsmb.sys or bowser.sys, which fail to properly handle malicious browser election request packe ... oval:org.mitre.oval:def:6509 Unspecified vulnerability in ashWsFtr.dll in Avast! Home and Professional for Windows before 4.8.1356 has unknown impact and local attack vectors. oval:org.secpod.oval:def:49758 The host is missing a critical security update 4470493 oval:org.secpod.oval:def:2718 The host is missing a moderate security update according to Microsoft security bulletin, MS11-084. The update is required to fix denial of service vulnerability. A flaw is present in Windows Kernel-Mode Drivers, which fails to handle specially crafted TrueType font file. Successful exploitation allo ... oval:org.secpod.oval:def:2719 The host is installed with Microsoft Windows 7, SP1 and Windows 2008 R2, SP1, IA-64, IA-64 SP1 and is prone denial of service vulnerability. A flaw is present in the Windows Kernel-Mode Drivers, which fails to handle a specially crafted TrueType font file. Successful exploitation could allow remote ... oval:org.secpod.oval:def:49761 The host is missing a critical security update 4470600 oval:org.secpod.oval:def:49771 The host is missing a critical security update 4470637 oval:org.secpod.oval:def:49774 The host is missing a critical security update 4470640 oval:org.secpod.oval:def:49775 The host is missing a critical security update 4470641 oval:org.mitre.oval:def:11574 Use-after-free vulnerability in Microsoft Internet Explorer 6, 7, and 8 allows remote attackers to execute arbitrary code via vectors related to Cascading Style Sheets (CSS) token sequences and the clip attribute, aka an "invalid flag reference" issue or "Uninitialized Memory Corruption Vulnerabilit ... oval:org.mitre.oval:def:6558 Avast! AntiVirus is installed. oval:org.secpod.oval:def:53 The host is installed with Microsoft Windows Fax Services Cover Page Editor and is prone to heap-based buffer overflow vulnerability. The flaw is present in the CDrawPoly::Serialize function in fxscover.exe. Successful exploitation allows remote attackers to execute arbitrary code via a long record ... oval:org.secpod.oval:def:57305 An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or ... oval:org.secpod.oval:def:78 The host is installed with Microsoft Internet Explorer is prone to Cascading Style Sheets (CSS) memory corruption vulnerability. A flaw is present in the application, which fails to properly handle recursive memory access while importing a CSS. Successful exploitation could allow attackers to gain t ... oval:org.secpod.oval:def:82 The host is installed with Microsoft FTP Service for Internet Information Services (IIS) and is prone to heap buffer overrun vulnerability.A flaw is present in the TELNET_STREAM_CONTEXT::OnSendData function in the FTP protocol handler (ftpsvc.dll), which fails to properly handle a crafted FTP reques ... oval:org.secpod.oval:def:88 The host is installed with scripting engines and is prone to information disclosure vulnerability. A flaw is present in JScript 5.8 and VBScript 5.8 scripting engines, which fails to properly load decoded scripts obtained from web pages. Successful exploitation could allow remote attackers to redire ... oval:org.secpod.oval:def:90 The host is installed with Microsoft Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2 and is prone to elevation of privilege vulnerability. A flaw is present in Microsoft Windows, which fails to handle proper interaction of drivers with the Windo ... oval:org.secpod.oval:def:95 The host is installed with Windows 7 or Windows Server 2008 R2 x64 and is prone to spoofing vulnerability. A flaw is present in Kerberos implementation, which fails to correctly enforce stronger default encryption standards. Successful exploitation could allow a man-in-the-middle attacker to force a ... oval:org.secpod.oval:def:16013 The host is installed with Microsoft Windows XP SP2, SP3, Server 2003 SP2, Vista SP1, SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8, Windows 8.1, Server 2012 or Server 2012 R2 and is prone to security feature bypass vulnerability. A flaw is present in the application, which fail ... oval:org.secpod.oval:def:14297 The host is installed with Microsoft Internet Explorer 8 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly process a webpage. Successful exploitation could allow attackers to execute arbitrary code or cause a denial of service via a craf ... oval:org.secpod.oval:def:14298 The host is installed with Microsoft Internet Explorer 6, 7, 8, 9 or 10 and is prone to a cross-site scripting vulnerability. A flaw is present in the application, which fails to properly process a HTML webpage. Successful exploitation could allow attackers to inject arbitrary web script or HTML via ... oval:org.secpod.oval:def:14291 The host is installed with Microsoft Internet Explorer 8 or 9 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly process a webpage. Successful exploitation could allow attackers to execute arbitrary code or cause a denial of service via a ... oval:org.secpod.oval:def:14292 The host is installed with Microsoft Internet Explorer 10 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly process a webpage. Successful exploitation could allow attackers to execute arbitrary code or cause a denial of service via a cra ... oval:org.secpod.oval:def:14290 The host is installed with Microsoft Internet Explorer 9 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly process a webpage. Successful exploitation could allow attackers to execute arbitrary code or cause a denial of service via a craf ... oval:org.secpod.oval:def:14295 The host is installed with Microsoft Internet Explorer 7, 8, 9 or 10 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly process a webpage. Successful exploitation could allow attackers to execute arbitrary code or cause a denial of servic ... oval:org.secpod.oval:def:14296 The host is installed with Microsoft Internet Explorer 8, 9 or 10 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly process a webpage. Successful exploitation could allow attackers to execute arbitrary code or cause a denial of service v ... oval:org.secpod.oval:def:14293 The host is installed with Microsoft Internet Explorer 6, 7, 8, 9 or 10 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly process a webpage. Successful exploitation could allow attackers to execute arbitrary code or cause a denial of ser ... oval:org.secpod.oval:def:14294 The host is installed with Microsoft Internet Explorer 9 or 10 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly process a webpage. Successful exploitation could allow attackers to execute arbitrary code or cause a denial of service via ... oval:org.secpod.oval:def:31693 The host is installed with Windows Media Center on Microsoft Windows Vista, 7, 8 or 8.1 and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to handle a specially crafted Media Center link (.mcl) file that references malicious code. An attacker w ... oval:org.secpod.oval:def:31694 The host is installed with Windows Media Center on Microsoft Windows Vista, 7, 8 or 8.1 and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to handle a specially crafted Media Center link (.mcl) file that references malicious code. An attacker w ... oval:org.secpod.oval:def:38295 The host is installed with Microsoft Windows Vista SP2, Server 2008 SP2, Windows 7 SP1 or Server 2008 R2 SP1 and is prone to an information disclosure vulnerability. A flaw is present in the windows GDI component, which improperly discloses the contents of its memory. An attacker who successfully ex ... oval:org.secpod.oval:def:40533 An information disclosure vulnerability exists in the way some ActiveX objects are instantiated. An attacker who successfully exploited this vulnerability could gain access to protected memory contents.To exploit this vulnerability, an attacker would need to convince a user to open a malicious docum ... oval:org.mitre.oval:def:6607 The operating system having AOL installation. oval:org.secpod.oval:def:14288 The host is installed with Microsoft Internet Explorer 6, 7, 8, 9 or 10 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly process a webpage. Successful exploitation could allow attackers to execute arbitrary code or cause a denial of ser ... oval:org.secpod.oval:def:14289 The host is installed with Microsoft Internet Explorer 7 or 8 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly process a webpage. Successful exploitation could allow attackers to execute arbitrary code or cause a denial of service via a ... oval:org.secpod.oval:def:14286 The host is installed with Microsoft Internet Explorer 10 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly process a webpage. Successful exploitation could allow attackers to execute arbitrary code or cause a denial of service via a cra ... oval:org.secpod.oval:def:14287 The host is installed with Microsoft Internet Explorer 6, 7, 8 or 9 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly process a webpage. Successful exploitation could allow attackers to execute arbitrary code or cause a denial of service ... oval:org.secpod.oval:def:14284 The host is installed with Microsoft Internet Explorer 8 or 9 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly process a webpage. Successful exploitation could allow attackers to execute arbitrary code or cause a denial of service via a ... oval:org.secpod.oval:def:14285 The host is installed with Microsoft Internet Explorer 9 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly process a webpage. Successful exploitation could allow attackers to execute arbitrary code or cause a denial of service via a craf ... oval:org.secpod.oval:def:14282 The host is installed with Microsoft Internet Explorer 7, 8, 9 or 10 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly process a web script. Successful exploitation could allow attackers to execute arbitrary code or cause a denial of ser ... oval:org.secpod.oval:def:14283 The host is installed with Microsoft Internet Explorer 9 or 10 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly process a webpage. Successful exploitation could allow attackers to execute arbitrary code or cause a denial of service via ... oval:org.secpod.oval:def:699 The host is installed with Windows XP, Windows Vista, Windows Server 2008, Windows Server 2003 and Windows 7 and is prone to null pointer de-reference vulnerability. A flaw is present in windows Kernel-mode drivers which does not properly manage kernel-mode driver objects. Successful exploitation al ... oval:org.secpod.oval:def:15642 The host is installed with Microsoft Internet Explorer 6, 7, 8, 9 or 10 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to crash the service. oval:org.secpod.oval:def:15645 The host is installed with Microsoft Internet Explorer 9 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to crash the service. oval:org.secpod.oval:def:16977 The host is installed with Microsoft Windows XP, Server 2003, Server 2008, Server 2008 R2, Windows Vista, Windows 7, Server 2012, Server 2012 R2, Windows 8 or Windows 8.1 and is prone to an elevation of privilege vulnerability. A flaw is present in the application, which fails to properly handle obj ... oval:org.secpod.oval:def:15646 The host is installed with Microsoft Internet Explorer 8 or 9 and is prone to a memory corruption vulnerability. A flaw is present in the applications, which fails to handle crafted data. Successful exploitation could allow attackers to crash the service. oval:org.secpod.oval:def:15643 The host is installed with Microsoft Internet Explorer 10 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to crash the service. oval:org.secpod.oval:def:14313 The host is installed with Microsoft Windows Vista, Windows XP, Windows Server 2003, Windows Server 2008, Windows Server 2008 R2, Windows 7, Windows 8 or Windows Server 2012 and is prone to a elevation of privilege vulnerability. The flaw is present in the application, which fails to properly handl ... oval:org.secpod.oval:def:15644 The host is installed with Microsoft Internet Explorer 10 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to crash the service. oval:org.mitre.oval:def:11447 Microsoft Internet Explorer 6, 7, and 8 does not prevent rendering of cached content as HTML, which allows remote attackers to access content from a different (1) domain or (2) zone via unspecified script code, aka "Cross-Domain Information Disclosure Vulnerability," a different vulnerability than C ... oval:org.secpod.oval:def:14325 Microsoft .NET Framework 2.0 SP2, 3.5.1, 4 or 4.5 on 64-bit platforms and is prone to array allocation vulnerability. A flaw is present in the application, which fails to properly allocate arrays of structures. Successful exploitation allows attackers to execute arbitrary code. oval:org.secpod.oval:def:16988 The host is installed with Internet Explorer 6 through 8 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle objects in memory. Successful exploitation could allow attackers to gain the same user rights as the current user or execut ... oval:org.secpod.oval:def:14326 The host is installed with Microsoft .NET Framework 2.0 SP2, 3.5.1, 4 or 4.5 and is prone to anonymous method injection vulnerability. A flaw is present in the application, which fails to properly check the permissions of objects that use reflection. Successful exploitation allows attackers to execu ... oval:org.secpod.oval:def:16987 The host is installed with Internet Explorer 6 through 8 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle objects in memory. Successful exploitation could allow attackers to gain the same user rights as the current user or execut ... oval:org.secpod.oval:def:14324 The host is installed with Microsoft .NET Framework 2.0 SP2, 3.5.1, 4 or 4.5 and is prone to delegate serialization vulnerability. A flaw is present in the application, which fails to properly check the permissions of delegate objects. Successful exploitation allows attackers to execute arbitrary co ... oval:org.secpod.oval:def:16980 The host is installed with DirectShow in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, Windows 8.1 or Windows Server 2012 R2 and is prone to a memory corruption vulnerability. A flaw is ... oval:org.secpod.oval:def:15649 The host is installed with Microsoft Internet Explorer 9 or 10 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to crash the service. oval:org.secpod.oval:def:15647 The host is installed with Microsoft Internet Explorer 10 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to crash the service. oval:org.secpod.oval:def:15648 The host is installed with Microsoft Internet Explorer 10 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to crash the service. oval:org.secpod.oval:def:16978 The host is installed with Microsoft Windows XP, Server 2003, Server 2008, Server 2008 R2, Windows Vista, Windows 7, Server 2012, Server 2012 R2, Windows 8 or Windows 8.1 and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to properly handle obj ... oval:org.secpod.oval:def:14301 The host is installed with WMV video codec 9, Windows Media Format Runtime 9, 9.5, Windows Media Format Runtime 11, Windows Media Player 11 or 12 and is prone to a remote code execution vulnerability. A flaw is present in the applications, which fail to handle crafted media files. Successful exploit ... oval:org.secpod.oval:def:616 The host is missing a critical security update according to Microsoft Security Advisory, 2718704. The update is required to fix spoofing vulnerability. A flaw is present in the application, which fails to properly handle authorization of digital certificates. Successful exploitation could allow atta ... oval:org.secpod.oval:def:31697 The host is installed with Microsoft Windows 7 and Microsoft Windows Server 2008 R2 and is prone to windows integer underflow vulnerability. A flaw is present in the windows, which fails to properly parse specially crafted fonts. Successful exploitation allows attackers to create new accounts with f ... oval:org.mitre.oval:def:7127 Stack consumption vulnerability in the ASP implementation in Microsoft Internet Information Services (IIS) 5.1, 6.0, 7.0, and 7.5 allows remote attackers to cause a denial of service (daemon outage) via a crafted request, related to asp.dll, aka "IIS Repeated Parameter Request Denial of Service Vuln ... oval:org.secpod.oval:def:8180 The host is installed with Microsoft Windows XP SP2 or SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2 or R2 SP1, Windows 7 or SP1, Windows 8 or Windows Server 2012 and is prone to remote code execution vulnerability. A flaw is present in Windows DirectPlay, which fails ... oval:org.secpod.oval:def:8181 The host is missing an important security update according to Microsoft bulletin, MS12-082. The update is required to fix remote code execution vulnerability. A flaw is present in Windows DirectPlay, which fails to properly handle specially crafted office documents. Successful exploitation allows at ... oval:org.secpod.oval:def:8192 The host is installed with Windows XP, Windows Vista, Windows Server 2008,Windows Server 2008 R2, Windows Server 2003 or Windows 7 and is prone to remote code execution vulnerabilities. The flaws are present in the Windows kernel, which fails to handle a specially crafted TrueType font file. Success ... oval:org.secpod.oval:def:8193 The host is installed with Internet Explorer 6, 7, 8, 9 or 10 and is prone to an InjectHTMLStream use-after-free vulnerability. A flaw is present in the application, which fails to handle a deleted object. Successful exploitation could allow attackers to execute arbitrary code. oval:org.mitre.oval:def:7176 The kernel in Microsoft Windows Server 2008 R2 and Windows 7 does not properly validate relocation sections of image files, which allows local users to cause a denial of service (reboot) via a crafted file, aka "Windows Kernel Malformed Image Vulnerability." oval:org.mitre.oval:def:7170 vbscript.dll in VBScript 5.1, 5.6, 5.7, and 5.8 in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2, when Internet Explorer is used, allows user-assisted remote attackers to execute arbitrary code by referencing a (1) local pathname, (2) UNC share pathname, or (3) WebDAV server with a ... oval:org.mitre.oval:def:7164 The SMB client in Microsoft Windows Server 2008 R2 and Windows 7 does not properly validate fields in SMB transaction responses, which allows remote SMB servers and man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and reboot) via a crafted (1) SMB ... oval:org.mitre.oval:def:7158 The design of the W3C XML Signature Syntax and Processing (XMLDsig) recommendation, as implemented in products including (1) the Oracle Security Developer Tools component in Oracle Application Server 10.1.2.3, 10.1.3.4, and 10.1.4.3IM; (2) the WebLogic Server component in BEA Product Suite 10.3, 10. ... oval:org.secpod.oval:def:31742 The host is installed with Internet Explorer 10 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly access objects in memory. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user. oval:org.secpod.oval:def:31734 The host is installed with Internet Explorer 10 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly access objects in memory. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user. oval:org.secpod.oval:def:31730 The host is installed with Internet Explorer 8 or 9 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly access objects in memory. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current u ... oval:org.secpod.oval:def:31732 The host is installed with Internet Explorer 8 or 9 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly access objects in memory. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current u ... oval:org.secpod.oval:def:16188 The host is installed with Microsoft Internet Explorer 6, 7, 8 or 9 and is prone to remote code execution vulnerability. A flaw is present in the application, which fails to handle an object in memory. Successful exploitation allows attackers to execute arbitrary code in the context of the current u ... oval:org.mitre.oval:def:7193 Untrusted search path vulnerability in avast! Free Antivirus version 5.0.594 and earlier allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse mfc90loc.dll that is located in the same folder as an avast license (.avastlic) f ... oval:org.mitre.oval:def:7186 The SMB client in the kernel in Microsoft Windows Server 2008 R2 and Windows 7 allows remote SMB servers and man-in-the-middle attackers to cause a denial of service (infinite loop and system hang) via a (1) SMBv1 or (2) SMBv2 response packet that contains (a) an incorrect length value in a NetBIOS ... oval:org.secpod.oval:def:15663 The host is installed with .Net framework 2.0, 3.5.1, 4.0 or 4.5 and is prone to an entity expansion vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to crash the service. oval:org.secpod.oval:def:15664 The host is installed with .Net framework 2.0, 3.5.1, 4.0 or 4.5 and is prone to a JSON parsing vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to crash the service. oval:org.secpod.oval:def:16994 The host is installed with Internet Explorer 8 through 10 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle objects in memory. Successful exploitation could allow attackers to gain the same user rights as the current user or execu ... oval:org.secpod.oval:def:15662 The host is installed with .Net framework 3.0, 3.5.1, 4.0 or 4.5 and is prone to an openType font parsing vulnerability. A flaw is present in the application, which fails to handle a crafted OTF file. Successful exploitation could allow attackers to take complete control of an affected system. oval:org.secpod.oval:def:16992 The host is installed with Internet Explorer 9 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle objects in memory. Successful exploitation could allow attackers to gain the same user rights as the current user or execute arbitrar ... oval:org.secpod.oval:def:16998 The host is installed with Internet Explorer 9 or 10 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle objects in memory. Successful exploitation could allow attackers to gain the same user rights as the current user or execute ar ... oval:org.secpod.oval:def:16991 The host is installed with Internet Explorer 8 or 9 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle objects in memory. Successful exploitation could allow attackers to gain the same user rights as the current user or execute arb ... oval:org.secpod.oval:def:14327 The host is installed with Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5.1, 4 or 4.5 and is prone to delegate reflection bypass vulnerability. A flaw is present in the application, which fails to properly check the permissions of objects that use reflection. Successful exploitation allows ... oval:org.secpod.oval:def:15669 The host is installed with Microsoft Windows Server 2008 R2 or Windows 7 SP1 and is prone to elevation of privilege vulnerability. A flaw is present in the application, which fails to properly handle objects in memory. Successful exploitation allows attackers to run arbitrary code in kernel mode. oval:org.secpod.oval:def:7310 The host is installed with Windows 7 or Windows Server 2008 R2 x64 and is prone to denial of service vulnerability. A flaw is present in the windows kerberos server, which fails to handle a specially crafted session. Successful exploitation could allow an attacker to cause the system to stop respond ... oval:org.secpod.oval:def:31722 The host is installed with Internet Explorer 9 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly access objects in memory. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user. oval:org.secpod.oval:def:31725 The host is installed with Internet Explorer 9 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly access objects in memory. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user. oval:org.secpod.oval:def:31728 The host is installed with Internet Explorer 7 or 8 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly access objects in memory. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current u ... oval:org.secpod.oval:def:31729 The host is installed with Internet Explorer 7 or 8 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly access objects in memory. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current u ... oval:org.secpod.oval:def:31702 The host is installed with Microsoft Vista SP2, Server 2008 SP2, Windows 7 SP1 or Server 2008 R2 SP1and is prone to a remote code execution vulnerability. A flaw is present in the application, which fails to properly validate input before loading libraries. Successful exploitation could allow attack ... oval:org.secpod.oval:def:7309 The host is missing an important security update according to Microsoft security bulletin, MS12-069. The update is required to fix a denial of service vulnerability. A flaw is present in the windows kerberos server, which fails to handle a specially crafted session. Successful exploitation could all ... oval:org.secpod.oval:def:794 The host is installed with Internet Explorer 8 and is prone to information disclosure vulnerability. A flaw is present in the application which does not properly handle XML document containing a call to the XSLT generate-id XPath function. Successful exploitation allows remote attackers to obtain po ... oval:org.mitre.oval:def:11304 Stack-based buffer overflow in SigPlus Pro 3.74 ActiveX control allows remote attackers to execute arbitrary code via a long eighth argument (HexString) to the LCDWriteString method. oval:org.secpod.oval:def:2585 The host is missing a critical security update according to Microsoft security bulletin, MS10-060. The update is required to fix code execution vulnerability. A flaw is present in the CLR Virtual Method (CLR) in Microsoft .NET Framework, which fails to handle interfaces and delegations to virtual me ... oval:org.mitre.oval:def:7217 Untrusted search path vulnerability in Apple iTunes before 9.1, when running on Windows 7, Vista, and XP, allows local users and possibly remote attackers to gain privileges via a Trojan horse DLL in the current working directory. oval:org.secpod.oval:def:16193 The host is installed with Microsoft Windows 7 SP1 or Windows Server 2008 R2 SP2 and is prone to elevation of privilege vulnerability. The flaw is present in the application, which fails to properly handle objects in memory. Successful exploitation allows local users to gain privileges via a crafted ... oval:org.secpod.oval:def:16196 The host is installed with Microsoft Windows XP SP2, SP3, Server 2003 SP2, Vista SP2, Server 2008 SP2, Server 2008 R2 SP2, Windows 7 SP1, Windows Server 2012 or Windows 8 and is prone to denial of service vulnerability. The flaw is present in the application, which fails to properly handle objects i ... oval:org.secpod.oval:def:704 The host is installed with Microsoft Internet Explorer and is prone to information disclosure vulnerability. A flaw is present in the browser, which fails to handle malicious data in frame tags. Successful exploitation could allow remote attackers to obtain sensitive information. oval:org.secpod.oval:def:2527 The host is installed with Microsoft Internet Explorer 6,7,8 or 9 and is prone to a remote code execution vulnerability. A flaw is present in the application, which fails to properly handle deleted elements. Successful exploitation could allow an attacker to execute arbitrary code. oval:org.secpod.oval:def:2529 The host is installed with Microsoft Internet Explorer 6,7,8 and is prone to a remote code execution vulnerability. A flaw is present in the applications, which fail to properly handle deleted elements. Successful exploitation could allow an attacker to execute arbitrary code. oval:org.secpod.oval:def:2528 The host is installed with Internet Explorer 6,7,8 or 9 and is prone to a remote code execution vulnerability. A flaw is present in the applications, which fail to handle an improperly initialized object. Successful exploitation could allow attackers to execute arbitrary code. oval:org.secpod.oval:def:2532 The host is installed with Internet Explorer 8 and is prone to a remote code execution vulnerability. A flaw is present in the application, which fails to access a dereference memory address. Successful exploitation could allow attackers to execute arbitrary code. oval:org.secpod.oval:def:2531 The host is installed with Microsoft Internet Explorer 9 and is prone to a remote code execution vulnerability. A flaw is present in the application, which fails to properly access a dereference memory address. Successful exploitation could allow an attacker to execute arbitrary code. oval:org.secpod.oval:def:2534 The host is installed with Microsoft Internet Explorer 6,7,8 or 9 and is prone to a remote code execution vulnerability. A flaw is present in the applications, which fail to properly handle a virtual function table after it has been corrupted. Successful exploitation could allow an attacker to execu ... oval:org.secpod.oval:def:2533 The host is installed with Microsoft Internet Explorer 6,7,8 or 9 and is prone to a remote code execution vulnerability. A flaw is present in the applications, which fail to properly handle deleted elements. Successful exploitation could allow an attacker to execute arbitrary code. oval:org.secpod.oval:def:2535 The host is missing a critical security update according to MS11-081. The update is required to fix multiple remote code execution vulnerabilities. The flaws are present in the applications, which fail to handle specially crafted webpage. Successful exploitation could allow attackers to gain same us ... oval:org.mitre.oval:def:7224 Untrusted search path vulnerability in Microsoft Windows Contacts allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse wab32res.dll that is located in the same folder as a .contact, .group, .p7c, .vcf, or .wab file. oval:org.mitre.oval:def:7297 The toStaticHTML function in Microsoft Internet Explorer 8, and the SafeHTML function in Microsoft Windows SharePoint Services 3.0 SP2, SharePoint Foundation 2010, Office SharePoint Server 2007 SP2, Groove Server 2010, and Office Web Apps, allows remote attackers to bypass the cross-site scripting ( ... oval:org.secpod.oval:def:39778 An elevation of privilege vulnerability exists in Windows when the Microsoft Graphics Component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or del ... oval:org.secpod.oval:def:49110 An information disclosure vulnerability exists when DirectX improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. An authenticated attacker could exploit this vulnerability by running a specia ... oval:org.secpod.oval:def:49113 An elevation of privilege vulnerability exists when Windows improperly handles calls to Win32k.sys. An attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the local system. An attacker could then install programs; view, change, or delete data; ... oval:org.secpod.oval:def:16210 The host is installed with Microsoft Windows XP SP2, Windows XP SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 or Windows Server 2012 R2 and is prone to use after free vulnerability. A flaw is present in th ... oval:org.mitre.oval:def:6859 The SMB client in Microsoft Windows Server 2008 R2 and Windows 7 does not properly handle (1) SMBv1 and (2) SMBv2 response packets, which allows remote SMB servers and man-in-the-middle attackers to execute arbitrary code via a crafted packet that causes the client to read the entirety of the respon ... oval:org.secpod.oval:def:26543 The host is installed with Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, Windows 8.1 or Windows Server 2012 R2 and is prone to a task file deletion elevation of privilege vulnerability. A flaw is present in the application, which fail ... oval:org.secpod.oval:def:26534 The host is installed with Windows Media Center on Microsoft Windows Vista, 7, 8 or 8.1 and is prone to a remote code execution vulnerability. A flaw is present in the application, which fails to handle a specially crafted Media Center link (.mcl) file that references malicious code. An attacker who ... oval:org.secpod.oval:def:26519 The host is installed with Internet Explorer 8 and is prone to a scripting engine remote memory corruption vulnerability. A flaw is present in the application, which fails to properly handle objects in memory. Successful exploitation could allow attackers to execute arbitrary code in the context of ... oval:org.secpod.oval:def:26521 The host is installed with Internet Explorer 9 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly access objects in memory. Successful exploitation could allow attackers to execute arbitrary code in the context of the currently logged-in ... oval:org.secpod.oval:def:26520 The host is installed with Internet Explorer 7 or 8 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly access objects in memory. Successful exploitation could allow attackers to execute arbitrary code in the context of the currently logge ... oval:org.secpod.oval:def:31006 The host is installed with Internet Explorer 9 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly access objects in memory. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user. oval:org.secpod.oval:def:9292 The host is installed with Internet Explorer 8 and is prone to an use after free vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to execute arbitrary code. oval:org.secpod.oval:def:9294 The host is installed with Internet Explorer 6, 7, 8, 9 or 10 and is prone to an use after free vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to execute arbitrary code. oval:org.secpod.oval:def:9295 The host is installed with Internet Explorer 6, 7, 8, 9 and is prone to an use after free vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to execute arbitrary code. oval:org.mitre.oval:def:6024 aavmKer4.sys in avast! Home and Professional for Windows before 4.8.1356 does not properly validate input to IOCTLs (1) 0xb2d6000c and (2) 0xb2d60034, which allows local users to gain privileges via IOCTL requests using crafted kernel addresses that trigger memory corruption, a different vulnerabili ... oval:org.secpod.oval:def:9275 The host is installed with Microsoft Windows 7, SP1, Windows Server 2008 R2 or SP1 and is prone to elevation of privilege vulnerability. A flaw is present in the application, which is caused when the Windows CSRSS improperly handles objects in memory. Successful exploitation allows attackers to run ... oval:org.secpod.oval:def:9276 The host is missing an important security update according to Microsoft bulletin, MS13-019. The update is required to fix an elevation of privilege vulnerability. A flaw is present in the application, which is caused when the Windows CSRSS improperly handles objects in memory. Successful exploitatio ... oval:org.secpod.oval:def:9286 The host is installed with Internet Explorer 6, 7, 8 or 9 and is prone to an use after free vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to execute arbitrary code. oval:org.secpod.oval:def:9284 The host is installed with Internet Explorer 6, 7, 8, 9 or 10 and is prone to an use after free vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to execute arbitrary code. oval:org.secpod.oval:def:9285 The host is installed with Internet Explorer 6, 7, 8 or 9 and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to execute arbitrary code. oval:org.secpod.oval:def:7932 The host is installed with Windows XP, Windows Vista, Windows Server 2008, Windows Server 2003 or Windows 7 and is prone to use after free vulnerability. A flaw is present in the Windows kernel, which fails to properly handle the objects in memory. Successful exploitation could allow attackers to in ... oval:org.secpod.oval:def:40882 An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory.To exploit this vulnerability, an authenticated attacker could run a specially crafted application. An attacker who successfully exploited this vulnerability could obtain information to fu ... oval:org.mitre.oval:def:12365 Microsoft .NET Framework 1.1 SP1, 2.0 SP1 and SP2, 3.5, 3.5 SP1, 3.5.1, and 4.0, as used for ASP.NET in Microsoft Internet Information Services (IIS), provides detailed error codes during decryption attempts, which allows remote attackers to decrypt and modify encrypted View State (aka __VIEWSTATE) ... oval:org.mitre.oval:def:6933 Buffer overflow in Microsoft Internet Information Services (IIS) 7.5, when FastCGI is enabled, allows remote attackers to execute arbitrary code via crafted headers in a request, aka "Request Header Buffer Overflow Vulnerability." oval:org.secpod.oval:def:15964 The host is installed with Microsoft Windows XP SP3, Server 2003 SP2, Vista Sp2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8, Windows 8.1, Server 2012 or Server 2012 R2 and is prone to denial of service vulnerability. A flaw is present in the application, which fails to properly ha ... oval:org.secpod.oval:def:40922 An elevation of privilege vulnerability exists when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or ... oval:org.secpod.oval:def:15969 The host is installed with Microsoft Windows XP SP2, Windows XP SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 or Windows Server 2012 R2 and is prone to remote code execution vulnerability. A flaw is prese ... oval:org.secpod.oval:def:15982 The host is installed with Microsoft Internet Explorer 6, 7, 8, 9 or 10 and is prone to a information disclosure vulnerability. The flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to bypass the Same Origin Policy and obtain sensit ... oval:org.secpod.oval:def:15983 The host is installed with Microsoft Internet Explorer 6, 7 or 8 and is prone to a information disclosure vulnerability. The flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to read content from a different domain or zone via craft ... oval:org.secpod.oval:def:15984 The host is installed with Microsoft Internet Explorer 6, 7, 8 or 9 and is prone to a memory corruption vulnerability. The flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to crash the service. oval:org.secpod.oval:def:15985 The host is installed with Microsoft Internet Explorer 9 or 10 and is prone to a memory corruption vulnerability. The flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to crash the service. oval:org.secpod.oval:def:38616 The host is installed with Microsoft Windows Vista SP2, Server 2008 SP2, Windows 7 SP1 or Server 2008 R2 SP1 and is prone to a denial of service vulnerability. A flaw is present in the Windows Local Security Authority Subsystem Service, which improperly handles specially crafted authentication reque ... oval:org.secpod.oval:def:15998 The host is installed with Microsoft Windows XP SP3, Server 2003 SP2, Vista Sp2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8, Windows 8.1, Server 2012 or Server 2012 R2 and is prone to remote code execution vulnerability. A flaw is present in the application, which fails to handle ... oval:org.secpod.oval:def:40910 An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory.To exploit this vulnerability, an authenticated attacker could run a specially crafted application. An attacker who successfully exploited this vulnerability could obtain information to fu ... oval:org.secpod.oval:def:40917 An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory.To exploit this vulnerability, an authenticated attacker could run a specially crafted application. An attacker who successfully exploited this vulnerability could obtain information to fu ... oval:org.mitre.oval:def:11994 Microsoft Internet Explorer 6, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability ... oval:org.mitre.oval:def:11984 Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability," a diffe ... oval:org.mitre.oval:def:6165 The operating system installed on the system is Microsoft Windows 7 (32-bit) oval:org.mitre.oval:def:6142 Stack-based buffer overflow in the TEA decoding algorithm in RhinoSoft Serv-U FTP server 7.0.0.1, 9.0.0.5, and other versions before 9.1.0.0 allows remote attackers to execute arbitrary code via a long hexadecimal string. oval:org.secpod.oval:def:16494 The host is installed with Microsoft Internet Explorer 9 or 10 and is prone to use-after-free vulnerability. The flaw is present in Microsoft Internet Explorer 9 and 10, which fails to handle a crafted CSpliceTreeEngine::InsertSplice object in an HTML document. Successful exploitation allows remote ... oval:org.mitre.oval:def:12279 Use-after-free vulnerability in Microsoft Internet Explorer 6, 7, and 8 allows remote attackers to execute arbitrary code via vectors related to Cascading Style Sheets (CSS) token sequences and the clip attribute, aka an "invalid flag reference" issue or "Uninitialized Memory Corruption Vulnerabilit ... oval:org.secpod.oval:def:40966 A remote code execution vulnerability exists due to the way Windows Uniscribe handles objects in memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts ... oval:org.secpod.oval:def:40970 An information disclosure vulnerability exists when Windows Uniscribe improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit the vulne ... oval:org.mitre.oval:def:5798 Rhino Software Serv-U 7.0.0.1 through 8.2.0.3 allows remote attackers to cause a denial of service (server crash) via unspecified vectors related to the "SITE SET TRANSFERPROGRESS ON" FTP command. oval:org.mitre.oval:def:12322 Microsoft Internet Explorer 6, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "HTML Element Memory Corruption Vulnerability. ... oval:org.mitre.oval:def:6226 Stack-based buffer overflow in aswMon2.sys in Avast! Home and Professional for Windows 4.8.1351, and possibly other versions before 4.8.1356, allows local users to cause a denial of service (system crash) and possibly gain privileges via a crafted IOCTL request to IOCTL 0xb2c80018. oval:org.mitre.oval:def:11853 Race condition in Microsoft Internet Explorer 6, 7, and 8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via vectors related to an object in memory, aka "Race Condition Memory Corruption Vulnerability." oval:org.mitre.oval:def:11849 Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "HTML Element Memory Corruption Vulnerability." oval:org.mitre.oval:def:11832 Microsoft Internet Explorer 6, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "HTML Layout Memory Corruption Vulnerability." oval:org.mitre.oval:def:6262 The operating system having Maxthon Browser installation. oval:org.secpod.oval:def:57910 An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delet ... oval:org.secpod.oval:def:2047 The host is missing a critical security update according to Microsoft security bulletin, MS10-070. The update is required to fix information disclosure vulnerability. A flaw is present in ASP.NET (.Net Framework) encryption implementation in IIS, which fails to evaluate generated error codes during ... oval:org.secpod.oval:def:57938 An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system.To exploit this vulnerability, an attacker would have to log on to an ... oval:org.secpod.oval:def:2034 The host is missing a critical security update according to Microsoft security bulletin, MS10-022. The update is required to fix remote code execution vulnerability. A flaw is present in VBScript engine, which fails to process WIndows help files in protected mode. User is forced to press the F1 key ... oval:org.mitre.oval:def:12184 win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2008 R2 and Windows 7 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Win32k Memory Corruption Vulnerability." oval:org.secpod.oval:def:57903 An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise a users system.There are multiple ways an attacker could exploit the ... oval:org.secpod.oval:def:16530 The host is installed with Microsoft Windows 7 or Microsoft Windows Server 2008 R2 and is prone to an elevation of privilege vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to execute arbitrary code with elevated ... oval:org.mitre.oval:def:12163 Untrusted search path vulnerability in Microsoft Windows Server 2008 R2 and Windows 7, when BranchCache is supported, allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains an EML file, an RSS file, or a WPOST file, ... oval:org.mitre.oval:def:5875 The operating system having Rhino Software Serv-U installation. oval:org.secpod.oval:def:30025 The host is installed with Internet Explorer 8 and is prone to an elevation of privilege vulnerability. A flaw is present in the application, which does not properly validate permissions under specific conditions. Successful exploitation could allow attackers to run script with elevated privileges. oval:org.secpod.oval:def:30023 The host is installed with Internet Explorer 10 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly access objects in memory. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user. oval:org.secpod.oval:def:30005 The host is installed with Microsoft Windows Vista or Windows 7 and is prone to a Microsoft Tablet Input Band use-after-free vulnerability. A flaw is present in the application, which fails to properly handle objects in memory. Successful exploitation could allow attackers to execute arbitrary code ... oval:org.mitre.oval:def:11730 Microsoft XML Core Services (aka MSXML) 3.0 does not properly handle HTTP responses, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted response, aka "Msxml2.XMLHTTP.3.0 Response Handling Memory Corruption Vulnerability." oval:org.secpod.oval:def:14822 The host is installed with Internet Explorer 9 or 10 and is prone to memory corruption vulnerability. A flaw is present in the application, which fails to properly access an object in memory. Successful exploitation allows attackers to execute arbitrary code in the context of the current user. oval:org.secpod.oval:def:14823 The host is installed with Internet Explorer 6, 7, 8, 9 or 10 and is prone to cross-site-scripting (XSS) vulnerability. A flaw is present in the application, which fails to properly handle certain character sequences. Successful exploitation allows attackers to perform cross-site scripting attacks. oval:org.secpod.oval:def:14836 The host is installed with Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7 or Windows 8 and is prone to elevation of privilege vulnerability. The flaw is present in the Windows kernel, which fails to handle memory corruption condition in the NT Virtual DOS Machine (NTV ... oval:org.secpod.oval:def:14837 The host is installed with Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7 or Windows 8 and is prone to elevation of privilege vulnerability. The flaw is present in the Windows kernel, which fails to handle memory corruption condition in the NT Virtual DOS Machine (NTV ... oval:org.secpod.oval:def:14838 The host is installed with Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7 or Windows 8 and is prone to elevation of privilege vulnerability. The flaw is present in the Windows kernel, which fails to handle memory corruption condition in the NT Virtual DOS Machine (NTV ... oval:org.secpod.oval:def:14820 The host is installed with Internet Explorer 9 or 10 and is prone to memory corruption vulnerability. A flaw is present in the application, which fails to properly access an object in memory. Successful exploitation allows attackers to execute arbitrary code in the context of the current user. oval:org.secpod.oval:def:14821 The host is installed with Internet Explorer 9 and is prone to memory corruption vulnerability. A flaw is present in the application, which fails to properly access an object in memory. Successful exploitation allows attackers to execute arbitrary code in the context of the current user. oval:org.secpod.oval:def:14819 The host is installed with Internet Explorer 8, 9 or 10 and is prone to memory corruption vulnerability. A flaw is present in the application, which fails to properly access an object in memory. Successful exploitation allows attackers to execute arbitrary code in the context of the current user. oval:org.secpod.oval:def:14814 The host is installed with Internet Explorer 7, 8, 9 or 10 and is prone to memory corruption vulnerability. A flaw is present in the application, which fails to properly access an object in memory. Successful exploitation allows attackers to execute arbitrary code in the context of the current user. oval:org.secpod.oval:def:14817 The host is installed with Internet Explorer 8 or 9 and is prone to memory corruption vulnerability. A flaw is present in the application, which fails to properly access an object in memory. Successful exploitation allows attackers to execute arbitrary code in the context of the current user. oval:org.secpod.oval:def:14818 The host is installed with Internet Explorer 8 or 9 and is prone to memory corruption vulnerability. A flaw is present in the application, which fails to properly access an object in memory. Successful exploitation allows attackers to execute arbitrary code in the context of the current user. oval:org.secpod.oval:def:14815 The host is installed with Internet Explorer 6, 7, 8, 9 or 10 and is prone to memory corruption vulnerability. A flaw is present in the application, which fails to properly access an object in memory. Successful exploitation allows attackers to execute arbitrary code in the context of the current us ... oval:org.secpod.oval:def:14816 The host is installed with Internet Explorer 9 or 10 and is prone to memory corruption vulnerability. A flaw is present in the application, which fails to properly access an object in memory. Successful exploitation allows attackers to execute arbitrary code in the context of the current user. oval:org.secpod.oval:def:39379 An information disclosure vulnerability exists when Windows Uniscribe improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit the vulne ... oval:org.secpod.oval:def:39370 A remote code execution vulnerability exists due to the way Windows Uniscribe handles objects in memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts ... oval:org.secpod.oval:def:39371 A remote code execution vulnerability exists due to the way Windows Uniscribe handles objects in memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts ... oval:org.secpod.oval:def:39372 A remote code execution vulnerability exists due to the way Windows Uniscribe handles objects in memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts ... oval:org.secpod.oval:def:39373 A remote code execution vulnerability exists due to the way Windows Uniscribe handles objects in memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts ... oval:org.secpod.oval:def:39374 A remote code execution vulnerability exists due to the way Windows Uniscribe handles objects in memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts ... oval:org.secpod.oval:def:39375 A remote code execution vulnerability exists due to the way Windows Uniscribe handles objects in memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts ... oval:org.secpod.oval:def:39376 A remote code execution vulnerability exists due to the way Windows Uniscribe handles objects in memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts ... oval:org.secpod.oval:def:39360 An elevation of privilege vulnerability exists when the Windows Kernel API improperly handles registry objects in memory. An attacker who successfully exploited the vulnerability could gain elevated privileges on a targeted system. A locally authenticated attacker could exploit this vulnerability by ... oval:org.secpod.oval:def:39359 An elevation of privilege vulnerability exists when the Windows Transaction Manager improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context.In a local attack scenario, an attacker could exploit this vulnerability by r ... oval:org.secpod.oval:def:15399 The host is installed with Internet Explorer 9 or 10 and is prone to memory corruption vulnerability. The flaw is present in the application, which fails to properly handle crafted webpage. Successful exploitation allows attackers to execute arbitrary code and gain the user rights as the current use ... oval:org.secpod.oval:def:15397 The host is installed with Internet Explorer 7, 8, 9 or 10 and is prone to memory corruption vulnerability. The flaw is present in the application, which fails to properly handle crafted webpage. Successful exploitation allows attackers to execute arbitrary code and gain the user rights as the curre ... oval:org.secpod.oval:def:15398 The host is installed with Internet Explorer 6, 7 or 8 and is prone to memory corruption vulnerability. The flaw is present in the application, which fails to properly handle crafted webpage. Successful exploitation allows attackers to execute arbitrary code and gain the user rights as the current u ... oval:org.secpod.oval:def:15395 The host is installed with Internet Explorer 10 and is prone to memory corruption vulnerability. The flaw is present in the application, which fails to properly handle crafted webpage. Successful exploitation allows attackers to execute arbitrary code and gain the user rights as the current user. oval:org.secpod.oval:def:15396 The host is installed with Internet Explorer 9 or 10 and is prone to memory corruption vulnerability. The flaw is present in the application, which fails to properly handle crafted webpage. Successful exploitation allows attackers to execute arbitrary code and gain the user rights as the current use ... oval:org.secpod.oval:def:15394 The host is installed with Internet Explorer 9 or 10 and is prone to memory corruption vulnerability. The flaw is present in the application, which fails to properly handle crafted webpage. Successful exploitation allows attackers to execute arbitrary code and gain the user rights as the current use ... oval:org.secpod.oval:def:41653 An information disclosure vulnerability exists when the Volume Manager Extension Driver component improperly provides kernel information. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system.To exploit this vulnerability, an attacke ... oval:org.secpod.oval:def:41655 A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploits exploited this vulnerability would gain code execution on the target system. Users whose accounts are configured to have fewer user ri ... oval:org.secpod.oval:def:39391 An information disclosure vulnerability exists when Windows Uniscribe improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit the vulne ... oval:org.secpod.oval:def:39392 An information disclosure vulnerability exists when Windows Uniscribe improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit the vulne ... oval:org.secpod.oval:def:39393 An information disclosure vulnerability exists when Windows Uniscribe improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit the vulne ... oval:org.secpod.oval:def:39394 An information disclosure vulnerability exists when Windows Uniscribe improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit the vulne ... oval:org.secpod.oval:def:39395 An information disclosure vulnerability exists when Windows Uniscribe improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit the vulne ... oval:org.secpod.oval:def:39396 An information disclosure vulnerability exists when Windows Uniscribe improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit the vulne ... oval:org.secpod.oval:def:39397 An information disclosure vulnerability exists when Windows Uniscribe improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit the vulne ... oval:org.secpod.oval:def:39390 An information disclosure vulnerability exists when Windows Uniscribe improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit the vulne ... oval:org.secpod.oval:def:39388 An information disclosure vulnerability exists when Windows Uniscribe improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit the vulne ... oval:org.secpod.oval:def:39389 An information disclosure vulnerability exists when Windows Uniscribe improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit the vulne ... oval:org.secpod.oval:def:39380 An information disclosure vulnerability exists when Windows Uniscribe improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit the vulne ... oval:org.secpod.oval:def:39381 An information disclosure vulnerability exists when Windows Uniscribe improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit the vulne ... oval:org.secpod.oval:def:39382 An information disclosure vulnerability exists when Windows Uniscribe improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit the vulne ... oval:org.secpod.oval:def:39383 An information disclosure vulnerability exists when Windows Uniscribe improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit the vulne ... oval:org.secpod.oval:def:39384 An information disclosure vulnerability exists when Windows Uniscribe improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit the vulne ... oval:org.secpod.oval:def:39385 An information disclosure vulnerability exists when Windows Uniscribe improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit the vulne ... oval:org.secpod.oval:def:39386 An information disclosure vulnerability exists when Windows Uniscribe improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit the vulne ... oval:org.secpod.oval:def:39387 An information disclosure vulnerability exists when Windows Uniscribe improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit the vulne ... oval:org.secpod.oval:def:8326 The host is missing an Important security update according to Microsoft security bulletin, MS13-001. The update is required to fix remote code execution vulnerability in Microsoft Windows Print Spooler components. A flaw is present in the Windows print server which fails to validate a specially craf ... oval:org.secpod.oval:def:8325 The host is installed with Windows 7, Windows Server 2008 R2 and is prone to a remote code execution vulnerability. A flaw is present in the Windows Print Spooler components which fails to validate a specially crafted print job. Successful exploitation could allow an attacker to execute arbitrary co ... oval:org.mitre.oval:def:12055 Microsoft Internet Explorer 6, 7, and 8 does not prevent rendering of cached content as HTML, which allows remote attackers to access content from a different (1) domain or (2) zone via unspecified script code, aka "Cross-Domain Information Disclosure Vulnerability," a different vulnerability than C ... oval:org.mitre.oval:def:12033 The Common Language Runtime (CLR) in Microsoft .NET Framework 2.0 SP1, 2.0 SP2, 3.5, 3.5 SP1, and 3.5.1, and Microsoft Silverlight 2 and 3 before 3.0.50611.0 on Windows and before 3.0.41130.0 on Mac OS X, does not properly handle interfaces and delegations to virtual methods, which allows remote att ... oval:org.mitre.oval:def:12020 SigPlus Pro ActiveX control is installed oval:org.secpod.oval:def:39319 An information disclosure vulnerability exists in Windows when Windows DVD Maker fails to properly parse a specially crafted .msdvd file. An attacker who successfully exploited the vulnerability could obtain information to further compromise a target system.To exploit the vulnerability, an attacker ... oval:org.secpod.oval:def:30964 The host is installed with Windows journal in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1 or Windows 7 SP1 and is prone to a heap-based overflow vulnerability. A flaw is present in the application, which fails to properly handle crafted jnt files. Successful exploitation allows a ... oval:org.secpod.oval:def:30962 The host is installed with Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1 or Windows 7 SP1 and is prone to an elevation of privilege vulnerability. A flaw is present in the application, which fails to properly check the length of a buffer prior to copying memory into it. Successful ... oval:org.secpod.oval:def:30968 The host is installed with Microsoft Windows Server 2008, 2008 R2, 2012, 2012 R2, Windows 7, 8 or 8.1 and is prone to a tls triple handshake vulnerability. A flaw is present in the application, which fails to properly extend master secret binding support to all supported version of TLS. Successful e ... oval:org.secpod.oval:def:453 The host is installed with Microsoft Internet Explorer 8 on Windows 7 and is prone to arbitrary code execution vulnerability. A flaw is present in the browser, which allows bypassing DEP (data execution prevention) and ASLR (address space layout randomization) protection mechanisms used in IE Protec ... oval:org.secpod.oval:def:452 The host is installed with Microsoft Internet Explorer 8 on Windows 7 and is prone to arbitrary code execution vulnerability. A flaw is present in the browser, which allows bypassing DEP (data execution prevention) and ASLR (address space layout randomization) protection mechanisms used in IE Protec ... oval:org.secpod.oval:def:451 The host is installed with Microsoft Internet Explorer and is prone to arbitrary code execution vulnerability. A flaw is present in the browser, which allows bypassing DEP (data execution prevention) and ASLR (address space layout randomization) protection mechanisms used in IE Protected Mode sandbo ... oval:org.secpod.oval:def:33236 The host is installed with Vista SP2, Server 2008 SP2, Windows 7 SP1 or Server 2008 R2 SP1 and is prone to an elevation of privilege vulnerability. A flaw is present in the Windows, which fails to properly sanitize handles in memory. An attacker who successfully exploited this vulnerability could ru ... oval:org.secpod.oval:def:15400 The host is installed with Internet Explorer 9 or 10 and is prone to memory corruption vulnerability. The flaw is present in the application, which fails to properly handle crafted webpage. Successful exploitation allows attackers to execute arbitrary code and gain the user rights as the current use ... oval:org.secpod.oval:def:15403 The host is installed with Internet Explorer 8 or 9 and is prone to memory corruption vulnerability. The flaw is present in the application, which fails to properly handle crafted webpage. Successful exploitation allows attackers to execute arbitrary code and gain the user rights as the current user ... oval:org.secpod.oval:def:15401 The host is installed with Internet Explorer 8, 9 or 10 and is prone to memory corruption vulnerability. The flaw is present in the application, which fails to properly handle crafted webpage. Successful exploitation allows attackers to execute arbitrary code and gain the user rights as the current ... oval:org.secpod.oval:def:15402 The host is installed with Internet Explorer 9 or 10 and is prone to memory corruption vulnerability. The flaw is present in the application, which fails to properly handle crafted webpage. Successful exploitation allows attackers to execute arbitrary code and gain the user rights as the current use ... oval:org.mitre.oval:def:6437 Maxthon Browser 2.5.3.80 UNICODE allows remote attackers to spoof the address bar, via window.open with a relative URI, to show an arbitrary URL on the web site visited by the victim, as demonstrated by a visit to an attacker-controlled web page, which triggers a spoofed login form for the site cont ... oval:org.secpod.oval:def:7909 The host is installed with Microsoft Internet Information Services 7.0 or 7.5 and is prone to command injection vulnerability. A flaw is present in Internet Information Services (IIS), which fails to properly handle specially crafted FTP commands. Successful exploitation could allow information disc ... oval:org.secpod.oval:def:7907 The host is missing a critical security update according to Microsoft security bulletin, MS12-073. The update is required to fix multiple vulnerabilities. The flaws are present in Internet Information Services (IIS), which fails to properly handle specially crafted FTP commands. Successful exploitat ... oval:org.secpod.oval:def:7908 The host is installed with Microsoft Internet Information Services 7.5 and is prone to password disclosure vulnerability. A flaw is present in Internet Information Services (IIS), which fails to properly protect log files. Successful exploitation could allow information disclosure. oval:org.mitre.oval:def:11606 The CTimeoutEventList::InsertIntoTimeoutList function in Microsoft mshtml.dll uses a certain pointer value as part of producing Timer ID values for the setTimeout and setInterval methods in VBScript and JScript, which allows remote attackers to obtain sensitive information about the heap memory addr ... oval:org.secpod.oval:def:15641 The host is installed with Microsoft Internet Explorer 6, 7, 8, 9 or 10 and is prone to a memory corruption vulnerability. A flaw is present in the applications, which fails to handle crafted data. Successful exploitation could allow attackers to crash the service. oval:org.secpod.oval:def:15650 The host is installed with Microsoft Internet Explorer 6, 7, 8, 9 or 10 and is prone to a memory corruption vulnerability. A flaw is present in the applications, which fails to handle crafted data. Successful exploitation could allow attackers to crash the service. oval:org.secpod.oval:def:16184 The host is installed with Microsoft Internet Explorer 10 or 11 and is prone to elevation of privilege vulnerability. A flaw is present in the application, which fails to properly validate permissions. Successful exploitation allows attackers to gain elevation of privilege. oval:org.secpod.oval:def:16185 The host is installed with Microsoft Internet Explorer 7, 8, 9, 10 or 11 and is prone to elevation of privilege vulnerability. A flaw is present in the application, which fails to properly validate permissions. Successful exploitation allows attackers to gain elevation of privilege. oval:org.secpod.oval:def:16186 The host is installed with Microsoft Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to remote code execution vulnerability. A flaw is present in the application, which fails to handle an object in memory. Successful exploitation allows attackers to execute arbitrary code in the context of the c ... oval:org.secpod.oval:def:15986 The host is installed with Microsoft Internet Explorer 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. The flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to crash the service. oval:org.secpod.oval:def:15987 The host is installed with Microsoft Internet Explorer 9, 10 or 11 and is prone to a memory corruption vulnerability. The flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to crash the service. oval:org.secpod.oval:def:15990 The host is installed with Microsoft Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. The flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to crash the service. oval:org.secpod.oval:def:15988 The host is installed with Microsoft Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. The flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to crash the service. oval:org.secpod.oval:def:15989 The host is installed with Microsoft Internet Explorer 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. The flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to crash the service. oval:org.secpod.oval:def:16777 The host is installed with Microsoft Internet Explorer 8, 9, 10 or 11 and is prone to memory corruption vulnerability. A flaw is present in the application, which fails to properly handle the access of an object in memory. Successful exploitation allows attackers to execute arbitrary code or cause a ... oval:org.secpod.oval:def:16771 The host is installed with Microsoft Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to memory corruption vulnerability. A flaw is present in the application, which fails to properly handle the access of an object in memory. Successful exploitation allows attackers to execute arbitrary code or c ... oval:org.secpod.oval:def:16770 The host is installed with Microsoft Internet Explorer 9, 10 or 11 and is prone to memory corruption vulnerability. A flaw is present in the application, which fails to properly handle the access of an object in memory. Successful exploitation allows attackers to execute arbitrary code or cause a de ... oval:org.secpod.oval:def:16769 The host is installed with Microsoft Internet Explorer 9, 10 or 11 and is prone to memory corruption vulnerability. A flaw is present in the application, which fails to properly handle the access of an object in memory. Successful exploitation allows attackers to execute arbitrary code or cause a de ... oval:org.secpod.oval:def:16785 The host is installed with Microsoft Internet Explorer 9, 10 or 11 and is prone to information disclosure vulnerability. A flaw is present in the application, which is caused when Internet Explorer does not properly enforce cross-domain policies. Successful exploitation allows attackers to view cont ... oval:org.secpod.oval:def:16784 The host is installed with Microsoft Internet Explorer 11 and is prone to memory corruption vulnerability. A flaw is present in the application, which fails to properly handle the access of an object in memory. Successful exploitation allows attackers to execute arbitrary code or cause a denial of s ... oval:org.secpod.oval:def:16783 The host is installed with Microsoft Internet Explorer 9, 10 or 11 and is prone to memory corruption vulnerability. A flaw is present in the application, which fails to properly handle the access of an object in memory. Successful exploitation allows attackers to execute arbitrary code or cause a de ... oval:org.secpod.oval:def:16782 The host is installed with Microsoft Internet Explorer 8, 9, 10 or 11 and is prone to memory corruption vulnerability. A flaw is present in the application, which fails to properly handle the access of an object in memory. Successful exploitation allows attackers to execute arbitrary code or cause a ... oval:org.secpod.oval:def:16781 The host is installed with Microsoft Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to memory corruption vulnerability. A flaw is present in the application, which fails to properly handle the access of an object in memory. Successful exploitation allows attackers to execute arbitrary code or c ... oval:org.secpod.oval:def:16780 The host is installed with Microsoft Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to memory corruption vulnerability. A flaw is present in the application, which fails to properly handle the access of an object in memory. Successful exploitation allows attackers to execute arbitrary code or c ... oval:org.secpod.oval:def:16757 The host is installed with VBScript engine 5.6, 5.7 or 5.8 or Microsoft Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to execute arbitra ... oval:org.secpod.oval:def:16764 The host is installed with Microsoft Internet Explorer 11 and is prone to memory corruption vulnerability. A flaw is present in the application, which fails to properly handle the access of an object in memory. Successful exploitation allows attackers to execute arbitrary code or cause a denial of s ... oval:org.secpod.oval:def:16763 The host is installed with Microsoft Internet Explorer 11 and is prone to memory corruption vulnerability. A flaw is present in the application, which fails to properly handle the access of an object in memory. Successful exploitation allows attackers to execute arbitrary code or cause a denial of s ... oval:org.secpod.oval:def:16767 The host is installed with Microsoft Internet Explorer 9, 10 or 11 and is prone to memory corruption vulnerability. A flaw is present in the application, which fails to properly handle the access of an object in memory. Successful exploitation allows attackers to execute arbitrary code or cause a de ... oval:org.secpod.oval:def:16765 The host is installed with Microsoft Internet Explorer 8, 9, 10 or 11 and is prone to elevation of privilege vulnerability.. A flaw is present in the application, which fails to properly properly validate permissions. Successful exploitation allows attackers to bypass the Mandatory Integrity Control ... oval:org.secpod.oval:def:16984 The host is installed with Internet Explorer 6 through 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle objects in memory. Successful exploitation could allow attackers to gain the same user rights as the current user or execu ... oval:org.secpod.oval:def:16986 The host is installed with Internet Explorer 9 through 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle objects in memory. Successful exploitation could allow attackers to gain the same user rights as the current user or execu ... oval:org.secpod.oval:def:16985 The host is installed with Internet Explorer 8 through 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle objects in memory. Successful exploitation could allow attackers to gain the same user rights as the current user or execu ... oval:org.secpod.oval:def:16189 The host is installed with Microsoft Internet Explorer 10 or 11 and is prone to remote code execution vulnerability. A flaw is present in the application, which fails to handle an object in memory. Successful exploitation allows attackers to execute arbitrary code in the context of the current user. oval:org.secpod.oval:def:16187 The host is installed with Microsoft Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to remote code execution vulnerability. A flaw is present in the application, which fails to handle an object in memory. Successful exploitation allows attackers to execute arbitrary code in the context of the c ... oval:org.secpod.oval:def:16995 The host is installed with Internet Explorer 6 through 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle objects in memory. Successful exploitation could allow attackers to gain the same user rights as the current user or execu ... oval:org.secpod.oval:def:16993 The host is installed with Internet Explorer 8 through 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle objects in memory. Successful exploitation could allow attackers to gain the same user rights as the current user or execu ... oval:org.secpod.oval:def:16999 The host is installed with Internet Explorer 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle objects in memory. Successful exploitation could allow attackers to gain the same user rights as the current user or execute a ... oval:org.secpod.oval:def:16997 The host is installed with Internet Explorer 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle objects in memory. Successful exploitation could allow attackers to gain the same user rights as the current user or execute a ... oval:org.secpod.oval:def:16996 The host is installed with Internet Explorer 8 through 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle objects in memory. Successful exploitation could allow attackers to gain the same user rights as the current user or execu ... oval:org.secpod.oval:def:16990 The host is installed with Internet Explorer 6 through 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle objects in memory. Successful exploitation could allow attackers to gain the same user rights as the current user or execu ... oval:org.secpod.oval:def:16989 The host is installed with Internet Explorer 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle objects in memory. Successful exploitation could allow attackers to gain the same user rights as the current user or execute arbitra ... oval:org.secpod.oval:def:17001 The host is installed with Internet Explorer 8 through 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle objects in memory. Successful exploitation could allow attackers to gain the same user rights as the current user or execu ... oval:org.secpod.oval:def:17000 The host is installed with Internet Explorer 9 or 10 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle objects in memory. Successful exploitation could allow attackers to gain the same user rights as the current user or execute ar ... oval:org.secpod.oval:def:19864 The host is installed with IE 6,7 or 8 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to gain the same user rights as the current user. oval:org.secpod.oval:def:19861 The host is installed with IE 8 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to gain the same user rights as the current user. oval:org.secpod.oval:def:18541 The host is installed with Microsoft Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to remote code execution vulnerability. A flaw is present in the application, which fails to properly handle the access of an object in memory. Successful exploitation allows attackers to execute arbitrary code ... oval:org.secpod.oval:def:18540 The host is installed with Microsoft Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to remote code execution vulnerability. A flaw is present in the application, which fails to properly handle the access of an object in memory. Successful exploitation allows attackers to execute arbitrary code ... oval:org.secpod.oval:def:19812 The host is installed with IE 9,10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to gain the same user rights as the current user. oval:org.secpod.oval:def:19813 The host is installed with IE 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to gain the same user rights as the current user. oval:org.secpod.oval:def:19814 The host is installed with IE 6,7,8,9,10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to gain the same user rights as the current user. oval:org.secpod.oval:def:19815 The host is installed with IE 6,7,8,9,10 or 11 and is prone to a TLS server certificate renegotiation vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to gain the same user rights as the current user. oval:org.secpod.oval:def:19810 The host is installed with IE 6,7,8,9,10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to gain the same user rights as the current user. oval:org.secpod.oval:def:19811 The host is installed with IE 7,8,9,10 or 11 and is prone to an elevation of privilege vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to gain the same user rights as the current user. oval:org.secpod.oval:def:19809 The host is installed with IE 6,7,8,9,10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to gain the same user rights as the current user. oval:org.secpod.oval:def:19846 The host is installed with IE 9 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to gain the same user rights as the current user. oval:org.secpod.oval:def:19843 The host is installed with IE 8 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to gain the same user rights as the current user. oval:org.secpod.oval:def:19838 The host is installed with IE 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to gain the same user rights as the current user. oval:org.secpod.oval:def:19859 The host is installed with IE 6,7 or 8 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to gain the same user rights as the current user. oval:org.secpod.oval:def:19823 The host is installed with IE 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to gain the same user rights as the current user. oval:org.secpod.oval:def:19824 The host is installed with IE 8 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to gain the same user rights as the current user. oval:org.secpod.oval:def:19825 The host is installed with IE 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to gain the same user rights as the current user. oval:org.secpod.oval:def:19826 The host is installed with IE 9,10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to gain the same user rights as the current user. oval:org.secpod.oval:def:19820 The host is installed with IE 10 or 11 and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to gain the same user rights as the current user. oval:org.secpod.oval:def:19821 The host is installed with IE 8,9,10 or 11 and is prone to an elevation of privilege vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to gain the same user rights as the current user. oval:org.secpod.oval:def:19822 The host is installed with IE 6,7,8,9,10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to gain the same user rights as the current user. oval:org.secpod.oval:def:19816 The host is installed with IE 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to gain the same user rights as the current user. oval:org.secpod.oval:def:19817 The host is installed with IE 9,10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to gain the same user rights as the current user. oval:org.secpod.oval:def:19818 The host is installed with IE 9 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to gain the same user rights as the current user. oval:org.secpod.oval:def:19819 The host is installed with IE 6,7,8,9,10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to gain the same user rights as the current user. oval:org.secpod.oval:def:19834 The host is installed with IE 8 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to gain the same user rights as the current user. oval:org.secpod.oval:def:19835 The host is installed with IE 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to gain the same user rights as the current user. oval:org.secpod.oval:def:19836 The host is installed with IE 9,10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to gain the same user rights as the current user. oval:org.secpod.oval:def:19837 The host is installed with IE 6,8,9,10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to gain the same user rights as the current user. oval:org.secpod.oval:def:19830 The host is installed with IE 9 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to gain the same user rights as the current user. oval:org.secpod.oval:def:19831 The host is installed with IE 10 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to gain the same user rights as the current user. oval:org.secpod.oval:def:19832 The host is installed with IE 10 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to gain the same user rights as the current user. oval:org.secpod.oval:def:19833 The host is installed with IE 7,8,9,10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to gain the same user rights as the current user. oval:org.secpod.oval:def:19827 The host is installed with IE 9,10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to gain the same user rights as the current user. oval:org.secpod.oval:def:19828 The host is installed with IE 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to gain the same user rights as the current user. oval:org.secpod.oval:def:19829 The host is installed with IE 9,10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to gain the same user rights as the current user. oval:org.secpod.oval:def:17394 The host is installed with Microsoft Internet Explorer 9 and is prone to memory corruption vulnerability. A flaw is present in the application, which fails to handle a crafted website. Successful exploitation allows attackers to execute arbitrary code in the context of the current user. oval:org.secpod.oval:def:17393 The host is installed with Microsoft Internet Explorer 9 and is prone to memory corruption vulnerability. A flaw is present in the application, which fails to handle a crafted website. Successful exploitation allows attackers to execute arbitrary code in the context of the current user. oval:org.secpod.oval:def:17392 The host is installed with Microsoft Internet Explorer 9 and is prone to memory corruption vulnerability. A flaw is present in the application, which fails to handle a crafted website. Successful exploitation allows attackers to execute arbitrary code in the context of the current user. oval:org.secpod.oval:def:17391 The host is installed with Microsoft Internet Explorer 11 and is prone to memory corruption vulnerability. A flaw is present in the application, which fails to handle a crafted website. Successful exploitation allows attackers to execute arbitrary code in the context of the current user. oval:org.secpod.oval:def:17397 The host is missing a critical security update according to Microsoft bulletin, MS14-018. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted website. Successful exploitation allows attacker to execute arbitrary code in the ... oval:org.secpod.oval:def:17396 The host is installed with Microsoft Internet Explorer 6, 7, 8 or 9 and is prone to memory corruption vulnerability. A flaw is present in the application, which fails to handle a crafted website. Successful exploitation allows attackers to execute arbitrary code in the context of the current user. oval:org.secpod.oval:def:17584 The host is installed with Microsoft Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to memory corruption vulnerability. A flaw is present in the application, which fails to properly handle the access of an object in memory. Successful exploitation allows attackers to execute arbitrary code or c ... oval:org.secpod.oval:def:19867 The host is installed with IE 8,9,10 or 11 and is prone to an elevation of privilege vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to gain the same user rights as the current user. oval:org.secpod.oval:def:19863 The host is installed with IE 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to gain the same user rights as the current user. oval:org.secpod.oval:def:19865 The host is installed with IE 9,10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to gain the same user rights as the current user. oval:org.secpod.oval:def:19866 The host is installed with IE 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to gain the same user rights as the current user. oval:org.secpod.oval:def:19860 The host is installed with IE 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to gain the same user rights as the current user. oval:org.secpod.oval:def:19862 The host is installed with IE 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to gain the same user rights as the current user. oval:org.secpod.oval:def:19845 The host is installed with IE 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to gain the same user rights as the current user. oval:org.secpod.oval:def:19847 The host is installed with IE 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to gain the same user rights as the current user. oval:org.secpod.oval:def:19848 The host is installed with IE 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to gain the same user rights as the current user. oval:org.secpod.oval:def:19841 The host is installed with IE 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to gain the same user rights as the current user. oval:org.secpod.oval:def:19842 The host is installed with IE 6,7,8,9,10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to gain the same user rights as the current user. oval:org.secpod.oval:def:19844 The host is installed with IE 9,10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to gain the same user rights as the current user. oval:org.secpod.oval:def:19840 The host is installed with IE 8,9,10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to gain the same user rights as the current user. oval:org.secpod.oval:def:19839 The host is installed with IE 6,7,8,9,10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to gain the same user rights as the current user. oval:org.secpod.oval:def:19856 The host is installed with IE 9,10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to gain the same user rights as the current user. oval:org.secpod.oval:def:19857 The host is installed with IE 9,10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to gain the same user rights as the current user. oval:org.secpod.oval:def:19852 The host is installed with IE 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to gain the same user rights as the current user. oval:org.secpod.oval:def:19853 The host is installed with IE 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to gain the same user rights as the current user. oval:org.secpod.oval:def:19854 The host is installed with IE 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to gain the same user rights as the current user. oval:org.secpod.oval:def:19855 The host is installed with IE 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to gain the same user rights as the current user. oval:org.secpod.oval:def:19850 The host is installed with IE 9,10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to gain the same user rights as the current user. oval:org.secpod.oval:def:19851 The host is installed with IE 9,10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to gain the same user rights as the current user. oval:org.secpod.oval:def:19849 The host is installed with IE 6,7,8,9,10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to gain the same user rights as the current user. oval:org.secpod.oval:def:20059 The host is installed with IE 9,10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to gain the same user rights as the current user. oval:org.secpod.oval:def:20119 The host is installed with Internet Explorer 8, 9 or 10 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly access objects in memory. Successful exploitation could allow attackers to execute arbitrary code. oval:org.secpod.oval:def:20117 The host is installed with Internet Explorer 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application , which fails to properly access objects in memory. Successful exploitation could allow attackers to execute arbitrary code. oval:org.secpod.oval:def:20118 The host is installed with Internet Explorer 11 and is prone to a memory corruption vulnerability. A flaw is present in the application , which fails to properly access objects in memory. Successful exploitation could allow attackers to execute arbitrary code. oval:org.secpod.oval:def:20115 The host is installed with Internet Explorer 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly access objects in memory. Successful exploitation could allow attackers to execute arbitrary code. oval:org.secpod.oval:def:20116 The host is installed with Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly access objects in memory. Successful exploitation could allow attackers to execute arbitrary code. oval:org.secpod.oval:def:20113 The host is installed with Internet Explorer 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly access objects in memory. Successful exploitation could allow attackers to execute arbitrary code. oval:org.secpod.oval:def:20114 The host is installed with Internet Explorer 6, 7 or 8 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly access objects in memory. Successful exploitation could allow attackers to execute arbitrary code. oval:org.secpod.oval:def:20122 The host is installed with Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly access objects in memory. Successful exploitation could allow attackers to execute arbitrary code. oval:org.secpod.oval:def:20123 The host is installed with Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly access objects in memory. Successful exploitation could allow attackers to execute arbitrary code. oval:org.secpod.oval:def:20120 The host is installed with Internet Explorer 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly access objects in memory. Successful exploitation could allow attackers to execute arbitrary code. oval:org.secpod.oval:def:20121 The host is installed with Internet Explorer 11 and is prone to a memory corruption vulnerability. A flaw is present in the application , which fails to properly access objects in memory. Successful exploitation could allow attackers to execute arbitrary code. oval:org.secpod.oval:def:20108 The host is installed with Internet Explorer 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly access objects in memory. Successful exploitation could allow attackers to execute arbitrary code. oval:org.secpod.oval:def:20109 The host is installed with Internet Explorer 11 and is prone to a memory corruption vulnerability. A flaw is present in the application , which fails to properly access objects in memory. Successful exploitation could allow attackers to execute arbitrary code. oval:org.secpod.oval:def:20106 The host is installed with Internet Explorer 11 and is prone to a memory corruption vulnerability. A flaw is present in the application , which fails to properly access objects in memory. Successful exploitation could allow attackers to execute arbitrary code. oval:org.secpod.oval:def:20105 The host is installed with Internet Explorer 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application , which fails to properly access objects in memory. Successful exploitation could allow attackers to execute arbitrary code. oval:org.secpod.oval:def:20102 The host is installed with Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly access objects in memory. Successful exploitation could allow attackers to execute arbitrary code. oval:org.secpod.oval:def:20103 The host is installed with Internet Explorer 7, 8, 9, 10 or 11 and is prone to a Extended Validation (EV) certificate security feature bypass vulnerability. A flaw is present in the application , which force to prevent the use of wildcard certificates. Successful exploitation could allow attackers t ... oval:org.secpod.oval:def:20111 The host is installed with Internet Explorer 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application , which fails to properly access objects in memory. Successful exploitation could allow attackers to execute arbitrary code. oval:org.secpod.oval:def:20110 The host is installed with Internet Explorer 9 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly access objects in memory. Successful exploitation could allow attackers to execute arbitrary code. oval:org.secpod.oval:def:20101 The host is installed with Internet Explorer 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application , which fails to properly access objects in memory. Successful exploitation could allow attackers to execute arbitrary code. oval:org.secpod.oval:def:20124 The host is installed with Internet Explorer 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application , which fails to properly access objects in memory. Successful exploitation could allow attackers to execute arbitrary code. oval:org.secpod.oval:def:20798 The host is installed with Internet Explorer 7, 8, 9 or 10 and is prone to a memory corruption vulnerability. A flaw is present in the application , which fails to properly access objects in memory. Successful exploitation could allow attackers to execute arbitrary code. oval:org.secpod.oval:def:20796 The host is installed with Internet Explorer 9 or 10 and is prone to a memory corruption vulnerability. A flaw is present in the application , which fails to properly access objects in memory. Successful exploitation could allow attackers to execute arbitrary code. oval:org.secpod.oval:def:20787 The host is installed with Internet Explorer 8 or 9 and is prone to a memory corruption vulnerability. A flaw is present in the application , which fails to properly access objects in memory. Successful exploitation could allow attackers to execute arbitrary code. oval:org.secpod.oval:def:20784 The host is installed with Internet Explorer 10 and is prone to a memory corruption vulnerability. A flaw is present in the application , which fails to properly access objects in memory. Successful exploitation could allow attackers to execute arbitrary code. oval:org.secpod.oval:def:20790 The host is installed with Internet Explorer 8 and is prone to a memory corruption vulnerability. A flaw is present in the application , which fails to properly access objects in memory. Successful exploitation could allow attackers to execute arbitrary code. oval:org.secpod.oval:def:21389 The host is installed with Internet Explorer 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle objects in memory. Successful exploitation could attackers to execute arbitrary code in the context of the current user. oval:org.secpod.oval:def:21378 The host is installed with Internet Explorer 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle objects in memory. Successful exploitation could allow attackers to execute arbitrary code in the context of the current user. oval:org.secpod.oval:def:21379 The host is installed with Internet Explorer 6, 7, 8, 9 or 10 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle a crafted website. Successful exploitation could allow attackers to elevate privileges in affected versions of Internet Explore ... oval:org.secpod.oval:def:21380 The host is installed with Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle a crafted website. Successful exploitation could allow attackers to elevate privileges in affected versions of Internet Exp ... oval:org.secpod.oval:def:21387 The host is installed with Internet Explorer 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle objects in memory. Successful exploitation could allow attackers to execute arbitrary code in the context of the current user. oval:org.secpod.oval:def:21388 The host is installed with Internet Explorer 9, 10 or 11 and is prone to a ASLR bypass vulnerability. A flaw is present in the application, which fails to handle a crafted website. Successful exploitation could allow an attacker to bypass the Address Space Layout Randomization (ASLR) security featur ... oval:org.secpod.oval:def:21385 The host is installed with Internet Explorer 6, 7 or 8 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle a crafted website. Successful exploitation could allow attackers to elevate privileges in affected versions of Internet Explorer. oval:org.secpod.oval:def:21383 The host is installed with Internet Explorer 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle objects in memory. Successful exploitation could allow attackers to execute arbitrary code in the context of the current user. oval:org.secpod.oval:def:21381 The host is installed with Internet Explorer 8 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle a crafted website. Successful exploitation could allow attackers to elevate privileges in affected versions of Internet Explorer. oval:org.secpod.oval:def:21382 The host is installed with Internet Explorer 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle objects in memory. Successful exploitation could allow attackers to execute arbitrary code in the context of the current user. oval:org.secpod.oval:def:21376 The host is installed with Internet Explorer 7, 8, 9, 10 or 11 and is prone to a elevation of privilege vulnerability. A flaw is present in the application, which fails to handle a crafted website. Successful exploitation could allow attackers to elevate privileges in affected versions of Internet E ... oval:org.secpod.oval:def:21377 The host is installed with Internet Explorer 7, 8, 9, 10 or 11 and is prone to a elevation of privilege vulnerability. A flaw is present in the application, which fails to handle a crafted website. Successful exploitation could allow attackers to elevate privileges in affected versions of Internet E ... oval:org.secpod.oval:def:21574 The host is installed with Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle a crafted website. Successful exploitation could allow attackers to gain the same user rights as the current user. oval:org.secpod.oval:def:21575 The host is installed with Internet Explorer 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle a crafted website. Successful exploitation could allow attackers to gain the same user rights as the current user. oval:org.secpod.oval:def:21589 The host is installed with Internet Explorer 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle a crafted website. Successful exploitation could allow attackers to gain the same user rights as the current user. oval:org.secpod.oval:def:21587 The host is installed with Internet Explorer 7, 8, 9, 10 or 11 and is prone to a clipboard information disclosure vulnerability. A flaw is present in the application, which does not properly restrict access to the clipboard of a user who visits a website. Successful exploitation could allow attacker ... oval:org.secpod.oval:def:21588 The host is installed with Internet Explorer 9 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle a crafted website. Successful exploitation could allow attackers to gain the same user rights as the current user. oval:org.secpod.oval:def:21578 The host is installed with Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle a crafted website. Successful exploitation could allow attackers to gain the same user rights as the current user. oval:org.secpod.oval:def:21579 The host is installed with Internet Explorer 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle a crafted website. Successful exploitation could allow attackers to gain the same user rights as the current user. oval:org.secpod.oval:def:21576 The host is installed with Internet Explorer 8 or 9 and is prone to an ASLR Bypass vulnerability. A flaw is present in the application, which fails to handle a crafted website. Successful exploitation could allow an attacker to more reliably predict the memory offsets of specific instructions in a g ... oval:org.secpod.oval:def:21577 The host is installed with Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to a cross-domain information disclosure vulnerability. A flaw is present in the application, which does not properly enforce cross-domain policies. Successful exploitation could allow an attacker to gain access to inform ... oval:org.secpod.oval:def:21585 The host is installed with Internet Explorer 10 or 11 and is prone to an elevation of privilege vulnerability. A flaw is present in the application, which does not properly validate permissions under specific conditions, potentially allowing script to be run with elevated privileges. Successful expl ... oval:org.secpod.oval:def:21586 The host is installed with Internet Explorer 10 or 11 and is prone to an elevation of privilege vulnerability. A flaw is present in the application, which does not properly validate permissions under specific conditions, potentially allowing script to be run with elevated privileges. Successful expl ... oval:org.secpod.oval:def:21583 The host is installed with Internet Explorer 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle a crafted website. Successful exploitation could allow attackers to gain the same user rights as the current user. oval:org.secpod.oval:def:21584 The host is installed with Internet Explorer 9 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle a crafted website. Successful exploitation could allow attackers to gain the same user rights as the current user. oval:org.secpod.oval:def:21581 The host is installed with Internet Explorer 9 or 10 and is prone to a cross-domain information disclosure vulnerability. A flaw is present in the application, which does not properly enforce cross-domain policies. Successful exploitation could allow an attacker to gain access to information in anot ... oval:org.secpod.oval:def:21582 The host is installed with Internet Explorer 8, 9, 10 or 11 and is prone to a cross-domain information disclosure vulnerability. A flaw is present in the application, which does not properly enforce cross-domain policies. Successful exploitation could allow an attacker to gain access to information ... oval:org.secpod.oval:def:21580 The host is installed with Internet Explorer 8 or 9 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle a crafted website. Successful exploitation could allow attackers to gain the same user rights as the current user. oval:org.secpod.oval:def:21050 The host is installed with Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to a information disclosure vulnerability. A flaw is present in the application, which fails to handle a crafted website. Successful exploitation could allow attackers to detect anti-malware applications in use on a targe ... oval:org.secpod.oval:def:21057 The host is installed with Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which improperly accesses objects in memory. Successful exploitation could allow attackers to execute arbitrary code or cause a denial of service ... oval:org.secpod.oval:def:21058 The host is installed with Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which improperly accesses objects in memory. Successful exploitation could allow attackers to execute arbitrary code or cause a denial of service ... oval:org.secpod.oval:def:21055 The host is installed with Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which improperly accesses objects in memory. Successful exploitation could allow attackers to execute arbitrary code or cause a denial of service ... oval:org.secpod.oval:def:21056 The host is installed with Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which improperly accesses objects in memory. Successful exploitation could allow attackers to execute arbitrary code or cause a denial of service ... oval:org.secpod.oval:def:21053 The host is installed with Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which improperly accesses objects in memory. Successful exploitation could allow attackers to execute arbitrary code or cause a denial of service ... oval:org.secpod.oval:def:21054 The host is installed with Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which improperly accesses objects in memory. Successful exploitation could allow attackers to execute arbitrary code or cause a denial of service ... oval:org.secpod.oval:def:21051 The host is installed with Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which improperly accesses objects in memory. Successful exploitation could allow attackers to execute arbitrary code or cause a denial of service ... oval:org.secpod.oval:def:21052 The host is installed with Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which improperly accesses objects in memory. Successful exploitation could allow attackers to execute arbitrary code or cause a denial of service ... oval:org.secpod.oval:def:21082 The host is installed with Internet Explorer 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which improperly accesses objects in memory. Successful exploitation could allow attackers to execute arbitrary code or cause a denial of service. oval:org.secpod.oval:def:21083 The host is installed with Internet Explorer 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which improperly accesses objects in memory. Successful exploitation could allow attackers to execute arbitrary code or cause a denial of service. oval:org.secpod.oval:def:21080 The host is installed with Internet Explorer 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which improperly accesses objects in memory. Successful exploitation could allow attackers to execute arbitrary code or cause a denial of service. oval:org.secpod.oval:def:21081 The host is installed with Internet Explorer 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which improperly accesses objects in memory. Successful exploitation could allow attackers to execute arbitrary code or cause a denial of service. oval:org.secpod.oval:def:21086 The host is installed with Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which improperly accesses objects in memory. Successful exploitation could allow attackers to execute arbitrary code or cause a denial of service ... oval:org.secpod.oval:def:21084 The host is installed with Internet Explorer 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which improperly accesses objects in memory. Successful exploitation could allow attackers to execute arbitrary code or cause a denial of service. oval:org.secpod.oval:def:21085 The host is installed with Internet Explorer 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which improperly accesses objects in memory. Successful exploitation could allow attackers to execute arbitrary code or cause a denial of service. oval:org.secpod.oval:def:21071 The host is installed with Internet Explorer 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which improperly accesses objects in memory. Successful exploitation could allow attackers to execute arbitrary code or cause a denial of service. oval:org.secpod.oval:def:21072 The host is installed with Internet Explorer 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which improperly accesses objects in memory. Successful exploitation could allow attackers to execute arbitrary code or cause a denial of service. oval:org.secpod.oval:def:21070 The host is installed with Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which improperly accesses objects in memory. Successful exploitation could allow attackers to execute arbitrary code or cause a denial of service ... oval:org.secpod.oval:def:21079 The host is installed with Internet Explorer 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which improperly accesses objects in memory. Successful exploitation could allow attackers to execute arbitrary code or cause a denial of service. oval:org.secpod.oval:def:21077 The host is installed with Internet Explorer 10 and is prone to a memory corruption vulnerability. A flaw is present in the application, which improperly accesses objects in memory. Successful exploitation could allow attackers to execute arbitrary code or cause a denial of service. oval:org.secpod.oval:def:21078 The host is installed with Internet Explorer 6 through 8 and is prone to a memory corruption vulnerability. A flaw is present in the application, which improperly accesses objects in memory. Successful exploitation could allow attackers to execute arbitrary code or cause a denial of service. oval:org.secpod.oval:def:21075 The host is installed with Internet Explorer 6 through 10 and is prone to a memory corruption vulnerability. A flaw is present in the application, which improperly accesses objects in memory. Successful exploitation could allow attackers to execute arbitrary code or cause a denial of service. oval:org.secpod.oval:def:21076 The host is installed with Internet Explorer 10 and is prone to a memory corruption vulnerability. A flaw is present in the application, which improperly accesses objects in memory. Successful exploitation could allow attackers to execute arbitrary code or cause a denial of service. oval:org.secpod.oval:def:21073 The host is installed with Internet Explorer 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which improperly accesses objects in memory. Successful exploitation could allow attackers to execute arbitrary code or cause a denial of service. oval:org.secpod.oval:def:21074 The host is installed with Internet Explorer 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which improperly accesses objects in memory. Successful exploitation could allow attackers to execute arbitrary code or cause a denial of service. oval:org.secpod.oval:def:21059 The host is installed with Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which improperly accesses objects in memory. Successful exploitation could allow attackers to execute arbitrary code or cause a denial of service ... oval:org.secpod.oval:def:21060 The host is installed with Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which improperly accesses objects in memory. Successful exploitation could allow attackers to execute arbitrary code or cause a denial of service ... oval:org.secpod.oval:def:21061 The host is installed with Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which improperly accesses objects in memory. Successful exploitation could allow attackers to execute arbitrary code or cause a denial of service ... oval:org.secpod.oval:def:21068 The host is installed with Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which improperly accesses objects in memory. Successful exploitation could allow attackers to execute arbitrary code or cause a denial of service ... oval:org.secpod.oval:def:21069 The host is installed with Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which improperly accesses objects in memory. Successful exploitation could allow attackers to execute arbitrary code or cause a denial of service ... oval:org.secpod.oval:def:21066 The host is installed with Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which improperly accesses objects in memory. Successful exploitation could allow attackers to execute arbitrary code or cause a denial of service ... oval:org.secpod.oval:def:21067 The host is installed with Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which improperly accesses objects in memory. Successful exploitation could allow attackers to execute arbitrary code or cause a denial of service ... oval:org.secpod.oval:def:21064 The host is installed with Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which improperly accesses objects in memory. Successful exploitation could allow attackers to execute arbitrary code or cause a denial of service ... oval:org.secpod.oval:def:21065 The host is installed with Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which improperly accesses objects in memory. Successful exploitation could allow attackers to execute arbitrary code or cause a denial of service ... oval:org.secpod.oval:def:21062 The host is installed with Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which improperly accesses objects in memory. Successful exploitation could allow attackers to execute arbitrary code or cause a denial of service ... oval:org.secpod.oval:def:21063 The host is installed with Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which improperly accesses objects in memory. Successful exploitation could allow attackers to execute arbitrary code or cause a denial of service ... oval:org.secpod.oval:def:21868 The host is installed with Internet Explorer 8, 9, 10 or 11 and is prone to an XSS filter bypass vulnerability. A flaw is present in the application, which fails to handle a specially crafted content. An attacker who successfully exploited this vulnerability could cause script code to run on another ... oval:org.secpod.oval:def:21869 The host is installed with Internet Explorer 11 and is prone to an ASLR bypass vulnerability. A flaw is present in the application, which does not use the Address Space Layout Randomization (ASLR) security feature, allowing an attacker to more reliably predict the memory offsets of specific instruct ... oval:org.secpod.oval:def:21866 The host is installed with Internet Explorer 6, 7 or 8 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle a crafted website. Successful exploitation could allow attackers to gain the same user rights as the current user. oval:org.secpod.oval:def:21867 The host is installed with Internet Explorer 8, 9, 10 or 11 and is prone to an XSS filter bypass vulnerability. A flaw is present in the application, which fails to handle a specially crafted content. An attacker who successfully exploited this vulnerability could cause script code to run on another ... oval:org.secpod.oval:def:21864 The host is installed with Internet Explorer 8 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle a crafted website. Successful exploitation could allow attackers to gain the same user rights as the current user. oval:org.secpod.oval:def:21865 The host is installed with Internet Explorer 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle a crafted website. Successful exploitation could allow attackers to gain the same user rights as the current user. oval:org.secpod.oval:def:21862 The host is installed with Internet Explorer 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle a crafted website. Successful exploitation could allow attackers to gain the same user rights as the current user. oval:org.secpod.oval:def:21863 The host is installed with Internet Explorer 10 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle a crafted website. Successful exploitation could allow attackers to gain the same user rights as the current user. oval:org.secpod.oval:def:21870 The host is installed with VBScript engine 5.6, 5.7 or 5.8 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle a crafted website. Successful exploitation could allow attackers to gain the same user rights as the current user. oval:org.secpod.oval:def:21857 The host is installed with Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle a crafted website. Successful exploitation could allow attackers to gain the same user rights as the current user. oval:org.secpod.oval:def:21858 The host is installed with Internet Explorer 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle a crafted website. Successful exploitation could allow attackers to gain the same user rights as the current user. oval:org.secpod.oval:def:21859 The host is installed with Internet Explorer 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle a crafted website. Successful exploitation could allow attackers to gain the same user rights as the current user. oval:org.secpod.oval:def:21860 The host is installed with Internet Explorer 9 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle a crafted website. Successful exploitation could allow attackers to gain the same user rights as the current user. oval:org.secpod.oval:def:23499 The host is installed with Internet Explorer 8 or 9 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle objects in memory. Successful exploitation could allow attackers to gain the same user rights as the current user. oval:org.secpod.oval:def:23508 The host is installed with Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle objects in memory. Successful exploitation could allow attackers to gain the same user rights as the current user. oval:org.secpod.oval:def:23507 The host is installed with Internet Explorer 10 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle objects in memory. Successful exploitation could allow attackers to gain the same user rights as the current user. oval:org.secpod.oval:def:23506 The host is installed with Internet Explorer 10 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle objects in memory. Successful exploitation could allow attackers to gain the same user rights as the current user. oval:org.secpod.oval:def:23505 The host is installed with Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle objects in memory. Successful exploitation could allow attackers to gain the same user rights as the current user. oval:org.secpod.oval:def:23504 The host is installed with Internet Explorer 6, 7, 8, 9 or 10 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle objects in memory. Successful exploitation could allow attackers to gain the same user rights as the current user. oval:org.secpod.oval:def:23503 The host is installed with Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle objects in memory. Successful exploitation could allow attackers to gain the same user rights as the current user. oval:org.secpod.oval:def:23502 The host is installed with Internet Explorer 9 or 10 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle objects in memory. Successful exploitation could allow attackers to gain the same user rights as the current user. oval:org.secpod.oval:def:23501 The host is installed with Internet Explorer 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle objects in memory. Successful exploitation could allow attackers to gain the same user rights as the current user. oval:org.secpod.oval:def:23509 The host is installed with Internet Explorer 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle objects in memory. Successful exploitation could allow attackers to gain the same user rights as the current user. oval:org.secpod.oval:def:23511 The host is installed with Internet Explorer 6 or 8 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle objects in memory. Successful exploitation could allow attackers to gain the same user rights as the current user. oval:org.secpod.oval:def:23510 The host is installed with Internet Explorer 9 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle objects in memory. Successful exploitation could allow attackers to gain the same user rights as the current user. oval:org.secpod.oval:def:23500 The host is installed with Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle objects in memory. Successful exploitation could allow attackers to gain the same user rights as the current user. oval:org.secpod.oval:def:23539 The host is installed with Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to a cross-domain information disclosure vulnerability. A flaw is present in the application, which does not properly enforce cross-domain policies. Successful exploitation could allow an attacker to gain access to inform ... oval:org.secpod.oval:def:23538 The host is installed with Internet Explorer 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to use the Address Space Layout Randomization (ASLR) security feature, allowing an attacker to more reliably predict the memory offsets of spe ... oval:org.secpod.oval:def:23537 The host is installed with Internet Explorer 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to use the Address Space Layout Randomization (ASLR) security feature, allowing an attacker to more reliably predict the memory offsets of specif ... oval:org.secpod.oval:def:23536 The host is installed with Internet Explorer 8 and is prone to an ASLR bypass vulnerability. A flaw is present in the application, which fails to use the Address Space Layout Randomization (ASLR) security feature, allowing an attacker to more reliably predict the memory offsets of specific instructi ... oval:org.secpod.oval:def:23535 The host is installed with Internet Explorer 10 or 11 and is prone to an elevation of privilege vulnerability. A flaw is present in the application, which does not properly validate permissions under specific conditions, potentially allowing script to be run with elevated privileges. Successful expl ... oval:org.secpod.oval:def:23534 The host is installed with Internet Explorer 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which does not properly validate permissions under specific conditions, potentially allowing script to be run with elevated privileges. Successful e ... oval:org.secpod.oval:def:23529 The host is installed with Internet Explorer 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle objects in memory. Successful exploitation could allow attackers to gain the same user rights as the current user. oval:org.secpod.oval:def:23528 The host is installed with Internet Explorer 8 or 9 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle objects in memory. Successful exploitation could allow attackers to gain the same user rights as the current user. oval:org.secpod.oval:def:23527 The host is installed with Internet Explorer 8 or 10 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle a crafted website. Successful exploitation could allow attackers to gain the same user rights as the current user. oval:org.secpod.oval:def:23526 The host is installed with Internet Explorer 9 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle objects in memory. Successful exploitation could allow attackers to gain the same user rights as the current user. oval:org.secpod.oval:def:23525 The host is installed with Internet Explorer 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle objects in memory. Successful exploitation could allow attackers to gain the same user rights as the current user. oval:org.secpod.oval:def:23524 The host is installed with Internet Explorer 6, 7 or 8 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle objects in memory. Successful exploitation could allow attackers to gain the same user rights as the current user. oval:org.secpod.oval:def:23523 The host is installed with Internet Explorer 8 or 9 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle objects in memory. Successful exploitation could allow attackers to gain the same user rights as the current user. oval:org.secpod.oval:def:23533 The host is installed with Internet Explorer 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle objects in memory. Successful exploitation could allow attackers to gain the same user rights as the current user. oval:org.secpod.oval:def:23532 The host is installed with Internet Explorer 6, 7, 8 or 9 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle objects in memory. Successful exploitation could allow attackers to gain the same user rights as the current user. oval:org.secpod.oval:def:23531 The host is installed with Internet Explorer 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle objects in memory. Successful exploitation could allow attackers to gain the same user rights as the current user. oval:org.secpod.oval:def:23530 The host is installed with Internet Explorer 6, 7 or 8 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle objects in memory. Successful exploitation could allow attackers to gain the same user rights as the current user. oval:org.secpod.oval:def:23519 The host is installed with Internet Explorer 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle objects in memory. Successful exploitation could allow attackers to gain the same user rights as the current user. oval:org.secpod.oval:def:23518 The host is installed with Internet Explorer 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle objects in memory. Successful exploitation could allow attackers to gain the same user rights as the current user. oval:org.secpod.oval:def:23517 The host is installed with Internet Explorer 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle objects in memory. Successful exploitation could allow attackers to gain the same user rights as the current user. oval:org.secpod.oval:def:23516 The host is installed with Internet Explorer 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle objects in memory. Successful exploitation could allow attackers to gain the same user rights as the current user. oval:org.secpod.oval:def:23515 The host is installed with Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle objects in memory. Successful exploitation could allow attackers to gain the same user rights as the current user. oval:org.secpod.oval:def:23514 The host is installed with Internet Explorer 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle objects in memory. Successful exploitation could allow attackers to gain the same user rights as the current user. oval:org.secpod.oval:def:23513 The host is installed with Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle objects in memory. Successful exploitation could allow attackers to gain the same user rights as the current user. oval:org.secpod.oval:def:23512 The host is installed with Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle objects in memory. Successful exploitation could allow attackers to gain the same user rights as the current user. oval:org.secpod.oval:def:23522 The host is installed with Internet Explorer 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle objects in memory. Successful exploitation could allow attackers to gain the same user rights as the current user. oval:org.secpod.oval:def:23521 The host is installed with Internet Explorer 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle objects in memory. Successful exploitation could allow attackers to gain the same user rights as the current user. oval:org.secpod.oval:def:23520 The host is installed with Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle objects in memory. Successful exploitation could allow attackers to gain the same user rights as the current user. oval:org.secpod.oval:def:23788 The host is installed with Internet Explorer 7, 8, 9, 10 or 11 and is prone to an elevation of privilege vulnerability. A flaw is present in the application, which does not properly enforce cross-domain policies. Successful exploitation could allow attackers to access information from one domain and ... oval:org.secpod.oval:def:23787 The host is installed with Internet Explorer 9, 10 or 11 and is prone to an elevation of privilege vulnerability. A flaw is present in the application, which does not properly enforce cross-domain policies. Successful exploitation could allow attackers to access information from one domain and injec ... oval:org.secpod.oval:def:23790 The host is installed with VBScript engine 5.6, 5.7 or 5.8 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle a crafted website. Successful exploitation could allow attackers to gain the same user rights as the current user. oval:org.secpod.oval:def:23779 The host is installed with Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle objects in memory. Successful exploitation could allow attackers to gain the same user rights as the current user. oval:org.secpod.oval:def:23778 The host is installed with Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle objects in memory. Successful exploitation could allow attackers to gain the same user rights as the current user. oval:org.secpod.oval:def:23786 The host is installed with Internet Explorer 10 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle objects in memory. Successful exploitation could allow attackers to gain the same user rights as the current user. oval:org.secpod.oval:def:23785 The host is installed with Internet Explorer 8 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle objects in memory. Successful exploitation could allow attackers to gain the same user rights as the current user. oval:org.secpod.oval:def:23784 The host is installed with Internet Explorer 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle objects in memory. Successful exploitation could allow attackers to gain the same user rights as the current user. oval:org.secpod.oval:def:23783 The host is installed with Internet Explorer 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle objects in memory. Successful exploitation could allow attackers to gain the same user rights as the current user. oval:org.secpod.oval:def:23782 The host is installed with Internet Explorer 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle objects in memory. Successful exploitation could allow attackers to gain the same user rights as the current user. oval:org.secpod.oval:def:23781 The host is installed with Internet Explorer 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle objects in memory. Successful exploitation could allow attackers to gain the same user rights as the current user. oval:org.secpod.oval:def:23780 The host is installed with Internet Explorer 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle objects in memory. Successful exploitation could allow attackers to gain the same user rights as the current user. oval:org.secpod.oval:def:24098 The host is installed with Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to an ASLR bypass vulnerability. A flaw is present in the application, which does not use the Address Space Layout Randomization (ASLR) security feature. Successful exploitation could allow attackers to bypass the Address ... oval:org.secpod.oval:def:24090 The host is installed with Internet Explorer 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle objects in memory. Successful exploitation could allow attackers to gain the same user rights as the current user. oval:org.secpod.oval:def:24091 The host is installed with Internet Explorer 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle objects in memory. Successful exploitation could allow attackers to gain the same user rights as the current user. oval:org.secpod.oval:def:24092 The host is installed with Internet Explorer 9 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle objects in memory. Successful exploitation could allow attackers to gain the same user rights as the current user. oval:org.secpod.oval:def:24093 The host is installed with Internet Explorer 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle objects in memory. Successful exploitation could allow attackers to gain the same user rights as the current user. oval:org.secpod.oval:def:24094 The host is installed with Internet Explorer 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle objects in memory. Successful exploitation could allow attackers to gain the same user rights as the current user. oval:org.secpod.oval:def:24095 The host is installed with Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle objects in memory. Successful exploitation could allow attackers to gain the same user rights as the current user. oval:org.secpod.oval:def:24096 The host is installed with Internet Explorer 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle objects in memory. Successful exploitation could allow attackers to gain the same user rights as the current user. oval:org.secpod.oval:def:24097 The host is installed with Internet Explorer 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle objects in memory. Successful exploitation could allow attackers to gain the same user rights as the current user. oval:org.secpod.oval:def:24089 The host is installed with Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle objects in memory. Successful exploitation could allow attackers to gain the same user rights as the current user. oval:org.secpod.oval:def:24315 The host is installed with Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which improperly accesses objects in memory. Successful exploitation could allow attackers to execute arbitrary code in the context of the curren ... oval:org.secpod.oval:def:24316 The host is installed with Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which improperly accesses objects in memory. Successful exploitation could allow attackers to execute arbitrary code in the context of the curren ... oval:org.secpod.oval:def:24317 The host is installed with Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to an elevation of privilege vulnerability. A flaw is present in the application, which does not properly validate permissions under specific conditions. Successful exploitation could allow attackers to elevate privileges ... oval:org.secpod.oval:def:24318 The host is installed with Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which improperly accesses objects in memory. Successful exploitation could allow attackers to execute arbitrary code in the context of the curren ... oval:org.secpod.oval:def:24319 The host is installed with Internet Explorer 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which improperly accesses objects in memory. Successful exploitation could allow attackers to execute arbitrary code in the context of the current user. oval:org.secpod.oval:def:24320 The host is installed with Internet Explorer 11 and is prone to security feature bypass vulnerability. A flaw is present in the application, which fails to use the Address Space Layout Randomization (ASLR) security feature, allowing an attacker to more reliably predict the memory offsets of specific ... oval:org.secpod.oval:def:24337 The host is installed with JScript and Vbscript 5.6 or 5.7 or 5.8 scripting engines and is prone to ASLR bypass vulnerability. A flaw is present in the application, which fails to handle a crafted website. Successful exploitation could allow attackers to execute remote code on a target system. oval:org.secpod.oval:def:24329 The host is installed with Internet Explorer 8 or 9 and is prone to a memory corruption vulnerability. A flaw is present in the application, which improperly accesses objects in memory. Successful exploitation could allow attackers to execute arbitrary code in the context of the current user. oval:org.secpod.oval:def:24330 The host is installed with Internet Explorer 8 or 9 and is prone to a memory corruption vulnerability. A flaw is present in the application, which improperly accesses objects in memory. Successful exploitation could allow attackers to execute arbitrary code in the context of the current user. oval:org.secpod.oval:def:24332 The host is installed with Internet Explorer 8 or 9 and is prone to a memory corruption vulnerability. A flaw is present in the application, which improperly accesses objects in memory. Successful exploitation could allow attackers to execute arbitrary code in the context of the current user. oval:org.secpod.oval:def:24336 The host is installed with VBScript engine 5.6, 5.7 or 5.8 and is prone to a ASLR vulnerability. A flaw is present in the application, which fails to handle a crafted website. Successful exploitation could allow attackers to execute remote code on a target system. oval:org.secpod.oval:def:24321 The host is installed with Internet Explorer 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which improperly accesses objects in memory. Successful exploitation could allow attackers to execute arbitrary code in the context of the current user. oval:org.secpod.oval:def:24322 The host is installed with Internet Explorer 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which improperly accesses objects in memory. Successful exploitation could allow attackers to execute arbitrary code in the context of the current user. oval:org.secpod.oval:def:24323 The host is installed with Internet Explorer 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which improperly accesses objects in memory. Successful exploitation could allow attackers to execute arbitrary code in the context of the current user. oval:org.secpod.oval:def:24324 The host is installed with Internet Explorer 11 and is prone to an elevation of privilege vulnerability. A flaw is present in the application, which does not properly validate permissions under specific conditions. Successful exploitation could allow attackers to elevate privileges in affected versi ... oval:org.secpod.oval:def:24325 The host is installed with Internet Explorer 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which improperly accesses objects in memory. Successful exploitation could allow attackers to execute arbitrary code in the context of the current u ... oval:org.secpod.oval:def:24326 The host is installed with Internet Explorer 7, 8, 9, 10 or 11 and is prone to a information disclosure vulnerability. A flaw is present in the application, which does not properly restrict access to the clipboard of a user who visits a website. Successful exploitation could allow attackers to colle ... oval:org.secpod.oval:def:24327 The host is installed with Internet Explorer 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which improperly accesses objects in memory. Successful exploitation could allow attackers to execute arbitrary code in the context of the current u ... oval:org.secpod.oval:def:24328 The host is installed with Internet Explorer 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which improperly accesses objects in memory. Successful exploitation could allow attackers to execute arbitrary code in the context of the current user. oval:org.secpod.oval:def:24331 The host is installed with Internet Explorer 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which improperly accesses objects in memory. Successful exploitation could allow attackers to execute arbitrary code in the context of the current user ... oval:org.secpod.oval:def:24333 The host is installed with Internet Explorer 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which improperly accesses objects in memory. Successful exploitation could allow attackers to execute arbitrary code in the context of the current user. oval:org.secpod.oval:def:24334 The host is installed with Internet Explorer 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which improperly accesses objects in memory. Successful exploitation could allow attackers to execute arbitrary code in the context of the current u ... oval:org.secpod.oval:def:25374 The host is installed with Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which improperly accesses objects in memory. Successful exploitation could allow attackers to execute arbitrary code in the context of the curren ... oval:org.secpod.oval:def:25375 The host is installed with Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which improperly accesses objects in memory. Successful exploitation could allow attackers to execute arbitrary code in the context of the curren ... oval:org.secpod.oval:def:25376 The host is installed with Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which improperly accesses objects in memory. Successful exploitation could allow attackers to execute arbitrary code in the context of the curren ... oval:org.secpod.oval:def:25377 The host is installed with Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which improperly accesses objects in memory. Successful exploitation could allow attackers to execute arbitrary code in the context of the curren ... oval:org.secpod.oval:def:25378 The host is installed with Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which improperly accesses objects in memory. Successful exploitation could allow attackers to execute arbitrary code in the context of the curren ... oval:org.secpod.oval:def:25379 The host is installed with Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which improperly accesses objects in memory. Successful exploitation could allow attackers to execute arbitrary code in the context of the curren ... oval:org.secpod.oval:def:25396 The host is installed with Internet Explorer 9 and is prone to a memory corruption vulnerability. A flaw is present in the application, which improperly accesses objects in memory. Successful exploitation could allow attackers to execute arbitrary code in the context of the current user. oval:org.secpod.oval:def:25397 The host is installed with Internet Explorer 8 and is prone to a memory corruption vulnerability. A flaw is present in the application, which improperly accesses objects in memory. Successful exploitation could allow attackers to execute arbitrary code in the context of the current user. oval:org.secpod.oval:def:25398 The host is installed with Internet Explorer 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which improperly accesses objects in memory. Successful exploitation could allow attackers to execute arbitrary code in the context of the current user. oval:org.secpod.oval:def:25399 The host is installed with Internet Explorer 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which improperly accesses objects in memory. Successful exploitation could allow attackers to execute arbitrary code in the context of the current user. oval:org.secpod.oval:def:25390 The host is installed with Internet Explorer 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which improperly accesses objects in memory. Successful exploitation could allow attackers to execute arbitrary code in the context of the current user. oval:org.secpod.oval:def:25391 The host is installed with Internet Explorer 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which improperly accesses objects in memory. Successful exploitation could allow attackers to execute arbitrary code in the context of the current user. oval:org.secpod.oval:def:25392 The host is installed with Internet Explorer 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which improperly accesses objects in memory. Successful exploitation could allow attackers to execute arbitrary code in the context of the current user. oval:org.secpod.oval:def:25393 The host is installed with Internet Explorer 10 or 11 and is prone to a jscript9 memory corruption vulnerability. A flaw is present in the application, which improperly handles objects in memory. Successful exploitation could allow attackers to execute arbitrary code in the context of the current us ... oval:org.secpod.oval:def:25394 The host is installed with Internet Explorer 8 or 9 and is prone to a memory corruption vulnerability. A flaw is present in the application, which improperly accesses objects in memory. Successful exploitation could allow attackers to execute arbitrary code in the context of the current user. oval:org.secpod.oval:def:25395 The host is installed with Internet Explorer 8 or 9 and is prone to a memory corruption vulnerability. A flaw is present in the application, which improperly accesses objects in memory. Successful exploitation could allow attackers to execute arbitrary code in the context of the current user. oval:org.secpod.oval:def:25385 The host is installed with Internet Explorer 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which improperly accesses objects in memory. Successful exploitation could allow attackers to execute arbitrary code in the context of the current user. oval:org.secpod.oval:def:25386 The host is installed with Internet Explorer 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which improperly accesses objects in memory. Successful exploitation could allow attackers to execute arbitrary code in the context of the current user. oval:org.secpod.oval:def:25387 The host is installed with Internet Explorer 8, 9, 10 or 11 and is prone to a XSS filter bypass vulnerability. A flaw is present in the application, which fails to handle a specially crafted content. Successful exploitation could allow malicious script to run in the wrong security context, leading t ... oval:org.secpod.oval:def:25388 The host is installed with Internet Explorer 8, 9, 10 or 11 and is prone to an information disclosure vulnerability. A flaw is present in the application, which does not properly handle cached image information. Successful exploitation could allow attackers to gain access to information about the us ... oval:org.secpod.oval:def:25389 The host is installed with Internet Explorer 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which improperly accesses objects in memory. Successful exploitation could allow attackers to execute arbitrary code in the context of the current user ... oval:org.secpod.oval:def:25380 The host is installed with Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to an information disclosure vulnerability. A flaw is present in the application, which does not properly handle requests for module resources. Successful exploitation could allow attackers to detect the existence of spec ... oval:org.secpod.oval:def:25381 The host is installed with Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to an ASLR bypass vulnerability. A flaw is present in the application, which fails to handle the memory offsets of specific instructions in a given call stack. An attacker who successfully exploited this vulnerability cou ... oval:org.secpod.oval:def:25382 The host is installed with Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which improperly accesses objects in memory. Successful exploitation could allow attackers to execute arbitrary code in the context of the curren ... oval:org.secpod.oval:def:25383 The host is installed with Internet Explorer 9, 10 or 11 and is prone to an information disclosure vulnerability. A flaw is present in the application, which does not properly enforce cross-domain policies. Successful exploitation could allow attackers to gain access to information in another domain ... oval:org.secpod.oval:def:25384 The host is installed with Internet Explorer 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which improperly accesses objects in memory. Successful exploitation could allow attackers to execute arbitrary code in the context of the current user. oval:org.secpod.oval:def:25400 The host is installed with Internet Explorer 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which improperly accesses objects in memory. Successful exploitation could allow attackers to execute arbitrary code in the context of the current user. oval:org.secpod.oval:def:25401 The host is installed with Internet Explorer 7, 8, 9, 10 or 11 and is prone to an elevation of privilege Vulnerability. A flaw is present in the application, which does not properly validate permissions under specific conditions. An attacker who successfully exploited the vulnerability could elevate ... oval:org.secpod.oval:def:25402 The host is installed with Vbscript 5.6 or 5.7 or 5.8 scripting engines and is prone to memory corruption vulnerability. A flaw is present in the application, which fails to handle objects in memory. Successful exploitation could allow attackers to execute remote code on a target system. oval:org.secpod.oval:def:25833 The host is installed with Internet Explorer 9 or 10 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly access an object in memory. Successful exploitation could allow attackers to execute arbitrary code in the context of the current user ... oval:org.secpod.oval:def:25834 The host is installed with Internet Explorer 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly access an object in memory. Successful exploitation could allow attackers to execute arbitrary code in the context of the current ... oval:org.secpod.oval:def:25835 The host is installed with Internet Explorer 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly access an object in memory. Successful exploitation could allow attackers to execute arbitrary code in the context of the current ... oval:org.secpod.oval:def:25826 The host is installed with Internet Explorer 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle crafted data. Successful exploitation could allow attackers to execute arbitrary code. oval:org.secpod.oval:def:25828 The host is installed with Internet Explorer 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly access an object in memory. Successful exploitation could allow attackers to execute arbitrary code in the context of the current use ... oval:org.secpod.oval:def:25829 The host is installed with Internet Explorer 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly access an object in memory. Successful exploitation could allow attackers to execute arbitrary code in the context of the curre ... oval:org.secpod.oval:def:25830 The host is installed with Internet Explorer 10 and is prone to an ASLR bypass vulnerability. A flaw is present in the application, which fails to properly use ASLR security feature. Successful exploitation could allow attackers to bypass the Address Space Layout Randomization. oval:org.secpod.oval:def:25832 The host is installed with Internet Explorer 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly access an object in memory. Successful exploitation could allow attackers to execute arbitrary code in the context of the current user. oval:org.secpod.oval:def:26511 The host is installed with Internet Explorer 10 or 11 and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to properly handle objects in memory. Successful exploitation could allow attackers to execute arbitrary code in the context of the current ... oval:org.secpod.oval:def:26514 The host is installed with Internet Explorer 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly access objects in memory. Successful exploitation could allow attackers to execute arbitrary code in the context of the curr ... oval:org.secpod.oval:def:26515 The host is installed with Internet Explorer 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly access objects in memory. Successful exploitation could allow attackers to execute arbitrary code in the context of the curr ... oval:org.secpod.oval:def:26518 The host is installed with Internet Explorer 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly access objects in memory. Successful exploitation could allow attackers to execute arbitrary code in the context of the currently ... oval:org.secpod.oval:def:26517 The host is installed with Internet Explorer 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly access objects in memory. Successful exploitation could allow attackers to execute arbitrary code in the context of the currently ... oval:org.secpod.oval:def:31005 The host is installed with Internet Explorer 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly access objects in memory. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user. oval:org.secpod.oval:def:31743 The host is installed with Internet Explorer 9, 10 or 11 and is prone to a XSS filter bypass vulnerability. A flaw is present in the application, which does not properly enforce cross-domain policies. An attacker who successfully exploited this vulnerability could elevate privileges in affected vers ... oval:org.secpod.oval:def:31733 The host is installed with Internet Explorer 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly access objects in memory. An attacker who successfully exploited these vulnerabilities could gain the same user rights as th ... oval:org.secpod.oval:def:31727 The host is installed with Internet Explorer 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly access objects in memory. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user. oval:org.secpod.oval:def:32905 The host is installed with Internet Explorer 10 or 11 and is prone to a remote code execution vulnerability. A flaw is present in the application, which fails to properly handle inputs before loading dynamic link library (DLL) files. Successfully exploitation allows remote attackers to take control ... oval:org.secpod.oval:def:33258 The host is installed with Internet Explorer 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which improperly accesses objects in memory. Successfully exploitation can corrupt memory in such a way that an attacker could execute arbitrary code in the contex ... oval:org.secpod.oval:def:33256 The host is installed with Internet Explorer 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which improperly accesses objects in memory. Successfully exploitation can corrupt memory in such a way that an attacker could execute arbitrary code in the contex ... oval:org.secpod.oval:def:33248 The host is installed with Internet Explorer 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which improperly accesses objects in memory. Successfully exploitation can corrupt memory in such a way that an attacker could execute arbitrary code in the contex ... oval:org.secpod.oval:def:33249 The host is installed with Internet Explorer 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which improperly accesses objects in memory. Successfully exploitation can corrupt memory in such a way that an attacker could execute arbitrary code in t ... oval:org.secpod.oval:def:33807 The host is installed with Internet Explorer 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which improperly accesses objects in memory. Successfully exploitation can corrupt memory in such a way that an attacker could execute arbitrary code in the ... oval:org.secpod.oval:def:38310 The host is installed with Internet Explorer 9, 10 or 11 is prone to an information disclosure vulnerability. A flaw is present in the hyperlink object library, which improperly handles objects in memory. Successful exploitation could allow attackers to obtain information to further compromise a tar ... oval:org.secpod.oval:def:38312 The host is installed with Internet Explorer 10, 11 and is prone to an information disclosure vulnerability. A flaw is present in the applications, which improperly handles objects in memory. Successful exploitation could allow attackers to obtain information to further compromise a target system. oval:org.secpod.oval:def:20801 The host is installed with Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application , which fails to properly access objects in memory. Successful exploitation could allow attackers to execute arbitrary code. oval:org.secpod.oval:def:20802 The host is installed with Internet Explorer 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application , which fails to properly access objects in memory. Successful exploitation could allow attackers to execute arbitrary code. oval:org.secpod.oval:def:20800 The host is installed with Internet Explorer 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application , which fails to properly access objects in memory. Successful exploitation could allow attackers to execute arbitrary code. oval:org.secpod.oval:def:20799 The host is installed with Internet Explorer 11 and is prone to a memory corruption vulnerability. A flaw is present in the application , which fails to properly access objects in memory. Successful exploitation could allow attackers to execute arbitrary code. oval:org.secpod.oval:def:20797 The host is installed with Internet Explorer 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application , which fails to properly access objects in memory. Successful exploitation could allow attackers to execute arbitrary code. oval:org.secpod.oval:def:20795 The host is installed with Internet Explorer 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application , which fails to properly access objects in memory. Successful exploitation could allow attackers to execute arbitrary code. oval:org.secpod.oval:def:20788 The host is installed with Internet Explorer 11 and is prone to a memory corruption vulnerability. A flaw is present in the application , which fails to properly access objects in memory. Successful exploitation could allow attackers to execute arbitrary code. oval:org.secpod.oval:def:20789 The host is installed with Internet Explorer 11 and is prone to a memory corruption vulnerability. A flaw is present in the application , which fails to properly access objects in memory. Successful exploitation could allow attackers to execute arbitrary code. oval:org.secpod.oval:def:20786 The host is installed with Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application , which fails to properly access objects in memory. Successful exploitation could allow attackers to execute arbitrary code. oval:org.secpod.oval:def:20785 The host is installed with Internet Explorer 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application , which fails to properly access objects in memory. Successful exploitation could allow attackers to execute arbitrary code. oval:org.secpod.oval:def:20793 The host is installed with Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application , which fails to properly access objects in memory. Successful exploitation could allow attackers to execute arbitrary code. oval:org.secpod.oval:def:20794 The host is installed with Internet Explorer 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application , which fails to properly access objects in memory. Successful exploitation could allow attackers to execute arbitrary code. oval:org.secpod.oval:def:20791 The host is installed with Internet Explorer 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application , which fails to properly access objects in memory. Successful exploitation could allow attackers to execute arbitrary code. oval:org.secpod.oval:def:20792 The host is installed with Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application , which fails to properly access objects in memory. Successful exploitation could allow attackers to execute arbitrary code. oval:org.secpod.oval:def:20779 The host is installed with Internet Explorer 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application , which fails to properly access objects in memory. Successful exploitation could allow attackers to execute arbitrary code. oval:org.secpod.oval:def:20777 The host is installed with Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application , which fails to properly access objects in memory. Successful exploitation could allow attackers to execute arbitrary code. oval:org.secpod.oval:def:20778 The host is installed with Internet Explorer 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application , which fails to properly access objects in memory. Successful exploitation could allow attackers to execute arbitrary code. oval:org.secpod.oval:def:20782 The host is installed with Internet Explorer 11 and is prone to a memory corruption vulnerability. A flaw is present in the application , which fails to properly access objects in memory. Successful exploitation could allow attackers to execute arbitrary code. oval:org.secpod.oval:def:20783 The host is installed with Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application , which fails to properly access objects in memory. Successful exploitation could allow attackers to execute arbitrary code. oval:org.secpod.oval:def:20780 The host is installed with Internet Explorer 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application , which fails to properly access objects in memory. Successful exploitation could allow attackers to execute arbitrary code. oval:org.secpod.oval:def:20781 The host is installed with Internet Explorer 11 and is prone to a memory corruption vulnerability. A flaw is present in the application , which fails to properly access objects in memory. Successful exploitation could allow attackers to execute arbitrary code. oval:org.secpod.oval:def:42315 A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability c ... oval:org.secpod.oval:def:42337 A remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory. The vulnerability could corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerabilit ... oval:org.secpod.oval:def:42721 An information disclosure vulnerability exists in the way that the Microsoft Windows Embedded OpenType (EOT) font engine parses specially crafted embedded fonts. An attacker who successfully exploited this vulnerability could potentially read data that was not intended to be disclosed. Note that thi ... oval:org.secpod.oval:def:42720 An information disclosure vulnerability exists in the way that the Microsoft Windows Embedded OpenType (EOT) font engine parses specially crafted embedded fonts. An attacker who successfully exploited this vulnerability could potentially read data that was not intended to be disclosed. Note that thi ... oval:org.secpod.oval:def:42727 A Win32k information disclosure vulnerability exists when the Windows GDI component improperly discloses kernel memory addresses. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. To exploit this vulnerability, an attacker woul ... oval:org.secpod.oval:def:42001 An information disclosure vulnerability exists when the Windows GDI+ component improperly discloses kernel memory addresses. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. To exploit this vulnerability, an attacker would hav ... oval:org.secpod.oval:def:42005 A information disclosure vulnerability exists when the Windows GDI+ component improperly discloses kernel memory addresses. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. To exploit this vulnerability, an attacker would have ... oval:org.secpod.oval:def:42004 A information disclosure vulnerability exists when the Windows GDI+ component improperly discloses kernel memory addresses. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. To exploit this vulnerability, an attacker would have ... oval:org.secpod.oval:def:42017 An information disclosure vulnerability exists in the Microsoft Common Console Document (.msc) when it improperly parses XML input containing a reference to an external entity. An attacker who successfully exploited this vulnerability could read arbitrary files via an XML external entity (XXE) decla ... oval:org.secpod.oval:def:43874 An information disclosure vulnerability exists in the way that the Microsoft Windows Embedded OpenType (EOT) font engine parses specially crafted embedded fonts. An attacker who successfully exploited this vulnerability could potentially read data that was not intended to be disclosed. Note that whi ... oval:org.secpod.oval:def:43849 An information disclosure vulnerability exists in the way that the Microsoft Windows Embedded OpenType (EOT) font engine parses specially crafted embedded fonts. An attacker who successfully exploited this vulnerability could potentially read data that was not intended to be disclosed. Note that whi ... oval:org.secpod.oval:def:43853 An information disclosure vulnerability exists in the way that the Microsoft Windows Embedded OpenType (EOT) font engine parses specially crafted embedded fonts. An attacker who successfully exploited this vulnerability could potentially read data that was not intended to be disclosed. Note that whi ... oval:org.secpod.oval:def:43852 An information disclosure vulnerability exists in the way that the Microsoft Windows Embedded OpenType (EOT) font engine parses specially crafted embedded fonts. An attacker who successfully exploited this vulnerability could potentially read data that was not intended to be disclosed. Note that whi ... oval:org.secpod.oval:def:43855 An information disclosure vulnerability exists when the Windows kernel fails to properly initialize a memory address. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. To exploit this vulnerability, an attacker would have to l ... oval:org.secpod.oval:def:44608 An elevation of privilege vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete da ... oval:org.secpod.oval:def:45373 An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or ... oval:org.secpod.oval:def:46002 A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability c ... oval:org.secpod.oval:def:46027 An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new a ... oval:org.secpod.oval:def:47131 A remote code execution vulnerability exists in Microsoft Windows that could allow remote code execution if a .LNK file is processed. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user r ... oval:org.secpod.oval:def:47135 A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delet ... oval:org.secpod.oval:def:47134 An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit ... oval:org.secpod.oval:def:47142 An elevation of privilege vulnerability exists in the Network Driver Interface Specification (NDIS) when ndis.sys fails to check the length of a buffer prior to copying memory to it. To exploit the vulnerability, in a local attack scenario, an attacker could run a specially crafted application to e ... oval:org.secpod.oval:def:49090 A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability c ... oval:org.secpod.oval:def:47442 An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit t ... oval:org.secpod.oval:def:47435 An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. To exploit this vulnerability, an attacker would have to log on to a ... oval:org.secpod.oval:def:50739 An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. An authenticated attacker could exploit this vulnerability by runnin ... oval:org.secpod.oval:def:50741 An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit t ... oval:org.secpod.oval:def:51406 An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or ... oval:org.secpod.oval:def:54703 A remote code execution vulnerability exists in Remote Desktop Services formerly known as Terminal Services when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests. This vulnerability is pre-authentication and requires no user interaction. An a ... oval:org.secpod.oval:def:55386 An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or ... oval:org.secpod.oval:def:55387 An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system.There are multiple ways an attacker could exploit th ... oval:org.secpod.oval:def:55390 An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system.There are multiple ways an attacker could exploit th ... oval:org.secpod.oval:def:55393 A remote code execution vulnerability exists when the Microsoft Speech API (SAPI) improperly handles text-to-speech (TTS) input. The vulnerability could corrupt memory in a way that enables an attacker to execute arbitrary code in the context of the current user.To exploit the vulnerability, an atta ... oval:org.secpod.oval:def:55399 An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system.There are multiple ways an attacker could exploit th ... oval:org.secpod.oval:def:55397 An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system.There are multiple ways an attacker could exploit th ... oval:org.secpod.oval:def:55403 An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system.There are multiple ways an attacker could exploit th ... oval:org.secpod.oval:def:55404 An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system.There are multiple ways an attacker could exploit th ... oval:org.secpod.oval:def:55401 An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system.There are multiple ways an attacker could exploit th ... oval:org.secpod.oval:def:58493 An information disclosure vulnerability exists in the way that Microsoft Graphics Components handle objects in memory. An attacker who successfully exploited the vulnerability could obtain information that could be useful for further exploitation.To exploit the vulnerability, a user would have to op ... oval:org.secpod.oval:def:58494 An elevation of privilege vulnerability exists when DirectX improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full ... oval:org.secpod.oval:def:55421 An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system.There are multiple ways an attacker could exploit th ... oval:org.secpod.oval:def:55422 An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system.There are multiple ways an attacker could exploit th ... oval:org.secpod.oval:def:55420 An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system.There are multiple ways an attacker could exploit th ... oval:org.secpod.oval:def:59872 An information disclosure vulnerability exists when the win32k component improperly provides kernel information. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system.To exploit this vulnerability, an attacker would have to log on to ... oval:org.secpod.oval:def:1741 The host is missing an important security update according to Microsoft security bulletin, MS11-056. The update is required to fix elevation of privilege vulnerability in Windows Client/Server Run-time Subsystem. The flaw is present in Client/Server Run-time Subsystem (CSRSS), which fails to restric ... oval:org.secpod.oval:def:39758 A remote code execution vulnerability exists in the way that Microsoft Office and WordPad parse specially crafted files. An attacker who successfully exploited this vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or creat ... oval:org.secpod.oval:def:59880 An information disclosure vulnerability exists in Windows Media Player when it fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could potentially read data that was not intended to be disclosed.To exploit this vulnerability, an attacker would have ... oval:org.secpod.oval:def:59881 An information disclosure vulnerability exists in Windows Media Player when it fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could potentially read data that was not intended to be disclosed.To exploit this vulnerability, an attacker would have ... oval:org.secpod.oval:def:59879 An elevation of privilege vulnerability exists when Windows improperly handles COM object creation. An attacker who successfully exploited the vulnerability could run arbitrary code with elevated privileges.To exploit this vulnerability, an attacker would first have to log on to the system. An attac ... oval:org.secpod.oval:def:54860 The host is missing an important security update for KB4498961 oval:org.secpod.oval:def:54865 The host is missing an important security update for KB4499406 oval:org.secpod.oval:def:30024 The host is installed with Internet Explorer 10 or 11 and is prone to an elevation of privilege vulnerability. A flaw is present in the application, which does not properly validate permissions under specific conditions. Successful exploitation could allow attackers to run script with elevated privi ... oval:org.secpod.oval:def:30020 The host is installed with Internet Explorer 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly access objects in memory. An attacker who successfully exploited these vulnerabilities could gain the same user rights as th ... oval:org.secpod.oval:def:30022 The host is installed with Internet Explorer 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly access objects in memory. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user. oval:org.secpod.oval:def:40956 An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system.There are multiple ways an attacker could exploit th ... oval:org.secpod.oval:def:11229 The host is missing an important security update according to Microsoft security advisory (2820197). The update is required to fix a vulnerability, which prevents ActiveX control from being loaded by the Internet Explorer. Successful exploitation could allow attackers to execute arbitrary code. oval:org.secpod.oval:def:1205 The host is installed with Microsoft Internet Explorer 6/7/8 and is prone to remote code execution vulnerability. A flaw is present in VML implementation which fails to open a specially crafted web page. Successful exploitation allows remote attackers to gain the same user rights as the logged-on us ... oval:org.secpod.oval:def:32584 The host is installed with Microsoft Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8, 8.1, Server 2012 or 2012 R2 and is prone to an ASLR bypass vulnerability. A flaw is present in the Windows graphics device interface, which fails to handle objects in memory. Succe ... oval:org.secpod.oval:def:32614 The host is installed with Microsoft Windows Vista SP2, Windows Server 2008 SP2, Windows 7 SP1 or Windows Server 2008 R2 SP1 and is prone to privilege escalation vulnerability. A flaw is present in the system, which fails to load DLL file. Successful exploitation could allow local attackers to gain ... oval:org.secpod.oval:def:35931 The host is installed with Internet Explorer 9, 10 or 11 and is prone to a security feature bypass vulnerability. A flaw is present in Internet Explorer, which improperly handles URLs validation process in IE for restricted ports. Successful exploitation could allow attackers to trick a user to visi ... oval:org.secpod.oval:def:37479 The host is installed with Internet Explorer 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in Internet Explorer, which improperly handles objects in memory. Successful exploitation could allow attackers to gain the same user rights as the current user, if the current ... oval:org.secpod.oval:def:46417 The host is missing a critical security update for KB4339093 oval:org.secpod.oval:def:50150 The host is missing an important security update 4480063 oval:org.secpod.oval:def:50144 The host is missing an important security security update 4480055 oval:org.secpod.oval:def:50147 The host is missing an important security update 4480059 oval:org.secpod.oval:def:50160 The host is missing an important security update 4480085 oval:org.secpod.oval:def:50154 The host is missing an important security security update 4480072 oval:org.secpod.oval:def:50156 The host is missing an important security update 4480076 oval:org.secpod.oval:def:78048 Windows Media Center Update Denial of Service Vulnerability oval:org.secpod.oval:def:40971 A remote code execution vulnerability exists when Office improperly validates input before loading dynamic link library (DLL) files. An attacker who successfully exploited this vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete da ... oval:org.secpod.oval:def:14305 The host is installed with Microsoft Windows 7 Defender and is prone to an improper pathname vulnerability. A flaw is present in the application, which fails to properly handle pathnames. Successful exploitation could allow attackers to take complete control of the system. oval:org.secpod.oval:def:14306 The host is missing an important security update according to Microsoft bulletin, MS13-058. The update is required to fix a privilege escalation vulnerability. A flaw is present in the application, which fails to properly handle pathnames. Successful exploitation could allow attackers to take comple ... oval:org.secpod.oval:def:59672 An information disclosure vulnerability exists in Windows Adobe Type Manager Font Driver (ATMFD.dll) when it fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could potentially read data that was not intended to be disclosed. Note that this vulner ... oval:org.secpod.oval:def:59683 An information disclosure vulnerability exists when DirectWrite improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system.There are multiple ways an attacker could exploit the vulnerabilit ... oval:org.secpod.oval:def:59692 A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; ... oval:org.secpod.oval:def:19806 The host is installed with Microsoft Office 2010, 2007, Lync 2010, 2013, SP1, Lync Basic 2013, SP1 or Lync 2010 Attendee and is prone to remote code execution vulnerability. A flaw is present in the applications, which fail to properly handle specially crafted files in a way that corrupts memory. Su ... oval:org.secpod.oval:def:19807 The host is installed with Microsoft Office 2010, 2007, Lync 2010, 2013, SP1, Lync Basic 2013, SP1 or Lync 2010 Attendee and is prone to remote code execution vulnerability. A flaw is present in the applications, which fail to properly validate specially crafted files. Successful exploitation allows ... oval:org.secpod.oval:def:21875 The host is installed with Microsoft Windows Server 2003, Server 2008, Server 2008 R2, Windows Vista, Windows 7, Server 2012, Server 2012 R2, Windows 8 or Windows 8.1 and is prone to an information disclosure vulnerability. A flaw is present in the Graphics Component, which improperly handles the de ... oval:org.secpod.oval:def:23481 The host is installed with Microsoft Windows Server 2003, Server 2008, Server 2008 R2, Server 2008 R2 IA64, Windows Vista, Windows 7, Server 2012, Server 2012 R2, Windows 8 or Windows 8.1 and is prone to an information disclosure vulnerability. A flaw is present in the Graphics Component, which fail ... oval:org.secpod.oval:def:23763 The host is installed with Microsoft Windows Server 2003, Server 2008, Server 2008 R2, Server 2008 R2 IA64, Windows Vista, Windows 7, Server 2012, Server 2012 R2, Windows 8 or Windows 8.1 and is prone to an information disclosure vulnerability. A flaw is present which exists when Windows fails to pr ... oval:org.secpod.oval:def:58953 An information disclosure vulnerability exists in the way that Microsoft Graphics Components handle objects in memory. An attacker who successfully exploited the vulnerability could obtain information that could be useful for further exploitation.To exploit the vulnerability, a user would have to op ... oval:org.secpod.oval:def:58955 An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory, allowing an attacker to retrieve information from a targeted system. By itself, the information disclosure does not allow arbitrary code execution; however, it could ... oval:org.secpod.oval:def:58941 A security feature bypass vulnerability exists in Microsoft Windows when a man-in-the-middle attacker is able to successfully bypass the NTLMv2 protection if a client is also sending LMv2 responses. An attacker who successfully exploited this vulnerability could gain the ability to downgrade NTLM se ... oval:org.secpod.oval:def:58954 An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delet ... oval:org.secpod.oval:def:58956 An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delet ... oval:org.secpod.oval:def:18573 The host is installed with Microsoft Windows 7 SP1, Server 2008 R2 SP1, Windows 8 or Server 2012 and is prone to security feature bypass vulnerability. A flaw is present in the application, which fails to properly handle domain authentication controls. Successful exploitation allows attackers to exe ... oval:org.secpod.oval:def:1223 The host is installed with Microsoft Internet Explorer and is prone to cookiejacking vulnerability. A flaw is present in the application, which fails to properly restrict cross-zone drag-and-drop actions. Successful exploitation allow user-assisted remote attackers to read cookie files. oval:org.secpod.oval:def:1762 The host is missing a Critical security update according to Microsoft security bulletin MS11-057. The update is required to fix multilple vulnerabilities. The flaws are present in the browser, which fails to access an object that has not been properly initialized or has been deleted. Successful expl ... oval:org.mitre.oval:def:6696 Stack-based buffer overflow in the UpdateFrameTitleForDocument method in the CFrameWnd class in mfc42.dll in the Microsoft Foundation Class (MFC) Library in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allo ... oval:org.secpod.oval:def:1388 The host is missing a critical security update according to Microsoft security bulletin, MS10-074. The update is required to fix stack-based buffer overflow vulnerability. A flaw is present in the 'UpdateFrameTitleForDocument' method in the CFrameWnd class in 'mfc42.dll' in the Microsoft Foundation ... oval:org.secpod.oval:def:23493 The host is installed with Microsoft Windows Server 2003 SP2, Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8, 8.1, Server 2012 or Server 2012 R2 and is prone to a security feature bypass vulnerability. A flaw is present in the application, which fails to properly validate a ... oval:org.secpod.oval:def:23483 The host is installed with Microsoft Windows Server 2008, Server 2008 R2, Server 2008 R2 IA64, Windows Vista, Windows 7, Server 2012, Server 2012 R2, Windows 8 or Windows 8.1 and is prone to a remote code execution vulnerability. The flaw is present in the Group Policy, which fails to handle files t ... oval:org.secpod.oval:def:15671 The host is installed with Microsoft Windows XP SP2, SP3, Server 2003 SP2, Vista SP2, Server 2008 SP2, Server 2008 R2 SP2, Windows 7 SP1, Windows Server 2012 or Windows 8 and is prone to remote code vulnerability. A flaw is present in the application, which fails to properly parse OpenType fonts. Su ... oval:org.secpod.oval:def:16195 The host is installed with Microsoft Windows Vista SP2, Server 2008 SP2, Server 2008 R2 SP2, Windows 7 SP1, Windows Server 2012 or Windows 8 and is prone to elevation of privilege vulnerability. A flaw is present in the application, which fails to properly handle objects in memory. Successful exploi ... oval:org.secpod.oval:def:15435 The host is installed with Microsoft Windows Vista, Windows Server 2008, Windows Server 2008 R2, Windows 7, Windows 8 or Windows Server 2012 and is prone to an denial of service vulnerability. The flaw is present in the Active Directory Lightweight Directory Service (AD LDS), which fails to properl ... oval:org.secpod.oval:def:15667 The host is installed with Microsoft Windows XP SP2, SP3, Server 2003 SP2, Vista SP2, Server 2008 SP2, Server 2008 R2 SP2, Windows 7 SP1, Windows Server 2012 or Windows 8 and is prone to elevation of privilege vulnerability. A flaw is present in the application, which fails to properly handle object ... oval:org.secpod.oval:def:15666 The host is installed with Microsoft Windows XP SP2, SP3, Server 2003 SP2, Vista SP2, Server 2008 SP2, Server 2008 R2 SP2, Windows 7 SP1, Windows Server 2012 or Windows 8 and is prone to elevation of privilege vulnerability. A flaw is present in the application, which fails to properly handle object ... oval:org.secpod.oval:def:15659 The host is installed with Microsoft Windows XP, Microsoft Windows Server 2003, Microsoft Windows Vista, Microsoft Windows Server 2008, Microsoft Windows 7, Microsoft Windows Server 2008 R2, Microsoft Windows 8 or Microsoft Windows Server 2012 and is prone to remote code execution vulnerability. A f ... oval:org.secpod.oval:def:15670 The host is installed with Microsoft Windows Vista SP2, Server 2008 SP2, Server 2008 R2 SP2 or Windows 7 SP1 and is prone to elevation of privilege vulnerability. A flaw is present in the application, which fails to properly handle objects in memory. Successful exploitation allows attackers to run a ... oval:org.secpod.oval:def:15425 The host is installed with Microsoft Windows Vista, Windows XP, Windows Server 2003, Windows Server 2008, Windows Server 2008 R2, Windows 7, Windows 8 or Windows Server 2012 and is prone to an elevation of privilege vulnerability. The flaw is present in the Windows Kernel-Mode, which fails to proper ... oval:org.secpod.oval:def:15426 The host is installed with Microsoft Windows Vista, Windows XP, Windows Server 2003, Windows Server 2008, Windows Server 2008 R2, Windows 7, Windows 8 or Windows Server 2012 and is prone to an elevation of privilege vulnerability. The flaw is present in the Windows Kernel-Mode, which fails to proper ... oval:org.secpod.oval:def:15423 The host is installed with Microsoft Windows Vista, Windows XP, Windows Server 2003, Windows Server 2008, Windows Server 2008 R2, Windows 7, Windows 8 or Windows Server 2012 and is prone to an elevation of privilege vulnerability. The flaw is present in the Windows Kernel-Mode, which fails to proper ... oval:org.secpod.oval:def:15424 The host is installed with Microsoft Windows Vista, Windows XP, Windows Server 2003, Windows Server 2008, Windows Server 2008 R2, Windows 7, Windows 8 or Windows Server 2012 and is prone to an elevation of privilege vulnerability. The flaw is present in the Windows Kernel-Mode, which fails to proper ... oval:org.secpod.oval:def:15421 The host is installed with Microsoft Windows Vista, Windows XP, Windows Server 2003, Windows Server 2008, Windows Server 2008 R2, Windows 7, Windows 8 or Windows Server 2012 and is prone to an elevation of privilege vulnerability. The flaw is present in the Windows Kernel-Mode, which fails to proper ... oval:org.secpod.oval:def:15422 The host is installed with Microsoft Windows Vista, Windows XP, Windows Server 2003, Windows Server 2008, Windows Server 2008 R2, Windows 7, Windows 8 or Windows Server 2012 and is prone to an elevation of privilege vulnerability. The flaw is present in the Windows Kernel-Mode, which fails to proper ... oval:org.secpod.oval:def:15420 The host is installed with Microsoft Windows Vista, Windows XP, Windows Server 2003, Windows Server 2008, Windows Server 2008 R2, Windows 7, or Windows 8 and is prone to an elevation of privilege vulnerability. The flaw is present in the Windows Kernel-Mode, which fails to properly handle objects in ... oval:org.secpod.oval:def:14824 The host is installed with Internet Explorer 7, 8, 9 or 10 and is prone to elevation of privilege vulnerability. A flaw is present in the application, which fails to properly access an object in memory. Successful exploitation allows attackers to elevate the privileges of a process that is launched ... oval:org.secpod.oval:def:14299 The host is installed with DirectShow in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8 or Windows Server 2012 and is prone to a remote code execution vulnerability. A flaw is present in the application, whic ... oval:org.secpod.oval:def:14312 The host is installed with Microsoft Windows Vista, Windows XP, Windows Server 2003, Windows Server 2008, Windows Server 2008 R2, Windows 7, Windows 8 or Windows Server 2012 and is prone to an elevation of privilege vulnerability. The flaw is present in the application, which fails to properly hand ... oval:org.secpod.oval:def:14842 The host is installed with Microsoft Windows Vista, Server 2008, Windows 7, Windows 8, Windows Server 2012 or Windows Server 2008 R2 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to properly allocate memory for incoming ICMPv6 packets. Successfu ... oval:org.secpod.oval:def:14833 The host is installed with Microsoft Windows and is prone to a remote procedure call vulnerability. A flaw is present in the application, which fails to handle asynchronous RPC requests. Successful exploitation could allow attackers to execute arbitrary code. oval:org.secpod.oval:def:14310 The host is installed with Microsoft Windows Vista, Windows XP, Windows Server 2003, Windows Server 2008, Windows Server 2008 R2 or Windows 7 and is prone to a elevation of privilege vulnerability. The flaw is present in the application, which fails to properly handle objects in memory. Successful ... oval:org.secpod.oval:def:14311 The host is installed with Microsoft Windows Vista, Windows XP, Windows Server 2003, Windows Server 2008, Windows Server 2008 R2 or Windows 7 and is prone to a elevation of privilege vulnerability. The flaw is present in the application, which fails to properly handle objects in memory. Successful ... oval:org.secpod.oval:def:14308 The host is installed with Microsoft Windows Vista, Windows XP, Windows Server 2003, Windows Server 2008, Windows Server 2008 R2, Windows 7, Windows 8 or Windows Server 2012 and is prone to an elevation of privilege vulnerability. The flaw is present in the application, which fails to properly hand ... oval:org.secpod.oval:def:14309 The host is installed with Microsoft Windows Vista, Windows XP, Windows Server 2003, Windows Server 2008, Windows Server 2008 R2, Windows 7, Windows 8 or Windows Server 2012 and is prone to an elevation of privilege vulnerability. The flaw is present in the application, which fails to properly hand ... oval:org.secpod.oval:def:14197 The host is installed with Microsoft Windows Vista, Windows Server 2008, Windows Server 2008 R2, Windows 7, Windows 8 or Windows Server 2012 and is prone to a TCP/IP integer overflow vulnerability. A flaw is present in the application, which fails to properly handle packets during TCP connection. S ... oval:org.secpod.oval:def:14200 The host is installed with Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows 8 or Windows 2012 and is prone to a privilege escalation vulnerability. A flaw is present in the Windows Print Spooler components which fails to validate a specially crafted print job. Successfu ... oval:org.secpod.oval:def:14307 The host is installed with Microsoft Windows Vista, Windows XP, Windows Server 2003, Windows Server 2008, Windows Server 2008 R2, Windows 7, Windows 8 or Windows Server 2012 and is prone to an elevation of privilege vulnerability. The flaw is present in the application, which fails to properly hand ... oval:org.secpod.oval:def:10966 The host is installed with Microsoft Windows Vista, Windows Server 2008 or R2 , Windows 7 SP1, Windows 8, Windows Server 2012 and is prone to a privilege escalation vulnerability. A flaw is present in the application, which fails to properly handle objects in memory. Successful exploitation could al ... oval:org.secpod.oval:def:10967 The host is installed with Microsoft Windows 7 SP1 and is prone to a buffer overflow vulnerability. A flaw is present in the application, which fails to handle a crafted application that leverages improper handling of objects in memory. Successful exploitation could allow attackers to gain privilege ... oval:org.secpod.oval:def:10968 The host is installed with Microsoft Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, R2, Windows 7, Windows 8, Windows Server 2012 and is prone to a windows handle vulnerability. A flaw is present in the application which fails to properly handle deleted objects in memory. Succe ... oval:org.secpod.oval:def:10740 The host is missing an important security update according to Microsoft security bulletin MS13-031. The update is required to fix multiple race condition vulnerabilities. The flaws are present in the application, which fails to properly handle objects in memory. Successful exploitation could allow a ... oval:org.secpod.oval:def:10738 The host is installed with Microsoft Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012 and is prone to a race condition vulnerability. A flaw is present in the application, which fails to properly handle objec ... oval:org.secpod.oval:def:10733 The host is installed with Microsoft Windows XP, Server 2003, Server 2008, R2, Server 2012, Windows Vista, Windows 7 or Windows 8 and is prone to elevation of privilege vulnerability. A flaw is present in the application, which fails to handle objects in memory. Successful exploitation allows attack ... oval:org.secpod.oval:def:10734 The host is missing an important security update according to Microsoft security bulletin, MS13-036. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle certain vectors related to memory and crafted files. Successful exploitation al ... oval:org.secpod.oval:def:10735 The host is installed with Microsoft Windows XP, Server 2003, Server 2008, Windows Vista, Windows 7 or Windows 8 and is prone to denial of service vulnerability. A flaw is present int he application, which fails to handle a specially crafted font file. Successful exploitation allows attackers to cau ... oval:org.secpod.oval:def:10736 The host is installed with Microsoft Windows Server 2008, R2, Server 2012, Windows Vista, Windows 7 or Windows 8 and is prone to elevation of privilege vulnerability. A flaw is present in the application, which fails to handle objects in memory. Successful exploitation allows attackers to gain eleva ... oval:org.secpod.oval:def:10737 The host is installed with Microsoft Windows Server 2008, R2, Windows Vista or Windows 7 and is prone to elevation of privilege vulnerability. A flaw is present in the application, which fails to handle objects in memory. Successful exploitation allows attackers to gain elevated privileges and read ... oval:org.secpod.oval:def:10941 The host is installed with Internet Explorer 8 or 9 and is prone to an use after free vulnerability. A flaw is present in the application, which fails to handle an object in memory that has been deleted or has not been properly allocated. Successful exploitation could allow attackers to execute arbi ... oval:org.secpod.oval:def:9739 The host is missing an important security update according to MS bulletin, MS13-027 and is prone to an privilege escalation vulnerability. A flaw is present in the kernel-mode drivers, which fails to properly handle objects in memory. Successful exploitation could allow attackers to run arbitrary co ... oval:org.secpod.oval:def:9742 The host is installed with Microsoft Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows 8 or Windows Server 2012 and is prone to a privilege escalation vulnerability. A flaw is present in the kernel-mode drivers, which fails to handle obje ... oval:org.secpod.oval:def:9741 The host is installed with Microsoft Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows 8 or Windows Server 2012 and is prone to a privilege escalation vulnerability. A flaw is present in the kernel-mode drivers, which fails to handle obje ... oval:org.secpod.oval:def:9740 The host is installed with Microsoft Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows 8 or Windows Server 2012 and is prone to a privilege escalation vulnerability. A flaw is present in the kernel-mode drivers, which fails to handle obje ... oval:org.secpod.oval:def:9711 The host is missing a critical security update according to Microsoft bulletin, MS13-012 and is prone to multiple use after free vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to execute arbitrary code. oval:org.secpod.oval:def:9719 The host is installed with Internet Explorer 8 and is prone to a CTreeNode use after free vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to execute arbitrary code. oval:org.secpod.oval:def:9715 The host is installed with Internet Explorer 6,7,8,9 or 10 and is prone to a CCaret use after free vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to execute arbitrary code. oval:org.secpod.oval:def:9717 The host is installed with Internet Explorer 6,7,8,9 or 10 and is prone to a GetMarkupPtr use after free vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to execute arbitrary code. oval:org.secpod.oval:def:9716 The host is installed with Internet Explorer 8 and is prone to a CElement use after free vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to execute arbitrary code. oval:org.secpod.oval:def:9718 The host is installed with Internet Explorer 6,7,8,9 or 10 and is prone to a use after free vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to execute arbitrary code. oval:org.secpod.oval:def:9720 The host is installed with Internet Explorer 6,7,8,9 or 10 and is prone to an use after free vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to execute arbitrary code. oval:org.secpod.oval:def:9239 The host is missing an important security update according to Microsoft bulletin, MS13-017. The update is required to fix multiple elevation of privilege vulnerabilities. The flaws are present in the application, which is caused when the Windows kernel improperly handles objects in memory. Successfu ... oval:org.secpod.oval:def:9238 The host is installed with Microsoft Windows XP, Server 2003, Server 2008, Server 2008 R2, Server 2012, Windows Vista, Windows 7 or Windows 8 and is prone to elevation of privilege vulnerability. A flaw is present in the application, which is caused when the Windows kernel improperly handles objects ... oval:org.secpod.oval:def:9713 The host is installed with Internet Explorer 6,7,8,9 or 10 and is prone to an use after free vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to execute arbitrary code. oval:org.secpod.oval:def:9712 The host is installed with Internet Explorer 6,7,8,9 or 10 and is prone to an onresize use after free vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to execute arbitrary code. oval:org.secpod.oval:def:9714 The host is installed with Internet Explorer 6,7,8,9 or 10 and is prone to a CMarkupBehaviorContext use after free vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to execute arbitrary code. oval:org.secpod.oval:def:14835 The host is installed with Windows Vista, Windows Server 2008, Windows 7 or Windows Server 2008 R2 and is prone to a ASLR security feature bypass vulnerability. The flaw is present in Windows Kernel, which fails to properly handle the implementation of Address Space Layout Randomization (ASLR). Succ ... oval:org.secpod.oval:def:9236 The host is installed with Microsoft Windows XP, Server 2003, Server 2008, Server 2008 R2, Server 2012, Windows Vista, Windows 7 or Windows 8 and is prone to elevation of privilege vulnerability. A flaw is present in the application, which is caused when the Windows kernel improperly handles objects ... oval:org.secpod.oval:def:9237 The host is installed with Microsoft Windows XP, Server 2003, Server 2008, Server 2008 R2, Server 2012, Windows Vista, Windows 7 or Windows 8 and is prone to elevation of privilege vulnerability. A flaw is present in the application, which is caused when the Windows kernel improperly handles objects ... oval:org.secpod.oval:def:9271 The host is installed with Microsoft Windows XP, Server 2003, Server 2008, Server 2008 R2, Server 2012, Windows Vista, or Windows 7 and is prone to elevation of privilege vulnerability. A flaw is present in the application, which is caused when the Windows kernel-mode driver improperly handles objec ... oval:org.secpod.oval:def:9272 The host is installed with Microsoft Windows XP, Server 2003, Server 2008, Server 2008 R2, Server 2012, Windows Vista, or Windows 7 and is prone to elevation of privilege vulnerability. A flaw is present in the application, which is caused when the Windows kernel-mode driver improperly handles objec ... oval:org.secpod.oval:def:9273 The host is installed with Microsoft Windows XP, Server 2003, Server 2008, Server 2008 R2, Server 2012, Windows Vista or Windows 7 and is prone to elevation of privilege vulnerability. A flaw is present in the application, which is caused when the Windows kernel-mode driver improperly handles object ... oval:org.secpod.oval:def:9274 The host is missing an important security update according to Microsoft bulletin, MS13-016. The update is required to fix multiple elevation of privilege vulnerabilities. The flaws are present in the application, which is caused when the Windows kernel-mode driver improperly handles objects in memor ... oval:org.secpod.oval:def:9268 The host is installed with Microsoft Windows XP, Server 2003, Server 2008, Server 2008 R2, Server 2012, Windows Vista, or Windows 7 and is prone to elevation of privilege vulnerability. A flaw is present in the application, which is caused when the Windows kernel-mode driver improperly handles objec ... oval:org.secpod.oval:def:9269 The host is installed with Microsoft Windows XP, Server 2003, Server 2008, Server 2008 R2, Server 2012, Windows Vista, or Windows 7 and is prone to elevation of privilege vulnerability. A flaw is present in the application, which is caused when the Windows kernel-mode driver improperly handles objec ... oval:org.secpod.oval:def:9266 The host is installed with Microsoft Windows XP, Server 2003, Server 2008, Server 2008 R2, Server 2012, Windows Vista, or Windows 7 and is prone to elevation of privilege vulnerability. A flaw is present in the application, which is caused when the Windows kernel-mode driver improperly handles objec ... oval:org.secpod.oval:def:9267 The host is installed with Microsoft Windows XP, Server 2003, Server 2008, Server 2008 R2, Server 2012, Windows Vista, or Windows 7 and is prone to elevation of privilege vulnerability. A flaw is present in the application, which is caused when the Windows kernel-mode driver improperly handles objec ... oval:org.secpod.oval:def:9270 The host is installed with Microsoft Windows XP, Server 2003, Server 2008, Server 2008 R2, Server 2012, Windows Vista, or Windows 7 and is prone to elevation of privilege vulnerability. A flaw is present in the application, which is caused when the Windows kernel-mode driver improperly handles objec ... oval:org.secpod.oval:def:9264 The host is installed with Microsoft Windows XP, Server 2003, Server 2008, Server 2008 R2, Server 2012, Windows Vista, or Windows 7 and is prone to elevation of privilege vulnerability. A flaw is present in the application, which is caused when the Windows kernel-mode driver improperly handles objec ... oval:org.secpod.oval:def:9265 The host is installed with Microsoft Windows XP, Server 2003, Server 2008, Server 2008 R2, Server 2012, Windows Vista, or Windows 7 and is prone to elevation of privilege vulnerability. A flaw is present in the application, which is caused when the Windows kernel-mode driver improperly handles objec ... oval:org.secpod.oval:def:9261 The host is installed with Microsoft Windows XP, Server 2003, Server 2008, Server 2008 R2, Server 2012, Windows Vista, or Windows 7 and is prone to elevation of privilege vulnerability. A flaw is present in the application, which is caused when the Windows kernel-mode driver improperly handles objec ... oval:org.secpod.oval:def:9262 The host is installed with Microsoft Windows XP, Server 2003, Server 2008, Server 2008 R2, Server 2012, Windows Vista, or Windows 7 and is prone to elevation of privilege vulnerability. A flaw is present in the application, which is caused when the Windows kernel-mode driver improperly handles objec ... oval:org.secpod.oval:def:9263 The host is installed with Microsoft Windows XP, Server 2003, Server 2008, Server 2008 R2, Server 2012, Windows Vista, or Windows 7 and is prone to elevation of privilege vulnerability. A flaw is present in the application, which is caused when the Windows kernel-mode driver improperly handles objec ... oval:org.secpod.oval:def:9257 The host is installed with Microsoft Windows XP, Server 2003, Server 2008, Server 2008 R2, Server 2012, Windows Vista, or Windows 7 and is prone to elevation of privilege vulnerability. A flaw is present in the application, which is caused when the Windows kernel-mode driver improperly handles objec ... oval:org.secpod.oval:def:9258 The host is installed with Microsoft Windows XP, Server 2003, Server 2008, Server 2008 R2, Server 2012, Windows Vista, or Windows 7 and is prone to elevation of privilege vulnerability. A flaw is present in the application, which is caused when the Windows kernel-mode driver improperly handles objec ... oval:org.secpod.oval:def:9259 The host is installed with Microsoft Windows XP, Server 2003, Server 2008, Server 2008 R2, Server 2012, Windows Vista, or Windows 7 and is prone to elevation of privilege vulnerability. A flaw is present in the application, which is caused when the Windows kernel-mode driver improperly handles objec ... oval:org.secpod.oval:def:9256 The host is installed with Microsoft Windows XP, Server 2003, Server 2008, Server 2008 R2, Server 2012, Windows Vista, or Windows 7 and is prone to elevation of privilege vulnerability. A flaw is present in the application, which is caused when the Windows kernel-mode driver improperly handles objec ... oval:org.secpod.oval:def:9260 The host is installed with Microsoft Windows XP, Server 2003, Server 2008, Server 2008 R2, Server 2012, Windows Vista, or Windows 7 and is prone to elevation of privilege vulnerability. A flaw is present in the application, which is caused when the Windows kernel-mode driver improperly handles objec ... oval:org.secpod.oval:def:9253 The host is installed with Microsoft Windows XP, Server 2003, Server 2008, Server 2008 R2, Server 2012, Windows Vista, or Windows 7 and is prone to elevation of privilege vulnerability. A flaw is present in the application, which is caused when the Windows kernel-mode driver improperly handles objec ... oval:org.secpod.oval:def:9254 The host is installed with Microsoft Windows XP, Server 2003, Server 2008, Server 2008 R2, Server 2012, Windows Vista, or Windows 7 and is prone to elevation of privilege vulnerability. A flaw is present in the application, which is caused when the Windows kernel-mode driver improperly handles objec ... oval:org.secpod.oval:def:9255 The host is installed with Microsoft Windows XP, Server 2003, Server 2008, Server 2008 R2, Server 2012, Windows Vista, or Windows 7 and is prone to elevation of privilege vulnerability. A flaw is present in the application, which is caused when the Windows kernel-mode driver improperly handles objec ... oval:org.secpod.oval:def:9251 The host is installed with Microsoft Windows XP, Server 2003, Server 2008, Server 2008 R2, Server 2012, Windows Vista, or Windows 7 and is prone to elevation of privilege vulnerability. A flaw is present in the application, which is caused when the Windows kernel-mode driver improperly handles objec ... oval:org.secpod.oval:def:9252 The host is installed with Microsoft Windows XP, Server 2003, Server 2008, Server 2008 R2, Server 2012, Windows Vista, or Windows 7 and is prone to elevation of privilege vulnerability. A flaw is present in the application, which is caused when the Windows kernel-mode driver improperly handles objec ... oval:org.secpod.oval:def:9250 The host is installed with Microsoft Windows XP, Server 2003, Server 2008, Server 2008 R2, Server 2012, Windows Vista, or Windows 7 and is prone to elevation of privilege vulnerability. A flaw is present in the application, which is caused when the Windows kernel-mode driver improperly handles objec ... oval:org.secpod.oval:def:9246 The host is installed with Microsoft Windows XP, Server 2003, Server 2008, Server 2008 R2, Server 2012, Windows Vista, or Windows 7 and is prone to elevation of privilege vulnerability. A flaw is present in the application, which is caused when the Windows kernel-mode driver improperly handles objec ... oval:org.secpod.oval:def:9247 The host is installed with Microsoft Windows XP, Server 2003, Server 2008, Server 2008 R2, Server 2012, Windows Vista, or Windows 7 and is prone to elevation of privilege vulnerability. A flaw is present in the application, which is caused when the Windows kernel-mode driver improperly handles objec ... oval:org.secpod.oval:def:9248 The host is installed with Microsoft Windows XP, Server 2003, Server 2008, Server 2008 R2, Server 2012, Windows Vista, or Windows 7 and is prone to elevation of privilege vulnerability. A flaw is present in the application, which is caused when the Windows kernel-mode driver improperly handles objec ... oval:org.secpod.oval:def:9249 The host is installed with Microsoft Windows XP, Server 2003, Server 2008, Server 2008 R2, Server 2012, Windows Vista, or Windows 7 and is prone to elevation of privilege vulnerability. A flaw is present in the application, which is caused when the Windows kernel-mode driver improperly handles objec ... oval:org.secpod.oval:def:9244 The host is installed with Microsoft Windows XP, Server 2003, Server 2008, Server 2008 R2, Server 2012, Windows Vista, Windows 7, Server 2012 or Windows 8 and is prone to elevation of privilege vulnerability. A flaw is present in the application, which is caused when the Windows kernel-mode driver i ... oval:org.secpod.oval:def:9245 The host is installed with Microsoft Windows XP, Server 2003, Server 2008, Server 2008 R2, Server 2012, Windows Vista, Windows 7, Server 2012 or Windows 8 and is prone to elevation of privilege vulnerability. A flaw is present in the application, which is caused when the Windows kernel-mode driver i ... oval:org.secpod.oval:def:9240 The host is installed with Microsoft Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows 8 or Windows Server 2012 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to properly handle a connection termination sequence. Succ ... oval:org.secpod.oval:def:9241 The host is missing an important security update according to Microsoft security bulletin MS13-018. The update is required to fix a denial of service vulnerability. A flaw is present in the application, which fails to properly handle a connection termination sequence. Successful exploitation could a ... oval:org.secpod.oval:def:9280 The host is missing an important security update according to Microsoft bulletin, MS13-015. The update is required to fix privilege escalation vulnerability. A flaw is present in the application, which fails to properly handle a web browser that can run XAML Browser Applications. Successful exploita ... oval:org.secpod.oval:def:9281 The host is installed with .NET Framework 2.0 or 3.5 or 3.5.1 or 4.0 or 4.5 and is prone to privilege escalation vulnerability. A flaw is present in the application, which fails to properly handle permissions of a callback function. Successful exploitation allows attackers to take complete control o ... oval:org.secpod.oval:def:9290 The host is installed with Internet Explorer 9 or 10 and is prone to an use after free vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to execute arbitrary code. oval:org.secpod.oval:def:9291 The host is installed with Internet Explorer 8 or 9 and is prone to an use after free vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to execute arbitrary code. oval:org.secpod.oval:def:9297 The host is missing a critical security update according to Microsoft security bulletin, MS13-009. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to execute arbitrary ... oval:org.secpod.oval:def:9293 The host is installed with Internet Explorer 9 and is prone to an use after free vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to execute arbitrary code. oval:org.secpod.oval:def:9296 The host is installed with Internet Explorer 6, 7, 8, 9 and is prone to an use after free vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to execute arbitrary code. oval:org.secpod.oval:def:9282 The host is missing a critical security update according to Microsoft security bulletin, MS13-010. The update is required to fix remote code execution vulnerability. A flaw is present in the microsoft implementation of Vector Markup Language, which fails to handle a specially crafted webpage. Succes ... oval:org.secpod.oval:def:9283 The host is installed with Internet Explorer 6 or 7 or 8 or 9 or 10 and is prone to memory corruption vulnerability. A flaw is present in the application, which fails to handle a specially crafted webpage. Successful exploitation could allow an attacker to gain the same user rights as the current us ... oval:org.secpod.oval:def:9287 The host is installed with Internet Explorer 7, 8, 9 or 10 and is prone to an use after free vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to execute arbitrary code. oval:org.secpod.oval:def:9288 The host is installed with Internet Explorer 9 and is prone to an use after free vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to execute arbitrary code. oval:org.secpod.oval:def:9289 The host is installed with Internet Explorer 9 or 10 and is prone to an use after free vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to execute arbitrary code. oval:org.secpod.oval:def:8333 The host is installed with Windows Vista, Windows Server 2008,Windows Server 2008 R2, Windows 7, Windows 8 or Windows Server 2012 and is prone to a privilege escalation vulnerability. A flaw is present in the application, which fails to properly handle window broadcast messages. Successful exploitat ... oval:org.secpod.oval:def:8334 The host is missing an important security update according to MS bulletin, MS13-005 and is prone to an privilege escalation vulnerability. A flaw is present in the application, which fails to properly handle window broadcast messages. Successful exploitation could allow attackers to take complete co ... oval:org.secpod.oval:def:8335 The host is installed with Microsoft Windows Vista, Windows 7, Windows server 2008, Windows server 208 R2, Windows 8 or Windows server 2012 and is prone to security feature bypass vulnerability. A flaw is present in the application, which fails to properly handle SSL/TLS session version negotiation. ... oval:org.secpod.oval:def:8336 The host is missing an important security update according to Microsoft bulletin, MS13-006. The update is required to fix security feature bypass vulnerability. A flaw is present in the application, which fails to properly handle SSL/TLS session version negotiation. Successful exploitation allows at ... oval:org.secpod.oval:def:8339 The host is installed with Microsoft .NET Framework 2.0 SP2, 3.0, 3.5.1, 4 or 4.5 and is prone to S.DS.P buffer overflow vulnerability. A flaw is present in the application, which fails to properly handle System.DirectoryServices.Protocols (S.DS.P) namespace method. Successful exploitation allows re ... oval:org.secpod.oval:def:8344 The host is missing an important security update according Microsoft bulletin MS13-007. The update is required to fix a denial of service vulnerability. A flaw is present in the applications, which fail to handle crafted HTTP requests. Successful exploitation could allow attackers to crash the servi ... oval:org.secpod.oval:def:8340 The host is installed with Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.0, 3.5.1, 4 or 4.5 and is prone to double construction vulnerability. A flaw is present in the application, which fails to properly handle objects in memory. Successful exploitation allows remote attackers to install programs, v ... oval:org.secpod.oval:def:8341 The host is missing an important security update according to Microsoft security bulletin, MS13-004. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to properly handle the vectors related to memory. Successful exploitation allows remote a ... oval:org.secpod.oval:def:8342 The host is installed with Microsoft .NET Framework 3.5 Service Pack 1, Microsoft .NET Framework 4 or Management OData IIS Extension and is prone to a denial of service vulnerability. A flaw is present in the applications, which fail to handle crafted HTTP requests. Successful exploitation could all ... oval:org.secpod.oval:def:8352 The host is missing a critical security update according to MS13-002. The update is required to fix multiple MSXML vulnerabilities. The flaws are present in the applications, which fail to properly handle XML content. Successful exploitation allows attackers to execute arbitrary code. oval:org.secpod.oval:def:8197 The host is missing a critical security update according to Microsoft security bulletin MS12-077. The update is required to fix multiple use-after-free vulnerabilities. The flaws are present in the application, which fails to handle a deleted object. Successful exploitation could allow attackers to ... oval:org.secpod.oval:def:8195 The host is installed with Internet Explorer 9 and is prone to an CMarkup use-after-free vulnerability. A flaw is present in the application, which fails to handle a deleted object. Successful exploitation could allow attackers to execute arbitrary code. oval:org.secpod.oval:def:8196 The host is installed with Internet Explorer 9 or 10 and is prone to an improper ref counting use-after-free vulnerability. A flaw is present in the application, which fails to handle a deleted or improperly initialized object. Successful exploitation could allow attackers to execute arbitrary code. oval:org.secpod.oval:def:8322 The host is installed with Internet Explorer 6, Internet Explorer 7 or Internet Explorer 8 and is prone to remote code execution vulnerability. A flaw is present in the application, which fails to properly handle object in memory. Successful exploitation could allow attackers to execute arbitrary co ... oval:org.secpod.oval:def:8321 The host is missing a critical security update according to Microsoft Security Bulletin, MS13-008. The update is required to fix remote code execution vulnerability. A flaw is present in the application, which fails to properly handle object in memory. Successful exploitation could allow attackers t ... oval:org.secpod.oval:def:8337 The host is installed with Microsoft .NET Framework 1.1 SP1 or 2.0 SP2 or 3.5.1 or 4 or 4.5 and is prone to WinForms buffer overflow vulnerability. A flaw is present in the application, which fails to properly handle a Windows Forms method. Successful exploitation allows remote attackers to install ... oval:org.secpod.oval:def:8338 The host is installed with Microsoft .NET Framework 1.1 SP1 or 2.0 SP2 or 3.0 or 4 and is prone to system drawing information disclosure vulnerability. A flaw is present in the application, which fails to properly handle pointers to unmanaged memory locations. Successful exploitation allows remote a ... oval:org.secpod.oval:def:8182 The host is installed with Windows XP, Windows Vista, Windows Server 2008, Windows Server 2008 R2, Windows Server 2003 or Windows 7 and is prone to a remote code execution vulnerability. A flaw is present in the application, which fails to parse filenames. Successful exploitation could allow attacke ... oval:org.secpod.oval:def:8183 The host is missing a critical security update according to Microsoft security bulletin, MS12-081. The update is required to fix a remote code execution vulnerability. A flaw is present in the application, which fails to parse filenames. Successful exploitation could allow attackers to execute arbit ... oval:org.secpod.oval:def:8190 The host is missing a critical security update according to Microsoft security bulletin, MS12-078. The update is required to fix remote code execution vulnerabilities. The flaws are present in the Windows kernel, which fails to handle the objects in memory. Successful exploitation could allow remote ... oval:org.secpod.oval:def:8191 The host is installed with Windows XP, Windows Vista, Windows Server 2008,Windows Server 2008 R2, Windows Server 2003 or Windows 7 and is prone to remote code execution vulnerabilities. The flaws are present in the Windows kernel, which fails to handle a specially crafted OpenType font file. Success ... oval:org.secpod.oval:def:7927 The host is installed with Microsoft .NET Framework 2.0 SP2, 3.5.1, 4 or 4.5 and is prone to Web proxy auto-discovery vulnerability. A flaw is present in the applications, which is caused by a lack of validation when the .NET Framework acquires the default web proxy settings and executes JavaScript ... oval:org.secpod.oval:def:7928 The host is installed with Microsoft .NET Framework 4 or 4.5 and is prone to WPF reflection optimization vulnerability. A flaw is present in the applications, which fails to properly validate permissions of objects involved with reflection. Successful exploitation allows attackers to take complete c ... oval:org.secpod.oval:def:7929 The host is missing a critical security update according to Microsoft Security Bulletin, MS12-074. The update is required to fix multiple vulnerabilities. The flaws are present in the applications, which fail to handle certain vectors and properly perform validations. Successful exploitation allows ... oval:org.secpod.oval:def:7906 The host is installed with Microsoft Internet Explorer 9 and is prone to use after free vulnerability. A flaw is present in the Internet Explorer, which fails to handle objects in memory. Successful exploitation allows an attacker to execute arbitrary code in the context of the current user. oval:org.secpod.oval:def:7903 The host is missing a critical security update according to Microsoft security bulletin, MS12-071. The update is required to fix use after free vulnerabilities. The flaws are present in the Internet Explorer, which fails to handle a specially crafted Web page. Successful exploitation allows an attac ... oval:org.secpod.oval:def:7931 The host is installed with Windows XP, Windows Vista, Windows Server 2008, Windows Server 2003 or Windows 7 and is prone to privilege escalation vulnerability. A flaw is present in the Windows kernel, which fails to properly handle the objects in memory. Successful exploitation could allow attackers ... oval:org.secpod.oval:def:7924 The host is installed with Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5.1 or 4 and is prone to reflection bypass vulnerability. A flaw is present in the applications, which fail to properly validate the permissions of objects performing reflection. Successful exploitation allows attackers to take ... oval:org.secpod.oval:def:7925 The host is installed with Microsoft .NET Framework 2.0 SP2 or 3.5.1 and is prone to Code access security info disclosure vulnerability. A flaw is present in the applications, which does not properly sanitize the output of a function when called from partially trusted code. Successful exploitation a ... oval:org.secpod.oval:def:7926 The host is installed with Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5.1 or 4 and is prone to untrusted search path vulnerability. A flaw is present in the applications, which is caused when Entity Framework, a .NET Framework component, incorrectly restricts the path used for loading external lib ... oval:org.secpod.oval:def:7905 The host is installed with Microsoft Internet Explorer 9 and is prone to use after free vulnerability. A flaw is present in the Internet Explorer, which fails to handle objects in memory. Successful exploitation allows an attacker to execute arbitrary code in the context of the current user. oval:org.secpod.oval:def:7311 The host is installed with Microsoft Windows XP, server 2003, server 2008, server 2008 R2, Vista or Windows 7 and is prone to integer overflow vulnerability. A flaw is present in the application, which is caused when the Windows kernel improperly handles objects in memory. Successful exploitation al ... oval:org.secpod.oval:def:7312 The host is missing an important security update according to Microsoft security bulletin, MS12-068. The update is required to fix integer overflow vulnerability. A flaw is present in the application, which is caused when the Windows kernel improperly handles objects in memory. Successful exploitati ... oval:org.secpod.oval:def:7930 The host is missing a critical security update according to Microsoft security bulletin, MS12-075. The update is required to fix remote code execution vulnerabilities. The flaws are present in the Windows kernel, which fails to handle the webpage that embeds TrueType font files. Successful exploitat ... oval:org.secpod.oval:def:7077 The host is installed with Google Chrome before 22.0.1229.79 in Microsoft Windows 7 and is prone to denial of service vulnerability. A flaw is present in the application, which fails to properly handle memory. Successful exploitation allows remote attackers to execute arbitrary code or cause a denia ... oval:org.secpod.oval:def:7920 The host is installed with Microsoft Windows XP SP2 or SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2 or R2 SP1, Windows 7 or SP1, windows 8, or windows server 2012 and is prone to integer underflow vulnerability. A flaw is present in the application, which fails to pro ... oval:org.secpod.oval:def:7921 The host is installed with Microsoft Windows XP SP2 or SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2 or R2 SP1, Windows 7 or SP1 and is prone to integer overflow vulnerability. A flaw is present in the application, which fails to properly handle a specially crafted bri ... oval:org.secpod.oval:def:7922 The host is missing a critical security update according to Microsoft Security Bulletin, MS12-072. The update is required to fix integer overflow and underflow vulnerabilities. The flaws are present in the application, which fails to properly handle a specially crafted briefcase. Successful exploita ... oval:org.secpod.oval:def:7904 The host is installed with Microsoft Internet Explorer 9 and is prone to use after free vulnerability. A flaw is present in the Internet Explorer, which fails to handle objects in memory. Successful exploitation allows an attacker to execute arbitrary code in the context of the current user. oval:org.secpod.oval:def:6344 The host is missing an important security update according to Microsoft security bulletin, MS12-047. The update is required to fix multiple elevation of privilege vulnerabilities. The flaws are present in the application, which fails to properly validate parameters when creating a hook procedure. Su ... oval:org.secpod.oval:def:6343 The host is installed with Microsoft Windows XP SP2, SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, R2 SP1, Windows 7 Gold or SP1 and is prone to an elevation of privilege vulnerability. A flaw is present in the application, which fails to properly validate parameters ... oval:org.secpod.oval:def:6342 The host is installed with Microsoft Windows XP SP2, SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, R2 SP1, Windows 7 Gold or SP1 and is prone to an elevation of privilege vulnerability. A flaw is present in the application, which fails to handle specific keyboard layo ... oval:org.secpod.oval:def:6349 The host is installed with Microsoft Data Access Components (MDAC) 2.8 SP1 and SP2 and Windows Data Access Components (WDAC) 6.0 and is prone to a remote code execution vulnerability. A flaw is present in the applications, which fail to handle a crafted XML data that triggers access to an uninitiali ... oval:org.secpod.oval:def:6350 The host is missing a critical security update according to Microsoft security bulletin, MS12-045. The update is required to fix a remote code execution vulnerability. A flaw is present in the applications, which fail to handle a crafted XML data that triggers access to an uninitialized object in me ... oval:org.secpod.oval:def:6686 The host is missing an important security update according to Microsoft security bulletin, MS12-055. The update is required to fix multiple elevation of privilege vulnerabilities. The flaws are present in the application, which fails to handle objects in memory properly. Successful exploitation coul ... oval:org.secpod.oval:def:6685 The host is installed with Microsoft Windows XP SP2, SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, R2 SP1, Windows 7 Gold or SP1 and is prone to an elevation of privilege vulnerability. A flaw is present in the application, which fails to handle objects in memory prop ... oval:org.secpod.oval:def:6688 The host is installed with Microsoft Windows XP, Server 2003, Vista, Server 2008, Windows 7 or Server 2008 R2 and is prone to format string vulnerability. A flaw is present in the application, which fails to handle a specially crafted response. Successful exploitation allows attackers to take comple ... oval:org.secpod.oval:def:6687 The host is installed with Microsoft Windows XP, Server 2003, Vista, Server 2008, Windows 7 or Server 2008 R2 and is prone to denial of service vulnerability. A flaw is present in the application, which fails to properly handle a Remote Administration Protocol (RAP) response. Successful exploitation ... oval:org.secpod.oval:def:6691 The host is missing a critical security update according to Microsoft security bulletin, MS12-054. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to properly handle a Remote Administration Protocol (RAP) response. Successful exploitation ... oval:org.secpod.oval:def:6345 The host is missing an important security update according to Microsoft security bulletin, MS12-048. The update is required to fix remote code execution vulnerability. A flaw is present in the Windows Shell, which fails to handle a file or directory with a specially crafted name. Successful exploita ... oval:org.secpod.oval:def:6346 The host is installed with Microsoft Windows and is prone to command injection vulnerability. A flaw is present in the windows shell, which fails to handle file and directory names. Successful exploitation allows remote attackers to install programs, view, change or delete data or create new account ... oval:org.secpod.oval:def:6341 The host is missing a critical security update according to microsoft security bulletin, MS12-044. The update is required to fix multiple remote code execution vulnerabilities. The flaws are present in the application, which fails to properly handle a deleted object. Successful exploitation could al ... oval:org.secpod.oval:def:6340 The host is installed with Microsoft Internet Explorer 9 and is prone to a remote code execution vulnerability. A flaw is present in the application, which fails to properly handle a deleted object. Successful exploitation could allow attackers to execute arbitrary code. oval:org.secpod.oval:def:6354 The host is missing an important security update according to Microsoft bulletin, MS12-049. The update is required to fix information disclosure vulnerability. A flaw is present in the application, which is caused by a design flaw in the TLS protocol when Cipher-block chaining (CBC) mode of operatio ... oval:org.secpod.oval:def:6353 The host is installed with Microsoft Windows and is prone to information disclosure vulnerability. A flaw is present in the application, which is caused by a design flaw in the TLS protocol when Cipher-block chaining (CBC) mode of operation is used. Successful exploitation allows attackers to decryp ... oval:org.secpod.oval:def:6339 The host is installed with Microsoft Internet Explorer 9 and is prone to a cached object remote code execution vulnerability. A flaw is present in the application, which fails to properly handle a deleted object. Successful exploitation could allow attackers to execute arbitrary code. oval:org.secpod.oval:def:6036 The host is installed with Internet Explorer 6 through 8 and is prone to a remote code execution vulnerability. A flaw is present in the application, which fails to handle an object that has been deleted. Successful exploitation could allow attackers to execute arbitrary code. oval:org.secpod.oval:def:6035 The host is installed with Internet Explorer 6 through 9 and is prone to a remote code execution vulnerability. A flaw is present in the application, which fails to handle an object that has been deleted. Successful exploitation could allow attackers to execute arbitrary code. oval:org.secpod.oval:def:6048 The host is installed with Internet Explorer 6 through 9 and is prone to a remote code execution vulnerability. A flaw is present in the application, which fails to handle an object that has been deleted. Successful exploitation could allow attackers to execute arbitrary code. oval:org.secpod.oval:def:6047 The host is installed with Internet Explorer 6 through 9 and is prone to a remote code execution vulnerability. A flaw is present in the application, which fails to handle an object that has been deleted. Successful exploitation could allow attackers to execute arbitrary code. oval:org.secpod.oval:def:6046 The host is installed with Internet Explorer 6 through 9 and is prone to a remote code execution vulnerability. A flaw is present in the application, which fails to properly handle objects in memory. Successful exploitation could allow attackers to execute arbitrary code. oval:org.secpod.oval:def:6045 The host is installed with Internet Explorer 8 and is prone to a remote code execution vulnerability. A flaw is present in the application, which fails to properly handle objects in memory. Successful exploitation could allow attackers to execute arbitrary code. oval:org.secpod.oval:def:6049 The host is installed with Internet Explorer 6 through 9 and is prone to a remote code execution vulnerability. A flaw is present in the application, which fails to properly handle objects in memory. Successful exploitation could allow attackers to execute arbitrary code. oval:org.secpod.oval:def:6044 The host is installed with Internet Explorer 8 and 9 and is prone to a remote code execution vulnerability. A flaw is present in the application, which fails to properly handle objects in memory. Successful exploitation could allow attackers to execute arbitrary code. oval:org.secpod.oval:def:6043 The host is installed with Internet Explorer 7 through 9 and is prone to a remote code execution vulnerability. A flaw is present in the application, which fails to properly create and initialize string data. Successful exploitation could allow attackers to obtain sensitive information from process ... oval:org.secpod.oval:def:6042 The host is installed with Internet Explorer 6 through 9 and is prone to a cross site scripting vulnerability. A flaw is present in the application, which fails to handle crafted character sequences with EUC-JP encoding. Successful exploitation could allow attackers to inject arbitrary web script or ... oval:org.secpod.oval:def:6051 The host is installed with Internet Explorer 6 through 9 and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to block cross-domain scrolling events. Successful exploitation could allow attackers to read content from a different domain or zone. oval:org.secpod.oval:def:6050 The host is installed with Internet Explorer 8 or 9 and is prone to a remote code execution vulnerability. A flaw is present in the application, which fails to properly handle objects in memory. Successful exploitation could allow attackers to execute arbitrary code. oval:org.secpod.oval:def:6052 The host is missing a critical security update according to Microsoft security bulletin, MS12-037. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails sanitize malicious input. Successful exploitation could allow attackers to execute arbitrar ... oval:org.secpod.oval:def:6199 The host is missing a critical security update according to Microsoft security bulletin, MS12-043. The update is required to fix remote code execution vulnerability. A flaw is present in the applications, which fail to handle a specially crafted webpage. Successful exploitation could allow attackers ... oval:org.secpod.oval:def:6029 The host is missing an important security update according to Microsoft bulletin, MS12-041. The update is required to fix elevation of privilege vulnerabilities. The flaws are present in the application, which fails to properly validate input passed from user mode. Successful exploitation allows att ... oval:org.secpod.oval:def:6033 The host is installed with Microsoft Windows XP or Windows Server 2003 or Windows Vista or Windows Server 2008 or R2 or Windows 7 and is prone to elevation of privilege vulnerability. A flaw is present in the application, which fails to properly validate input passed from user mode. Successful explo ... oval:org.secpod.oval:def:6032 The host is installed with Microsoft Windows XP or Windows Server 2003 or Windows Vista or Windows Server 2008 or R2 or Windows 7 and is prone to elevation of privilege vulnerability. A flaw is present in the application, which fails to properly validate input passed from user mode. Successful explo ... oval:org.secpod.oval:def:6031 The host is installed with Microsoft Windows XP or Windows Server 2003 or Windows Vista or Windows Server 2008 or R2 or Windows 7 and is prone to elevation of privilege vulnerability. A flaw is present in the application, which fails to properly handle TrueType font loading. Successful exploitation ... oval:org.secpod.oval:def:6026 The host is installed with Microsoft .Net framework 2.0 Sp2 or 3.5.1 or 4.0 or 4.5 Beta and is prone to remote code execution vulnerability. A flaw is present in the application, which fails to properly execute a function pointer. Successful exploitation allows attackers to take complete control of ... oval:org.secpod.oval:def:6024 The host is missing a critical security update according to Microsoft bulletin, MS12-038. The update is required to fix remote code execution vulnerability. A flaw is present in the application, which fails to properly execute a function pointer. Successful exploitation allows attackers to take comp ... oval:org.secpod.oval:def:6037 The host is installed with Internet Explorer 8 and 9 or Microsoft Communicator 2007 R2 or Lync 2010 or Lync 2010 Attendee Microsoft InfoPath 2007 or 2010, Microsoft SharePoint Server 2007 or 2010, Microsoft SharePoint Foundation 2010, Microsoft SharePoint Services 3.0 or Microsoft Groove Server 2010 ... oval:org.secpod.oval:def:6034 The host is installed with Microsoft Windows XP or Windows Server 2003 or Windows Vista or Windows Server 2008 or R2 or Windows 7 and is prone to elevation of privilege vulnerability. A flaw is present in the application, which fails to properly validate input passed from user mode. Successful explo ... oval:org.secpod.oval:def:5585 The host is installed with Windows Vista SP2 or Windows Server 2008 SP2 or 2008 R2 or 2008 R2 SP1 or Windows 7 or SP1 and is prone to a privilege escalation vulnerability. A flaw is present in Windows Partition Manager, which fails to handle a specially crafted application. Successful exploitation c ... oval:org.secpod.oval:def:5584 The host is missing an important security update according to Microsoft security bulletin, MS12-033. The update is required to fix privilege escalation vulnerability. A flaw is present in Windows Partition Manager, which fails to handle a specially crafted application. Successful exploitation could ... oval:org.secpod.oval:def:6028 The host is installed with Microsoft Windows XP or Windows Server 2003 or Windows Vista or Windows Server 2008 or R2 or Windows 7 and is prone to remote code execution vulnerability. A flaw is present in the Remote Desktop Protocol, which fails to properly process RDP packets in memory. Successful e ... oval:org.secpod.oval:def:6027 The host is missing a critical security update according to MS12-036. The update is required to fix remote code execution vulnerability. A flaw is present in the application, which fails to handle specially crafted RDP packets. Successful exploitation allows remote attackers to take complete control ... oval:org.secpod.oval:def:5629 The host is installed with Microsoft .NET Framework 4 and is prone buffer allocation vulnerability. A flaw is present in the application, which fails to handle a specially crafted Microsoft .NET Framework application. Successful exploitation could allow remote attackers to install programs, view, ch ... oval:org.secpod.oval:def:5630 The host is installed with Microsoft .NET Framework 4 and is prone index comparison vulnerability. A flaw is present in the applications, which fails to handle WPF APIs. Successful exploitation could allow remote attackers to execute code or to elevate their user rights in any fashion. oval:org.secpod.oval:def:5634 The host is installed with Microsoft Windows and is prone privilege escalation vulnerability. A flaw is present in the application, which fails to handle the Windows kernel-mode driver. Successful exploitation could allow remote attackers to install programs, view, change, or delete data or create n ... oval:org.secpod.oval:def:5636 The host is installed with Microsoft Windows and is prone privilege escalation vulnerability. A flaw is present in the application, which fails to handle the Windows kernel-mode driver. Successful exploitation could allow remote attackers to install programs, view, change, or delete data or create n ... oval:org.secpod.oval:def:5635 The host is installed with Microsoft Windows and is prone privilege escalation vulnerability. A flaw is present in the application, which fails to handle the Windows kernel-mode driver. Successful exploitation could allow remote attackers to install programs, view, change, or delete data or create n ... oval:org.secpod.oval:def:5102 The host is installed with Windows XP SP2 or SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, R2 SP1, Windows 7 or SP1 and is prone to a remote code execution vulnerability. A flaw is present in the application, which fails to properly validate the digest of a signed por ... oval:org.secpod.oval:def:5103 The host is missing a critical security update according to Microsoft bulletin, MS12-024. The update is required to fix a remote code execution vulnerability. A flaw is present in the application, which fails to properly validate the digest of a signed portable executable (PE) file. Successful explo ... oval:org.secpod.oval:def:4131 The host is installed with Microsoft Windows XP or Windows Server 2003 or Windows Server 2008 or Windows Vista or Windows 7 or Windows Server 2008 R2 and is prone to elevation of privilege vulnerability. A flaw is present in the applications, where the Windows kernel-mode driver does not properly ha ... oval:org.secpod.oval:def:4132 The host is missing a critical security update according to Microsoft security bulletin, MS12-008. The update is required to fix multiple remote code execution vulnerabilities. The flaws are present in the applications, where the Windows kernel-mode driver fails to properly manage specific keyboard ... oval:org.secpod.oval:def:4146 The host is missing a critical security update according to Microsoft security bulletin, MS12-013. The update is required to fix remote code execution vulnerability. A flaw is present in Microsoft Windows C Run-Time Library, which fails to handle a specially crafted media file that is hosted on a we ... oval:org.secpod.oval:def:4147 The host is installed with Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, R2 SP1, R2-IA64 and Windows 7, SP1 and is prone buffer overflow vulnerability. A flaw is present in the C Run-Time Library msvcrt.dll file, which fails to handle a specially crafted media file. Successful exploitati ... oval:org.secpod.oval:def:3726 The host is installed with Microsoft Windows XP or Windows Server 2003 or Windows Server 2008 or Windows Vista or Windows 7 or Windows Server 2008 R2 and is prone to remote code execution vulnerability. A flaw is present in the applications, which does not perform proper validation on input passed f ... oval:org.secpod.oval:def:4732 The host is missing an important security update according to Microsoft security bulletin, MS12-018. The update is required to fix a privilege escalation vulnerability. A flaw is present in the microsoft windows kernel-mode drivers, which fails to handle a specially crafted application. Successful e ... oval:org.secpod.oval:def:4735 The host is installed with Microsoft Windows and is prone to denial of service vulnerability. A flaw is present in the application, which fails to properly process specially crafted packets. Successful exploitation allows remote attackers to cause the target service to stop responding. oval:org.secpod.oval:def:4736 The host is missing a critical security update according to MS12-020. The update is required to fix remote code execution and denial of service vulnerabilities. The flaws are present in the application, which fails to properly process malicious contents. Successful exploitation allows remote attacke ... oval:org.secpod.oval:def:4733 The host is installed with Windows kernel-mode driver and is prone postmessage function vulnerability. A flaw is present in the kernel-mode driver, which fails to handle PostMessage function. Successful exploitation could allow remote attackers to install programs, view, change, or delete data or cr ... oval:org.secpod.oval:def:4734 The host is installed with Microsoft Windows and is prone to remote code execution vulnerability. A flaw is present in the Remote Desktop Protocol, where it accesses an object in memory that has been improperly initialized or has been deleted. Successful exploitation allows remote attackers to take ... oval:org.secpod.oval:def:4737 The host is missing a moderate security update according to Microsoft security bulletin, MS12-019. The update is required to fix a denial of service vulnerability. A flaw is present in the windows DirectWrite, which fails to handle a specially crafted sequence of unicode characters. Successful explo ... oval:org.secpod.oval:def:4738 The host is installed with Windows DirectWrite and is prone denial of service vulnerability. A flaw is present in the DirectWrite application, which fails to handle a specially crafted sequence of unicode characters. Successful exploitation could allow remote attackers to cause a target application ... oval:org.secpod.oval:def:4156 The host is missing a critical security update according to Microsoft security bulletin, MS12-016. The update is required to fix remote code execution vulnerabilities. The flaws are present in Microsoft .NET Framework and Microsoft Silverlight, which fails to handle a specially crafted web page usin ... oval:org.secpod.oval:def:4157 The host is installed with Microsoft .NET Framework 2.0 SP2, 3.5.1, 4.0 or Silverlight and is prone unmanaged objects vulnerability. A flaw is present in the applications, which fails to handle a specially crafted Microsoft .NET Framework application. Successful exploitation could allow remote attac ... oval:org.secpod.oval:def:4158 The host is installed with Microsoft .NET Framework 2.0 SP2, and 3.5.1 and is prone heap corruption vulnerability. A flaw is present in the Microsoft .NET Framework, which fails to handle calculation of buffer length while processing specially crafted input. Successful exploitation could allow remot ... oval:org.secpod.oval:def:3716 The host is missing an important security update according to Microsoft security bulletin, MS12-005. The update is required to fix remote code execution vulnerability. A flaw is present in the in Microsoft Windows, which fails to handle a specially crafted Microsoft Office file containing a maliciou ... oval:org.secpod.oval:def:3717 The host is installed with Microsoft Windows and is prone to remote code execution vulnerability. A flaw is present in the application which is caused by the way that Windows Packager loads ClickOnce applications embedded in Microsoft Office files. Successful exploitation allows remote attacker to g ... oval:org.secpod.oval:def:3631 The host is installed with Microsoft .NET Framework 1.1 or 2.0 or 3.5 or 3.5.1 or 4.0 and is prone to an elevation of privilege vulnerability. A flaw is present in the applications, which fail to correctly authenticate specially crafted usernames. Successful exploitation allows remote authenticated ... oval:org.secpod.oval:def:3632 The host is installed with Microsoft .NET Framework 1.1 or 2.0 or 3.5 or 3.5.1 or 4.0 and is prone to an elevation of privilege vulnerability. A flaw is present in the applications, which fail to properly handle cached content when Forms Authentication is used with sliding expiry. Successful exploit ... oval:org.secpod.oval:def:3630 The host is installed with Microsoft .Net Framework 2.0 or 3.5 or 3.5.1 or 4.0 and is prone to open redirect vulnerability. A flaw is present in the applications, which fail to properly verify return URLs during the forms authentication process. Successful exploitation allows remote attackers to red ... oval:org.secpod.oval:def:3633 The host is missing a critical security update according to Microsoft security bulletin, MS11-100. The update is required to fix multiple elevation of privilege vulnerabilities. The flaws are present in the applications, which fail to properly handle the Forms Authentication feature in ASP.NET subsy ... oval:org.secpod.oval:def:3629 The host is installed with Microsoft .NET Framework 1.1 or 2.0 or 3.5 or 3.5.1 or 4.0 and is prone to denial of service vulnerability. A flaw is present in the applications, where ASP.NET fails to properly hash specially crafted requests and inserts that data into a hash table causing a hash collisi ... oval:org.secpod.oval:def:3714 The host is installed with Microsoft Windows and is prone to remote code execution vulnerability. A flaw is present in the application, which is caused when filters in DirectShow do not properly handle specially crafted media files. Successful exploitation allows attackers to run arbitrary code in t ... oval:org.secpod.oval:def:3715 The host is missing a critical security update according to Microsoft bulletin MS12-004. The update is required to fix remote code execution vulnerability. A flaw is present in the application, which fails to handle a specially crafted media files. Successful exploitation allows attackers to run ar ... oval:org.secpod.oval:def:3707 The host is installed with Windows XP SP2, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, or R2 SP1, Windows 7 Gold or SP1 and is prone to a security bypass vulnerability. A flaw is present in the application, which fails to properly load structured exception handling tabl ... oval:org.secpod.oval:def:3708 The host is missing an important security update according to Microsoft security bulletin, MS12-001. The update is required to fix a security bypass vulnerability. A flaw is present in the application, which fails to properly load structured exception handling tables. Successful exploitation could ... oval:org.secpod.oval:def:3435 The host is installed with Active Directory or Active Directory Application Mode (ADAM) or Active Directory Lightweight Directory Service (AD LDS) and is prone to a remote code execution vulnerability. A flaw is present in the application, which fails to handle a crafted application when run by an a ... oval:org.secpod.oval:def:3436 The host is missing an important security update according to Microsoft bulletin, MS11-095.The update is required to fix a remote code execution vulnerability. A flaw is present in the application, which fails to handle a crafted application when run by an authenticated attacker. Successful exploita ... oval:org.secpod.oval:def:3415 The host is missing a critical security update according to Microsoft security bulletin, MS11-092. The update is required to fix remote code execution vulnerability. A flaw is present in Windows Media Player and Windows Media Center, which fails to handle a specially crafted Microsoft Digital Video ... oval:org.secpod.oval:def:3416 The host is installed with Windows Media Player and Windows Media Center and is prone to memory corruption vulnerability. A flaw is present in the application which is caused by a specially crafted Microsoft Digital Video Recording (.dvr-ms) file. Successful exploitation allows remote attacker to in ... oval:org.secpod.oval:def:3426 The host is missing an important security update according to Microsoft security bulletin, MS11-097. The update is required to fix elevation of privilege vulnerability. A flaw is present in the Client/Server Run-time Subsystem (CSRSS), which fails to properly validate permissions when a lower-integr ... oval:org.secpod.oval:def:3425 The host is installed with Microsoft Windows and is prone to elevation of privilege vulnerability. A flaw is present in the Client/Server Run-time Subsystem (CSRSS), which fails to properly validate permissions when a lower-integrity process communicates a device event message to a higher-integrity ... oval:org.secpod.oval:def:2721 The host is missing a critical security update according to Microsoft security bulletin, MS11-083. The update is required to fix a remote code execution vulnerability. A flaw is present in the applications, which fail to handle the processing of a continuous flow of specially crafted UDP packets to ... oval:org.secpod.oval:def:2720 The host is installed with Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, or R2 SP1, or Windows 7 base or SP1 and is prone to an integer overflow vulnerability. A flaw is present in the applications, which fail to handle the processing of a continuous flow of specially crafted UDP packets ... oval:org.secpod.oval:def:2717 The host is missing an important security update according to Microsoft security bulletin, MS11-086. The update is required to fix elevation of privilege vulnerability. A flaw is present in the application, which is caused when Active Directory is configured to use LDAPS and fails to validate the re ... oval:org.secpod.oval:def:2714 The host is missing an important security update according to Microsoft security bulletin, MS11-085. The update is required to fix remote code execution vulnerability. A flaw is present in the Windows Mail and Windows Meeting Space, which fails to handle a specially crafted dynamic link library (DLL ... oval:org.secpod.oval:def:2716 The host is installed with Active Directory or Active Directory Application Mode (ADAM) or Active Directory Lightweight Directory Service (AD LDS) and is prone to elevation of privilege vulnerability. A flaw is present in the application, which is caused when Active Directory is configured to use LD ... oval:org.secpod.oval:def:2715 The host is installed with Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, R2 SP1, R2-IA64 and Windows 7, SP1 and is prone remote code execution vulnerability. A flaw is present in the Windows Mail and Windows Meeting Space, which fails to handle a specially crafted dynamic link library (D ... oval:org.secpod.oval:def:2520 The host is missing an important security update according to Microsoft security bulletin, MS11-077. The update is required to fix remote code execution vulnerabilities. The flaws are present in Microsoft Windows, which fails to handle a specially crafted font file (such as a .fon file) in a network ... oval:org.secpod.oval:def:2524 The host is installed with Windows kernel-mode drivers and is prone to elevation of privilege vulnerability. A flaw is present in the application which is caused by improper handling of kernel-mode driver objects. Successful exploitation allows attacker to execute arbitrary code and take complete co ... oval:org.secpod.oval:def:3422 The host is missing a critical security update according to Microsoft security bulletin, MS11-087. The update is required to fix a remote code execution vulnerability. A flaw is present in the application, which fails to handle a specially crafted TrueType font file. Successful exploitation could al ... oval:org.secpod.oval:def:3421 The host is installed with Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows Server 2008 R2, Windows 7 and is prone to a remote code execution vulnerability. A flaw is present in the applications, which fail to handle a specially crafted TrueType font file. Successful expl ... oval:org.secpod.oval:def:2544 The host is installed with Microsoft Windows Vista SP1 or SP2 or Windows Media Center TV Pack or Microsoft Windows 7 or Microsoft Windows 7 SP1 and is prone to remote code execution vulnerability. A flaw is present in the application which fails to properly restrict the path used when loading extern ... oval:org.secpod.oval:def:2546 The host is missing an important security update according to Microsoft security bulletin, MS11-076. The update is required to fix remote code execution vulnerability. A flaw is present in the application which fails to properly restrict the path used when loading external libraries. Successful expl ... oval:org.secpod.oval:def:2521 The host is installed with Windows kernel-mode drivers and is prone to null pointer de-reference vulnerability. A flaw is present in the application which is caused by kernel-mode drivers improper validation of data supplied from user mode to kernel mode. Successful exploitation allows attacker to e ... oval:org.secpod.oval:def:2523 The host is installed with Windows kernel and is prone to remote code execution vulnerability. A flaw is present in the application which is caused by improper handling of a specially crafted .fon font file. Successful exploitation allows attacker to execute arbitrary code and take complete control ... oval:org.secpod.oval:def:2522 The host is installed with Microsoft Windows and is prone to denial of service vulnerability. A flaw is present in the application which is caused by a specially crafted TrueType font file . Successful exploitation allows attacker to stop system responding and take control over affected system. oval:org.secpod.oval:def:2537 The host is installed with Microsoft Active Accessibility component and is prone to a remote code execution vulnerability. A flaw is present in the Microsoft Active Accessibility component, which fails to handle specially crafted dynamic link library file present in the same network directory. Succe ... oval:org.secpod.oval:def:2251 The host is installed with components which are prone to remote code execution vulnerability. Flaws are present in the Windows components, which fails to handle legitimate rich test format files, text files and .doc files present in the same network directory as a specially crafted dynamic link libr ... oval:org.secpod.oval:def:2252 The host is missing an important security update according to Microsoft security bulletin, MS11-071. The update is required to fix a remote code execution vulnerability.Flaws are present in the Windows components, which fails to handle legitimate rich test format files, text files and .doc files pre ... oval:org.secpod.oval:def:1755 The host is missing a moderatesecurity update according to Microsoft security bulletin, MS11-069. The update is required to fix an information disclosure vulnerability. A flaw is present in the applications which fails to properly validate the trust level within the System.Net.Sockets namespace. Suc ... oval:org.secpod.oval:def:1754 The host is installed with Microsoft .NET Framework 2.0 SP2 or 3.5.1 SP1 or 4.0 and is prone to information disclosure vulnerability. A flaw is present in the applications which fails to properly validate the trust level within the System.Net.Sockets namespace. Successful exploitation allows attacke ... oval:org.secpod.oval:def:1749 The host is missing a moderate security update according to Microsoft security bulletin, MS11-068. The update is required to fix a denial of service vulnerability. A flaw is present in operating system, the way Windows Kernel accesses a specially crafted file on the network share or a web site. Succ ... oval:org.secpod.oval:def:1733 The host is installed with Microsoft Chart controls and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to handle special characters within a specially crafted URI. Successful exploitation could allow attackers to gain sensitive information. oval:org.secpod.oval:def:1735 The host is missing an important security update according to microsoft bulletin MS11-066. The update is required to fix an information disclosure vulnerability. A flaw is present in the application, which fails to handle special characters within a specially crafted URI. Successful exploitation cou ... oval:org.secpod.oval:def:1748 The host Microsoft Windows is prone to denial of service vulnerability. A flaw is present in the operating system, which fails to handle a specially crafted file on network share or web site. Successful exploitation allows remote attackers to create denial of service conditions. oval:org.secpod.oval:def:1408 The host is missing an Important security update according to Microsoft security bulletin, MS11-054. The update is required to fix elevation of privilege vulnerability in Windows 7 or Windows Server 2003 or Windows Server 2008 or Windows Vista or Windows XP. A flaw is present in windows Kernel-mode ... oval:org.secpod.oval:def:1404 The host is installed with Windows XP, Windows Vista, Windows Server 2008, Windows Server 2003 and Windows 7 and is prone to null pointer de-reference vulnerability. A flaw is present in windows Kernel-mode drivers which does not properly manage pointers to kernel-mode driver objects. Successful exp ... oval:org.secpod.oval:def:1407 The host is installed with Windows Vista, Windows Server 2008 and Windows 7 and is prone to null pointer de-reference vulnerability. A flaw is present in windows Kernel-mode drivers which does not properly manage pointers to kernel-mode driver objects. Successful exploitation allows attackers to run ... oval:org.secpod.oval:def:1406 The host is installed with Windows Vista, Windows Server 2008 and Windows 7 and is prone to null pointer de-reference vulnerability. A flaw is present in windows Kernel-mode drivers which does not properly manage pointers to kernel-mode driver objects. Successful exploitation allows attackers to run ... oval:org.secpod.oval:def:1740 The host is installed with Microsoft Windows XP or Windows server 2003 or Windows server 2008 or Windows Vista or Windows 7 or Windows server 2008 R2 and is prone to elevation of privilege vulnerability. A flaw is present in Client/Server Run-time Subsystem (CSRSS) which fails to restrict the arbitr ... oval:org.secpod.oval:def:1742 The host is installed with Windows Vista, Window 7, Windows 7 SP1, Windows Server 2008, Windows Server 2008 R2 or Windows Server 2008 R2 SP1 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to handle specially crafted ICMP messages. Successful expl ... oval:org.secpod.oval:def:1744 The host is missing an important security update according to Microsoft bulletin MS11-064. The update is required to fix multiple denial of service vulnerabilities. A flaw is present in the application, which fails to handle specially crafted ICMP messages. Successful exploitation allows attackers t ... oval:org.secpod.oval:def:1739 The host is missing an important security update according to Microsoft security bulletin, MS11-056. The update is required to fix elevation of privilege vulnerability in Windows Client/Server Run-time Subsystem. The flaw is present in Client/Server Run-time Subsystem (CSRSS), which fails to restric ... oval:org.secpod.oval:def:1738 The host is installed with Microsoft Windows XP or Windows server 2003 or Windows server 2008 or Windows Vista or Windows 7 or Windows server 2008 R2 and is prone to elevation of privilege vulnerability. A flaw is present in Client/Server Run-time Subsystem (CSRSS) which fails to restrict the arbitr ... oval:org.secpod.oval:def:1399 The host is installed with Windows XP, Windows Vista, Windows Server 2008, Windows Server 2003 and Windows 7 and is prone to null pointer de-reference vulnerability. A flaw is present in windows Kernel-mode drivers which does not properly manage pointers to kernel-mode driver objects. Successful exp ... oval:org.secpod.oval:def:1401 The host is installed with Windows XP, Windows Vista, Windows Server 2008, Windows Server 2003 and Windows 7 and is prone to use after free vulnerability. A flaw is present in windows Kernel-mode drivers which does not properly manage kernel-mode driver objects. Successful exploitation allows attack ... oval:org.secpod.oval:def:1400 The host is installed with Windows XP, Windows Vista, Windows Server 2008, Windows Server 2003 and Windows 7 and is prone to null pointer de-reference vulnerability. A flaw is present in windows Kernel-mode drivers which does not properly manage pointers to kernel-mode driver objects. Successful exp ... oval:org.secpod.oval:def:1403 The host is installed with Windows XP, Windows Vista, Windows Server 2008, Windows Server 2003 and Windows 7 and is prone to use after free vulnerability. A flaw is present in windows Kernel-mode drivers which does not properly manage kernel-mode driver objects. Successful exploitation allows attack ... oval:org.secpod.oval:def:1402 The host is installed with Windows XP, Windows Vista, Windows Server 2008, Windows Server 2003 and Windows 7 and is prone to use after free vulnerability. A flaw is present in windows Kernel-mode drivers which does not properly manage kernel-mode driver objects. Successful exploitation allows attack ... oval:org.secpod.oval:def:1395 The host is installed with Windows XP, Windows Vista, Windows Server 2008, Windows Server 2003 and Windows 7 and is prone to use after free vulnerability. A flaw is present in windows Kernel-mode drivers which does not properly manage kernel-mode driver objects. Successful exploitation allows attack ... oval:org.secpod.oval:def:1394 The host is installed with Windows XP, Windows Vista, Windows Server 2008, Windows Server 2003 and Windows 7 and is prone to use after free vulnerability. A flaw is present in windows Kernel-mode drivers which does not properly manage kernel-mode driver objects. Successful exploitation allows attack ... oval:org.secpod.oval:def:1397 The host is installed with Windows XP, Windows Vista, Windows Server 2008, Windows Server 2003 and Windows 7 and is prone to use after free vulnerability. A flaw is present in windows Kernel-mode drivers which does not properly manage kernel-mode driver objects. Successful exploitation allows attack ... oval:org.secpod.oval:def:1396 The host is installed with Windows Vista, Windows Server 2008 and Windows 7 and is prone to use after free vulnerability. A flaw is present in windows Kernel-mode drivers which does not properly manage kernel-mode driver objects. Successful exploitation allows attackers to run arbitrary code in kern ... oval:org.secpod.oval:def:1398 The host is installed with Windows XP, Windows Vista, Windows Server 2008, Windows Server 2003 and Windows 7 and is prone to use after free vulnerability. A flaw is present in windows Kernel-mode drivers which does not properly manage kernel-mode driver objects. Successful exploitation allows attack ... oval:org.secpod.oval:def:1393 The host is installed with Windows XP, Windows Vista, Windows Server 2008, Windows Server 2003 and Windows 7 and is prone to use after free vulnerability. A flaw is present in windows Kernel-mode drivers which does not properly manage kernel-mode driver objects. Successful exploitation allows attack ... oval:org.secpod.oval:def:1410 The host is installed with Microsoft Windows XP or Windows server 2003 or Windows server 2008 or Windows Vista or Windows 7 or Windows server 2008 R2 and is prone to memory corruption vulnerability. A flaw is present in Client/Server Run-time Subsystem (CSRSS) where a NULL pointer is passed without ... oval:org.secpod.oval:def:1412 The host is installed with Microsoft Windows XP or Windows server 2003 or Windows server 2008 or Windows Vista or Windows 7 or Windows server 2008 R2 and is prone to elevation of privilege vulnerability. A flaw is present in Client/Server Run-time Subsystem (CSRSS) that is caused by an integer overf ... oval:org.secpod.oval:def:1414 The host is missing an important security update according to Microsoft security bulletin, MS11-056. The update is required to fix elevation of privilege vulnerability in Windows Client/Server Run-time Subsystem. A flaw is present in Client/Server Run-time Subsystem (CSRSS) that is caused by an inte ... oval:org.secpod.oval:def:1409 The host is installed with Microsoft Windows XP or Windows server 2003 or Windows server 2008 or Windows Vista or Windows 7 or Windows server 2008 R2 and is prone to elevation of privilege vulnerability. A flaw is present in Client/Server Run-time Subsystem (CSRSS) that is caused by a memory corrupt ... oval:org.secpod.oval:def:2723 The host is missing a Critical security update according to Microsoft security bulletin, MS11-037. The update is required to fix an information disclosure vulnerability. A flaw is present in the application, as it fails to handle the way that MHTML interprets MIME-formatted requests for content that ... oval:org.secpod.oval:def:1449 The host is installed with Microsoft Internet Explorer and is prone to layout memory corruption vulnerability. A flaw is present in the browser, which fails to access an object that has not been properly initialized or has been deleted. Successful exploitation could allow remote attackers to execute ... oval:org.secpod.oval:def:1198 The host is missing a Critical security update according to Microsoft security bulletin MS11-050. The update is required to fix multilple vulnerabilities. The flaws are present in the browser, which fails to access an object that has not been properly initialized or has been deleted. Successful expl ... oval:org.secpod.oval:def:1177 The host is installed with Windows XP, Windows Vista, Windows Server 2008, Windows Server 2003 and Windows 7 and is prone to denial of service vulnerability. A flaw is present in distributed file system (DFS) client which fails to specially crafted DFS referral responses. Successful exploitation all ... oval:org.secpod.oval:def:1179 The host is installed with Windows XP or Windows Vista or Windows Server 2008 or Windows Server 2003 or Windows 7 and is prone to denial of service vulnerability. A flaw is present in distributed file system (DFS) client which fails to specially crafted DFS referral responses. Successful exploitatio ... oval:org.secpod.oval:def:1180 The host is installed with Windows XP, Windows Vista, Windows Server 2008, Windows Server 2003 and Windows 7 and is prone to use after free vulnerability. A flaw is present in Microsoft Server Message Block which does not properly handle specially crafted SMB responses. Successful exploitation allow ... oval:org.secpod.oval:def:1181 The host is missing a Critical security update according to Microsoft security bulletin, MS11-043. The update is required to fix remote code execution vulnerability. A flaw is present in Microsoft Server Message Block which does not properly handle specially crafted SMB responses. Successful exploit ... oval:org.secpod.oval:def:1168 The host is installed with Microsoft Windows XP SP2 or SP3, Windows Server 2003 SP2, Windows Vista SP1 or SP2, Windows Server 2008 and SP2 or Windows 7 and is prone to an information disclosure vulnerability. A flaw is present in the MHTML implementation which fails to open a specially crafted URL. ... oval:org.secpod.oval:def:691 The host is installed with Windows XP, Windows Vista, Windows Server 2008, Windows Server 2003 and Windows 7 and is prone to use after free vulnerability. A flaw is present in windows Kernel-mode drivers which does not properly manage kernel-mode driver objects. Successful exploitation allows attack ... oval:org.secpod.oval:def:1170 The host is missing a Critical security update according to Microsoft security bulletin, MS11-038. The update is required to fix remote code execution vulnerability. A flaw is present in the application which fails to handle specially crafted request. Successful exploitation allows remote attackers ... oval:org.secpod.oval:def:1183 The host is missing a Critical security update according to Microsoft security bulletin, MS11-044. The update is required to fix remote code execution vulnerability in Microsoft .NET Framework on Windows 7 or Windows Server 2003 or Windows Server 2008 or Windows Vista or Windows XP. The flaw is pres ... oval:org.secpod.oval:def:1182 The host is installed with Microsoft .NET Framework and is prone to remote code execution vulnerability. A flaw is present in the JIT compiler when IsJITOptimizerDisabled is false, which fails to handle expressions related to null strings. Successful exploitation allows an attacker to install progra ... oval:org.secpod.oval:def:1201 The host is installed with Microsoft Internet Explorer and is prone information disclosure vulnerability. A flaw is present in the browser, which fails to handle a crafted Web page. Successful exploitation could allow remote attackers to execute arbitrary code or gain sensitive information. oval:org.secpod.oval:def:823 The host is missing an Important security update according to Microsoft security bulletin, MS11-034. The update is required to fix multiple privilege escalation vulnerabilities in Microsoft Windows. The flaws are present in Windows Kernel-mode drivers related to managing driver objects. Successful e ... oval:org.secpod.oval:def:690 The host is installed with Windows XP, Windows Vista, Windows Server 2008, Windows Server 2003 and Windows 7 and is prone to use after free vulnerability. A flaw is present in windows Kernel-mode drivers which does not properly manage kernel-mode driver objects. Successful exploitation allows attack ... oval:org.secpod.oval:def:688 The host is installed with Windows XP, Windows Vista, Windows Server 2008, Windows Server 2003 and Windows 7 and is prone to use after free vulnerability. A flaw is present in windows Kernel-mode drivers which does not properly manage kernel-mode driver objects. Successful exploitation allows attack ... oval:org.secpod.oval:def:687 The host is installed with Windows XP, Windows Vista, Windows Server 2008, Windows Server 2003 and Windows 7 and is prone to use after free vulnerability. A flaw is present in windows Kernel-mode drivers which does not properly manage kernel-mode driver objects. Successful exploitation allows attack ... oval:org.secpod.oval:def:689 The host is installed with Windows XP, Windows Vista, Windows Server 2008, Windows Server 2003 and Windows 7 and is prone to use after free vulnerability. A flaw is present in windows Kernel-mode drivers which does not properly manage kernel-mode driver objects. Successful exploitation allows attack ... oval:org.secpod.oval:def:686 The host is installed with Windows XP, Windows Vista, Windows Server 2008, Windows Server 2003 and Windows 7 and is prone to use after free vulnerability. A flaw is present in windows Kernel-mode drivers which does not properly manage kernel-mode driver objects. Successful exploitation allows attack ... oval:org.secpod.oval:def:684 The host is installed with Windows XP, Windows Vista, Windows Server 2008, Windows Server 2003 and Windows 7 and is prone to use after free vulnerability. A flaw is present in windows Kernel-mode drivers which does not properly manage kernel-mode driver objects. Successful exploitation allows attack ... oval:org.secpod.oval:def:683 The host is installed with Windows XP, Windows Vista, Windows Server 2008, Windows Server 2003 and Windows 7 and is prone to use after free vulnerability. A flaw is present in windows Kernel-mode drivers which does not properly manage kernel-mode driver objects. Successful exploitation allows attack ... oval:org.secpod.oval:def:685 The host is installed with Windows XP, Windows Vista, Windows Server 2008, Windows Server 2003 and Windows 7 and is prone to use after free vulnerability. A flaw is present in windows Kernel-mode drivers which does not properly manage kernel-mode driver objects. Successful exploitation allows attack ... oval:org.secpod.oval:def:703 The host is installed with Windows XP, Windows Vista, Windows Server 2008, Windows Server 2003 and Windows 7 and is prone to null pointer de-reference vulnerability. A flaw is present in windows Kernel-mode drivers which does not properly manage kernel-mode driver objects. Successful exploitation al ... oval:org.secpod.oval:def:702 The host is installed with Windows XP, Windows Vista, Windows Server 2008, Windows Server 2003 and Windows 7 and is prone to null pointer de-reference vulnerability. A flaw is present in windows Kernel-mode drivers which does not properly manage kernel-mode driver objects. Successful exploitation al ... oval:org.secpod.oval:def:697 The host is installed with Windows XP, Windows Vista, Windows Server 2008, Windows Server 2003 and Windows 7 and is prone to null pointer de-reference vulnerability. A flaw is present in windows Kernel-mode drivers which does not properly manage kernel-mode driver objects. Successful exploitation al ... oval:org.secpod.oval:def:696 The host is installed with Windows XP, Windows Vista, Windows Server 2008, Windows Server 2003 and Windows 7 and is prone to null pointer de-reference vulnerability. A flaw is present in windows Kernel-mode drivers which does not properly manage kernel-mode driver objects. Successful exploitation al ... oval:org.secpod.oval:def:698 The host is installed with Windows XP, Windows Vista, Windows Server 2008, Windows Server 2003 and Windows 7 and is prone to null pointer de-reference vulnerability. A flaw is present in windows Kernel-mode drivers which does not properly manage kernel-mode driver objects. Successful exploitation al ... oval:org.secpod.oval:def:701 The host is installed with Windows XP, Windows Vista, Windows Server 2008, Windows Server 2003 and Windows 7 and is prone to null pointer de-reference vulnerability. A flaw is present in windows Kernel-mode drivers which does not properly manage kernel-mode driver objects. Successful exploitation al ... oval:org.secpod.oval:def:700 The host is installed with Windows XP, Windows Vista, Windows Server 2008, Windows Server 2003 and Windows 7 and is prone to null pointer de-reference vulnerability. A flaw is present in windows Kernel-mode drivers which does not properly manage kernel-mode driver objects. Successful exploitation al ... oval:org.secpod.oval:def:695 The host is installed with Windows XP, Windows Vista, Windows Server 2008, Windows Server 2003 and Windows 7 and is prone to null pointer de-reference vulnerability. A flaw is present in windows Kernel-mode drivers which does not properly manage kernel-mode driver objects. Successful exploitation al ... oval:org.secpod.oval:def:694 The host is installed with Windows XP, Windows Vista, Windows Server 2008, Windows Server 2003 and Windows 7 and is prone to null pointer de-reference vulnerability. A flaw is present in windows Kernel-mode drivers which does not properly manage kernel-mode driver objects. Successful exploitation al ... oval:org.secpod.oval:def:693 The host is installed with Windows XP, Windows Vista, Windows Server 2008, Windows Server 2003 and Windows 7 and is prone to null pointer de-reference vulnerability. A flaw is present in windows Kernel-mode drivers which does not properly manage kernel-mode driver objects. Successful exploitation al ... oval:org.secpod.oval:def:682 The host is installed with Windows XP, Windows Vista, Windows Server 2008, Windows Server 2003 and Windows 7 and is prone to use after free vulnerability. A flaw is present in windows Kernel-mode drivers which does not properly manage kernel-mode driver objects. Successful exploitation allows attack ... oval:org.secpod.oval:def:681 The host is installed with Windows XP, Windows Vista, Windows Server 2008, Windows Server 2003 and Windows 7 and is prone to use after free vulnerability. A flaw is present in windows Kernel-mode drivers which does not properly manage kernel-mode driver objects. Successful exploitation allows attack ... oval:org.secpod.oval:def:680 The host is installed with Windows XP, Windows Vista, Windows Server 2008, Windows Server 2003 and Windows 7 and is prone to use after free vulnerability. A flaw is present in windows Kernel-mode drivers which does not properly manage kernel-mode driver objects. Successful exploitation allows attack ... oval:org.secpod.oval:def:677 The host is installed with Windows XP, Windows Vista, Windows Server 2008, Windows Server 2003 and Windows 7 and is prone to use after free vulnerability. A flaw is present in windows Kernel-mode drivers which does not properly manage kernel-mode driver objects. Successful exploitation allows attack ... oval:org.secpod.oval:def:679 The host is installed with Windows XP, Windows Vista, Windows Server 2008, Windows Server 2003 and Windows 7 and is prone to use after free vulnerability. A flaw is present in windows Kernel-mode drivers which does not properly manage kernel-mode driver objects. Successful exploitation allows attack ... oval:org.secpod.oval:def:678 The host is installed with Windows XP, Windows Vista, Windows Server 2008, Windows Server 2003 and Windows 7 and is prone to use after free vulnerability. A flaw is present in windows Kernel-mode drivers which does not properly manage kernel-mode driver objects. Successful exploitation allows attack ... oval:org.secpod.oval:def:821 The host is missing a Critical security update according to Microsoft security bulletin, MS11-018. The update is required to fix multiple remote code execution vulnerabilities in Microsoft Internet Explorer. The flaws are present in the browser, which fails to implement appropriate memory protection ... oval:org.secpod.oval:def:675 The host is installed with Windows XP, Windows Vista, Windows Server 2008, Windows Server 2003 and Windows 7 and is prone to use after free vulnerability. A flaw is present in windows Kernel-mode drivers which does not properly manage kernel-mode driver objects. Successful exploitation allows attack ... oval:org.secpod.oval:def:674 The host is installed with Windows XP, Windows Vista, Windows Server 2008, Windows Server 2003 and Windows 7 and is prone to use after free vulnerability. A flaw is present in windows Kernel-mode drivers which does not properly manage kernel-mode driver objects. Successful exploitation allows attack ... oval:org.secpod.oval:def:676 The host is installed with Windows XP, Windows Vista, Windows Server 2008, Windows Server 2003 and Windows 7 and is prone to use after free vulnerability. A flaw is present in windows Kernel-mode drivers which does not properly manage kernel-mode driver objects. Successful exploitation allows attack ... oval:org.secpod.oval:def:715 The host is installed with Javascript and Vbscript 5.6 or 5.7 or 5.8 scripting engines and is prone to remote code execution vulnerability. A flaw is present in the application which is caused when the scripting engines attempt to reallocate memory while decoding a script in order to run it, an inte ... oval:org.secpod.oval:def:993 The host is missing an critical security update according to Microsoft security bulletin, MS11-033. The update is required to fix remote code execution vulnerability in Javascript and Vbscript scripting engines. A flaw is present in the application which is caused when the scripting engines attempt ... oval:org.secpod.oval:def:664 The host is installed with Microsoft Windows and is prone to remote code execution vulnerability. A flaw is present in windows SMB client which fails to validate specially crafted SMB responses. Successful exploitation could allow an attacker to gain complete control of the system. oval:org.secpod.oval:def:660 The host is installed with Microsoft Windows and is prone to remote code execution vulnerability. A flaw is present in SMB Transaction parsing, which fails to handle specially created SMB packets. Successful exploitation could allow an attacker to take the complete control of the system. oval:org.secpod.oval:def:656 The host is installed with Windows XP, Windows Vista, Windows Server 2008, Windows Server 2003 and Windows 7 and is prone to remote code execution vulnerability. A flaw is present in DNS client service which does not properly handle specially crafted LLMNR queries. Successful exploitation allows att ... oval:org.secpod.oval:def:994 The host is missing a critical security update according to Microsoft security bulletin, MS11-029. The update is required to fix remote code execution vulnerability in Microsoft Windows. A flaw is present in DNS client service which does not properly handle specially crafted LLMNR queries. Successfu ... oval:org.secpod.oval:def:1041 The host is missing a Critical security update according to Microsoft security bulletin, MS11-020. The update is required to fix remote code execution vulnerability in Microsoft Windows. A flaw is present in the SMB Transaction parsing, which fails to handle specially created SMB packets. Successful ... oval:org.secpod.oval:def:1040 The host is missing a Critical security update according to Microsoft security bulletin, MS11-019. The update is required to fix remote code execution vulnerability in Microsoft Windows. The flaws are present in the SMB Client Could which fails to handle specially crafted SMB response to a client-in ... oval:org.secpod.oval:def:659 The host is installed with Microsoft Windows and is prone to remote code execution vulnerability. A flaw is present in Windows Fax cover page editor, which fails to parse specially created fax cover pages. Successful exploitation could remote code execution. oval:org.secpod.oval:def:658 The host is installed with Windows 7 or Windows Server 2003 or Windows Server 2008 or Windows Vista or Windows XP and is prone to remote code execution vulnerability. A flaw is present in the OpenType Font (OTF) driver which fails to properly parse specially crafted OpenType fonts. Successful exploi ... oval:org.secpod.oval:def:714 The host is installed with Microsoft .NET Framework and is prone to remote code execution vulnerability. A flaw is present in x86 JIT compiler, which fails to compiling certain function calls. Successful exploitation could allow remote attackers to corrupt the stack and execute remote code. oval:org.secpod.oval:def:820 The host is missing a Critical security update according to Microsoft security bulletin, MS11-028. The update is required to fix a remote code execution vulnerability in Microsoft .NET Framework. A flaw is present in the JIT compiler, which fails to compile certain function calls. Successful ex ... oval:org.secpod.oval:def:992 The host is missing a Critical security update according to Microsoft security bulletin, MS11-032. The update is required to fix remote code execution vulnerability in Windows 7 or Windows Server 2003 or Windows Server 2008 or Windows Vista or Windows XP. A flaw is present in the OpenType Font (OTF) ... oval:org.secpod.oval:def:991 The host is missing an important security update according to Microsoft security bulletin, MS11-024. The update is required to fix multiple remote code execution vulnerabilities. Flaws are present in the application, whci fails to handle malicious Fax Cover Page (.cov) files. Successful exploitation ... oval:org.secpod.oval:def:1039 The host is missing a Critical security update according to Microsoft security bulletin, MS11-015. The update is required to fix remote code execution vulnerability in Microsoft Windows Media Player/Windows Media Center and DirectShow. A flaw is present in the application which fails to handle a spe ... oval:org.secpod.oval:def:299 The host is installed with Microsoft Windows and is prone to arbitrary code execution Vulnerability. A flaw is present in Microsoft DirectShow which incorrectly restricts the path used for loading external libraries. Successful exploitation allows remote attcker to take complete control of an affect ... oval:org.secpod.oval:def:298 The host is installed with Microsoft Windows Media Player/Windows Media Center and is prone to remote code execution vulnerability. A flaw is present in the application which gives error when parsing ".dvr-ms" media files. Successful exploitation allows remote attacker to execute arbitrary code in t ... oval:org.secpod.oval:def:79 The host is installed with Microsoft Internet Explorer is prone to uninitialized memory corruption vulnerability. A flaw is present in the application, which fails to properly handle an object that has not been correctly initialized or has been deleted. Successful exploitation could allow attackers ... oval:org.secpod.oval:def:81 The host is installed with Microsoft Internet Explorer is prone to insecure library loading vulnerability. A flaw is present in the application, which fails to properly handle loading of dll files. Successful exploitation could allow attackers to execute arbitrary code and gain the same user rights ... oval:org.secpod.oval:def:80 The host is installed with Microsoft Internet Explorer is prone to uninitialized memory corruption vulnerability. A flaw is present in the application, which fails to properly handle an object that has not been correctly initialized or has been deleted. Successful exploitation could allow attackers ... oval:org.secpod.oval:def:990 The host is missing an Important security update according to Microsoft security bulletin, MS11-017. The update is required to fix remote code execution vulnerability in Microsoft Windows Remote Desktop Client. A flaw is present in the application which fails to handle the loading of DLL files. Succ ... oval:org.secpod.oval:def:1049 The host is missing a critical security update according to Microsoft security bulletin, MS11-003. The update is required to fix memory corruption vulnerability in Microsoft Internet Explorer. A flaw is present in the application, which fails to properly handle memory access. Successful exploitation ... oval:org.secpod.oval:def:297 The host is installed with Microsoft Remote Desktop client and is prone to remote code execution vulnerability. A flaw is present in the application which fails to handle the loading of DLL files. Successful exploitation could allow an attacker to execute arbitrary code on the remote system. oval:org.secpod.oval:def:85 The host is installed with OpenType Compact Font Format (CFF) driver and is prone to remote code execution vulnerability. A flaw is present in the driver which fails to properly parse specially crafted OpenType fonts. Successful exploitation allows an attacker to run arbitrary code in kernel mode an ... oval:org.secpod.oval:def:99 A privilege escalation vulnerability is present in Windows kernel-mode drivers. A flaw is present in the driver, which fails to validate data passed from user mode to kernel mode. Successful exploitation could allow an attacker to gain additional privileges and execute arbitrary code. oval:org.secpod.oval:def:101 A privilege escalation vulnerability is present in Windows kernel-mode drivers. A flaw is present in the driver, which fails to validate data passed from user mode to kernel mode. Successful exploitation could allow an attacker to gain additional privileges and execute arbitrary code. oval:org.secpod.oval:def:100 A privilege escalation vulnerability is present in Windows kernel-mode drivers. A flaw is present in the driver, which fails to validate data passed from user mode to kernel mode. Successful exploitation could allow an attacker to gain additional privileges and execute arbitrary code. oval:org.secpod.oval:def:1032 The host is missing a Critical security update according to Microsoft security bulletin, MS11-007. The update is required to fix remote code execution vulnerability in Windows OpenType Compact Font Format (CFF) driver. A flaw is present in the the driver which fails to properly parse specially craft ... oval:org.secpod.oval:def:1037 The host is missing an Important security update according to Microsoft security bulletin, MS11-012. The update is required to fix elevation of privilege vulnerability in Microsoft Windows. A flaw is present in the windows kernel-mode drivers which fails to validate data passed from user mode to ker ... oval:org.secpod.oval:def:97 A privilege escalation vulnerability is present in Windows kernel-mode drivers. A flaw is present in the driver, which fails to validate data passed from user mode to kernel mode. Successful exploitation could allow an attacker to gain additional privileges and execute arbitrary code. oval:org.mitre.oval:def:12411 Microsoft Data Access Components (MDAC) 2.8 SP1 and SP2, and Windows Data Access Components (WDAC) 6.0, does not properly validate memory allocation for internal data structures, which allows remote attackers to execute arbitrary code, possibly via a large CacheSize property that triggers an integer ... oval:org.secpod.oval:def:996 The host is missing an important security update according to Microsoft security bulletin, MS11-026. The update is required to fix information disclosure vulnerability. A flaw is present in MHTML implementation which fails to properly handle MIME format in a request for content blocks in a document. ... oval:org.secpod.oval:def:1048 The host is missing a critical security update according to Microsoft security bulletin, MS11-002. The update is required to fix remote code execution vulnerability in Microsoft Windows. A flaw is present in MDAC and WDAC which fails to properly validate string length and memory allocation. Successf ... oval:org.mitre.oval:def:12333 Integer signedness error in the SQLConnectW function in an ODBC API (odbc32.dll) in Microsoft Data Access Components (MDAC) 2.8 SP1 and SP2, and Windows Data Access Components (WDAC) 6.0, allows remote attackers to execute arbitrary code via a long string in the Data Source Name (DSN) and a crafted ... oval:org.secpod.oval:def:287 The host is installed with Microsoft Windows XP SP2 or SP3, Windows Server 2003 SP2, Windows Vista SP1 or SP2, Windows Server 2008 and SP2 or Windows 7 and is prone to information disclosure vulnerability. A flaw is present in MHTML implementation which fails to properly handle MIME format in a requ ... oval:org.secpod.oval:def:7 Buffer overflow in an ODBC API in Microsoft Data Access Components (MDAC) 2.8 SP1 and SP2, and Windows Data Access Components (WDAC) 6.0, allows remote attackers to execute arbitrary code via a long string in the Data Source Name (DSN) argument, aka "DSN Overflow Vulnerability." oval:org.secpod.oval:def:8 Microsoft Data Access Components (MDAC) 2.8 SP1 and SP2, and Windows Data Access Components (WDAC) 6.0, does not properly validate memory allocation for internal data structures, which allows remote attackers to execute arbitrary code via a crafted web site, aka "ADO Record Memory Vulnerability." oval:org.secpod.oval:def:43 The host is installed with Microsoft Internet Explorer and is prone to remote code execution vulnerability. A flaw is present in the ReleaseInterface function in mshtml.dll file, which fails to handle objects that have not been correctly initialized or has been deleted. Successful exploitation could ... oval:org.secpod.oval:def:1273 The host is missing a critical security update according to Microsoft security bulletin, MS10-100. The update is required to fix local privilege escalation vulnerability. A flaw is present in the Consent User Interface (UI) in User Account Control (UAC), which fails to handle an unspecified registry ... oval:org.mitre.oval:def:12323 The Consent User Interface (UI) in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly handle an unspecified registry-key value, which allows local users with SeImpersonatePrivilege rights to gain privileges via a crafted application, aka "Cons ... oval:org.secpod.oval:def:1270 The host is missing a critical security update according to Microsoft security bulletin, MS10-098. The update is required to fix multiple vulnerabilities. Flaws are present in the Win32k.sys in the kernel-mode drivers, which fails to allocate memory when copying data from user mode. Successful explo ... oval:org.secpod.oval:def:1351 The host is missing a critical security update according to Microsoft security bulletin, MS10-091. The update is required to fix multiple vulnerabilities. Multiple flaws are present in the OpenType Font (OTF) driver, which fails to parse specially crafted OpenType fonts. Successful exploitation coul ... oval:org.mitre.oval:def:12357 The OpenType Font (OTF) driver in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly perform array indexing, which allows local users to gain privileges via a crafted OpenType font, aka "OpenTyp ... oval:org.mitre.oval:def:12280 The OpenType Font (OTF) driver in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges via a crafted CMAP table in an OpenType font, aka "OpenType CMAP Table Vulnerability." oval:org.mitre.oval:def:12329 Double free vulnerability in the OpenType Font (OTF) driver in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges via a crafted OpenType font, aka "OpenType Font Double Free ... oval:org.mitre.oval:def:12317 win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly link driver objects, which allows local users to gain privileges via a crafted application that trigge ... oval:org.mitre.oval:def:11762 win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly allocate memory for copies from user mode, which allows local users to gain privileges via a crafted a ... oval:org.secpod.oval:def:1561 The host is missing a critical security update according to Microsoft security bulletin, MS10-090. The update is required to fix multiple vulnerabilities. Multiple flaws are present in the Internet Explorer, which fails to handle objects in memory and script. Successful exploitation could allow an a ... oval:org.secpod.oval:def:1352 The host is missing a critical security update according to Microsoft security bulletin, MS10-092. The update is required to fix privilege escalation vulnerability. A flaw is present in the Microsoft Windows Task Scheduler, which fails to validate whether scheduled tasks run within the intended secu ... oval:org.mitre.oval:def:11959 Double free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold and SP2, and Windows 7 allows local users to gain privileges via a crafted application, aka "Win32k Double Free Vulnera ... oval:org.mitre.oval:def:12252 Buffer overflow in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges via vectors related to improper memory allocation for copies fr ... oval:org.mitre.oval:def:12304 The Windows Task Scheduler in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly determine the security context of scheduled tasks, which allows local users to gain privileges via a crafted application, aka "Task Scheduler Vulnerability." NOTE ... oval:org.mitre.oval:def:12194 Double free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges via a crafted application, aka "Win32k PFE Pointer Do ... oval:org.mitre.oval:def:6832 Microsoft Internet Explorer 6 through 8 does not properly handle objects in memory in certain circumstances involving use of Microsoft Word to read Word documents, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, ... oval:org.mitre.oval:def:6928 Microsoft Internet Explorer 6 through 8 does not properly restrict script access to content from a different (1) domain or (2) zone, which allows remote attackers to obtain sensitive information via a crafted web site, aka "Cross-Domain Information Disclosure Vulnerability." oval:org.mitre.oval:def:7410 Microsoft Internet Explorer 6 through 8 does not properly handle unspecified special characters in Cascading Style Sheets (CSS) documents, which allows remote attackers to obtain sensitive information from a different (1) domain or (2) zone via a crafted web site, aka "CSS Special Character Informat ... oval:org.mitre.oval:def:7417 The implementation of HTML content creation in Microsoft Internet Explorer 6 through 8 does not remove the Anchor element during pasting and editing, which might allow remote attackers to obtain sensitive deleted information by visiting a web page, aka "Anchor Element Information Disclosure Vulnerab ... oval:org.mitre.oval:def:7482 mshtmled.dll in Microsoft Internet Explorer 7 and 8 allows remote attackers to execute arbitrary code via a crafted Microsoft Office document that causes the HtmlDlgHelper class destructor to access uninitialized memory, aka "Uninitialized Memory Corruption Vulnerability." oval:org.mitre.oval:def:6684 Use-after-free vulnerability in the Media Player Network Sharing Service in Microsoft Windows Vista SP1 and SP2 and Windows 7 allows remote attackers to execute arbitrary code via a crafted Real Time Streaming Protocol (RTSP) packet, aka "RTSP Use After Free Vulnerability." oval:org.mitre.oval:def:6806 The Secure Channel (aka SChannel) security package in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7, when IIS 7.x is used, does not properly process client certificates during SSL and TLS handshakes, which allows remote attackers to cause a denial of servi ... oval:org.secpod.oval:def:1376 The host is missing a critical security update according to Microsoft security bulletin, MS10-085. The update is required to fix denial of service vulnerability. A flaw is present in the SChannel security package in Microsoft Windows, which fails to validate a specially crafted packet message sent v ... oval:org.secpod.oval:def:1389 The host is missing a critical security update according to Microsoft security bulletin, MS10-075. The update is required to fix use-after-free vulnerability. A flaw is present in the wmpnetwk.exe in Media Player Network Sharing Service, which fails to handle specially crafted RTSP packets. Successf ... oval:org.mitre.oval:def:7637 Cross-site scripting (XSS) vulnerability in the toStaticHTML function in Microsoft Internet Explorer 8, and the SafeHTML function in Microsoft Windows SharePoint Services 3.0 SP2 and Office SharePoint Server 2007 SP2, allows remote attackers to inject arbitrary web script or HTML via unspecified vec ... oval:org.secpod.oval:def:1390 The host is missing a critical security update according to Microsoft security bulletin, MS10-076. The update is required to fix integer overflow vulnerability. A flaw is present in the Embedded OpenType (EOT) Font Engine (t2embed.dll) in Microsoft Windows, which fails to parse 'hdmx' records in an ... oval:org.secpod.oval:def:1456 The host is missing a critical security update according to Microsoft security bulletin, MS10-081. The update is required to fix heap-based buffer overflow vulnerability. A flaw is present in the common control library (Comctl32.dll) in Microsoft Windows, which fails to handle messages passed from a ... oval:org.secpod.oval:def:1520 The host is missing a critical security update according to Microsoft security bulletin, MS10-073. The update is required to fix privilege escalation vulnerability. A flaw is present in the Win32k.sys in Kernel-Mode drivers in the Microsoft Windows, which fails to load keyboard layouts from disk or ... oval:org.mitre.oval:def:6653 Microsoft Windows Media Player (WMP) 9 through 12 does not properly deallocate objects during a browser reload action, which allows user-assisted remote attackers to execute arbitrary code via crafted media content referenced in an HTML document, aka "Windows Media Player Memory Corruption Vulnerabi ... oval:org.mitre.oval:def:7272 Heap-based buffer overflow in Comctl32.dll (aka the common control library) in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7, when a third-party SVG viewer is used, allows remote attackers to execute arbitra ... oval:org.mitre.oval:def:6881 Integer overflow in the Embedded OpenType (EOT) Font Engine in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows remote attackers to execute arbitrary code via a crafted table in an embedded font, aka "Em ... oval:org.secpod.oval:def:1380 The host is missing a critical security update according to Microsoft security bulletin, MS10-082. The update is required to fix remote code execution vulnerability. A flaw is present in the Microsoft Windows Media Player (WMP), which fails to deallocate objects during a browser reload action. Succe ... oval:org.mitre.oval:def:7514 The kernel-mode drivers in Microsoft Windows XP SP3 do not properly perform indexing of a function-pointer table during the loading of keyboard layouts from disk, which allows local users to gain privileges via a crafted application, as demonstrated in the wild in July 2010 by the Stuxnet worm, aka ... oval:org.mitre.oval:def:12085 The kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 do not properly manage a window class, which allows local users to gain privileges by creating a window, then using (1) the SetWindowL ... oval:org.mitre.oval:def:7120 Heap-based buffer overflow in the Local Security Authority Subsystem Service (LSASS), as used in Active Directory in Microsoft Windows Server 2003 SP2 and Windows Server 2008 Gold, SP2, and R2; Active Directory Application Mode (ADAM) in Windows XP SP2 and SP3 and Windows Server 2003 SP2; and Active ... oval:org.secpod.oval:def:1272 The host is missing a critical security update according to Microsoft security bulletin, MS10-096. The update is required to fix remote code execution vulnerability. A flaw is present in the wab.exe in Windows Address Book, which fails to load dynamic-link libraries. Successful exploitation could al ... oval:org.mitre.oval:def:7358 The Print Spooler service in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7, when printer sharing is enabled, does not properly validate spooler access permissions, which allows remote attackers to create fil ... oval:org.mitre.oval:def:12352 Untrusted search path vulnerability in wab.exe 6.00.2900.5512 in Windows Address Book in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges via a Trojan horse wab32res.dll fi ... oval:org.secpod.oval:def:2079 The host is missing a critical security update according to Microsoft security bulletin, MS10-068. The update is required to fix heap-based buffer overflow vulnerability. A flaw is present in the Local Security Authority Subsystem Service (LSASS) in Microsoft Windows, which fails to validate malform ... oval:org.secpod.oval:def:1726 The host is missing a critical security update according to Microsoft security bulletin, MS10-061. The update is required to fix code execution vulnerability. A flaw is present in the Print Spooler service in Microsoft Windows, which fails to validate spooler access permissions when printer sharing ... oval:org.mitre.oval:def:11426 The Tracing Feature for Services in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly determine the length of strings in the registry, which allows local users to gain privileges or cause a denial of service (memory corruption) via vectors in ... oval:org.secpod.oval:def:1587 The host is missing a critical security update according to Microsoft security bulletin, MS10-055. The update is required to fix code execution vulnerability. A flaw is present in the Cinepak Codec in Microsoft Windows, which fails to handle a specially crafted media file or streaming content from a ... oval:org.mitre.oval:def:11773 The Cinepak codec in Microsoft Windows XP SP2 and SP3, Windows Vista SP1 and SP2, and Windows 7 does not properly decompress media files, which allows remote attackers to execute arbitrary code via a crafted file, aka "Cinepak Codec Decompression Vulnerability." oval:org.mitre.oval:def:12082 The Tracing Feature for Services in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 has incorrect ACLs on its registry keys, which allows local users to gain privileges via vectors involving a named pipe and impersonation, aka "Tracing Registry Key ACL Vulne ... oval:org.secpod.oval:def:1725 The host is missing a critical security update according to Microsoft security bulletin, MS10-059. The update is required to fix privilege escalation vulnerability. A flaw is present in the Tracing Feature for Services in Microsoft Windows, which fails to process specially crafted long strings from ... oval:org.secpod.oval:def:1575 The host is missing a critical security update according to Microsoft security bulletin, MS10-054. The update is required to fix code execution vulnerabilities. Multiple flaws are present in the SMB Server in Microsoft Windows, which fails to validate fields in a SMB request. Successful exploitation ... oval:org.secpod.oval:def:1375 The host is missing a critical security update according to Microsoft security bulletin, MS10-048. The update is required to fix privilege escalation vulnerabilities. Flaws are present in the Windows Kernel-Mode Drivers, which fails to validate specially crafted applications. Successful exploitatio ... oval:org.mitre.oval:def:11106 The SMB Server in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate fields in an SMB request, which allows remote attackers to execute arbitrary code via a crafted SMB packet, aka "SMB ... oval:org.mitre.oval:def:12072 Stack consumption vulnerability in the SMB Server in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows remote attackers to cause a denial of service (system hang) via a malformed SMBv2 compounded request, aka "SMB Stack Exhaustion Vulnerability." oval:org.mitre.oval:def:12015 The SMB Server in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate an internal variable in an SMB packet, which allows remote attackers to cause a denial of service (system hang) via a crafted (1) SMBv1 or (2) SMBv2 packet, aka "SMB ... oval:org.mitre.oval:def:11663 The Windows kernel-mode drivers in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 do not properly validate pseudo-handle values in callback parameters during window creation, which allows local ... oval:org.secpod.oval:def:1268 The host is missing a critical security update according to Microsoft security bulletin, MS10-047. The update is required to fix privilege escalation vulnerabilities. Flaws are present in the Windows Kernel, which fails to initialize and validate kernel objects while handling certain errors. Success ... oval:org.mitre.oval:def:11020 The Windows kernel-mode drivers in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 do not properly validate an unspecified system-call argument, which allows local users to cause a denial of serv ... oval:org.mitre.oval:def:11845 The TCP/IP stack in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly handle malformed IPv6 packets, which allows remote attackers to cause a denial of service (system hang) via multiple crafted packets, aka "IPv6 Memory Corruption Vulnerabil ... oval:org.mitre.oval:def:11789 The kernel in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate ACLs on kernel objects, which allows local users to cause a denial of service (reboot) via a crafted application, aka "Windows Kernel Improper Validation Vulnerability." oval:org.mitre.oval:def:12087 Integer overflow in the TCP/IP stack in Microsoft Windows Vista SP1, Windows Server 2008 Gold and R2, and Windows 7 allows local users to gain privileges via a buffer of user-mode data that is copied to kernel mode, aka "Integer Overflow in Windows Networking Vulnerability." oval:org.secpod.oval:def:1724 The host is missing a critical security update according to Microsoft security bulletin, MS10-058. The update is required to fix multiple vulnerabilities. Multiple flaws are present in the TCP/IP stack in Microsoft Windows, which fails to handle malformed IPv6 packets. Successful exploitation could ... oval:org.mitre.oval:def:11564 Windows Shell in Microsoft Windows XP SP3, Server 2003 SP2, Vista SP1 and SP2, Server 2008 SP2 and R2, and Windows 7 allows local users or remote attackers to execute arbitrary code via a crafted (1) .LNK or (2) .PIF shortcut file, which is not properly handled during icon display in Windows Explore ... oval:org.secpod.oval:def:3297 The host is missing a critical security update according to Microsoft security bulletin, MS10-033. The update is required to fix remote code execution vulnerabilities. The flaws are present in the Microsoft Windows Media Decompression, which fails to parse a crafted media file or streaming content. ... oval:org.secpod.oval:def:1216 The host is missing a Critical security update according to Microsoft security bulletin, MS10-053. The update is required to fix multiple vulnerabilities. Flaws are present in the Internet Explorer which fails to properly access an object that has not been correctly initialized or has been deleted.. ... oval:org.secpod.oval:def:1378 The host is missing a Critical security update according to Microsoft security bulletin, MS10-046. The update is required to fix remote code execution vulnerability. A flaw is present in the Windows Shell, which fails to parse a malicious shortcut file and executes a malicious code when the operatin ... oval:org.secpod.oval:def:2669 The host is missing a critical security update according to Microsoft security bulletin, MS10-035. The update is required to fix multiple vulnerabilities. Flaws are present in the Internet Explorer, which fails to handle objects in memory, sanitize HTML scripts and improper data caching. Successful ... oval:org.mitre.oval:def:7406 Microsoft Internet Explorer 6 SP1 and SP2, 7, and 8 allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, related to the CStyleSheet object and a free of the root container, aka "Memory Corrupti ... oval:org.mitre.oval:def:11954 Microsoft Internet Explorer 6, 7, and 8 does not properly determine the origin of script code, which allows remote attackers to execute script in an unintended domain or security zone, and obtain sensitive information, via unspecified vectors, aka "Event Handler Cross-Domain Vulnerability." oval:org.mitre.oval:def:7517 Unspecified vulnerability in Quartz.dll for DirectShow; Windows Media Format Runtime 9, 9.5, and 11; Media Encoder 9; and the Asycfilt.dll COM component allows remote attackers to execute arbitrary code via a media file with crafted compression data, aka "Media Decompression Vulnerability." oval:org.secpod.oval:def:1447 The host is missing a critical security update according to Microsoft security bulletin, MS10-032. The update is required to fix privilege escalation vulnerabilities. Flaws are present in the Windows kernel-mode drivers, which fails to validate callback parameter and the way it provides outlines of ... oval:org.mitre.oval:def:6686 The IE8 Developer Toolbar in Microsoft Internet Explorer 8 SP1, SP2, and SP3 allows user-assisted remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "HTML Element Memory Corruption Vulnerability ... oval:org.mitre.oval:def:7124 The IE8 Developer Toolbar in Microsoft Internet Explorer 8 SP1, SP2, and SP3 allows user-assisted remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerabilit ... oval:org.mitre.oval:def:7283 The Windows kernel-mode drivers in win32k.sys in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, Server 2008 Gold and SP2, Windows 7, and Server 2008 R2 allows local users to execute arbitrary code via vectors related to "glyph outline information" and TrueType fonts, ... oval:org.mitre.oval:def:7324 Microsoft Internet Explorer 6 SP1 and SP2, 7, and 8 allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability." oval:org.mitre.oval:def:7492 Unspecified vulnerability in the Microsoft Internet Explorer 8 Developer Tools ActiveX control in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 and R2, and Windows 7 allows remote attackers to execute arbitrary code via un ... oval:org.secpod.oval:def:1047 The host is missing an critical security update according to Microsoft security bulletin, MS11-027. The update is required to fix remote code execution vulnerability in Microsoft Internet Explorer. The flaws are present in the application which fails to handle memory corruption, an input validation. ... oval:org.secpod.oval:def:1990 The host is missing a critical security update according to Microsoft security bulletin, MS10-034. The update is required to fix remote code execution vulnerability. A flaw is present in the activex control iedvtool.dll and max3activex.dll, which fails to handle specially crafted Web page. Successfu ... oval:org.secpod.oval:def:1523 The host is missing a Critical security update according to Microsoft security bulletin, MS10-040. The update is required to fix remote code execution vulnerability. A flaw is present in the Internet Information Services (IIS), which fails to validate a specially crafted HTTP request. Successful exp ... oval:org.mitre.oval:def:6677 Cross-site scripting (XSS) vulnerability in the toStaticHTML API, as used in Microsoft Office InfoPath 2003 SP3, 2007 SP1, and 2007 SP2; Office SharePoint Server 2007 SP1 and SP2; SharePoint Services 3.0 SP1 and SP2; and Internet Explorer 8 allows remote attackers to inject arbitrary web script or H ... oval:org.mitre.oval:def:7149 Unspecified vulnerability in Microsoft IIS 6.0, 7.0, and 7.5, when Extended Protection for Authentication is enabled, allows remote authenticated users to execute arbitrary code via unknown vectors related to "token checking" that trigger memory corruption, aka "IIS Authentication Memory Corruption ... oval:org.mitre.oval:def:6948 The Windows kernel-mode drivers in win32k.sys in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, Server 2008 Gold and SP2, Windows 7, and Server 2008 R2 "do not properly validate all callback parameters when creating a new window," which allows local users to execute ... oval:org.mitre.oval:def:7072 Unspecified vulnerability in the Windows OpenType Compact Font Format (CFF) driver in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, Server 2008 SP2 and R2, and Windows 7 allows local users to execute arbitrary code via unknown vectors related to improper validation ... oval:org.secpod.oval:def:1585 The host is missing a critical security update according to Microsoft security bulletin, MS10-021. The update is required to fix privilege escalation vulnerabilities. Flaws are present in the Windows Kernel, which fails to validate specially crafted applications like the creation of symbolic links o ... oval:org.mitre.oval:def:6734 Integer overflow in inetcomm.dll in Microsoft Outlook Express 5.5 SP2, 6, and 6 SP1; Windows Live Mail on Windows XP SP2 and SP3, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7; and Windows Mail on Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and ... oval:org.mitre.oval:def:6886 The Authenticode Signature verification functionality in cabview.dll in Cabinet File Viewer Shell Extension 5.1, 6.0, and 6.1 in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does no ... oval:org.secpod.oval:def:1382 The host is missing a critical security update according to Microsoft security bulletin, MS10-037. The update is required to fix privilege escalation vulnerability. A flaw is present in the Windows OpenType Compact Font Format (CFF) driver, which fails to validate a specially crafted CFF font. Succ ... oval:org.secpod.oval:def:2048 The host is missing a critical security update according to Microsoft security bulletin, MS10-019. The update is required to fix remote code execution vulnerabilities. Flaws are present in the Windows cabinet file viewer shell extension and authenticode signature verification used for portable execu ... oval:org.secpod.oval:def:2033 The host is missing a critical security update according to Microsoft security bulletin, MS10-030. The update is required to fix remote code execution vulnerability. Flaws are present in Outlook Express and Windows Mail, which fails to handle a specially crafted mail responses. Successful exploitati ... oval:org.secpod.oval:def:1584 The host is missing a critical security update according to Microsoft security bulletin, MS10-020. The update is required to fix remote code execution vulnerabilities. Flaws are present in the Windows SMB Client, which fails to handle a specially crafted SMB response sent to a client-initiated SMB r ... oval:org.mitre.oval:def:7129 The SMB client in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly allocate memory for SMB responses, which allows remote SMB servers and man-in-the-middle attackers t ... oval:org.mitre.oval:def:6787 The WinVerifyTrust function in Authenticode Signature Verification 5.1, 6.0, and 6.1 in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly use unspecified fields in a fi ... oval:org.mitre.oval:def:6770 The kernel in Microsoft Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly translate a registry key's virtual path to its real path, which allows local users to cause a denial of service (reboot) via a crafted application, aka "Windows Virtual Pa ... oval:org.mitre.oval:def:6918 The SMB client in Microsoft Windows Server 2003 SP2, Vista Gold, SP1, and SP2, and Windows Server 2008 Gold and SP2 allows remote SMB servers and man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and reboot) via a crafted SMB transaction response t ... oval:org.mitre.oval:def:8302 Microsoft Internet Explorer 6, 6 SP1, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulner ... oval:org.mitre.oval:def:8553 Cross-domain vulnerability in Microsoft Internet Explorer 6, 6 SP1, 7, and 8 allows user-assisted remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via a crafted HTML document in a situation where the client user drags one browser window across another ... oval:org.secpod.oval:def:2032 The host is missing a critical security update according to Microsoft security bulletin, MS10-018. The update is required to fix multiple vulnerabilities. Flaws are present in the Internet Explorer, which fails to verify the origin of scripts and handle objects in memory and improper validation of l ... oval:org.mitre.oval:def:7722 Use-after-free vulnerability in mstime.dll in Microsoft Internet Explorer 8 allows remote attackers to execute arbitrary code via vectors related to the TIME2 behavior, the CTimeAction object, and destruction of markup, leading to memory corruption, aka "HTML Object Memory Corruption Vulnerability." oval:org.mitre.oval:def:8424 The Microsoft Data Analyzer ActiveX control (aka the Office Excel ActiveX control for Data Analysis) in max3activex.dll in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows remote ... oval:org.secpod.oval:def:1565 The host is missing a critical security update according to Microsoft security bulletin, MS10-013. The update is required to fix remote code execution vulnerability. A flaw is present in Microsoft DirectShow, which fails to parse a specially crafted AVI file before opening it. Successful exploitatio ... oval:org.secpod.oval:def:2030 The host is missing a critical security update according to Microsoft security bulletin, MS10-008. The update is required to fix remote code execution vulnerability. A flaw is present in the activex control max3activex.dll, which fails to handle specially crafted Web page. Successful exploitation al ... oval:org.mitre.oval:def:8064 Heap-based buffer overflow in DirectShow in Microsoft DirectX, as used in the AVI Filter on Windows 2000 SP4, Windows XP SP2 and SP3, and Windows Server 2003 SP2, and in Quartz on Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 ... oval:org.mitre.oval:def:8314 The SMB implementation in the Server service in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate the share and servername fields in SMB packets, which allows ... oval:org.mitre.oval:def:8438 The SMB implementation in the Server service in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate request fields, which allows remote authenticated users to ex ... oval:org.mitre.oval:def:8524 Multiple race conditions in the SMB implementation in the Server service in Microsoft Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allow remote attackers to cause a denial of service (system hang) via a crafted (1) SMBv1 or (2) SMBv2 Negotiate packet, aka "S ... oval:org.secpod.oval:def:2035 The host is missing a critical security update according to Microsoft security bulletin, MS10-012. The update is required to fix remote code execution vulnerabilities. A flaw is present in the SMB Server, which fails to validate crafted SMB requests. Successful exploitation could allow an attacker t ... oval:org.mitre.oval:def:7751 The SMB implementation in the Server service in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not use a sufficient source of entropy, which allows remote attackers to obtain acc ... oval:org.mitre.oval:def:8298 Race condition in the SMB client implementation in Microsoft Windows Server 2008 R2 and Windows 7 allows remote SMB servers and man-in-the-middle attackers to execute arbitrary code, and in the SMB client implementation in Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2 allows local us ... oval:org.secpod.oval:def:1568 The host is missing a critical security update according to Microsoft security bulletin, MS10-006. The update is required to fix code execution vulnerabilities. Flaws are present in the SMB Client in Microsoft Windows, which fails to validate crafted response from SMB servers and man-in-the-middle a ... oval:org.mitre.oval:def:7145 Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, 7, and 8 does not prevent rendering of non-HTML local files as HTML documents, which allows remote attackers to bypass intended access restrictions and read arbitrary files via vectors involving JavaScript exploit code that constructs a reference to a ... oval:org.mitre.oval:def:8344 The kernel in Microsoft Windows NT 3.1 through Windows 7, including Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, and Windows Server 2008 Gold and SP2, when access to 16-bit applications is enabled on a 32-bit x86 platform, does not properly val ... oval:org.mitre.oval:def:8324 Integer overflow in the Embedded OpenType (EOT) Font Engine (t2embed.dll) in Microsoft Windows 2000 SP4; Windows XP SP2 and SP3; Windows Server 2003 SP2; Windows Vista Gold, SP1, and SP2; Windows Server 2008 Gold, SP2, and R2; and Windows 7 allows remote attackers to execute arbitrary code via compr ... oval:org.secpod.oval:def:1224 The host is missing a Critical security update according to Microsoft security bulletin, MS10-001. The update is required to fix remote code execution vulnerability. A flaw is present in the OpenType (EOT) Font Client which fails to properly parse specially crafted EOT fonts. Successful exploitation ... oval:org.secpod.oval:def:1727 The host is missing a critical security update according to Microsoft security bulletin, MS10-015. The update is required to fix privilege escalation vulnerabilities. Flaws are present in the Windows Kernel, which fails to handle certain exceptions. Successful exploitation could allow an attacker t ... oval:org.mitre.oval:def:6519 Microsoft Internet Explorer 7 and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability." oval:org.mitre.oval:def:6570 Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability," a diffe ... oval:org.secpod.oval:def:2513 The host is missing an critical security update according to Microsoft security bulletin, MS09-072. The update is required to fix multiple memory corruption vulnerabilities. The flaws are present in the Internet Explorer, which fails to handle objects in memory. Successful exploitation allows an att ... oval:org.mitre.oval:def:6382 Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability," a diffe ... oval:org.secpod.oval:def:2296 The host is missing an important security update according to Microsoft security bulletin, MS09-059. The update is required to fix denial of service vulnerability. A flaw is present in the Microsoft Windows Local Security Authority Subsystem Service (LSASS), which fails handle malformed packets duri ... oval:org.mitre.oval:def:6263 Integer underflow in the NTLM authentication feature in the Local Security Authority Subsystem Service (LSASS) in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows remote attackers to cause a denia ... oval:org.secpod.oval:def:2565 The host is missing an important security update according to Microsoft security bulletin, MS09-056. The update is required to fix spoofing vulnerabilities. The flaws are present in the Windows CryptoAPI, which fails to validate certificate names that contain null terminators and ASN.1 object identi ... oval:org.mitre.oval:def:6186 Integer overflow in the CryptoAPI component in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows man-in-the-middle attackers to spoof arbitrary SSL servers and other entities via ... oval:org.mitre.oval:def:5842 The CryptoAPI component in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7, as used by Internet Explorer and other applications, does not properly handle a '\0' character in a domain n ... oval:org.mitre.oval:def:5716 Microsoft .NET Framework 1.0 SP3, 1.1 SP1, and 2.0 SP1 does not properly validate .NET verifiable code, which allows remote attackers to obtain unintended access to stack memory, and execute arbitrary code, via (1) a crafted XAML browser application (XBAP), (2) a crafted ASP.NET application, or (3) ... oval:org.mitre.oval:def:6716 The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold and SP1, and Visual C++ 2005 SP1 and 2008 Gold and SP1; and Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2; does not properly re ... oval:org.secpod.oval:def:2298 The host is missing a critical security update according to Microsoft security bulletin, MS09-055. The update is required to fix remote code execution vulnerabilities. The flaws are present in the Microsoft Active Template Library (ATL) ActiveX Controls. Successful exploitation allows an attacker to ... oval:org.mitre.oval:def:6421 The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold and SP1, and Visual C++ 2005 SP1 and 2008 Gold and SP1; and Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2; does not properly re ... oval:org.secpod.oval:def:83856 Windows Kernel Elevation of Privilege Vulnerability oval:org.secpod.oval:def:81520 Windows Media Center Elevation of Privilege Vulnerability oval:org.secpod.oval:def:76438 Windows Digital TV Tuner Elevation of Privilege Vulnerability oval:org.secpod.oval:def:76412 Windows Media Center Elevation of Privilege Vulnerability oval:org.secpod.oval:def:74885 Windows DNS Elevation of Privilege Vulnerability. oval:org.secpod.oval:def:74320 Windows Digital TV Tuner device registration application Elevation of Privilege Vulnerability oval:org.secpod.oval:def:70947 RPC Endpoint Mapper Service Elevation of Privilege Vulnerability. oval:org.secpod.oval:def:66109 A denial of service vulnerability exists in Windows Remote Desktop Service when an attacker connects to the target system using RDP and sends specially crafted requests. An attacker who successfully exploited this vulnerability could cause the Remote Desktop Service on the target system to stop resp ... oval:org.secpod.oval:def:1455 The host is missing a critical security update according to Microsoft security bulletin, MS10-071. The update is required to fix multiple vulnerabilities. Multiple flaws are present in Microsoft Internet Explorer, which fails to handle unspecified special characters in CSS documents. Successful expl ... oval:org.mitre.oval:def:7059 Use-after-free vulnerability in the CAttrArray::PrivateFind function in mshtml.dll in Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code by setting an unspecified property of a stylesheet object, aka "Uninitialized Memory Corruption Vulnerability." oval:org.mitre.oval:def:6704 Use-after-free vulnerability in the Sb.SuperBuddy.1 ActiveX control (sb.dll) in America Online (AOL) 9.5.0.1 allows remote attackers to trigger memory corruption or possibly execute arbitrary code via a malformed argument to the SetSuperBuddy method. oval:org.secpod.oval:def:66928 Windows Network File System Remote Code Execution Vulnerability. oval:org.secpod.oval:def:43399 An information disclosure vulnerability exists in the way that the Color Management Module (ICM32.dll) handles objects in memory. This vulnerability allows an attacker to retrieve information to bypass usermode ASLR (Address Space Layout Randomization) on a targeted system. By itself, the informatio ... oval:org.secpod.oval:def:43407 A Win32k information disclosure vulnerability exists when the Windows GDI component improperly discloses kernel memory addresses. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. To exploit this vulnerability, an attacker woul ... oval:org.secpod.oval:def:43412 An elevation of privilege vulnerability exists in Windows Adobe Type Manager Font Driver (ATMFD.dll) when it fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code and take control of an affected system. An attacker could th ... oval:org.secpod.oval:def:24876 The host is installed with Internet Explorer 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which improperly accesses objects in memory. Successful exploitation could allow attackers to execute arbitrary code in the context of the current user. oval:org.secpod.oval:def:24877 The host is installed with Internet Explorer 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which improperly accesses objects in memory. Successful exploitation could allow attackers to execute arbitrary code in the context of the current user. oval:org.secpod.oval:def:24878 The host is installed with Internet Explorer 9, 10 or 11 and is prone to an information disclosure vulnerability. A flaw is present in the application, which improperly accesses objects in memory. Successful exploitation could allow attackers to execute arbitrary code in the context of the current u ... oval:org.secpod.oval:def:24879 The host is installed with Internet Explorer 7, 8, 9, 10 or 11 and is prone to a privilege escalation vulnerability. A flaw is present in the application, which improperly accesses objects in memory. Successful exploitation could allow attackers to execute arbitrary code in the context of the curren ... oval:org.secpod.oval:def:24880 The host is installed with Internet Explorer 7, 8, 9, 10 or 11 and is prone to a privilege escalation vulnerability. A flaw is present in the application, which improperly accesses objects in memory. Successful exploitation could allow attackers to execute arbitrary code in the context of the curren ... oval:org.secpod.oval:def:24881 The host is installed with Internet Explorer 10 and is prone to a memory corruption vulnerability. A flaw is present in the application, which improperly accesses objects in memory. Successful exploitation could allow attackers to execute arbitrary code in the context of the current user. oval:org.secpod.oval:def:24882 The host is installed with Internet Explorer 8 and is prone to a memory corruption vulnerability. A flaw is present in the application, which improperly accesses objects in memory. Successful exploitation could allow attackers to execute arbitrary code in the context of the current user. oval:org.secpod.oval:def:24865 The host is installed with Internet Explorer 9 and is prone to a memory corruption vulnerability. A flaw is present in the application, which improperly accesses objects in memory. Successful exploitation could allow attackers to execute arbitrary code in the context of the current user. oval:org.secpod.oval:def:24866 The host is installed with Internet Explorer 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which improperly accesses objects in memory. Successful exploitation could allow attackers to execute arbitrary code in the context of the current user. oval:org.secpod.oval:def:24867 The host is installed with Internet Explorer 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which improperly accesses objects in memory. Successful exploitation could allow attackers to execute arbitrary code in the context of the current user. oval:org.secpod.oval:def:24868 The host is installed with Internet Explorer 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which improperly accesses objects in memory. Successful exploitation could allow attackers to execute arbitrary code in the context of the current user. oval:org.secpod.oval:def:24869 The host is installed with Internet Explorer 10 or 11 and is prone to a privilege escalation vulnerability. A flaw is present in the application, which improperly accesses objects in memory. Successful exploitation could allow attackers to execute arbitrary code in the context of the current user. oval:org.secpod.oval:def:24870 The host is installed with Internet Explorer 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which improperly accesses objects in memory. Successful exploitation could allow attackers to execute arbitrary code in the context of the current user. oval:org.secpod.oval:def:24871 The host is installed with Internet Explorer 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which improperly accesses objects in memory. Successful exploitation could allow attackers to execute arbitrary code in the context of the current user. oval:org.secpod.oval:def:24872 The host is installed with Internet Explorer 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which improperly accesses objects in memory. Successful exploitation could allow attackers to execute arbitrary code in the context of the current user. oval:org.secpod.oval:def:24873 The host is installed with Internet Explorer 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which improperly accesses objects in memory. Successful exploitation could allow attackers to execute arbitrary code in the context of the current user. oval:org.secpod.oval:def:24874 The host is installed with Internet Explorer 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which improperly accesses objects in memory. Successful exploitation could allow attackers to execute arbitrary code in the context of the current user. oval:org.secpod.oval:def:24875 The host is installed with Internet Explorer 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which improperly accesses objects in memory. Successful exploitation could allow attackers to execute arbitrary code in the context of the current user. oval:org.secpod.oval:def:24859 The host is installed with Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which improperly accesses objects in memory. Successful exploitation could allow attackers to execute arbitrary code in the context of the curren ... oval:org.secpod.oval:def:24860 The host is installed with Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which improperly accesses objects in memory. Successful exploitation could allow attackers to execute arbitrary code in the context of the curren ... oval:org.secpod.oval:def:24861 The host is installed with Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which improperly accesses objects in memory. Successful exploitation could allow attackers to execute arbitrary code in the context of the curren ... oval:org.secpod.oval:def:24862 The host is installed with Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which improperly accesses objects in memory. Successful exploitation could allow attackers to execute arbitrary code in the context of the curren ... oval:org.secpod.oval:def:24863 The host is installed with Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which improperly accesses objects in memory. Successful exploitation could allow attackers to execute arbitrary code in the context of the curren ... oval:org.secpod.oval:def:24864 The host is installed with Internet Explorer 6, 7, 8, or 9 and is prone to a memory corruption vulnerability. A flaw is present in the application, which improperly accesses objects in memory. Successful exploitation could allow attackers to execute arbitrary code in the context of the current user. oval:org.mitre.oval:def:8267 Microsoft Internet Explorer 6, 6 SP1, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "HTML Object Memory Corruption Vulnerab ... oval:org.mitre.oval:def:8378 Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability," a diffe ... oval:org.mitre.oval:def:8464 The URL validation functionality in Microsoft Internet Explorer 5.01, 6, 6 SP1, 7 and 8, and the ShellExecute API function in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2, does not properly process input parameters, which allows remote attackers to execute arbitrary local programs via a cra ... oval:org.mitre.oval:def:8491 Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability," a diffe ... oval:org.mitre.oval:def:6835 Use-after-free vulnerability in Microsoft Internet Explorer 6, 6 SP1, 7, and 8 on Windows 2000 SP4; Windows XP SP2 and SP3; Windows Server 2003 SP2; Windows Vista Gold, SP1, and SP2; Windows Server 2008 Gold, SP2, and R2; and Windows 7 allows remote attackers to execute arbitrary code by accessing a ... oval:org.secpod.oval:def:2031 The host is missing a critical security update according to Microsoft security bulletin, MS10-002. The update is required to fix multiple vulnerabilities. Flaws are present in the Internet Explorer which fails to handle objects in memory, input parameters and HTML attributes. Successful exploitation ... oval:org.mitre.oval:def:8186 Microsoft Internet Explorer 6, 6 SP1, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulner ... oval:org.mitre.oval:def:7715 The XSS Filter in Microsoft Internet Explorer 8 allows remote attackers to leverage the "response-changing mechanism" to conduct cross-site scripting (XSS) attacks against web sites that have no inherent XSS vulnerabilities, related to the details of output encoding and improper modification of an H ... oval:org.secpod.oval:def:1245 The host is missing a critical security update according to Microsoft security bulletin, MS10-049. The update is required to fix remote code execution vulnerabilities. Flaws are present in the the Secure Channel (SChannel) which fails to validate a malformed certificate request message sent by the s ... oval:org.secpod.oval:def:6200 The host is installed with Microsoft XML Core Services 3.0, 4.0, 5.0 or 6.0 and is prone to remote code execution vulnerability. A flaw is present in the application, which fails to handle crafted web site. Successful exploitation allows remote attackers to execute arbitrary code or cause a denial o ... oval:org.mitre.oval:def:7286 Windows Shell and WordPad in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7; Microsoft Office XP SP3; Office 2003 SP3; and Office System 2007 SP1 and SP2 do not properly validate COM objects during instantiat ... oval:org.secpod.oval:def:8351 The host is installed with Microsoft XML Core Services 4.0, 5.0, 6.0 on Microsoft Windows or with Microsoft Groove Server 2007, Microsoft SharePoint Server 2007, Microsoft Expression Web 2, Microsoft Expression Web, Microsoft Office Compatibility Pack, Microsoft Word Viewer, Microsoft Office 2007, M ... oval:org.secpod.oval:def:25804 The host is installed with Microsoft Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8, 8.1, 10, Server 2012 or Server 2012 R2 and is prone to a mount manager elevation of privilege vulnerability. The flaw is present in the application, which fails to properly process ... oval:org.secpod.oval:def:25822 The host is missing an important security update according to Microsoft security bulletin, MS15-088. The update is required to fix an unsafe command line parameter passing vulnerability. A flaw is present in the application, which fails to properly handle unsafe command line parameters. Successful e ... oval:org.secpod.oval:def:25342 The host is installed with Microsoft Server 2003, Server 2008, Server 2008 R2, Windows Vista, Windows 7, Server 2012, Server 2012 R2, Windows 8 or Windows 8.1 and is prone to an elevation of privilege vulnerability. A flaw is present in the application, which improperly handles custom action scripts ... oval:org.secpod.oval:def:25415 The host is installed with Microsoft Windows Server 2008, 2008 R2, 2012, 2012 R2, Windows Vista, 7, 8 or 8.1 and is prone to a remote code execution vulnerability. A flaw is present in the application, which improperly handles specially crafted OpenType fonts. An attacker who successfully exploited ... oval:org.secpod.oval:def:25888 The host is installed with Internet Explorer 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which improperly accesses objects in memory. Successful exploitation could allow attackers to execute arbitrary code in the context of the current u ... oval:org.secpod.oval:def:25858 The host is installed with Microsoft Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8, Server 2012, Windows 8.1, Windows 10 or Server 2012 R2 and is prone to a security feature bypass vulnerability. A flaw is present in the application, which fails to properly validat ... oval:org.secpod.oval:def:25845 The host is installed with Microsoft Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8, Server 2012, Windows 8.1, Windows 10 or Server 2012 R2 and is prone to an ASLR security feature bypass vulnerability. A flaw is present in the application, which fails to properly i ... oval:org.secpod.oval:def:25851 The host is installed with Microsoft Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8, Server 2012, Windows 8.1, Windows 10 or Server 2012 R2 and is prone to an Onetype font parsing vulnerability. A flaw is present in the application, which fails to handle a crafted O ... oval:org.secpod.oval:def:25852 The host is installed with Microsoft Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8, Server 2012, Windows 8.1, Windows 10 or Server 2012 R2 and is prone to an Onetype font parsing vulnerability. A flaw is present in the application, which fails to handle a crafted O ... oval:org.secpod.oval:def:25854 The host is installed with Microsoft Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8, Server 2012, Windows 8.1, Windows 10 or Server 2012 R2 and is prone to an Onetype font parsing vulnerability. A flaw is present in the applications, which fail to handle a crafted O ... oval:org.secpod.oval:def:25836 The host is missing a critical security update according to Microsoft security bulletin, MS15-079. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to properly handle crafted data. Successful exploitation could allow attackers to execute a ... oval:org.secpod.oval:def:25823 The host is installed with Microsoft Excel 2007, 2010, 2013, Powerpoint 2007, 2010, 2013, Visio 2007, 2010, 2013, Word 2007, 2010, 2013, Internet Explorer 7, 8, 9, 10 or 11, Microsoft Windows Server 2008, 2008 R2, 2012, 2012 R2, Windows Vista, 7, 8, 8.1 or 10 and is prone to an unsafe command line p ... oval:org.secpod.oval:def:25824 The host is installed with Internet Explorer 7, 8, 9, 10, 11 or Microsoft Edge on Microsoft Windows 10 and is prone to a memory corruption vulnerability. A flaw is present in the applications, which fail to properly handle crafted data. Successful exploitation could allow attackers to execute arbitr ... oval:org.secpod.oval:def:25825 The host is installed with Internet Explorer 7, 8, 9, 10 or 11 and is prone to an ASLR bypass vulnerability. A flaw is present in the application, which fails to properly use ASLR security feature. Successful exploitation could allow attackers to bypass the Address Space Layout Randomization. oval:org.secpod.oval:def:25827 The host is installed with Internet Explorer 8, 9, 10 or 11 and is prone to an edge memory corruption vulnerability. A flaw is present in the application, which fails to properly access an object in memory. Successful exploitation could allow attackers to execute arbitrary code in the context of the ... oval:org.secpod.oval:def:25831 The host is installed with Internet Explorer 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly access an object in memory. Successful exploitation could allow attackers to execute arbitrary code in the context of the current user. oval:org.secpod.oval:def:26538 The host is installed with Windows journal in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, Windows 8.1, Windows 10 or Windows Server 2012 R2 and is prone to a remote code execution vulnerability. A flaw is present in the application, ... oval:org.secpod.oval:def:26537 The host is installed with Windows journal in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, Windows 8.1 or Windows 10 or Windows Server 2012 R2 and is prone to a remote code execution vulnerability. A flaw is present in the applicatio ... oval:org.secpod.oval:def:26539 The host is installed with Windows journal in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, Windows 8.1, Windows 10 or Windows Server 2012 R2 and is prone to an integer overflow remote code execution vulnerability. A flaw is present i ... oval:org.secpod.oval:def:26540 The host is installed with Windows journal in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, Windows 8.1, Windows 10 or Windows Server 2012 R2 and is prone to a denial of service vulnerability. A flaw is present in the application, whi ... oval:org.secpod.oval:def:26542 The host is missing an important security update according to Microsoft security bulletin, MS15-102. The update is required to fix multiple elevation of privilege vulnerability. The flaws are present in the application, which fails to properly handle a crafted application. Successful exploitation co ... oval:org.secpod.oval:def:26536 The host is installed with Windows journal in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, Windows 8.1, Windows 10 or Windows Server 2012 R2 and is prone to a remote code execution vulnerability. A flaw is present in the application, ... oval:org.secpod.oval:def:26516 The host is installed with Internet Explorer 11 and is prone to a privilege escalation vulnerability. A flaw is present in the application, which fails to properly validate permissions under specific conditions. Successful exploitation could allow attackers to gain elevated privileges. oval:org.secpod.oval:def:26523 The host is installed with Microsoft Edge on Microsoft Windows 10 or Internet Explorer 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the applications, which fail to properly access objects in memory. Successful exploitation could allow attackers to execute ... oval:org.secpod.oval:def:26525 The host is installed with Microsoft Edge on Microsoft Windows 10 or Internet Explorer 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the applications, to properly access objects in memory. Successful exploitation could allow attackers to execute arbitrary code in t ... oval:org.secpod.oval:def:26524 The host is installed with Microsoft Edge on Microsoft Windows 10 or Internet Explorer 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the applications, which fail to properly access objects in memory. Successful exploitation could allow attackers to execute ... oval:org.secpod.oval:def:26509 The host is installed with Internet Explorer 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly access objects in memory. Successful exploitation could allow attackers to execute arbitrary code in the context of the curr ... oval:org.secpod.oval:def:26508 The host is installed with Internet Explorer 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly access objects in memory. Successful exploitation could allow attackers to execute arbitrary code in the context of the curr ... oval:org.secpod.oval:def:26510 The host is installed with Internet Explorer 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly access objects in memory. Successful exploitation could allow attackers to execute arbitrary code in the context of the curr ... oval:org.secpod.oval:def:26512 The host is installed with Internet Explorer 10 or 11 and is prone to a tampering vulnerability. A flaw is present in the application, which fails to properly handle a file with an improper flag that in turn permits a file operation. Successful exploitation could allow attackers to bypass certain se ... oval:org.secpod.oval:def:26513 The host is installed with Microsoft Edge on Microsoft Windows 10 or Internet Explorer 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the applications, which fail to properly access objects in memory. Successful exploitation could allow attackers to execute arbit ... oval:org.secpod.oval:def:26559 The host is installed with Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, Windows 8.1, Windows 10 or Windows Server 2012 R2 and is prone to font driver elevation of privilege vulnerability. A flaw is present in the application, which fail to han ... oval:org.secpod.oval:def:26562 The host is installed with Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, Windows 8.1, Windows 10 or Windows Server 2012 R2 and is prone to a Win32k memory corruption vulnerability. A flaw is present in the application, which fails to properly h ... oval:org.secpod.oval:def:26561 The host is installed with Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, Windows 8.1, Windows 10 or Windows Server 2012 R2 and is prone to a Win32k memory corruption vulnerability. A flaw is present in the application, which fails to properly h ... oval:org.secpod.oval:def:26560 The host is installed with Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, Windows 8.1, Windows 10 or Windows Server 2012 R2 and is prone to a Win32k memory corruption vulnerability. A flaw is present in the application, which fails to properly h ... oval:org.secpod.oval:def:26556 The host is installed with Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, Windows 8.1, Windows 10 or Windows Server 2012 R2 and is prone to an opentype font parsing vulnerability. A flaw is present in the application, which fail to handle specia ... oval:org.secpod.oval:def:26558 The host is installed with Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, Windows 8.1, Windows 10 or Windows Server 2012 R2 and is prone to a Win32k memory corruption vulnerability. A flaw is present in the application, which fails to properly h ... oval:org.secpod.oval:def:26557 The host is installed with Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, Windows 8.1, Windows 10 or Windows Server 2012 R2 and is prone to a font driver elevation of privilege vulnerability. A flaw is present in the application, which fail to h ... oval:org.secpod.oval:def:29998 The host is installed with Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8, Server 2012, Windows 8.1, Server 2012 R2 or Windows 10 and is prone to a kernel memory corruption vulnerability. A flaw is present in the Windows kernel, which fails to properly handle objects in mem ... oval:org.secpod.oval:def:30000 The host is installed with Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8, Server 2012, Windows 8.1, Server 2012 R2 or Windows 10 and is prone to an elevation of privilege vulnerability. A flaw is present in the application, which improperly validates junctions in certain s ... oval:org.secpod.oval:def:30028 The host is installed with Internet Explorer 9, 10 or 11 and is prone to an information disclosure vulnerability. A flaw is present in the application, which improperly discloses the contents of its memory. Successful exploitation could provide an attacker with information to further compromise the ... oval:org.secpod.oval:def:30026 The host is installed with Internet Explorer 8, 9, 10 or 11 and is prone to an elevation of privilege vulnerability. A flaw is present in the application, which does not properly validate permissions under specific conditions. Successful exploitation could allow attackers to run script with elevated ... oval:org.secpod.oval:def:30027 The host is installed with Internet Explorer 11 and is prone to an information disclosure vulnerability. A flaw is present in the application, which improperly discloses the contents of its memory. Successful exploitation could provide an attacker with information to further compromise the user's co ... oval:org.secpod.oval:def:30021 The host is installed with Internet Explorer 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly access objects in memory. An attacker who successfully exploited these vulnerabilities could gain the same user rights as th ... oval:org.secpod.oval:def:30017 The host is installed with JScript and Vbscript 5.8 scripting engines and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle objects in memory. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the cu ... oval:org.secpod.oval:def:30018 The host is installed with JScript and Vbscript 5.7 or 5.8 scripting engines and is prone to an information disclosure vulnerability. A flaw is present in the applications, which improperly disclose the contents of its memory. Successful exploitation could provide an attacker with information to fur ... oval:org.secpod.oval:def:30014 The host is installed with JScript and Vbscript 5.7 or 5.8 scripting engines and is prone to memory corruption vulnerability. A flaw is present in the applications, which fail to handle objects in memory. An attacker who successfully exploited the vulnerabilities could gain the same user rights as t ... oval:org.secpod.oval:def:30015 The host is installed with JScript and Vbscript 5.7 or 5.8 scripting engines and is prone to an ASLR bypass vulnerability. A flaw is present in the applications, which fail to use the Address Space Layout Randomization (ASLR) security feature. Successful exploitation could allow attacker to more rel ... oval:org.secpod.oval:def:30016 The host is installed with JScript and Vbscript 5.7 or 5.8 scripting engines and is prone to a memory corruption vulnerability. A flaw is present in the applications, which fail to handle objects in memory. An attacker who successfully exploited the vulnerabilities could gain the same user rights as ... oval:org.secpod.oval:def:30004 The host is installed with Microsoft Windows Vista, Server 2008, Windows 7, Server 2008 R2, Windows 8, 8.1, 10, Server 2012 or Server 2012 R2 and is prone to an use-after-free vulnerability. A flaw is present in the application, which fails to properly handle objects in memory. Successful exploitati ... oval:org.secpod.oval:def:30974 The host is installed with Microsoft Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8, 8.1, Server 2012, Server 2012 R2 or Windows 10 and is prone to a security feature bypass vulnerability. The flaw is present in the application, which fails to properly validate perm ... oval:org.secpod.oval:def:30975 The host is installed with Microsoft Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8, Server 2012, Windows 8.1, Server 2012 R2 or Windows 10 and is prone to an elevation of privilege vulnerability. A flaw is present in the Windows kernel-mode driver, which fails to properly ... oval:org.secpod.oval:def:30972 The host is installed with Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, Windows 8.1, Windows Server 2012 R2 or Windows 10 and is prone to an elevation of privilege vulnerability. A flaw is present in the application, which makes a ca ... oval:org.secpod.oval:def:29999 The host is installed with Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8, Server 2012, Windows 8.1, Server 2012 R2 or Windows 10 and is prone to an elevation of privilege vulnerability. A flaw is present in the Windows kernel, which fails to properly handle objects in memo ... oval:org.secpod.oval:def:30966 The host is installed with Microsoft Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8, 8.1, 10, Server 2012 or Server 2012 R2 and is prone to a security feature bypass vulnerability. A flaw is present in the Windows Kerberos, which fails to check the password change o ... oval:org.secpod.oval:def:31698 The host is installed with Microsoft Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8, Server 2012, Windows 8.1, Server 2012 R2 or Windows 10 and is prone to an elevation of privilege vulnerability. A flaw is present in the Windows Pragmatic General Multicast (PGM) protocol, ... oval:org.secpod.oval:def:31003 The host is installed with Internet Explorer 9, 10 or 11 and is prone to an information disclosure vulnerability. A flaw is present in the application, which discloses the contents of its memory. An attacker who successfully exploited this vulnerability could provide the attacker with information to ... oval:org.secpod.oval:def:31004 The host is installed with Microsoft Edge, Internet Explorer 9, 10 or 11 and is prone to an ASLR Bypass vulnerability. A flaw is present in the application, which fails to use the Address Space Layout Randomization (ASLR) security feature. An attacker who successfully exploited it could bypass the A ... oval:org.secpod.oval:def:31000 The host is installed with Internet Explorer 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly access objects in memory. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current ... oval:org.secpod.oval:def:31001 The host is installed with Internet Explorer 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly access objects in memory. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the curr ... oval:org.secpod.oval:def:31002 The host is installed with Microsoft Edge, Internet Explorer 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly access objects in memory. An attacker who successfully exploited these vulnerabilities could gain the same user ri ... oval:org.secpod.oval:def:30996 The host is installed with Internet Explorer 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly access objects in memory. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user. oval:org.secpod.oval:def:30997 The host is installed with Internet Explorer 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly access objects in memory. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user. oval:org.secpod.oval:def:30998 The host is installed with Microsoft Edge, Internet Explorer 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly access objects in memory. An attacker who successfully exploited these vulnerabilities could gain the same user right ... oval:org.secpod.oval:def:30999 The host is installed with Internet Explorer 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly access objects in memory. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current ... oval:org.secpod.oval:def:30992 The host is installed with Internet Explorer 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly access objects in memory. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user. oval:org.secpod.oval:def:30993 The host is installed with Internet Explorer 11 or Microsoft Edge and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly access objects in memory. An attacker who successfully exploited these vulnerabilities could gain the same user rights as ... oval:org.secpod.oval:def:30994 The host is installed with Internet Explorer 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly access objects in memory. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user. oval:org.secpod.oval:def:30995 The host is installed with Internet Explorer 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly access objects in memory. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user. oval:org.secpod.oval:def:30990 The host is installed with Internet Explorer 8, 9, 10 or 11 and is prone to a scripting engine memory corruption vulnerability. A flaw is present in the application, which fails to properly access objects in memory. An attacker who successfully exploited these vulnerabilities could gain the same use ... oval:org.secpod.oval:def:30991 The host is installed with Internet Explorer 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly access objects in memory. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user. oval:org.secpod.oval:def:30985 The host is installed with Internet Explorer 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly access objects in memory. An attacker who successfully exploited these vulnerabilities could gain the same user rights as th ... oval:org.secpod.oval:def:30986 The host is installed with Internet Explorer 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly access objects in memory. An attacker who successfully exploited these vulnerabilities could gain the same user rights as th ... oval:org.secpod.oval:def:30987 The host is installed with Internet Explorer 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly access objects in memory. An attacker who successfully exploited these vulnerabilities could gain the same user rights as th ... oval:org.secpod.oval:def:30988 The host is installed with Internet Explorer 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly access objects in memory. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the c ... oval:org.secpod.oval:def:30982 The host is installed with Internet Explorer 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly access objects in memory. An attacker who successfully exploited these vulnerabilities could gain the same user rights as th ... oval:org.secpod.oval:def:30983 The host is installed with Internet Explorer 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly access objects in memory. An attacker who successfully exploited these vulnerabilities could gain the same user rights as th ... oval:org.secpod.oval:def:30984 The host is installed with Internet Explorer 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly access objects in memory. An attacker who successfully exploited these vulnerabilities could gain the same user rights as th ... oval:org.secpod.oval:def:30989 The host is installed with Internet Explorer 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly access objects in memory. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the c ... oval:org.secpod.oval:def:30976 The host is installed with Microsoft Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8, Server 2012, Windows 8.1, Server 2012 R2 or Windows 10 and is prone to an elevation of privilege vulnerability. A flaw is present in the Windows kernel-mode driver, which fails to properly ... oval:org.secpod.oval:def:30977 The host is installed with Microsoft Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8, Server 2012, Windows 8.1, Server 2012 R2 or Windows 10 and is prone to an information disclosure vulnerability. A flaw is present in the Windows kernel-mode driver, which fails to properly ... oval:org.secpod.oval:def:30978 The host is installed with Microsoft Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8, Server 2012, Windows 8.1, Server 2012 R2 or Windows 10 and is prone to a remote code execution vulnerability. A flaw is present in the Windows graphics memory, which fails to properly handl ... oval:org.secpod.oval:def:30979 The host is installed with Microsoft Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8, Server 2012, Windows 8.1, Server 2012 R2 or Windows 10 and is prone to a remote code execution vulnerability. A flaw is present in the Windows graphics memory, which fails to properly handl ... oval:org.secpod.oval:def:31740 The host is installed with Microsoft Edge or Internet Explorer 11 and is prone to a memory corruption vulnerability. A flaw is present in the applications, which fail to properly access objects in memory. An attacker who successfully exploited these vulnerabilities could gain the same user rights as ... oval:org.secpod.oval:def:31741 The host is installed with Internet Explorer 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly access objects in memory. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user. oval:org.secpod.oval:def:31748 The host is installed with Vbscript or JScript 5.7 or 5.8 scripting engines and is prone to an information disclosure vulnerability. A flaw is present in the application, which discloses the contents of its memory. Successful exploitation could allow attackers to compromise the users computer or dat ... oval:org.secpod.oval:def:31749 The host is installed with Vbscript or JScript 5.7 or 5.8 scripting engines and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle objects in memory. An attacker who successfully exploited the vulnerability could gain the same user rights as th ... oval:org.secpod.oval:def:31735 The host is installed with Microsoft Edge or Internet Explorer 11 and is prone to a memory corruption vulnerability. A flaw is present in the applications, which fail to properly access objects in memory. An attacker who successfully exploited these vulnerabilities could gain the same user rights as ... oval:org.secpod.oval:def:31736 The host is installed with Microsoft Edge, Internet Explorer 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the applications, which fail to properly access objects in memory. An attacker who successfully exploited these vulnerabilities could gain the same user right ... oval:org.secpod.oval:def:31731 The host is installed with Microsoft Edge, Internet Explorer 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the applications, which fail to properly access objects in memory. An attacker who successfully exploited these vulnerabilities could gain the same user ri ... oval:org.secpod.oval:def:31737 The host is installed with Internet Explorer 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly access objects in memory. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the curr ... oval:org.secpod.oval:def:31738 The host is installed with Internet Explorer 11 and is prone to an information disclosure vulnerability. A flaw is present in the application, which improperly discloses the contents of its memory. An attacker who successfully exploited this vulnerability could provide the attacker with information ... oval:org.secpod.oval:def:31739 The host is installed with Microsoft Edge or Internet Explorer 11 and is prone to a memory corruption vulnerability. A flaw is present in the applications, which fail to properly access objects in memory. An attacker who successfully exploited these vulnerabilities could gain the same user rights as ... oval:org.secpod.oval:def:31723 The host is installed with Microsoft Edge or Internet Explorer 11 and is prone to an elevation of privilege vulnerability. A flaw is present in the applications, which do not properly enforce content types. An attacker who successfully exploited the vulnerability could run arbitrary script with elev ... oval:org.secpod.oval:def:31724 The host is installed with Microsoft Edge or Internet Explorer 11 and is prone to a memory corruption vulnerability. A flaw is present in the applications, which fail to properly access objects in memory. An attacker who successfully exploited these vulnerabilities could gain the same user rights as ... oval:org.secpod.oval:def:31720 The host is installed with Internet Explorer 8, 9, 10 or 11 and is prone to a XSS filter bypass vulnerability. A flaw is present in the application, which fails to properly filter HTTP response data. An attacker who successfully exploited the vulnerabilities could cause script to run on another user ... oval:org.secpod.oval:def:31721 The host is installed with Microsoft Edge, Internet Explorer 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the applications, which fail to properly access objects in memory. An attacker who successfully exploited these vulnerabilities could gain the same user ... oval:org.secpod.oval:def:31726 The host is installed with Microsoft Edge or Internet Explorer 11 and is prone to a memory corruption vulnerability. A flaw is present in the applications, which fail to properly access objects in memory. An attacker who successfully exploited these vulnerabilities could gain the same user rights as ... oval:org.secpod.oval:def:31719 The host is installed with Internet Explorer 8, 9, 10 or 11 and is prone to a XSS filter bypass vulnerability. A flaw is present in the application, which fails to properly filter HTTP response data. An attacker who successfully exploited the vulnerabilities could cause script to run on another user ... oval:org.secpod.oval:def:31716 The host is installed with Microsoft Edge, Internet Explorer 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the applications, which fail to properly access objects in memory. An attacker who successfully exploited these vulnerabilities could gain the same u ... oval:org.secpod.oval:def:31717 The host is installed with Microsoft Edge, Internet Explorer 7, 8, 9, 10 or 11 and is prone to an ASLR bypass vulnerability. A flaw is present in the applications, which fail to properly access objects in memory. An attacker who successfully exploited it could bypass the Address Space Layout Randomi ... oval:org.secpod.oval:def:31718 The host is installed with Internet Explorer 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly access objects in memory. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the c ... oval:org.secpod.oval:def:31701 The host is installed with Microsoft Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Microsoft Windows 8, Windows Server 2012, Windows 8.1, Windows 10 or Windows Server 2012 R2 and is prone to a remote code execution vulnerability. A flaw is present in the application, which fails to ... oval:org.secpod.oval:def:31708 The host is installed with Microsoft Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8, 8.1, Server 2012, Server 2012 R2 or Windows 10 and is prone to an elevation of kernel memory privilege vulnerability in Microsoft Windows. The flaw is present in the windows, which ... oval:org.secpod.oval:def:31705 The host is installed with Microsoft Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8, 8.1, Server 2012, Server 2012 R2 or Windows 10 and is prone to an elevation of kernel memory privilege vulnerability in Microsoft Windows. The flaw is present in the windows, which ... oval:org.secpod.oval:def:31706 The host is installed with Microsoft Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8, 8.1, Server 2012, Server 2012 R2 or Windows 10 and is prone to an elevation of kernel memory privilege vulnerability in Microsoft Windows. The flaw is present in the windows, which ... oval:org.secpod.oval:def:31707 The host is missing a important security update according to Microsoft security bulletin, MS15-135. The update is required to fix multiple vulnerabilities. The flaws are present in the windows, which fails to handle kernel memory objects. Successful exploitation could allow attackers to run arbitrar ... oval:org.secpod.oval:def:32585 The host is installed with Microsoft Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1 or Windows 10 and is prone to a remote code execution vulnerability. A flaw is present in the Windows kernel-mode driver, which fails to properly handle objects in memory. An attacker who succe ... oval:org.secpod.oval:def:32593 The host is installed with Internet Explorer 9, 10 or 11 and is prone to an information disclosure vulnerability. A flaw is present in the applications, which fail to properly access objects in memory. An attacker who successfully exploited these vulnerabilities could gain the same user rights as th ... oval:org.secpod.oval:def:32592 The host is installed with Vbscript or JScript 5.7 or 5.8 scripting engines and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle a crafted web page discloses the contents of its memory. Successful exploitation could allow attackers to execute ... oval:org.secpod.oval:def:32588 The host is installed with Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8, Server 2012, Windows 8.1, Server 2012 R2 or Windows 10 and is prone to an elevation of privilege vulnerability. A flaw is present in the Windows kernel, which fails to properly handle objects in memo ... oval:org.secpod.oval:def:32589 The host is installed with Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8, Server 2012, Windows 8.1, Server 2012 R2 or Windows 10 and is prone to an elevation of privilege vulnerability. A flaw is present in the Windows kernel, which fails to properly handle objects in memo ... oval:org.secpod.oval:def:32898 The host is installed with Internet Explorer 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could corrupt memory, execute arbitrary code i ... oval:org.secpod.oval:def:32866 The host is installed with Microsoft Windows 7 SP1, Windows 8.1, Windows 10, Windows Server 2012 or Windows Server 2012 R2 and is prone to an elevation of privilege vulnerability. A flaw is present in the application, which fails to handle objects in memory. Successful exploitation allows attackers ... oval:org.secpod.oval:def:32868 The host is installed with Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Server 2012, Windows 8.1, Server 2012 R2 or Windows 10 and is prone to an elevation of privilege vulnerability. A flaw is present in the Windows kernel, which fails to properly handle objects in memory. An atta ... oval:org.secpod.oval:def:32863 The host is installed with Microsoft Windows Server 2008, Server 2008 R2, Windows Vista, Windows 7, Server 2012, Server 2012 R2, Windows 8.1 or Windows 10 and is prone to an elevation of privilege vulnerability. A flaw is present in the WebDAV, which fails to properly validate input. An attacker who ... oval:org.secpod.oval:def:32862 The host is installed with Windows journal in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows Server 2012, Windows 8.1, Windows 10 or Windows Server 2012 R2 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to ... oval:org.secpod.oval:def:32911 The host is installed with Internet Explorer 9, 10 or 11 or Microsoft Edge and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle crafted website or improperly accesses objects in memory. An attacker who successfully exploited this vulnerabilit ... oval:org.secpod.oval:def:32910 The host is installed with Internet Explorer 11 or Microsoft Edge and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle crafted website or improperly accesses objects in memory. An attacker who successfully exploited this vulnerability could c ... oval:org.secpod.oval:def:32912 The host is installed with Internet Explorer 9, 10 or 11 or Microsoft Edge and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle crafted website or improperly accesses objects in memory. An attacker who successfully exploited this vulnerabilit ... oval:org.secpod.oval:def:32900 The host is installed with Internet Explorer 9, 10 or 11 and is prone to a elevation of privilege vulnerability. A flaw is present in the application, which fails to properly handle cross-domain policies. Successfully exploitation allows remote attackers to access information from one domain and inj ... oval:org.secpod.oval:def:32902 The host is installed with Internet Explorer 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could corrupt memory, execute arbitrary code i ... oval:org.secpod.oval:def:32901 The host is installed with Internet Explorer 9, 10 or 11 and is prone to a elevation of privilege vulnerability. A flaw is present in the application, which fails to properly handle cross-domain policies. Successfully exploitation allows remote attackers to access information from one domain and inj ... oval:org.secpod.oval:def:32908 The host is installed with Internet Explorer 9, 10 or 11 or Microsoft Edge and is prone to a spoofing vulnerability. A flaw is present in the application, which fails to properly parse HTTP responses. An attacker who successfully exploited this vulnerability could trick a user by redirecting them to ... oval:org.secpod.oval:def:32909 The host is installed with Internet Explorer 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could corrupt memory, execute arbitrary code i ... oval:org.secpod.oval:def:32904 The host is installed with Internet Explorer 9, 10 or 11 and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to properly handle Hyperlink Object Library. Successfully exploitation allows remote attackers to obtain information to further compromi ... oval:org.secpod.oval:def:32610 The host is installed with Microsoft Windows Vista SP2, Windows Server 2008 SP2, Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8, Windows Server 2012, Windows 8.1, Windows Server 2012 R2 or Windows 10 and is prone to remote code execution vulnerability via a crafted file. A flaw is present in t ... oval:org.secpod.oval:def:32612 The host is installed with Windows 7 SP1, Windows 8, Windows 8.1 or Windows Server 2012 R2 and is prone to remote code execution vulnerability. A flaw is present in the system, which fails to load DLL file. Successful exploitation could allow attackers to gain privileges via a crafted application. oval:org.secpod.oval:def:32611 The host is installed with Microsoft Windows Vista SP2, Windows Server 2008 SP2, Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8, Windows Server 2012, Windows 8.1, Windows Server 2012 R2 or Windows 10 and is prone to remote code execution vulnerability. A flaw is present in the system, which fa ... oval:org.secpod.oval:def:32609 The host is installed with Microsoft Windows Vista SP2, Windows Server 2008 SP2, Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8, Windows 8.1, Windows Server 2012 R2 or Windows 10 and is prone to privilege escalation vulnerability. A flaw is present in the system, which fails to load DLL file p ... oval:org.secpod.oval:def:32918 The host is installed with Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Server 2012, Windows 8.1, Server 2012 R2 or Windows 10 and is prone to a security bypass vulnerability. A flaw is present in the Windows, when Kerberos fails to check the password change of a user signing into ... oval:org.secpod.oval:def:32915 The host is installed with Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Server 2012, Windows 8.1, Server 2012 R2 or Windows 10 and is prone to remote code execution vulnerability. A flaw is present in the Windows, which fails validates input before loading dynamic link library (DLL ... oval:org.secpod.oval:def:32916 The host is installed with Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Server 2012, Windows 8.1, Server 2012 R2 or Windows 10 and is prone to remote code execution vulnerability. A flaw is present in the Windows, which fails validates input before loading dynamic link library (DLL ... oval:org.secpod.oval:def:33260 The host is installed with Microsoft Edge, Internet Explorer 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which improperly accesses objects in memory. Successfully exploitation can corrupt memory in such a way that an attacker could execute arb ... oval:org.secpod.oval:def:33259 The host is installed with Microsoft Edge or Internet Explorer 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which improperly accesses objects in memory. Successfully exploitation can corrupt memory in such a way that an attacker could execute arbitrary ... oval:org.secpod.oval:def:33255 The host is installed with Internet Explorer 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which improperly accesses objects in memory. Successfully exploitation can corrupt memory in such a way that an attacker could execute arbitrary code in t ... oval:org.secpod.oval:def:33254 The host is installed with Internet Explorer 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which improperly accesses objects in memory. Successfully exploitation can corrupt memory in such a way that an attacker could execute arbitrary code in the contex ... oval:org.secpod.oval:def:33251 The host is installed with Microsoft Edge, Internet Explorer 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which improperly accesses objects in memory. Successfully exploitation can corrupt memory in such a way that an attacker could execute arb ... oval:org.secpod.oval:def:33250 The host is installed with Internet Explorer 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which improperly accesses objects in memory. Successfully exploitation can corrupt memory in such a way that an attacker could execute arbitrary code in t ... oval:org.secpod.oval:def:33253 The host is installed with Microsoft Edge or Internet Explorer 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which improperly accesses objects in memory. Successfully exploitation can corrupt memory in such a way that an attacker could execute arbitrary ... oval:org.secpod.oval:def:33252 The host is installed with Microsoft Edge, Internet Explorer 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which improperly accesses objects in memory. Successfully exploitation can corrupt memory in such a way that an attacker could execute arbitr ... oval:org.secpod.oval:def:33233 The host is installed with Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Server 2012, Windows 8.1, Server 2012 R2 or Windows 10 and is prone to an elevation of privilege vulnerability. A flaw is present in the Windows kernel, which fails to properly handle objects in memory. ... oval:org.secpod.oval:def:33232 The host is installed with Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Server 2012, Windows 8.1, Server 2012 R2 or Windows 10 and is prone to an elevation of privilege vulnerability. A flaw is present in the Windows kernel, which fails to properly handle objects in memory. ... oval:org.secpod.oval:def:33234 The host is installed with Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Server 2012, Windows 8.1, Server 2012 R2 or Windows 10 and is prone to an elevation of privilege vulnerability. A flaw is present in the Windows kernel, which fails to properly handle objects in memory. ... oval:org.secpod.oval:def:33231 The host is installed with Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Server 2012, Windows 8.1, Server 2012 R2 or Windows 10 and is prone to an elevation of privilege vulnerability. A flaw is present in the Windows Kernel, which fails to properly handle objects in memory. ... oval:org.secpod.oval:def:33229 The host is installed with Microsoft Windows Server 2008, 2008 R2, 2012, 2012 R2, Windows Vista, 7, 8.1 or 10 and is prone to a denial of service vulnerability. A flaw is present in the application, which improperly handles specially crafted document and specially crafted embedded OpenType fonts. An ... oval:org.secpod.oval:def:33225 The host is installed with Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Server 2012, Windows 8.1, Server 2012 R2 or Windows 10 and is prone to an elevation of privilege vulnerability. A flaw is present in the Secondary Logon Service in Microsoft Windows, which fails to properly man ... oval:org.secpod.oval:def:33228 The host is installed with Microsoft Windows Server 2008, 2008 R2, 2012, 2012 R2, Windows Vista, 7, 8.1 or 10 and is prone to a remote code execution vulnerability. A flaw is present in the application, which improperly handles specially crafted fonts. An attacker who successfully exploited this vul ... oval:org.secpod.oval:def:33221 The host is installed with Microsoft Windows Server 2008, Server 2008 R2, Windows Vista, Windows 7, Server 2012, Server 2012 R2, Windows 8.1 or Windows 10 and is prone to a remote code execution vulnerability. A flaw is present in the Windows OLE, which fails to properly validate user input. Success ... oval:org.secpod.oval:def:33223 The host is installed with Microsoft Windows Server 2008, Server 2008 R2, Windows Vista, Windows 7, Server 2012, Server 2012 R2, Windows 8.1 or Windows 10 and is prone to an elevation of privilege vulnerability. A flaw is present in USB Mass Storage, which fails to properly validate objects in memor ... oval:org.secpod.oval:def:33220 The host is installed with Microsoft Windows Server 2008, Server 2008 R2, Windows Vista, Windows 7, Server 2012, Server 2012 R2, Windows 8.1 or Windows 10 and is prone to a remote code execution vulnerability. A flaw is present in the Windows OLE, which fails to properly validate user input. Success ... oval:org.secpod.oval:def:33219 The host is installed with Microsoft Windows and is prone to remote code execution vulnerability. A flaw is present in the Microsoft Windows Media Parsing, which fails to handle specially crafted media content that is hosted on a website. Successful exploitation could allow attackers to take control ... oval:org.secpod.oval:def:33218 The host is installed with Microsoft Windows and is prone to remote code execution vulnerability. A flaw is present in the Microsoft Windows Media Parsing, which fails to handle specially crafted media content that is hosted on a website. Successful exploitation could allow attackers to take control ... oval:org.secpod.oval:def:33811 The host is installed with Microsoft Edge, Internet Explorer 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which improperly accesses objects in memory. Successfully exploitation can corrupt memory in such a way that an attacker could execute arb ... oval:org.secpod.oval:def:33809 The host is installed with Internet Explorer 11 and is prone to a remote code execution vulnerability. A flaw is present in the application, which improperly validates input before loading dynamic link library (DLL) files. Successfully exploitation could take control of an affected system. oval:org.secpod.oval:def:33806 The host is installed with Internet Explorer 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which improperly accesses objects in memory. Successfully exploitation can corrupt memory in such a way that an attacker could execute arbitrary code in the contex ... oval:org.secpod.oval:def:33808 The host is installed with Internet Explorer 9, 10 or 11 and is prone to an information disclosure vulnerability. A flaw is present in the application, which does not properly handle JavaScript. Successfully exploitation allow an attacker to detect specific files on the user's computer, In web-based ... oval:org.secpod.oval:def:34341 The host is installed with Microsoft Edge, Internet Explorer 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which improperly accesses objects in memory. Successful exploitation can corrupt memory in such a way that an attacker could execute arbit ... oval:org.secpod.oval:def:34340 The host is installed with Internet Explorer 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which improperly handle objects in memory. Successful exploitation could allow attackers to gain the same user rights as the current user, If the current ... oval:org.secpod.oval:def:34338 The host is installed with Vbscript 5.7, Internet Explorer 7, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which improperly handles JScript and VBScript engines render when handling objects in memory in Internet Explorer. Successful exploitatio ... oval:org.secpod.oval:def:34337 The host is installed with Internet Explorer 10 or 11 and is prone to an information disclosure vulnerability. A flaw is present in the application, which improperly handle file access permissions. Successful exploitation could allow an attacker to disclose the contents of arbitrary files on the use ... oval:org.secpod.oval:def:35629 The host is installed with Vbscript 5.7, Internet Explorer 7, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in VBScript engine, which improperly handles objects in memory in Internet Explorer. Successful exploitation could allow attackers to gain the same user righ ... oval:org.secpod.oval:def:35627 The host is installed with Vbscript 5.7, Internet Explorer 7, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in VBScript engine, which improperly handles objects in memory in Internet Explorer. Successful exploitation could allow attackers to gain the same user righ ... oval:org.secpod.oval:def:35628 The host is installed with Vbscript 5.7, Internet Explorer 7, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in VBScript engine, which improperly handles objects in memory in Internet Explorer. Successful exploitation could allow attackers to gain the same user righ ... oval:org.secpod.oval:def:35625 The host is installed with Internet Explorer 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in VBScript engine, which improperly handles objects in memory in Internet Explorer. Successful exploitation could allow attackers to gain the same user rights as the current ... oval:org.secpod.oval:def:35626 The host is installed with Internet Explorer 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in VBScript engine, which improperly handles objects in memory in Internet Explorer. Successful exploitation could allow attackers to gain the same user rights as the current ... oval:org.secpod.oval:def:35623 The host is installed with Internet Explorer 11 and is prone to a memory corruption vulnerability. A flaw is present in VBScript engine, which improperly handles objects in memory in Internet Explorer. Successful exploitation could allow attackers to gain the same user rights as the current user, If ... oval:org.secpod.oval:def:35624 The host is installed with Internet Explorer 10, 11 or Microsoft edge and is prone to a memory corruption vulnerability. A flaw is present in VBScript engine, which improperly handles objects in memory in Internet Explorer. Successful exploitation could allow attackers to gain the same user rights a ... oval:org.secpod.oval:def:35621 The host is installed with Internet Explorer 9, 10 or 11 and is prone to a XSS filter vulnerability. A flaw is present in the application, which improperly validate JavaScript under specific conditions in Internet Explorer. Successful exploitation allow attackers to run arbitrary code with medium-in ... oval:org.secpod.oval:def:35622 The host is installed with Internet Explorer 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in VBScript engine, which improperly handles objects in memory in Internet Explorer. Successful exploitation could allow attackers to gain the same user rights as the current ... oval:org.secpod.oval:def:35935 The host is installed with Internet Explorer 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in Internet Explorer, which improperly handles objects in memory. Successful exploitation could allow attackers to execute arbitrary code in the context of the current user o ... oval:org.secpod.oval:def:35936 The host is installed with Internet Explorer 9, 10, 11 or Microsoft edge and is prone to a spoofing vulnerability. A flaw is present in microsoft browser, which fails to properly parse HTTP content. Successful exploitation could allow attackers to gain the same user rights as the current user, if th ... oval:org.secpod.oval:def:35933 The host is installed with Internet Explorer 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in Internet Explorer, which improperly handles objects in memory. Successful exploitation could allow attackers to execute arbitrary code in the context of the current user o ... oval:org.secpod.oval:def:35934 The host is installed with Internet Explorer 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in Internet Explorer, which improperly handles objects in memory. Successful exploitation could allow attackers to execute arbitrary code in the context of the current user o ... oval:org.secpod.oval:def:35932 The host is installed with Internet Explorer 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in Internet Explorer, which improperly handles objects in memory. Successful exploitation could allow attackers to execute arbitrary code in the context of the current user or c ... oval:org.secpod.oval:def:35944 The host is installed with Internet Explorer 10, 11 or Microsoft edge and is prone to an information disclosure vulnerability. A flaw is present in applications, which improperly handles objects in memory in Internet Explorer. Successful exploitation could allow attackers to obtain information to fu ... oval:org.secpod.oval:def:35945 The host is installed with Vbscript 5.7, Internet Explorer 7, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in VBScript engine, which improperly handles objects in memory in Internet Explorer. Successful exploitation could allow attackers to corrupt memory, execute ... oval:org.secpod.oval:def:35942 The host is installed with Internet Explorer 9, 10, 11 or Microsoft edge and is prone to a memory corruption vulnerability. A flaw is present in Internet Explorer, which improperly handles objects in memory. Successful exploitation could allow attackers to execute arbitrary code in the context of th ... oval:org.secpod.oval:def:35943 The host is installed with Internet Explorer 9, 10, 11 or Microsoft edge and is prone to a memory corruption vulnerability. A flaw is present in applications, which improperly handles objects in memory in Internet Explorer. Successful exploitation could allow attackers to gain the same user rights a ... oval:org.secpod.oval:def:35940 The host is installed with Internet Explorer 11 or Microsoft edge and is prone to an information disclosure vulnerability. A flaw is present in applications, which improperly handles objects in memory in Internet Explorer. Successful exploitation could allow attackers to obtain information to furthe ... oval:org.secpod.oval:def:35941 The host is installed with Internet Explorer 11 or Microsoft edge and is prone to a memory corruption vulnerability. A flaw is present in applications, which improperly handles objects in memory in Internet Explorer. Successful exploitation could allow attackers to gain the same user rights as the c ... oval:org.secpod.oval:def:35937 The host is installed with Microsoft edge and is prone to a spoofing vulnerability. A flaw is present in application, which fails to properly parse HTML content. Successful exploitation could allow attackers to trick a user by redirecting the user to a specially crafted website. oval:org.secpod.oval:def:35938 The host is installed with Internet Explorer 9, 10, 11 or Microsoft edge and is prone to an information disclosure vulnerability. A flaw is present in microsoft browser XSS filter, which fails to properly validate content under specific conditions. Successful exploitation could allow attackers to ru ... oval:org.secpod.oval:def:35939 The host is installed with Internet Explorer 9, 10, 11 or Microsoft edge and is prone to a memory corruption vulnerability. A flaw is present in applications, which improperly handles objects in memory in Internet Explorer. Successful exploitation could allow attackers to gain the same user rights a ... oval:org.secpod.oval:def:36734 The host is installed with Internet Explorer 9, 10, 11 or Microsoft edge and is prone to an information disclosure vulnerability. A flaw is present in Internet Explorer, which improperly handles objects in memory. Successful exploitation could allow attackers to obtain information to further comprom ... oval:org.secpod.oval:def:36733 The host is installed with Internet Explorer 9, 10, 11 or Microsoft edge and is prone to an information disclosure vulnerability. A flaw is present in Internet Explorer, which improperly handles objects in memory. Successful exploitation could allow attackers to obtain information to further comprom ... oval:org.secpod.oval:def:36732 The host is installed with Internet Explorer 9, 10, 11 or Microsoft edge and is prone to an information disclosure vulnerability. A flaw is present in Internet Explorer, which improperly handles objects in memory. Successful exploitation could allow attackers to obtain information to further comprom ... oval:org.secpod.oval:def:36731 The host is installed with Internet Explorer 11 or Microsoft edge and is prone to a memory corruption vulnerability. A flaw is present in Internet Explorer, which improperly handles objects in memory. Successful exploitation could allow attackers to execute arbitrary code in the context of the curre ... oval:org.secpod.oval:def:36730 The host is installed with Internet Explorer 10 or 11 and is prone to an information disclosure vulnerability. A flaw is present in Internet Explorer, which improperly handles objects in memory. Successful exploitation could allow attackers to obtain information to further compromise the user's syst ... oval:org.secpod.oval:def:36729 The host is installed with Internet Explorer 9, 10, 11 or Microsoft edge and is prone to a memory corruption vulnerability. A flaw is present in Internet Explorer, which improperly handles objects in memory. Successful exploitation could allow attackers to execute arbitrary code in the context of th ... oval:org.secpod.oval:def:36728 The host is installed with Internet Explorer 11 and is prone to a memory corruption vulnerability. A flaw is present in Internet Explorer, which improperly handles objects in memory. Successful exploitation could allow attackers to execute arbitrary code in the context of the current user or could g ... oval:org.secpod.oval:def:36727 The host is installed with Internet Explorer 11 or Microsoft edge and is prone to a memory corruption vulnerability. A flaw is present in Internet Explorer, which improperly handles objects in memory. Successful exploitation could allow attackers to execute arbitrary code in the context of the curre ... oval:org.secpod.oval:def:36726 The host is installed with Internet Explorer 11 and is prone to a memory corruption vulnerability. A flaw is present in Internet Explorer, which improperly handles objects in memory. Successful exploitation could allow attackers to execute arbitrary code in the context of the current user or could g ... oval:org.secpod.oval:def:37061 The host is installed with Internet Explorer 11 and is prone to an information disclosure vulnerability. A flaw is present in Internet Explorer, which fails to handle cross-origin requests. Successful exploitation could determine the origin of all of the web pages in the affected browser. oval:org.secpod.oval:def:37060 The host is installed with Internet Explorer 11 or Microsoft Edge and is prone to a memory corruption vulnerability. A flaw is present in Internet Explorer, which improperly handles objects in memory. Successful exploitation could allow attackers to gain the same user rights as the current user, if ... oval:org.secpod.oval:def:37065 The host is installed with Internet Explorer 9, 10, 11 and is prone to a memory corruption vulnerability. A flaw is present in Internet Explorer, which improperly handles objects in memory. Successful exploitation could allow attackers to gain the same user rights as the current user, if the current ... oval:org.secpod.oval:def:37064 The host is installed with Internet Explorer 9, 10, 11 or Microsoft Edge and is prone to a memory corruption vulnerability. A flaw is present in Internet Explorer, which improperly handles objects in memory. Successful exploitation could allow attackers to gain the same user rights as the current us ... oval:org.secpod.oval:def:37063 The host is installed with Internet Explorer 10, 11 or Microsoft Edge and is prone to a memory corruption vulnerability. A flaw is present in Internet Explorer, which improperly handles objects in memory. Successful exploitation could allow attackers to gain the same user rights as the current user, ... oval:org.secpod.oval:def:37062 The host is installed with Internet Explorer 10, 11 and is prone to an elevation of privilege vulnerability. A flaw is present in Internet Explorer, which fails to handle a check which allow sandbox escape. Successful exploitation could use the sandbox escape to elevate privileges on an affected sys ... oval:org.secpod.oval:def:37068 The host is installed with Internet Explorer 9, 10, 11 and is prone to a security feature bypass vulnerability. A flaw is present in Internet Explorer, which improperly handles objects in memory. Successful exploitation could entice users into clicking a link that directs them to the attacker's site ... oval:org.secpod.oval:def:37067 The host is installed with Internet Explorer 9, 10, 11 or Microsoft edge and is prone to an information disclosure vulnerability. A flaw is present in Internet Explorer, which improperly handles objects in memory. Successful exploitation could obtain information to further compromise a target system ... oval:org.secpod.oval:def:37478 The host is installed with Internet Explorer 9, 10, 11 or edge and is prone to a memory corruption vulnerability. A flaw is present in the applications, which improperly handles objects in memory. Successful exploitation could allow attackers to gain the same user rights as the current user, if the ... oval:org.secpod.oval:def:37476 The host is installed with Internet Explorer 9, 10 or 11 and is prone to an information disclosure vulnerability. A flaw is present in the Internet Messaging API, which fails to properly handle objects in memory. Successful exploitation could allow the attacker to test for the presence of files on d ... oval:org.secpod.oval:def:37475 The host is installed with Internet Explorer 9, 10, 11 or Microsoft Edge and is prone to an information disclosure vulnerability. A flaw is present in the applications, which improperly handles objects in memory. Successful exploitation could allow attackers to detect specific files on the user's co ... oval:org.secpod.oval:def:37484 The host is installed with Internet Explorer 11 or Edge and is prone to a memory corruption vulnerability. A flaw is present in the applications, which improperly handles objects in memory. Successful exploitation could allow attackers to gain the same user rights as the current user, if the current ... oval:org.secpod.oval:def:37483 The host is installed with Internet Explorer 10, 11 or Microsoft Edge and is prone to an elevation of privilege vulnerability. A flaw is present in the applications, which fails to properly secure private namespace. Successful exploitation could allow attackers to gain elevated permissions on the na ... oval:org.secpod.oval:def:37482 The host is installed with Internet Explorer 10, 11 or Microsoft Edge and is prone to an elevation of privilege vulnerability. A flaw is present in the applications, which fails to properly secure private namespace. Successful exploitation could allow attackers to gain elevated permissions on the na ... oval:org.secpod.oval:def:37481 The host is installed with Internet Explorer 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in Internet Explorer, which improperly handles objects in memory. Successful exploitation could allow attackers to gain the same user rights as the current user, if the curre ... oval:org.secpod.oval:def:37480 The host is installed with Internet Explorer 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in Internet Explorer, which improperly handles objects in memory. Successful exploitation could allow attackers to gain the same user rights as the current user, if the curre ... oval:org.secpod.oval:def:37485 The host is installed with Internet Explorer 9, 10 or 11 and is prone to an information disclosure vulnerability. A flaw is present in Internet Explorer, which leaves credential data in memory. Successful exploitation could allow attackers to harvest credentials from a memory dump of the browser pro ... oval:org.secpod.oval:def:38294 The host is installed with Microsoft Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8.1, Windows 10, Server 2012, Server 2016 or Server 2012 R2 and is prone to a remote code execution vulnerability. A flaw is present in the Windows Uniscribe, which fails to properly h ... oval:org.secpod.oval:def:38311 The host is installed with Internet Explorer 9, 10, 11 or Edge and is prone to an information disclosure vulnerability. A flaw is present in the applications, which improperly handles objects in memory. Successful exploitation could allow attackers to obtain information to further compromise a targe ... oval:org.secpod.oval:def:38307 The host is installed with Internet Explorer 10, 11 or edge and is prone to a security feature bypass vulnerability. A flaw is present in the applications, which fails to properly apply same origin policy for scripts running inside Web Workers. Successful exploitation allow attackers to trick a user ... oval:org.secpod.oval:def:38308 The host is installed with Internet Explorer 9, 10 or 11 is prone to a memory corruption vulnerability. A flaw is present in the applications, which improperly handles objects in memory. Successful exploitation could allow attackers to gain the same user rights as the current user, if the current us ... oval:org.secpod.oval:def:38309 The host is installed with Internet Explorer 9, 10, 11 or edge and is prone to a memory corruption vulnerability. A flaw is present in the applications, which improperly handles objects in memory. Successful exploitation could allow attackers to gain the same user rights as the current user, if the ... oval:org.secpod.oval:def:38306 The host is installed with Internet Explorer 11 or edge and is prone to a memory corruption vulnerability. A flaw is present in the applications, which improperly handles objects in memory. Successful exploitation could allow attackers to gain the same user rights as the current user, if the current ... oval:org.secpod.oval:def:39413 The host is missing a critical security update according to Microsoft bulletin, MS17-006. The update is required to fix multiple vulnerabilities. The flaws are present in application, which improperly handles objects in memory in Internet Explorer. Successful exploitation could allow attackers to ex ... oval:org.secpod.oval:def:39115 The host is installed with Internet Explorer 10, 11 or edge and is prone to a type confusion vulnerability. A flaw is present in the applications, which fails to properly handle a malicious website. Successful exploitation could allow attackers to execute arbitrary code on the target machine. oval:org.secpod.oval:def:39308 The host is installed with Microsoft XML Core Services 3.0 in Microsoft Windows Server 2012, Windows server2012 R2, Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Server 2016, Windows 10 or Windows 8.1 and is prone to an information Disclosure vulnerability. A flaw is present in the ... oval:org.secpod.oval:def:39454 The host is installed with Internet Explorer 11 and is prone to an information disclosure vulnerability. A flaw is present in the applications, which improperly handles objects in memory. Successful exploitation could allow attackers to detect specific files on the user's computer. oval:org.secpod.oval:def:39455 The host is installed with Internet Explorer 9, 10 or 11 and is prone to an information disclosure vulnerability. A flaw is present in the applications, which improperly handles objects in memory. Successful exploitation could allow attackers to obtain information to further compromise a target syst ... oval:org.secpod.oval:def:39456 The host is installed with Internet Explorer 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the applications, which improperly handles objects in memory. Successful exploitation could allow attackers to execute arbitrary code in the context of the current user. oval:org.secpod.oval:def:39457 The host is installed with Internet Explorer 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the applications, which improperly handles objects in memory. Successful exploitation could allow attackers to execute arbitrary code in the context of the current user. oval:org.secpod.oval:def:39459 The host is installed with Internet Explorer 9, 10 or 11 and is prone to an information disclosure vulnerability. A flaw is present in the Internet Messaging API, which fails to properly handle objects in memory. Successful exploitation could allow the attackers to obtain information to further comp ... oval:org.secpod.oval:def:39450 The host is installed with Internet Explorer 11 or Microsoft Edge and is prone to a spoofing vulnerability. A flaw is present in the applications, which does not properly parse HTTP responses. Successful exploitation could allow attackers to spoof content or be used as a pivot to chain an attack wit ... oval:org.secpod.oval:def:39451 The host is installed with Internet Explorer 11 or Microsoft Edge and is prone to a spoofing vulnerability. A flaw is present in the applications, which does not properly parse HTTP responses. Successful exploitation could allow attackers to spoof content or be used as a pivot to chain an attack wit ... oval:org.secpod.oval:def:39452 The host is installed with Internet Explorer 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the applications, which improperly handles objects in memory. Successful exploitation could allow attackers to execute arbitrary code in the context of the current user. oval:org.secpod.oval:def:39453 The host is installed with Internet Explorer 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the applications, which improperly handles objects in memory. Successful exploitation could allow attackers to execute arbitrary code in the context of the current user. oval:org.secpod.oval:def:39449 The host is installed with Internet Explorer 9, 10, 11 or Microsoft Edge and is prone to an information disclosure vulnerability. A flaw is present in the applications, which improperly handles objects in memory. Successful exploitation could allow attackers to obtain information to further compromi ... oval:org.secpod.oval:def:39827 The host is installed with Internet Explorer 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which improperly handles objects in memory. Successful exploitation could allow attackers to execute arbitrary code in the context of the current user. oval:org.secpod.oval:def:39828 The host is installed with Internet Explorer 10 or 11 and is prone to an elevation of privilege vulnerability. A flaw is present in the application, which does not properly enforce cross-domain policies. Successful exploitation could allow attackers to access information from one domain and inject i ... oval:org.secpod.oval:def:41175 The host is installed with Microsoft malware protection engine before 1.1.13903.0 for Microsoft Windows Defender or Microsoft Security Essentials and is prone to a remote code execution vulnerability. A flaw is present in the application, which fails to handle a crafted file. Successful exploitation ... oval:org.secpod.oval:def:41976 An information disclosure vulnerability exists in Microsoft browsers due to improper parent domain verification in certain functionality. An attacker who successfully exploited the vulnerability could obtain specific information that is used in the parent domain. To exploit the vulnerability, an at ... oval:org.secpod.oval:def:41983 A remote code execution vulnerability exists when Microsoft browsers improperly access objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. In a web-based attack scenario, an attacker could host a s ... oval:org.secpod.oval:def:41982 A remote code execution vulnerability exists in the way that Microsoft browser JavaScript engines render content when handling objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. In a web-based att ... oval:org.secpod.oval:def:41981 A remote code execution vulnerability exists in the way that Microsoft browser JavaScript engines render content when handling objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. In a web-based att ... oval:org.secpod.oval:def:41959 A spoofing vulnerability exists when Internet Explorer improperly handles specific HTML content. An attacker who successfully exploited this vulnerability could trick a user into believing that the user was visiting a legitimate website. The specially crafted website could either spoof content or se ... oval:org.secpod.oval:def:41961 A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. In a web-based attack scenario, an attacker could host a ... oval:org.secpod.oval:def:41960 A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. In a web-based attack scenario, an attacker could host a ... oval:org.secpod.oval:def:41264 A remote code execution vulnerability exists in the way JavaScript engines render when handling objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully ... oval:org.secpod.oval:def:41262 A spoofing vulnerability exists when an affected Microsoft browser does not properly parse HTTP content. An attacker who successfully exploited this vulnerability could trick a user by redirecting the user to a specially crafted website. The specially crafted website could either spoof content or se ... oval:org.secpod.oval:def:41263 A remote code execution vulnerability exists in the way JavaScript engines render when handling objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully ... oval:org.secpod.oval:def:41266 A remote code execution vulnerability exists in the way that the VBScript engine, when rendered in Internet Explorer, handles objects in memory. In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit this vulnerability through Internet Explorer ... oval:org.secpod.oval:def:41614 A remote code execution vulnerability exists when Microsoft browsers improperly access objects in memory. The vulnerability could corrupt memory in such a way that enables an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerabili ... oval:org.secpod.oval:def:41611 A remote code execution vulnerability exists in the way JavaScript engines render when handling objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully ... oval:org.secpod.oval:def:41612 A remote code execution vulnerability exists in the way JavaScript engines render when handling objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully ... oval:org.secpod.oval:def:42299 A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploi ... oval:org.secpod.oval:def:42297 An information disclosure vulnerability exists when Internet Explorer improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. To exploit the vulnerability, in a web-based attack scenario, an attac ... oval:org.secpod.oval:def:42312 A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploi ... oval:org.secpod.oval:def:42317 A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability c ... oval:org.secpod.oval:def:42687 An information disclosure vulnerability exists when the scripting engine does not properly handle objects in memory in Microsoft browsers. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. In a web-based attack scenario, an att ... oval:org.secpod.oval:def:42689 A remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory. The vulnerability could corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerabilit ... oval:org.secpod.oval:def:42691 An information disclosure vulnerability exists when the scripting engine does not properly handle objects in memory in Internet Explorer. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. In a web-based attack scenario, an atta ... oval:org.secpod.oval:def:42694 A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited ... oval:org.secpod.oval:def:42693 A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited ... oval:org.secpod.oval:def:42698 A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited ... oval:org.secpod.oval:def:42703 A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability c ... oval:org.secpod.oval:def:42702 An information disclosure vulnerability exists when Internet Explorer improperly handles page content, which could allow an attacker to detect the navigation of the user leaving a maliciously crafted page. To exploit the vulnerability, in a web-based attack scenario, an attacker could host a specia ... oval:org.secpod.oval:def:42701 An information disclosure vulnerability exists when Internet Explorer improperly handles page content, which could allow an attacker to detect the navigation of the user leaving a maliciously crafted page. To exploit the vulnerability, in a web-based attack scenario, an attacker could host a specia ... oval:org.secpod.oval:def:42705 remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory. The vulnerability could corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability ... oval:org.secpod.oval:def:42704 A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability c ... oval:org.secpod.oval:def:42710 A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability c ... oval:org.secpod.oval:def:43160 A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited ... oval:org.secpod.oval:def:43164 An information disclosure vulnerability exists when the scripting engine does not properly handle objects in memory in Microsoft browsers. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. In a web-based attack scenario, an att ... oval:org.secpod.oval:def:43161 A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability c ... oval:org.secpod.oval:def:43165 A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited ... oval:org.secpod.oval:def:43139 The host is installed with Microsoft malware protection engine before 1.1.14405.2 for Windows Defender or Microsoft Security Essentials and is prone to a remote code execution vulnerability. A flaw is present in the application, which fails to handle a crafted file. Successful exploitation allows at ... oval:org.secpod.oval:def:43137 The host is installed with Microsoft malware protection engine before 1.1.14405.2 for Windows Defender or Microsoft Security Essentials and is prone to a remote code execution vulnerability. A flaw is present in the application, which fails to handle a crafted file. Successful exploitation allows at ... oval:org.secpod.oval:def:43144 An information disclosure vulnerability exists when Internet Explorer improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. To exploit the vulnerability, in a web-based attack scenario, an atta ... oval:org.secpod.oval:def:43143 A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability c ... oval:org.secpod.oval:def:43149 A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited ... oval:org.secpod.oval:def:43147 A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability c ... oval:org.secpod.oval:def:43152 A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability c ... oval:org.secpod.oval:def:43151 A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability c ... oval:org.secpod.oval:def:43150 A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited ... oval:org.secpod.oval:def:43155 A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability c ... oval:org.secpod.oval:def:43154 An information disclosure vulnerability exists when Internet Explorer improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. To exploit the vulnerability, in a web-based attack scenario, an atta ... oval:org.secpod.oval:def:43378 A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited ... oval:org.secpod.oval:def:43384 A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited ... oval:org.secpod.oval:def:43791 The host is missing an important security update 4072698 oval:org.secpod.oval:def:43790 The host is missing an important security update 4078130 oval:org.secpod.oval:def:43841 A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited ... oval:org.secpod.oval:def:43847 A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploi ... oval:org.secpod.oval:def:44574 An information disclosure vulnerability exists when affected Microsoft browsers improperly handle objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. To exploit the vulnerability, in a web-based attack scenari ... oval:org.secpod.oval:def:44575 An information disclosure vulnerability exists when Internet Explorer improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. To exploit the vulnerability, in a web-based attack scenario, an atta ... oval:org.secpod.oval:def:44571 A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploi ... oval:org.secpod.oval:def:44572 An information disclosure vulnerability exists when the scripting engine does not properly handle objects in memory in Microsoft browsers. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. In a web-based attack scenario, an att ... oval:org.secpod.oval:def:44578 An information disclosure vulnerability exists when affected Microsoft browsers improperly handle objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. To exploit the vulnerability, in a web-based attack scenari ... oval:org.secpod.oval:def:44585 An elevation of privilege vulnerability exists when Internet Explorer fails a check, allowing sandbox escape. An attacker who successfully exploited the vulnerability could use the sandbox escape to elevate privileges on an affected system. This vulnerability by itself does not allow arbitrary code ... oval:org.secpod.oval:def:44581 A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploi ... oval:org.secpod.oval:def:44868 A remote code execution vulnerability exists when the Microsoft Malware Protection Engine does not properly scan a specially crafted file, leading to memory corruption. An attacker who successfully exploited this vulnerability could execute arbitrary code in the security context of the LocalSystem a ... oval:org.secpod.oval:def:45343 A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited ... oval:org.secpod.oval:def:45344 An information disclosure vulnerability exists when affected Microsoft browsers improperly handle objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. To exploit the vulnerability, in a web-based attack scenari ... oval:org.secpod.oval:def:45346 A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploi ... oval:org.secpod.oval:def:45340 A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited ... oval:org.secpod.oval:def:45341 A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited ... oval:org.secpod.oval:def:45347 A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploi ... oval:org.secpod.oval:def:45355 An information disclosure vulnerability exists when Chakra improperly discloses the contents of its memory, which could provide an attacker with information to further compromise the users computer or data. To exploit the vulnerability, an attacker must know the memory address of where the object w ... oval:org.secpod.oval:def:45356 A remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory. The vulnerability could corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerabilit ... oval:org.secpod.oval:def:44927 A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability c ... oval:org.secpod.oval:def:44933 A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploi ... oval:org.secpod.oval:def:44934 An information disclosure vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could provide an attacker with information to further compromise the user's computer or data. In ... oval:org.secpod.oval:def:44936 A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability c ... oval:org.secpod.oval:def:44931 An information disclosure vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could provide an attacker with information to further compromise the user's computer or data. In a ... oval:org.secpod.oval:def:44932 An information disclosure vulnerability exists when the scripting engine does not properly handle objects in memory in Internet Explorer. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. In a web-based attack scenario, an atta ... oval:org.secpod.oval:def:44944 A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploi ... oval:org.secpod.oval:def:44945 A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability c ... oval:org.secpod.oval:def:44947 A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability c ... oval:org.secpod.oval:def:44940 A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploi ... oval:org.secpod.oval:def:44941 A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability c ... oval:org.secpod.oval:def:44943 An information disclosure vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could provide an attacker with information to further compromise the user's computer or data. In ... oval:org.secpod.oval:def:46350 A security feature bypass vulnerability exists when Microsoft Internet Explorer improperly handles requests involving UNC resources. An attacker who successfully exploited the vulnerability could force the browser to load data that would otherwise be restricted. In a web-based attack scenario, an ... oval:org.secpod.oval:def:46355 A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploi ... oval:org.secpod.oval:def:46352 A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited ... oval:org.secpod.oval:def:46351 A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploi ... oval:org.secpod.oval:def:46354 A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited ... oval:org.secpod.oval:def:46353 A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited ... oval:org.secpod.oval:def:45993 A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability c ... oval:org.secpod.oval:def:47104 A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploi ... oval:org.secpod.oval:def:47103 An information disclosure vulnerability exists when affected Microsoft browsers improperly allow cross-frame interaction. An attacker who successfully exploited this vulnerability could allow an attacker to obtain browser frame or window state from a different domain. For an attack to be successful ... oval:org.secpod.oval:def:47105 A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited ... oval:org.secpod.oval:def:47102 A remote code execution vulnerability exists when Internet Explorer improperly validates hyperlinks before loading executable libraries. An attacker who successfully exploited this vulnerability could take control of an affected system. An attacker could then install programs; view, change, or dele ... oval:org.secpod.oval:def:47109 A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploi ... oval:org.secpod.oval:def:47116 A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited ... oval:org.secpod.oval:def:47111 A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploi ... oval:org.secpod.oval:def:47110 A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited ... oval:org.secpod.oval:def:47119 A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploi ... oval:org.secpod.oval:def:47121 A remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory. The vulnerability could corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerabilit ... oval:org.secpod.oval:def:47218 An attacker who has successfully exploited L1TF may be able to read privileged data across trust boundaries. In shared resource environments (such that exist in some cloud services configurations), this vulnerability could allow one virtual machine to improperly access information from another. An a ... oval:org.secpod.oval:def:47409 An information disclosure vulnerability exists when the browser scripting engine improperly handle object types. An attacker who has successfully exploited this vulnerability might be able to read privileged data across trust boundaries. In browsing scenarios, an attacker could convince a user to vi ... oval:org.secpod.oval:def:47414 A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability c ... oval:org.secpod.oval:def:47415 An information disclosure vulnerability exists when the scripting engine does not properly handle objects in memory in Microsoft browsers. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. In a web-based attack scenario, an atta ... oval:org.secpod.oval:def:47417 A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited ... oval:org.secpod.oval:def:47427 A security feature bypass vulnerability exists in Internet Explorer due to how scripts are handled that allows a universal cross-site scripting (UXSS) condition. An attacker could use the UXSS vulnerability to access any session belonging to web pages currently opened (or cached) by the browser at t ... oval:org.secpod.oval:def:61871 An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory, allowing an attacker to retrieve information from a targeted system. By itself, the information disclosure does not allow arbitrary code execution; however, it could ... oval:org.secpod.oval:def:49084 An information disclosure vulnerability exists when VBScript improperly discloses the contents of its memory, which could provide an attacker with information to further compromise the users computer or data. To exploit the vulnerability, an attacker must know the memory address of where the object ... oval:org.secpod.oval:def:46003 A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploi ... oval:org.secpod.oval:def:47885 A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability c ... oval:org.secpod.oval:def:47883 A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability c ... oval:org.secpod.oval:def:49679 A remote code execution vulnerability exists when the Internet Explorer VBScript execution policy does not properly restrict VBScript under specific conditions. An attacker who exploited the vulnerability could run arbitrary code with medium-integrity level privileges (the permissions of the current ... oval:org.secpod.oval:def:49683 A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability c ... oval:org.secpod.oval:def:49681 A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability ... oval:org.secpod.oval:def:49684 A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploi ... oval:org.secpod.oval:def:50057 A remote code execution vulnerability exists in the way that the MSHTML engine inproperly validates input. An attacker could execute arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnera ... oval:org.secpod.oval:def:50002 A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploi ... oval:org.secpod.oval:def:50690 An information disclosure vulnerability exists when Internet Explorer improperly handles objects in memory. An attacker who successfully exploited this vulnerability could test for the presence of files on disk. For an attack to be successful, an attacker must persuade a user to open a malicious web ... oval:org.secpod.oval:def:50687 A spoofing vulnerability exists when Microsoft browsers improperly handles specific redirects. An attacker who successfully exploited this vulnerability could trick a user into believing that the user was on a legitimate website. The specially crafted website could either spoof content or serve as a ... oval:org.secpod.oval:def:50672 A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability c ... oval:org.secpod.oval:def:51346 A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited ... oval:org.secpod.oval:def:51350 A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability ... oval:org.secpod.oval:def:51352 A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability ... oval:org.secpod.oval:def:51351 A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability ... oval:org.secpod.oval:def:51354 A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploi ... oval:org.secpod.oval:def:51356 A security feature bypass vulnerability exists when Internet Explorer fails to validate the correct Security Zone of requests for specific URLs. This could allow an attacker to cause a user to access a URL in a less restricted Internet Security Zone than intended. To exploit this vulnerability, an a ... oval:org.secpod.oval:def:51355 An information disclosure vulnerability exists when the scripting engine does not properly handle objects in memory in Microsoft Edge. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user's system. In a web-based attack scenario, an attacke ... oval:org.secpod.oval:def:51358 A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability c ... oval:org.secpod.oval:def:51357 A security feature bypass vulnerability exists when Microsoft browsers improperly handle requests of different origins. The vulnerability allows Microsoft browsers to bypass Same-Site cookie restrictions, and to allow requests that should otherwise be ignored. An attacker who successfully exploited ... oval:org.secpod.oval:def:51365 A remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory. The vulnerability could corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerabilit ... oval:org.secpod.oval:def:51366 A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploi ... oval:org.secpod.oval:def:54130 A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploi ... oval:org.secpod.oval:def:54131 A tampering vulnerability exists when Microsoft browsers do not properly validate input under specific conditions. An attacker who exploited the vulnerability could pass custom command line parameters. In a web-based attack scenario, an attacker could host a specially crafted website designed to app ... oval:org.secpod.oval:def:54129 A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploi ... oval:org.secpod.oval:def:54140 A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploi ... oval:org.secpod.oval:def:54137 An information disclosure vulnerability exists when the scripting engine does not properly handle objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. In a web-based attack scenario, an attacker could host a webs ... oval:org.secpod.oval:def:54671 A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited ... oval:org.secpod.oval:def:54672 A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited ... oval:org.secpod.oval:def:54680 An spoofing vulnerability exists when Internet Explorer improperly handles URLs. An attacker who successfully exploited this vulnerability could trick a user by redirecting the user to a specially crafted website. The specially crafted website could either spoof content or serve as a pivot to chain ... oval:org.secpod.oval:def:54679 A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited ... oval:org.secpod.oval:def:54692 A remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory. The vulnerability could corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerabilit ... oval:org.secpod.oval:def:54688 An information disclosure vulnerability exists when Internet Explorer improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. To exploit the vulnerability, in a web-based attack scenario, an attac ... oval:org.secpod.oval:def:55343 A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited ... oval:org.secpod.oval:def:55335 A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploi ... oval:org.secpod.oval:def:55351 A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited ... oval:org.secpod.oval:def:55352 An information disclosure vulnerability exists when affected Microsoft browsers improperly handle objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. To exploit the vulnerability, in a web-based attack scenario ... oval:org.secpod.oval:def:55350 A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited ... oval:org.secpod.oval:def:55346 A remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory. The vulnerability could corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerabilit ... oval:org.secpod.oval:def:55334 A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited ... oval:org.secpod.oval:def:57241 A remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory. The vulnerability could corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerabilit ... oval:org.secpod.oval:def:57238 A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability c ... oval:org.secpod.oval:def:57233 A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited ... oval:org.secpod.oval:def:57236 A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploi ... oval:org.secpod.oval:def:57235 A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploi ... oval:org.secpod.oval:def:57234 A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploi ... oval:org.secpod.oval:def:57851 A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploi ... oval:org.secpod.oval:def:57857 A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploi ... oval:org.secpod.oval:def:57856 A remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory. The vulnerability could corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerabilit ... oval:org.secpod.oval:def:57855 A security feature bypass vulnerability exists when Microsoft browsers improperly handle requests of different origins. The vulnerability allows Microsoft browsers to bypass Same-Origin Policy (SOP) restrictions, and to allow requests that should otherwise be ignored. An attacker who successfully ex ... oval:org.secpod.oval:def:57923 A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability ... oval:org.secpod.oval:def:58444 A security feature bypass vulnerability exists when Microsoft Browsers fail to validate the correct Security Zone of requests for specific URLs. This could allow an attacker to cause a user to access a URL in a less restricted Internet Security Zone than intended. To exploit this vulnerability, an a ... oval:org.secpod.oval:def:58445 A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploi ... oval:org.secpod.oval:def:58446 A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability ... oval:org.secpod.oval:def:58442 A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability ... oval:org.secpod.oval:def:58758 A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploi ... oval:org.secpod.oval:def:58898 A spoofing vulnerability exists when Microsoft Browsers improperly handle browser cookies. An attacker who successfully exploited this vulnerability could trick a browser into overwriting a secure cookie with an insecure cookie. The insecure cookie could serve as a pivot to chain an attack with othe ... oval:org.secpod.oval:def:58891 A spoofing vulnerability exists when Microsoft Browsers does not properly parse HTTP content. An attacker who successfully exploited this vulnerability could impersonate a user request by crafting HTTP queries. The specially crafted website could either spoof content or serve as a pivot to chain an ... oval:org.secpod.oval:def:58892 A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability ... oval:org.secpod.oval:def:58900 A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability c ... oval:org.secpod.oval:def:59630 A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploi ... oval:org.secpod.oval:def:59625 A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability ... oval:org.secpod.oval:def:59845 A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability ... oval:org.secpod.oval:def:60619 A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability c ... oval:org.secpod.oval:def:61817 A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability c ... oval:org.secpod.oval:def:61811 A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited ... oval:org.secpod.oval:def:61256 A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploi ... oval:org.secpod.oval:def:61255 A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploi ... oval:org.secpod.oval:def:61827 A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability ... oval:org.secpod.oval:def:61826 A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploi ... oval:org.secpod.oval:def:61825 A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploi ... oval:org.secpod.oval:def:61823 A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited ... oval:org.secpod.oval:def:62451 A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability ... oval:org.secpod.oval:def:62450 A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability ... oval:org.secpod.oval:def:62449 A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability ... oval:org.secpod.oval:def:62452 A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploi ... oval:org.secpod.oval:def:63066 A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability ... oval:org.secpod.oval:def:63076 A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability ... oval:org.secpod.oval:def:63075 A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability c ... oval:org.secpod.oval:def:63073 A remote code execution vulnerability exists in the way that the MSHTML engine improperly validates input. An attacker could execute arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnera ... oval:org.secpod.oval:def:63072 A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability c ... oval:org.secpod.oval:def:63071 A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability ... oval:org.secpod.oval:def:63069 A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability ... oval:org.secpod.oval:def:63663 A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability ... oval:org.secpod.oval:def:63664 A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability ... oval:org.secpod.oval:def:63665 A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability ... oval:org.secpod.oval:def:63666 A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability ... oval:org.secpod.oval:def:63667 A remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory. The vulnerability could corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerabilit ... oval:org.secpod.oval:def:63668 A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability ... oval:org.secpod.oval:def:63670 A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability ... oval:org.secpod.oval:def:63671 An information disclosure vulnerability exists when Internet Explorer improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. To exploit the vulnerability, in a web-based attack scenario, an attac ... oval:org.secpod.oval:def:64193 A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability ... oval:org.secpod.oval:def:64194 An information disclosure vulnerability exists when Skype for Business is accessed via Internet Explorer. An attacker who exploited the vulnerability could cause the user to place a call without additional consent, leading to information disclosure of the user profile. For the vulnerability to be ex ... oval:org.secpod.oval:def:66625 The host is installed with Microsoft Windows 7 and above and is prone to a windows kernel zero day vulnerability. A flaw is present in the application, which fails to handle Windows Kernel Cryptography Driver. Successful exploitation allows attackers to perform a privilege escalation (such as sandbo ... oval:org.secpod.oval:def:66896 Scripting Engine Memory Corruption Vulnerability. oval:org.secpod.oval:def:69986 The host is installed with Internet Explorer and is prone to a memory corruption vulnerability. An attacker could host a specially crafted website designed to exploit the vulnerability through Internet Explorer and then convince a user to view the website. The attacker could also take advantage of c ... oval:org.secpod.oval:def:76088 Windows 10 Update Assistant Elevation of Privilege Vulnerability. An attacker would only be able to delete targeted files on a system. They would not gain privileges to view or modify file contents. oval:org.secpod.oval:def:77162 Windows BackupKey Remote Protocol Security Feature Bypass Vulnerability oval:org.secpod.oval:def:62551 An elevation of privilege vulnerability exists when the MpSigStub.exe for Defender allows file deletion in arbitrary locations. To exploit the vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted command that could exploit the vulnerabil ... oval:org.secpod.oval:def:94453 Microsoft Defender Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. oval:org.secpod.oval:def:25855 The host is installed with Microsoft Microsoft Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8, Server 2012, Windows 8.1, Server 2012 R2, Windows 10, .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, or 4.6 and is prone to an Onetype font parsing vulnerabilit ... oval:org.secpod.oval:def:25819 The host is installed with Microsoft .NET Framework 4.6 on Microsoft Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8, 8.1, Server 2012, Server 2012 R2 or Windows 10 and is prone to a RyuJIT optimization elevation of privilege vulnerability. A flaw is present in the a ... oval:org.secpod.oval:def:25817 The host is installed with Microsoft .NET Framework 4.6 on Microsoft Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8, 8.1, Server 2012, Server 2012 R2 or Windows 10 and is prone to a RyuJIT optimization elevation of privilege vulnerability. A flaw is present in the a ... oval:org.secpod.oval:def:25820 The host is installed with Microsoft .NET Framework 4.6 on Microsoft Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8, 8.1, Server 2012, Server 2012 R2 or Windows 10 and is prone to a RyuJIT optimization elevation of privilege vulnerability. A flaw is present in the a ... oval:org.secpod.oval:def:31010 The host is installed with .Net framework 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2 or 4.6 and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to handle specially crafted XML files. An attacker who successfully exploited this vulnerability could ... oval:org.secpod.oval:def:31011 The host is installed with .Net framework 4, 4.5, 4.5.1, 4.5.2 or 4.6 and is prone to an elevation of privilege vulnerability. A flaw is present in the application, which improperly validates values in HTTP requests. An attacker who successfully exploited the vulnerability could leverage a vulnerabl ... oval:org.secpod.oval:def:31012 The host is installed with .Net framework 2.0 SP2, 3.5.1 and is prone to an ASLR bypass vulnerability. A flaw is present in the application, which does not properly implement the Address Space Layout Randomization (ASLR) security feature. An attacker who successfully exploited this vulnerability cou ... oval:org.secpod.oval:def:26552 The host is installed with .NET Framework 2.0 SP2, 3.5, 3.5.1, 4.0, 4.5, 4.5.1, 4.5.2 or 4.6 and is prone to an elevation of privilege vulnerability. A flaw is present in the application, which fails to validate the number of objects in memory before copying those objects into an array. An attacker ... oval:org.secpod.oval:def:26553 The host is installed with .NET Framework 4.5, 4.5.1, 4.5.2 or 4.6 and is prone to a MVC denial of service vulnerability. A flaw is present in the application, which fails to handle certain specially crafted requests. An attacker who successfully exploited this vulnerability could send a small numbe ... oval:org.secpod.oval:def:33789 The host is installed with Microsoft Windows Vista SP2, Windows Server 2008 SP2, Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1, Windows Server 2012 R2 or Windows 10 and is prone to SAM and LSAD downgrade vulnerability. A flaw is present in the Security Account Manager (SAM) and Local Securi ... oval:org.secpod.oval:def:34325 The host is installed with Microsoft Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8.1, Windows 10, Server 2012 or 2012 R2 and is prone to an use-after-free vulnerability. A flaw is present in the Windows GDI component, which fails to handle objects in memory. Succes ... oval:org.secpod.oval:def:34326 The host is installed with Microsoft Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8.1, Windows 10, Server 2012 or 2012 R2 and is prone to an use-after-free vulnerability. A flaw is present in the Windows GDI component, which fails to handle objects in memory. Succes ... oval:org.secpod.oval:def:34324 The host is installed with Microsoft Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8.1, Server 2012 or 2012 R2 and is prone to a memory corruption vulnerability. A flaw is present in the windows imaging component, which fails to handle objects in memory. Successful e ... oval:org.secpod.oval:def:34312 The host is installed with Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Server 2012, Windows 8.1, Server 2012 R2 or Windows 10 and is prone to an elevation of privilege vulnerability. A flaw is present in the application, which fails to properly handle parsing of certain symbolic l ... oval:org.secpod.oval:def:34310 The host is installed with Microsoft Windows Vista, 7, 8.1, 10, Server 2008, 2008 R2, 2012 or 2012 R2 and is prone to a RPC network data representation engine elevation of privilege vulnerability. A flaw is present in the application, which fails to properly handle specially crafted Remote Procedure ... oval:org.secpod.oval:def:33967 The host is installed with Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Server 2012, Windows 8.1, Server 2012 R2 or Windows 10 and is prone to an elevation of privilege vulnerability. A flaw is present in the Windows Kernel, which fails to properly handle objects in memory. ... oval:org.secpod.oval:def:33966 The host is installed with Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Server 2012, Windows 8.1, Server 2012 R2 or Windows 10 and is prone to an elevation of privilege vulnerability. A flaw is present in the Windows Kernel, which fails to properly handle objects in memory. ... oval:org.secpod.oval:def:33965 The host is installed with Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Server 2012, Windows 8.1, Server 2012 R2 or Windows 10 and is prone to an elevation of privilege vulnerability. A flaw is present in the Windows Kernel, which fails to properly handle objects in memory. ... oval:org.secpod.oval:def:33262 The host is installed with .NET Framework 2.0 SP2, 3.0, 3.5, 3.5.1, 4.5.2, 4.6 or 4.6.1 and is prone to a security feature bypass vulnerability. A flaw is present in the .NET Framework component, which does not properly validate certain elements of a signed XML document. Successful exploitation allo ... oval:org.secpod.oval:def:35951 The host is installed with Microsoft Windows Vista, Windows 7, Windows 8.1, Windows 10, Windows Server 2008, Server 2008 R2, Server 2012 or Server 2012 R2 and is prone to a remote code execution vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful explo ... oval:org.secpod.oval:def:35952 The host is installed with Microsoft Windows Vista, Windows 7, Windows 8.1, Windows 10, Windows Server 2008, Server 2008 R2, Server 2012 or Server 2012 R2 and is prone to an elevation privilege vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploi ... oval:org.secpod.oval:def:35946 The host is installed with .NET Framework 2.0 SP2, 3.5.1, 4.5.2, 4.6 or 4.6.1 and is prone to an information disclosure vulnerability. A flaw is present in the application, which improperly parses XML input containing a reference to an external entity. Successful exploitation allows attackers to rea ... oval:org.secpod.oval:def:35572 The host is installed with Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Server 2012, Windows 8.1, Server 2012 R2 or Windows 10 and is prone to a group policy elevation of privilege vulnerability. A flaw is present in the group policy, which fails to properly handle group po ... oval:org.secpod.oval:def:35596 The host is installed with Windows 7 SP1, Server 2008 R2 SP1, Server 2012, Windows 8.1, Server 2012 R2 or Windows 10 and is prone to a denial of service vulnerability. A flaw is present in the Windows search component, which fails to properly handle objects in memory. An attacker who successfully ex ... oval:org.secpod.oval:def:35588 The host is installed with Microsoft Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8.1, Server 2012, Server 2012 R2 or Windows 10 and is prone to an information disclosure vulnerability. A flaw is present in the windows graphics component, which fails to handle objec ... oval:org.secpod.oval:def:35589 The host is installed with Microsoft Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8.1, Server 2012, Server 2012 R2 or Windows 10 and is prone to an elevation of privilege vulnerability. A flaw is present in the adobe type manager font driver, which fails to handle o ... oval:org.secpod.oval:def:35582 The host is installed with Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Server 2012, Windows 8.1, Server 2012 R2 or Windows 10 and is prone to an elevation of privilege vulnerability. A flaw is present in the Windows Kernel, which fails to properly handle objects in memory. ... oval:org.secpod.oval:def:35583 The host is installed with Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Server 2012, Windows 8.1, Server 2012 R2 or Windows 10 and is prone to an elevation of privilege vulnerability. A flaw is present in the Windows Kernel, which fails to properly handle objects in memory. ... oval:org.secpod.oval:def:34354 The host is installed with Microsoft Server 2008, Server 2008 R2, Windows Vista, Windows 7, Server 2012, Server 2012 R2, Windows 8.1 or Windows 10 and is prone to an elevation of privilege vulnerability. A flaw is present in the application, which fails to handle objects in memory and incorrectly ma ... oval:org.secpod.oval:def:34355 The host is installed with Microsoft Windows Server 2008 R2, Windows 7, Server 2012, Server 2012 R2, Windows 8.1 or Windows 10 and is prone to an elevation of privilege vulnerability. A flaw is present in the application, which fails to handle objects in memory and incorrectly maps kernel memory. An ... oval:org.secpod.oval:def:34352 The host is installed with Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Server 2012, Windows 8.1, Server 2012 R2 or Windows 10 and is prone to an elevation of privilege vulnerability. A flaw is present in the Windows Kernel, which fails to properly handle objects in memory. ... oval:org.secpod.oval:def:34353 The host is installed with Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Server 2012, Windows 8.1, Server 2012 R2 or Windows 10 and is prone to an information disclosure vulnerability. A flaw is present in the Windows Kernel, which fails to properly handle memory addresses. ... oval:org.secpod.oval:def:34350 The host is installed with Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Server 2012, Windows 8.1, Server 2012 R2 or Windows 10 and is prone to an elevation of privilege vulnerability. A flaw is present in the Windows Kernel, which fails to properly handle objects in memory. ... oval:org.secpod.oval:def:34351 The host is installed with Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Server 2012, Windows 8.1, Server 2012 R2 or Windows 10 and is prone to an elevation of privilege vulnerability. A flaw is present in the Windows Kernel, which fails to properly handle objects in memory. ... oval:org.secpod.oval:def:34349 The host is installed with Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Server 2012, Windows 8.1, Server 2012 R2 or Windows 10 and is prone to an elevation of privilege vulnerability. A flaw is present in the Windows Kernel, which fails to properly handle objects in memory. ... oval:org.secpod.oval:def:34343 The host is installed with Microsoft Windows Vista SP2, Windows 7 SP1, Windows 8.1 or Windows 10 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle a crafted journal file. Successful exploitation allows attackers to execute an arbi ... oval:org.secpod.oval:def:34329 The host is installed with .NET Framework 2.0 SP2, 3.5.1, 4.5.2, 4.6 or 4.6.1 and is prone to a TLS/SSL information disclosure vulnerability. A flaw is present in the TLS/SSL protocol, which fails to properly handle an injection of unencrypted data into the secure channel and then man-in-the-middle ... oval:org.secpod.oval:def:34327 The host is installed with Microsoft Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8.1, Windows 10, Server 2012 or 2012 R2 and is prone to an information disclosure vulnerability. A flaw is present in the Windows GDI component, which improperly discloses the contents ... oval:org.secpod.oval:def:34328 The host is installed with Microsoft Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8.1, Windows 10, Server 2012 or 2012 R2 and is prone to an information disclosure vulnerability. A flaw is present in the Windows GDI component, which improperly discloses the contents ... oval:org.secpod.oval:def:35610 The host is installed with Microsoft Windows Vista SP2, Windows Server 2008 SP2, Windows 7 SP1, Windows Server 2008 R2 SP1, Windows Server 2012, Windows 8.1, Windows Server 2012 R2 or Windows 10 and is prone to an elevation of privilege vulnerability. A flaw is present in the microsoft server messag ... oval:org.secpod.oval:def:35620 The host is installed with Internet Explorer 9, 10 or 11 and is prone to an elevation of privilege vulnerability. A flaw is present in the application, where Web Proxy Auto Discovery (WPAD) protocol falls back to a vulnerable proxy discovery process. Successful exploitation could allow attackers to ... oval:org.secpod.oval:def:35615 The host is installed with Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Server 2012, Windows 8.1, Server 2012 R2 or Windows 10 and is prone to an elevation of privilege vulnerability. A flaw is present in the application, which improperly handle certain proxy discovery scen ... oval:org.secpod.oval:def:35865 The host is installed with Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Server 2012, Windows 8.1, Server 2012 R2 or Windows 10 and is prone to an information disclosure vulnerability. A flaw is present in the Windows GDI component, which improperly discloses kernel memory a ... oval:org.secpod.oval:def:35863 The host is installed with Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Server 2012, Windows 8.1, Server 2012 R2 or Windows 10 and is prone to an elevation of privilege vulnerability. A flaw is present in the Windows Kernel, which fails to properly handle objects in memory. ... oval:org.secpod.oval:def:35861 The host is installed with Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Server 2012, Windows 8.1, Server 2012 R2 or Windows 10 and is prone to an elevation of privilege vulnerability. A flaw is present in the Windows Kernel, which fails to properly handle objects in memory. ... oval:org.secpod.oval:def:35862 The host is installed with Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Server 2012, Windows 8.1, Server 2012 R2 or Windows 10 and is prone to an elevation of privilege vulnerability. A flaw is present in the Windows Kernel, which fails to properly handle objects in memory. ... oval:org.secpod.oval:def:35860 The host is installed with Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Server 2012, Windows 8.1, Server 2012 R2 or Windows 10 and is prone to an elevation of privilege vulnerability. A flaw is present in the Windows Kernel, which fails to properly handle objects in memory. ... oval:org.secpod.oval:def:41215 An Denial Of Service vulnerability exists when Windows Explorer attempts to open a non-existent file.An attacker who successfully exploited this vulnerability could cause a denial of service.A attacker could exploit this vulnerability by hosting a specially crafted web site and convince a user to br ... oval:org.secpod.oval:def:42330 An information disclosure vulnerability exists in the Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (ASLR) bypass. An attacker who successfully exploited the vulnerability could retrieve the memory address of a kern ... oval:org.secpod.oval:def:44970 An information disclosure vulnerability exists when the Windows kernel fails to properly initialize a memory address. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. To exploit this vulnerability, an attacker would have to l ... oval:org.secpod.oval:def:44974 An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. To exploit this vulnerability, an attacker would have to log on to ... oval:org.secpod.oval:def:46372 An elevation of privilege vulnerability exists when Windows fails a check, allowing a sandbox escape. An attacker who successfully exploited the vulnerability could use the sandbox escape to elevate privileges on an affected system. This vulnerability by itself does not allow arbitrary code executi ... oval:org.secpod.oval:def:55418 An elevation of privilege vulnerability exists in the way that the Windows Network File System (NFS) handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.To exploit the vulnerability, a locally authenticated attacker could r ... oval:org.secpod.oval:def:59685 An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delet ... oval:org.secpod.oval:def:77082 Windows Extensible Firmware Interface Security Feature Bypass Vulnerability oval:org.secpod.oval:def:86697 BitLocker Security Feature Bypass Vulnerability. A successful attacker could bypass the BitLocker Device Encryption feature on the system storage device. An attacker with physical access to the target could exploit this vulnerability to gain access to encrypted data. oval:org.secpod.oval:def:86696 Windows SMB Witness Service Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could execute RPC functions that are restricted to privileged accounts only. oval:org.secpod.oval:def:86699 Windows Kernel Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. oval:org.secpod.oval:def:86692 Microsoft Message Queuing (MSMQ) Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. oval:org.secpod.oval:def:86695 Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability. Successful exploitation allows remote code execution on the server side. oval:org.secpod.oval:def:86694 Windows Installer Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. oval:org.secpod.oval:def:86689 Microsoft Cryptographic Services Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. oval:org.secpod.oval:def:86688 Microsoft Cryptographic Services Elevation of Privilege Vulnerability. The attacker could then execute code or access resources at a higher integrity level than that of the AppContainer execution environment. oval:org.secpod.oval:def:86760 Windows Layer 2 Tunneling Protocol (L2TP) Denial of Service Vulnerability oval:org.secpod.oval:def:86759 Windows Backup Service Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. This vulnerability does not allow disclosure of any confidential information, but could allow an attacker to delete data that could include data that r ... oval:org.secpod.oval:def:86756 Windows Netlogon Denial of Service Vulnerability oval:org.secpod.oval:def:86752 Windows Print Spooler Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. oval:org.secpod.oval:def:86753 Windows Layer 2 Tunneling Protocol (L2TP) Remote Code Execution Vulnerability. Successful exploitation of this vulnerability requires an attacker to win a race condition. An unauthenticated attacker could send a specially crafted connection request to a RAS server, which could lead to remote code ex ... oval:org.secpod.oval:def:86749 Windows Boot Manager Security Feature Bypass Vulnerability. A successful attacker could bypass the BitLocker Device Encryption feature on the system storage device. An attacker with physical access to the target could exploit this vulnerability to gain access to encrypted data. oval:org.secpod.oval:def:86745 Windows Layer 2 Tunneling Protocol (L2TP) Remote Code Execution Vulnerability. Successful exploitation of this vulnerability requires an attacker to win a race condition. An unauthenticated attacker could send a specially crafted connection request to a RAS server, which could lead to remote code ex ... oval:org.secpod.oval:def:86744 Windows GDI Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. oval:org.secpod.oval:def:86747 Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability. An unauthenticated attacker could send a specially crafted request to a vulnerable LDAP server. Successful exploitation could result in bypassing a buffer length check which could be leveraged to achieve informatio ... oval:org.secpod.oval:def:86746 Windows Layer 2 Tunneling Protocol (L2TP) Remote Code Execution Vulnerability. Successful exploitation of this vulnerability requires an attacker to win a race condition. An unauthenticated attacker could send a specially crafted connection request to a RAS server, which could lead to remote code ex ... oval:org.secpod.oval:def:86741 Windows Layer 2 Tunneling Protocol (L2TP) Remote Code Execution Vulnerability. Successful exploitation of this vulnerability requires an attacker to take additional actions prior to exploitation to prepare the target environment. An unauthenticated attacker could send a specially crafted connection ... oval:org.secpod.oval:def:86740 Windows Task Scheduler Elevation of Privilege Vulnerability oval:org.secpod.oval:def:86742 Windows Layer 2 Tunneling Protocol (L2TP) Remote Code Execution Vulnerability. Successful exploitation of this vulnerability requires an attacker to win a race condition. An unauthenticated attacker could send a specially crafted connection request to a RAS server, which could lead to remote code ex ... oval:org.secpod.oval:def:86763 Windows Print Spooler Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. This vulnerability does not allow disclosure of any confidential information, but could allow an attacker to delete data that could include data that re ... oval:org.secpod.oval:def:86764 Windows Print Spooler Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. oval:org.secpod.oval:def:86716 Windows Kernel Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. oval:org.secpod.oval:def:86715 Windows Kernel Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. oval:org.secpod.oval:def:86717 Windows Kernel Information Disclosure Vulnerability. The type of information that could be disclosed if an attacker successfully exploited this vulnerability is the contents of Kernel memory. An attacker could read the contents of Kernel memory from a user mode process. oval:org.secpod.oval:def:86711 Windows Kernel Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. oval:org.secpod.oval:def:86714 Windows Kernel Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. oval:org.secpod.oval:def:86709 Windows Kernel Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. oval:org.secpod.oval:def:86708 Windows Kernel Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. oval:org.secpod.oval:def:86705 Windows NTLM Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. oval:org.secpod.oval:def:86704 Microsoft ODBC Driver Remote Code Execution Vulnerability. An attacker could exploit the vulnerability by tricking an authenticated user into attempting to connect to a malicious SQL server via ODBC, which could result in the server receiving a malicious networking packet. This could allow the attac ... oval:org.secpod.oval:def:86707 Windows Kernel Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. oval:org.secpod.oval:def:86706 Windows Kernel Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. oval:org.secpod.oval:def:86701 Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability. An attacker could exploit the vulnerability by tricking an authenticated user into attempting to connect to a malicious SQL server via OLEDB, which could result in the server receiving a malicious networking packet. T ... oval:org.secpod.oval:def:86700 Windows Win32k Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. oval:org.secpod.oval:def:86703 Windows Credential Manager User Interface Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. oval:org.secpod.oval:def:86702 Windows Point-to-Point Protocol (PPP) Information Disclosure Vulnerability. Exploiting this vulnerability could allow the disclosure of initialized or uninitialized memory in the process heap. oval:org.secpod.oval:def:86738 Windows iSCSI Service Denial of Service Vulnerability oval:org.secpod.oval:def:86737 Remote Procedure Call Runtime Denial of Service Vulnerability. Successful exploitation of this vulnerability requires an attacker to win a race condition. oval:org.secpod.oval:def:86739 Windows GDI Elevation of Privilege Vulnerability. Successful exploitation of this vulnerability requires an attacker to win a race condition. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. oval:org.secpod.oval:def:86736 Windows Local Security Authority (LSA) Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could impersonate the group Managed Service Account (gMSA) to perform actions or access resources over the network. oval:org.secpod.oval:def:37010 The host is installed with Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Server 2012, Windows 8.1, Server 2012 R2 or Windows 10 and is prone to an elevation of privilege vulnerability. A flaw is present in the application, which fails to properly handle session objects. Successful e ... oval:org.secpod.oval:def:37009 The host is installed with Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Server 2012, Windows 8.1, Server 2012 R2 or Windows 10 and is prone to an elevation of privilege vulnerability. A flaw is present in the application, which fails to properly handle session objects. Successful e ... oval:org.secpod.oval:def:37008 The host is installed with Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Server 2012, Windows 8.1, Server 2012 R2 or Windows 10 and is prone to an elevation of privilege vulnerability. A flaw is present in the application, which fails to properly handle kernel API enforced permissio ... oval:org.secpod.oval:def:37007 The host is installed with Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Server 2012, Windows 8.1, Server 2012 R2 or Windows 10 and is prone to an elevation of privilege vulnerability. A flaw is present in the application, where kernel API improperly allows a user to access sensitiv ... oval:org.secpod.oval:def:36743 The host is installed with Microsoft Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8.1, 10, Server 2012 or Server 2012 R2 and is prone to a kerberos security feature bypass vulnerability. A flaw is present in the Windows Kerberos, which fails to properly handle a pas ... oval:org.secpod.oval:def:36723 The host is installed with Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Server 2012, Windows 8.1, Server 2012 R2 or Windows 10 and is prone to an elevation of privilege vulnerability. A flaw is present in the Windows Kernel, which fails to properly handle objects in memory. ... oval:org.secpod.oval:def:36722 The host is installed with Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Server 2012, Windows 8.1, Server 2012 R2 or Windows 10 and is prone to an elevation of privilege vulnerability. A flaw is present in the Windows Kernel, which fails to properly handle objects in memory. ... oval:org.secpod.oval:def:36721 The host is installed with Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Server 2012, Windows 8.1, Server 2012 R2 or Windows 10 and is prone to an elevation of privilege vulnerability. A flaw is present in the Windows Kernel, which fails to properly handle objects in memory. ... oval:org.secpod.oval:def:36720 The host is installed with Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Server 2012, Windows 8.1, Server 2012 R2 or Windows 10 and is prone to an elevation of privilege vulnerability. A flaw is present in the Windows Kernel, which fails to properly handle objects in memory. ... oval:org.secpod.oval:def:36995 The host is installed with Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Server 2012, Windows 8.1, Server 2012 R2 or Windows 10 and is prone to an elevation of privilege vulnerability. A flaw is present in the Windows Graphics Device Interface (GDI), which fails to properly ... oval:org.secpod.oval:def:36994 The host is installed with Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Server 2012, Windows 8.1, Server 2012 R2 or Windows 10 and is prone to an information disclosure vulnerability. A flaw is present in the Windows Graphics Device Interface (GDI), which fails to properly ... oval:org.secpod.oval:def:36992 The host is installed with Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Server 2012, Windows 8.1, Server 2012 R2 or Windows 10 and is prone to an elevation of privilege vulnerability. A flaw is present in the Windows Kernel, which fails to properly handle objects in memory. ... oval:org.secpod.oval:def:37891 The host is installed with Microsoft Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8.1, 10, Server 2012 or Server 2012 R2 and is prone to an elevation of privilege vulnerability. A flaw is present in the Windows Common Log File System Driver, which fails to properly ... oval:org.secpod.oval:def:37890 The host is installed with Microsoft Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8.1, 10, Server 2012 or Server 2012 R2 and is prone to an elevation of privilege vulnerability. A flaw is present in the Windows Common Log File System Driver, which fails to properly ... oval:org.secpod.oval:def:37897 The host is installed with Microsoft Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8.1, 10, Server 2012 or Server 2012 R2 and is prone to an elevation of privilege vulnerability. A flaw is present in the Windows Common Log File System Driver, which fails to properly ... oval:org.secpod.oval:def:37896 The host is installed with Microsoft Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8.1, 10, Server 2012 or Server 2012 R2 and is prone to an elevation of privilege vulnerability. A flaw is present in the Windows Common Log File System Driver, which fails to properly ... oval:org.secpod.oval:def:37895 The host is installed with Microsoft Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8.1, 10, Server 2012 or Server 2012 R2 and is prone to an elevation of privilege vulnerability. A flaw is present in the Windows Common Log File System Driver, which fails to properly ... oval:org.secpod.oval:def:37894 The host is installed with Microsoft Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8.1, 10, Server 2012 or Server 2012 R2 and is prone to an elevation of privilege vulnerability. A flaw is present in the Windows Common Log File System Driver, which fails to properly ... oval:org.secpod.oval:def:37893 The host is installed with Microsoft Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8.1, 10, Server 2012 or Server 2012 R2 and is prone to an elevation of privilege vulnerability. A flaw is present in the Windows Common Log File System Driver, which fails to properly ... oval:org.secpod.oval:def:37892 The host is installed with Microsoft Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8.1, 10, Server 2012 or Server 2012 R2 and is prone to an elevation of privilege vulnerability. A flaw is present in the Windows Common Log File System Driver, which fails to properly ... oval:org.secpod.oval:def:37889 The host is installed with Microsoft Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8.1, 10, Server 2012 or Server 2012 R2 and is prone to an elevation of privilege vulnerability. A flaw is present in the Windows Common Log File System Driver, which fails to properly ... oval:org.secpod.oval:def:37888 The host is installed with Microsoft Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8.1, 10, Server 2012 or Server 2012 R2 and is prone to an elevation of privilege vulnerability. A flaw is present in the Windows Common Log File System Driver, which fails to properly ... oval:org.secpod.oval:def:37069 The host is installed with Internet Explorer 9, 10, 11 and is prone to a memory corruption vulnerability. A flaw is present in Internet Explorer, which improperly handles objects in memory. Successful exploitation could allow attackers to gain the same user rights as the current user, if the current ... oval:org.secpod.oval:def:37053 The host is installed with Microsoft Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8.1, 10, Server 2012 or Server 2012 R2 and is prone to a remote code execution vulnerability. A flaw is present in the application, which fails to properly handle objects in memory. An ... oval:org.secpod.oval:def:37049 The host is installed with Microsoft Windows Vista SP2, Windows 7 SP1, Windows 8.1, Windows 10, Windows Server 2008 SP2,Windows Server 2008 R2 SP1, Windows Server 2012 or Windows Server 2012 R2 and is prone to a remote code execution vulnerability. A flaw is present in the application, which imprope ... oval:org.secpod.oval:def:37923 The host is installed with Microsoft Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8.1, 10, Server 2012 or Server 2012 R2 and is prone to an elevation of privilege vulnerability. A flaw is present in the Windows NTLM, which fails to properly handle NTLM password chan ... oval:org.secpod.oval:def:37922 The host is installed with Microsoft Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8.1, 10, Server 2012 or Server 2012 R2 and is prone to a denial of service vulnerability. A flaw is present in the Windows Local Security Authority Subsystem Service (LSASS), which fai ... oval:org.secpod.oval:def:37920 The host is installed with Microsoft Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8.1, 10, Server 2012, Server 2012 R2 or Server 2016 and is prone to an elevation of privilege vulnerability. A flaw is present in the Windows kernel-mode driver, which fails to properl ... oval:org.secpod.oval:def:37918 The host is installed with Microsoft Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8.1, 10, Server 2012, Server 2012 R2 or Server 2016 and is prone to an information disclosure vulnerability. A flaw is present in the Windows Bowser.sys Kernel-Mode driver, which fails ... oval:org.secpod.oval:def:37917 The host is installed with Microsoft Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8.1, 10, Server 2012, Server 2012 R2 or Server 2016 and is prone to an elevation of privilege vulnerability. A flaw is present in the Windows kernel-mode driver, which fails to properl ... oval:org.secpod.oval:def:37916 The host is installed with Microsoft Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8.1, 10, Server 2012, Server 2012 R2 or Server 2016 and is prone to an information disclosure vulnerability. A flaw is present in the Windows Kernel, which fails to properly handle spe ... oval:org.secpod.oval:def:37915 The host is installed with Vista SP2, Windows 7 SP1, Windows 8.1 or Windows 10 and is prone to a remote code execution vulnerability. A flaw is present in the Microsoft video control, which fails to properly handle objects in memory. Successful exploitation could allow attacker to run arbitrary code ... oval:org.secpod.oval:def:37919 The host is installed with Microsoft Windows 7 SP1, Server 2008 R2 SP1, Windows 8.1, 10, Server 2012, Server 2012 R2 or Server 2016 and is prone to an elevation of privilege vulnerability. A flaw is present in the Windows kernel-mode driver, which fails to properly handle specially crafted applicati ... oval:org.secpod.oval:def:37437 The host is installed with Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Server 2012, Windows 8.1, Server 2012 R2 or Windows 10 and is prone to an elevation of privilege vulnerability. A flaw is present in the Windows Kernel, which fails to properly handle objects in memory. ... oval:org.secpod.oval:def:37435 The host is installed with Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Server 2012, Windows 8.1, Server 2012 R2 or Windows 10 and is prone to an elevation of privilege vulnerability. A flaw is present in the Windows Kernel, which fails to properly handle objects in memory. ... oval:org.secpod.oval:def:37431 The host is installed with Vista SP2, Windows 7 SP1, Windows 8.1 or Windows 10 and is prone to an remote code execution vulnerability. A flaw is present in the Microsoft video control, which fails to properly handle objects in memory. Successful exploitation could allow attacker to run arbitrary cod ... oval:org.secpod.oval:def:37441 The host is installed with Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Server 2012, Windows 8.1, Server 2012 R2 or Windows 10 and is prone to an elevation of privilege vulnerability. A flaw is present in the application, which fails to properly handle session objects. Successful e ... oval:org.secpod.oval:def:37439 The host is installed with Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Server 2012, Windows 8.1, Server 2012 R2 or Windows 10 and is prone to an elevation of privilege vulnerability. A flaw is present in the Windows Kernel, which fails to properly handle objects in memory. ... oval:org.secpod.oval:def:37438 The host is installed with Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Server 2012, Windows 8.1, Server 2012 R2 or Windows 10 and is prone to an elevation of privilege vulnerability. A flaw is present in the Windows Kernel, which fails to properly handle objects in memory. ... oval:org.secpod.oval:def:37493 The host is installed with Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Server 2012, Windows 8.1, Server 2012 R2 or Windows 10 and is prone to a remote code execution vulnerability. A flaw is present in the Windows Graphics Component, which fails to properly handle objects ... oval:org.secpod.oval:def:37492 The host is installed with Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Server 2012, Windows 8.1, Server 2012 R2 or Windows 10 and is prone to an elevation of privilege vulnerability. A flaw is present in the Windows Kernel, which fails to properly handle objects in memory. ... oval:org.secpod.oval:def:39409 Multiple information disclosure vulnerabilities exist in the way that the Color Management Module (ICM32.dll) handles objects in memory. These vulnerabilities allow an attacker to retrieve information to bypassusermode ASLR (Address Space Layout Randomization) on a targeted system. By itself, the in ... oval:org.secpod.oval:def:39400 An elevation of privilege vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete da ... oval:org.secpod.oval:def:39401 An elevation of privilege vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete da ... oval:org.secpod.oval:def:39402 An elevation of privilege vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete da ... oval:org.secpod.oval:def:39403 An elevation of privilege vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete da ... oval:org.secpod.oval:def:39405 An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory, allowing an attacker to retrieve information from a targeted system. By itself, the information disclosure does not allow arbitrary code execution; however, it could ... oval:org.secpod.oval:def:38292 The host is installed with Microsoft Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8.1, Windows 10, Server 2012, Server 2016 or Server 2012 R2 and is prone to an information disclosure vulnerability. A flaw is present in the Windows Common Log File System Driver, whi ... oval:org.secpod.oval:def:38296 The host is installed with Microsoft Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8.1, Server 2012, Server 2012 R2, Windows 10 or Server 2016 and is prone to a remote code execution vulnerability. A flaw is present in the windows GDI component, which improperly hand ... oval:org.secpod.oval:def:38320 The host is installed with Microsoft Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8.1, Windows 10, Server 2012, Server 2016 or Server 2012 R2 and is prone to an elevation of privilege Vulnerability. A flaw is present in the Windows kernel-mode driver, which fails to ... oval:org.secpod.oval:def:38319 The host is installed with Microsoft Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8.1, Windows 10, Server 2012, Server 2016 or Server 2012 R2 and is prone to an elevation of privilege Vulnerability. A flaw is present in the Microsoft Graphics Component, which fails ... oval:org.secpod.oval:def:38315 The host is installed with Microsoft Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8.1, 10, Server 2012, Server 2012 R2 or Server 2016 and is prone to an information disclosure vulnerability. A flaw is present in the Windows Crypto Driver, which improperly handles ob ... oval:org.secpod.oval:def:38316 The host is installed with Microsoft Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8.1, 10, Server 2012, Server 2012 R2 or Server 2016 and is prone to an elevation of privilege vulnerability. A flaw is present in the Windows Installer, which improperly sanitize input ... oval:org.secpod.oval:def:38333 The host is installed with .NET Framework 2.0 SP2, 3.5.1, 4.5.2, 4.6, 4.6.1 or 4.6.2 and is prone to an information disclosure vulnerability. A flaw is present in the application, which improperly uses a developer-supplied key. Successful exploitation allows attackers to access information that shou ... oval:org.secpod.oval:def:37939 The host is installed with Microsoft Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8.1, Server 2012, Server 2012 R2 and 10 and is prone to an remote code execution vulnerability. A flaw is present in the specially crafted embedded fonts, which fails to properly hand ... oval:org.secpod.oval:def:37937 The host is installed with Microsoft Windows Vista SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8.1, Server 2012, Server 2012 R2 and 10 and is prone to an memory corruption vulnerability. A flaw is present in the Windows Animation Manager, which fails to properly handle objects in memory. An atta ... oval:org.secpod.oval:def:37936 The host is installed with Microsoft Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8.1, Server 2012, Server 2012 R2 and 10 and is prone to an information disclosure vulnerability. A flaw is present in the ATMFD component, which fails to properly handle objects in mem ... oval:org.secpod.oval:def:37933 The host is installed with Microsoft Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8.1, 10, Server 2012 or Server 2012 R2 and is prone to a remote code execution vulnerability. A flaw is present in the Windows image file loading functionality, which improperly handle ... oval:org.secpod.oval:def:37931 The host is installed with Microsoft Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8.1, 10, Server 2012 or Server 2012 R2 and is prone to an elevation of privilege vulnerability. A flaw is present in the Windows IME, which improperly handles DLL loading. Successful e ... oval:org.secpod.oval:def:39114 The host is installed with Microsoft Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8.1, Server 2012, Server 2012 R2, Server 2016, or Windows 10 and is prone to an information disclosure vulnerability. A flaw is present in the windows GDI, which fails to handle a craf ... oval:org.secpod.oval:def:39377 A remote code execution vulnerability exists due to the way Windows Uniscribe handles objects in memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts ... oval:org.secpod.oval:def:39364 An elevation of privilege vulnerability exists when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or ... oval:org.secpod.oval:def:39356 An elevation of privilege vulnerability exists in the way that the Windows Kernel API enforces permissions. An attacker who successfully exploited the vulnerability could run processes in an elevated context. To exploit the vulnerability, a locally authenticated attacker could run a specially crafte ... oval:org.secpod.oval:def:39357 An elevation of privilege vulnerability exists when Windows fails to check the length of a buffer prior to copying memory to it. An attacker who successfully exploited the vulnerability could gain elevated privileges on a targeted system. To exploit the vulnerability, an attacker would first need ac ... oval:org.secpod.oval:def:39399 An information disclosure vulnerability exists when Windows Uniscribe improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit the vulne ... oval:org.secpod.oval:def:39398 An information disclosure vulnerability exists when Windows Uniscribe improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user's system. There are multiple ways an attacker could exploit the vuln ... oval:org.secpod.oval:def:39321 An information disclosure vulnerability exists in the way Windows DirectShow handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise a target system.In a web-based attack scenario, an attacker could host a website used to att ... oval:org.secpod.oval:def:39312 Remote code execution vulnerabilities exist in the way that the Microsoft Server Message Block 1.0 (SMBv1) server handles certain requests. An attacker who successfully exploited the vulnerabilities could gain the ability to execute code on the target server.To exploit the vulnerability, in most sit ... oval:org.secpod.oval:def:39313 Remote code execution vulnerabilities exist in the way that the Microsoft Server Message Block 1.0 (SMBv1) server handles certain requests. An attacker who successfully exploited the vulnerabilities could gain the ability to execute code on the target server.To exploit the vulnerability, in most sit ... oval:org.secpod.oval:def:39314 Remote code execution vulnerabilities exist in the way that the Microsoft Server Message Block 1.0 (SMBv1) server handles certain requests. An attacker who successfully exploited the vulnerabilities could gain the ability to execute code on the target server.To exploit the vulnerability, in most sit ... oval:org.secpod.oval:def:39315 Remote code execution vulnerabilities exist in the way that the Microsoft Server Message Block 1.0 (SMBv1) server handles certain requests. An attacker who successfully exploited the vulnerabilities could gain the ability to execute code on the target server.To exploit the vulnerability, in most sit ... oval:org.secpod.oval:def:39316 An information disclosure vulnerability exists in the way that the Microsoft Server Message Block 1.0 (SMBv1) server handles certain requests. An attacker who successfully exploited this vulnerability could craft a special packet, which could lead to information disclosure from the server. To exploi ... oval:org.secpod.oval:def:39317 Remote code execution vulnerabilities exist in the way that the Microsoft Server Message Block 1.0 (SMBv1) server handles certain requests. An attacker who successfully exploited the vulnerabilities could gain the ability to execute code on the target server.To exploit the vulnerability, in most sit ... oval:org.secpod.oval:def:39306 An elevation of privilege vulnerability exists when Microsoft IIS Server fails to properly sanitize a specially crafted request. An attacker who successfully exploited this vulnerability could then perform cross-site scripting attacks on affected systems and run script in the security context of the ... oval:org.secpod.oval:def:40443 An information disclosure vulnerability exists in the way that the Microsoft Server Message Block 1.0 (SMBv1) server handles certain requests. An attacker who successfully exploited this vulnerability could craft a special packet, which could lead to information disclosure from the server. To exploi ... oval:org.secpod.oval:def:40444 An information disclosure vulnerability exists in the way that the Microsoft Server Message Block 1.0 (SMBv1) server handles certain requests. An attacker who successfully exploited this vulnerability could craft a special packet, which could lead to information disclosure from the server. To exploi ... oval:org.secpod.oval:def:40442 An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delet ... oval:org.secpod.oval:def:40447 An information disclosure vulnerability exists in the way that the Microsoft Server Message Block 1.0 (SMBv1) server handles certain requests. An attacker who successfully exploited this vulnerability could craft a special packet, which could lead to information disclosure from the server. To exploi ... oval:org.secpod.oval:def:40448 A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 1.0 (SMBv1) server handles certain requests. An attacker who successfully exploited the vulnerability could gain the ability to execute code on the target server.To exploit the vulnerability, in most situ ... oval:org.secpod.oval:def:40445 A denial of service vulnerability exists in the Microsoft Server Block Message (SMB) when an attacker sends specially crafted requests to the server. An attacker who exploited this vulnerability could cause the affected system to stop responding until it is manually restarted. To attempt to exploit ... oval:org.secpod.oval:def:40446 An information disclosure vulnerability exists in the way that the Microsoft Server Message Block 1.0 (SMBv1) server handles certain requests. An attacker who successfully exploited this vulnerability could craft a special packet, which could lead to information disclosure from the server. To exploi ... oval:org.secpod.oval:def:40449 A denial of service vulnerability exists in the Microsoft Server Block Message (SMB) when an attacker sends specially crafted requests to the server. An attacker who exploited this vulnerability could cause the affected system to stop responding until it is manually restarted. To attempt to exploit ... oval:org.secpod.oval:def:40450 An information disclosure vulnerability exists in the way that the Microsoft Server Message Block 1.0 (SMBv1) server handles certain requests. An attacker who successfully exploited this vulnerability could craft a special packet, which could lead to information disclosure from the server. To exploi ... oval:org.secpod.oval:def:40451 An information disclosure vulnerability exists in the way that the Microsoft Server Message Block 1.0 (SMBv1) server handles certain requests. An attacker who successfully exploited this vulnerability could craft a special packet, which could lead to information disclosure from the server. To exploi ... oval:org.secpod.oval:def:40454 A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 1.0 (SMBv1) server handles certain requests. An attacker who successfully exploited the vulnerability could gain the ability to execute code on the target server.To exploit the vulnerability, in most situ ... oval:org.secpod.oval:def:40455 A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 1.0 (SMBv1) server handles certain requests. An attacker who successfully exploited the vulnerability could gain the ability to execute code on the target server.To exploit the vulnerability, in most situ ... oval:org.secpod.oval:def:40452 An information disclosure vulnerability exists in the way that the Microsoft Server Message Block 1.0 (SMBv1) server handles certain requests. An attacker who successfully exploited this vulnerability could craft a special packet, which could lead to information disclosure from the server. To exploi ... oval:org.secpod.oval:def:40453 A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 1.0 (SMBv1) server handles certain requests. An attacker who successfully exploited the vulnerability could gain the ability to execute code on the target server.To exploit the vulnerability, in most situ ... oval:org.secpod.oval:def:40456 A denial of service vulnerability exists in the Microsoft Server Block Message (SMB) when an attacker sends specially crafted requests to the server. An attacker who exploited this vulnerability could cause the affected system to stop responding until it is manually restarted. To attempt to exploit ... oval:org.secpod.oval:def:40471 The host is installed with .NET Framework 2.0 SP2, 3.5.1, 4.5.2, 4.6, 4.7, 4.6.1 or 4.6.2 and is prone to a security feature bypass vulnerability. A flaw is present in the application, which fails to properly validate certificates. Successful exploitation allows attackers to present a certificate th ... oval:org.secpod.oval:def:39410 A remote code execution vulnerability exists due to the way the Windows Graphics Component handles objects in memory. An attacker who successfully exploited the vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create n ... oval:org.secpod.oval:def:40429 An elevation of privilege vulnerability exists when the Windows improperly handles objects in memory. In a local attack scenario, an attacker could exploit this vulnerability by running a specially crafted application to take control over the affected system. An attacker who successfully exploited t ... oval:org.secpod.oval:def:40432 An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory, allowing an attacker to retrieve information from a targeted system. By itself, the information disclosure does not allow arbitrary code execution; however, it could ... oval:org.secpod.oval:def:40434 An elevation of privilege exists in Windows COM Aggregate Marshaler. An attacker who successfully exploited the vulnerability could run arbitrary code with elevated privileges.To exploit the vulnerability, an attacker could run a specially crafted application that could exploit the vulnerability. Th ... oval:org.secpod.oval:def:40435 An elevation of privilege vulnerability exists when Windows fails to properly validate input before loading type libraries. An attacker could use this vulnerability to elevate their privilege level. To exploit this vulnerability an attacker would first need to have access to the local system and hav ... oval:org.secpod.oval:def:40439 An elevation of privilege vulnerability exists when Windows improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context. On systems with Windows 7 for x64-based Systems or later installed, this vulnerability can lead to d ... oval:org.secpod.oval:def:40440 An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory.An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system.An authenticated attacker could exploit this vulnerability by runn ... oval:org.secpod.oval:def:39420 An elevation of privilege exists in Windows when a DCOM object in Helppane.exe configured to run as the interactive user fails to properly authenticate the client. An attacker who successfully exploited the vulnerability could run arbitrary code in another user's session. oval:org.secpod.oval:def:39779 An elevation of privilege vulnerability exists in Windows when the Microsoft Graphics Component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or del ... oval:org.secpod.oval:def:39780 A remote code execution vulnerability exists in the way that the VBScript engine, when rendered in Internet Explorer, handles objects in memory. In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit this vulnerability through Internet Explorer ... oval:org.secpod.oval:def:39781 A Win32k information disclosure vulnerability exists when the win32k component improperly provides kernel information. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system.To exploit this vulnerability, an attacker would have to log ... oval:org.secpod.oval:def:39840 A denial of service vulnerability exists in the way that Windows handles objects in memory. An attacker who successfully exploited the vulnerability could cause a target system to stop responding. Note that the denial of service condition would not allow an attacker to execute code or to elevate use ... oval:org.secpod.oval:def:39841 An information disclosure vulnerability exists in Adobe Type Manager Font Driver (ATMFD.dll) when it fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system.There are multiple ways an attacke ... oval:org.secpod.oval:def:39838 An elevation of privilege vulnerability exists when LDAP request buffer lengths are improperly calculated; In a remote attack scenario, an attacker could exploit this vulnerability by running a specially crafted application to send malicious traffic to a Domain Controller. An attacker who successful ... oval:org.secpod.oval:def:40883 An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory.To exploit this vulnerability, an authenticated attacker could run a specially crafted application. An attacker who successfully exploited this vulnerability could obtain information to fu ... oval:org.secpod.oval:def:40884 An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory.To exploit this vulnerability, an authenticated attacker could run a specially crafted application. An attacker who successfully exploited this vulnerability could obtain information to fu ... oval:org.secpod.oval:def:40881 An information disclosure vulnerability exists when the Windows kernel fails to properly initialize a memory address, allowing an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (KASLR) bypass.An attacker who successfully exploited this vulnerability c ... oval:org.secpod.oval:def:40887 An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory.To exploit this vulnerability, an authenticated attacker could run a specially crafted application. An attacker who successfully exploited this vulnerability could obtain information to fu ... oval:org.secpod.oval:def:40888 An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory.To exploit this vulnerability, an authenticated attacker could run a specially crafted application. An attacker who successfully exploited this vulnerability could obtain information to fu ... oval:org.secpod.oval:def:40885 An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory.To exploit this vulnerability, an authenticated attacker could run a specially crafted application. An attacker who successfully exploited this vulnerability could obtain information to fu ... oval:org.secpod.oval:def:40886 An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory.To exploit this vulnerability, an authenticated attacker could run a specially crafted application. An attacker who successfully exploited this vulnerability could obtain information to fu ... oval:org.secpod.oval:def:40889 An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory.To exploit this vulnerability, an authenticated attacker could run a specially crafted application. An attacker who successfully exploited this vulnerability could obtain information to fu ... oval:org.secpod.oval:def:40890 An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory.To exploit this vulnerability, an authenticated attacker could run a specially crafted application. An attacker who successfully exploited this vulnerability could obtain information to fu ... oval:org.secpod.oval:def:40891 An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory.To exploit this vulnerability, an authenticated attacker could run a specially crafted application. An attacker who successfully exploited this vulnerability could obtain information to fu ... oval:org.secpod.oval:def:40892 An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory.To exploit this vulnerability, an authenticated attacker could run a specially crafted application. An attacker who successfully exploited this vulnerability could obtain information to fu ... oval:org.secpod.oval:def:40879 An information disclosure vulnerability exists when the Windows kernel fails to properly initialize a memory address, allowing an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (KASLR) bypass.An attacker who successfully exploited this vulnerability c ... oval:org.secpod.oval:def:40880 An information disclosure vulnerability exists when the Windows kernel fails to properly initialize a memory address, allowing an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (KASLR) bypass.An attacker who successfully exploited this vulnerability c ... oval:org.secpod.oval:def:40902 An elevation of privilege exists in Windows when a DCOM object in Helppane.exe, configured to run as the interactive user, fails to properly authenticate the client. An attacker who successfully exploited the vulnerability could run arbitrary code in another user's session.To exploit the vulnerabili ... oval:org.secpod.oval:def:40900 An elevation of privilege vulnerability exists when tdx.sys fails to check the length of a buffer prior to copying memory to it.To exploit the vulnerability, in a local attack scenario, an attacker could run a specially crafted application to elevate the attacker's privilege level. An attacker who s ... oval:org.secpod.oval:def:40901 An elevation of privilege vulnerability exists in the way that the Windows Kernel handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.To exploit the vulnerability, a locally authenticated attacker could run a specially craf ... oval:org.secpod.oval:def:41198 An elevation of privilege vulnerability exists in Windows when the Microsoft Graphics Component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or del ... oval:org.secpod.oval:def:41199 An information disclosure vulnerability exists in Microsoft Windows when Win32k fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system.To exploit the vulnerability, an attacker could create ... oval:org.secpod.oval:def:41165 An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. An authenticated attacker could exploit this vulnerability by runnin ... oval:org.secpod.oval:def:41213 An Information Disclosure vulnerability exists when the HTTP.sys server application component improperly handles objects in memory.An attacker who successfully exploited this vulnerability could obtain information to further compromise the HTTP.sys server application system.A remote unauthenticated ... oval:org.secpod.oval:def:41211 An elevation of privilege vulnerability exists in Windows when the Microsoft Graphics Component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or del ... oval:org.secpod.oval:def:41212 An elevation of privilege vulnerability exists when Windows improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context.To exploit the vulnerability, an attacker would have to either log on locally to an affected system, ... oval:org.secpod.oval:def:41217 A remote code execution vulnerability exists when Windows Search handles objects in memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full use ... oval:org.secpod.oval:def:41218 An elevation of privilege vulnerability exists when the Windows Common Log File System (CLFS) driver improperly handles objects in memory.In a local attack scenario, an attacker could exploit this vulnerability by running a specially crafted application to take control of the affected system. An att ... oval:org.secpod.oval:def:41216 A remote code execution vulnerability exists in the way that Microsoft WordPad parses specially crafted files.Exploitation of this vulnerability requires that a user open a specially crafted file with an affected version of Microsoft WordPad. In an email attack scenario, an attacker could exploit th ... oval:org.secpod.oval:def:41200 A security feature bypass vulnerability exists in Microsoft Windows when Kerberos fails to prevent tampering with the SNAME field during ticket exchange. An attacker who successfully exploited this vulnerability could use it to bypass Extended Protection for Authentication.To exploit this vulnerabil ... oval:org.secpod.oval:def:41201 An elevation of privilege vulnerability exists in Windows when the Microsoft Graphics Component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or del ... oval:org.secpod.oval:def:41207 An elevation of privilege vulnerability exists in Windows when the Microsoft Graphics Component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or del ... oval:org.secpod.oval:def:41204 An elevation of privilege vulnerability exists in Microsoft Windows when Kerberos falls back to NT LAN Manager (NTLM) Authentication Protocol as the default authentication protocol.In a remote attack scenario, an attacker could exploit this vulnerability by running a specially crafted application to ... oval:org.secpod.oval:def:41205 An information disclosure vulnerability exists when the Windows kernel fails to properly initialize a memory address, allowing an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (KASLR) bypass.An attacker who successfully exploited this vulnerability c ... oval:org.secpod.oval:def:41209 An elevation of privilege vulnerability exists in Windows when the Microsoft Graphics Component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or del ... oval:org.secpod.oval:def:41210 An elevation of privilege vulnerability exists in Windows when the Microsoft Graphics Component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or del ... oval:org.secpod.oval:def:41267 An elevation of privilege vulnerability exists in Windows when the Microsoft Graphics Component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or del ... oval:org.secpod.oval:def:41276 A remote code execution vulnerability exists when Windows Explorer improperly handles executable files and shares during rename operations. An attacker who successfully exploited this vulnerability could run arbitrary code in the context of another user. Users not running as administrators would be ... oval:org.secpod.oval:def:41279 An information disclosure vulnerability exists in the Windows Performance Monitor Console when it improperly parses XML input containing a reference to an external entity. An attacker who successfully exploited this vulnerability could read arbitrary files via an XML external entity (XXE)declaration ... oval:org.secpod.oval:def:41277 An information disclosure vulnerability exists in the Windows System Information Console when it improperly parses XML input containing a reference to an external entity. An attacker who successfully exploited this vulnerability could read arbitrary files via an XML external entity (XXE)declaration. ... oval:org.secpod.oval:def:41278 A remote code execution vulnerability exists in PowerShell when PSObject wraps a CIM Instance. An attacker who successfully exploited this vulnerability could execute malicious code on a vulnerable system.In an attack scenario, an attacker could execute malicious code in a PowerShell remote session. ... oval:org.secpod.oval:def:40925 A remote code execution vulnerability exists when Microsoft Windows fails to properly handle cabinet files.To exploit the vulnerability, an attacker would have to convince a user to either open a specially crafted cabinet file or spoof a network printer and trick a user into installing a malicious c ... oval:org.secpod.oval:def:40926 A remote code execution vulnerability exists when Windows Search handles objects in memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full use ... oval:org.secpod.oval:def:40927 An information disclosure vulnerability exists when Windows Search handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system.To exploit the vulnerability,an attacker could send specially crafted SMB messages to ... oval:org.secpod.oval:def:40958 An information disclosure vulnerability exists when Windows Uniscribe improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit the vulne ... oval:org.secpod.oval:def:40904 A remote code execution vulnerability exists in Microsoft Windows that could allow remote code execution if a .LNK file is processed.An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rig ... oval:org.secpod.oval:def:40908 An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory.To exploit this vulnerability, an authenticated attacker could run a specially crafted application. An attacker who successfully exploited this vulnerability could obtain information to fu ... oval:org.secpod.oval:def:40909 An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory.To exploit this vulnerability, an authenticated attacker could run a specially crafted application. An attacker who successfully exploited this vulnerability could obtain information to fu ... oval:org.secpod.oval:def:40913 An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory.To exploit this vulnerability, an authenticated attacker could run a specially crafted application. An attacker who successfully exploited this vulnerability could obtain information to fu ... oval:org.secpod.oval:def:40914 An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory.To exploit this vulnerability, an authenticated attacker could run a specially crafted application. An attacker who successfully exploited this vulnerability could obtain information to fu ... oval:org.secpod.oval:def:40911 An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory.To exploit this vulnerability, an authenticated attacker could run a specially crafted application. An attacker who successfully exploited this vulnerability could obtain information to fu ... oval:org.secpod.oval:def:40918 An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory.To exploit this vulnerability, an authenticated attacker could run a specially crafted application. An attacker who successfully exploited this vulnerability could obtain information to fu ... oval:org.secpod.oval:def:40915 An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory.To exploit this vulnerability, an authenticated attacker could run a specially crafted application. An attacker who successfully exploited this vulnerability could obtain information to fu ... oval:org.secpod.oval:def:40916 An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory.To exploit this vulnerability, an authenticated attacker could run a specially crafted application. An attacker who successfully exploited this vulnerability could obtain information to fu ... oval:org.secpod.oval:def:40960 An information disclosure vulnerability exists when Windows Uniscribe improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit the vulne ... oval:org.secpod.oval:def:40961 An information disclosure vulnerability exists when Windows Uniscribe improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit the vulne ... oval:org.secpod.oval:def:40964 An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system.There are multiple ways an attacker could exploit th ... oval:org.secpod.oval:def:40962 An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system.There are multiple ways an attacker could exploit th ... oval:org.secpod.oval:def:40963 An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system.There are multiple ways an attacker could exploit th ... oval:org.secpod.oval:def:40968 An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system.There are multiple ways an attacker could exploit th ... oval:org.secpod.oval:def:40969 An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system.There are multiple ways an attacker could exploit th ... oval:org.secpod.oval:def:40967 An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system.There are multiple ways an attacker could exploit th ... oval:org.secpod.oval:def:41640 A denial of service vulnerability exists when Microsoft Windows improperly handles NetBIOS packets.An attacker who successfully exploited this vulnerability could cause a target computer to become completely unresponsive.A remote unauthenticated attacker could exploit this vulnerability by sending a ... oval:org.secpod.oval:def:41641 A buffer overflow vulnerability exists in the Microsoft JET Database Engine that could allow remote code execution on an affected system.An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, ... oval:org.secpod.oval:def:42319 A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploited the vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; o ... oval:org.secpod.oval:def:42321 An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. To exploit this vulnerability, an attacker would have to log on to a ... oval:org.secpod.oval:def:42320 A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploited the vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; o ... oval:org.secpod.oval:def:42324 An Information disclosure vulnerability exists when Windows Search improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. To exploit the vulnerability, the attacker could send specially crafted m ... oval:org.secpod.oval:def:42323 A remote code execution vulnerability exists when Windows Search handles objects in memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full use ... oval:org.secpod.oval:def:42327 A denial of service vulnerability exists in the Microsoft Server Block Message (SMB) when an attacker sends specially crafted requests to the server. An attacker who exploited this vulnerability could cause the affected system to crash. To attempt to exploit this issue, an attacker would need to sen ... oval:org.secpod.oval:def:42326 A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 1.0 (SMBv1) server handles certain requests. An attacker who successfully exploited the vulnerability could gain the ability to execute code on the target server. To exploit the vulnerability, in most sit ... oval:org.secpod.oval:def:42332 An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. To exploit this vulnerability, an attacker would have to log on to a ... oval:org.secpod.oval:def:42331 An information disclosure vulnerability exists in the Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (ASLR) bypass. An attacker who successfully exploited the vulnerability could retrieve the memory address of a kern ... oval:org.secpod.oval:def:42335 An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory. To exploit this vulnerability, an authenticated attacker could run a specially crafted application. An attacker who successfully exploited this vulnerability could obtain information to f ... oval:org.secpod.oval:def:42334 An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory, allowing an attacker to retrieve information from a targeted system. By itself, the information disclosure does not allow arbitrary code execution; however, it could ... oval:org.secpod.oval:def:42333 An information disclosure vulnerability exists in the way that the Windows SMB Server handles certain requests. An authenticated attacker who successfully exploited this vulnerability could craft a special packet, which could lead to information disclosure from the server. To exploit the vulnerabili ... oval:org.secpod.oval:def:42339 An elevation of privilege vulnerability exists when the Windows Graphics Component improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context. In a local attack scenario, an attacker could exploit this vulnerability by r ... oval:org.secpod.oval:def:42343 An elevation of privilege vulnerability exists when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or ... oval:org.secpod.oval:def:42341 An elevation of privilege vulnerability exists when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or ... oval:org.secpod.oval:def:42347 A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory via the Microsoft Windows Text Services Framework. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attac ... oval:org.secpod.oval:def:42346 A buffer overflow vulnerability exists in the Microsoft JET Database Engine that could allow remote code execution on an affected system. An attacker who successfully exploited this vulnerability could take control of an affected system. An attacker could then install programs; view, change, or dele ... oval:org.secpod.oval:def:42345 A buffer overflow vulnerability exists in the Microsoft JET Database Engine that could allow remote code execution on an affected system. An attacker who successfully exploited this vulnerability could take control of an affected system. An attacker could then install programs; view, change, or dele ... oval:org.secpod.oval:def:41995 A race condition that could lead to a remote code execution vulnerability exists in NetBT Session Services when NetBT fails to maintain certain sequencing requirements. To exploit the vulnerability, an attacker needs to be able to send specially crafted NetBT Session Service packets to an impacted s ... oval:org.secpod.oval:def:41999 An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. To exploit this vulnerability, an attacker would have to log on to ... oval:org.secpod.oval:def:41998 A information disclosure vulnerability exists when the Windows GDI+ component improperly discloses kernel memory addresses. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. To exploit this vulnerability, an attacker would have ... oval:org.secpod.oval:def:41997 An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delet ... oval:org.secpod.oval:def:41996 A spoofing vulnerability exists in Microsoft's implementation of the Bluetooth stack. An attacker who successfully exploited this vulnerability could perform a man-in-the-middle attack and force a user's computer to unknowingly route traffic through the attacker's computer. The attacker can then mon ... oval:org.secpod.oval:def:42717 A denial of service vulnerability exists when Windows Search improperly handles objects in memory. An attacker who successfully exploited the vulnerability could cause a remote denial of service against a system. To exploit the vulnerability, the attacker could send specially crafted messages to th ... oval:org.secpod.oval:def:42716 An information vulnerability exists when Windows Media Player improperly discloses file information. Successful exploitation of the vulnerability could allow the attacker to test for the presence of files on disk. To exploit the vulnerability, an attacker would have to log onto an affected system a ... oval:org.secpod.oval:def:42719 An information disclosure vulnerability exists when the Windows kernel fails to properly initialize a memory address. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. To exploit this vulnerability, an attacker would have to l ... oval:org.secpod.oval:def:42724 An information disclosure vulnerability exists when the Windows kernel fails to properly initialize a memory address. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. To exploit this vulnerability, an attacker would have to l ... oval:org.secpod.oval:def:42723 An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new a ... oval:org.secpod.oval:def:42729 An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory. To exploit this vulnerability, an authenticated attacker could run a specially crafted application. An attacker who successfully exploited this vulnerability could obtain information to ... oval:org.secpod.oval:def:42728 An information disclosure vulnerability exists when the Windows kernel fails to properly initialize a memory address. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. To exploit this vulnerability, an attacker would have to l ... oval:org.secpod.oval:def:42726 A Win32k information disclosure vulnerability exists when the Windows GDI component improperly discloses kernel memory addresses. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. To exploit this vulnerability, an attacker woul ... oval:org.secpod.oval:def:42081 A remote code execution vulnerability exists when Microsoft .NET Framework processes untrusted input. An attacker who successfully exploited this vulnerability in software using the .NET framework could take control of an affected system. An attacker could then install programs; view, change, or del ... oval:org.secpod.oval:def:42058 A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; ... oval:org.secpod.oval:def:42002 A information disclosure vulnerability exists when the Windows GDI+ component improperly discloses kernel memory addresses. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. To exploit this vulnerability, an attacker would have ... oval:org.secpod.oval:def:42000 An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. To exploit this vulnerability, an attacker would have to log on to ... oval:org.secpod.oval:def:42003 An information disclosure vulnerability exists when the Microsoft Windows Graphics Component improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. To exploit this vulnerability, an attacker wou ... oval:org.secpod.oval:def:42008 An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface+ (GDI+) handles objects in memory, allowing an attacker to retrieve information from a targeted system. By itself, the information disclosure does not allow arbitrary code execution; however, it cou ... oval:org.secpod.oval:def:42007 An Information disclosure vulnerability exists in Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (KASLR) bypass. An attacker who successfully exploited this vulnerability could retrieve the memory address of a kernel ... oval:org.secpod.oval:def:42010 A remote code execution vulnerability exists when Windows Shell does not properly validate file copy destinations. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, ... oval:org.secpod.oval:def:42016 An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. To exploit this vulnerability, an attacker would have to log on to ... oval:org.secpod.oval:def:42015 An information disclosure vulnerability exists when the Windows kernel fails to properly initialize a memory address, allowing an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (KASLR) bypass. An attacker who successfully exploited this vulnerability ... oval:org.secpod.oval:def:42024 An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or ... oval:org.secpod.oval:def:41652 An information disclosure vulnerability exists when the win32k component improperly provides kernel information. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system.To exploit this vulnerability, an attacker would have to log on to ... oval:org.secpod.oval:def:41644 An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or ... oval:org.secpod.oval:def:41645 A remote code execution vulnerability exists when Windows Search handles objects in memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full use ... oval:org.secpod.oval:def:41648 An elevation of privilege vulnerability exists when the Windows Common Log File System (CLFS) driver improperly handles objects in memory.In a local attack scenario, an attacker could exploit this vulnerability by running a specially crafted application to take control of the affected system. An att ... oval:org.secpod.oval:def:41650 This security update resolves a vulnerability in Windows Error Reporting (WER). The vulnerability could allow elevation of privilege if successfully exploited by an attacker. An attacker who successfully exploited this vulnerability could gain greater access to sensitive information and system funct ... oval:org.secpod.oval:def:44969 A denial of service vulnerability exists in the way that Windows SNMP Service handles malformed SNMP traps. An attacker who successfully exploited the vulnerability could cause a target system to stop responding. Note that the denial of service condition would not allow an attacker to execute code ... oval:org.secpod.oval:def:44979 An information disclosure vulnerability exists in the Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (ASLR) bypass. An attacker who successfully exploited the vulnerability could retrieve the memory address of a kern ... oval:org.secpod.oval:def:44980 An information disclosure vulnerability exists in the Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (ASLR) bypass. An attacker who successfully exploited the vulnerability could retrieve the memory address of a kern ... oval:org.secpod.oval:def:44981 An information disclosure vulnerability exists in the Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (ASLR) bypass. An attacker who successfully exploited the vulnerability could retrieve the memory address of a kern ... oval:org.secpod.oval:def:43873 An information disclosure vulnerability exists when VBScript improperly discloses the contents of its memory, which could provide an attacker with information to further compromise the users computer or data. To exploit the vulnerability, an attacker must know the memory address of where the object ... oval:org.secpod.oval:def:43848 An elevation of privilege vulnerability exists in the way that the Windows Kernel handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. To exploit the vulnerability, a locally authenticated attacker could run a specially cr ... oval:org.secpod.oval:def:43851 An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. To exploit this vulnerability, an attacker would have to log on to ... oval:org.secpod.oval:def:43856 An elevation of privilege vulnerability exists in the way that the Windows Kernel handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. To exploit the vulnerability, a locally authenticated attacker could run a specially cr ... oval:org.secpod.oval:def:43860 A remote code execution vulnerability exists in StructuredQuery when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative us ... oval:org.secpod.oval:def:43865 An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. To exploit this vulnerability, an attacker would have to log on to ... oval:org.secpod.oval:def:43864 An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. To exploit this vulnerability, an attacker would have to log on to ... oval:org.secpod.oval:def:43869 An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new a ... oval:org.secpod.oval:def:43872 An elevation of privilege vulnerability exists when the Windows Common Log File System (CLFS) driver improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context. To exploit the vulnerability, an attacker would first have ... oval:org.secpod.oval:def:43871 An elevation of privilege vulnerability exists when the Windows Common Log File System (CLFS) driver improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context. To exploit the vulnerability, an attacker would first have ... oval:org.secpod.oval:def:43919 Microsoft has deprecated the Document Signing functionality in XPS Viewer. This functionality relied upon the SHA-1 algorithm and is part of the overall effort to remove this algorithm from Windows products. This change impacts XPS Viewer on all supported versions of Windows oval:org.secpod.oval:def:43168 An information disclosure vulnerability exists when the Windows its:// protocol handler unnecessarily sends traffic to a remote site in order to determine the zone of a provided URL. This could potentially result in the disclosure of sensitive information to a malicious site. To exploit the vulnera ... oval:org.secpod.oval:def:43166 A remote code execution vulnerability exists in RPC if the server has Routing and Remote Access enabled. An attacker who successfully exploited this vulnerability could execute code on the target system. An attacker could then install programs; view, change, or delete data; or create new accounts wi ... oval:org.secpod.oval:def:44605 An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory. To exploit this vulnerability, an authenticated attacker could run a specially crafted application. An attacker who successfully exploited this vulnerability could obtain information to ... oval:org.secpod.oval:def:44606 An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory. To exploit this vulnerability, an authenticated attacker could run a specially crafted application. An attacker who successfully exploited this vulnerability could obtain information to ... oval:org.secpod.oval:def:44607 An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory. To exploit this vulnerability, an authenticated attacker could run a specially crafted application. An attacker who successfully exploited this vulnerability could obtain information to ... oval:org.secpod.oval:def:44609 An elevation of privilege vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete da ... oval:org.secpod.oval:def:44616 A remote code execution vulnerability exists when Windows Shell does not properly validate file copy destinations. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, ... oval:org.secpod.oval:def:44610 An elevation of privilege vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete da ... oval:org.secpod.oval:def:44611 An elevation of privilege vulnerability exists in the Windows Installer when the Windows Installer fails to properly sanitize input leading to an insecure library loading behavior. A locally authenticated attacker could run arbitrary code with elevated system privileges. An attacker could then inst ... oval:org.secpod.oval:def:44613 An information disclosure vulnerability exists when Windows Remote Assistance incorrectly processes XML External Entities (XXE). An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. To exploit this condition, an attacker would ne ... oval:org.secpod.oval:def:44625 An information disclosure vulnerability exists in the Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (ASLR) bypass. An attacker who successfully exploited the vulnerability could retrieve the memory address of a kern ... oval:org.secpod.oval:def:44626 An information disclosure vulnerability exists in the Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (ASLR) bypass. An attacker who successfully exploited the vulnerability could retrieve the memory address of a kern ... oval:org.secpod.oval:def:44627 An information disclosure vulnerability exists in the Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (ASLR) bypass. An attacker who successfully exploited the vulnerability could retrieve the memory address of a kern ... oval:org.secpod.oval:def:44628 An information disclosure vulnerability exists in the Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (ASLR) bypass. An attacker who successfully exploited the vulnerability could retrieve the memory address of a kern ... oval:org.secpod.oval:def:44621 An information disclosure vulnerability exists in the Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (ASLR) bypass. An attacker who successfully exploited the vulnerability could retrieve the memory address of a kern ... oval:org.secpod.oval:def:44622 An information disclosure vulnerability exists in the Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (ASLR) bypass. An attacker who successfully exploited the vulnerability could retrieve the memory address of a kern ... oval:org.secpod.oval:def:44623 An information disclosure vulnerability exists in the Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (ASLR) bypass. An attacker who successfully exploited the vulnerability could retrieve the memory address of a kern ... oval:org.secpod.oval:def:44624 An information disclosure vulnerability exists in the Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (ASLR) bypass. An attacker who successfully exploited the vulnerability could retrieve the memory address of a kern ... oval:org.secpod.oval:def:44630 An information disclosure vulnerability exists in the Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (ASLR) bypass. An attacker who successfully exploited the vulnerability could retrieve the memory address of a kern ... oval:org.secpod.oval:def:44634 An elevation of privilege vulnerability exists in Windows when the Microsoft Video Control mishandles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in system mode. An attacker could then install programs; view, change, or delete data; or creat ... oval:org.secpod.oval:def:43406 An elevation of privilege vulnerability exists in the Microsoft Server Message Block (SMB) Server when an attacker with valid credentials attempts to open a specially crafted file over the SMB protocol on the same machine. An attacker who successfully exploited this vulnerability could bypass certai ... oval:org.secpod.oval:def:43405 An elevation of privilege vulnerability exists in the way that the Windows Kernel API enforces permissions. An attacker who successfully exploited the vulnerability could impersonate processes, interject cross-process communication, or interrupt system functionality. To exploit the vulnerability, a ... oval:org.secpod.oval:def:43404 An information disclosure vulnerability exists in the Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (ASLR) bypass. An attacker who successfully exploited the vulnerability could retrieve the memory address of a kern ... oval:org.secpod.oval:def:43411 An information disclosure vulnerability exists in Windows Adobe Type Manager Font Driver (ATMFD.dll) when it fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could potentially read data that was not intended to be disclosed. Note that this vulner ... oval:org.secpod.oval:def:43459 A Denial of Service vulnerability exists when .NET, and .NET core, improperly process XML documents. An attacker who successfully exploited this vulnerability could cause a denial of service against a .NET application. A remote unauthenticated attacker could exploit this vulnerability by issuing spe ... oval:org.secpod.oval:def:43461 A security feature bypass vulnerability exists when Microsoft .NET Framework (and .NET Core) components do not completely validate certificates. An attacker could present a certificate that is marked invalid for a specific use, but the component uses it for that purpose. This action disregards the E ... oval:org.secpod.oval:def:45382 An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or ... oval:org.secpod.oval:def:45387 A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability ... oval:org.secpod.oval:def:45384 An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or ... oval:org.secpod.oval:def:45385 An elevation of privilege vulnerability exists when the Windows Common Log File System (CLFS) driver improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context. To exploit the vulnerability, an attacker would first have ... oval:org.secpod.oval:def:45368 A remote code execution vulnerability exists in Microsoft COM for Windows when it fails to properly handle serialized objects. An attacker who successfully exploited the vulnerability could use a specially crafted file or script to perform actions. In an email attack scenario, an attacker could exp ... oval:org.secpod.oval:def:45379 A remote code execution vulnerability exists in the way that Windows handles objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary code with elevated permissions on a target system. To exploit the vulnerability, an attacker who has a domain user account ... oval:org.secpod.oval:def:45374 An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or ... oval:org.secpod.oval:def:45375 An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. To exploit this vulnerability, an attacker would have to log on to ... oval:org.secpod.oval:def:44982 An information disclosure vulnerability exists in the Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (ASLR) bypass. An attacker who successfully exploited the vulnerability could retrieve the memory address of a kern ... oval:org.secpod.oval:def:44983 An information disclosure vulnerability exists in the Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (ASLR) bypass. An attacker who successfully exploited the vulnerability could retrieve the memory address of a kern ... oval:org.secpod.oval:def:44988 A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability ... oval:org.secpod.oval:def:44989 An elevation of privilege vulnerability exists in Windows Adobe Type Manager Font Driver (ATMFD.dll) when it fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code and take control of an affected system. An attacker could th ... oval:org.secpod.oval:def:44984 An information disclosure vulnerability exists in the Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (ASLR) bypass. An attacker who successfully exploited the vulnerability could retrieve the memory address of a kern ... oval:org.secpod.oval:def:44985 An information disclosure vulnerability exists in the Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (ASLR) bypass. An attacker who successfully exploited the vulnerability could retrieve the memory address of a kern ... oval:org.secpod.oval:def:44986 A denial of service vulnerability exists in Remote Desktop Protocol (RDP) when an attacker connects to the target system using RDP and sends specially crafted requests. An attacker who successfully exploited this vulnerability could cause the RDP service on the target system to stop responding. To e ... oval:org.secpod.oval:def:44987 A buffer overflow vulnerability exists in the Microsoft JET Database Engine that could allow remote code execution on an affected system. An attacker who successfully exploited this vulnerability could take control of an affected system. An attacker could then install programs; view, change, or dele ... oval:org.secpod.oval:def:44991 A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploited the vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; o ... oval:org.secpod.oval:def:44992 A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploited the vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; o ... oval:org.secpod.oval:def:44993 A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploited the vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; o ... oval:org.secpod.oval:def:44994 A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploited the vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; o ... oval:org.secpod.oval:def:44995 A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploited the vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; o ... oval:org.secpod.oval:def:44996 A denial of service vulnerability exists in the way that Windows handles objects in memory. An attacker who successfully exploited the vulnerability could cause a target system to stop responding. Note that the denial of service condition would not allow an attacker to execute code or to elevate use ... oval:org.secpod.oval:def:45407 A security feature bypass vulnerability exists in .Net Framework which could allow an attacker to bypass Device Guard. An attacker who successfully exploited this vulnerability could circumvent a User Mode Code Integrity (UMCI) policy on the machine. To exploit the vulnerability, an attacker would f ... oval:org.secpod.oval:def:45408 A denial of service vulnerability exists when .NET and .NET Core improperly process XML documents. An attacker who successfully exploited this vulnerability could cause a denial of service against a .NET application. A remote unauthenticated attacker could exploit this vulnerability by issuing speci ... oval:org.secpod.oval:def:46006 A denial of service vulnerability exists in the way that the Windows Code Integrity Module performs hashing. An attacker who successfully exploited the vulnerability could cause a system to stop responding. Note that the denial of service condition would not allow an attacker to execute code or to ... oval:org.secpod.oval:def:46005 An elevation of privilege vulnerability exists when NTFS improperly checks access. An attacker who successfully exploited this vulnerability could run processes in an elevated context. To exploit the vulnerability, an attacker would first have to log on to the system, and then run a specially craft ... oval:org.secpod.oval:def:46009 An elevation of privilege vulnerability exists when the (Human Interface Device) HID Parser Library driver improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context. To exploit the vulnerability, an attacker would firs ... oval:org.secpod.oval:def:46013 An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. To exploit this vulnerability, an attacker would have to log on to ... oval:org.secpod.oval:def:46012 A denial of service vulnerability exists when Windows improperly handles objects in memory. An attacker who successfully exploited the vulnerability could cause a target system to stop responding. To exploit this vulnerability, an attacker would have to log on to an affected system and run a specia ... oval:org.secpod.oval:def:46028 A remote code execution vulnerability exists in Windows Domain Name System (DNS) DNSAPI.dll when it fails to properly handle DNS responses. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the Local System Account. To exploit the vulnerability, the ... oval:org.secpod.oval:def:46033 A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory. An attacker who successfully exploited the vulnerability could install programs; view, change, or delete data; or create new accounts with full user rights. There are multiple ways an attack ... oval:org.secpod.oval:def:46367 A denial of service vulnerability exists in Windows Domain Name System (DNS) DNSAPI.dll when it fails to properly handle DNS responses. An attacker who successfully exploited the vulnerability could cause a system to stop responding. Note that the denial of service condition would not allow an attac ... oval:org.secpod.oval:def:46366 An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delet ... oval:org.secpod.oval:def:46369 An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new a ... oval:org.secpod.oval:def:46368 A security feature bypass vulnerability exists when Microsoft WordPad improperly handles embedded OLE objects. An attacker who successfully exploited the vulnerability could bypass content blocking. In a file-sharing attack scenario, an attacker could provide a specially crafted document file desig ... oval:org.secpod.oval:def:46364 A denial of service vulnerability exists when Windows improperly handles File Transfer Protocol (FTP) connections. An attacker who successfully exploited the vulnerability could cause a target system to stop responding. To exploit the vulnerability, an unauthenticated attacker could send specially ... oval:org.secpod.oval:def:46370 A denial of service vulnerability exists when Windows improperly handles objects in memory. An attacker who successfully exploited the vulnerability could cause a target system to stop responding. To exploit this vulnerability, an attacker would have to log on to an affected system and run a specia ... oval:org.secpod.oval:def:46373 An elevation of privilege vulnerability exists in .NET Framework which could allow an attacker to elevate their privilege level. To exploit the vulnerability, an attacker would first have to access the local machine, and then run a malicious program. The update addresses the vulnerability by correct ... oval:org.secpod.oval:def:46376 A Remote Code Execution vulnerability exists in .NET software when the software fails to check the source markup of a file. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user ... oval:org.secpod.oval:def:46375 A remote code execution vulnerability exists when the Microsoft .NET Framework fails to validate input properly. An attacker who successfully exploited this vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new ac ... oval:org.secpod.oval:def:47128 An elevation of privilege vulnerability exists in the Windows Installer when the Windows Installer fails to properly sanitize input leading to an insecure library loading behavior. A locally authenticated attacker could run arbitrary code with elevated system privileges. An attacker could then inst ... oval:org.secpod.oval:def:47127 A remote code execution vulnerability exists in "Microsoft COM for Windows" when it fails to properly handle serialized objects. An attacker who successfully exploited the vulnerability could use a specially crafted file or script to perform actions. In an email attack scenario, an attack ... oval:org.secpod.oval:def:47129 A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploited the vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; o ... oval:org.secpod.oval:def:47130 A remote code execution vulnerability exists in Microsoft Windows that could allow remote code execution if a .LNK file is processed. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user r ... oval:org.secpod.oval:def:47136 An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit ... oval:org.secpod.oval:def:47133 An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit ... oval:org.secpod.oval:def:47132 An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. To exploit this vulnerability, an attacker would have to log on to ... oval:org.secpod.oval:def:47141 An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. To exploit this vulnerability, an attacker would have to log on to ... oval:org.secpod.oval:def:47148 An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or ... oval:org.secpod.oval:def:47143 An elevation of privilege vulnerability exists in the Network Driver Interface Specification (NDIS) when ndis.sys fails to check the length of a buffer prior to copying memory to it. To exploit the vulnerability, in a local attack scenario, an attacker could run a specially crafted application to e ... oval:org.secpod.oval:def:47153 An information disclosure vulnerability exists in Microsoft .NET Framework that could allow an attacker to access information in multi-tenant environments. The vulnerability is caused when .NET Framework is used in high-load/high-density network connections where content from one stream can blend in ... oval:org.secpod.oval:def:49098 A remote code execution vulnerability exists when Windows Search handles objects in memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full use ... oval:org.secpod.oval:def:49095 An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory. To exploit this vulnerability, an authenticated attacker could run a specially crafted application. An attacker who successfully exploited this vulnerability could obtain information to ... oval:org.secpod.oval:def:47438 A buffer overflow vulnerability exists in the Microsoft JET Database Engine that could allow remote code execution on an affected system. An attacker who successfully exploited this vulnerability could take control of an affected system. An attacker could then install programs; view, change, or dele ... oval:org.secpod.oval:def:47437 A buffer overflow vulnerability exists in the Microsoft JET Database Engine that could allow remote code execution on an affected system. An attacker who successfully exploited this vulnerability could take control of an affected system. An attacker could then install programs; view, change, or dele ... oval:org.secpod.oval:def:47439 An elevation of privilege vulnerability exists when the Windows Kernel API improperly handles registry objects in memory. An attacker who successfully exploited the vulnerability could gain elevated privileges on a targeted system. A locally authenticated attacker could exploit this vulnerability by ... oval:org.secpod.oval:def:47444 An information disclosure vulnerability exists when the Windows Graphics component improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. An authenticated attacker could exploit this vulnerabili ... oval:org.secpod.oval:def:47441 A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input. An attacker who successfully exploited the vulnerability could run malicious code remotely to take control of the users system. To exploit the vulnerability, an attacker could host a ... oval:org.secpod.oval:def:47440 An information disclosure vulnerability exists when the Windows kernel fails to properly initialize a memory address. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. To exploit this vulnerability, an attacker would have to lo ... oval:org.secpod.oval:def:47443 An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit t ... oval:org.secpod.oval:def:47457 An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. To exploit this vulnerability, an attacker would have to log on to a ... oval:org.secpod.oval:def:47451 An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (ALPC). An attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the local system. An attacker could then install programs; view, ... oval:org.secpod.oval:def:47454 An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. An authenticated attacker could exploit this vulnerability by runnin ... oval:org.secpod.oval:def:47453 An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. An authenticated attacker could exploit this vulnerability by runnin ... oval:org.secpod.oval:def:47461 An elevation of privilege vulnerability exists when Windows, allowing a sandbox escape. An attacker who successfully exploited the vulnerability could use the sandbox escape to elevate privileges on an affected system. This vulnerability by itself does not allow arbitrary code execution. However, th ... oval:org.secpod.oval:def:47463 A remote code execution vulnerability exists when Microsoft .NET Framework processes untrusted input. An attacker who successfully exploited this vulnerability in software using the .NET framework could take control of an affected system. An attacker could then install programs; view, change, or del ... oval:org.secpod.oval:def:47462 A remote code execution vulnerability exists when Windows does not properly handle specially crafted image files. An attacker who successfully exploited the vulnerability could execute arbitrary code. To exploit the vulnerability, an attacker would have to convince a user to download an image file. ... oval:org.secpod.oval:def:47433 A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; ... oval:org.secpod.oval:def:47432 An information disclosure vulnerability exists in Windows when the Windows bowser.sys kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could potentially disclose contents of System memory. To exploit this vulnerability, an attack ... oval:org.secpod.oval:def:49106 A remote code execution vulnerability exists in the way that Microsoft Graphics Components handle objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary code on a target system. To exploit the vulnerability, a user would have to open a specially crafted ... oval:org.secpod.oval:def:49111 An information disclosure vulnerability exists when the win32k component improperly provides kernel information. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. To exploit this vulnerability, an attacker would have to log on ... oval:org.secpod.oval:def:50728 An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or ... oval:org.secpod.oval:def:50961 An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory. To exploit this vulnerability, an authenticated attacker could run a specially crafted application. An attacker who successfully exploited this vulnerability could obtain information to f ... oval:org.secpod.oval:def:57275 An elevation of privilege vulnerability exists in Microsoft Windows where a certain dll, with Local Service privilege, is vulnerable to race planting a customized dll.An attacker who successfully exploited this vulnerability could potentially elevate privilege to SYSTEM.The update addresses this vul ... oval:org.secpod.oval:def:57887 A memory corruption vulnerability exists in the Windows DHCP client when an attacker sends specially crafted DHCP responses to a client. An attacker who successfully exploited the vulnerability could run arbitrary code on the client machine.To exploit the vulnerability, an attacker could send specia ... oval:org.secpod.oval:def:58467 An information disclosure vulnerability exists when DirectX improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system.An authenticated attacker could exploit this vulnerability by running a speciall ... oval:org.secpod.oval:def:59668 An elevation of privilege vulnerability exists when the Windows Graphics Component improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context.In a local attack scenario, an attacker could exploit this vulnerability by ru ... oval:org.secpod.oval:def:59867 An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or ... oval:org.secpod.oval:def:47904 An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or ... oval:org.secpod.oval:def:47903 A remote code execution vulnerability exists in the Microsoft JET Database Engine. An attacker who successfully exploited this vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. ... oval:org.secpod.oval:def:47906 An information disclosure vulnerability exists when Windows Media Player improperly discloses file information. Successful exploitation of the vulnerability could allow an attacker to determine the presence of files on disk. To exploit the vulnerability, a user would have to open a specially crafte ... oval:org.secpod.oval:def:47905 An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory, allowing an attacker to retrieve information from a targeted system. By itself, the information disclosure does not allow arbitrary code execution; however, it could ... oval:org.secpod.oval:def:47900 An Elevation of Privilege vulnerability exists in Filter Manager when it improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute elevated code and take control of an affected system. An attacker could then install programs; view, change, or delet ... oval:org.secpod.oval:def:47902 A remote code execution vulnerability exists when "Windows Theme API" does not properly decompress files. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, ... oval:org.secpod.oval:def:47901 An elevation of privilege vulnerability exists when NTFS improperly checks access. An attacker who successfully exploited this vulnerability could run processes in an elevated context. To exploit the vulnerability, an attacker would first have to log on to the system, and then run a specially craft ... oval:org.secpod.oval:def:47907 An information disclosure vulnerability exists when Windows Media Player improperly discloses file information. Successful exploitation of the vulnerability could allow an attacker to determine the presence of files on disk. To exploit the vulnerability, a user would have to open a specially crafte ... oval:org.secpod.oval:def:47909 An information disclosure vulnerability exists when DirectX improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. An authenticated attacker could exploit this vulnerability by running a specia ... oval:org.secpod.oval:def:49693 An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit t ... oval:org.secpod.oval:def:49694 An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit t ... oval:org.secpod.oval:def:49691 An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. To exploit this vulnerability, an attacker would have to log on to a ... oval:org.secpod.oval:def:49692 An information disclosure vulnerability exists when Remote Procedure Call runtime improperly initializes objects in memory. To exploit this vulnerability, an authenticated attacker could run a specially crafted application. An attacker who successfully exploited this vulnerability could obtain infor ... oval:org.secpod.oval:def:49696 An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new a ... oval:org.secpod.oval:def:49705 An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delet ... oval:org.secpod.oval:def:49704 An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or ... oval:org.secpod.oval:def:49716 A denial of service vulnerability exists when .NET Framework improperly handles special web requests. An attacker who successfully exploited this vulnerability could cause a denial of service against an .NET Framework web application. The vulnerability can be exploited remotely, without authenticati ... oval:org.secpod.oval:def:49717 A remote code execution vulnerability exists when the Microsoft .NET Framework fails to validate input properly. An attacker who successfully exploited this vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new ac ... oval:org.secpod.oval:def:47914 A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input. An attacker who successfully exploited the vulnerability could run malicious code remotely to take control of the users system. To exploit the vulnerability, an attacker could host a ... oval:org.secpod.oval:def:47927 A remote code execution vulnerability exists in the way that Microsoft Graphics Components handle objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary code on a target system. To exploit the vulnerability, a user would have to open a specially crafted f ... oval:org.secpod.oval:def:50070 An information disclosure vulnerability exists in .NET Framework and .NET Core which allows bypassing Cross-origin Resource Sharing (CORS) configurations. An attacker who successfully exploited the vulnerability could retrieve content, that is normally restricted, from a web application. oval:org.secpod.oval:def:50071 An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. To exploit this vulnerability, an attacker would have to log on to a ... oval:org.secpod.oval:def:50072 A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open ... oval:org.secpod.oval:def:50073 An elevation of privilege vulnerability exists when Windows improperly handles authentication requests. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could exploit this vulnerability by running a specially crafted application on the ... oval:org.secpod.oval:def:49092 A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability ... oval:org.secpod.oval:def:49096 A tampering vulnerability exists in PowerShell that could allow an attacker to execute unlogged code. To exploit this vulnerability, an attacker would need to log on to the affected system and run a specially crafted application. The security update addresses the vulnerability by correcting log mana ... oval:org.secpod.oval:def:49093 A remote code execution vulnerability exists when PowerShell improperly handles specially crafted files. An attacker who successfully exploited this vulnerability could execute malicious code on a vulnerable system. To exploit the vulnerability, an attacker must send a specially crafted file to a vu ... oval:org.secpod.oval:def:49094 An information disclosure vulnerability exists when Kernel Remote Procedure Call Provider driver improperly initializes objects in memory. To exploit this vulnerability, an authenticated attacker could run a specially crafted application. An attacker who successfully exploited this vulnerability co ... oval:org.secpod.oval:def:49100 An elevation of privilege vulnerability exists in the way that the Microsoft RemoteFX Virtual GPU miniport driver handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. To exploit the vulnerability, a locally authenticated a ... oval:org.secpod.oval:def:49105 An elevation of privilege exists in Windows COM Aggregate Marshaler. An attacker who successfully exploited the vulnerability could run arbitrary code with elevated privileges. To exploit the vulnerability, an attacker could run a specially crafted application that could exploit the vulnerability. ... oval:org.secpod.oval:def:49109 An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or ... oval:org.secpod.oval:def:44619 A remote code execution vulnerability exists in the Credential Security Support Provider protocol (CredSSP). An attacker who successfully exploited this vulnerability could relay user credentials and use them to execute code on the target system. CredSSP is an authentication provider which processe ... oval:org.secpod.oval:def:47899 An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. To exploit this vulnerability, an attacker would have to log on to ... oval:org.secpod.oval:def:50720 An information disclosure vulnerability exists when the Human Interface Devices (HID) component improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the victims system. To exploit the vulnerability, an attacker ... oval:org.secpod.oval:def:50721 An information disclosure vulnerability exists when the Human Interface Devices (HID) component improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the victims system. To exploit the vulnerability, an attacker ... oval:org.secpod.oval:def:50722 An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit t ... oval:org.secpod.oval:def:50723 An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit t ... oval:org.secpod.oval:def:50724 An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit t ... oval:org.secpod.oval:def:50725 A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delet ... oval:org.secpod.oval:def:50726 An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit t ... oval:org.secpod.oval:def:50727 An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. To exploit this vulnerability, an attacker would have to log on to a ... oval:org.secpod.oval:def:50729 A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open ... oval:org.secpod.oval:def:50731 An information disclosure vulnerability exists when the win32k component improperly provides kernel information. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. To exploit this vulnerability, an attacker would have to log on t ... oval:org.secpod.oval:def:50734 An information vulnerability exists when Windows improperly discloses file information. Successful exploitation of the vulnerability could allow the attacker to read the contents of files on disk. To exploit the vulnerability, an attacker would have to log onto an affected system and run a specially ... oval:org.secpod.oval:def:50738 An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit t ... oval:org.secpod.oval:def:50740 A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delet ... oval:org.secpod.oval:def:50709 A remote code execution vulnerability exists in .NET Framework and Visual Studio software when the software fails to check the source markup of a file. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged ... oval:org.secpod.oval:def:50710 A vulnerability exists in certain .Net Framework API's and Visual Studio in the way they parse URL's. An attacker who successfully exploited this vulnerability could use it to bypass security logic intended to ensure that a user-provided URL belonged to a specific hostname or a subdomain of that hos ... oval:org.secpod.oval:def:50711 A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 2.0 (SMBv2) server handles certain requests. An attacker who successfully exploited the vulnerability could gain the ability to execute code on the target server. To exploit the vulnerability, in most sit ... oval:org.secpod.oval:def:50713 A memory corruption vulnerability exists in the Windows Server DHCP service when an attacker sends specially crafted packets to a DHCP server. An attacker who successfully exploited the vulnerability could run arbitrary code on the DHCP server. To exploit the vulnerability, an attacker could send a ... oval:org.secpod.oval:def:50715 A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open ... oval:org.secpod.oval:def:50716 A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open ... oval:org.secpod.oval:def:50717 A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open ... oval:org.secpod.oval:def:50718 A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open ... oval:org.secpod.oval:def:50719 A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open ... oval:org.secpod.oval:def:50075 An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. To exploit this vulnerability, an attacker would have to log on to a ... oval:org.secpod.oval:def:50080 An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. To exploit this vulnerability, an attacker would have to log on to a ... oval:org.secpod.oval:def:50082 An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. An authenticated attacker could exploit this vulnerability by runnin ... oval:org.secpod.oval:def:51374 An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit ... oval:org.secpod.oval:def:51373 A remote code execution vulnerability exists in the way that Windows Deployment Services TFTP Server handles objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary code with elevated permissions on a target system. To exploit the vulnerability, an attac ... oval:org.secpod.oval:def:50090 A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open ... oval:org.secpod.oval:def:50091 A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open ... oval:org.secpod.oval:def:50092 A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open ... oval:org.secpod.oval:def:50093 A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open ... oval:org.secpod.oval:def:50094 A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open ... oval:org.secpod.oval:def:50095 A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open ... oval:org.secpod.oval:def:50096 A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open ... oval:org.secpod.oval:def:50097 A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open ... oval:org.secpod.oval:def:50088 A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open ... oval:org.secpod.oval:def:50089 A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open ... oval:org.secpod.oval:def:51375 A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to ope ... oval:org.secpod.oval:def:51377 An elevation of privilege vulnerability exists in Active Directory Forest trusts due to a default setting that lets an attacker in the trusting forest request delegation of a TGT for an identity from the trusted forest. To exploit this vulnerability, an attacker would first need to compromise an Act ... oval:org.secpod.oval:def:51390 An information disclosure vulnerability exists in the way that the Windows SMB Server handles certain requests. An authenticated attacker who successfully exploited this vulnerability could craft a special packet, which could lead to information disclosure from the server. To exploit the vulnerabil ... oval:org.secpod.oval:def:51392 A denial of service vulnerability exists when Windows improperly handles objects in memory. An attacker who successfully exploited the vulnerability could cause a target system to stop responding. To exploit this vulnerability, an attacker would have to log on to an affected system and run a specia ... oval:org.secpod.oval:def:51394 A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input. An attacker who successfully exploited the vulnerability could run malicious code remotely to take control of the users system. To exploit the vulnerability, an attacker could host a ... oval:org.secpod.oval:def:51393 An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. To exploit this vulnerability, an attacker would have to log on to ... oval:org.secpod.oval:def:51396 A remote code execution vulnerability exists in the way that comctl32.dll handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could g ... oval:org.secpod.oval:def:51395 An information disclosure vulnerability exists when the Windows Print Spooler does not properly handle objects in memory. An attacker who successfully exploited this vulnerability could use the information to further exploit the victim system. To exploit this vulnerability, an attacker would have t ... oval:org.secpod.oval:def:51389 An information disclosure vulnerability exists in the way that the Windows SMB Server handles certain requests. An authenticated attacker who successfully exploited this vulnerability could craft a special packet, which could lead to information disclosure from the server. To exploit the vulnerabil ... oval:org.secpod.oval:def:51388 An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. To exploit this vulnerability, an attacker would have to log on to ... oval:org.secpod.oval:def:51398 An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory. To exploit this vulnerability, an authenticated attacker could run a specially crafted application. An attacker who successfully exploited this vulnerability could obtain information to ... oval:org.secpod.oval:def:51399 A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability ... oval:org.secpod.oval:def:51400 An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit ... oval:org.secpod.oval:def:51401 An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. To exploit this vulnerability, an attacker would have to log on to ... oval:org.secpod.oval:def:51404 A remote code execution vulnerability exists in the way that the ActiveX Data objects (ADO) handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vul ... oval:org.secpod.oval:def:51403 An information disclosure vulnerability exists when the Windows kernel fails to properly initialize a memory address. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. To exploit this vulnerability, an attacker would have to l ... oval:org.secpod.oval:def:51407 An information disclosure vulnerability exists in the way that the Windows SMB Server handles certain requests. An authenticated attacker who successfully exploited this vulnerability could craft a special packet, which could lead to information disclosure from the server. To exploit the vulnerabil ... oval:org.secpod.oval:def:54171 An elevation of privilege vulnerability exists when Windows improperly handles calls to the LUAFV driver (luafv.sys). An attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the local system. An attacker could then install programs; view, change, ... oval:org.secpod.oval:def:54174 An information disclosure vulnerability exists when the Terminal Services component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise a users system.To exploit this vulnerability, an attacker would ... oval:org.secpod.oval:def:54173 An information disclosure vulnerability exists when Windows Task Scheduler improperly discloses credentials to Windows Credential Manager. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. An attacker could then install programs ... oval:org.secpod.oval:def:54178 An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system.To exploit this vulnerability, an attacker would have to log on to an ... oval:org.secpod.oval:def:54179 A remote code execution vulnerability exists when the IOleCvt interface renders ASP webpage content. An attacker who successfully exploited the vulnerability could run malicious code remotely to take control of the users system.In a web-based attack scenario, an attacker could host a specially craft ... oval:org.secpod.oval:def:54177 A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability ... oval:org.secpod.oval:def:54169 An elevation of privilege vulnerability exists when Windows improperly handles calls to the LUAFV driver (luafv.sys). An attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the local system. An attacker could then install programs; view, change, ... oval:org.secpod.oval:def:54181 A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system.An attacker could exploit this vulnerability by enticing a victim to open ... oval:org.secpod.oval:def:54182 An information disclosure vulnerability exists when the win32k component improperly provides kernel information. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system.To exploit this vulnerability, an attacker would have to log on to ... oval:org.secpod.oval:def:54180 A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system.An attacker could exploit this vulnerability by enticing a victim to open ... oval:org.secpod.oval:def:54185 A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delet ... oval:org.secpod.oval:def:54186 A remote code execution vulnerability exists when Windows improperly handles objects in memory. An attacker who successfully exploited the vulnerability could take control of an affected system.To exploit the vulnerability, an authenticated attacker could connect via the Windows Remote Registry Serv ... oval:org.secpod.oval:def:54183 An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system.There are multiple ways an attacker could exploit th ... oval:org.secpod.oval:def:54184 A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system.An attacker could exploit this vulnerability by enticing a victim to open ... oval:org.secpod.oval:def:54187 An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or ... oval:org.secpod.oval:def:54188 A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system.An attacker could exploit this vulnerability by enticing a victim to open ... oval:org.secpod.oval:def:54156 An elevation of privilege vulnerability exists when Windows improperly handles calls to the LUAFV driver (luafv.sys). An attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the local system. An attacker could then install programs; view, change, ... oval:org.secpod.oval:def:54157 A security feature bypass vulnerability exists in Windows which could allow an attacker to bypass Device Guard when Windows improperly handles calls to the LUAFV driver (luafv.sys). An attacker who successfully exploited this vulnerability could circumvent a User Mode Code Integrity (UMCI) policy on ... oval:org.secpod.oval:def:54155 An elevation of privilege vulnerability exists when Windows improperly handles calls to the LUAFV driver (luafv.sys). An attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the local system. An attacker could then install programs; view, change, ... oval:org.secpod.oval:def:54163 A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input. An attacker who successfully exploited the vulnerability could run malicious code remotely to take control of the users system.To exploit the vulnerability, an attacker could host a s ... oval:org.secpod.oval:def:54164 A remote code execution vulnerability exists when OLE automation improperly handles objects in memory. An attacker who successfully exploited the vulnerability could gain execution on the victim system.To exploit the vulnerability, an attacker could host a specially crafted website designed to invok ... oval:org.secpod.oval:def:54161 A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input. An attacker who successfully exploited the vulnerability could run malicious code remotely to take control of the users system.To exploit the vulnerability, an attacker could host a s ... oval:org.secpod.oval:def:54162 A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input. An attacker who successfully exploited the vulnerability could run malicious code remotely to take control of the users system.To exploit the vulnerability, an attacker could host a s ... oval:org.secpod.oval:def:54167 An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system.There are multiple ways an attacker could exploit th ... oval:org.secpod.oval:def:54168 An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or ... oval:org.secpod.oval:def:54165 A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input. An attacker who successfully exploited the vulnerability could run malicious code remotely to take control of the users system.To exploit the vulnerability, an attacker could host a s ... oval:org.secpod.oval:def:54166 An elevation of privilege vulnerability exists when Windows improperly handles calls to the LUAFV driver (luafv.sys). An attacker who successfully exploited this vulnerability could set the short name of a file with a long name to an arbitrary short name, overriding the file system with limited priv ... oval:org.secpod.oval:def:54158 An elevation of privilege vulnerability exists when the Windows Client Server Run-Time Subsystem (CSRSS) fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code. An attacker could then install programs; view, change, or delete da ... oval:org.secpod.oval:def:54721 A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system.An attacker could exploit this vulnerability by enticing a victim to open ... oval:org.secpod.oval:def:54722 A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system.An attacker could exploit this vulnerability by enticing a victim to open ... oval:org.secpod.oval:def:54720 A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system.An attacker could exploit this vulnerability by enticing a victim to open ... oval:org.secpod.oval:def:54725 A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system.An attacker could exploit this vulnerability by enticing a victim to open ... oval:org.secpod.oval:def:54726 A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system.An attacker could exploit this vulnerability by enticing a victim to open ... oval:org.secpod.oval:def:54723 A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system.An attacker could exploit this vulnerability by enticing a victim to open ... oval:org.secpod.oval:def:54724 A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system.An attacker could exploit this vulnerability by enticing a victim to open ... oval:org.secpod.oval:def:54727 A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system.An attacker could exploit this vulnerability by enticing a victim to open ... oval:org.secpod.oval:def:54728 A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delet ... oval:org.secpod.oval:def:54732 An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system.There are multiple ways an attacker could exploit th ... oval:org.secpod.oval:def:54730 An elevation of privilege vulnerability exists in Microsoft Windows when Windows fails to properly handle certain symbolic links. An attacker who successfully exploited this vulnerability could potentially set certain items to run at a higher level and thereby elevate permissions.To exploit this vul ... oval:org.secpod.oval:def:54707 An elevation of privilege vulnerability exists in Microsoft Windows when a man-in-the-middle attacker is able to successfully decode and replace authentication request using Kerberos, allowing an attacker to be validated as an Administrator.The update addresses this vulnerability by changing how the ... oval:org.secpod.oval:def:54708 An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system.There are multiple ways an attacker could exploit th ... oval:org.secpod.oval:def:54709 An elevation of privilege vulnerability exists in the way Windows Error Reporting (WER) handles files. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with ... oval:org.secpod.oval:def:54710 An elevation of privilege vulnerability exists when the Windows Kernel improperly handles key enumeration. An attacker who successfully exploited the vulnerability could gain elevated privileges on a targeted system.A locally authenticated attacker could exploit this vulnerability by running a spec ... oval:org.secpod.oval:def:54711 An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system.There are multiple ways an attacker could exploit th ... oval:org.secpod.oval:def:54714 A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system.An attacker could exploit this vulnerability by enticing a victim to open ... oval:org.secpod.oval:def:54715 A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system.An attacker could exploit this vulnerability by enticing a victim to open ... oval:org.secpod.oval:def:54712 A remote code execution vulnerability exists when Microsoft Windows OLE fails to properly validate user input. An attacker could exploit the vulnerability to execute malicious code.To exploit the vulnerability, an attacker would have to convince a user to open a specially crafted file or a program, ... oval:org.secpod.oval:def:54718 A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system.An attacker could exploit this vulnerability by enticing a victim to open ... oval:org.secpod.oval:def:54719 A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system.An attacker could exploit this vulnerability by enticing a victim to open ... oval:org.secpod.oval:def:54716 A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system.An attacker could exploit this vulnerability by enticing a victim to open ... oval:org.secpod.oval:def:55380 A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system.An attacker could exploit this vulnerability by enticing a victim to open ... oval:org.secpod.oval:def:55381 A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system.An attacker could exploit this vulnerability by enticing a victim to open ... oval:org.secpod.oval:def:55382 A denial of service exists in Microsoft IIS Server when the optional request filtering feature improperly handles requests. An attacker who successfully exploited this vulnerability could perform a temporary denial of service against pages configured to use request filtering.To exploit this vulnerab ... oval:org.secpod.oval:def:55383 An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (ALPC).An attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the local system. An attacker could then install programs; view, ... oval:org.secpod.oval:def:55379 A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system.An attacker could exploit this vulnerability by enticing a victim to open ... oval:org.secpod.oval:def:55367 An elevation of privilege vulnerability exists in the Windows Installer when the Windows Installer fails to properly sanitize input leading to an insecure library loading behavior.A locally authenticated attacker could run arbitrary code with elevated system privileges. An attacker could then instal ... oval:org.secpod.oval:def:55374 A remote code execution vulnerability exists in the way that ActiveX Data Objects (ADO) handle objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary code with the victim users privileges.An attacker could craft a website that exploits the vulnerability a ... oval:org.secpod.oval:def:55377 A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system.An attacker could exploit this vulnerability by enticing a victim to open ... oval:org.secpod.oval:def:55378 A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system.An attacker could exploit this vulnerability by enticing a victim to open ... oval:org.secpod.oval:def:55375 A remote code execution vulnerability exists in the way that comctl32.dll handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could g ... oval:org.secpod.oval:def:55376 A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system.An attacker could exploit this vulnerability by enticing a victim to open ... oval:org.secpod.oval:def:54189 A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system.An attacker could exploit this vulnerability by enticing a victim to open ... oval:org.secpod.oval:def:57280 An information disclosure vulnerability exists when DirectWrite improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system.There are multiple ways an attacker could exploit the vulnerabilit ... oval:org.secpod.oval:def:57284 An information disclosure vulnerability exists when DirectWrite improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system.There are multiple ways an attacker could exploit the vulnerabilit ... oval:org.secpod.oval:def:57283 An information disclosure vulnerability exists when the win32k component improperly provides kernel information. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system.To exploit this vulnerability, an attacker would have to log on to ... oval:org.secpod.oval:def:57282 An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system.There are multiple ways an attacker could exploit th ... oval:org.secpod.oval:def:57281 An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system.There are multiple ways an attacker could exploit th ... oval:org.secpod.oval:def:57289 A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delet ... oval:org.secpod.oval:def:57290 An information disclosure vulnerability exists when the Windows RDP client improperly discloses the contents of its memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system.To exploit this vulnerability, an attacker would have ... oval:org.secpod.oval:def:57307 A remote code execution vulnerability exists in .NET software when the software fails to check the source markup of a file. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user ... oval:org.secpod.oval:def:57306 A denial of service vulnerability exists when Microsoft Common Object Runtime Library improperly handles web requests. An attacker who successfully exploited this vulnerability could cause a denial of service against a .NET web application. A remote unauthenticated attacker could exploit this vulner ... oval:org.secpod.oval:def:57872 An elevation of privilege exists in the p2pimsvc service where an attacker who successfully exploited the vulnerability could run arbitrary code with elevated privileges. To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially craft ... oval:org.secpod.oval:def:55384 An information disclosure vulnerability exists in the Windows Event Viewer (eventvwr.msc) when it improperly parses XML input containing a reference to an external entity. An attacker who successfully exploited this vulnerability could read arbitrary files via an XML external entity (XXE) declaratio ... oval:org.secpod.oval:def:55388 This security update corrects a denial of service in the Local Security Authority Subsystem Service (LSASS) caused when an authenticated attacker sends a specially crafted authentication request. A remote attacker who successfully exploited this vulnerability could cause a denial of service on the t ... oval:org.secpod.oval:def:55389 A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system.An attacker could exploit this vulnerability by enticing a victim to open ... oval:org.secpod.oval:def:55392 An elevation of privilege vulnerability exists when the Windows Common Log File System (CLFS) driver improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context.To exploit the vulnerability, an attacker would first have t ... oval:org.secpod.oval:def:55394 An elevation of privilege vulnerability exists when the Windows User Profile Service (ProfSvc) improperly handles symlinks. An attacker who successfully exploited this vulnerability could delete files and folders in an elevated context.To exploit this vulnerability, an attacker would first have to l ... oval:org.secpod.oval:def:55398 An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system.There are multiple ways an attacker could exploit th ... oval:org.secpod.oval:def:55400 An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system.There are multiple ways an attacker could exploit th ... oval:org.secpod.oval:def:55410 A denial of service vulnerability exists when Windows improperly handles objects in memory. An attacker who successfully exploited the vulnerability could cause a target system to stop responding.To exploit this vulnerability, an attacker would have to log on to an affected system and run a speciall ... oval:org.secpod.oval:def:55402 An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or ... oval:org.secpod.oval:def:55407 A security feature bypass vulnerability exists where a NETLOGON message is able to obtain the session key and sign messages.To exploit this vulnerability, an attacker could send a specially crafted authentication request. An attacker who successfully exploited this vulnerability could access another ... oval:org.secpod.oval:def:55405 An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or ... oval:org.secpod.oval:def:57262 An elevation of privilege exists in Windows Audio Service. An attacker who successfully exploited the vulnerability could run arbitrary code with elevated privileges.To exploit the vulnerability, an attacker could run a specially crafted application that could exploit the vulnerability. This vulnera ... oval:org.secpod.oval:def:57266 A remote code execution vulnerability exists in Remote Desktop Services formerly known as Terminal Services when an authenticated attacker abuses clipboard redirection. An attacker who successfully exploited this vulnerability could execute arbitrary code on the victim system. An attacker could th ... oval:org.secpod.oval:def:57273 An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system.To exploit this vulnerability, an attacker would have to log on to an ... oval:org.secpod.oval:def:57272 An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system.An authenticated attacker could exploit this vulnerability by running ... oval:org.secpod.oval:def:57277 An elevation of privilege vulnerability exists in rpcss.dll when the RPC service Activation Kernel improperly handles an RPC request.To exploit this vulnerability, a low level authenticated attacker could run a specially crafted application.The security update addresses this vulnerability by correct ... oval:org.secpod.oval:def:57276 An elevation of privilege vulnerability exists in the way that the wlansvc.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.To exploit the vulnerability, a locally authenticated attacker could run a specially crafted ... oval:org.secpod.oval:def:55414 An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory.To exploit this vulnerability, an authenticated attacker could run a specially crafted application. An attacker who successfully exploited this vulnerability could obtain information to fu ... oval:org.secpod.oval:def:55415 A tampering vulnerability exists in Microsoft Windows when a man-in-the-middle attacker is able to successfully bypass the NTLM MIC (Message Integrity Check) protection. An attacker who successfully exploited this vulnerability could gain the ability to downgrade NTLM security features.To exploit th ... oval:org.secpod.oval:def:55413 An elevation of privilege exists in Windows Audio Service. An attacker who successfully exploited the vulnerability could run arbitrary code with elevated privileges.To exploit the vulnerability, an attacker could run a specially crafted application that could exploit the vulnerability. This vulnera ... oval:org.secpod.oval:def:55419 An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system.There are multiple ways an attacker could exploit th ... oval:org.secpod.oval:def:55424 An elevation of privilege vulnerability exists when the Windows Shell fails to validate folder shortcuts. An attacker who successfully exploited the vulnerability could elevate privileges by escaping a sandbox.To exploit this vulnerability, an attacker would require unprivileged execution on the vic ... oval:org.secpod.oval:def:58053 A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open ... oval:org.secpod.oval:def:57882 A denial of service vulnerability exists when Windows improperly handles objects in memory. An attacker who successfully exploited the vulnerability could cause a target system to stop responding.To exploit this vulnerability, an attacker would have to log on to an affected system and run a speciall ... oval:org.secpod.oval:def:57877 A denial of service vulnerability exists when the XmlLite runtime (XmlLite.dll) improperly parses XML input. An attacker who successfully exploited this vulnerability could cause a denial of service against an XML application. A remote unauthenticated attacker could exploit this vulnerability by iss ... oval:org.secpod.oval:def:57893 A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploited the vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; o ... oval:org.secpod.oval:def:57892 An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise a users system.There are multiple ways an attacker could exploit the ... oval:org.secpod.oval:def:57890 An information disclosure vulnerability exists when the Windows Graphics component improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system.An authenticated attacker could exploit this vulnerabilit ... oval:org.secpod.oval:def:57897 An information disclosure vulnerability exists when the Microsoft Windows Graphics Component improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system.To exploit this vulnerability, an attacker would ... oval:org.secpod.oval:def:57896 A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system.An attacker could exploit this vulnerability by enticing a victim to open ... oval:org.secpod.oval:def:57895 A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system.An attacker could exploit this vulnerability by enticing a victim to open ... oval:org.secpod.oval:def:57894 A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploited the vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; o ... oval:org.secpod.oval:def:57889 A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input. An attacker who successfully exploited the vulnerability could run malicious code remotely to take control of the users system.To exploit the vulnerability, an attacker could host a s ... oval:org.secpod.oval:def:57899 A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploited the vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; o ... oval:org.secpod.oval:def:57898 A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploited the vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; o ... oval:org.secpod.oval:def:57918 An elevation of privilege vulnerability exists in the way that the ssdpsrv.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.To exploit the vulnerability, a locally authenticated attacker could run a specially crafted ... oval:org.secpod.oval:def:57917 An elevation of privilege vulnerability exists in the way that the rpcss.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.To exploit the vulnerability, a locally authenticated attacker could run a specially crafted a ... oval:org.secpod.oval:def:57930 A memory corruption vulnerability exists in the Windows Server DHCP service when processing specially crafted packets. An attacker who successfully exploited the vulnerability could cause the DHCP server service to stop responding.To exploit the vulnerability, a remote unauthenticated attacker could ... oval:org.secpod.oval:def:57922 A remote code execution vulnerability exists in Remote Desktop Services formerly known as Terminal Services when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests. This vulnerability is pre-authentication and requires no user interaction. An a ... oval:org.secpod.oval:def:57921 A remote code execution vulnerability exists in Remote Desktop Services formerly known as Terminal Services when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests. This vulnerability is pre-authentication and requires no user interaction. An a ... oval:org.secpod.oval:def:57901 A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploited the vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; o ... oval:org.secpod.oval:def:57900 A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploited the vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; o ... oval:org.secpod.oval:def:57905 A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system.An attacker could exploit this vulnerability by enticing a victim to open ... oval:org.secpod.oval:def:57904 A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system.An attacker could exploit this vulnerability by enticing a victim to open ... oval:org.secpod.oval:def:57902 An information disclosure vulnerability exists when the Microsoft Windows Graphics Component improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system.To exploit this vulnerability, an attacker would ... oval:org.secpod.oval:def:57909 An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new a ... oval:org.secpod.oval:def:57908 An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (ALPC).An attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the local system. An attacker could then install programs; view, ... oval:org.secpod.oval:def:57907 An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new a ... oval:org.secpod.oval:def:57906 An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise a users system.There are multiple ways an attacker could exploit the ... oval:org.secpod.oval:def:58457 An information disclosure vulnerability exists in Windows when the Windows SMB Client kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could potentially disclose contents of System memory. To exploit this vulnerability, an attack ... oval:org.secpod.oval:def:58451 An elevation of privilege vulnerability exists in Windows Text Service Framework (TSF) when the TSF server process does not validate the source of input or commands it receives. An attacker who successfully exploited this vulnerability could inject commands or read input sent through a malicious Inp ... oval:org.secpod.oval:def:58452 An elevation of privilege vulnerability exists in Microsoft Compatibility Appraiser where a configuration file, with local privileges, is vulnerable to symbolic link and hard link attacks. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attack ... oval:org.secpod.oval:def:58454 An elevation of privilege exists in hdAudio.sys which may lead to an out of band write. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could then install programs; view, change or delete data. To exploit this vulnerability, an attack ... oval:org.secpod.oval:def:58466 An elevation of privilege vulnerability exists in the way that ws2ifsl.sys (Winsock) handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated privileges.To exploit the vulnerability, a locally authenticated attacker could run a specially cr ... oval:org.secpod.oval:def:58468 An information disclosure vulnerability exists when the Windows Transaction Manager improperly handles objects in memory. An attacker who successfully exploited this vulnerability could potentially read data that was not intended to be disclosed.To exploit the vulnerability, an attacker would first ... oval:org.secpod.oval:def:58469 A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system.An attacker could exploit this vulnerability by enticing a victim to open ... oval:org.secpod.oval:def:58462 A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server. An attacker who successfully exploited this vulnerability could execute arbitrary code on the computer of the connecting client. An attacker could then install programs; view ... oval:org.secpod.oval:def:58465 An elevation of privilege vulnerability exists when the Windows Common Log File System (CLFS) driver improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context.To exploit the vulnerability, an attacker would first have t ... oval:org.secpod.oval:def:58470 A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system.An attacker could exploit this vulnerability by enticing a victim to open ... oval:org.secpod.oval:def:58430 A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open ... oval:org.secpod.oval:def:58930 An elevation of privilege vulnerability exists in Windows Error Reporting (WER) when WER handles and executes files. The vulnerability could allow elevation of privilege if an attacker can successfully exploit it.An attacker who successfully exploited the vulnerability could gain greater access to s ... oval:org.secpod.oval:def:58926 An elevation of privilege vulnerability exists when Windows Error Reporting manager improperly handles hard links. An attacker who successfully exploited this vulnerability could overwrite a targeted file leading to an elevated status.To exploit this vulnerability, an attacker would first have to lo ... oval:org.secpod.oval:def:58923 A tampering vulnerability exists in Microsoft Windows when a man-in-the-middle attacker is able to successfully bypass the NTLM MIC (Message Integrity Check) protection. An attacker who successfully exploited this vulnerability could gain the ability to downgrade NTLM security features.To exploit th ... oval:org.secpod.oval:def:58929 A spoofing vulnerability exists when Transport Layer Security (TLS) accesses non- Extended Master Secret (EMS) sessions. An attacker who successfully exploited this vulnerability may gain access to unauthorized information.To exploit the vulnerability, an attacker would have to conduct a man-in-the- ... oval:org.secpod.oval:def:58942 An elevation of privilege vulnerability exists when Windows Error Reporting manager improperly handles hard links. An attacker who successfully exploited this vulnerability could overwrite a targeted file leading to an elevated status.To exploit this vulnerability, an attacker would first have to lo ... oval:org.secpod.oval:def:58936 A denial of service vulnerability exists in Remote Desktop Protocol (RDP) when an attacker connects to the target system using RDP and sends specially crafted requests. An attacker who successfully exploited this vulnerability could cause the RDP service on the target system to stop responding.To ex ... oval:org.secpod.oval:def:58937 A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server. An attacker who successfully exploited this vulnerability could execute arbitrary code on the computer of the connecting client. An attacker could then install programs; view ... oval:org.secpod.oval:def:58935 An elevation of privilege vulnerability exists in the Windows redirected drive buffering system (rdbss.sys) when the operating system improperly handles specific local calls within Windows 7 for 32-bit systems. When this vulnerability is exploited within other versions of Windows it can cause a deni ... oval:org.secpod.oval:def:58951 A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system.An attacker could exploit this vulnerability by enticing a victim to open ... oval:org.secpod.oval:def:58952 A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system.An attacker could exploit this vulnerability by enticing a victim to open ... oval:org.secpod.oval:def:58947 An information disclosure vulnerability exists in the way that the Windows Code Integrity Module handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system.To exploit the vulnerability, an attacker would have ... oval:org.secpod.oval:def:58949 A denial of service vulnerability exists when Windows improperly handles objects in memory. An attacker who successfully exploited the vulnerability could cause a target system to stop responding.To exploit this vulnerability, an attacker would have to log on to an affected system and run a speciall ... oval:org.secpod.oval:def:58944 An elevation of privilege vulnerability exists when umpo.dll of the Power Service, improperly handles a Registry Restore Key function. An attacker who successfully exploited this vulnerability could delete a targeted registry key leading to an elevated status.To exploit this vulnerability, an attack ... oval:org.secpod.oval:def:58945 An elevation of privilege vulnerability exists when Windows Error Reporting manager improperly handles a process crash. An attacker who successfully exploited this vulnerability could delete a targeted file leading to an elevated status.To exploit this vulnerability, an attacker would first have to ... oval:org.secpod.oval:def:58957 An elevation of privilege vulnerability exists when Microsoft IIS Server fails to check the length of a buffer prior to copying memory to it.An attacker who successfully exploited this vulnerability can allow an unprivileged function ran by the user to execute code in the context of NT AUTHORITY\sy ... oval:org.secpod.oval:def:58471 A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system.An attacker could exploit this vulnerability by enticing a victim to open ... oval:org.secpod.oval:def:58472 A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system.An attacker could exploit this vulnerability by enticing a victim to open ... oval:org.secpod.oval:def:58477 A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system.An attacker could exploit this vulnerability by enticing a victim to open ... oval:org.secpod.oval:def:58478 A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system.An attacker could exploit this vulnerability by enticing a victim to open ... oval:org.secpod.oval:def:58473 An information disclosure vulnerability exists when DirectWrite improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system.There are multiple ways an attacker could exploit the vulnerabilit ... oval:org.secpod.oval:def:58474 An information disclosure vulnerability exists when DirectWrite improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system.There are multiple ways an attacker could exploit the vulnerabilit ... oval:org.secpod.oval:def:58475 A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system.An attacker could exploit this vulnerability by enticing a victim to open ... oval:org.secpod.oval:def:58476 A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system.An attacker could exploit this vulnerability by enticing a victim to open ... oval:org.secpod.oval:def:58480 An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system.There are multiple ways an attacker could exploit th ... oval:org.secpod.oval:def:58483 An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or ... oval:org.secpod.oval:def:58488 An information disclosure vulnerability exists when the Windows kernel fails to properly initialize a memory address. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system.To exploit this vulnerability, an attacker would have to log ... oval:org.secpod.oval:def:58484 An elevation of privilege exists when Winlogon does not properly handle file path information. An attacker who successfully exploited this vulnerability could run arbitrary code. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.To ex ... oval:org.secpod.oval:def:58491 A remote code execution vulnerability exists in Microsoft Windows that could allow remote code execution if a .LNK file is processed.An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rig ... oval:org.secpod.oval:def:58492 An information disclosure exists in the Windows Common Log File System (CLFS) driver when it fails to properly handle sandbox checks. An attacker who successfully exploited this vulnerability could potentially read data outside their expected limits.To exploit the vulnerability, an attacker would fi ... oval:org.secpod.oval:def:58495 An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or ... oval:org.secpod.oval:def:58496 An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system.There are multiple ways an attacker could exploit th ... oval:org.secpod.oval:def:58497 A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server. An attacker who successfully exploited this vulnerability could execute arbitrary code on the computer of the connecting client. An attacker could then install programs; view ... oval:org.secpod.oval:def:58498 A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server. An attacker who successfully exploited this vulnerability could execute arbitrary code on the computer of the connecting client. An attacker could then install programs; view ... oval:org.secpod.oval:def:59660 An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or ... oval:org.secpod.oval:def:59666 An elevation of privilege vulnerability exists when the Windows Universal Plug and Play (UPnP) service improperly allows COM object creation. An attacker who successfully exploited this vulnerability could run arbitrary code with elevated system privileges. An attacker could then install programs; v ... oval:org.secpod.oval:def:59667 A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system.An attacker could exploit this vulnerability by enticing a victim to open ... oval:org.secpod.oval:def:59661 An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or ... oval:org.secpod.oval:def:59662 An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or ... oval:org.secpod.oval:def:59659 An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or ... oval:org.secpod.oval:def:60646 An elevation of privilege vulnerability exists in the way that the Windows Search Indexer handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.To exploit the vulnerability, a locally authenticated attacker could run a specia ... oval:org.secpod.oval:def:60641 An elevation of privilege vulnerability exists when Microsoft Cryptographic Services improperly handles files. An attacker could exploit the vulnerability to overwrite or modify a protected file leading to a privilege escalation.To exploit the vulnerability, an attacker would first require execution ... oval:org.secpod.oval:def:59670 An information disclosure vulnerability exists when the Windows Remote Procedure Call (RPC) runtime improperly initializes objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system.To exploit this vulnerability, an au ... oval:org.secpod.oval:def:59671 An information disclosure vulnerability exists when DirectWrite improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system.There are multiple ways an attacker could exploit the vulnerabilit ... oval:org.secpod.oval:def:59676 An information vulnerability exists when Windows Modules Installer Service improperly discloses file information. Successful exploitation of the vulnerability could allow the attacker to read the contents of a log file on disk.To exploit the vulnerability, an attacker would have to log onto an affec ... oval:org.secpod.oval:def:59677 A remote code execution vulnerability exists in Microsoft Windows when the Windows Adobe Type Manager Library improperly handles specially crafted OpenType fonts. For all systems except Windows 10, an attacker who successfully exploited the vulnerability could execute code remotely. For systems runn ... oval:org.secpod.oval:def:59679 An elevation of privilege vulnerability exists in the way that the iphlpsvc.dll handles file creation allowing for a file overwrite. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.To exploit the vulnerability, a locally authenticated attacker co ... oval:org.secpod.oval:def:59673 An elevation of privilege vulnerability exists in Windows Installer because of the way Windows Installer handles certain filesystem operations.To exploit the vulnerability, an attacker would require unprivileged execution on the victim system. After successfully exploiting the vulnerability, an atta ... oval:org.secpod.oval:def:59669 An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or ... oval:org.secpod.oval:def:59681 A security feature bypass vulnerability exists when Windows Netlogon improperly handles a secure communications channel. An attacker who successfully exploited the vulnerability could downgrade aspects of the connection allowing for further modification of the transmission.To exploit the vulnerabili ... oval:org.secpod.oval:def:59689 An elevation of privilege vulnerability exists when the Windows Graphics Component improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context.In a local attack scenario, an attacker could exploit this vulnerability by ru ... oval:org.secpod.oval:def:59684 An elevation of privilege vulnerability exists when the Windows Graphics Component improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context.In a local attack scenario, an attacker could exploit this vulnerability by ru ... oval:org.secpod.oval:def:59686 An elevation of privilege vulnerability exists when the Windows Graphics Component improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context.In a local attack scenario, an attacker could exploit this vulnerability by ru ... oval:org.secpod.oval:def:59690 An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system.There are multiple ways an attacker could exploit th ... oval:org.secpod.oval:def:59693 An elevation of privilege vulnerability exists when the Windows User Profile Service (ProfSvc) improperly handles symlinks. An attacker who successfully exploited this vulnerability could delete files and folders in an elevated context.To exploit this vulnerability, an attacker would first have to l ... oval:org.secpod.oval:def:59694 A remote code execution vulnerability exists in Microsoft Windows when the Windows Adobe Type Manager Library improperly handles specially crafted OpenType fonts. For all systems except Windows 10, an attacker who successfully exploited the vulnerability could execute code remotely. For systems runn ... oval:org.secpod.oval:def:60629 A remote code execution vulnerability exists when the Microsoft .NET Framework fails to validate input properly. An attacker who successfully exploited this vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new ac ... oval:org.secpod.oval:def:60627 A remote code execution vulnerability exists in .NET software when the software fails to check the source markup of a file. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user ... oval:org.secpod.oval:def:60628 A remote code execution vulnerability exists in .NET software when the software fails to check the source markup of a file. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user ... oval:org.secpod.oval:def:59655 An elevation of privilege vulnerability exists in the Windows Certificate Dialog when it does not properly enforce user privileges. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could then install programs; view, change or delete da ... oval:org.secpod.oval:def:59657 A denial of service vulnerability exists when Windows improperly handles objects in memory. An attacker who successfully exploited the vulnerability could cause a target system to stop responding.To exploit this vulnerability, an attacker would have to log on to an affected system and run a speciall ... oval:org.secpod.oval:def:59651 An elevation of privilege vulnerability exists when ActiveX Installer service may allow access to files without proper authentication. An attacker who successfully exploited the vulnerability could potentially access unauthorized files.To exploit this vulnerability, an authenticated attacker could r ... oval:org.secpod.oval:def:59653 A security feature bypass vulnerability exists where a NETLOGON message is able to obtain the session key and sign messages.To exploit this vulnerability, an attacker could send a specially crafted authentication request. An attacker who successfully exploited this vulnerability could access another ... oval:org.secpod.oval:def:60638 An information disclosure vulnerability exists in the Windows Common Log File System (CLFS) driver when it fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could potentially read data that was not intended to be disclosed. Note that this vulnerabi ... oval:org.secpod.oval:def:60634 A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server. An attacker who successfully exploited this vulnerability could execute arbitrary code on the computer of the connecting client. An attacker could then install programs; view ... oval:org.secpod.oval:def:60630 An information disclosure vulnerability exists in the way that Microsoft Graphics Components handle objects in memory. An attacker who successfully exploited the vulnerability could obtain information that could be useful for further exploitation.To exploit the vulnerability, a user would have to op ... oval:org.secpod.oval:def:60631 An information disclosure vulnerability exists when the win32k component improperly provides kernel information. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system.To exploit this vulnerability, an attacker would have to log on to ... oval:org.secpod.oval:def:59866 A denial of service vulnerability exists in Remote Desktop Protocol (RDP) when an attacker connects to the target system using RDP and sends specially crafted requests. An attacker who successfully exploited this vulnerability could cause the RDP service on the target system to stop responding.To ex ... oval:org.secpod.oval:def:59876 An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system.To exploit this vulnerability, an attacker would have to log on to an ... oval:org.secpod.oval:def:59870 An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system.There are multiple ways an attacker could exploit th ... oval:org.secpod.oval:def:59871 A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; ... oval:org.secpod.oval:def:59868 An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system.There are multiple ways an attacker could exploit th ... oval:org.secpod.oval:def:59869 An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system.There are multiple ways an attacker could exploit th ... oval:org.secpod.oval:def:59883 A remote code execution vulnerability exists when Microsoft Windows OLE fails to properly validate user input. An attacker could exploit the vulnerability to execute malicious code.To exploit the vulnerability, an attacker would have to convince a user to open a specially crafted file or a program, ... oval:org.secpod.oval:def:59884 A security feature bypass vulnerability exists when Microsoft Defender improperly handles specific buffers. An attacker could exploit the vulnerability to trigger warnings and false positives when no threat is present.To exploit the vulnerability, an attacker would first require execution permission ... oval:org.secpod.oval:def:61304 A remote code execution vulnerability exists when the Windows Imaging Library improperly handles memory.To exploit this vulnerability, an attacker would first have to coerce a victim to open a specially crafted file.The security update addresses the vulnerability by correcting how the Windows Imagin ... oval:org.secpod.oval:def:61302 An information disclosure vulnerability exists when the Windows Network Driver Interface Specification (NDIS) improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to di ... oval:org.secpod.oval:def:61300 An elevation of privilege vulnerability exists when the Windows Backup Service improperly handles file operations.To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges.The s ... oval:org.secpod.oval:def:60649 An elevation of privilege vulnerability exists in the way that the Windows Search Indexer handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.To exploit the vulnerability, a locally authenticated attacker could run a specia ... oval:org.secpod.oval:def:60647 An elevation of privilege vulnerability exists in the way that the Windows Search Indexer handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.To exploit the vulnerability, a locally authenticated attacker could run a specia ... oval:org.secpod.oval:def:60648 An elevation of privilege vulnerability exists in the way that the Windows Search Indexer handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.To exploit the vulnerability, a locally authenticated attacker could run a specia ... oval:org.secpod.oval:def:60656 An elevation of privilege vulnerability exists in Microsoft Windows when Windows fails to properly handle certain symbolic links. An attacker who successfully exploited this vulnerability could potentially set certain items to run at a higher level and thereby elevate permissions.To exploit this vul ... oval:org.secpod.oval:def:60655 An elevation of privilege vulnerability exists when the Windows Common Log File System (CLFS) driver improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context.To exploit the vulnerability, an attacker would first have t ... oval:org.secpod.oval:def:60652 An elevation of privilege vulnerability exists in the way that the Windows Search Indexer handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.To exploit the vulnerability, a locally authenticated attacker could run a specia ... oval:org.secpod.oval:def:60653 An elevation of privilege vulnerability exists in the way that the Windows Search Indexer handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.To exploit the vulnerability, a locally authenticated attacker could run a specia ... oval:org.secpod.oval:def:60650 An elevation of privilege vulnerability exists in the way that the Windows Search Indexer handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.To exploit the vulnerability, a locally authenticated attacker could run a specia ... oval:org.secpod.oval:def:60651 An elevation of privilege vulnerability exists in the way that the Windows Search Indexer handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.To exploit the vulnerability, a locally authenticated attacker could run a specia ... oval:org.secpod.oval:def:60663 An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface Plus (GDI+) handles objects in memory, allowing an attacker to retrieve information from a targeted system. By itself, the information disclosure does not allow arbitrary code execution; however, it ... oval:org.secpod.oval:def:60662 An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or ... oval:org.secpod.oval:def:60660 An information disclosure vulnerability exists in the Windows Common Log File System (CLFS) driver when it fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could potentially read data that was not intended to be disclosed. Note that this vulnerabi ... oval:org.secpod.oval:def:61298 An elevation of privilege vulnerability exists in the Windows Installer when MSI packages process symbolic links. An attacker who successfully exploited this vulnerability could bypass access restrictions to add or remove files.To exploit this vulnerability, an attacker would first have to log on t ... oval:org.secpod.oval:def:61297 An elevation of privilege vulnerability exists in the Windows Installer when MSI packages process symbolic links. An attacker who successfully exploited this vulnerability could bypass access restrictions to add or remove files.To exploit this vulnerability, an attacker would first have to log on t ... oval:org.secpod.oval:def:61253 An elevation of privilege vulnerability exists when the Windows Graphics Component improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context.In a local attack scenario, an attacker could exploit this vulnerability by ru ... oval:org.secpod.oval:def:61285 An information disclosure vulnerability exists in the Windows Common Log File System (CLFS) driver when it fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could potentially read data that was not intended to be disclosed. Note that this vulnerabi ... oval:org.secpod.oval:def:61284 An elevation of privilege vulnerability exists when the Windows Common Log File System (CLFS) driver improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context.To exploit the vulnerability, an attacker would first have t ... oval:org.secpod.oval:def:61283 A remote code execution vulnerability exists in Remote Desktop Services formerly known as Terminal Services when an authenticated attacker abuses clipboard redirection. An attacker who successfully exploited this vulnerability could execute arbitrary code on the victim system. An attacker could th ... oval:org.secpod.oval:def:61296 An elevation of privilege vulnerability exists in the way that the Windows Function Discovery Service handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.To exploit the vulnerability, a locally authenticated attacker could ... oval:org.secpod.oval:def:61295 An elevation of privilege vulnerability exists in the way that the Windows Function Discovery Service handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.To exploit the vulnerability, a locally authenticated attacker could ... oval:org.secpod.oval:def:61293 An elevation of privilege vulnerability exists when Windows Error Reporting manager improperly handles hard links. An attacker who successfully exploited this vulnerability could overwrite a targeted file leading to an elevated status.To exploit this vulnerability, an attacker would first have to lo ... oval:org.secpod.oval:def:61292 An information disclosure vulnerability exists in the Cryptography Next Generation (CNG) service when it fails to properly handle objects in memory.To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application.The security update addres ... oval:org.secpod.oval:def:61291 An information disclosure vulnerability exists in the Cryptography Next Generation (CNG) service when it fails to properly handle objects in memory.To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application.The security update addres ... oval:org.secpod.oval:def:61290 An information disclosure vulnerability exists in the Cryptography Next Generation (CNG) service when it fails to properly handle objects in memory.To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application.The security update addres ... oval:org.secpod.oval:def:61289 An elevation of privilege vulnerability exists in the way that the Windows Search Indexer handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.To exploit the vulnerability, a locally authenticated attacker could run a specia ... oval:org.secpod.oval:def:61288 An elevation of privilege vulnerability exists in the way that the Windows Search Indexer handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.To exploit the vulnerability, a locally authenticated attacker could run a specia ... oval:org.secpod.oval:def:61287 An elevation of privilege vulnerability exists in Active Directory Forest trusts due to a default setting that lets an attacker in the trusting forest request delegation of a TGT for an identity from the trusted forest. To exploit this vulnerability, an attacker would first need to compromise an Act ... oval:org.secpod.oval:def:61229 An elevation of privilege vulnerability exists in the way that the Windows Kernel handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.To exploit the vulnerability, a locally authenticated attacker could run a specially craf ... oval:org.secpod.oval:def:61226 A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server. An attacker who successfully exploited this vulnerability could execute arbitrary code on the computer of the connecting client. An attacker could then install programs; view ... oval:org.secpod.oval:def:61225 A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server. An attacker who successfully exploited this vulnerability could execute arbitrary code on the computer of the connecting client. An attacker could then install programs; view ... oval:org.secpod.oval:def:61241 An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or ... oval:org.secpod.oval:def:61238 An elevation of privilege vulnerability exists when the Windows Graphics Component improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context.In a local attack scenario, an attacker could exploit this vulnerability by ru ... oval:org.secpod.oval:def:61236 An information disclosure vulnerability exists when the Telephony Service improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise a users system.To exploit this vulnerability, an attacker would have to l ... oval:org.secpod.oval:def:61235 An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delet ... oval:org.secpod.oval:def:61251 An elevation of privilege vulnerability exists in the way that the tapisrv.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.To exploit the vulnerability, a locally authenticated attacker could run a specially crafted ... oval:org.secpod.oval:def:61250 An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or ... oval:org.secpod.oval:def:61248 An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or ... oval:org.secpod.oval:def:61247 An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or ... oval:org.secpod.oval:def:61246 An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or ... oval:org.secpod.oval:def:61245 An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or ... oval:org.secpod.oval:def:61244 An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or ... oval:org.secpod.oval:def:61243 An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or ... oval:org.secpod.oval:def:61242 An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or ... oval:org.secpod.oval:def:61308 An elevation of privilege vulnerability exists when the Windows User Profile Service (ProfSvc) improperly handles symlinks. An attacker who successfully exploited this vulnerability could delete files and folders in an elevated context.To exploit this vulnerability, an attacker would first have to l ... oval:org.secpod.oval:def:61307 A remote code execution vulnerability exists in Microsoft Windows that could allow remote code execution if a .LNK file is processed.An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rig ... oval:org.secpod.oval:def:61317 An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory, allowing an attacker to retrieve information from a targeted system. By itself, the information disclosure does not allow arbitrary code execution; however, it could ... oval:org.secpod.oval:def:61312 A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory. An attacker who successfully exploited the vulnerability could install programs; view, change, or delete data; or create new accounts with full user rights.There are multiple ways an attacker ... oval:org.secpod.oval:def:61310 An elevation of privilege vulnerability exists in the way that the Windows Search Indexer handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.To exploit the vulnerability, a locally authenticated attacker could run a specia ... oval:org.secpod.oval:def:61328 An information disclosure vulnerability exists in the Cryptography Next Generation (CNG) service when it fails to properly handle objects in memory.To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application.The security update addres ... oval:org.secpod.oval:def:61327 An information disclosure vulnerability exists in the Cryptography Next Generation (CNG) service when it fails to properly handle objects in memory.To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application.The security update addres ... oval:org.secpod.oval:def:61326 An elevation of privilege vulnerability exists in Windows Error Reporting (WER) when WER handles and executes files. The vulnerability could allow elevation of privilege if an attacker can successfully exploit it.An attacker who successfully exploited the vulnerability could gain greater access to s ... oval:org.secpod.oval:def:61325 An elevation of privilege vulnerability exists in Windows Error Reporting (WER) when WER handles and executes files. The vulnerability could allow elevation of privilege if an attacker can successfully exploit it.An attacker who successfully exploited the vulnerability could gain greater access to s ... oval:org.secpod.oval:def:61324 An elevation of privilege vulnerability exists in the way that the Windows Search Indexer handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.To exploit the vulnerability, a locally authenticated attacker could run a specia ... oval:org.secpod.oval:def:61320 An information disclosure vulnerability exists in the Cryptography Next Generation (CNG) service when it fails to properly handle objects in memory.To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application.The security update addres ... oval:org.secpod.oval:def:61859 An elevation of privilege vulnerability exists in Windows Error Reporting (WER) when WER handles and executes files. The vulnerability could allow elevation of privilege if an attacker can successfully exploit it.An attacker who successfully exploited the vulnerability could gain greater access to s ... oval:org.secpod.oval:def:61858 An elevation of privilege vulnerability exists in the way that the Windows Network Connections Service handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.To exploit the vulnerability, a locally authenticated attacker could ... oval:org.secpod.oval:def:61857 An elevation of privilege vulnerability exists in the way that the Windows Network Connections Service handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.To exploit the vulnerability, a locally authenticated attacker could ... oval:org.secpod.oval:def:61856 An elevation of privilege vulnerability exists in the way that the Windows Network Connections Service handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.To exploit the vulnerability, a locally authenticated attacker could ... oval:org.secpod.oval:def:61851 An elevation of privilege vulnerability exists when the Windows Graphics Component improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context.In a local attack scenario, an attacker could exploit this vulnerability by ru ... oval:org.secpod.oval:def:61850 An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or ... oval:org.secpod.oval:def:61868 An elevation of privilege vulnerability exists in the way that the Windows Network Connections Service handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.To exploit the vulnerability, a locally authenticated attacker could ... oval:org.secpod.oval:def:61867 An elevation of privilege vulnerability exists when Connected User Experiences and Telemetry Service improperly handles file operations. An attacker who successfully exploited this vulnerability could run processes in an elevated context.An attacker could exploit this vulnerability by running a spec ... oval:org.secpod.oval:def:61866 An elevation of privilege vulnerability exists in Windows Installer because of the way Windows Installer handles certain filesystem operations.To exploit the vulnerability, an attacker would require unprivileged execution on the victim system. After successfully exploiting the vulnerability, an atta ... oval:org.secpod.oval:def:61865 An elevation of privilege vulnerability exists in Windows Installer because of the way Windows Installer handles certain filesystem operations.To exploit the vulnerability, an attacker would require unprivileged execution on the victim system. After successfully exploiting the vulnerability, an atta ... oval:org.secpod.oval:def:61863 An elevation of privilege vulnerability exists in Windows Installer because of the way Windows Installer handles certain filesystem operations.To exploit the vulnerability, an attacker would require unprivileged execution on the victim system. After successfully exploiting the vulnerability, an atta ... oval:org.secpod.oval:def:61879 An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or ... oval:org.secpod.oval:def:61878 A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delet ... oval:org.secpod.oval:def:61877 An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system.There are multiple ways an attacker could exploit th ... oval:org.secpod.oval:def:61876 A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delet ... oval:org.secpod.oval:def:61875 An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system.There are multiple ways an attacker could exploit th ... oval:org.secpod.oval:def:61874 An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory, allowing an attacker to retrieve information from a targeted system. By itself, the information disclosure does not allow arbitrary code execution; however, it could ... oval:org.secpod.oval:def:61873 An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or ... oval:org.secpod.oval:def:61888 An elevation of privilege vulnerability exists when the Windows ActiveX Installer Service improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges.The ... oval:org.secpod.oval:def:61887 An elevation of privilege vulnerability exists when the Windows CSC Service improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges.The security upda ... oval:org.secpod.oval:def:61883 A remote code execution vulnerability exists in Microsoft Windows that could allow remote code execution if a .LNK file is processed.An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rig ... oval:org.secpod.oval:def:61882 A tampering vulnerability exists when Microsoft IIS Server improperly handles malformed request headers. An attacker who successfully exploited the vulnerability could cause a vulnerable server to improperly process HTTP headers and tamper with the responses returned to clients.To exploit the vulner ... oval:org.secpod.oval:def:61849 An elevation of privilege vulnerability exists in the Windows Installer when MSI packages process symbolic links. An attacker who successfully exploited this vulnerability could bypass access restrictions to add or remove files.To exploit this vulnerability, an attacker would first have to log on t ... oval:org.secpod.oval:def:61848 An elevation of privilege vulnerability exists in the way that the Windows Network Connections Service handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.To exploit the vulnerability, a locally authenticated attacker could ... oval:org.secpod.oval:def:61846 An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system.There are multiple ways an attacker could exploit th ... oval:org.secpod.oval:def:61845 An elevation of privilege vulnerability exists when Windows Error Reporting improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges.The security upda ... oval:org.secpod.oval:def:62160 Microsoft is aware of limited targeted attacks that could leverage un-patched vulnerabilities in the Adobe Type Manager Library, and is providing the following guidance to help reduce customer risk until the security update is released. Two remote code execution vulnerabilities exist in Microsoft Wi ... oval:org.secpod.oval:def:61890 An elevation of privilege vulnerability exists when the Windows ActiveX Installer Service improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges.The ... oval:org.secpod.oval:def:61889 An elevation of privilege vulnerability exists when the Windows CSC Service improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges.The security upda ... oval:org.secpod.oval:def:61898 An elevation of privilege vulnerability exists when the Windows Background Intelligent Transfer Service (BITS) improperly handles symbolic links. An attacker who successfully exploited this vulnerability could overwrite a targeted file leading to an elevated status.To exploit this vulnerability, an ... oval:org.secpod.oval:def:61896 An elevation of privilege vulnerability exists when the Windows User Profile Service (ProfSvc) improperly handles symlinks. An attacker who successfully exploited this vulnerability could delete files and folders in an elevated context.To exploit this vulnerability, an attacker would first have to l ... oval:org.secpod.oval:def:61895 An elevation of privilege vulnerability exists when the Windows Universal Plug and Play (UPnP) service improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code with elevated system privileges. An attacker could then install programs; vi ... oval:org.secpod.oval:def:61894 An elevation of privilege vulnerability exists when the Windows Universal Plug and Play (UPnP) service improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code with elevated system privileges. An attacker could then install programs; vi ... oval:org.secpod.oval:def:61908 An information disclosure vulnerability exists in Windows when the Windows Imaging Component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user's system.There are multiple ways an attacker coul ... oval:org.secpod.oval:def:61907 An elevation of privilege vulnerability exists when Windows improperly handles hard links. An attacker who successfully exploited this vulnerability could overwrite a targeted file leading to an elevated status.To exploit this vulnerability, an attacker would first have to log on to the system. An a ... oval:org.secpod.oval:def:61903 An elevation of privilege vulnerability exists when the Windows Language Pack Installer improperly handles file operations. An attacker who successfully exploited this vulnerability could run processes in an elevated context.An attacker could exploit this vulnerability by running a specially crafted ... oval:org.secpod.oval:def:61919 An information disclosure vulnerability exists when Windows Network Connections Service fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could potentially disclose memory contents of an elevated process.To exploit this vulnerability, an authenticat ... oval:org.secpod.oval:def:61912 An elevation of privilege vulnerability exists when the Windows ActiveX Installer Service improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges.The ... oval:org.secpod.oval:def:61920 An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise a users system.There are multiple ways an attacker could exploit the ... oval:org.secpod.oval:def:62473 A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system.An attacker could exploit this vulnerability by enticing a victim to open ... oval:org.secpod.oval:def:62472 A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system.An attacker could exploit this vulnerability by enticing a victim to open ... oval:org.secpod.oval:def:62471 An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delet ... oval:org.secpod.oval:def:62470 An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delet ... oval:org.secpod.oval:def:62469 An information disclosure vulnerability exists when certain central processing units (CPU) speculatively access memory. An attacker who successfully exploited the vulnerability could read privileged data across trust boundaries.To exploit this vulnerability, an attacker would have to log on to an af ... oval:org.secpod.oval:def:62468 A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system.An attacker could exploit this vulnerability by enticing a victim to open ... oval:org.secpod.oval:def:62463 A remoted code execution vulnerability exists in the way that Microsoft Windows Codecs Library handles objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary code.Exploitation of the vulnerability requires that a program process a specially crafted image ... oval:org.secpod.oval:def:62484 An information disclosure vulnerability exists when the Microsoft Windows Graphics Component improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system.To exploit this vulnerability, an attacker would ... oval:org.secpod.oval:def:62483 An elevation of privilege vulnerability exists when the Windows Graphics Component improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context.In a local attack scenario, an attacker could exploit this vulnerability by ru ... oval:org.secpod.oval:def:62481 An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new a ... oval:org.secpod.oval:def:62480 A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system.An attacker could exploit this vulnerability by enticing a victim to open ... oval:org.secpod.oval:def:62479 A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system.An attacker could exploit this vulnerability by enticing a victim to open ... oval:org.secpod.oval:def:62478 A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system.An attacker could exploit this vulnerability by enticing a victim to open ... oval:org.secpod.oval:def:62477 A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system.An attacker could exploit this vulnerability by enticing a victim to open ... oval:org.secpod.oval:def:62476 A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system.An attacker could exploit this vulnerability by enticing a victim to open ... oval:org.secpod.oval:def:62475 An information disclosure vulnerability exists when the Microsoft Windows Graphics Component improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system.To exploit this vulnerability, an attacker would ... oval:org.secpod.oval:def:62474 An information disclosure vulnerability exists when the Microsoft Windows Graphics Component improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system.To exploit this vulnerability, an attacker would ... oval:org.secpod.oval:def:62487 An elevation of privilege vulnerability exists in the way that the Windows Kernel handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.To exploit the vulnerability, a locally authenticated attacker could run a specially craf ... oval:org.secpod.oval:def:62486 A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system.An attacker could exploit this vulnerability by enticing a victim to open ... oval:org.secpod.oval:def:62485 An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system.To exploit this vulnerability, an attacker would have to log on to an ... oval:org.secpod.oval:def:62461 An information disclosure vulnerability exists when Media Foundation improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system.To exploit this vulnerability, an attacker would have to log onto an af ... oval:org.secpod.oval:def:62457 A remote code execution vulnerability exists in the way that Microsoft Graphics Components handle objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary code on a target system.To exploit the vulnerability, a user would have to open a specially crafted fi ... oval:org.secpod.oval:def:62456 A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system.An attacker could exploit this vulnerability by enticing a victim to open ... oval:org.secpod.oval:def:62455 An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system.To exploit this vulnerability, an attacker would have to log on to an ... oval:org.secpod.oval:def:62518 A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploited the vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; o ... oval:org.secpod.oval:def:63123 An elevation of privilege vulnerability exists in Windows Block Level Backup Engine Service (wbengine) that allows file deletion in arbitrary locations.To exploit the vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that ... oval:org.secpod.oval:def:63126 A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system.An attacker could exploit this vulnerability by enticing a victim to open ... oval:org.secpod.oval:def:63127 An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delet ... oval:org.secpod.oval:def:63128 A remote code execution vulnerability exists in the way that Windows handles objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary code with elevated permissions on a target system.To exploit the vulnerability, an attacker who has a domain user account c ... oval:org.secpod.oval:def:63130 An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system.To exploit this vulnerability, an attacker would have to log on to an ... oval:org.secpod.oval:def:63119 A denial of service vulnerability exists when .NET Core or .NET Framework improperly handles web requests. An attacker who successfully exploited this vulnerability could cause a denial of service against a .NET Core or .NET Framework web application. The vulnerability can be exploited remotely, wit ... oval:org.secpod.oval:def:63122 An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system.There are multiple ways an attacker could exploit th ... oval:org.secpod.oval:def:63145 An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new a ... oval:org.secpod.oval:def:63134 An elevation of privilege vulnerability exists in Windows Installer because of the way Windows Installer handles certain filesystem operations.To exploit the vulnerability, an attacker would require unprivileged execution on the victim system. After successfully exploiting the vulnerability, an atta ... oval:org.secpod.oval:def:63136 An elevation of privilege vulnerability exists when the Windows Printer Service improperly validates file paths while loading printer drivers. An authenticated attacker who successfully exploited this vulnerability could run arbitrary code with elevated system privileges.To exploit this vulnerabilit ... oval:org.secpod.oval:def:62548 A remote code execution vulnerability exists in Microsoft Windows when the Windows Adobe Type Manager Library improperly handles a specially-crafted multi-master font - Adobe Type 1 PostScript format.For all systems except Windows 10, an attacker who successfully exploited the vulnerability could ex ... oval:org.secpod.oval:def:62545 An elevation of privilege vulnerability exists in the way that the User-Mode Power Service (UMPS) handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.To exploit the vulnerability, a locally authenticated attacker could run ... oval:org.secpod.oval:def:62544 An elevation of privilege vulnerability exists in the Microsoft Windows Update Client when it does not properly handle privileges. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could then install programs; view, change or delete dat ... oval:org.secpod.oval:def:62543 An elevation of privilege vulnerability exists when the Windows System Assessment Tool improperly handles file operations. An attacker who successfully exploited this vulnerability could run processes in an elevated context.An attacker could exploit this vulnerability by running a specially crafted ... oval:org.secpod.oval:def:62542 An elevation of privilege vulnerability exists in the way that the Microsoft Store Install Service handles file operations in protected locations. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.To exploit the vulnerability, a locally authenticat ... oval:org.secpod.oval:def:62528 A remote code execution vulnerability exists in Microsoft Windows when the Windows Adobe Type Manager Library improperly handles a specially-crafted multi-master font - Adobe Type 1 PostScript format.For all systems except Windows 10, an attacker who successfully exploited the vulnerability could ex ... oval:org.secpod.oval:def:62538 A denial of service vulnerability exists in Windows DNS when it fails to properly handle queries. An attacker who successfully exploited this vulnerability could cause the DNS service to become nonresponsive.To exploit the vulnerability, an authenticated attacker could send malicious DNS queries to ... oval:org.secpod.oval:def:62534 A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delet ... oval:org.secpod.oval:def:62533 An information disclosure vulnerability exists when the win32k component improperly provides kernel information. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system.To exploit this vulnerability, an attacker would have to log on to ... oval:org.secpod.oval:def:62532 An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system.There are multiple ways an attacker could exploit th ... oval:org.secpod.oval:def:63099 A security feature bypass vulnerability exists in Microsoft Windows when the Task Scheduler service fails to properly verify client connections over RPC. An attacker who successfully exploited this vulnerability could run arbitrary code as an administrator. An attacker could then install programs; v ... oval:org.secpod.oval:def:63098 An elevation of privilege vulnerability exists when the Windows Background Intelligent Transfer Service (BITS) IIS module improperly handles uploaded content. An attacker who successfully exploited this vulnerability could upload restricted file types to an IIS-hosted folder.To exploit this vulnerab ... oval:org.secpod.oval:def:63096 An elevation of privilege vulnerability exists when Windows improperly handles errors tied to Remote Access Common Dialog. An attacker who successfully exploited the vulnerability could run arbitrary code with elevated privileges.To exploit this vulnerability an attacker would need to physically acc ... oval:org.secpod.oval:def:63095 An elevation of privilege vulnerability exists when the Windows Print Spooler service improperly allows arbitrary writing to the file system. An attacker who successfully exploited this vulnerability could run arbitrary code with elevated system privileges. An attacker could then install programs; v ... oval:org.secpod.oval:def:63094 A remote code execution vulnerability exists in the way that the Microsoft Script Runtime handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulne ... oval:org.secpod.oval:def:63092 An elevation of privilege vulnerability exists when the Windows Print Spooler service improperly allows arbitrary writing to the file system. An attacker who successfully exploited this vulnerability could run arbitrary code with elevated system privileges. An attacker could then install programs; v ... oval:org.secpod.oval:def:63146 An information disclosure vulnerability exists when the Windows Client Server Run-Time Subsystem (CSRSS) fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system.To exploit this vulnerability, ... oval:org.secpod.oval:def:63169 A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system.An attacker could exploit this vulnerability by enticing a victim to open ... oval:org.secpod.oval:def:63170 A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system.An attacker could exploit this vulnerability by enticing a victim to open ... oval:org.secpod.oval:def:63171 A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system.An attacker could exploit this vulnerability by enticing a victim to open ... oval:org.secpod.oval:def:63172 An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system.There are multiple ways an attacker could exploit th ... oval:org.secpod.oval:def:63157 An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory, allowing an attacker to retrieve information from a targeted system. By itself, the information disclosure does not allow arbitrary code execution; however, it could ... oval:org.secpod.oval:def:63158 An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delet ... oval:org.secpod.oval:def:63162 A remote code execution vulnerability exists in the way that Microsoft Graphics Components handle objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary code on a target system.To exploit the vulnerability, a user would have to open a specially crafted fi ... oval:org.secpod.oval:def:63163 An elevation of privilege vulnerability exists when the Windows Common Log File System (CLFS) driver improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context.To exploit the vulnerability, an attacker would first have t ... oval:org.secpod.oval:def:63686 A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory. An attacker who successfully exploited the vulnerability could install programs; view, change, or delete data; or create new accounts with full user rights.There are multiple ways an attacker ... oval:org.secpod.oval:def:63687 An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delet ... oval:org.secpod.oval:def:63688 An elevation of privilege vulnerability exists when Windows Modules Installer Service improperly handles class object members.A locally authenticated attacker could run arbitrary code with elevated system privileges. An attacker could then install programs; view, change, or delete data; or create ne ... oval:org.secpod.oval:def:63693 An information disclosure vulnerability exists in the way Windows Error Reporting (WER) handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system.To exploit the vulnerability, an attacker would have to log on ... oval:org.secpod.oval:def:63675 An information disclosure vulnerability exists when the Microsoft Windows Graphics Component improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system.To exploit this vulnerability, an attacker would ... oval:org.secpod.oval:def:63676 A denial of service vulnerability exists when Windows Registry improperly handles filesystem operations. An attacker who successfully exploited the vulnerability could cause a denial of service against a system.To exploit the vulnerability, an attacker who has access to the system could run a specia ... oval:org.secpod.oval:def:63677 An elevation of privilege vulnerability exists in the way that the printconfig.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.To exploit the vulnerability, a locally authenticated attacker could run a specially cra ... oval:org.secpod.oval:def:63672 An elevation of privilege vulnerability exists in the way that the Windows WalletService handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.To exploit the vulnerability, a locally authenticated attacker could run a special ... oval:org.secpod.oval:def:63702 An elevation of privilege vulnerability exists when Component Object Model (COM) client uses special case IIDs. An attacker who successfully exploited this vulnerability could run arbitrary code with elevated system privileges.An attacker could then install programs; view, change, or delete data; or ... oval:org.secpod.oval:def:63703 An elevation of privilege vulnerability exists in Windows Text Service Framework (TSF) when the TSF server fails to properly handle messages sent from TSF clients. An attacker who successfully exploited this vulnerability could run arbitrary code in a privileged process. An attacker could then insta ... oval:org.secpod.oval:def:63704 An elevation of privilege vulnerability exists when Group Policy improperly checks access. An attacker who successfully exploited this vulnerability could run processes in an elevated context.To exploit the vulnerability, an attacker would first have to log on to the system, and then run a specially ... oval:org.secpod.oval:def:63721 A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system.An attacker could exploit this vulnerability by enticing a victim to open ... oval:org.secpod.oval:def:63712 An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delet ... oval:org.secpod.oval:def:63713 A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system.An attacker could exploit this vulnerability by enticing a victim to open ... oval:org.secpod.oval:def:63716 An elevation of privilege vulnerability exists when an OLE Automation component improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges.The security ... oval:org.secpod.oval:def:64214 A remote code execution vulnerability exists in .NET Framework, Microsoft SharePoint, and Visual Studio when the software fails to check the source markup of XML file input. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the process responsible fo ... oval:org.secpod.oval:def:64221 An elevation of privilege vulnerability exists when Group Policy Services Policy Processing improperly handle reparse points. An attacker who successfully exploited this vulnerability could overwrite a targeted file that would normally require elevated permissions.To exploit the vulnerability, an at ... oval:org.secpod.oval:def:64235 An elevation of privilege vulnerability exists when the Windows Event Logging Service improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges.The sec ... oval:org.secpod.oval:def:64236 An elevation of privilege vulnerability exists when the Windows Cryptography Next Generation (CNG) Key Isolation service improperly handles memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context.To exploit this vulnerability, an attacker would fi ... oval:org.secpod.oval:def:64240 A remote code execution vulnerability exists when Windows Address Book (WAB) improperly processes vcard files.To exploit the vulnerability, an attacker could send a malicious vcard that a victim opens using Windows Address Book (WAB). After successfully exploiting the vulnerability, an attacker coul ... oval:org.secpod.oval:def:64241 An elevation of privilege vulnerability exists when the Windows Modules Installer improperly handles file operations. An attacker who successfully exploited this vulnerability could gain elevated privileges. To exploit the vulnerability, an attacker would first need code execution on a victim system ... oval:org.secpod.oval:def:64243 An elevation of privilege vulnerability exists when the Windows UPnP Device Host improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges.The security ... oval:org.secpod.oval:def:64224 An elevation of privilege vulnerability exists when the Windows UPnP Device Host improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges.The security ... oval:org.secpod.oval:def:64229 An elevation of privilege vulnerability exists when the Windows Cryptography Next Generation (CNG) Key Isolation service improperly handles memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context.To exploit this vulnerability, an attacker would fi ... oval:org.secpod.oval:def:64230 An elevation of privilege vulnerability exists when the Windows Profile Service improperly handles file operations. An attacker who successfully exploited this vulnerability could gain elevated privileges.To exploit the vulnerability, an attacker would first need code execution on a victim system. A ... oval:org.secpod.oval:def:64232 An elevation of privilege vulnerability exists when the Windows Event Logging Service improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges.The sec ... oval:org.secpod.oval:def:63764 An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system.There are multiple ways an attacker could exploit th ... oval:org.secpod.oval:def:63750 A remote code execution vulnerability exists in Microsoft Windows that could allow remote code execution if a .LNK file is processed.An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rig ... oval:org.secpod.oval:def:63751 A remote code execution vulnerability exists when Microsoft Windows fails to properly handle cabinet files.To exploit the vulnerability, an attacker would have to convince a user to either open a specially crafted cabinet file or spoof a network printer and trick a user into installing a malicious c ... oval:org.secpod.oval:def:63752 A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 1.0 (SMBv1) server handles certain requests. An attacker who successfully exploited the vulnerability could gain the ability to execute code on the target server.To exploit the vulnerability, in most situ ... oval:org.secpod.oval:def:63753 An elevation of privilege vulnerability exists in Windows Installer because of the way Windows Installer handles certain filesystem operations.To exploit the vulnerability, an attacker would require unprivileged execution on the victim system. After successfully exploiting the vulnerability, an atta ... oval:org.secpod.oval:def:63725 An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new a ... oval:org.secpod.oval:def:63726 An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delet ... oval:org.secpod.oval:def:63728 An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delet ... oval:org.secpod.oval:def:63729 An elevation of privilege vulnerability exists when the Windows Background Intelligent Transfer Service (BITS) IIS module improperly handles uploaded content. An attacker who successfully exploited this vulnerability could upload restricted file types to an IIS-hosted folder.To exploit this vulnerab ... oval:org.secpod.oval:def:63743 A remote code execution vulnerability exists when Microsoft Windows OLE fails to properly validate user input. An attacker could exploit the vulnerability to execute malicious code.To exploit the vulnerability, an attacker would have to convince a user to open either a specially crafted file or a pr ... oval:org.secpod.oval:def:63749 An elevation of privilege vulnerability exists in the way that the Windows Network Connections Service handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.To exploit the vulnerability, a locally authenticated attacker could ... oval:org.secpod.oval:def:63730 An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new a ... oval:org.secpod.oval:def:63735 An elevation of privilege vulnerability exists in the way that the wlansvc.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.To exploit the vulnerability, a locally authenticated attacker could run a specially crafted ... oval:org.secpod.oval:def:63736 An elevation of privilege vulnerability exists when the Windows Backup Service improperly handles file operations.To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges.The s ... oval:org.secpod.oval:def:63737 An elevation of privilege vulnerability exists in the Windows Installer when the Windows Installer fails to properly sanitize input leading to an insecure library loading behavior.A locally authenticated attacker could run arbitrary code with elevated system privileges. An attacker could then instal ... oval:org.secpod.oval:def:64263 An elevation of privilege vulnerability exists in the way that the Windows Function Discovery Service handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.To exploit the vulnerability, a locally authenticated attacker could ... oval:org.secpod.oval:def:64265 This security update corrects a denial of service in the Local Security Authority Subsystem Service (LSASS) caused when an authenticated attacker sends a specially crafted authentication request. A remote attacker who successfully exploited this vulnerability could cause a denial of service on the t ... oval:org.secpod.oval:def:64266 An information disclosure vulnerability exists when the Windows Graphics component improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system.An authenticated attacker could exploit this vulnerabilit ... oval:org.secpod.oval:def:64246 A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted fonts.For all systems except Windows 10, an attacker who successfully exploited the vulnerability could execute code remotely. For systems running Windows 10, an attacker who successfully ... oval:org.secpod.oval:def:64247 An elevation of privilege vulnerability exists in the way that the Windows Network Location Awareness Service handles objects in memory. An attacker who successfully exploited the vulnerability could allow an application with limited privileges on an affected system to execute code at a medium integ ... oval:org.secpod.oval:def:64289 An elevation of privilege vulnerability exists when the Windows ActiveX Installer Service improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges.The ... oval:org.secpod.oval:def:64292 A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system.An attacker could exploit this vulnerability by enticing a victim to open ... oval:org.secpod.oval:def:64293 A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploited the vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; o ... oval:org.secpod.oval:def:64294 A remote code execution vulnerability exists in the way that DirectWrite handles objects in memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with ... oval:org.secpod.oval:def:64296 A remote code execution vulnerability exists in the way that Microsoft Graphics Components handle objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary code on a target system.To exploit the vulnerability, a user would have to open a specially crafted fi ... oval:org.secpod.oval:def:64279 An information disclosure vulnerability exists when the Windows kernel fails to properly initialize a memory address. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system.To exploit this vulnerability, an attacker would have to log ... oval:org.secpod.oval:def:64280 An elevation of privilege vulnerability exists in the way that the Windows Network Connections Service handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.To exploit the vulnerability, a locally authenticated attacker could ... oval:org.secpod.oval:def:64283 An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (ALPC).An attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the local system. An attacker could then install programs; view, ... oval:org.secpod.oval:def:64284 An information disclosure vulnerability exists in Windows when the Windows Imaging Component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user's system.There are multiple ways an attacker coul ... oval:org.secpod.oval:def:64287 A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system.An attacker could exploit this vulnerability by enticing a victim to open ... oval:org.secpod.oval:def:64288 A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system.An attacker could exploit this vulnerability by enticing a victim to open ... oval:org.secpod.oval:def:64271 An elevation of privilege vulnerability exists in the way that the Windows Network Connections Service handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.To exploit the vulnerability, a locally authenticated attacker could ... oval:org.secpod.oval:def:64272 A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server. An attacker who successfully exploited this vulnerability could execute arbitrary code on the computer of the connecting client. An attacker could then install programs; view ... oval:org.secpod.oval:def:64311 An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system.There are multiple ways an attacker could exploit th ... oval:org.secpod.oval:def:64321 A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delet ... oval:org.secpod.oval:def:64300 An information disclosure vulnerability exists when the Windows kernel fails to properly initialize a memory address. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system.To exploit this vulnerability, an attacker would have to log ... oval:org.secpod.oval:def:64302 A remote code execution vulnerability exists in Microsoft Windows that could allow remote code execution if a .LNK file is processed.An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rig ... oval:org.secpod.oval:def:64307 An elevation of privilege vulnerability exists in the way that the Windows Network Connections Service handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.To exploit the vulnerability, a locally authenticated attacker could ... oval:org.secpod.oval:def:64308 An elevation of privilege vulnerability exists in the way that the Windows Network Connections Service handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.To exploit the vulnerability, a locally authenticated attacker could ... oval:org.secpod.oval:def:64310 An elevation of privilege vulnerability exists in the way that the Windows Network Connections Service handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.To exploit the vulnerability, a locally authenticated attacker could ... oval:org.secpod.oval:def:66062 An elevation of privilege vulnerability exists when the Windows Event System improperly handles objects in memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges.The s ... oval:org.secpod.oval:def:66055 An information disclosure vulnerability exists when the Windows KernelStream improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system.To exploit this vulnerability, an attacker would have to log on ... oval:org.secpod.oval:def:66059 An information disclosure vulnerability exists when NetBIOS over TCP (NBT) Extensions (NetBT) improperly handle objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system.To exploit this vulnerability, an attacker woul ... oval:org.secpod.oval:def:66879 Win32k Elevation of Privilege Vulnerability oval:org.secpod.oval:def:66882 Windows Remote Access Elevation of Privilege Vulnerability oval:org.secpod.oval:def:66881 Windows Remote Access Elevation of Privilege Vulnerability oval:org.secpod.oval:def:66883 Windows KernelStream Information Disclosure Vulnerability. The type of information that could be disclosed if an attacker successfully exploited this vulnerability is memory layout - the vulnerability allows an attacker to collect information that facilitates predicting addressing of the memory. oval:org.secpod.oval:def:66864 Windows Graphics Component Information Disclosure Vulnerability. The type of information that could be disclosed if an attacker successfully exploited this vulnerability is the contents of Kernel memory. An attacker could read the contents of Kernel memory from a user mode process. oval:org.secpod.oval:def:66863 Windows Print Spooler Elevation of Privilege Vulnerability oval:org.secpod.oval:def:66868 Windows Print Spooler Elevation of Privilege Vulnerability oval:org.secpod.oval:def:66856 Windows Spoofing Vulnerability oval:org.secpod.oval:def:66862 Remote Desktop Protocol Client Information Disclosure Vulnerability. The type of information that could be disclosed if an attacker successfully exploited this vulnerability is uninitialized memory. oval:org.secpod.oval:def:66082 An elevation of privilege vulnerability exists in the Windows Installer when the Windows Installer fails to properly sanitize input leading to an insecure library loading behavior.A locally authenticated attacker could run arbitrary code with elevated system privileges. An attacker could then instal ... oval:org.secpod.oval:def:66088 An elevation of privilege vulnerability exists when the Windows Backup Service improperly handles file operations.To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges.The s ... oval:org.secpod.oval:def:66070 An information disclosure vulnerability exists when the .NET Framework improperly handles objects in memory. An attacker who successfully exploited the vulnerability could disclose contents of an affected system's memory. To exploit the vulnerability, an authenticated attacker would need to run a sp ... oval:org.secpod.oval:def:66077 An elevation of privilege vulnerability exists in the way that the Windows Network Connections Service handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.To exploit the vulnerability, a locally authenticated attacker could ... oval:org.secpod.oval:def:66090 An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface Plus (GDI+) handles objects in memory, allowing an attacker to retrieve information from a targeted system. By itself, the information disclosure does not allow arbitrary code execution; however, it ... oval:org.secpod.oval:def:66093 A spoofing vulnerability exists when Windows incorrectly validates file signatures. An attacker who successfully exploited this vulnerability could bypass security features and load improperly signed files.In an attack scenario, an attacker could bypass security features intended to prevent improper ... oval:org.secpod.oval:def:66092 An elevation of privilege vulnerability exists when Windows improperly handles COM object creation. An attacker who successfully exploited the vulnerability could run arbitrary code with elevated privileges.To exploit this vulnerability, an attacker would first have to log on to the system. An attac ... oval:org.secpod.oval:def:66095 A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system.An attacker could exploit this vulnerability by enticing a victim to open ... oval:org.secpod.oval:def:66094 A remote code execution vulnerability exists in the way that Microsoft Graphics Components handle objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary code on a target system.To exploit the vulnerability, a user would have to open a specially crafted fi ... oval:org.secpod.oval:def:66097 An elevation of privilege vulnerability exists when Windows improperly handles COM object creation. An attacker who successfully exploited the vulnerability could run arbitrary code with elevated privileges.To exploit this vulnerability, an attacker would first have to log on to the system. An attac ... oval:org.secpod.oval:def:66098 An elevation of privilege vulnerability exists when the Windows Backup Service improperly handles file operations.To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges.The s ... oval:org.secpod.oval:def:66066 An elevation of privilege vulnerability exists when the Windows User Profile Service (ProfSvc) improperly handles junction points. An attacker who successfully exploited this vulnerability could delete files and folders in an elevated context.To exploit this vulnerability, an attacker would first ha ... oval:org.secpod.oval:def:66067 An elevation of privilege vulnerability exists when the Windows Application Compatibility Client Library improperly handles registry operations. An attacker who successfully exploited this vulnerability could gain elevated privileges.To exploit the vulnerability, an attacker would first need code ex ... oval:org.secpod.oval:def:66105 An elevation of privilege vulnerability exists when the Windows Backup Service improperly handles file operations.To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges.The s ... oval:org.secpod.oval:def:66104 An elevation of privilege vulnerability exists when the Windows Backup Service improperly handles file operations.To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges.The s ... oval:org.secpod.oval:def:66107 An elevation of privilege vulnerability exists when the Windows Backup Service improperly handles file operations.To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges.The s ... oval:org.secpod.oval:def:66106 An elevation of privilege vulnerability exists when the Windows Backup Service improperly handles file operations.To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges.The s ... oval:org.secpod.oval:def:66100 An elevation of privilege vulnerability exists when Group Policy improperly checks access. An attacker who successfully exploited this vulnerability could run processes in an elevated context.To exploit the vulnerability, an attacker would first have to log on to the system, and then run a specially ... oval:org.secpod.oval:def:66103 An elevation of privilege vulnerability exists when the Windows Backup Service improperly handles file operations.To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges.The s ... oval:org.secpod.oval:def:67677 The type of information that could be disclosed if an attacker successfully exploited this vulnerability is the contents of Kernel memory. An attacker could read the contents of Kernel memory from a user mode process. oval:org.secpod.oval:def:67667 Windows Backup Engine Elevation of Privilege Vulnerability oval:org.secpod.oval:def:67666 Windows Backup Engine Elevation of Privilege Vulnerability oval:org.secpod.oval:def:67669 Windows Backup Engine Elevation of Privilege Vulnerability oval:org.secpod.oval:def:67668 Windows Backup Engine Elevation of Privilege Vulnerability oval:org.secpod.oval:def:67674 The type of information that could be disclosed if an attacker successfully exploited this vulnerability is memory layout - the vulnerability allows an attacker to collect information that facilitates predicting addressing of the memory. oval:org.secpod.oval:def:67663 Windows Backup Engine Elevation of Privilege Vulnerability oval:org.secpod.oval:def:67665 Windows Backup Engine Elevation of Privilege Vulnerability oval:org.secpod.oval:def:67664 Windows Backup Engine Elevation of Privilege Vulnerability oval:org.secpod.oval:def:68184 Windows CSC Service Elevation of Privilege Vulnerability oval:org.secpod.oval:def:68185 Windows CSC Service Elevation of Privilege Vulnerability oval:org.secpod.oval:def:68188 Remote Procedure Call Runtime Remote Code Execution Vulnerability oval:org.secpod.oval:def:68189 Windows CSC Service Elevation of Privilege Vulnerability oval:org.secpod.oval:def:68186 Windows CSC Service Elevation of Privilege Vulnerability oval:org.secpod.oval:def:68187 Windows CSC Service Elevation of Privilege Vulnerability oval:org.secpod.oval:def:68191 Windows Installer Elevation of Privilege Vulnerability oval:org.secpod.oval:def:68190 Remote Procedure Call Runtime Remote Code Execution Vulnerability oval:org.secpod.oval:def:68195 Remote Procedure Call Runtime Remote Code Execution Vulnerability oval:org.secpod.oval:def:68196 Remote Procedure Call Runtime Remote Code Execution Vulnerability oval:org.secpod.oval:def:68193 Remote Procedure Call Runtime Remote Code Execution Vulnerability oval:org.secpod.oval:def:68194 GDI+ Remote Code Execution Vulnerability oval:org.secpod.oval:def:68199 Remote Procedure Call Runtime Remote Code Execution Vulnerability oval:org.secpod.oval:def:68213 Windows CSC Service Elevation of Privilege Vulnerability oval:org.secpod.oval:def:68203 NTLM Security Feature Bypass Vulnerability oval:org.secpod.oval:def:68204 Windows CryptoAPI Denial of Service Vulnerability oval:org.secpod.oval:def:68201 Remote Procedure Call Runtime Remote Code Execution Vulnerability oval:org.secpod.oval:def:68202 Windows Remote Desktop Protocol Core Security Feature Bypass Vulnerability oval:org.secpod.oval:def:66891 Windows Common Log File System Driver Elevation of Privilege Vulnerability oval:org.secpod.oval:def:66916 Remote Desktop Protocol Server Information Disclosure Vulnerability. The type of information that could be disclosed if an attacker successfully exploited this vulnerability is unauthorized read access to Windows RDP server process. oval:org.secpod.oval:def:66917 Windows Port Class Library Elevation of Privilege Vulnerability. oval:org.secpod.oval:def:66930 Windows GDI+ Remote Code Execution Vulnerability oval:org.secpod.oval:def:66931 Windows NDIS Information Disclosure Vulnerability oval:org.secpod.oval:def:66934 Windows Kernel Local Elevation of Privilege Vulnerability oval:org.secpod.oval:def:66920 Windows Canonical Display Driver Information Disclosure Vulnerability. The type of information that could be disclosed if an attacker successfully exploited this vulnerability is memory layout - the vulnerability allows an attacker to collect information that facilitates predicting addressing of the ... oval:org.secpod.oval:def:66922 Windows Function Discovery SSDP Provider Information Disclosure Vulnerability. The type of information that could be disclosed if an attacker successfully exploited this vulnerability is memory layout - the vulnerability allows an attacker to collect information that facilitates predicting addressin ... oval:org.secpod.oval:def:66924 Windows Print Spooler Remote Code Execution Vulnerability oval:org.secpod.oval:def:66926 Windows Network File System Denial of Service Vulnerability oval:org.secpod.oval:def:68218 To exploit this vulnerability, an attacker would need to launch a man-in-the-middle (MiTM) attack against the traffic passing between a domain controller and the target machine. oval:org.secpod.oval:def:68219 Windows Print Spooler Elevation of Privilege Vulnerability oval:org.secpod.oval:def:68217 Windows CSC Service Elevation of Privilege Vulnerability oval:org.secpod.oval:def:68222 Remote Procedure Call Runtime Remote Code Execution Vulnerability oval:org.secpod.oval:def:68220 The type of information that could be disclosed if an attacker successfully exploited this vulnerability is uninitialized memory. oval:org.secpod.oval:def:68223 Remote Procedure Call Runtime Remote Code Execution Vulnerability oval:org.secpod.oval:def:68224 Windows Remote Procedure Call Runtime Elevation of Privilege Vulnerability oval:org.secpod.oval:def:68238 Windows NT Lan Manager Datagram Receiver Driver Information Disclosure Vulnerability. The type of information that could be disclosed if an attacker successfully exploited this vulnerability is memory layout - the vulnerability allows an attacker to collect information that facilitates predicting ad ... oval:org.secpod.oval:def:68240 Windows (modem.sys) Information Disclosure Vulnerability. The type of information that could be disclosed if an attacker successfully exploited this vulnerability is uninitialized memory. oval:org.secpod.oval:def:68241 Windows LUAFV Elevation of Privilege Vulnerability oval:org.secpod.oval:def:68227 The type of information that could be disclosed if an attacker successfully exploited this vulnerability is memory layout - the vulnerability allows an attacker to collect information that facilitates predicting addressing of the memory. oval:org.secpod.oval:def:68228 Windows Win32k Elevation of Privilege Vulnerability oval:org.secpod.oval:def:68232 Active Template Library Elevation of Privilege Vulnerability oval:org.secpod.oval:def:68237 Microsoft DTV-DVD Video Decoder Remote Code Execution Vulnerability oval:org.secpod.oval:def:68234 TPM Device Driver Information Disclosure Vulnerability.The type of information that could be disclosed if an attacker successfully exploited this vulnerability is memory layout - the vulnerability allows an attacker to collect information that facilitates predicting addressing of the memory. oval:org.secpod.oval:def:68235 Windows Fax Compose Form Remote Code Execution Vulnerability oval:org.secpod.oval:def:69004 The host is installed with .NEt Framework and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to properly handle unspecified vectors. Successful exploitation allows attackers to perform denial of service attacks. oval:org.secpod.oval:def:70011 Windows Event Tracing Elevation of Privilege Vulnerability. oval:org.secpod.oval:def:69030 Windows TCP/IP Remote Code Execution Vulnerability oval:org.secpod.oval:def:69036 Windows Trust Verification API Denial of Service Vulnerability oval:org.secpod.oval:def:69033 Windows Fax Service Remote Code Execution Vulnerability. oval:org.secpod.oval:def:69039 Windows Address Book Remote Code Execution Vulnerability. oval:org.secpod.oval:def:70002 Microsoft Windows Media Foundation Remote Code Execution Vulnerability. oval:org.secpod.oval:def:70001 Windows Print Spooler Elevation of Privilege Vulnerability. oval:org.secpod.oval:def:69025 Windows Fax Service Remote Code Execution Vulnerability oval:org.secpod.oval:def:69029 Windows Remote Procedure Call Information Disclosure Vulnerability. The type of information that could be disclosed if an attacker successfully exploited this vulnerability is the contents of Kernel memory. An attacker could read the contents of Kernel memory from a user mode process. oval:org.secpod.oval:def:69026 Windows Installer Elevation of Privilege Vulnerability oval:org.secpod.oval:def:69050 Windows Event Tracing Elevation of Privilege Vulnerability oval:org.secpod.oval:def:69052 Windows PKU2U Elevation of Privilege Vulnerability. PKU2U is a peer-to-peer authentication protocol. This setting prevents online identities from authenticating to domain-joined systems. Authentication will be centrally managed with Windows user accounts. oval:org.secpod.oval:def:69042 Windows Local Spooler Remote Code Execution Vulnerability. oval:org.secpod.oval:def:69041 Windows TCP/IP Denial of Service Vulnerability. IPv6 Link-local addresses are not routable on the internet and are not reachable by remote attackers. An attack would need to originate from the same logical network segment for systems that are ONLY configured with IPv6 Link-local addresses. oval:org.secpod.oval:def:69045 Windows TCP/IP Remote Code Execution Vulnerability. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) that contains a specially crafted file that is designed to exploit the vulnerability. However, an atta ... oval:org.secpod.oval:def:69048 Windows Event Tracing Elevation of Privilege Vulnerability. oval:org.secpod.oval:def:69987 Windows Print Spooler Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could overwrite arbitrary file content in the security context of the local system. oval:org.secpod.oval:def:69990 Windows Graphics Component Remote Code Execution Vulnerability. oval:org.secpod.oval:def:69991 Windows Installer Elevation of Privilege Vulnerability. oval:org.secpod.oval:def:69996 Windows Event Tracing Elevation of Privilege Vulnerability. oval:org.secpod.oval:def:69997 Windows User Profile Service Elevation of Privilege Vulnerability. oval:org.secpod.oval:def:69998 Windows Win32k Elevation of Privilege Vulnerability. oval:org.secpod.oval:def:70044 Remote Access API Elevation of Privilege Vulnerability oval:org.secpod.oval:def:70014 Windows Event Tracing Elevation of Privilege Vulnerability. oval:org.secpod.oval:def:70016 Windows Win32k Elevation of Privilege Vulnerability. oval:org.secpod.oval:def:70012 Windows UPnP Device Host Elevation of Privilege Vulnerability. oval:org.secpod.oval:def:70039 Windows ActiveX Installer Service Information Disclosure Vulnerability. The type of information that could be disclosed if an attacker successfully exploited this vulnerability is unauthorized file system access - reading from the file system. oval:org.secpod.oval:def:70034 Windows Event Tracing Information Disclosure Vulnerability. The type of information that could be disclosed if an attacker successfully exploited this vulnerability is memory layout - the vulnerability allows an attacker to collect information that facilitates predicting addressing of the memory. oval:org.secpod.oval:def:70978 Remote Procedure Call Runtime Remote Code Execution Vulnerability. oval:org.secpod.oval:def:70979 Remote Procedure Call Runtime Remote Code Execution Vulnerability. oval:org.secpod.oval:def:70974 Remote Procedure Call Runtime Remote Code Execution Vulnerability. oval:org.secpod.oval:def:70975 Remote Procedure Call Runtime Remote Code Execution Vulnerability. oval:org.secpod.oval:def:70976 Remote Procedure Call Runtime Remote Code Execution Vulnerability. oval:org.secpod.oval:def:70977 Remote Procedure Call Runtime Remote Code Execution Vulnerability. oval:org.secpod.oval:def:70970 Remote Procedure Call Runtime Remote Code Execution Vulnerability. oval:org.secpod.oval:def:70971 Remote Procedure Call Runtime Remote Code Execution Vulnerability. oval:org.secpod.oval:def:70972 Remote Procedure Call Runtime Remote Code Execution Vulnerability. oval:org.secpod.oval:def:70973 Remote Procedure Call Runtime Remote Code Execution Vulnerability. oval:org.secpod.oval:def:70967 Microsoft Internet Messaging API Remote Code Execution Vulnerability. oval:org.secpod.oval:def:70968 The type of information that could be disclosed if an attacker successfully exploited this vulnerability is memory layout - the vulnerability allows an attacker to collect information that facilitates predicting addressing of the memory. oval:org.secpod.oval:def:70969 NTFS Elevation of Privilege Vulnerability. oval:org.secpod.oval:def:70960 Remote Procedure Call Runtime Remote Code Execution Vulnerability. oval:org.secpod.oval:def:70961 In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) that contains a specially crafted file that is designed to exploit the vulnerability. However, an attacker would have no way to force the user to visit the ... oval:org.secpod.oval:def:70962 In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) that contains a specially crafted file that is designed to exploit the vulnerability. However, an attacker would have no way to force the user to visit the ... oval:org.secpod.oval:def:70992 Windows GDI+ Remote Code Execution Vulnerability oval:org.secpod.oval:def:70993 Windows GDI+ Remote Code Execution Vulnerability oval:org.secpod.oval:def:70994 Windows GDI+ Remote Code Execution Vulnerability oval:org.secpod.oval:def:70995 Windows GDI+ Information Disclosure Vulnerability. The type of information that could be disclosed if an attacker successfully exploited this vulnerability is memory layout - the vulnerability allows an attacker to collect information that facilitates predicting addressing of the memory. oval:org.secpod.oval:def:70990 Windows DNS Information Disclosure Vulnerability. The type of information that could be disclosed if an attacker successfully exploited this vulnerability is memory layout - the vulnerability allows an attacker to collect information that facilitates predicting addressing of the memory. oval:org.secpod.oval:def:70991 Windows DNS Information Disclosure Vulnerability. The type of information that could be disclosed if an attacker successfully exploited this vulnerability is memory layout - the vulnerability allows an attacker to collect information that facilitates predicting addressing of the memory. oval:org.secpod.oval:def:70981 Remote Procedure Call Runtime Remote Code Execution Vulnerability. oval:org.secpod.oval:def:70982 Remote Procedure Call Runtime Remote Code Execution Vulnerability. oval:org.secpod.oval:def:70983 Remote Procedure Call Runtime Remote Code Execution Vulnerability. oval:org.secpod.oval:def:70984 Remote Procedure Call Runtime Remote Code Execution Vulnerability. oval:org.secpod.oval:def:70980 Remote Procedure Call Runtime Remote Code Execution Vulnerability. oval:org.secpod.oval:def:70956 Remote Procedure Call Runtime Remote Code Execution Vulnerability. oval:org.secpod.oval:def:70957 Remote Procedure Call Runtime Remote Code Execution Vulnerability. oval:org.secpod.oval:def:70958 Remote Procedure Call Runtime Remote Code Execution Vulnerability. oval:org.secpod.oval:def:70959 Remote Procedure Call Runtime Remote Code Execution Vulnerability. oval:org.secpod.oval:def:70952 Remote Procedure Call Runtime Remote Code Execution Vulnerability. oval:org.secpod.oval:def:70953 Remote Procedure Call Runtime Remote Code Execution Vulnerability. oval:org.secpod.oval:def:70954 Remote Procedure Call Runtime Remote Code Execution Vulnerability. oval:org.secpod.oval:def:70955 Remote Procedure Call Runtime Remote Code Execution Vulnerability. oval:org.secpod.oval:def:70950 Remote Procedure Call Runtime Remote Code Execution Vulnerability. oval:org.secpod.oval:def:70951 Remote Procedure Call Runtime Remote Code Execution Vulnerability. oval:org.secpod.oval:def:70945 The type of information that could be disclosed if an attacker successfully exploited this vulnerability is unauthorized file system access - reading from the file system. oval:org.secpod.oval:def:70949 Remote Procedure Call Runtime Remote Code Execution Vulnerability. oval:org.secpod.oval:def:71018 Windows TCP/IP Driver Denial of Service Vulnerability. oval:org.secpod.oval:def:71015 Windows WLAN AutoConfig Service Security Feature Bypass Vulnerability oval:org.secpod.oval:def:71010 Windows Console Driver Denial of Service Vulnerability oval:org.secpod.oval:def:71008 Windows Installer Elevation of Privilege Vulnerability oval:org.secpod.oval:def:71007 Windows Installer Spoofing Vulnerability oval:org.secpod.oval:def:71009 Windows Installer Elevation of Privilege Vulnerability oval:org.secpod.oval:def:71004 Windows Kernel Information Disclosure Vulnerability. The type of information that could be disclosed if an attacker successfully exploited this vulnerability is the contents of Kernel memory. An attacker could read the contents of Kernel memory from a user mode process. oval:org.secpod.oval:def:71006 Windows Kernel Information Disclosure Vulnerability. The type of information that could be disclosed if an attacker successfully exploited this vulnerability is uninitialized memory. oval:org.secpod.oval:def:71005 Windows Portmapping Information Disclosure Vulnerability. The type of information that could be disclosed if an attacker successfully exploited this vulnerability is uninitialized memory. oval:org.secpod.oval:def:70997 Windows Network File System Remote Code Execution Vulnerability. oval:org.secpod.oval:def:73249 Microsoft Enhanced Cryptographic Provider Elevation of Privilege Vulnerability. CVE-2021-31199 address vulnerabilities that are related to Adobe's CVE-2021-28550, released in Adobe Security Bulletin ID APSB21-29. Customers running affected versions of Microsoft Windows should install the June securi ... oval:org.secpod.oval:def:73247 Windows Print Spooler Elevation of Privilege Vulnerability oval:org.secpod.oval:def:73248 Windows DCOM Server Security Feature Bypass. This vulnerability requires that a user with an affected version of Windows access a malicious server. An attacker would have to host a specially crafted server share or website. An attacker would have no way to force users to visit this specially crafted ... oval:org.secpod.oval:def:73253 Windows Filter Manager Elevation of Privilege Vulnerability oval:org.secpod.oval:def:73250 Microsoft Enhanced Cryptographic Provider Elevation of Privilege Vulnerability. Microsoft CVE-2021-31201 address vulnerabilities that are related to Adobe's CVE-2021-28550, released in Adobe Security Bulletin ID APSB21-29. Customers running affected versions of Microsoft Windows should install the J ... oval:org.secpod.oval:def:73272 Windows Remote Desktop Services Denial of Service Vulnerability oval:org.secpod.oval:def:73270 Windows MSHTML Platform Remote Code Execution Vulnerability. While Microsoft has announced retirement of the Internet Explorer 11 application on certain platforms and the Microsoft Edge Legacy application is deprecated, the underlying MSHTML, EdgeHTML, and scripting platforms are still supported. Th ... oval:org.secpod.oval:def:73271 Windows Common Log File System Driver Elevation of Privilege Vulnerability oval:org.secpod.oval:def:73259 Kerberos AppContainer Security Feature Bypass Vulnerability. In an enterprise environment this vulnerability might allow an attacker to bypass Kerberos authentication, to authenticate to an arbitrary service principal name. oval:org.secpod.oval:def:73256 Windows NTLM Elevation of Privilege Vulnerability. This vulnerability requires that a user with an affected version of Windows access a malicious server. An attacker would have to host a specially crafted server share or website. An attacker would have no way to force users to visit this specially c ... oval:org.secpod.oval:def:73257 Scripting Engine Memory Corruption Vulnerability. Exploitation of the vulnerability requires that a user open a specially crafted file. * In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the fil ... oval:org.secpod.oval:def:73255 Windows NTFS Elevation of Privilege Vulnerability. To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system. Additionally, an attacker co ... oval:org.secpod.oval:def:73264 Windows GPSVC Elevation of Privilege Vulnerability oval:org.secpod.oval:def:73262 Windows HTML Platform Security Feature Bypass Vulnerability. While Microsoft has announced retirement of the Internet Explorer 11 application on certain platforms and the Microsoft Edge Legacy application is deprecated, the underlying MSHTML, EdgeHTML, and scripting platforms are still supported. Th ... oval:org.secpod.oval:def:73744 Windows Kernel Elevation of Privilege Vulnerability oval:org.secpod.oval:def:73742 Windows TCP/IP Driver Denial of Service Vulnerability oval:org.secpod.oval:def:73799 Windows Installer Elevation of Privilege Vulnerability oval:org.secpod.oval:def:73796 Windows Address Book Remote Code Execution Vulnerability oval:org.secpod.oval:def:73794 Windows Kernel Memory Information Disclosure Vulnerability. The type of information that could be disclosed if an attacker successfully exploited this vulnerability is memory from the file cache. This could include unintentional read access to memory contents in kernel space from a user mode process ... oval:org.secpod.oval:def:73769 Windows LSA Denial of Service Vulnerability oval:org.secpod.oval:def:73766 Windows SMB Information Disclosure Vulnerability. The type of information that could be disclosed if an attacker successfully exploited this vulnerability is unauthorized file system access - reading from the file system. oval:org.secpod.oval:def:73759 Windows Installer Spoofing Vulnerability oval:org.secpod.oval:def:73756 Windows DNS Snap-in Remote Code Execution Vulnerability. An administrator would need to view a malicious record in the DNS Snap-in to allow exploitation this vulnerability. oval:org.secpod.oval:def:73753 Windows DNS Snap-in Remote Code Execution Vulnerability. An administrator would need to view a malicious record in the DNS Snap-in to allow exploitation this vulnerability. oval:org.secpod.oval:def:73751 Windows DNS Snap-in Remote Code Execution Vulnerability. An administrator would need to view a malicious record in the DNS Snap-in to allow exploitation this vulnerability. oval:org.secpod.oval:def:73750 Windows DNS Snap-in Remote Code Execution Vulnerability. An administrator would need to view a malicious record in the DNS Snap-in to allow exploitation this vulnerability. oval:org.secpod.oval:def:73791 Windows MSHTML Platform Remote Code Execution Vulnerability. This vulnerability requires that a user with an affected version of Windows access a malicious server. An attacker would have to host a specially crafted server share or website. An attacker would have no way to force users to visit this s ... oval:org.secpod.oval:def:73792 Windows GDI Elevation of Privilege Vulnerability oval:org.secpod.oval:def:73790 Windows GDI Information Disclosure Vulnerability. The type of information that could be disclosed if an attacker successfully exploited this vulnerability is memory layout - the vulnerability allows an attacker to collect information that facilitates predicting addressing of the memory. oval:org.secpod.oval:def:73777 Scripting Engine Memory Corruption Vulnerability. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) that contains a specially crafted file that is designed to exploit the vulnerability. However, an attacke ... oval:org.secpod.oval:def:73776 Windows MSHTML Platform Remote Code Execution Vulnerability. This vulnerability requires that a user with an affected version of Windows access a malicious server. An attacker would have to host a specially crafted server share or website. An attacker would have no way to force users to visit this s ... oval:org.secpod.oval:def:73773 Microsoft Windows Media Foundation Remote Code Execution Vulnerability oval:org.secpod.oval:def:73772 GDI+ Information Disclosure Vulnerability. The type of information that could be disclosed if an attacker successfully exploited this vulnerability is uninitialized memory. oval:org.secpod.oval:def:73805 Windows Security Account Manager Remote Protocol Security Feature Bypass Vulnerability. oval:org.secpod.oval:def:73803 Win32k Elevation of Privilege Vulnerability oval:org.secpod.oval:def:73802 Windows Kernel Elevation of Privilege Vulnerability oval:org.secpod.oval:def:73823 Windows Remote Assistance Information Disclosure Vulnerability. The type of information that could be disclosed if an attacker successfully exploited this vulnerability is unauthorized file system access - reading from the file system. oval:org.secpod.oval:def:73821 Windows Certificate Spoofing Vulnerability oval:org.secpod.oval:def:73820 Bowser.sys Denial of Service Vulnerability oval:org.secpod.oval:def:73818 Windows Remote Access Connection Manager Information Disclosure Vulnerability. The type of information that could be disclosed if an attacker successfully exploited this vulnerability is memory layout - the vulnerability allows an attacker to collect information that facilitates predicting addressin ... oval:org.secpod.oval:def:73817 Windows Remote Access Connection Manager Elevation of Privilege Vulnerability oval:org.secpod.oval:def:73814 Windows HTML Platforms Security Feature Bypass Vulnerability oval:org.secpod.oval:def:73811 Windows Authenticode Spoofing Vulnerability oval:org.secpod.oval:def:74308 Scripting Engine Memory Corruption Vulnerability. Exploitation of the vulnerability requires that a user open a specially crafted file:* In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file ... oval:org.secpod.oval:def:74303 Windows Event Tracing Elevation of Privilege Vulnerability oval:org.secpod.oval:def:74302 Windows TCP/IP Remote Code Execution Vulnerability. This is remotely triggerable by a malicious Hyper-V guest sending an ipv6 ping to the Hyper-V host. An attacker could send a specially crafted TCPIP packet to its host utilizing the TCPIP Protocol Stack (tcpip.sys) to process packets. oval:org.secpod.oval:def:75298 Windows Installer Spoofing Vulnerability oval:org.secpod.oval:def:75296 Win32k Elevation of Privilege Vulnerability oval:org.secpod.oval:def:75295 Windows Common Log File System Driver Elevation of Privilege Vulnerability oval:org.secpod.oval:def:75293 Windows Print Spooler Spoofing Vulnerability oval:org.secpod.oval:def:75292 Windows TCP/IP Denial of Service Vulnerability oval:org.secpod.oval:def:75303 Windows Common Log File System Driver Elevation of Privilege Vulnerability oval:org.secpod.oval:def:75302 Windows Common Log File System Driver Elevation of Privilege Vulnerability oval:org.secpod.oval:def:74898 Windows Redirected Drive Buffering SubSystem Driver Information Disclosure Vulnerability. The type of information that could be disclosed if an attacker successfully exploited this vulnerability is uninitialized memory and kernel memory - unintentional read access to memory contents in kernel space ... oval:org.secpod.oval:def:74895 Windows WLAN AutoConfig Service Remote Code Execution Vulnerability oval:org.secpod.oval:def:74893 Windows Common Log File System Driver Elevation of Privilege Vulnerability oval:org.secpod.oval:def:74894 Windows Event Tracing Elevation of Privilege Vulnerability oval:org.secpod.oval:def:74888 Windows Common Log File System Driver Elevation of Privilege Vulnerability oval:org.secpod.oval:def:74889 Windows Authenticode Spoofing Vulnerability oval:org.secpod.oval:def:74886 Windows Scripting Engine Memory Corruption Vulnerability. Exploitation of the vulnerability requires that a user open a specially crafted file:* In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open ... oval:org.secpod.oval:def:74891 Windows Installer Denial of Service Vulnerability oval:org.secpod.oval:def:74892 Windows Installer Information Disclosure Vulnerability. The type of information that could be disclosed if an attacker successfully exploited this vulnerability is unauthorized file system access - reading from the file system. oval:org.secpod.oval:def:74890 Windows SMB Information Disclosure Vulnerability. The type of information that could be disclosed if an attacker successfully exploited this vulnerability is uninitialized memory and kernel memory - unintentional read access to memory contents in kernel space from a user mode process. oval:org.secpod.oval:def:74916 Windows Print Spooler Elevation of Privilege Vulnerability oval:org.secpod.oval:def:74917 Windows Print Spooler Elevation of Privilege Vulnerability oval:org.secpod.oval:def:74914 Win32k Elevation of Privilege Vulnerability oval:org.secpod.oval:def:74915 Windows Print Spooler Elevation of Privilege Vulnerability oval:org.secpod.oval:def:74913 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability oval:org.secpod.oval:def:74910 Windows Redirected Drive Buffering SubSystem Driver Information Disclosure Vulnerability. The type of information that could be disclosed if an attacker successfully exploited this vulnerability is Kernel memory read - unintentional read access to memory contents in kernel space from a user mode pro ... oval:org.secpod.oval:def:74911 Windows Redirected Drive Buffering SubSystem Driver Information Disclosure Vulnerability. The type of information that could be disclosed if an attacker successfully exploited this vulnerability is Kernel memory read - unintentional read access to memory contents in kernel space from a user mode pro ... oval:org.secpod.oval:def:74908 Windows Common Log File System Driver Elevation of Privilege Vulnerability oval:org.secpod.oval:def:74905 Windows Ancillary Function Driver for WinSock Information Disclosure Vulnerability. The type of information that could be disclosed if an attacker successfully exploited this vulnerability is uninitialized memory and kernel memory - unintentional read access to memory contents in kernel space from a ... oval:org.secpod.oval:def:74906 Windows Event Tracing Elevation of Privilege Vulnerability oval:org.secpod.oval:def:74904 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability oval:org.secpod.oval:def:74327 Windows Print Spooler Remote Code Execution Vulnerability oval:org.secpod.oval:def:74323 Windows Print Spooler Remote Code Execution Vulnerability oval:org.secpod.oval:def:74324 Windows Media MPEG-4 Video Decoder Remote Code Execution Vulnerability oval:org.secpod.oval:def:74318 Windows Bluetooth Driver Elevation of Privilege Vulnerability. An authorized attacker could exploit the Windows Bluetooth driver vulnerability by programatically running certain functions that could lead to elevation of privilege on the Bluetooth component. oval:org.secpod.oval:def:74316 Remote Desktop Client Remote Code Execution Vulnerability. In the case of a Remote Desktop connection, an attacker with control of a Remote Desktop Server could trigger a remote code execution (RCE) on the machine when a victim connects to the attacking server with the vulnerable Remote Desktop Clie ... oval:org.secpod.oval:def:74314 Windows Graphics Component Font Parsing Remote Code Execution Vulnerability oval:org.secpod.oval:def:74310 Windows User Profile Service Elevation of Privilege Vulnerability oval:org.secpod.oval:def:74309 Windows Print Spooler Elevation of Privilege Vulnerability oval:org.secpod.oval:def:76429 Remote Desktop Client Remote Code Execution Vulnerability oval:org.secpod.oval:def:76426 Windows NTFS Elevation of Privilege Vulnerability oval:org.secpod.oval:def:76425 Windows NTFS Elevation of Privilege Vulnerability oval:org.secpod.oval:def:76422 Windows Common Log File System Driver Elevation of Privilege Vulnerability oval:org.secpod.oval:def:76432 Microsoft Message Queuing Information Disclosure Vulnerability. Exploiting this vulnerability could allow the disclosure of initialized or uninitialized memory in the process heap. oval:org.secpod.oval:def:76430 Windows Fax Service Remote Code Execution Vulnerability oval:org.secpod.oval:def:76419 Microsoft Message Queuing Information Disclosure Vulnerability. Exploiting this vulnerability could allow the disclosure of initialized or uninitialized memory in the process heap. oval:org.secpod.oval:def:76417 Windows Encrypting File System (EFS) Remote Code Execution Vulnerability. An attacker could cause a buffer overflow write leading to unauthenticated non-sandboxed code execution. oval:org.secpod.oval:def:76416 Microsoft Local Security Authority Server (lsasrv) Information Disclosure Vulnerability. The type of information that could be disclosed if an attacker successfully exploited this vulnerability is Kernel memory read - unintentional read access to memory contents in kernel space from a user mode proc ... oval:org.secpod.oval:def:76415 iSNS Server Memory Corruption Vulnerability Can Lead to Remote Code Execution. An attacker could send a specially crafted request to the Internet Storage Name Service (iSNS) server, which could result in remote code execution. oval:org.secpod.oval:def:76414 Windows Common Log File System Driver Elevation of Privilege Vulnerability oval:org.secpod.oval:def:76413 Windows Print Spooler Elevation of Privilege Vulnerability oval:org.secpod.oval:def:76421 Windows Common Log File System Driver Information Disclosure Vulnerability. The type of information that could be disclosed if an attacker successfully exploited this vulnerability is the contents of Kernel memory. An attacker could read the contents of Kernel memory from a user mode process. oval:org.secpod.oval:def:75349 Windows Fast FAT File System Driver Information Disclosure Vulnerability. The type of information that could be disclosed if an attacker successfully exploited this vulnerability is the contents of Kernel memory. An attacker could read the contents of Kernel memory from a user mode process. oval:org.secpod.oval:def:75348 Windows exFAT File System Information Disclosure Vulnerability. The type of information that could be disclosed if an attacker successfully exploited this vulnerability is uninitialized memory. oval:org.secpod.oval:def:75347 Windows Fast FAT File System Driver Information Disclosure Vulnerability. The type of information that could be disclosed if an attacker successfully exploited this vulnerability is the contents of Kernel memory. An attacker could read the contents of Kernel memory from a user mode process. oval:org.secpod.oval:def:75346 Windows HTTP.sys Elevation of Privilege Vulnerability oval:org.secpod.oval:def:75351 Windows Remote Procedure Call Runtime Security Feature Bypass Vulnerability. This vulnerability could allow an attacker to bypass Extended Protection for Authentication provided by SPN target name validation. oval:org.secpod.oval:def:75343 Windows Text Shaping Remote Code Execution Vulnerability oval:org.secpod.oval:def:75316 Windows Kernel Elevation of Privilege Vulnerability oval:org.secpod.oval:def:75314 Windows Print Spooler Information Disclosure Vulnerability. he type of information that could be disclosed if an attacker successfully exploited this vulnerability is uninitialized memory. oval:org.secpod.oval:def:75313 Windows Media Audio Decoder Remote Code Execution Vulnerability oval:org.secpod.oval:def:75311 Storage Spaces Controller Elevation of Privilege Vulnerability. An authorized (medium integrity level) attacker could exploit this Windows Storport driver elevation of privilege vulnerability by locally sending through a user mode application a specially crafted request to the driver specifying an I ... oval:org.secpod.oval:def:75321 Windows MSHTML Platform Remote Code Execution Vulnerability. While Microsoft has announced retirement of the Internet Explorer 11 application on certain platforms and the Microsoft Edge Legacy application is deprecated, the underlying MSHTML, EdgeHTML, and scripting platforms are still supported. Th ... oval:org.secpod.oval:def:75320 Windows Graphics Component Remote Code Execution Vulnerability. Exploitation of the vulnerability requires that a user open a specially crafted file.* In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to ... oval:org.secpod.oval:def:75829 NTFS Elevation of Privilege Vulnerability oval:org.secpod.oval:def:75822 Microsoft COM for Windows Remote Code Execution Vulnerability. An authorized attacker could exploit this Windows COM vulnerability by sending from a user mode application specially crafted malicious COM traffic directed at the COM Server, which might lead to remote code execution. oval:org.secpod.oval:def:75820 Windows Installer Elevation of Privilege Vulnerability. An attacker would only be able to delete targeted files on a system. They would not gain privileges to view or modify file contents. oval:org.secpod.oval:def:75818 Windows Fast FAT File System Driver Elevation of Privilege Vulnerability oval:org.secpod.oval:def:75817 Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability. The type of information that could be disclosed if an attacker successfully exploited this vulnerability is read access to Windows RDP client passwords by RDP server administrators. oval:org.secpod.oval:def:75816 NTFS Elevation of Privilege Vulnerability oval:org.secpod.oval:def:75815 NTFS Elevation of Privilege Vulnerability oval:org.secpod.oval:def:75812 Remote Desktop Client Remote Code Execution Vulnerability. In the case of a Remote Desktop connection, an attacker with control of a Remote Desktop Server could trigger a remote code execution (RCE) on the RDP client machine when a victim connects to the attacking server with the vulnerable Remote D ... oval:org.secpod.oval:def:75811 Remote Desktop Protocol Client Information Disclosure Vulnerability. Exploiting this vulnerability could allow the disclosure of initialized and/or uninitialized memory in the process heap. oval:org.secpod.oval:def:75810 Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability. The type of information that could be disclosed if an attacker successfully exploited this vulnerability is read access to Windows RDP client passwords by RDP server administrators. oval:org.secpod.oval:def:75831 Windows Kernel Elevation of Privilege Vulnerability oval:org.secpod.oval:def:76434 Windows Remote Access Elevation of Privilege Vulnerability oval:org.secpod.oval:def:76443 Windows Installer Elevation of Privilege Vulnerability oval:org.secpod.oval:def:76444 Windows Encrypting File System (EFS) Elevation of Privilege Vulnerability oval:org.secpod.oval:def:77180 .NET Framework Denial of Service Vulnerability oval:org.secpod.oval:def:78757 .NET Framework Denial of Service Vulnerability oval:org.secpod.oval:def:77097 Remote Procedure Call Runtime Remote Code Execution Vulnerability. An attacker with non-admin credentials can potentially carry out an exploit using this vulnerability. The authenticated attacker could take advantage of this vulnerability to execute malicious code through the RPC runtime. oval:org.secpod.oval:def:77096 Windows User Profile Service Elevation of Privilege Vulnerability oval:org.secpod.oval:def:77094 Windows Common Log File System Driver Elevation of Privilege Vulnerability oval:org.secpod.oval:def:77093 Windows GDI+ Information Disclosure Vulnerability. The type of information that could be disclosed if an attacker successfully exploited this vulnerability is uninitialized memory. oval:org.secpod.oval:def:77092 Windows Remote Access Connection Manager Elevation of Privilege Vulnerability. A local, authenticated attacker could gain elevated privileges through a vulnerable file system component. oval:org.secpod.oval:def:77090 Windows Installer Elevation of Privilege Vulnerability oval:org.secpod.oval:def:77086 Windows GDI Information Disclosure Vulnerability. An attacker could potentially read small portions of heap memory. oval:org.secpod.oval:def:77085 Windows GDI Elevation of Privilege Vulnerability oval:org.secpod.oval:def:77080 Windows Common Log File System Driver Elevation of Privilege Vulnerability oval:org.secpod.oval:def:77059 Windows Certificate Spoofing Vulnerability. A successful attacker could bypass the WPBT binary verification by using a small number of compromised certificates. Microsoft has added those certificates to the Windows kernel driver block list, driver.stl. Certificates on the driver.stl will be blocked ... oval:org.secpod.oval:def:77058 Microsoft Cryptographic Services Elevation of Privilege Vulnerability oval:org.secpod.oval:def:77057 Windows User-mode Driver Framework Reflector Driver Elevation of Privilege Vulnerability oval:org.secpod.oval:def:77078 Remote Desktop Protocol Remote Code Execution Vulnerability. An attacker would have to convince a targeted user to connect to a malicious RDP server. Upon connecting, the malicious server could read or tamper with clipboard contents and the victim's filesystem contents. oval:org.secpod.oval:def:77075 Windows Remote Access Connection Manager Elevation of Privilege Vulnerability oval:org.secpod.oval:def:77071 Windows GDI+ Information Disclosure Vulnerability. The type of information that could be disclosed if an attacker successfully exploited this vulnerability is the contents of Kernel memory. An attacker could read the contents of Kernel memory from a user mode process. oval:org.secpod.oval:def:77065 Windows Accounts Control Elevation of Privilege Vulnerability oval:org.secpod.oval:def:77063 Active Directory Domain Services Elevation of Privilege Vulnerability. This update resolves an elevation of privilege vulnerability specific to Active Directory Domain Services environments with incoming trusts. Prior to this update, an attacker could elevate privileges across the trust boundary und ... oval:org.secpod.oval:def:77062 Remote Desktop Client Remote Code Execution Vulnerability. An authenticated user might be tricked into connecting to a malicious remote desktop server in which the remote desktop host server sends a specially crafted PDU (Server RDP Preconnection) targeting the remote client's drive redirection virt ... oval:org.secpod.oval:def:77061 Remote Desktop Client Remote Code Execution Vulnerability. In the case of a Remote Desktop connection, an attacker with control of a Remote Desktop Server could trigger a remote code execution (RCE) on the RDP client machine when a victim connects to the attacking server with the vulnerable Remote D ... oval:org.secpod.oval:def:16177 WinVerifyTrust Signature Validation Vulnerability. A flaw is present in the WinVerifyTrust function in the operating system, which fails to handle the Windows Authenticode signature verification for portable executable (PE) files. Successful exploitation could allow remote attackers to execute arbit ... oval:org.secpod.oval:def:77159 Windows Kerberos Elevation of Privilege Vulnerability. A domain user could use this vulnerability to elevate privileges to a domain admin. oval:org.secpod.oval:def:77161 Workstation Service Remote Protocol Security Feature Bypass Vulnerability oval:org.secpod.oval:def:77128 Windows Cleanup Manager Elevation of Privilege Vulnerability. An attacker would only be able to delete targeted files on a system. They would not gain privileges to view or modify file contents. oval:org.secpod.oval:def:77134 Windows IKE Extension Denial of Service Vulnerability. Only systems with the IPSec service running are vulnerable to this attack. oval:org.secpod.oval:def:77133 Windows IKE Extension Denial of Service Vulnerability. Only systems with the IPSec service running are vulnerable to this attack. oval:org.secpod.oval:def:77131 Virtual Machine IDE Drive Elevation of Privilege Vulnerability oval:org.secpod.oval:def:77158 Local Security Authority (Domain Policy) Remote Protocol Security Feature Bypass oval:org.secpod.oval:def:77153 Windows IKE Extension Denial of Service Vulnerability. Only systems with the IPSec service running are vulnerable to this attack. oval:org.secpod.oval:def:77152 Windows IKE Extension Denial of Service Vulnerability. Only systems with the IPSec service running are vulnerable to this attack. oval:org.secpod.oval:def:77150 Windows IKE Extension Denial of Service Vulnerability. Only systems with the IPSec service running are vulnerable to this attack. oval:org.secpod.oval:def:77139 Windows Application Model Core API Elevation of Privilege Vulnerability oval:org.secpod.oval:def:78051 Remote Desktop Client Remote Code Execution Vulnerability. In the case of a Remote Desktop connection, an attacker with control of a Remote Desktop Server could trigger a remote code execution (RCE) on the RDP client machine when a victim connects to the attacking server with the vulnerable Remote D ... oval:org.secpod.oval:def:78053 Point-to-Point Tunneling Protocol Denial of Service Vulnerability oval:org.secpod.oval:def:78054 Windows Common Log File System Driver Information Disclosure Vulnerability. The type of information that could be disclosed if an attacker successfully exploited this vulnerability is the contents of Kernel memory. An attacker could read the contents of Kernel memory from a user mode process. oval:org.secpod.oval:def:78055 Windows ALPC Elevation of Privilege Vulnerability. Successful exploitation of this vulnerability requires an attacker to win a race condition. oval:org.secpod.oval:def:78057 Remote Desktop Client Remote Code Execution Vulnerability. In the case of a Remote Desktop connection, an attacker with control of a Remote Desktop Server could trigger a remote code execution (RCE) on the RDP client machine when a victim connects to the attacking server with the vulnerable Remote D ... oval:org.secpod.oval:def:77649 Windows Remote Access Connection Manager Information Disclosure Vulnerability. An attacker could potentially read small portions of heap memory. oval:org.secpod.oval:def:77647 Windows Common Log File System Driver Elevation of Privilege Vulnerability oval:org.secpod.oval:def:77650 Windows Kernel Elevation of Privilege Vulnerability. Successful exploitation of this vulnerability requires an attacker to take additional actions prior to exploitation to prepare the target environment. In this case, a successful attack could be performed from a low privilege AppContainer. The atta ... oval:org.secpod.oval:def:77666 Windows Print Spooler Elevation of Privilege Vulnerability oval:org.secpod.oval:def:77665 Windows Print Spooler Elevation of Privilege Vulnerability. Successful exploitation of this vulnerability requires an attacker to win a race condition. oval:org.secpod.oval:def:77659 Windows Common Log File System Driver Elevation of Privilege Vulnerability oval:org.secpod.oval:def:77658 Windows Print Spooler Elevation of Privilege Vulnerability oval:org.secpod.oval:def:77657 Windows Common Log File System Driver Information Disclosure Vulnerability. The type of information that could be disclosed if an attacker successfully exploited this vulnerability is the contents of Kernel memory. An attacker could read the contents of Kernel memory from a user mode process. oval:org.secpod.oval:def:77656 Windows Print Spooler Elevation of Privilege Vulnerability. An attacker would only be able to delete targeted files on a system. They would not gain privileges to view or modify file contents. oval:org.secpod.oval:def:77662 Windows Common Log File System Driver Denial of Service Vulnerability oval:org.secpod.oval:def:78732 Windows Print Spooler Elevation of Privilege Vulnerability oval:org.secpod.oval:def:78734 Windows Print Spooler Elevation of Privilege Vulnerability oval:org.secpod.oval:def:78735 Windows Print Spooler Elevation of Privilege Vulnerability oval:org.secpod.oval:def:78736 Windows Print Spooler Elevation of Privilege Vulnerability oval:org.secpod.oval:def:78737 Windows Print Spooler Elevation of Privilege Vulnerability oval:org.secpod.oval:def:78738 Windows Print Spooler Elevation of Privilege Vulnerability oval:org.secpod.oval:def:78739 Windows Print Spooler Elevation of Privilege Vulnerability oval:org.secpod.oval:def:78730 Windows Print Spooler Elevation of Privilege Vulnerability oval:org.secpod.oval:def:78721 Windows SMB Remote Code Execution Vulnerability. This vulnerability requires that a user with an affected version of Windows access a malicious server. An attacker would have to host a specially crafted server share or website. An attacker would have no way to force users to visit this specially cra ... oval:org.secpod.oval:def:78722 Win32 Stream Enumeration Remote Code Execution Vulnerability. This vulnerability requires that a user with an affected version of Windows access a malicious server. An attacker would have to host a specially crafted server share or website. An attacker would have no way to force users to visit this ... oval:org.secpod.oval:def:78724 Windows Server Service Remote Code Execution Vulnerability. This vulnerability requires that a user with an affected version of Windows access a malicious server. An attacker would have to host a specially crafted server share or website. An attacker would have no way to force users to visit this sp ... oval:org.secpod.oval:def:78726 Windows Print Spooler Elevation of Privilege Vulnerability oval:org.secpod.oval:def:78728 Windows Print Spooler Elevation of Privilege Vulnerability oval:org.secpod.oval:def:78755 Windows LDAP Denial of Service Vulnerability oval:org.secpod.oval:def:78756 Windows LDAP Remote Code Execution Vulnerability. Successful exploitation of this vulnerability requires an attacker to take additional actions prior to exploitation to prepare the target environment. oval:org.secpod.oval:def:78716 Win32 Stream Enumeration Remote Code Execution Vulnerability. This vulnerability requires that a user with an affected version of Windows access a malicious server. An attacker would have to host a specially crafted server share or website. An attacker would have no way to force users to visit this ... oval:org.secpod.oval:def:78717 Win32 File Enumeration Remote Code Execution Vulnerability. This vulnerability requires that a user with an affected version of Windows access a malicious server. An attacker would have to host a specially crafted server share or website. An attacker would have no way to force users to visit this sp ... oval:org.secpod.oval:def:78719 Microsoft Local Security Authority (LSA) Server Information Disclosure Vulnerability. The type of information that could be disclosed if an attacker successfully exploited this vulnerability is the contents of Kernel memory. An attacker could read the contents of Kernel memory from a user mode proce ... oval:org.secpod.oval:def:78780 Windows Installer Elevation of Privilege Vulnerability oval:org.secpod.oval:def:78781 Windows Common Log File System Driver Elevation of Privilege Vulnerability oval:org.secpod.oval:def:78782 Remote Procedure Call Runtime Remote Code Execution Vulnerability. To exploit this vulnerability, an attacker would need to trick a user into executing a specially crafted script which executes an RPC call to an RPC host. This could result in remote code execution on the server side with the same pe ... oval:org.secpod.oval:def:78783 Windows Installer Elevation of Privilege Vulnerability oval:org.secpod.oval:def:78784 Remote Desktop Protocol Remote Code Execution Vulnerability oval:org.secpod.oval:def:78776 Remote Procedure Call Runtime Remote Code Execution Vulnerability. To exploit this vulnerability, an attacker would need to trick a user into executing a specially crafted script which executes an RPC call to an RPC host. This could result in remote code execution on the server side with the same pe ... oval:org.secpod.oval:def:78777 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability oval:org.secpod.oval:def:78779 Windows iSCSI Target Service Information Disclosure Vulnerability. Exploiting this vulnerability could allow the disclosure of initialized or uninitialized memory in the process heap. oval:org.secpod.oval:def:78766 Windows Win32k Elevation of Privilege Vulnerability oval:org.secpod.oval:def:78768 Windows Common Log File System Driver Elevation of Privilege Vulnerability oval:org.secpod.oval:def:78788 Windows ALPC Elevation of Privilege Vulnerability. Successful exploitation of this vulnerability requires an attacker to win a race condition. oval:org.secpod.oval:def:78789 Windows Win32k Elevation of Privilege Vulnerability oval:org.secpod.oval:def:78061 Windows Inking COM Elevation of Privilege Vulnerability oval:org.secpod.oval:def:78063 Windows Fast FAT File System Driver Elevation of Privilege Vulnerability oval:org.secpod.oval:def:78065 Windows Installer Elevation of Privilege Vulnerability oval:org.secpod.oval:def:78066 Windows NT Lan Manager Datagram Receiver Driver Information Disclosure Vulnerability. The type of information that could be disclosed if an attacker successfully exploited this vulnerability is the contents of Kernel memory. An attacker could read the contents of Kernel memory from a user mode proce ... oval:org.secpod.oval:def:78067 Windows NT OS Kernel Elevation of Privilege Vulnerability. Successful exploitation of this vulnerability requires an attacker to win a race condition. oval:org.secpod.oval:def:78068 Windows PDEV Elevation of Privilege Vulnerability. A Windows PDEV is a logical representation of the physical device. It is characterized by the type of hardware, logical address, and surfaces that can be supported. As an example of a driver supporting a PDEV characterized by the type of hardware, o ... oval:org.secpod.oval:def:78069 Windows Security Support Provider Interface Elevation of Privilege Vulnerability oval:org.secpod.oval:def:78071 Windows Fax and Scan Service Elevation of Privilege Vulnerability oval:org.secpod.oval:def:78073 Windows HTML Platforms Security Feature Bypass Vulnerability oval:org.secpod.oval:def:78074 Remote Desktop Protocol Client Information Disclosure Vulnerability. An attacker could potentially read small portions of heap memory. oval:org.secpod.oval:def:79950 Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability. Exploiting this vulnerability could allow the disclosure of initialized or uninitialized memory in the process heap. oval:org.secpod.oval:def:79951 Remote Procedure Call Runtime Remote Code Execution Vulnerability. To exploit this vulnerability, an attacker would need to trick a user into executing a specially crafted script which executes an RPC call to an RPC host. This could result in remote code execution on the server side with the same pe ... oval:org.secpod.oval:def:79952 Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability. Successful exploitation of this vulnerability requires an attacker to win a race condition. An unauthenticated attacker could send a specially crafted connection request to a RAS server, which could lead to remote code execution ... oval:org.secpod.oval:def:79947 Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability. Successful exploitation of this vulnerability requires an attacker to win a race condition. An unauthenticated attacker could send a specially crafted connection request to a RAS server, which could lead to remote code execution ... oval:org.secpod.oval:def:79948 Windows LDAP Remote Code Execution Vulnerability oval:org.secpod.oval:def:79949 Windows LDAP Remote Code Execution Vulnerability oval:org.secpod.oval:def:79936 .NET Framework Denial of Service Vulnerability oval:org.secpod.oval:def:79971 Windows WLAN AutoConfig Service Denial of Service Vulnerability. This vulnerability's attack is limited at the protocol level to a logically adjacent topology. This means it cannot simply be done across the internet, but instead needs something specific tied to the target. Good examples would includ ... oval:org.secpod.oval:def:79965 Windows Remote Access Connection Manager Elevation of Privilege Vulnerability oval:org.secpod.oval:def:79967 Windows Graphics Component Information Disclosure Vulnerability. Exploiting this vulnerability could allow the disclosure of initialized or uninitialized memory in the process heap. oval:org.secpod.oval:def:79968 Windows Fax Service Remote Code Execution Vulnerability. Exploitation of the vulnerability requires that a user import a specially crafted contact record and sends it a FAX. oval:org.secpod.oval:def:79960 Windows Graphics Component Information Disclosure Vulnerability. Exploiting this vulnerability could allow the disclosure of initialized or uninitialized memory in the process heap. oval:org.secpod.oval:def:79961 Windows WLAN AutoConfig Service Information Disclosure Vulnerability. Exploiting this vulnerability could allow the disclosure of initialized or uninitialized memory in the process heap. oval:org.secpod.oval:def:79962 Windows Server Service Information Disclosure Vulnerability. The Windows Server Service is frequently referred to as LanmanServer, and is responsible for making printer and file sharing possible within a Windows powered network. The presence of specific file names and users can be confirmed over the ... oval:org.secpod.oval:def:79956 Windows LSA Spoofing Vulnerability. An unauthenticated attacker could call a method on the LSARPC interface and coerce the domain controller to authenticate to the attacker using NTLM. This security update detects anonymous connection attempts in LSARPC and disallows it. oval:org.secpod.oval:def:79957 Windows Address Book Remote Code Execution Vulnerability. The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. Exploitation of the vulnerability requires that a ... oval:org.secpod.oval:def:79904 Windows Graphics Component Information Disclosure Vulnerability. Exploiting this vulnerability could allow the disclosure of initialized or uninitialized memory in the process heap. oval:org.secpod.oval:def:79905 Windows LDAP Remote Code Execution Vulnerability. An unauthenticated attacker could send a specially crafted request to a vulnerable server. Successful exploitation could result in the attacker's code running in the context of the SYSTEM account.. oval:org.secpod.oval:def:79921 BitLocker Security Feature Bypass Vulnerability. A successful attacker could bypass the BitLocker Device Encryption feature on the system storage device. An attacker with physical access to a powered off system could exploit this vulnerability to gain access to encrypted data. oval:org.secpod.oval:def:79922 Windows LDAP Remote Code Execution Vulnerability. This vulnerability could be exploited over the network by an authenticated normal user through a low complexity attack on a server configured as the domain controller. oval:org.secpod.oval:def:79924 Windows Print Spooler Elevation of Privilege Vulnerability oval:org.secpod.oval:def:79911 Windows Kerberos Elevation of Privilege Vulnerability. Successful exploitation of this vulnerability requires an attacker to prepare the target environment to improve exploit reliability. oval:org.secpod.oval:def:79917 Microsoft Windows Media Foundation Remote Code Execution Vulnerability oval:org.secpod.oval:def:78790 Windows Kerberos Elevation of Privilege Vulnerability oval:org.secpod.oval:def:78810 Windows Secure Channel Denial of Service Vulnerability oval:org.secpod.oval:def:78811 Windows Fax Compose Form Remote Code Execution Vulnerability. Exploitation of the vulnerability requires that a user employ a specially crafted malicious contact record to send a FAX. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted contact re ... oval:org.secpod.oval:def:78812 Windows Fax Compose Form Remote Code Execution Vulnerability. Exploitation of the vulnerability requires that a user employ a specially crafted malicious contact record to send a FAX. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted contact re ... oval:org.secpod.oval:def:78813 Windows Fax Compose Form Remote Code Execution Vulnerability. Exploitation of the vulnerability requires that a user employ a specially crafted malicious contact record to send a FAX. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted contact re ... oval:org.secpod.oval:def:78800 Windows Work Folder Service Elevation of Privilege Vulnerability. Successful exploitation of this vulnerability requires an attacker to win a race condition. oval:org.secpod.oval:def:78802 Remote Procedure Call Runtime Remote Code Execution Vulnerability. To exploit this vulnerability, an attacker would need to send a specially crafted RPC call to an RPC host. This could result in remote code execution on the server side with the same permissions as the RPC service. oval:org.secpod.oval:def:78803 Windows File Server Resource Management Service Elevation of Privilege Vulnerability oval:org.secpod.oval:def:78804 Windows File Server Resource Management Service Elevation of Privilege Vulnerability. Successful exploitation of this vulnerability requires an attacker to win a race condition. oval:org.secpod.oval:def:78807 Windows Graphics Component Remote Code Execution Vulnerability. The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. For example, when the score indicates that t ... oval:org.secpod.oval:def:78808 Windows User Profile Service Elevation of Privilege Vulnerability. Successful exploitation of this vulnerability requires an attacker to win a race condition. oval:org.secpod.oval:def:81899 Windows Advanced Local Procedure Call Elevation of Privilege Vulnerability. Successful exploitation of this vulnerability requires an attacker to win a race condition. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. oval:org.secpod.oval:def:81898 Windows Graphics Component Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. oval:org.secpod.oval:def:81892 Windows Fax Service Remote Code Execution Vulnerability. Exploitation of the vulnerability requires that a user open a specially crafted file. * In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open ... oval:org.secpod.oval:def:81891 Windows Print Spooler Elevation of Privilege Vulnerability. An attacker would only be able to delete targeted files on a system. They would not gain privileges to view or modify file contents. oval:org.secpod.oval:def:81890 Windows Kernel Information Disclosure Vulnerability. The type of information that could be disclosed if an attacker successfully exploited this vulnerability is the contents of Kernel memory. An attacker could read the contents of Kernel memory from a user mode process. Successful exploitation of th ... oval:org.secpod.oval:def:81895 Windows Fax Service Remote Code Execution Vulnerability. Exploitation of the vulnerability requires that a user open a specially crafted file. * In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open ... oval:org.secpod.oval:def:81894 Windows CSRSS Elevation of Privilege Vulnerability. A locally authenticated attacker could send specially crafted data to the local CSRSS service to elevate their privileges from AppContainer to SYSTEM. Because the AppContainer environment is considered a defensible security boundary, any process th ... oval:org.secpod.oval:def:81893 Windows Internet Information Services Cachuri Module Denial of Service Vulnerability oval:org.secpod.oval:def:81908 BitLocker Security Feature Bypass Vulnerability. A successful attacker could bypass the BitLocker Device Encryption feature on the system storage device. An attacker with physical access to a powered off system could exploit this vulnerability to gain access to encrypted data. oval:org.secpod.oval:def:81907 Windows CSRSS Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. oval:org.secpod.oval:def:81905 Windows Fast FAT File System Driver Elevation of Privilege Vulnerability. An attacker could potentially exploit this vulnerability to elevate privileges from a client-side application sandbox in earlier Microsoft operating systems. However, mitigation technologies in later Microsoft operating system ... oval:org.secpod.oval:def:81909 Windows CSRSS Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. oval:org.secpod.oval:def:81902 Internet Information Services Dynamic Compression Module Denial of Service Vulnerability. While we cannot rule out the impact to Confidentiality, Integrity, and Availability, the ability to exploit this vulnerability by itself is limited. An attacker can force a bad response to be cached into a regu ... oval:org.secpod.oval:def:81910 Windows Fax Service Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. oval:org.secpod.oval:def:81913 Windows Group Policy Elevation of Privilege Vulnerability. Successful exploitation of this vulnerability requires an attacker to win a race condition. An attacker who successfully exploited this vulnerability could gain domain administrator privileges. Successful exploitation of this vulnerability r ... oval:org.secpod.oval:def:81912 Windows Advanced Local Procedure Call Elevation of Privilege Vulnerability. Successful exploitation of this vulnerability requires an attacker to win a race condition. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. oval:org.secpod.oval:def:79980 Windows LDAP Remote Code Execution Vulnerability oval:org.secpod.oval:def:79982 Windows LDAP Remote Code Execution Vulnerability. An attacker could exploit the vulnerability by convincing a user to connect a Lightweight Directory Access Protocol (LDAP) client to a malicious LDAP server. When the vulnerability is successfully exploited this could allow the malicious server to ga ... oval:org.secpod.oval:def:79983 Windows LDAP Remote Code Execution Vulnerability oval:org.secpod.oval:def:79975 Windows LDAP Remote Code Execution Vulnerability. This vulnerability could be exploited over the network by an authenticated normal user through a low complexity attack on a server configured as the domain controller. oval:org.secpod.oval:def:79976 Windows LDAP Remote Code Execution Vulnerability. An unauthenticated attacker could send a specially crafted request to a vulnerable server. Successful exploitation could result in the attacker's code running in the context of the SYSTEM account. This vulnerability is only exploitable if the MaxRece ... oval:org.secpod.oval:def:81544 Local Security Authority Subsystem Service Elevation of Privilege Vulnerability oval:org.secpod.oval:def:81537 Windows Kernel Denial of Service Vulnerability. This vulnerability could be exploited if an authenticated user opens a specially crafted file locally or browses to that file on a network share when running an unpatched version of Windows. When the user browses or lists the maliciously crafted file t ... oval:org.secpod.oval:def:81535 Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability. An attacker could exploit the vulnerability by convincing a user to connect a Lightweight Directory Access Protocol (LDAP) client to a malicious LDAP server. When the vulnerability is successfully exploited thi ... oval:org.secpod.oval:def:81534 Windows Network Address Translation (NAT) Denial of Service Vulnerability oval:org.secpod.oval:def:81539 Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability. An attacker could exploit the vulnerability by convincing a user to connect a Lightweight Directory Access Protocol (LDAP) client to a malicious LDAP server. When the vulnerability is successfully exploited thi ... oval:org.secpod.oval:def:81538 Windows Advanced Local Procedure Call Elevation of Privilege Vulnerability oval:org.secpod.oval:def:81533 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability. Successful exploitation of this vulnerability requires an attacker to win a race condition. oval:org.secpod.oval:def:81531 Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability. Successful exploitation of this vulnerability requires an attacker to prepare the target environment to improve exploit reliability. An authenticated victim who is connected to the network must be tricked or pe ... oval:org.secpod.oval:def:81526 Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability. This vulnerability is only exploitable if the MaxReceiveBuffer LDAP policy is set to a value higher than the default value. Systems with the default value of this policy would not be vulnerable. Successful expl ... oval:org.secpod.oval:def:81525 Windows File History Remote Code Execution Vulnerability. Successful exploitation of this vulnerability requires an attacker to prepare the target environment to improve exploit reliability. This vulnerability could be triggered when a windows client connects to a malicious remote share. oval:org.secpod.oval:def:81524 Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability. This vulnerability is only exploitable if the MaxReceiveBuffer LDAP policy is set to a value higher than the default value. Systems with the default value of this policy would not be vulnerable. An unauthentica ... oval:org.secpod.oval:def:81523 Windows iSCSI Discovery Service Remote Code Execution Vulnerability. Successful exploitation of this vulnerability requires an attacker to gather information specific to the environment of the targeted component. Successful exploitation of this vulnerability requires a user to place a call to trigge ... oval:org.secpod.oval:def:81529 Windows Installer Elevation of Privilege Vulnerability oval:org.secpod.oval:def:81528 Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability. Successful exploitation of this vulnerability requires an attacker to prepare the target environment to improve exploit reliability. An authenticated victim who is connected to the network must be tricked or pe ... oval:org.secpod.oval:def:80436 A remote code execution vulnerability exists when MSDT is called using the URL protocol from a calling application such as Word. An attacker who successfully exploits this vulnerability can run arbitrary code with the privileges of the calling application. The attacker can then install programs, vie ... oval:org.secpod.oval:def:81929 Windows Portable Device Enumerator Service Security Feature Bypass Vulnerability. On machines with slow or older USB controller hardware, the Group policy might have (silently) failed to apply. On such machines, the attacker can trivially exploit this enforcement failure by attaching a USB storage d ... oval:org.secpod.oval:def:81927 Windows Print Spooler Elevation of Privilege Vulnerability. An attacker would only be able to delete targeted files on a system. They would not gain privileges to view or modify file contents. oval:org.secpod.oval:def:81922 Windows Graphics Component Remote Code Execution Vulnerability. An attacker would have to convince a targeted user to connect to a malicious RDP server. Upon connecting, the malicious server could execute code on the victim's system in the context of the targeted user. oval:org.secpod.oval:def:81921 Windows Common Log File System Driver Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. oval:org.secpod.oval:def:81926 Windows Media Player Network Sharing Service Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could affect the integrity and availability because they could delete privileged registry keys. Confidentiality is not affected by a successful attack, however ... oval:org.secpod.oval:def:81925 Windows Advanced Local Procedure Call Elevation of Privilege Vulnerability. Successful exploitation of this vulnerability requires an attacker to win a race condition. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. oval:org.secpod.oval:def:81917 Windows GDI+ Information Disclosure Vulnerability. The type of information that could be disclosed if an attacker successfully exploited this vulnerability is a pointer leak to the process user-mode address space in the internal memory of the application that is using GDI+. oval:org.secpod.oval:def:81916 Windows IIS Server Elevation of Privilege Vulnerability. An attacker who successfully exploited the vulnerability could bypass authentication on Windows IIS Server. Attackers might be able to post or get information from the Web Service (CVSS metrics C:H/I:H), but would not be able to disrupt the se ... oval:org.secpod.oval:def:81915 Windows Security Account Manager (SAM) Denial of Service Vulnerability oval:org.secpod.oval:def:81914 Windows Print Spooler Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. oval:org.secpod.oval:def:81933 Windows Boot Manager Security Feature Bypass Vulnerability. An attacker who successfully exploited this vulnerability could bypass Secure Boot. Successful exploitation of this vulnerability could allow an attacker to access the pre-boot environment. oval:org.secpod.oval:def:81931 Performance Counters for Windows Elevation of Privilege Vulnerability. Successful exploitation of this vulnerability requires an attacker to win a race condition. oval:org.secpod.oval:def:81934 Windows Layer 2 Tunneling Protocol (L2TP) Remote Code Execution Vulnerability. Successful exploitation of this vulnerability requires an attacker to invest time in repeated exploitation attempts through sending constant or intermittent data. oval:org.secpod.oval:def:82680 Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability. The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. oval:org.secpod.oval:def:82678 Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability. Successful exploitation of this vulnerability requires an attacker to win a race condition. An unauthenticated attacker could send a specially crafted connection request to a RAS server, which could lead to remote c ... oval:org.secpod.oval:def:82673 Windows Kernel Information Disclosure Vulnerability. The type of information that could be disclosed if an attacker successfully exploited this vulnerability is the contents of Kernel memory. An attacker could read the contents of Kernel memory from a user mode process. oval:org.secpod.oval:def:82672 Windows Kernel Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. oval:org.secpod.oval:def:82671 Windows Local Security Authority (LSA) Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. oval:org.secpod.oval:def:82677 Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability. Exploitation of the vulnerability requires that a user open a specially crafted file:* In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and ... oval:org.secpod.oval:def:82668 Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability. Successful exploitation of this vulnerability requires an attacker to win a race condition. An unauthenticated attacker could send a specially crafted connection request to a RAS server, which could lead to remote c ... oval:org.secpod.oval:def:82667 Windows Secure Socket Tunneling Protocol (SSTP) Denial of Service Vulnerability oval:org.secpod.oval:def:82661 Windows WebBrowser Control Remote Code Execution Vulnerability. Successful exploitation of this vulnerability requires an attacker to take additional actions prior to exploitation to prepare the target environment. Any authenticated user could trigger this vulnerability. It does not require admin or ... oval:org.secpod.oval:def:82660 Windows Point-to-Point Protocol (PPP) Remote Code Execution Vulnerability. An unauthenticated attacker could send a specially crafted connection request to a RAS server, which could lead to remote code execution (RCE) on the RAS server machine. oval:org.secpod.oval:def:82664 Active Directory Domain Services Elevation of Privilege Vulnerability. A system is vulnerable only if Active Directory Certificate Services is running on the domain. An authenticated user could manipulate attributes on computer accounts they own or manage, and acquire a certificate from Active Direc ... oval:org.secpod.oval:def:82663 Windows Fax Service Elevation of Privilege Vulnerability. An attacker would only be able to delete targeted files on a system. They would not gain privileges to view or modify file contents. oval:org.secpod.oval:def:82692 Windows Local Security Authority (LSA) Denial of Service Vulnerability oval:org.secpod.oval:def:82691 Windows Kernel Memory Information Disclosure Vulnerability. The type of information that could be disclosed if an attacker successfully exploited this vulnerability is the contents of Kernel memory. An attacker could read the contents of Kernel memory from a user mode process. oval:org.secpod.oval:def:82689 Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability. Successful exploitation of this vulnerability requires an attacker to win a race condition. The vulnerable system can be exploited without any interaction from any user. oval:org.secpod.oval:def:82684 Windows Point-to-Point Protocol (PPP) Denial of Service Vulnerability. Successful exploitation of this vulnerability requires an attacker to gather information specific to the environment of the targeted component. An unauthenticated attacker could send a specially crafted connection request to a RA ... oval:org.secpod.oval:def:82682 Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability. Successful exploitation of this vulnerability requires an attacker to win a race condition. An unauthenticated attacker could send a specially crafted connection request to a RAS server, which could lead to remote c ... oval:org.secpod.oval:def:82681 Windows Point-to-Point Protocol (PPP) Remote Code Execution Vulnerability. An unauthenticated attacker could send a specially crafted connection request to a RAS server, which could lead to remote code execution (RCE) on the RAS server machine. oval:org.secpod.oval:def:82688 Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability. Successful exploitation of this vulnerability requires an attacker to win a race condition. The vulnerable system can be exploited without any interaction from any user. oval:org.secpod.oval:def:82686 Win32k Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. oval:org.secpod.oval:def:82657 Windows Bluetooth Driver Elevation of Privilege Vulnerability. An authorized local attacker could exploit this Windows Bluetooth driver vulnerability by programmatically running certain functions to arbitrarily gain registry key creation and deletion in the bthport.sys driver. oval:org.secpod.oval:def:82655 Windows Error Reporting Service Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. oval:org.secpod.oval:def:82647 Windows Kerberos Elevation of Privilege Vulnerability. Exploitation of this vulnerability requires that a user trigger the payload in the application. A domain user could use this vulnerability to elevate privileges to a domain admin. oval:org.secpod.oval:def:82649 Microsoft ATA Port Driver Elevation of Privilege Vulnerability. A domain user could use this vulnerability to elevate privileges to SYSTEM assigned integrity level. oval:org.secpod.oval:def:83849 Microsoft OLE DB Provider for SQL Server Remote Code Execution Vulnerability. An attacker could exploit the vulnerability by tricking an authenticated user into attempting to connect to a malicious SQL server via OLEDB, which could result in the server receiving a malicious networking packet. This c ... oval:org.secpod.oval:def:83844 Microsoft OLE DB Provider for SQL Server Remote Code Execution Vulnerability. An attacker could exploit the vulnerability by tricking an authenticated user into attempting to connect to a malicious SQL server via OLEDB, which could result in the server receiving a malicious networking packet. This c ... oval:org.secpod.oval:def:83845 Microsoft OLE DB Provider for SQL Server Remote Code Execution Vulnerability. An attacker could exploit the vulnerability by tricking an authenticated user into attempting to connect to a malicious SQL server via OLEDB, which could result in the server receiving a malicious networking packet. This c ... oval:org.secpod.oval:def:83846 Microsoft OLE DB Provider for SQL Server Remote Code Execution Vulnerability. An attacker could exploit the vulnerability by tricking an authenticated user into attempting to connect to a malicious SQL server via OLEDB, which could result in the server receiving a malicious networking packet. This c ... oval:org.secpod.oval:def:83847 Windows Graphics Component Information Disclosure Vulnerability. Exploitation of the vulnerability requires that a user open a specially crafted file.* In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user t ... oval:org.secpod.oval:def:83842 Windows Event Tracing Denial of Service Vulnerability oval:org.secpod.oval:def:83843 Windows Secure Channel Denial of Service Vulnerability oval:org.secpod.oval:def:83837 Microsoft OLE DB Provider for SQL Server Remote Code Execution Vulnerability. An attacker could exploit the vulnerability by tricking an authenticated user into attempting to connect to a malicious SQL server via OLEDB, which could result in the server receiving a malicious networking packet. This c ... oval:org.secpod.oval:def:83838 Microsoft ODBC Driver Remote Code Execution Vulnerability. An attacker could exploit the vulnerability by tricking an authenticated user into opening a malicious MDB file in Access via ODBC, which could result in the attacker being able to execute arbitrary code on the victim's machine with the perm ... oval:org.secpod.oval:def:83839 Windows Common Log File System Driver Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. oval:org.secpod.oval:def:83833 Windows GDI Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. oval:org.secpod.oval:def:83834 Microsoft ODBC Driver Remote Code Execution Vulnerability. An attacker could exploit the vulnerability by tricking an authenticated user into opening a malicious MDB file in Access via ODBC, which could result in the attacker being able to execute arbitrary code on the victim's machine with the perm ... oval:org.secpod.oval:def:83835 Microsoft OLE DB Provider for SQL Server Remote Code Execution Vulnerability. An attacker could exploit the vulnerability by tricking an authenticated user into attempting to connect to a malicious SQL server via OLEDB, which could result in the server receiving a malicious networking packet. This c ... oval:org.secpod.oval:def:83836 Microsoft ODBC Driver Remote Code Execution Vulnerability. An attacker could exploit the vulnerability by tricking an authenticated user into opening a malicious MDB file in Access via ODBC, which could result in the attacker being able to execute arbitrary code on the victim's machine with the perm ... oval:org.secpod.oval:def:83830 Microsoft ODBC Driver Remote Code Execution Vulnerability. An attacker could exploit the vulnerability by tricking an authenticated user into opening a malicious MDB file in Access via ODBC, which could result in the attacker being able to execute arbitrary code on the victim's machine with the perm ... oval:org.secpod.oval:def:83831 Microsoft ODBC Driver Remote Code Execution Vulnerability. An attacker could exploit the vulnerability by tricking an authenticated user into opening a malicious MDB file in Access via ODBC, which could result in the attacker being able to execute arbitrary code on the victim's machine with the perm ... oval:org.secpod.oval:def:83832 Windows Graphics Component Information Disclosure Vulnerability. Exploiting this vulnerability could allow the disclosure of initialized or uninitialized memory in the process heap. oval:org.secpod.oval:def:83860 Windows Graphics Component Information Disclosure Vulnerability. Exploitation of the vulnerability requires that a user open a specially crafted file.* In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user t ... oval:org.secpod.oval:def:83859 Windows Print Spooler Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. oval:org.secpod.oval:def:83855 SPNEGO Extended Negotiation (NEGOEX) Security Mechanism Information Disclosure Vulnerability. An attacker who successfully exploited the vulnerability could potentially read small portions of heap memory. oval:org.secpod.oval:def:83857 Windows Common Log File System Driver Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. An attacker must already have access and the ability to run code on the target system. This technique does not allow for remote code exe ... oval:org.secpod.oval:def:83858 Windows Fax Service Remote Code Execution Vulnerability. Exploitation of the vulnerability requires that a user open a specially crafted file.* In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open t ... oval:org.secpod.oval:def:83852 Windows Group Policy Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. oval:org.secpod.oval:def:83853 Windows Kernel Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. oval:org.secpod.oval:def:83827 Windows TCP/IP Remote Code Execution Vulnerability. An unauthenticated attacker could send a specially crafted IPv6 packet to a Windows node where IPSec is enabled, which could enable a remote code execution exploitation on that machine. oval:org.secpod.oval:def:83822 Windows Credential Roaming Service Elevation of Privilege Vulnerability. Exploitation of the vulnerability requires that a user to log in to Windows. An attacker who successfully exploited the vulnerability could gain remote interactive logon rights to a machine where the victim's account would not ... oval:org.secpod.oval:def:83824 Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability. The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. oval:org.secpod.oval:def:83815 Windows Distributed File System (DFS) Elevation of Privilege Vulnerability. A local authenticated attacker could gain elevated privileges through a vulnerable DFS client, which could allow the attacker to locally execute arbitrary code in the kernel. oval:org.secpod.oval:def:83816 Windows Internet Key Exchange (IKE) Extension Denial of Service Vulnerability oval:org.secpod.oval:def:83817 Windows Internet Key Exchange (IKE) Protocol Extensions Remote Code Execution Vulnerability. An unauthenticated attacker could send a specially crafted IP packet to a target machine that is running Windows and has IPSec enabled, which could enable a remote code execution exploitation. oval:org.secpod.oval:def:83818 Windows Internet Key Exchange (IKE) Protocol Extensions Remote Code Execution Vulnerability. An unauthenticated attacker could send a specially crafted IP packet to a target machine that is running Windows and has IPSec enabled, which could enable a remote code execution exploitation. oval:org.secpod.oval:def:82695 Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability. Successful exploitation of this vulnerability requires an attacker to win a race condition. An unauthenticated attacker could send a specially crafted connection request to a RAS server, which could lead to remote c ... oval:org.secpod.oval:def:82699 Windows Print Spooler Elevation of Privilege Vulnerability. The user would have to click on a specially crafted URL to be compromised by the attacker. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. oval:org.secpod.oval:def:82697 Windows Point-to-Point Protocol (PPP) Denial of Service Vulnerability oval:org.secpod.oval:def:82696 Windows Kernel Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. oval:org.secpod.oval:def:84758 Windows DHCP Client Information Disclosure Vulnerability. An attacker who successfully exploited the vulnerability could potentially read User Mode Service Memory. oval:org.secpod.oval:def:84755 Windows Event Logging Service Denial of Service Vulnerability. The performance can be interrupted and/or reduced, but the attacker cannot fully deny service. oval:org.secpod.oval:def:84750 Windows CryptoAPI Spoofing Vulnerability. An attacker could manipulate an existing public x.509 certificate to spoof their identify and perform actions such as authentication or code signing as the targeted certificate. oval:org.secpod.oval:def:84775 Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability. Successful exploitation of this vulnerability requires an attacker to win a race condition. To exploit this vulnerability, an attacker would need to send a specially crafted malicious PPTP packet to a PPTP server. This co ... oval:org.secpod.oval:def:84761 Windows CD-ROM File System Driver Remote Code Execution Vulnerability. The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. oval:org.secpod.oval:def:84780 Windows NTLM Spoofing Vulnerability. The user would have to access a malicious folder or directory. Users should never open anything that they do not know or trust to be safe. oval:org.secpod.oval:def:84779 Windows TCP/IP Driver Denial of Service Vulnerability. Systems are not affected if IPv6 is disabled on the target machine. oval:org.secpod.oval:def:84776 Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability. Successful exploitation of this vulnerability requires an attacker to win a race condition. To exploit this vulnerability, an attacker would need to send a specially crafted malicious PPTP packet to a PPTP server. This co ... oval:org.secpod.oval:def:84777 Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability. Successful exploitation of this vulnerability requires an attacker to win a race condition. To exploit this vulnerability, an attacker would need to send a specially crafted malicious PPTP packet to a PPTP server. This co ... oval:org.secpod.oval:def:84778 Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability. Successful exploitation of this vulnerability requires an attacker to win a race condition. To exploit this vulnerability, an attacker would need to send a specially crafted malicious PPTP packet to a PPTP server. This co ... oval:org.secpod.oval:def:84798 Windows Group Policy Preference Client Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. oval:org.secpod.oval:def:84799 Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability. Successful exploitation of this vulnerability requires an attacker to win a race condition. To exploit this vulnerability, an attacker would need to send a specially crafted malicious PPTP packet to a PPTP server. This co ... oval:org.secpod.oval:def:84793 Windows Kernel Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. oval:org.secpod.oval:def:84794 Windows Kernel Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. oval:org.secpod.oval:def:84795 Windows Group Policy Preference Client Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. oval:org.secpod.oval:def:84790 Windows Client Server Run-time Subsystem (CSRSS) Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. oval:org.secpod.oval:def:84791 Windows Kernel Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. oval:org.secpod.oval:def:84792 Windows Client Server Run-time Subsystem (CSRSS) Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. oval:org.secpod.oval:def:84786 Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability. An attacker could exploit the vulnerability by tricking an authenticated user into attempting to connect to a malicious SQL server via OLEDB, which could result in the server receiving a malicious networking packet. T ... oval:org.secpod.oval:def:84789 Windows Win32k Elevation of Privilege Vulnerability. An attacker could use this vulnerability to elevate privileges from Low Integrity Level in a contained ("sandboxed") excution environment to escalate to a Medium Integrity Level or a High Integrity Level. oval:org.secpod.oval:def:84784 Windows Group Policy Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain specific limited SYSTEM privileges. oval:org.secpod.oval:def:84852 Windows Graphics Component Elevation of Privilege Vulnerability. Successful exploitation could allow attacker to gain SYSTEM privileges. oval:org.secpod.oval:def:84854 Active Directory Domain Services Elevation of Privilege Vulnerability. Successful exploitation could allow attacker to could gain domain administrator privileges. oval:org.secpod.oval:def:84855 Windows Graphics Component Elevation of Privilege Vulnerability. Successful exploitation could allow attacker to gain SYSTEM privileges. oval:org.secpod.oval:def:84850 Windows Graphics Component Information Disclosure Vulnerability. Successful exploitation could allow the disclosure of initialized or uninitialized memory in the process heap. oval:org.secpod.oval:def:84851 Windows Group Policy Preference Client Elevation of Privilege Vulnerability. Successful exploitation could allow attacker to gain SYSTEM privileges. oval:org.secpod.oval:def:84849 Windows Active Directory Certificate Services Security Feature Bypass oval:org.secpod.oval:def:84848 Local Security Authority Subsystem Service (LSASS) Denial of Service Vulnerability oval:org.secpod.oval:def:84844 Windows GDI+ Remote Code Execution Vulnerability oval:org.secpod.oval:def:84816 Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability. Successful exploitation of this vulnerability requires an attacker to win a race condition. To exploit this vulnerability, an attacker would need to send a specially crafted malicious PPTP packet to a PPTP server. This co ... oval:org.secpod.oval:def:84818 Windows COM+ Event System Service Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. oval:org.secpod.oval:def:84819 Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability. Successful exploitation of this vulnerability requires an attacker to win a race condition. To exploit this vulnerability, an attacker would need to send a specially crafted malicious PPTP packet to a PPTP server. This co ... oval:org.secpod.oval:def:84813 Microsoft ODBC Driver Remote Code Execution Vulnerability. An attacker could exploit the vulnerability by tricking an authenticated user into opening a malicious MDB file in Access via ODBC, which could result in the attacker being able to execute arbitrary code on the victim's machine with the perm ... oval:org.secpod.oval:def:84814 Windows Secure Channel Denial of Service Vulnerability oval:org.secpod.oval:def:84815 Windows Security Support Provider Interface Information Disclosure Vulnerability. Exploiting this vulnerability could allow the disclosure of certain kernel memory content. oval:org.secpod.oval:def:84810 Windows Kernel Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. oval:org.secpod.oval:def:84811 Windows Kernel Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. oval:org.secpod.oval:def:84805 Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability. An attacker could exploit the vulnerability by tricking an authenticated user into attempting to connect to a malicious SQL server via OLEDB, which could result in the server receiving a malicious networking packet. T ... oval:org.secpod.oval:def:84806 Windows Portable Device Enumerator Service Security Feature Bypass Vulnerability. On machines with slow or older USB controller hardware, the Group policy might have (silently) failed to apply. On such machines, the attacker can trivially exploit this enforcement failure by attaching a USB storage d ... oval:org.secpod.oval:def:84807 Windows Server Remotely Accessible Registry Keys Information Disclosure Vulnerability. An attacker who successfully exploits this vulnerability would be able to remotely read registry keys under HKLM\SYSTEM\CurrentControlSet\Control\SecurePipeServers\Winreg\AllowedExactPaths\Machine not normally acc ... oval:org.secpod.oval:def:84808 Windows Workstation Service Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could execute RPC functions that are restricted to local clients only. oval:org.secpod.oval:def:84801 Windows Kernel Elevation of Privilege Vulnerability. An attacker would only be able to delete empty folders on a vulnerable system in the context of the SYSTEM account. They would not gain privileges to view or modify file contents or delete folders containing files. oval:org.secpod.oval:def:84804 Windows ALPC Elevation of Privilege Vulnerability. Successful exploitation of this vulnerability requires an attacker to win a race condition. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. oval:org.secpod.oval:def:85497 .NET Framework Information Disclosure Vulnerability oval:org.secpod.oval:def:85429 Windows Group Policy Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. oval:org.secpod.oval:def:85426 AMD: CVE-2022-23824 IBPB and Return Address Predictor Interactions. The vulnerability assigned to this CVE is in certain processor models offered by AMD. The mitigation for this vulnerability requires a Windows update. This CVE is being documented in the Security Update Guide to announce that the la ... oval:org.secpod.oval:def:85445 Network Policy Server (NPS) RADIUS Protocol Information Disclosure Vulnerability. Exploiting this vulnerability could allow the disclosure of initialized or uninitialized memory in the process heap. oval:org.secpod.oval:def:85444 Network Policy Server (NPS) RADIUS Protocol Denial of Service Vulnerability. oval:org.secpod.oval:def:85440 Windows GDI+ Information Disclosure Vulnerability. An attacker who successfully exploited the vulnerability could potentially read small portions of heap memory. Exploitation of the vulnerability requires that a user open a specially crafted file.* In an email attack scenario, an attacker could expl ... oval:org.secpod.oval:def:85436 Windows Print Spooler Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. oval:org.secpod.oval:def:85435 Windows HTTP.sys Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. oval:org.secpod.oval:def:85437 Windows Group Policy Elevation of Privilege Vulnerability. Successful exploitation of this vulnerability requires the attacker to have privileges to create Group Policy Templates. As is best practice, regular validation and audits of administrative groups should be conducted. An attacker who success ... oval:org.secpod.oval:def:85434 Windows Kerberos Denial of Service Vulnerability oval:org.secpod.oval:def:86113 Windows Graphics Component Elevation of Privilege Vulnerability. An attacker could potentially exploit this vulnerability to elevate privileges from a client-side application sandbox in earlier Microsoft operating systems. However, mitigation technologies in later Microsoft operating systems make th ... oval:org.secpod.oval:def:86111 Windows Print Spooler Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. oval:org.secpod.oval:def:86108 Windows Print Spooler Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. oval:org.secpod.oval:def:86103 Windows Fax Compose Form Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain specific limited SYSTEM privileges. For the vulnerability to be exploitable, the Windows Fax and Scan feature needs to be enabled, and the Fax service needs to be runni ... oval:org.secpod.oval:def:86102 Windows Graphics Component Information Disclosure Vulnerability. Exploiting this vulnerability could allow the disclosure of initialized or uninitialized memory in the process heap. oval:org.secpod.oval:def:86105 Windows Graphics Component Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain specific limited SYSTEM privileges. oval:org.secpod.oval:def:46374 A security feature bypass vulnerability exists when Microsoft .NET Framework components do not correctly validate certificates. An attacker could present expired certificates when challenged. The security update addresses the vulnerability by ensuring that .NET Framework components correctly validat ... oval:org.mitre.oval:def:7315 The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple C ... oval:org.secpod.oval:def:15020 Security researcher Ash reported an issue with the Mozilla Updater on Windows 7 and later versions of Windows. On vulnerable platforms, the Mozilla Updater can be made to load a specific malicious DLL file from the localsystem. This DLL file can run in a privileged context through the Mozilla Maint ... oval:org.secpod.oval:def:15052 Multiple untrusted search path vulnerabilities in updater.exe in Mozilla Updater in Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, Thunderbird ESR 17.x before 17.0.8 or Mozilla SeaMonkey before 2.20 on Windows 7, Windows Server 2008 R2, Windows 8, and Windows ... oval:org.secpod.oval:def:4922 The host is installed with Mozilla Firefox 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, or SeaMonkey before 2.8 and is prone to a cross site scripting vulnerability. A flaw is present in the applications, which fail to properly r ... oval:org.secpod.oval:def:4923 The host is missing a critical security update according to Mozilla advisory, MFSA2012-12. The update is required to fix a cross site scripting vulnerability. A flaw is present in the applications, which fail to properly restrict drag-and-drop operations on javascript: URLs. Successful exploitation ... oval:org.secpod.oval:def:5624 The host is missing an important security update according to Microsoft security bulletin, MS12-034. The update is required to fix multiple vulnerabilities. The flaws are present in the Microsoft Office, Windows, .NET Framework, and Silverlight, which fail to handle a specially crafted document or a ... oval:org.secpod.oval:def:14317 The host is installed with Microsoft Office 2003 SP3 /2007 SP3 /2010 SP1, Windows, Visual Studio .NET 2003 SP1, Lync 2010, Lync Basic 2013 or Lync 2010 Attendee, and is prone to remote code execution vulnerability. A flaw is present in the application, which fails to properly process crafted TrueTyp ... oval:org.secpod.oval:def:14328 The host is installed with Microsoft .NET Framework 2.0 SP2, 3.5.1, 4 or 4.5 or Silverlight 5 before 5.1.20513.0 and is prone to array access violation vulnerability. A flaw is present in the applications, which fail to properly prevent changes to data in multidimensional arrays of structures. Succe ... oval:org.secpod.oval:def:24338 The host is installed with Microsoft .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2, Office 2007 SP3 and 2010 SP2, Live Meeting 2007 Console, Lync 2010, Lync 2010 Attendee, Lync 2013 SP1, Lync Basic 2013 SP1, Silverlight 5 or Silverlight 5 Developer Runtime and is prone to a truetype f ... oval:org.secpod.oval:def:25846 The host is installed with Microsoft Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8, Server 2012, Windows 8.1, Server 2012 R2, WIndows 10, Microsoft Office 2007 SP3 or 2010 SP2, Live Meeting 2007 Console, Lync 2010, Lync 2010 Attendee, Lync 2013 SP1, Lync Basic 2013 ... oval:org.secpod.oval:def:25849 The host is installed with Microsoft Microsoft Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8, Server 2012, Windows 8.1, Server 2012 R2, Windows 10, .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, 4.6, Office 2007 SP3 or 2010 SP2, Live Meeting 2007 Console ... oval:org.secpod.oval:def:25850 The host is installed with Microsoft Microsoft Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8, Server 2012, Windows 8.1, Server 2012 R2, Windows 10, .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, 4.6, Office 2007 SP3 or 2010 SP2, Live Meeting 2007 Console ... oval:org.secpod.oval:def:25856 The host is installed with Microsoft Microsoft Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8, Server 2012, Windows 8.1, Server 2012 R2, .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, 4.6, Office 2007 SP3 or 2010 SP2, Live Meeting 2007 Console, Lync 2010, ... oval:org.secpod.oval:def:25857 The host is installed with Microsoft Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8, Server 2012, Windows 8.1, Server 2012 R2, .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, 4.6, Office 2007 SP3 or 2010 SP2, Live Meeting 2007 Console, Lync 2010, Lync 2010 ... oval:org.secpod.oval:def:5627 The host is installed with Microsoft Office, Windows, .NET Framework, and Silverlight and is prone TrueType Font parsing vulnerability. A flaw is present in the applications, which fail to handle a specially crafted TrueType font file. Successful exploitation could allow remote attackers to install ... oval:org.secpod.oval:def:5628 The host is installed with Microsoft Office, Windows, and Silverlight and is prone TrueType Font parsing vulnerability. A flaw is present in the applications, which fails to handle a specially crafted TrueType font file. Successful exploitation could allow remote attackers to install programs, view, ... oval:org.secpod.oval:def:1171 The host is installed with Microsoft .Net framework 2.0 SP1 or 2.0 SP2 or 3.5 or 3.5 SP1 or 4.0 or Microsoft Silverlight 4 and is prone to remote code execution vulnerability. A flaw is present in the applications which is caused when the .NET Framework or Microsoft Silverlight improperly validate a ... oval:org.secpod.oval:def:1172 The host is missing an critical security update according to Microsoft security bulletin, MS11-039. The update is required to fix remote code execution vulnerability in Microsoft .Net framework and Microsoft Silverlight. A flaw is present in the applications which is caused when the .NET Framework a ... oval:org.secpod.oval:def:2548 The host is installed with Microsoft .NET Framework or Microsoft Silverlight and is prone to a remote code execution vulnerability. Flaws are present in the Microsoft ASP.NET and Microsoft Silverlight, which fails to handle specially crafted web pages. Successful exploitation could allow attackers t ... oval:org.secpod.oval:def:2547 The host is missing a critical security update according to Microsoft security bulletin, MS11-078. The update is required to fix a remote code execution vulnerability. Flaws are present in the Microsoft .NET Framework and Microsoft Silverlight, which fails to handle specially crafted web pages by a ... oval:org.secpod.oval:def:49162 The host is missing a critical servicing stack security update for ADV990001 oval:org.secpod.oval:def:39407 A remote code execution vulnerability exists due to the way the Windows Graphics Component handles objects in memory. An attacker who successfully exploited the vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create n ... oval:org.secpod.oval:def:39404 An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory, allowing an attacker to retrieve information from a targeted system. By itself, the information disclosure does not allow arbitrary code execution; however, it could ... oval:org.secpod.oval:def:39406 An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain informationto further compromise the user's system.There are multiple ways an attacker could exploit th ... oval:org.secpod.oval:def:31755 The host is installed with Microsoft Lync 2010, Microsoft Skype For business 2016, Microsoft Skype For Business Basic 2016, Microsoft Lync Basic 2013, Microsoft Lync 2010 Attendee, Microsoft live meeting 2007, Microsoft Live Meeting 2007 Add-In, Microsoft Office 2007, Microsoft Office 2010 or Word V ... oval:org.secpod.oval:def:31753 The host is installed with Microsoft Lync 2010, Microsoft Skype For business 2016, Microsoft Skype For Business Basic 2016, Microsoft Lync Basic 2013, Microsoft Lync 2010 Attendee, Microsoft live meeting 2007, Microsoft Live Meeting 2007 Add-In, Microsoft Office 2007, Microsoft Office 2010, .NET Fra ... oval:org.secpod.oval:def:36738 The host is installed with Microsoft Windows Vista, 7, Server 2008, Server 2008 R2, Microsoft Lync 2010, Microsoft Skype For business 2016, Microsoft Skype For Business Basic 2016, Microsoft Lync Basic 2013, Microsoft Lync 2010 Attendee, Microsoft live meeting 2007, Microsoft Live Meeting 2007 Add-I ... oval:org.secpod.oval:def:36737 The host is installed with Microsoft Windows Vista, 7, Server 2008, Server 2008 R2, Microsoft Skype For business 2016, Microsoft Skype For Business Basic 2016, Microsoft Lync 2010, Microsoft Lync Basic 2013, Microsoft Lync 2010 Attendee, Microsoft live meeting 2007, Microsoft Live Meeting 2007 Add-I ... oval:org.secpod.oval:def:36736 The host is installed with Microsoft Windows Vista, 7, 8.1, 10, Server 2008, Server 2008 R2, Server 2012 or Server 2012 R2 Microsoft Lync 2010, Microsoft Skype For business 2016, Microsoft Skype For Business Basic 2016, Microsoft Lync Basic 2013, Microsoft Lync 2010 Attendee, Microsoft live meeting ... oval:org.secpod.oval:def:40959 A remote code execution vulnerability exists due to the way Windows Uniscribe handles objects in memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts ... oval:org.secpod.oval:def:40965 A remote code execution vulnerability exist when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; o ... oval:org.secpod.oval:def:37495 The host is installed with Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Server 2012, Windows 8.1, Server 2012 R2, Windows 10, Microsoft Skype For business 2016, Microsoft Skype For Business Basic 2016, Microsoft lync 2013, lync 2010, live meeting console 2007, Microsoft Off ... oval:org.secpod.oval:def:37494 The host is installed with Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Server 2012, Windows 8.1, Server 2012 R2, Windows 10, Microsoft Skype For business 2016, Microsoft Skype For Business Basic 2016, Microsoft lync 2013, lync 2010, live meeting console 2007, Microsoft Off ... oval:org.secpod.oval:def:37491 The host is installed with Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Server 2012, Windows 8.1, Server 2012 R2, Windows 10, Microsoft Skype For business 2016, Microsoft Skype For Business Basic 2016, Microsoft lync 2013, lync 2010, live meeting console 2007, Microsoft Off ... oval:org.secpod.oval:def:37490 The host is installed with Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Server 2012, Windows 8.1, Server 2012 R2, Windows 10, Microsoft Skype For business 2016, Microsoft Skype For Business Basic 2016, Microsoft lync 2013, lync 2010, live meeting console 2007, Microsoft Off ... oval:org.secpod.oval:def:37489 The host is installed with Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Server 2012, Windows 8.1, Server 2012 R2, Windows 10, .net framework 3.0, 4.6, 4.5 SP2, 3.5.1, Microsoft Skype For business 2016, Microsoft Skype For Business Basic 2016, Microsoft lync 2013, lync 2010, ... oval:org.secpod.oval:def:42057 An information disclosure vulnerability exists when Windows Uniscribe improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit the vulne ... oval:org.secpod.oval:def:42056 An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory, allowing an attacker to retrieve information from a targeted system. By itself, the information disclosure does not allow arbitrary code execution; however, it could ... oval:org.secpod.oval:def:42059 A remote code execution vulnerability exists due to the way Windows Uniscribe handles objects in memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts ... oval:org.secpod.oval:def:81516 Intel: CVE-2022-21127 Special Register Buffer Data Sampling Update (SRBDS Update). The vulnerability assigned to this CVE is in certain processor models offered by Intel. The mitigation for this vulnerability requires a firmware update, and a corresponding Windows updates enables the mitigation. Thi ... oval:org.secpod.oval:def:81889 Aliases in the branch predictor may cause some AMD processors to predict the wrong branch type potentially leading to information disclosure. oval:org.secpod.oval:def:81888 Aliases in the branch predictor may cause some AMD processors to predict the wrong branch type potentially leading to information disclosure. oval:org.secpod.oval:def:81515 Intel: CVE-2022-21125 Shared Buffers Data Sampling (SBDS). The vulnerability assigned to this CVE is in certain processor models offered by Intel. The mitigation for this vulnerability requires a firmware update, and a corresponding Windows updates enables the mitigation. This CVE is being documente ... oval:org.secpod.oval:def:81514 Intel: CVE-2022-21123 Shared Buffers Data Read (SBDR). The vulnerability assigned to this CVE is in certain processor models offered by Intel. The mitigation for this vulnerability requires a firmware update, and a corresponding Windows updates enables the mitigation. This CVE is being documented in ... oval:org.secpod.oval:def:81517 Intel: CVE-2022-21166 Device Register Partial Write (DRPW). The vulnerability assigned to this CVE is in certain processor models offered by Intel. The mitigation for this vulnerability requires a firmware update, and a corresponding Windows updates enables the mitigation. This CVE is being document ... oval:org.secpod.oval:def:71828 Windows Wireless Networking Information Disclosure Vulnerability oval:org.secpod.oval:def:71829 Windows Wireless Networking Spoofing Vulnerability oval:org.secpod.oval:def:71848 Windows SSDP Service Elevation of Privilege Vulnerability oval:org.secpod.oval:def:71849 OLE Automation Remote Code Execution Vulnerability oval:org.secpod.oval:def:71844 Windows Graphics Component Elevation of Privilege Vulnerability oval:org.secpod.oval:def:71840 Microsoft Bluetooth Driver Spoofing Vulnerability oval:org.secpod.oval:def:71842 Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability. The type of information that could be disclosed if an attacker successfully exploited this vulnerability is uninitialized memory. oval:org.secpod.oval:def:71841 Microsoft Windows Infrared Data Association (IrDA) Information Disclosure Vulnerability. The type of information that could be disclosed if an attacker successfully exploited this vulnerability is uninitialized memory and kernel memory - unintentional read access to memory contents in kernel space f ... oval:org.secpod.oval:def:71830 Windows Wireless Networking Spoofing Vulnerability oval:org.secpod.oval:def:71804 Microsoft Jet Red Database Engine and Access Connectivity Engine Remote Code Execution Vulnerability oval:org.secpod.oval:def:65070 An elevation of privilege vulnerability exists in the way that the dnsrslvr.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.To exploit the vulnerability, a locally authenticated attacker could run a specially crafte ... oval:org.secpod.oval:def:65071 An elevation of privilege vulnerability exists when the Windows Ancillary Function Driver for WinSock improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate pr ... oval:org.secpod.oval:def:65063 An elevation of privilege vulnerability exists when Windows Remote Access improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges.The security update ... oval:org.secpod.oval:def:65065 An elevation of privilege vulnerability exists when the Windows Remote Access improperly handles file operations. An attacker who successfully exploited this vulnerability could gain elevated privileges.To exploit the vulnerability, an attacker would first need code execution on a victim system. An ... oval:org.secpod.oval:def:65069 An elevation of privilege vulnerability exists when the Windows Function Discovery SSDP Provider improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privile ... oval:org.secpod.oval:def:65026 An elevation of privilege vulnerability exists when the Windows Backup Engine improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges.The security up ... oval:org.secpod.oval:def:65027 An elevation of privilege vulnerability exists when the Windows Backup Engine improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges.The security up ... oval:org.secpod.oval:def:65028 An elevation of privilege vulnerability exists when the Windows Backup Engine improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges.The security up ... oval:org.secpod.oval:def:65029 An elevation of privilege vulnerability exists when the Windows Backup Engine improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges.The security up ... oval:org.secpod.oval:def:65030 An elevation of privilege vulnerability exists when the Windows Backup Engine improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges.The security up ... oval:org.secpod.oval:def:65031 An elevation of privilege vulnerability exists when the Windows Backup Engine improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges.The security up ... oval:org.secpod.oval:def:65032 An elevation of privilege vulnerability exists when the Windows Work Folder Service improperly handles file operations. An attacker who successfully exploited this vulnerability could run processes in an elevated context.An attacker could exploit this vulnerability by running a specially crafted app ... oval:org.secpod.oval:def:65034 A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory. An attacker who successfully exploited the vulnerability could install programs; view, change, or delete data; or create new accounts with full user rights.There are multiple ways an attacker ... oval:org.secpod.oval:def:65036 A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system.An attacker could exploit this vulnerability by enticing a victim to open ... oval:org.secpod.oval:def:65016 An elevation of privilege vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete da ... oval:org.secpod.oval:def:65018 An elevation of privilege vulnerability exists when the Windows Backup Service improperly handles file operations.To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges.The s ... oval:org.secpod.oval:def:65019 An elevation of privilege vulnerability exists when the Windows Backup Engine improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges.The security up ... oval:org.secpod.oval:def:65020 An elevation of privilege vulnerability exists when the Windows Backup Engine improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges.The security up ... oval:org.secpod.oval:def:65021 An elevation of privilege vulnerability exists when the Windows UPnP Device Host improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges.The security ... oval:org.secpod.oval:def:65022 An elevation of privilege vulnerability exists when the Windows Backup Engine improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges.The security up ... oval:org.secpod.oval:def:65023 An elevation of privilege vulnerability exists when the Windows Backup Engine improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges.The security up ... oval:org.secpod.oval:def:65024 An elevation of privilege vulnerability exists when the Windows Backup Engine improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges.The security up ... oval:org.secpod.oval:def:65025 An elevation of privilege vulnerability exists when the Windows Backup Engine improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges.The security up ... oval:org.secpod.oval:def:65048 A remote code execution vulnerability exists when Windows Media Audio Codec improperly handles objects. An attacker who successfully exploited the vulnerability could take control of an affected system.There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user ... oval:org.secpod.oval:def:65049 An information disclosure vulnerability exists in RPC if the server has Routing and Remote Access enabled. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users systemTo exploit this vulnerability, an attacker would need to run a specially ... oval:org.secpod.oval:def:65050 An information disclosure vulnerability exists when the Windows Image Acquisition (WIA) Service improperly discloses contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system.To exploit the vulnerability, an authe ... oval:org.secpod.oval:def:65051 An elevation of privilege vulnerability exists in the way that the srmsvc.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.To exploit the vulnerability, a locally authenticated attacker could run a specially crafted ... oval:org.secpod.oval:def:65052 An information disclosure vulnerability exists when the Windows Image Acquisition (WIA) Service improperly discloses contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system.To exploit the vulnerability, an authe ... oval:org.secpod.oval:def:65054 An elevation of privilege vulnerability exists when the Windows Telephony Server improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges.The security ... oval:org.secpod.oval:def:65055 An elevation of privilege vulnerability exists when the Windows File Server Resource Management Service improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate ... oval:org.secpod.oval:def:65056 An elevation of privilege vulnerability exists when the Windows File Server Resource Management Service improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate ... oval:org.secpod.oval:def:65037 A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system.An attacker could exploit this vulnerability by enticing a victim to open ... oval:org.secpod.oval:def:65040 A remote code execution vulnerability exists in the way that Microsoft Graphics Components handle objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary code on a target system.To exploit the vulnerability, a user would have to open a specially crafted fi ... oval:org.secpod.oval:def:65041 A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system.An attacker could exploit this vulnerability by enticing a victim to open ... oval:org.secpod.oval:def:65045 An information disclosure vulnerability exists when DirectWrite improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system.There are multiple ways an attacker could exploit the vulnerabilit ... oval:org.secpod.oval:def:65005 An elevation of privilege vulnerability exists when the Windows CSC Service improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges.The security upda ... oval:org.secpod.oval:def:65011 An elevation of privilege vulnerability exists when the Windows CSC Service improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges.The security upda ... oval:org.secpod.oval:def:65012 An elevation of privilege vulnerability exists when the Windows Work Folders Service improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges.The secu ... oval:org.secpod.oval:def:65013 An elevation of privilege vulnerability exists when the Windows UPnP Device Host improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges.The security ... oval:org.secpod.oval:def:65014 A remote code execution vulnerability exists when the Windows Font Driver Host improperly handles memory.An attacker who successfully exploited the vulnerability would gain execution on a victim system.The security update addresses the vulnerability by correcting how the Windows Font Driver Host han ... oval:org.secpod.oval:def:65001 An elevation of privilege vulnerability exists when the Windows Work Folders Service improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges.The secu ... oval:org.secpod.oval:def:65002 An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new a ... oval:org.secpod.oval:def:64902 A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploi ... oval:org.secpod.oval:def:64908 An elevation of privilege vulnerability exists when ASP.NET or .NET web applications running on IIS improperly allow access to cached files. An attacker who successfully exploited this vulnerability could gain access to restricted files.To exploit this vulnerability, an attacker would need to send a ... oval:org.secpod.oval:def:64909 A remote code execution vulnerability exists when Microsoft .NET Framework processes input. An attacker who successfully exploited this vulnerability could take control of an affected system. To exploit the vulnerability, an attacker would need to be able to upload a specially crafted file to a web ... oval:org.secpod.oval:def:65391 An elevation of privilege vulnerability exists in the way that the Wininit.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. There are multiple ways an attacker could exploit the vulnerability: In a web-based attack ... oval:org.secpod.oval:def:65422 An elevation of privilege vulnerability exists when the Windows Print Spooler service improperly allows arbitrary writing to the file system. An attacker who successfully exploited this vulnerability could run arbitrary code with elevated system privileges. An attacker could then install programs; v ... oval:org.secpod.oval:def:65425 An elevation of privilege vulnerability exists in the way that the ssdpsrv.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.To exploit the vulnerability, a locally authenticated attacker could run a specially crafted ... oval:org.secpod.oval:def:65427 An information disclosure vulnerability exists when the Microsoft Windows Graphics Component improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system.To exploit this vulnerability, an attacker would ... oval:org.secpod.oval:def:65428 An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise a users system.There are multiple ways an attacker could exploit the ... oval:org.secpod.oval:def:65429 An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise a users system.There are multiple ways an attacker could exploit the ... oval:org.secpod.oval:def:65430 An elevation of privilege vulnerability exists when the Windows Common Log File System (CLFS) driver improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context.To exploit the vulnerability, an attacker would first have t ... oval:org.secpod.oval:def:65412 An elevation of privilege vulnerability exists when Windows Modules Installer improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in an elevated context.An attacker could exploit this vulnerability by running a specially crafted ap ... oval:org.secpod.oval:def:65413 An elevation of privilege vulnerability exists when the Windows Function Discovery SSDP Provider improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privile ... oval:org.secpod.oval:def:65415 An information disclosure vulnerability exists when the Microsoft Windows Graphics Component improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system.To exploit this vulnerability, an attacker would ... oval:org.secpod.oval:def:65416 A remote code execution vulnerability exists in the way that Microsoft COM for Windows handles objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary code on a target system.To exploit the vulnerability, a user would have to open a specially crafted file ... oval:org.secpod.oval:def:65444 A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delet ... oval:org.secpod.oval:def:65447 An elevation of privilege vulnerability exists in the way that fdSSDP.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.To exploit the vulnerability, a locally authenticated attacker could run a specially crafted appl ... oval:org.secpod.oval:def:65448 An elevation of privilege vulnerability exists in the way that the Windows Function Discovery Service handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.To exploit the vulnerability, a locally authenticated attacker could ... oval:org.secpod.oval:def:65449 An elevation of privilege vulnerability exists when the Windows Storage Services improperly handle file operations. An attacker who successfully exploited this vulnerability could gain elevated privileges.To exploit the vulnerability, an attacker would first need code execution on a victim system. A ... oval:org.secpod.oval:def:65450 An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system.To exploit this vulnerability, an attacker would have to log on to an ... oval:org.secpod.oval:def:65453 An elevation of privilege vulnerability exists when the Windows Universal Plug and Play (UPnP) service improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code with elevated system privileges. An attacker could then install programs; vi ... oval:org.secpod.oval:def:65440 An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or ... oval:org.secpod.oval:def:65441 An information disclosure vulnerability exists when the win32k component improperly provides kernel information. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system.To exploit this vulnerability, an attacker would have to log on to ... oval:org.secpod.oval:def:65442 A remote code execution vulnerability exists when Windows improperly handles objects in memory. To exploit the vulnerability an attacker would have to convince a user to run a specially crafted application.An attacker who successfully exploited this vulnerability could execute arbitrary code and tak ... oval:org.secpod.oval:def:65443 An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system.There are multiple ways an attacker could exploit th ... oval:org.secpod.oval:def:65405 A local elevation of privilege vulnerability exists in how splwow64.exe handles certain calls. An attacker who successfully exploited the vulnerability could elevate privileges on an affected system from low-integrity to medium-integrity.This vulnerability by itself does not allow arbitrary code exe ... oval:org.secpod.oval:def:65407 An elevation of privilege vulnerability exists when NTFS improperly checks access. An attacker who successfully exploited this vulnerability could run processes in an elevated context.To exploit the vulnerability, an attacker would first have to log on to the system, and then run a specially crafted ... oval:org.secpod.oval:def:64993 An elevation of privilege vulnerability exists when Windows improperly handles hard links. An attacker who successfully exploited this vulnerability could overwrite a targeted file leading to an elevated status.To exploit this vulnerability, an attacker would first have to log on to the system. An a ... oval:org.secpod.oval:def:64994 An elevation of privilege vulnerability exists when the Windows Work Folders Service improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges.The secu ... oval:org.secpod.oval:def:64996 A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system.An attacker could exploit this vulnerability by enticing a victim to open ... oval:org.secpod.oval:def:64997 A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory. An attacker who successfully exploited the vulnerability could install programs; view, change, or delete data; or create new accounts with full user rights.There are multiple ways an attacker ... oval:org.secpod.oval:def:64998 A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory. An attacker who successfully exploited the vulnerability could install programs; view, change, or delete data; or create new accounts with full user rights.There are multiple ways an attacker ... oval:org.secpod.oval:def:64986 An elevation of privilege vulnerability exists when the Windows Print Spooler service improperly allows arbitrary writing to the file system. An attacker who successfully exploited this vulnerability could run arbitrary code with elevated system privileges. An attacker could then install programs; v ... oval:org.secpod.oval:def:64987 An elevation of privilege vulnerability exists when the Windows Kernel API improperly handles registry objects in memory. An attacker who successfully exploited the vulnerability could gain elevated privileges on a targeted system.A locally authenticated attacker could exploit this vulnerability by ... oval:org.secpod.oval:def:64988 An elevation of privilege vulnerability exists when the Windows Kernel API improperly handles registry objects in memory. An attacker who successfully exploited the vulnerability could gain elevated privileges on a targeted system.A locally authenticated attacker could exploit this vulnerability by ... oval:org.secpod.oval:def:64989 A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory. An attacker who successfully exploited the vulnerability could install programs; view, change, or delete data; or create new accounts with full user rights.There are multiple ways an attacker ... oval:org.secpod.oval:def:64991 A spoofing vulnerability exists when Windows incorrectly validates file signatures. An attacker who successfully exploited this vulnerability could bypass security features and load improperly signed files.In an attack scenario, an attacker could bypass security features intended to prevent improper ... oval:org.secpod.oval:def:65494 An elevation of privilege vulnerability exists when Microsoft Windows processes group policy updates. An attacker who successfully exploited this vulnerability could potentially escalate permissions or perform additional privileged actions on the target machine.To exploit this vulnerability, an atta ... oval:org.secpod.oval:def:65495 An information disclosure vulnerability exists in the way that the Windows Server DHCP service improperly discloses the contents of its memory.To exploit the vulnerability, an unauthenticated attacker could send a specially crafted packet to an affected DHCP server. An attacker who successfully exp ... oval:org.secpod.oval:def:65496 A denial of service vulnerability exists when Windows Routing Utilities improperly handles objects in memory. An attacker who successfully exploited the vulnerability could cause a target system to stop responding.To exploit this vulnerability, an attacker would have to log on to an affected system ... oval:org.secpod.oval:def:65497 A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system.An attacker could exploit this vulnerability by enticing a victim to open ... oval:org.secpod.oval:def:65498 A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system.An attacker could exploit this vulnerability by enticing a victim to open ... oval:org.secpod.oval:def:65481 A remote code execution vulnerability exists when Windows Media Audio Decoder improperly handles objects. An attacker who successfully exploited the vulnerability could take control of an affected system.There are multiple ways an attacker could exploit the vulnerability, such as by convincing a use ... oval:org.secpod.oval:def:65482 A remote code execution vulnerability exists when Windows Media Audio Decoder improperly handles objects. An attacker who successfully exploited the vulnerability could take control of an affected system.There are multiple ways an attacker could exploit the vulnerability, such as by convincing a use ... oval:org.secpod.oval:def:65483 An elevation of privilege vulnerability exists when the Windows RSoP Service Application improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges.The ... oval:org.secpod.oval:def:65487 An elevation of privilege vulnerability exists when the Windows Cryptographic Catalog Services improperly handle objects in memory. An attacker who successfully exploited this vulnerability could modify the cryptographic catalog.To exploit this vulnerability, an attacker would first have to log on t ... oval:org.secpod.oval:def:65503 A information disclosure vulnerability exists when TLS components use weak hash algorithms. An attacker who successfully exploited this vulnerability could obtain information to further compromise a users's encrypted transmission channel.To exploit the vulnerability, an attacker would have to conduc ... oval:org.secpod.oval:def:59644 An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system.To exploit this vulnerability, an attacker would have to log on to an ... oval:org.secpod.oval:def:59641 A denial of service vulnerability exists when Windows improperly handles objects in memory. An attacker who successfully exploited the vulnerability could cause a target system to stop responding.To exploit this vulnerability, an attacker would have to log on to an affected system and run a speciall ... oval:org.secpod.oval:def:57879 Microsoft is aware of the Bluetooth BR/EDR (basic rate/enhanced data rate, known as "Bluetooth Classic") key negotiation vulnerability that exists at the hardware specification level of any BR/EDR Bluetooth device. An attacker could potentially be able to negotiate the offered key length down to 1 b ... oval:org.secpod.oval:def:43422 The host is missing a critical security update 4056568 oval:org.secpod.oval:def:47216 An attacker who has successfully exploited L1TF may be able to read privileged data across trust boundaries. In shared resource environments (such that exist in some cloud services configurations), this vulnerability could allow one virtual machine to improperly access information from another. An a ... oval:org.secpod.oval:def:47219 An attacker who has successfully exploited L1TF may be able to read privileged data across trust boundaries. In shared resource environments (such that exist in some cloud services configurations), this vulnerability could allow one virtual machine to improperly access information from another. An a ... oval:org.secpod.oval:def:45388 An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new a ... oval:org.secpod.oval:def:47525 Microsoft is aware of a denial of service vulnerability (named "FragmentSmack" CVE-2018-5391) affecting Windows systems. An attacker could send many 8-byte sized IP fragments with random starting offsets, but withhold the last fragment and exploit the worst-case complexity of linked lists in reassem ... oval:org.secpod.oval:def:3718 The host is installed with Microsoft Windows and is prone to information disclosure vulnerability. A flaw is present in the application, which is caused by a design flaw in the SSL and TLS protocols when Cipher-block chaining (CBC) mode of operation is used. Successful exploitation allows attackers ... oval:org.secpod.oval:def:3719 The host is missing an important security update according to Microsoft bulletin MS12-006. The update is required to fix information disclosure vulnerability. A flaw is present in the application, which is caused by a design flaw in the SSL and TLS protocols when Cipher-block chaining (CBC) mode of ... oval:org.secpod.oval:def:635 The host is running Microsoft Windows 7 and is prone to denial of service vulnerability. A flaw is present in the IPv6 implementation in the operating system which does not provide an option to ignore an unexpected RA. Successful exploitation allows remote attackers to conduct man-in-the-middle atta ... oval:org.secpod.oval:def:85438 Windows Digital Media Receiver Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. oval:org.secpod.oval:def:71814 Scripting Engine Memory Corruption Vulnerability. In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Internet Explorer and then convince a user to view the website. An attacker could also embed an ActiveX control m ... oval:org.secpod.oval:def:64904 A remote code execution vulnerability exists in the way that the MSHTML engine improperly validates input. An attacker could execute arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnera ... oval:org.secpod.oval:def:64907 A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploi ... oval:org.secpod.oval:def:65390 A remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory. The vulnerability could corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerabilit ... |
