[Forgot Password]
Login  Register Subscribe

23631

 
 

123400

 
 

98218

 
 

909

 
 

79224

 
 

109

Paid content will be excluded from the download.


Download | Alert*


oval:org.secpod.oval:def:7696
The number of passwords remembered

oval:org.secpod.oval:def:7698
This setting requires users to wait for a certain number of days before changing their password again.

oval:org.secpod.oval:def:7685
MSS: (ScreenSaverGracePeriod) The time in seconds before the screen saver grace period expires (0 recommended)

oval:org.secpod.oval:def:8398
The "Maximum tolerance for computer clock synchronization" policy should be set correctly.

oval:org.secpod.oval:def:8960
The host is installed with Internet Explorer 6 or 7 or 8 or 9 and is prone to information disclosure vulnerability. A flaw is present in the application, which fails to properly handle UNC share pathname in the SRC attribute of a SCRIPT element. Successful exploitation allows attackers to obtain sen ...

oval:org.mitre.oval:def:5525
Test if this OS should support WMI service. Note: different Objects are supported on different OS. This is a generic test for the API.

oval:org.mitre.oval:def:1867
The operating system installed on the system is Microsoft Windows Server 2003 (ia-64).

oval:org.secpod.oval:def:21360
The host is installed with Microsoft Windows Server 2003 and is prone to an elevation of privilege vulnerability. A flaw is present in the application, which is caused when the message queuing service improperly handles objects in memory by inadvertently allowing overwrite. Successful exploitation c ...

oval:org.secpod.oval:def:18533
The host is installed with .NET Framework 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4.0, 4.5 or 4.5.1 and is prone to privilege escalation vulnerability. A flaw is present in the application, which fails to handles TypeFilterLevel checks for some malformed objects. Successful exploitation allows attacker to exe ...

oval:org.secpod.oval:def:16177
The host is installed with Microsoft Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows 8, Windows Server 2012, Windows 8.1 or Windows Server 2012 R2 and is prone to a signature validation vulnerability. The flaw is present in WinVerifyTru ...

oval:org.secpod.oval:def:16182
The host is installed with Microsoft Windows XP SP2, SP3 or Server 2003 SP2 and is prone to elevation of privilege vulnerability. The flaw is present in the application, which fails to handle the crafted LPC port message. Successful exploitation allows the remote attacker to cause a stack-based buff ...

oval:org.secpod.oval:def:16187
The host is installed with Microsoft Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to remote code execution vulnerability. A flaw is present in the application, which fails to handle an object in memory. Successful exploitation allows attackers to execute arbitrary code in the context of the c ...

oval:org.secpod.oval:def:16188
The host is installed with Microsoft Internet Explorer 6, 7, 8 or 9 and is prone to remote code execution vulnerability. A flaw is present in the application, which fails to handle an object in memory. Successful exploitation allows attackers to execute arbitrary code in the context of the current u ...

oval:org.secpod.oval:def:16185
The host is installed with Microsoft Internet Explorer 7, 8, 9, 10 or 11 and is prone to elevation of privilege vulnerability. A flaw is present in the application, which fails to properly validate permissions. Successful exploitation allows attackers to gain elevation of privilege.

oval:org.secpod.oval:def:16186
The host is installed with Microsoft Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to remote code execution vulnerability. A flaw is present in the application, which fails to handle an object in memory. Successful exploitation allows attackers to execute arbitrary code in the context of the c ...

oval:org.secpod.oval:def:16776
The host is installed with Microsoft Internet Explorer 6, 7 or 8 and is prone to memory corruption vulnerability. A flaw is present in the application, which fails to properly handle the access of an object in memory. Successful exploitation allows attackers to execute arbitrary code or cause a deni ...

oval:org.secpod.oval:def:16771
The host is installed with Microsoft Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to memory corruption vulnerability. A flaw is present in the application, which fails to properly handle the access of an object in memory. Successful exploitation allows attackers to execute arbitrary code or c ...

oval:org.secpod.oval:def:16789
The host is installed with .NET Framework 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4.0, 4.5 or 4.5.1 and is prone to type traversal vulnerability. A flaw is present in the application, which improperly verifies that a method is safe for execution. Successful exploitation allows attacker to take complete contro ...

oval:org.secpod.oval:def:16788
The host is installed with .NET Framework 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4.0, 4.5 or 4.5.1 and is prone to post request denial of service vulnerability. A flaw is present in the application, which improperly identifies stale or closed HTTP client connections. Successful exploitation allows attackers ...

oval:org.secpod.oval:def:16781
The host is installed with Microsoft Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to memory corruption vulnerability. A flaw is present in the application, which fails to properly handle the access of an object in memory. Successful exploitation allows attackers to execute arbitrary code or c ...

oval:org.secpod.oval:def:16780
The host is installed with Microsoft Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to memory corruption vulnerability. A flaw is present in the application, which fails to properly handle the access of an object in memory. Successful exploitation allows attackers to execute arbitrary code or c ...

oval:org.secpod.oval:def:16753
The host is installed with Microsoft XML Core Services 3.0 on Microsoft Windows XP SP3, Server 2003 SP2, Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8, 8.1, Server 2012 or Server 2012 R2 and is prone to information disclosure vulnerability. A flaw is present in the applica ...

oval:org.secpod.oval:def:16995
The host is installed with Internet Explorer 6 through 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle objects in memory. Successful exploitation could allow attackers to gain the same user rights as the current user or execu ...

oval:org.secpod.oval:def:16757
The host is installed with VBScript engine 5.6, 5.7 or 5.8 or Microsoft Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to execute arbitra ...

oval:org.secpod.oval:def:16990
The host is installed with Internet Explorer 6 through 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle objects in memory. Successful exploitation could allow attackers to gain the same user rights as the current user or execu ...

oval:org.secpod.oval:def:16766
The host is installed with Microsoft Internet Explorer 6, 7, 8, 9 or 10 and is prone to memory corruption vulnerability. A flaw is present in the application, which fails to properly handle the access of an object in memory. Successful exploitation allows attackers to execute arbitrary code or cause ...

oval:org.secpod.oval:def:16192
The host is installed with Microsoft Windows XP SP2, SP3 or Windows Server 2003 SP2 and is prone to elevation of privilege vulnerability. The flaw is present in the application, which fails to properly validate address values. Successful exploitation allows local users to gain privileges via a craft ...

oval:org.secpod.oval:def:16196
The host is installed with Microsoft Windows XP SP2, SP3, Server 2003 SP2, Vista SP2, Server 2008 SP2, Server 2008 R2 SP2, Windows 7 SP1, Windows Server 2012 or Windows 8 and is prone to denial of service vulnerability. The flaw is present in the application, which fails to properly handle objects i ...

oval:org.secpod.oval:def:16190
The host is installed with Microsoft Internet Explorer 7 and is prone to remote code execution vulnerability. A flaw is present in the application, which fails to handle an object in memory. Successful exploitation allows attackers to execute arbitrary code in the context of the current user.

oval:org.secpod.oval:def:16013
The host is installed with Microsoft Windows XP SP2, SP3, Server 2003 SP2, Vista SP1, SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8, Windows 8.1, Server 2012 or Server 2012 R2 and is prone to security feature bypass vulnerability. A flaw is present in the application, which fail ...

oval:org.secpod.oval:def:17584
The host is installed with Microsoft Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to memory corruption vulnerability. A flaw is present in the application, which fails to properly handle the access of an object in memory. Successful exploitation allows attackers to execute arbitrary code or c ...

oval:org.secpod.oval:def:17389
The host is installed with Windows XP, Windows Vista, Windows Server 2008, Windows Server 2008 R2, Windows Server 2003, Windows 7, Windows 8, Windows Server 2012, Windows 8.1 or Windows Server 2012 R2 and is prone to a remote code execution vulnerability. A flaw is present in the application, which ...

oval:org.secpod.oval:def:17397
The host is missing a critical security update according to Microsoft bulletin, MS14-018. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted website. Successful exploitation allows attacker to execute arbitrary code in the ...

oval:org.secpod.oval:def:17396
The host is installed with Microsoft Internet Explorer 6, 7, 8 or 9 and is prone to memory corruption vulnerability. A flaw is present in the application, which fails to handle a crafted website. Successful exploitation allows attackers to execute arbitrary code in the context of the current user.

oval:org.secpod.oval:def:17395
The host is installed with Microsoft Internet Explorer 6 or 7 and is prone to memory corruption vulnerability. A flaw is present in the application, which fails to handle a crafted website. Successful exploitation allows attackers to execute arbitrary code in the context of the current user.

oval:org.secpod.oval:def:16977
The host is installed with Microsoft Windows XP, Server 2003, Server 2008, Server 2008 R2, Windows Vista, Windows 7, Server 2012, Server 2012 R2, Windows 8 or Windows 8.1 and is prone to an elevation of privilege vulnerability. A flaw is present in the application, which fails to properly handle obj ...

oval:org.secpod.oval:def:16984
The host is installed with Internet Explorer 6 through 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle objects in memory. Successful exploitation could allow attackers to gain the same user rights as the current user or execu ...

oval:org.secpod.oval:def:16983
The host is installed with Microsoft Active Directory or Active Directory Application Mode (ADAM) or Active Directory Lightweight Directory Service (AD LDS) or Active Directory Services and is prone to security bypass vulnerability. A flaw is present in an application, which fails to handle validati ...

oval:org.secpod.oval:def:16988
The host is installed with Internet Explorer 6 through 8 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle objects in memory. Successful exploitation could allow attackers to gain the same user rights as the current user or execut ...

oval:org.secpod.oval:def:16987
The host is installed with Internet Explorer 6 through 8 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle objects in memory. Successful exploitation could allow attackers to gain the same user rights as the current user or execut ...

oval:org.secpod.oval:def:16980
The host is installed with DirectShow in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, Windows 8.1 or Windows Server 2012 R2 and is prone to a memory corruption vulnerability. A flaw is ...

oval:org.secpod.oval:def:16978
The host is installed with Microsoft Windows XP, Server 2003, Server 2008, Server 2008 R2, Windows Vista, Windows 7, Server 2012, Server 2012 R2, Windows 8 or Windows 8.1 and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to properly handle obj ...

oval:org.mitre.oval:def:1825
The operating system installed on the system is Microsoft Windows Server 2003 (ia64) Service Pack 2 or later.

oval:org.secpod.oval:def:19864
The host is installed with IE 6,7 or 8 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to gain the same user rights as the current user.

oval:org.secpod.oval:def:18541
The host is installed with Microsoft Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to remote code execution vulnerability. A flaw is present in the application, which fails to properly handle the access of an object in memory. Successful exploitation allows attackers to execute arbitrary code ...

oval:org.secpod.oval:def:18540
The host is installed with Microsoft Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to remote code execution vulnerability. A flaw is present in the application, which fails to properly handle the access of an object in memory. Successful exploitation allows attackers to execute arbitrary code ...

oval:org.secpod.oval:def:19801
The host is installed with Microsoft XML Core Services 3.0 on Microsoft Windows Server 2003 SP2, Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8, 8.1, Server 2012 or Server 2012 R2 or Microsoft XML Core Services 6.0 on Microsoft Windows Server 2003 SP2, Vista SP2, Server 200 ...

oval:org.secpod.oval:def:19814
The host is installed with IE 6,7,8,9,10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to gain the same user rights as the current user.

oval:org.secpod.oval:def:19815
The host is installed with IE 6,7,8,9,10 or 11 and is prone to a TLS server certificate renegotiation vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to gain the same user rights as the current user.

oval:org.secpod.oval:def:19810
The host is installed with IE 6,7,8,9,10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to gain the same user rights as the current user.

oval:org.secpod.oval:def:19811
The host is installed with IE 7,8,9,10 or 11 and is prone to an elevation of privilege vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to gain the same user rights as the current user.

oval:org.secpod.oval:def:19809
The host is installed with IE 6,7,8,9,10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to gain the same user rights as the current user.

oval:org.secpod.oval:def:19842
The host is installed with IE 6,7,8,9,10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to gain the same user rights as the current user.

oval:org.secpod.oval:def:19839
The host is installed with IE 6,7,8,9,10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to gain the same user rights as the current user.

oval:org.secpod.oval:def:19858
The host is installed with IE 6 or 7 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to gain the same user rights as the current user.

oval:org.secpod.oval:def:19859
The host is installed with IE 6,7 or 8 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to gain the same user rights as the current user.

oval:org.secpod.oval:def:19849
The host is installed with IE 6,7,8,9,10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to gain the same user rights as the current user.

oval:org.secpod.oval:def:19822
The host is installed with IE 6,7,8,9,10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to gain the same user rights as the current user.

oval:org.secpod.oval:def:19819
The host is installed with IE 6,7,8,9,10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to gain the same user rights as the current user.

oval:org.secpod.oval:def:20801
The host is installed with Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application , which fails to properly access objects in memory. Successful exploitation could allow attackers to execute arbitrary code.

oval:org.secpod.oval:def:19837
The host is installed with IE 6,8,9,10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to gain the same user rights as the current user.

oval:org.secpod.oval:def:19833
The host is installed with IE 7,8,9,10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to gain the same user rights as the current user.

oval:org.secpod.oval:def:21379
The host is installed with Internet Explorer 6, 7, 8, 9 or 10 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle a crafted website. Successful exploitation could allow attackers to elevate privileges in affected versions of Internet Explore ...

oval:org.secpod.oval:def:21380
The host is installed with Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle a crafted website. Successful exploitation could allow attackers to elevate privileges in affected versions of Internet Exp ...

oval:org.secpod.oval:def:21385
The host is installed with Internet Explorer 6, 7 or 8 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle a crafted website. Successful exploitation could allow attackers to elevate privileges in affected versions of Internet Explorer.

oval:org.secpod.oval:def:21386
The host is installed with Internet Explorer 6 or 7 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle a crafted website. Successful exploitation could allow attackers to elevate privileges in affected versions of Internet Explorer.

oval:org.secpod.oval:def:21384
The host is installed with Internet Explorer 6 or 7 and is prone to a elevation of privilege vulnerability. A flaw is present in the application, which fails to handle a crafted website. Successful exploitation could allow attackers to elevate privileges in affected versions of Internet Explorer.

oval:org.secpod.oval:def:21569
The host is installed with Microsoft Input method editor Japanese on Microsoft Windows Server 2003, Server 2008, Server 2008 R2 or Windows 7 and is prone to an elevation of privilege vulnerability. A flaw is present in the application, which fails to properly handle a specially crafted file. Success ...

oval:org.secpod.oval:def:21574
The host is installed with Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle a crafted website. Successful exploitation could allow attackers to gain the same user rights as the current user.

oval:org.secpod.oval:def:21554
The host is installed with Microsoft Windows Server 2003 SP2, Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8, 8.1, Server 2012 or Server 2012 R2 and is prone to a remote code execution vulnerability. A flaw is present in the application, which fails to properly handle proce ...

oval:org.secpod.oval:def:21564
The host is installed with .NET Framework 1.1 SP1, 2.0 SP2, 3.5.1, 4.0, 4.5 or 4.5.1 and is prone to elevation of privilege vulnerability. A flaw is present in the application, which fails to handle TypeFilterLevel checks for some malformed objects. Successful exploitation allows attacker to execute ...

oval:org.secpod.oval:def:21543
The host is installed with Microsoft XML Core Services 3.0 on Microsoft Windows Server 2003 SP2, Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8, 8.1, Server 2012 or Server 2012 R2 and is prone to a remote code execution vulnerability. A flaw is present in the application, w ...

oval:org.secpod.oval:def:21540
The host is installed with Microsoft Windows Server 2003, Server 2008, Server 2008 R2, Windows Vista, Windows 7, Server 2012, Server 2012 R2, Windows 8 or Windows 8.1 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to properly handle a specially c ...

oval:org.secpod.oval:def:21367
The host is installed with Microsoft Windows Server 2003, Vista or Server 2008 and is prone to an elevation of privilege vulnerability. A flaw is present in the application, which is caused when the FASTFAT driver executes a function that results in a buffer under-allocation issue. Successful exploi ...

oval:org.secpod.oval:def:21376
The host is installed with Internet Explorer 7, 8, 9, 10 or 11 and is prone to a elevation of privilege vulnerability. A flaw is present in the application, which fails to handle a crafted website. Successful exploitation could allow attackers to elevate privileges in affected versions of Internet E ...

oval:org.secpod.oval:def:21377
The host is installed with Internet Explorer 7, 8, 9, 10 or 11 and is prone to a elevation of privilege vulnerability. A flaw is present in the application, which fails to handle a crafted website. Successful exploitation could allow attackers to elevate privileges in affected versions of Internet E ...

oval:org.secpod.oval:def:21372
The host is installed with .Net framework 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1 or 4.5.2 and is prone to an elevation of privilege vulnerability. A flaw is present in the application, which inadvertently processes data prior to verification. Successful exploitation allows attacker to take complete cont ...

oval:org.secpod.oval:def:21373
The host is installed with .Net framework 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1 or 4.5.2 and is prone to a remote code execution vulnerability. A flaw is present in the application, which fails to properly parse specially crafted internationalized resource identifiers resulting in memory corruption. Su ...

oval:org.secpod.oval:def:21587
The host is installed with Internet Explorer 7, 8, 9, 10 or 11 and is prone to a clipboard information disclosure vulnerability. A flaw is present in the application, which does not properly restrict access to the clipboard of a user who visits a website. Successful exploitation could allow attacker ...

oval:org.secpod.oval:def:21590
The host is installed with Internet Explorer 6, 7, 8, 9 or 10 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle a crafted website. Successful exploitation could allow attackers to gain the same user rights as the current user.

oval:org.secpod.oval:def:21578
The host is installed with Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle a crafted website. Successful exploitation could allow attackers to gain the same user rights as the current user.

oval:org.secpod.oval:def:21577
The host is installed with Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to a cross-domain information disclosure vulnerability. A flaw is present in the application, which does not properly enforce cross-domain policies. Successful exploitation could allow an attacker to gain access to inform ...

oval:org.secpod.oval:def:18180
The host is installed with Windows Server 2003, Server 2008, Vista, Windows 7, Server 2008 R2, Server 2012, Windows 8.1 or Server 2012 R2 and is prone to an elevation of privilege vulnerability. A flaw is present in the application, which fails to properly handle file association. Successful exploit ...

oval:org.secpod.oval:def:20793
The host is installed with Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application , which fails to properly access objects in memory. Successful exploitation could allow attackers to execute arbitrary code.

oval:org.secpod.oval:def:21866
The host is installed with Internet Explorer 6, 7 or 8 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle a crafted website. Successful exploitation could allow attackers to gain the same user rights as the current user.

oval:org.secpod.oval:def:20783
The host is installed with Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application , which fails to properly access objects in memory. Successful exploitation could allow attackers to execute arbitrary code.

oval:org.secpod.oval:def:20768
The host is installed with Microsoft Server 2003, Server 2008, Server 2008 R2, Windows Vista, Windows 7, Server 2012, Server 2012 R2, Windows 8 or Windows 8.1 and is prone to an elevation of privilege vulnerability. A flaw is present in the application, which fails to handle a crafted application. S ...

oval:org.secpod.oval:def:21615
The host is installed with Microsoft Windows 2003 SP2, Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8, 8.1, Server 2012 or Server 2012 R2 and is prone to a remote elevation of privilege vulnerability. A flaw is present in the application, which fails to handle a forged sign ...

oval:org.secpod.oval:def:21857
The host is installed with Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle a crafted website. Successful exploitation could allow attackers to gain the same user rights as the current user.

oval:org.secpod.oval:def:20769
The host is installed with Microsoft Server 2003, Server 2008, Server 2008 R2, Windows Vista, Windows 7, Server 2012, Server 2012 R2, Windows 8 or Windows 8.1 and is prone to an elevation of privilege vulnerability. A flaw is present in the application, which fails to handle a crafted application. S ...

oval:org.secpod.oval:def:20772
The host is installed with Microsoft Server 2003, Server 2008, Server 2008 R2, Windows Vista, Windows 7, Server 2012, Server 2012 R2, Windows 8 or Windows 8.1 and is prone to an elevation of privilege vulnerability. A flaw is present in the application, which improperly handles the repair of a previ ...

oval:org.secpod.oval:def:21861
The host is installed with Internet Explorer 6 or 7 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle a crafted website. Successful exploitation could allow attackers to gain the same user rights as the current user.

oval:org.secpod.oval:def:21050
The host is installed with Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to a information disclosure vulnerability. A flaw is present in the application, which fails to handle a crafted website. Successful exploitation could allow attackers to detect anti-malware applications in use on a targe ...

oval:org.secpod.oval:def:21052
The host is installed with Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which improperly accesses objects in memory. Successful exploitation could allow attackers to execute arbitrary code or cause a denial of service ...

oval:org.secpod.oval:def:21095
The host is installed with .Net framework 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1 or 4.5.2 and is prone to denial of service vulnerability. A flaw are present in the applications, which does not properly use a hash table for request data. Successful exploitation allows for an unauthenti ...

oval:org.secpod.oval:def:21086
The host is installed with Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which improperly accesses objects in memory. Successful exploitation could allow attackers to execute arbitrary code or cause a denial of service ...

oval:org.secpod.oval:def:21070
The host is installed with Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which improperly accesses objects in memory. Successful exploitation could allow attackers to execute arbitrary code or cause a denial of service ...

oval:org.secpod.oval:def:21068
The host is installed with Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which improperly accesses objects in memory. Successful exploitation could allow attackers to execute arbitrary code or cause a denial of service ...

oval:org.secpod.oval:def:21069
The host is installed with Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which improperly accesses objects in memory. Successful exploitation could allow attackers to execute arbitrary code or cause a denial of service ...

oval:org.secpod.oval:def:21066
The host is installed with Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which improperly accesses objects in memory. Successful exploitation could allow attackers to execute arbitrary code or cause a denial of service ...

oval:org.secpod.oval:def:21067
The host is installed with Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which improperly accesses objects in memory. Successful exploitation could allow attackers to execute arbitrary code or cause a denial of service ...

oval:org.secpod.oval:def:21064
The host is installed with Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which improperly accesses objects in memory. Successful exploitation could allow attackers to execute arbitrary code or cause a denial of service ...

oval:org.secpod.oval:def:21065
The host is installed with Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which improperly accesses objects in memory. Successful exploitation could allow attackers to execute arbitrary code or cause a denial of service ...

oval:org.secpod.oval:def:20116
The host is installed with Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly access objects in memory. Successful exploitation could allow attackers to execute arbitrary code.

oval:org.secpod.oval:def:20114
The host is installed with Internet Explorer 6, 7 or 8 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly access objects in memory. Successful exploitation could allow attackers to execute arbitrary code.

oval:org.secpod.oval:def:20122
The host is installed with Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly access objects in memory. Successful exploitation could allow attackers to execute arbitrary code.

oval:org.secpod.oval:def:20123
The host is installed with Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly access objects in memory. Successful exploitation could allow attackers to execute arbitrary code.

oval:org.secpod.oval:def:20107
The host is installed with Internet Explorer 6 or 7 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly access objects in memory. Successful exploitation could allow attackers to execute arbitrary code.

oval:org.secpod.oval:def:20104
The host is installed with Internet Explorer 7 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly access objects in memory. Successful exploitation could allow attackers to execute arbitrary code.

oval:org.secpod.oval:def:20102
The host is installed with Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly access objects in memory. Successful exploitation could allow attackers to execute arbitrary code.

oval:org.secpod.oval:def:20103
The host is installed with Internet Explorer 7, 8, 9, 10 or 11 and is prone to a Extended Validation (EV) certificate security feature bypass vulnerability. A flaw is present in the application , which force to prevent the use of wildcard certificates. Successful exploitation could allow attackers t ...

oval:org.secpod.oval:def:20112
The host is installed with Internet Explorer 6 or 7 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly access objects in memory. Successful exploitation could allow attackers to execute arbitrary code.

oval:org.secpod.oval:def:16210
The host is installed with Microsoft Windows XP SP2, Windows XP SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 or Windows Server 2012 R2 and is prone to use after free vulnerability. A flaw is present in th ...

oval:org.secpod.oval:def:21875
The host is installed with Microsoft Windows Server 2003, Server 2008, Server 2008 R2, Windows Vista, Windows 7, Server 2012, Server 2012 R2, Windows 8 or Windows 8.1 and is prone to an information disclosure vulnerability. A flaw is present in the Graphics Component, which improperly handles the de ...

oval:org.secpod.oval:def:7695
This setting holds if we need to store passwords using reversible encryption.

oval:org.secpod.oval:def:7697
This forces users to change their passwords regularly.

oval:org.secpod.oval:def:7693
This setting requires users password to have certain minimum number of characters

oval:org.secpod.oval:def:7694
This setting requires if users need to maintain certain complexity or not.

oval:org.secpod.oval:def:8427
The maximum number of failed attempts that can occur before the account is locked out This security setting determines the number of failed logon attempts that causes a user account to be locked out. A locked-out account cannot be used until it is reset by an administrator or until the lockout dura ...

oval:org.secpod.oval:def:10030
The 'Display user information when the session is locked' setting should be configured correctly.

oval:org.secpod.oval:def:10031
User-initiated system crashes via the CTRL+SCROLL LOCK+SCROLL LOCK sequence should be enabled or disabled for PS/2 keyboards as appropriate.

oval:org.secpod.oval:def:10032
User-initiated system crashes via the CTRL+SCROLL LOCK+SCROLL LOCK sequence should be enabled or disabled for USB keyboards as appropriate.

oval:org.secpod.oval:def:8461
The "Disable Media Player for automatic updates" policy should be set correctly.

oval:org.secpod.oval:def:8477
The "Set Client connection Encryption Level" policy should be set correctly for Terminal Services.

oval:org.secpod.oval:def:7689
The Screen Saver timeout setting should be configured correctly.

oval:org.secpod.oval:def:7686
The settings of screen saver should be enabled or disabled as appropriate for the current user.

oval:org.secpod.oval:def:10166
The 'Change Password' option in the Ctrl+Alt+Del dialog should be enabled or disabled as appropriate.

oval:org.secpod.oval:def:8447
The "Set time limit for idle sessions" policy should be set correctly for Terminal Services.

oval:org.secpod.oval:def:8448
The "Message text for users attempting to log on" policy should be set correctly.

oval:org.secpod.oval:def:8449
The "Smart Card Removal Behavior" policy should be set correctly.

oval:org.secpod.oval:def:8443
The "Do not store LAN Manager hash value on next password change" policy should be set correctly.

oval:org.secpod.oval:def:8444
The "Digitally Sign Client Communication (Always)" policy should be set correctly.

oval:org.secpod.oval:def:8445
The "Limit Users to One Remote Session" policy should be set correctly for Terminal Services.

oval:org.secpod.oval:def:8446
The "Recovery Console: Allow Automatic Administrative Logon" policy should be set correctly.

oval:org.secpod.oval:def:8440
The "Maximum User Ticket Lifetime" policy should be set correctly.

oval:org.secpod.oval:def:8441
The "Do not Delete Temp folder on exit" policy should be set correctly for Terminal Services.

oval:org.secpod.oval:def:8442
The behavior surrounding Anonymous users' ability to display lists of SAM accounts should be correct.

oval:org.secpod.oval:def:8458
The "Named Pipes that can be accessed anonymously" policy should be set correctly.

oval:org.secpod.oval:def:8459
The "Require Case Insensitivity for Non-Windows Sybsystems" policy should be set correctly.

oval:org.secpod.oval:def:8454
The "LAN Manager Authentication Level" policy should be set correctly.

oval:org.secpod.oval:def:8455
Disallow Installation of Printers Using Kernel-mode Drivers should be properly configured.

oval:org.secpod.oval:def:8456
The "Number of Previous Logons to Cache" policy should be set correctly.

oval:org.secpod.oval:def:8457
The "Do not Use Temp folders per Session" policy should be set correctly for Terminal Services.

oval:org.secpod.oval:def:8450
The "Recovery Console: Allow Floppy Copy and Access to All Drives and All Folders" policy should be set correctly.

oval:org.secpod.oval:def:8451
The "Allow Reconnection from Original Client Only" policy should be set correctly for Terminal Services.

oval:org.secpod.oval:def:8452
Automatic Logon should be properly configured.

oval:org.secpod.oval:def:8453
The "Enforce user logon restrictions" policy should be set correctly.

oval:org.secpod.oval:def:8425
This setting requires users to wait for a certain number of days before changing their password again.

oval:org.secpod.oval:def:8426
Always Wait for the Network at Computer Startup and Logon should be properly configured.

oval:org.secpod.oval:def:8429
The "reset account lockout counter after" policy should meet minimum requirements.

oval:org.secpod.oval:def:8436
The "Allow undock without having to logon" policy should be set correctly.

oval:org.secpod.oval:def:8438
TCP/IP SYN Flood Attack Protection should be properly configured.

oval:org.secpod.oval:def:8439
The "Allow Unsolicited Remote Assistance" policy should be set correctly for Terminal Services.The "Allow Unsolicited Remote Assistance" policy should be set correctly for Terminal Services.

oval:org.secpod.oval:def:8432
The "Shares that can be accessed anonymously" policy should be set correctly.

oval:org.secpod.oval:def:8433
Autoplay on all Drive Types should be properly configured.

oval:org.secpod.oval:def:8434
The "Allow Solicited Remote Assistance" policy should be set correctly for Terminal Services.

oval:org.secpod.oval:def:8435
The "Refuse machine account password change" policy should be set correctly.

oval:org.secpod.oval:def:8430
The "Terminate session when time limits are reached" policy should be set correctly for Terminal Services.

oval:org.secpod.oval:def:8431
The "Allowed to Format and Eject Removable NTFS Media" policy should be set correctly.

oval:org.secpod.oval:def:8403
The "password must meet complexity requirements" policy should be set correctly.

oval:org.secpod.oval:def:8404
The "enforce password history" policy should meet minimum requirements.

oval:org.secpod.oval:def:8406
The "Allow System to be Shut Down Without Having to Log On" policy should be set correctly.

oval:org.secpod.oval:def:8400
The "minimum password length" policy should meet minimum requirements.

oval:org.secpod.oval:def:8401
The "Shut Down system immediately if unable to log security audits" policy should be set correctly.

oval:org.secpod.oval:def:8402
The "Use FIPS compliant algorithms for encryption, hashing, and signing" policy should be set correctly.

oval:org.secpod.oval:def:8409
The "Require Strong (Windows 2000 or later) Session Key" policy should be set correctly.

oval:org.secpod.oval:def:8416
The "Require Domain Controller authentication to unlock workstation" policy should be set correctly.

oval:org.secpod.oval:def:8417
IRDP should be properly configured.

oval:org.secpod.oval:def:8410
The "Allow Server Operators to Schedule Tasks" policy should be set correctly.

oval:org.secpod.oval:def:8413
The startup type of the Messenger service should be correct.

oval:org.secpod.oval:def:8418
The "Secure Channel: Digitally Sign Secure Channel Data (When Possible)" policy should be set correctly.

oval:org.secpod.oval:def:8419
Display Last User Name in Logon Screen should be properly configured.

oval:org.secpod.oval:def:10034
The startup type of the Automatic Update service should be correct.

oval:org.secpod.oval:def:10035
The startup type of the Internet Connection Sharing service should be correct.

oval:org.secpod.oval:def:10036
The correct service permissions for the SNMP Trap service should be assigned.

oval:org.secpod.oval:def:10040
The startup type of the Terminal Services service should be correct.

oval:org.secpod.oval:def:10041
The 'Allow Administrator to Install from Terminal Services Session' policy should be set correctly.

oval:org.secpod.oval:def:10042
The 'Prevent Codec Download' policy should be set correctly for Windows MediaPlayer.

oval:org.secpod.oval:def:10043
The 'Allow System to be Shut Down Without Having to Log On' policy should be set correctly.

oval:org.secpod.oval:def:10044
TCP/IP Dead Gateway Detection should be properly configured.

oval:org.secpod.oval:def:10045
The 'restrict guest access to security log' policy should be set correctly.

oval:org.secpod.oval:def:10046
The 'Security Zones: Do Not Allow Users to Add/Delete Sites' setting should be configured correctly.

oval:org.secpod.oval:def:10047
The startup type of the Telnet service should be correct.

oval:org.secpod.oval:def:10037
The correct service permissions for the Alerter service should be assigned.

oval:org.secpod.oval:def:10038
The 'Restrict Floppy Access to Locally Logged-On User Only' policy should be set correctly.

oval:org.secpod.oval:def:10039
Auditing of 'directory service access' events on success should be enabled or disabled as appropriate..

oval:org.secpod.oval:def:10073
The behavior surrounding Anonymous SID/Name translation should be correct.

oval:org.secpod.oval:def:10074
The 'Security Zones: Use Only Machine Settings' setting should be configured correctly.

oval:org.secpod.oval:def:10075
The 'when maximum log size is reached' property should be set correctly for the System log.

oval:org.secpod.oval:def:10076
Auditing of 'account management' events on success should be enabled or disabled as appropriate..

oval:org.secpod.oval:def:10077
The startup type of the Remote Access Auto connection Manager service should be correct.

oval:org.secpod.oval:def:8487
The "System cryptography: Force strong key protection for user keys stored on the computer" policy should be enabled or disabled as appropriate.

oval:org.secpod.oval:def:10078
The correct service permissions for the FTP Publishing service should be assigned.

oval:org.secpod.oval:def:8488
The number of SYN-ACK retransmissions sent when attempting to respond to a SYN request should be configured correctly.

oval:org.secpod.oval:def:8489
The Security Audit log warning level should be properly configured.

oval:org.secpod.oval:def:10070
Auditing of 'privilege use' events on failure should be enabled or disabled as appropriate..

oval:org.secpod.oval:def:10071
The startup type of the Simple Mail Transport Protocol (SMTP) service should be correct.

oval:org.secpod.oval:def:10072
Auditing of 'logon' events on failure should be enabled or disabled as appropriate.

oval:org.secpod.oval:def:8484
The "Registry policy processing" policy should be enabled or disabled as appropriate.

oval:org.secpod.oval:def:8485
Anonymous access to Named Pipes and Shares via the network should be enabled or disabled as appropriate.

oval:org.secpod.oval:def:8486
The "Remotely accessible registry paths and subpaths" policy should be set correctly.

oval:org.secpod.oval:def:8481
The number of retransmissions sent of TCP data segments before the connection is dropped should be set correctly.

oval:org.secpod.oval:def:8482
The "System settings: Use Certificate Rules on Windows Executables for Software Restriction Policies" setting should be configured properly.

oval:org.secpod.oval:def:10084
Auditing of 'account logon' events on failure should be enabled or disabled as appropriate..

oval:org.secpod.oval:def:10085
The correct service permissions for the Indexing service should be assigned.

oval:org.secpod.oval:def:10086
The startup type of the Universal Plug and Play Device Host (UPnP) service should be correct.

oval:org.secpod.oval:def:10087
The 'Security Zones: Do Not Allow Users to Change Policies' setting should be configured correctly.

oval:org.secpod.oval:def:10088
The correct service permissions for the NetMeeting service should be assigned.

oval:org.secpod.oval:def:10089
The 'when maximum log size is reached' property should be set correctly for the Security log.

oval:org.secpod.oval:def:10080
Installation and Configuration of Network Bridge on the DNS Domain Network should be properly configured.

oval:org.secpod.oval:def:10081
Auditing of 'account management' events on failure should be enabled or disabled as appropriate..

oval:org.secpod.oval:def:10082
Auditing of 'process tracking' events on failure should be enabled or disabled as appropriate.

oval:org.secpod.oval:def:10083
The correct service permissions for the SMTP service should be assigned.

oval:org.secpod.oval:def:8490
The "Digitally Sign Client Communication (When Possible)" policy should be set correctly.

oval:org.secpod.oval:def:8491
The time in seconds before the screen saver grace period expires (ScreenSaverGracePeriod) setting should be configured correctly.

oval:org.secpod.oval:def:8492
The "Prevent System Maintenance of Computer Account Password" policy should be set correctly.

oval:org.secpod.oval:def:10051
The 'Enable User to Browser for Source While Elevated' policy should be set correctly.

oval:org.secpod.oval:def:8469
The amount of idle time required before disconnecting a session should be set correctly.

oval:org.secpod.oval:def:10052
The correct service permissions for the Remote Registry service should be assigned.

oval:org.secpod.oval:def:10053
The startup type of the Background Intelligent Transfer Service (BITS) service should be correct.

oval:org.secpod.oval:def:10054
Auditing of 'privilege use' events on success should be enabled or disabled as appropriate..

oval:org.secpod.oval:def:10055
The correct service permissions for the Terminal Services service should be assigned.

oval:org.secpod.oval:def:10056
The TCPMaxPortsExhausted setting should be properly configured.

oval:org.secpod.oval:def:8466
Disable saving of dial-up passwords should be properly configured.

oval:org.secpod.oval:def:10057
The correct service permissions for the Printer service should be assigned.

oval:org.secpod.oval:def:8467
The "Enable Error Reporting" policy should be set correctly.

oval:org.secpod.oval:def:10058
The 'No auto-restart with logged on users for scheduled automatic updates installations' setting should be enabled or disabled as appropriate.

oval:org.secpod.oval:def:8468
The "Minimum session security for NTLM SSP based servers" policy should be set correctly.

oval:org.secpod.oval:def:10050
The startup type of the Print Services for Unix service should be correct.

oval:org.secpod.oval:def:10048
Auditing of 'directory service access' events on failure should be enabled or disabled as appropriate..

oval:org.secpod.oval:def:10049
If the Security log's retention method is set to "Overwrite events by days," an appropriate value should be set for the number of days' logs to keep.

oval:org.secpod.oval:def:8462
MSS: (EnableICMPRedirect) Allow ICMP redirects to override OSPF generated routes

oval:org.secpod.oval:def:8463
The "Remotely accessible registry paths" policy should be set correctly. The "Remotely accessible registry paths" policy should be set correctly.

oval:org.secpod.oval:def:8464
The "Secure Channel: Digitally Encrypt or Sign Secure Channel Data (Always)" policy should be set correctly.

oval:org.secpod.oval:def:8460
The "Force logoff when logon hours expire" policy should be set correctly.

oval:org.secpod.oval:def:10063
Auditing of 'policy change' events on failure should be enabled or disabled as appropriate.

oval:org.secpod.oval:def:10065
Auditing of 'account logon' events on success should be enabled or disabled as appropriate.

oval:org.secpod.oval:def:10066
The security log maximum size should be configured correctly..

oval:org.secpod.oval:def:8476
The "Users Prompted to Change Password Before Expiration" policy should be set correctly.

oval:org.secpod.oval:def:10067
The startup type of the ClipBook service should be correct.

oval:org.secpod.oval:def:10068
The startup type of the IIS Admin service should be correct.

oval:org.secpod.oval:def:8478
The "Let Everyone permissions apply to anonymous users" policy should be set correctly.

oval:org.secpod.oval:def:10069
The correct service permissions for the SNMP service should be assigned.

oval:org.secpod.oval:def:8479
The "Remote Control Settings" policy should be set correctly for Terminal Services.

oval:org.secpod.oval:def:10060
Auditing of 'object access' events on success should be enabled or disabled as appropriate.

oval:org.secpod.oval:def:10061
Auditing of 'object access' events on failure should be enabled or disabled as appropriate.

oval:org.secpod.oval:def:10059
The 'restrict guest access to application log' policy should be set correctly.

oval:org.secpod.oval:def:8472
Safe DLL Search Mode should be properly configured.

oval:org.secpod.oval:def:8473
The "Limit Number of Connections" policy should be set correctly for Terminal Services.

oval:org.secpod.oval:def:8474
The "Unsigned Driver Installation Behavior" policy should be set correctly. The "Unsigned Driver Installation Behavior" policy should be set correctly.

oval:org.secpod.oval:def:8475
The "LDAP server signing requirements" policy should be set correctly.

oval:org.secpod.oval:def:8470
The "Prevent Users from Installing Printer Drivers" policy should be set correctly.

oval:org.secpod.oval:def:8471
The "Disconnect clients when logon hours expire" policy should be set correctly.

oval:org.secpod.oval:def:10095
Auditing of 'process tracking' events on success should be enabled or disabled as appropriate.

oval:org.secpod.oval:def:10096
If the System log's retention method is set to 'Overwrite events by days,' an appropriate value should be set for the number of days' logs to keep.

oval:org.secpod.oval:def:10097
The 'Secure Channel: Digitally Sign Secure Channel Data (When Possible)' policy should be set correctly.

oval:org.secpod.oval:def:10098
The startup type of the Remote Access Auto connection Manager service should be correct.

oval:org.secpod.oval:def:10099
The 'Anonymous access to the security event log' policy should be set correctly.

oval:org.secpod.oval:def:10090
The 'restrict guest access to system log' policy should be set correctly.

oval:org.secpod.oval:def:10091
The startup type of the World Wide Web Publishing service should be correct.

oval:org.secpod.oval:def:10092
The correct service permissions for the Messenger service should be assigned.

oval:org.secpod.oval:def:10093
The startup type of the Simple TCP/IP service should be correct.

oval:org.secpod.oval:def:10094
The system log maximum size should be configured correctly..

oval:org.secpod.oval:def:7691
The Screen Saver Executable Name setting should be configured correctly for the current user.

oval:org.secpod.oval:def:7692
The Screen Saver timeout setting should be configured correctly.

oval:org.secpod.oval:def:7690
The settings of screen saver should be enabled or disabled as appropriate for the current user.

oval:org.secpod.oval:def:7688
The Password protect the screen saver setting should be configured correctly.

oval:org.secpod.oval:def:7687
The Password protect the screen saver setting should be configured correctly.

oval:org.secpod.oval:def:7893
Account lockout threshold is the profile defined number of invalid logon attempts

oval:org.secpod.oval:def:10150
The 'Allow automatic updates immediate installation' setting should be enabled or disabled as appropriate.

oval:org.secpod.oval:def:10151
The 'Do Not Allow Local Administrators to Customize Permissions' policy should be set correctly for Terminal Services.

oval:org.secpod.oval:def:10152
The 'Disable Periodic Check For Internet Explorer Software Updates' setting should be configured correctly.

oval:org.secpod.oval:def:10153
The 'Audit the use of backup and restore privilege' policy should be set correctly.

oval:org.secpod.oval:def:10154
Administrative Shares should be enabled or disabled as appropriate.

oval:org.secpod.oval:def:10155
The 'Maximum User Renewal Lifetime' policy should be set correctly.

oval:org.secpod.oval:def:10156
Automatic Reboot After System Crash should be enabled or disabled as appropriate.

oval:org.secpod.oval:def:10147
The 'Always Install with Elevated Privileges' policy should be set correctly.

oval:org.secpod.oval:def:10148
The 'Secure Channel: Digitally Encrypt Secure Channel Data (When Possible)' policy should be set correctly.

oval:org.secpod.oval:def:10149
The 'Enable User to Patch Elevated Products' policy should be set correctly.

oval:org.secpod.oval:def:10161
Authentication requirements for RPC clients should be configured appropriately.

oval:org.secpod.oval:def:10162
The 'Interactive logon: Requre smart card' setting should be configured correctly.

oval:org.secpod.oval:def:10163
The 'DCOM: Machine Launch Restrictions in the Security Descriptor Definition Language (SDDL) syntax' security option should be set correctly.

oval:org.secpod.oval:def:10164
Kerberos and RSVP Traffic Protected by IPSec should be properly configured.

oval:org.secpod.oval:def:10160
The automatic generation of 8.3 file names for NTFS should be enabled or disabled as appropriate.

oval:org.secpod.oval:def:10158
RPC Endpoint Mapper Client Authentication should be enabled or disabled as appropriate.

oval:org.secpod.oval:def:10159
System availability to Master Browser should be properly configured.

oval:org.secpod.oval:def:10130
The startup type of the Background Intelligent Transfer Service (BITS) service should be correct.

oval:org.secpod.oval:def:10131
The startup type of the .NET Framework service should be correct.

oval:org.secpod.oval:def:10132
The correct service permissions for the ClipBook service should be assigned.

oval:org.secpod.oval:def:8388
The "Do Not Automatically Start Windows Messenger" policy should be set correctly.

oval:org.secpod.oval:def:10133
The 'Do Not Allow Windows Messenger to be Run' policy should be set correctly.

oval:org.secpod.oval:def:10134
The 'Reschedule Automatic Updates scheduled installations' setting should be enabled or disabled as appropriate.

oval:org.secpod.oval:def:10135
The correct service permissions for the Fax service should be assigned.

oval:org.secpod.oval:def:10125
The startup type of the Remote Registry service should be correct.

oval:org.secpod.oval:def:8384
The "Maximum Service Ticket Lifetime" policy should be set correctly.

oval:org.secpod.oval:def:10126
The startup type of the Indexing service should be correct.

oval:org.secpod.oval:def:10127
The startup type of the Routing and Remote Access service should be correct.

oval:org.secpod.oval:def:8386
The "Digitally Sign Server Communication (Always)" policy should be set correctly.

oval:org.secpod.oval:def:10128
The startup type of the Alerter service should be correct.

oval:org.secpod.oval:def:8387
Background Refresh of Group Policy should be properly configured.

oval:org.secpod.oval:def:10129
The correct service permissions for the Automatic Updates service should be assigned.

oval:org.secpod.oval:def:8380
The "Digitally Sign Server Communication (When Possible)" policy should be set correctly.

oval:org.secpod.oval:def:8383
IP Source Routing should be properly configured.

oval:org.secpod.oval:def:10140
The 'Hide Property Pages' policy should be set correctly for the Task Scheduler.

oval:org.secpod.oval:def:10141
The 'Specify intranet Microsoft update service location' setting should be enabled or disabled as appropriate.

oval:org.secpod.oval:def:10142
TCP/IP PMTU Discovery should be properly configured.

oval:org.secpod.oval:def:10143
Automatic updates should be enabled or disabled as appropriate.

oval:org.secpod.oval:def:8399
The "Do not allow storage of credentials or .NET Passports" policy should be set correctly.

oval:org.secpod.oval:def:10144
The 'Prohibit New Task Creation' policy should be set correctly for the Task Scheduler.

oval:org.secpod.oval:def:10145
The 'Audit the access of global system objects' policy should be set correctly.

oval:org.secpod.oval:def:10146
The startup type of the Removable Storage service should be correct.

oval:org.secpod.oval:def:10136
The 'Always Prompt Client for Password upon Connection' policy should be set correctly for Terminal Services.

oval:org.secpod.oval:def:10137
The correct service permissions for the Remote Desktop Help Session Manager service should be assigned.

oval:org.secpod.oval:def:8396
The "Secure Channel: Digitally Encrypt Secure Channel Data (When Possible)" policy should be set correctly.

oval:org.secpod.oval:def:10138
The 'Restrict CD-ROM Access to Locally Logged-On User Only' policy should be set correctly.

oval:org.secpod.oval:def:10139
The 'Make Proxy Settings Per-Machine (Rather Then Per-User)' setting should be configured correctly.

oval:org.secpod.oval:def:8393
The "Limit local account user of blank passwords to console logon only" policy should be set correctly.

oval:org.secpod.oval:def:8367
The "Send Unencrypted Password to Connect to Third-Party SMB Servers" policy should be set correctly.

oval:org.secpod.oval:def:8368
The "Set time limit for disconnected sessions" policy should be set correctly for Terminal Services.

oval:org.secpod.oval:def:8360
The TCP/IP KeepAlive Time should be set correctly.

oval:org.secpod.oval:def:8361
TCP/IP NetBIOS Name Release on Request Prevented should be properly configured.

oval:org.secpod.oval:def:8378
The "Sharing and security model for local accounts" policy should be set correctly.

oval:org.secpod.oval:def:8373
The "Strengthen Default Permissions of Global System Objects" policy should be set correctly.

oval:org.secpod.oval:def:8374
The "Maximum machine account password age" policy should be set correctly.

oval:org.secpod.oval:def:8376
The "Disable CTRL+ALT+Delete Requirement for Logon" policy should be set correctly.

oval:org.secpod.oval:def:8370
The startup type of the NetMeeting Remote Desktop Sharing service should be correct.

oval:org.secpod.oval:def:8372
The "Default owner for objects created by members of the Administrators group" policy should be set correctly.

oval:org.secpod.oval:def:8359
The "Message title for users attempting to log on" policy should be set correctly.

oval:org.secpod.oval:def:8357
The "store password using reversible encryption for all users in the domain" policy should be set correctly.

oval:org.secpod.oval:def:10110
If the Application log's retention method is set to 'Overwrite events by days,' an appropriate value should be set for the number of days' logs to keep.

oval:org.secpod.oval:def:10111
The correct service permissions for the WWW Publishing service should be assigned.

oval:org.secpod.oval:def:10113
The correct service permissions for the IIS Admin service should be assigned.

oval:org.secpod.oval:def:10103
Auditing of 'policy change' events on success should be enabled or disabled as appropriate.

oval:org.secpod.oval:def:10104
The 'Enable User Control Over Installs' policy should be set correctly.

oval:org.secpod.oval:def:10105
The application log maximum size should be configured correctly..

oval:org.secpod.oval:def:10106
The startup type of the Print Services for Unix service should be correct.

oval:org.secpod.oval:def:10107
The startup type of the Remote Desktop Help Session Manager service should be correct.

oval:org.secpod.oval:def:10108
The startup type of the Task Scheduler service should be correct.

oval:org.secpod.oval:def:10109
The startup type of the Fax service should be correct.

oval:org.secpod.oval:def:10120
The 'Disable Automatic Install of Internet Explorer Components' setting should be configured correctly.

oval:org.secpod.oval:def:10121
The startup type of the Remote Shell service should be correct.

oval:org.secpod.oval:def:10122
Auditing of 'logon' events on success should be enabled or disabled as appropriate.

oval:org.secpod.oval:def:10123
The 'Automatic Updates detection frequency' should be set correctly.

oval:org.secpod.oval:def:10124
Auditing of 'system' events on failure should be enabled or disabled as appropriate.

oval:org.secpod.oval:def:10114
The startup type of the FTP Publishing service should be correct.

oval:org.secpod.oval:def:10115
The correct service permissions for the Telnet service should be assigned.

oval:org.secpod.oval:def:10116
The 'Enable User to Use Media Source While Elevated' policy should be set correctly.

oval:org.secpod.oval:def:10117
The behavior surrounding Anonymous users' ability to display lists of SAM accounts and shares should be correct.

oval:org.secpod.oval:def:10118
The 'Clear Virtual Memory Pagefile at shutdown' policy should be set correctly.

oval:org.secpod.oval:def:10119
Auditing of 'system' events on success should be enabled or disabled as appropriate.

oval:org.secpod.oval:def:10100
The startup type of the SNMP Service service should be correct.

oval:org.secpod.oval:def:10101
The startup type of the SNMP Trap Service service should be correct.

oval:org.secpod.oval:def:10102
The startup type of the SSDP Discovery service should be correct.

oval:org.secpod.oval:def:19806
The host is installed with Microsoft Office 2010, 2007, Lync 2010, 2013, SP1, Lync Basic 2013, SP1 or Lync 2010 Attendee and is prone to remote code execution vulnerability. A flaw is present in the applications, which fail to properly handle specially crafted files in a way that corrupts memory. Su ...

oval:org.secpod.oval:def:19807
The host is installed with Microsoft Office 2010, 2007, Lync 2010, 2013, SP1, Lync Basic 2013, SP1 or Lync 2010 Attendee and is prone to remote code execution vulnerability. A flaw is present in the applications, which fail to properly validate specially crafted files. Successful exploitation allows ...

oval:org.secpod.oval:def:20777
The host is installed with Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application , which fails to properly access objects in memory. Successful exploitation could allow attackers to execute arbitrary code.

oval:org.secpod.oval:def:20786
The host is installed with Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application , which fails to properly access objects in memory. Successful exploitation could allow attackers to execute arbitrary code.

oval:org.secpod.oval:def:20785
The host is installed with Internet Explorer 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application , which fails to properly access objects in memory. Successful exploitation could allow attackers to execute arbitrary code.

oval:org.secpod.oval:def:20792
The host is installed with Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application , which fails to properly access objects in memory. Successful exploitation could allow attackers to execute arbitrary code.

oval:org.secpod.oval:def:20798
The host is installed with Internet Explorer 7, 8, 9 or 10 and is prone to a memory corruption vulnerability. A flaw is present in the application , which fails to properly access objects in memory. Successful exploitation could allow attackers to execute arbitrary code.

oval:org.secpod.oval:def:21051
The host is installed with Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which improperly accesses objects in memory. Successful exploitation could allow attackers to execute arbitrary code or cause a denial of service ...

oval:org.secpod.oval:def:21055
The host is installed with Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which improperly accesses objects in memory. Successful exploitation could allow attackers to execute arbitrary code or cause a denial of service ...

oval:org.secpod.oval:def:21056
The host is installed with Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which improperly accesses objects in memory. Successful exploitation could allow attackers to execute arbitrary code or cause a denial of service ...

oval:org.secpod.oval:def:21053
The host is installed with Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which improperly accesses objects in memory. Successful exploitation could allow attackers to execute arbitrary code or cause a denial of service ...

oval:org.secpod.oval:def:21054
The host is installed with Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which improperly accesses objects in memory. Successful exploitation could allow attackers to execute arbitrary code or cause a denial of service ...

oval:org.secpod.oval:def:21075
The host is installed with Internet Explorer 6 through 10 and is prone to a memory corruption vulnerability. A flaw is present in the application, which improperly accesses objects in memory. Successful exploitation could allow attackers to execute arbitrary code or cause a denial of service.

oval:org.secpod.oval:def:21057
The host is installed with Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which improperly accesses objects in memory. Successful exploitation could allow attackers to execute arbitrary code or cause a denial of service ...

oval:org.secpod.oval:def:21058
The host is installed with Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which improperly accesses objects in memory. Successful exploitation could allow attackers to execute arbitrary code or cause a denial of service ...

oval:org.secpod.oval:def:21078
The host is installed with Internet Explorer 6 through 8 and is prone to a memory corruption vulnerability. A flaw is present in the application, which improperly accesses objects in memory. Successful exploitation could allow attackers to execute arbitrary code or cause a denial of service.

oval:org.secpod.oval:def:21059
The host is installed with Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which improperly accesses objects in memory. Successful exploitation could allow attackers to execute arbitrary code or cause a denial of service ...

oval:org.secpod.oval:def:21060
The host is installed with Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which improperly accesses objects in memory. Successful exploitation could allow attackers to execute arbitrary code or cause a denial of service ...

oval:org.secpod.oval:def:21061
The host is installed with Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which improperly accesses objects in memory. Successful exploitation could allow attackers to execute arbitrary code or cause a denial of service ...

oval:org.secpod.oval:def:21062
The host is installed with Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which improperly accesses objects in memory. Successful exploitation could allow attackers to execute arbitrary code or cause a denial of service ...

oval:org.secpod.oval:def:21063
The host is installed with Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which improperly accesses objects in memory. Successful exploitation could allow attackers to execute arbitrary code or cause a denial of service ...

oval:org.secpod.oval:def:21362
The host is installed with Microsoft Windows Server 2003, Server 2008, Server 2008 R2, Windows Vista, Windows 7, Server 2012, Server 2012 R2, Windows 8 or Windows 8.1 and is prone to a remote code execution vulnerability. A flaw is present in the application, which fails to properly handle TrueType ...

oval:org.secpod.oval:def:20096
The host is installed with Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, Windows 8.1 or Windows Server 2012 R2 and is prone to a privilege escalation vulnerability. A flaw is present in the application, which fails to properly validat ...

oval:org.secpod.oval:def:21361
The host is installed with Microsoft Windows Server 2003, Server 2008, Server 2008 R2, Windows Vista, Windows 7, Server 2012, Server 2012 R2, Windows 8 or Windows 8.1 and is prone to an elevation of privilege vulnerability. A flaw is present in the application, which fails to properly handle objects ...

oval:org.secpod.oval:def:16532
The host is installed with Microsoft Windows XP or Server 2003 and is prone to elevation of privilege vulnerability. The flaw is present in the NDProxy component of the Windows kernel, which fails to handle the specially crafted application. Successful exploitation allows the remote attackers to tak ...

oval:org.secpod.oval:def:78
The host is installed with Microsoft Internet Explorer is prone to Cascading Style Sheets (CSS) memory corruption vulnerability. A flaw is present in the application, which fails to properly handle recursive memory access while importing a CSS. Successful exploitation could allow attackers to gain t ...

oval:org.secpod.oval:def:53
The host is installed with Microsoft Windows Fax Services Cover Page Editor and is prone to heap-based buffer overflow vulnerability. The flaw is present in the CDrawPoly::Serialize function in fxscover.exe. Successful exploitation allows remote attackers to execute arbitrary code via a long record ...

oval:org.secpod.oval:def:81
The host is installed with Microsoft Internet Explorer is prone to insecure library loading vulnerability. A flaw is present in the application, which fails to properly handle loading of dll files. Successful exploitation could allow attackers to execute arbitrary code and gain the same user rights ...

oval:org.secpod.oval:def:44
The host is installed with Microsoft Internet Explorer 9 or earlier version which is prone to denial of service vulnerability. A flaw is present in the application, which is caused by DOM implementation. Successful exploitation allows remote attackers to trigger an incorrect GUI display.

oval:org.secpod.oval:def:39
The host is installed with Microsoft Windows Human Interface Device (HID) driver and is prone to security bypass vulnerability. A flaw is present in the device driver, which allows keyboard or mouse functionality to the USB connection without giving a warning to the user. Successful exploitation cou ...

oval:org.secpod.oval:def:1201
The host is installed with Microsoft Internet Explorer and is prone information disclosure vulnerability. A flaw is present in the browser, which fails to handle a crafted Web page. Successful exploitation could allow remote attackers to execute arbitrary code or gain sensitive information.

oval:org.secpod.oval:def:1200
The host is installed with Microsoft Internet Explorer and is prone to DOM manipulation memory corruption vulnerability. A flaw is present in the browser, which fails to access an object that has not been properly initialized or has been deleted. Successful exploitation could allow remote attackers ...

oval:org.secpod.oval:def:1271
The host is installed with Microsoft Internet Explorer and is prone to MIME sniffing information disclosure vulnerability. A flaw is present in the browser, which allows to view content from a different domain or zone when a user downloads Web content. Successful exploitation could allow remote atta ...

oval:org.secpod.oval:def:451
The host is installed with Microsoft Internet Explorer and is prone to arbitrary code execution vulnerability. A flaw is present in the browser, which allows bypassing DEP (data execution prevention) and ASLR (address space layout randomization) protection mechanisms used in IE Protected Mode sandbo ...

oval:org.secpod.oval:def:1754
The host is installed with Microsoft .NET Framework 2.0 SP2 or 3.5.1 SP1 or 4.0 and is prone to information disclosure vulnerability. A flaw is present in the applications which fails to properly validate the trust level within the System.Net.Sockets namespace. Successful exploitation allows attacke ...

oval:org.secpod.oval:def:3429
The host is installed with Internet Explorer 9 and is prone to information disclosure vulnerability. A flaw is present in the application, which fails to properly handle XSS Filter. Successful exploitation allows attackers to view content from another domain or Internet Explorer zone.

oval:org.secpod.oval:def:2530
The host is installed with Microsoft Internet Explorer 6 and is prone to a remote code execution vulnerability. A flaw is present in the application, which fails to properly handle deleted elements. Successful exploitation could allow an attacker to execute arbitrary code.

oval:org.secpod.oval:def:2532
The host is installed with Internet Explorer 8 and is prone to a remote code execution vulnerability. A flaw is present in the application, which fails to access a dereference memory address. Successful exploitation could allow attackers to execute arbitrary code.

oval:org.secpod.oval:def:4158
The host is installed with Microsoft .NET Framework 2.0 SP2, and 3.5.1 and is prone heap corruption vulnerability. A flaw is present in the Microsoft .NET Framework, which fails to handle calculation of buffer length while processing specially crafted input. Successful exploitation could allow remot ...

oval:org.secpod.oval:def:5629
The host is installed with Microsoft .NET Framework 4 and is prone buffer allocation vulnerability. A flaw is present in the application, which fails to handle a specially crafted Microsoft .NET Framework application. Successful exploitation could allow remote attackers to install programs, view, ch ...

oval:org.secpod.oval:def:5630
The host is installed with Microsoft .NET Framework 4 and is prone index comparison vulnerability. A flaw is present in the applications, which fails to handle WPF APIs. Successful exploitation could allow remote attackers to execute code or to elevate their user rights in any fashion.

oval:org.secpod.oval:def:6026
The host is installed with Microsoft .Net framework 2.0 Sp2 or 3.5.1 or 4.0 or 4.5 Beta and is prone to remote code execution vulnerability. A flaw is present in the application, which fails to properly execute a function pointer. Successful exploitation allows attackers to take complete control of ...

oval:org.secpod.oval:def:6045
The host is installed with Internet Explorer 8 and is prone to a remote code execution vulnerability. A flaw is present in the application, which fails to properly handle objects in memory. Successful exploitation could allow attackers to execute arbitrary code.

oval:org.secpod.oval:def:7925
The host is installed with Microsoft .NET Framework 2.0 SP2 or 3.5.1 and is prone to Code access security info disclosure vulnerability. A flaw is present in the applications, which does not properly sanitize the output of a function when called from partially trusted code. Successful exploitation a ...

oval:org.secpod.oval:def:14289
The host is installed with Microsoft Internet Explorer 7 or 8 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly process a webpage. Successful exploitation could allow attackers to execute arbitrary code or cause a denial of service via a ...

oval:org.mitre.oval:def:5708
The Active Template Library (ATL) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via vectors related to erroneous free operations after reading a variant from a stream and deleti ...

oval:org.mitre.oval:def:6510
The Common Language Runtime (CLR) in Microsoft .NET Framework 2.0, 2.0 SP1, 2.0 SP2, 3.5, and 3.5 SP1, and Silverlight 2, does not properly handle interfaces, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP), (2) a crafted Silverlight applicat ...

oval:org.mitre.oval:def:6257
Microsoft Windows Media Format Runtime 9.0, 9.5, and 11 and Windows Media Services 9.1 and 2008 do not properly parse malformed headers in Advanced Systems Format (ASF) files, which allows remote attackers to execute arbitrary code via a crafted (1) .asf, (2) .wmv, or (3) .wma file, aka "Windows Med ...

oval:org.mitre.oval:def:5846
Integer overflow in the text converters in Microsoft Office Word 2002 SP3 and 2003 SP3; Works 8.5; Office Converter Pack; and WordPad in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to execute arbitrary code via a DOC file with an invalid number of property names in ...

oval:org.mitre.oval:def:12188
Heap-based buffer overflow in the Intel Indeo41 codec for Windows Media Player in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to execute arbitrary code via a large size value in a movi record in an IV41 stream in a media file, as demonstrated by an AVI fil ...

oval:org.mitre.oval:def:11596
Stack-based buffer overflow in the Intel Indeo41 codec for Windows Media Player in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to execute arbitrary code via crafted compressed video data in an IV41 stream in a media file, leading to many loop iterations, a ...

oval:org.mitre.oval:def:8064
Heap-based buffer overflow in DirectShow in Microsoft DirectX, as used in the AVI Filter on Windows 2000 SP4, Windows XP SP2 and SP3, and Windows Server 2003 SP2, and in Quartz on Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 ...

oval:org.mitre.oval:def:7170
vbscript.dll in VBScript 5.1, 5.6, 5.7, and 5.8 in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2, when Internet Explorer is used, allows user-assisted remote attackers to execute arbitrary code by referencing a (1) local pathname, (2) UNC share pathname, or (3) WebDAV server with a ...

oval:org.mitre.oval:def:7468
Cross-site scripting (XSS) vulnerability in _layouts/help.aspx in Microsoft SharePoint Server 2007 12.0.0.6421 and possibly earlier, and SharePoint Services 3.0 SP1 and SP2, versions, allows remote attackers to inject arbitrary web script or HTML via the cid0 parameter.

oval:org.mitre.oval:def:7120
Heap-based buffer overflow in the Local Security Authority Subsystem Service (LSASS), as used in Active Directory in Microsoft Windows Server 2003 SP2 and Windows Server 2008 Gold, SP2, and R2; Active Directory Application Mode (ADAM) in Windows XP SP2 and SP3 and Windows Server 2003 SP2; and Active ...

oval:org.secpod.oval:def:3246
The host is missing a critical security update according to Microsoft security bulletin, MS10-039. The update is required to fix privilege escalation vulnerabilities. Flaws are present in the Microsoft SharePoint server and Office InfoPath, which fails to validate specially crafted requests. Success ...

oval:org.mitre.oval:def:6677
Cross-site scripting (XSS) vulnerability in the toStaticHTML API, as used in Microsoft Office InfoPath 2003 SP3, 2007 SP1, and 2007 SP2; Office SharePoint Server 2007 SP1 and SP2; SharePoint Services 3.0 SP1 and SP2; and Internet Explorer 8 allows remote attackers to inject arbitrary web script or H ...

oval:org.mitre.oval:def:7241
Unspecified vulnerability in Microsoft Windows SharePoint Services 3.0 SP1 and SP2 allows remote attackers to cause a denial of service (hang) via crafted requests to the Help page that cause repeated restarts of the application pool, aka "Sharepoint Help Page Denial of Service Vulnerability."

oval:org.mitre.oval:def:7286
Windows Shell and WordPad in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7; Microsoft Office XP SP3; Office 2003 SP3; and Office System 2007 SP1 and SP2 do not properly validate COM objects during instantiat ...

oval:org.mitre.oval:def:7517
Unspecified vulnerability in Quartz.dll for DirectShow; Windows Media Format Runtime 9, 9.5, and 11; Media Encoder 9; and the Asycfilt.dll COM component allows remote attackers to execute arbitrary code via a media file with crafted compression data, aka "Media Decompression Vulnerability."

oval:org.mitre.oval:def:7214
The Uniscribe (aka new Unicode Script Processor) implementation in USP10.DLL in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, and Server 2008 Gold and SP2, and Microsoft Office XP SP3, 2003 SP3, and 2007 SP2, does not properly validate tables associated with malformed OpenTyp ...

oval:org.mitre.oval:def:6833
Untrusted search path vulnerability in wab.exe 6.00.2900.5512 in Windows Address Book in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges via a Trojan horse wab32res.dll fi ...

oval:org.mitre.oval:def:7637
Cross-site scripting (XSS) vulnerability in the toStaticHTML function in Microsoft Internet Explorer 8, and the SafeHTML function in Microsoft Windows SharePoint Services 3.0 SP2 and Office SharePoint Server 2007 SP2, allows remote attackers to inject arbitrary web script or HTML via unspecified vec ...

oval:org.mitre.oval:def:7275
Cross-site scripting (XSS) vulnerability in the toStaticHTML function in Microsoft Internet Explorer 8, and the SafeHTML function in Microsoft Windows SharePoint Services 3.0 SP2 and Office SharePoint Server 2007 SP2, allows remote attackers to inject arbitrary web script or HTML via unspecified vec ...

oval:org.secpod.oval:def:1559
The host is missing a critical security update according to Microsoft security bulletin, MS10-072. The update is required to fix information disclosure vulnerabilities. Multiple flaws are present in the SafeHTML, which fails to validate malicious HTML code. Successful exploitation could allow an att ...

oval:org.secpod.oval:def:714
The host is installed with Microsoft .NET Framework and is prone to remote code execution vulnerability. A flaw is present in x86 JIT compiler, which fails to compiling certain function calls. Successful exploitation could allow remote attackers to corrupt the stack and execute remote code.

oval:org.secpod.oval:def:820
The host is missing a Critical security update according to Microsoft security bulletin, MS11-028. The update is required to fix a remote code execution vulnerability in Microsoft .NET Framework. A flaw is present in the JIT compiler, which fails to compile certain function calls. Successful ex ...

oval:org.secpod.oval:def:84
The host is installed with Microsoft Graphics Rendering Engine and is prone to stack-based buffer overflow vulnerability. A flaw is present in the "CreateSizedDIBSECTION()" function within the "shimgvw.dll" module, which fails to properly parse a malformed thumbnail image. Successful exploitation co ...

oval:org.secpod.oval:def:1046
The host is missing an critical security update according to Microsoft security bulletin, MS11-006. The update is required to fix stack-based buffer overflow vulnerability. A flaw is present in the "CreateSizedDIBSECTION()" function within the "shimgvw.dll" module, which fails to properly parse a ma ...

oval:org.secpod.oval:def:991
The host is missing an important security update according to Microsoft security bulletin, MS11-024. The update is required to fix multiple remote code execution vulnerabilities. Flaws are present in the application, whci fails to handle malicious Fax Cover Page (.cov) files. Successful exploitation ...

oval:org.secpod.oval:def:659
The host is installed with Microsoft Windows and is prone to remote code execution vulnerability. A flaw is present in Windows Fax cover page editor, which fails to parse specially created fax cover pages. Successful exploitation could remote code execution.

oval:org.secpod.oval:def:90
The host is installed with Microsoft Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2 and is prone to elevation of privilege vulnerability. A flaw is present in Microsoft Windows, which fails to handle proper interaction of drivers with the Windo ...

oval:org.secpod.oval:def:1036
The host is missing an Important security update according to Microsoft security bulletin, MS11-011. The update is required to fix elevation of privilege vulnerability in Windows 7 or Windows Server 2003 or Windows Server 2008 or Windows Vista or Windows XP. A flaw is present in the Microsoft Window ...

oval:org.secpod.oval:def:297
The host is installed with Microsoft Remote Desktop client and is prone to remote code execution vulnerability. A flaw is present in the application which fails to handle the loading of DLL files. Successful exploitation could allow an attacker to execute arbitrary code on the remote system.

oval:org.secpod.oval:def:990
The host is missing an Important security update according to Microsoft security bulletin, MS11-017. The update is required to fix remote code execution vulnerability in Microsoft Windows Remote Desktop Client. A flaw is present in the application which fails to handle the loading of DLL files. Succ ...

oval:org.secpod.oval:def:980
The host is missing an Important security update according to Microsoft security bulletin, MS11-033. The update is required to fix remote code execution vulnerability in Windows XP and Windows Server 2003. A flaw is present in microsoft Wordpad which does not properly parse specially crafted Word do ...

oval:org.secpod.oval:def:89
The host is installed with Windows Client/Server Run-time Subsystem (CSRSS) in Windows XP and Windows Server 2003 and is prone to elevated privileges vulnerability. A flaw is present in CSRSS, which fails to handle a specially crafted application that continues to run even after log off. Successful ...

oval:org.secpod.oval:def:1035
The host is missing an Important security update according to Microsoft security bulletin, MS11-010. The update is required to fix elevation of privilege vulnerability in Windows Client/Server Run-time Subsystem (CSRSS) in Windows XP and Windows Server 2003. A flaw is present in CSRSS, which fails t ...

oval:org.secpod.oval:def:657
The host is installed with Windows XP or Windows Server 2003 and is prone to remote code execution vulnerability. A flaw is present in microsoft wordPad which does not properly parse specially crafted Word documents. Successful exploitation allow attackers to remote code execution if a user opens a ...

oval:org.secpod.oval:def:992
The host is missing a Critical security update according to Microsoft security bulletin, MS11-032. The update is required to fix remote code execution vulnerability in Windows 7 or Windows Server 2003 or Windows Server 2008 or Windows Vista or Windows XP. A flaw is present in the OpenType Font (OTF) ...

oval:org.secpod.oval:def:995
The host is missing a critical security update according to Microsoft security bulletin, MS11-029. The update is required to fix remote code execution vulnerability in Microsoft Windows. A flaw is present in GDI+ which does not properly handle integer calculations. Successful exploitation allows att ...

oval:org.secpod.oval:def:998
The host is missing an Important security update according to Microsoft security bulletin, MS11-014. The update is required to fix privilege escalation vulnerability in Windows Local Security Authority Subsystem Service (LSASS). A flaw is present in LSASS, which fails to process some specially craft ...

oval:org.secpod.oval:def:80
The host is installed with Microsoft Internet Explorer is prone to uninitialized memory corruption vulnerability. A flaw is present in the application, which fails to properly handle an object that has not been correctly initialized or has been deleted. Successful exploitation could allow attackers ...

oval:org.secpod.oval:def:85
The host is installed with OpenType Compact Font Format (CFF) driver and is prone to remote code execution vulnerability. A flaw is present in the driver which fails to properly parse specially crafted OpenType fonts. Successful exploitation allows an attacker to run arbitrary code in kernel mode an ...

oval:org.secpod.oval:def:83
A denial of service vulnerability is present in Windows Active Directory server. A flaw is present in Microsoft Windows Active Directory Application Mode (ADAM), which fails to properly handle service principal name (SPN) update requests. Successful exploitation could allow an attacker to crash the ...

oval:org.secpod.oval:def:96
A privilege escalation vulnerability is present in Windows Local Security Authority Subsystem Service (LSASS). A flaw is present in LSASS, which fails to process some specially crafted authentication requests. Successful exploitation could allow an attacker to gain additional privileges and execute ...

oval:org.secpod.oval:def:1032
The host is missing a Critical security update according to Microsoft security bulletin, MS11-007. The update is required to fix remote code execution vulnerability in Windows OpenType Compact Font Format (CFF) driver. A flaw is present in the the driver which fails to properly parse specially craft ...

oval:org.secpod.oval:def:1045
The host is missing an important security update according to Microsoft security bulletin, MS11-005. The update is required to fix a denial of service vulnerability in Windows Active Directory server. A flaw is present in Microsoft Windows Active Directory, which fails to properly handle service pri ...

oval:org.secpod.oval:def:663
The host is installed with Windows XP, Windows Vista, Windows Server 2008, Windows Server 2003 and Office XP is prone to remote code execution vulnerability. A flaw is present in GDI+ which does not properly handle integer calculations. Successful exploitation allows attackers to run remote code exe ...

oval:org.secpod.oval:def:658
The host is installed with Windows 7 or Windows Server 2003 or Windows Server 2008 or Windows Vista or Windows XP and is prone to remote code execution vulnerability. A flaw is present in the OpenType Font (OTF) driver which fails to properly parse specially crafted OpenType fonts. Successful exploi ...

oval:org.secpod.oval:def:94
The host is installed with Windows XP or Windows Server 2003 and is prone to Unkeyed checksum vulnerability. A flaw is present in Kerberos implementation, which fails to restrict support for weak hashing mechanisms such as CRC32 allowing certain aspects of a Kerberos service ticket to be forged. Suc ...

oval:org.secpod.oval:def:101
A privilege escalation vulnerability is present in Windows kernel-mode drivers. A flaw is present in the driver, which fails to validate data passed from user mode to kernel mode. Successful exploitation could allow an attacker to gain additional privileges and execute arbitrary code.

oval:org.secpod.oval:def:100
A privilege escalation vulnerability is present in Windows kernel-mode drivers. A flaw is present in the driver, which fails to validate data passed from user mode to kernel mode. Successful exploitation could allow an attacker to gain additional privileges and execute arbitrary code.

oval:org.secpod.oval:def:99
A privilege escalation vulnerability is present in Windows kernel-mode drivers. A flaw is present in the driver, which fails to validate data passed from user mode to kernel mode. Successful exploitation could allow an attacker to gain additional privileges and execute arbitrary code.

oval:org.secpod.oval:def:98
A privilege escalation vulnerability is present in Windows kernel-mode drivers. A flaw is present in the driver, which fails to validate data passed from user mode to kernel mode. Successful exploitation could allow an attacker to gain additional privileges and execute arbitrary code.

oval:org.secpod.oval:def:97
A privilege escalation vulnerability is present in Windows kernel-mode drivers. A flaw is present in the driver, which fails to validate data passed from user mode to kernel mode. Successful exploitation could allow an attacker to gain additional privileges and execute arbitrary code.

oval:org.secpod.oval:def:1038
The host is missing an Important security update according to Microsoft security bulletin, MS11-013. The update is required to fix elevation of privilege vulnerability in Windows 7 or Windows Server 2003 or Windows Server 2008 R2 x64 or Windows XP. The flaws are present in the implementation of Kerb ...

oval:org.secpod.oval:def:1037
The host is missing an Important security update according to Microsoft security bulletin, MS11-012. The update is required to fix elevation of privilege vulnerability in Microsoft Windows. A flaw is present in the windows kernel-mode drivers which fails to validate data passed from user mode to ker ...

oval:org.secpod.oval:def:287
The host is installed with Microsoft Windows XP SP2 or SP3, Windows Server 2003 SP2, Windows Vista SP1 or SP2, Windows Server 2008 and SP2 or Windows 7 and is prone to information disclosure vulnerability. A flaw is present in MHTML implementation which fails to properly handle MIME format in a requ ...

oval:org.secpod.oval:def:996
The host is missing an Important security update according to Microsoft security bulletin, MS11-026. The update is required to fix information disclosure vulnerability. A flaw is present in MHTML implementation which fails to properly handle MIME format in a request for content blocks in a document. ...

oval:org.secpod.oval:def:706
The host is installed with Microsoft Internet Explorer and is prone to layouts handling memory corruption vulnerability. A flaw is present in the browser, which fails to handle objects that have not been correctly initialized or has been deleted. Successful exploitation could allow remote attackers ...

oval:org.secpod.oval:def:821
The host is missing a Critical security update according to Microsoft security bulletin, MS11-018. The update is required to fix multiple remote code execution vulnerabilities in Microsoft Internet Explorer. The flaws are present in the browser, which fails to implement appropriate memory protection ...

oval:org.secpod.oval:def:43
The host is installed with Microsoft Internet Explorer and is prone to remote code execution vulnerability. A flaw is present in the ReleaseInterface function in mshtml.dll file, which fails to handle objects that have not been correctly initialized or has been deleted. Successful exploitation could ...

oval:org.secpod.oval:def:584
The host is installed with Microsoft Windows and is prone to buffer overflow vulnerability. A flaw is present in BowserWriteErrorLogEntry function in Common Internet File System (CIFS) browser service in Mrxsmb.sys or bowser.sys, which fail to properly handle malicious browser election request packe ...

oval:org.secpod.oval:def:1172
The host is missing an critical security update according to Microsoft security bulletin, MS11-039. The update is required to fix remote code execution vulnerability in Microsoft .Net framework and Microsoft Silverlight. A flaw is present in the applications which is caused when the .NET Framework a ...

oval:org.secpod.oval:def:1171
The host is installed with Microsoft .Net framework 2.0 SP1 or 2.0 SP2 or 3.5 or 3.5 SP1 or 4.0 or Microsoft Silverlight 4 and is prone to remote code execution vulnerability. A flaw is present in the applications which is caused when the .NET Framework or Microsoft Silverlight improperly validate a ...

oval:org.secpod.oval:def:1169
The host is installed with Microsoft Windows XP SP3, Microsoft Windows Server 2003 XP2, Windows Server 2008 SP1 or SP2 and is prone to remote code execution vulnerability. A flaw is present in the application which fails to handle specially crafted request. Successful exploitation allows remote atta ...

oval:org.secpod.oval:def:994
The host is missing a critical security update according to Microsoft security bulletin, MS11-029. The update is required to fix remote code execution vulnerability in Microsoft Windows. A flaw is present in DNS client service which does not properly handle specially crafted LLMNR queries. Successfu ...

oval:org.secpod.oval:def:993
The host is missing an critical security update according to Microsoft security bulletin, MS11-033. The update is required to fix remote code execution vulnerability in Javascript and Vbscript scripting engines. A flaw is present in the application which is caused when the scripting engines attempt ...

oval:org.secpod.oval:def:715
The host is installed with Javascript and Vbscript 5.6 or 5.7 or 5.8 scripting engines and is prone to remote code execution vulnerability. A flaw is present in the application which is caused when the scripting engines attempt to reallocate memory while decoding a script in order to run it, an inte ...

oval:org.secpod.oval:def:1041
The host is missing a Critical security update according to Microsoft security bulletin, MS11-020. The update is required to fix remote code execution vulnerability in Microsoft Windows. A flaw is present in the SMB Transaction parsing, which fails to handle specially created SMB packets. Successful ...

oval:org.secpod.oval:def:1040
The host is missing a Critical security update according to Microsoft security bulletin, MS11-019. The update is required to fix remote code execution vulnerability in Microsoft Windows. The flaws are present in the SMB Client Could which fails to handle specially crafted SMB response to a client-in ...

oval:org.secpod.oval:def:674
The host is installed with Windows XP, Windows Vista, Windows Server 2008, Windows Server 2003 and Windows 7 and is prone to use after free vulnerability. A flaw is present in windows Kernel-mode drivers which does not properly manage kernel-mode driver objects. Successful exploitation allows attack ...

oval:org.secpod.oval:def:664
The host is installed with Microsoft Windows and is prone to remote code execution vulnerability. A flaw is present in windows SMB client which fails to validate specially crafted SMB responses. Successful exploitation could allow an attacker to gain complete control of the system.

oval:org.secpod.oval:def:660
The host is installed with Microsoft Windows and is prone to remote code execution vulnerability. A flaw is present in SMB Transaction parsing, which fails to handle specially created SMB packets. Successful exploitation could allow an attacker to take the complete control of the system.

oval:org.secpod.oval:def:656
The host is installed with Windows XP, Windows Vista, Windows Server 2008, Windows Server 2003 and Windows 7 and is prone to remote code execution vulnerability. A flaw is present in DNS client service which does not properly handle specially crafted LLMNR queries. Successful exploitation allows att ...

oval:org.secpod.oval:def:675
The host is installed with Windows XP, Windows Vista, Windows Server 2008, Windows Server 2003 and Windows 7 and is prone to use after free vulnerability. A flaw is present in windows Kernel-mode drivers which does not properly manage kernel-mode driver objects. Successful exploitation allows attack ...

oval:org.secpod.oval:def:680
The host is installed with Windows XP, Windows Vista, Windows Server 2008, Windows Server 2003 and Windows 7 and is prone to use after free vulnerability. A flaw is present in windows Kernel-mode drivers which does not properly manage kernel-mode driver objects. Successful exploitation allows attack ...

oval:org.secpod.oval:def:682
The host is installed with Windows XP, Windows Vista, Windows Server 2008, Windows Server 2003 and Windows 7 and is prone to use after free vulnerability. A flaw is present in windows Kernel-mode drivers which does not properly manage kernel-mode driver objects. Successful exploitation allows attack ...

oval:org.secpod.oval:def:681
The host is installed with Windows XP, Windows Vista, Windows Server 2008, Windows Server 2003 and Windows 7 and is prone to use after free vulnerability. A flaw is present in windows Kernel-mode drivers which does not properly manage kernel-mode driver objects. Successful exploitation allows attack ...

oval:org.secpod.oval:def:677
The host is installed with Windows XP, Windows Vista, Windows Server 2008, Windows Server 2003 and Windows 7 and is prone to use after free vulnerability. A flaw is present in windows Kernel-mode drivers which does not properly manage kernel-mode driver objects. Successful exploitation allows attack ...

oval:org.secpod.oval:def:676
The host is installed with Windows XP, Windows Vista, Windows Server 2008, Windows Server 2003 and Windows 7 and is prone to use after free vulnerability. A flaw is present in windows Kernel-mode drivers which does not properly manage kernel-mode driver objects. Successful exploitation allows attack ...

oval:org.secpod.oval:def:679
The host is installed with Windows XP, Windows Vista, Windows Server 2008, Windows Server 2003 and Windows 7 and is prone to use after free vulnerability. A flaw is present in windows Kernel-mode drivers which does not properly manage kernel-mode driver objects. Successful exploitation allows attack ...

oval:org.secpod.oval:def:678
The host is installed with Windows XP, Windows Vista, Windows Server 2008, Windows Server 2003 and Windows 7 and is prone to use after free vulnerability. A flaw is present in windows Kernel-mode drivers which does not properly manage kernel-mode driver objects. Successful exploitation allows attack ...

oval:org.secpod.oval:def:694
The host is installed with Windows XP, Windows Vista, Windows Server 2008, Windows Server 2003 and Windows 7 and is prone to null pointer de-reference vulnerability. A flaw is present in windows Kernel-mode drivers which does not properly manage kernel-mode driver objects. Successful exploitation al ...

oval:org.secpod.oval:def:693
The host is installed with Windows XP, Windows Vista, Windows Server 2008, Windows Server 2003 and Windows 7 and is prone to null pointer de-reference vulnerability. A flaw is present in windows Kernel-mode drivers which does not properly manage kernel-mode driver objects. Successful exploitation al ...

oval:org.secpod.oval:def:695
The host is installed with Windows XP, Windows Vista, Windows Server 2008, Windows Server 2003 and Windows 7 and is prone to null pointer de-reference vulnerability. A flaw is present in windows Kernel-mode drivers which does not properly manage kernel-mode driver objects. Successful exploitation al ...

oval:org.secpod.oval:def:703
The host is installed with Windows XP, Windows Vista, Windows Server 2008, Windows Server 2003 and Windows 7 and is prone to null pointer de-reference vulnerability. A flaw is present in windows Kernel-mode drivers which does not properly manage kernel-mode driver objects. Successful exploitation al ...

oval:org.secpod.oval:def:702
The host is installed with Windows XP, Windows Vista, Windows Server 2008, Windows Server 2003 and Windows 7 and is prone to null pointer de-reference vulnerability. A flaw is present in windows Kernel-mode drivers which does not properly manage kernel-mode driver objects. Successful exploitation al ...

oval:org.secpod.oval:def:701
The host is installed with Windows XP, Windows Vista, Windows Server 2008, Windows Server 2003 and Windows 7 and is prone to null pointer de-reference vulnerability. A flaw is present in windows Kernel-mode drivers which does not properly manage kernel-mode driver objects. Successful exploitation al ...

oval:org.secpod.oval:def:700
The host is installed with Windows XP, Windows Vista, Windows Server 2008, Windows Server 2003 and Windows 7 and is prone to null pointer de-reference vulnerability. A flaw is present in windows Kernel-mode drivers which does not properly manage kernel-mode driver objects. Successful exploitation al ...

oval:org.secpod.oval:def:697
The host is installed with Windows XP, Windows Vista, Windows Server 2008, Windows Server 2003 and Windows 7 and is prone to null pointer de-reference vulnerability. A flaw is present in windows Kernel-mode drivers which does not properly manage kernel-mode driver objects. Successful exploitation al ...

oval:org.secpod.oval:def:696
The host is installed with Windows XP, Windows Vista, Windows Server 2008, Windows Server 2003 and Windows 7 and is prone to null pointer de-reference vulnerability. A flaw is present in windows Kernel-mode drivers which does not properly manage kernel-mode driver objects. Successful exploitation al ...

oval:org.secpod.oval:def:699
The host is installed with Windows XP, Windows Vista, Windows Server 2008, Windows Server 2003 and Windows 7 and is prone to null pointer de-reference vulnerability. A flaw is present in windows Kernel-mode drivers which does not properly manage kernel-mode driver objects. Successful exploitation al ...

oval:org.secpod.oval:def:698
The host is installed with Windows XP, Windows Vista, Windows Server 2008, Windows Server 2003 and Windows 7 and is prone to null pointer de-reference vulnerability. A flaw is present in windows Kernel-mode drivers which does not properly manage kernel-mode driver objects. Successful exploitation al ...

oval:org.secpod.oval:def:691
The host is installed with Windows XP, Windows Vista, Windows Server 2008, Windows Server 2003 and Windows 7 and is prone to use after free vulnerability. A flaw is present in windows Kernel-mode drivers which does not properly manage kernel-mode driver objects. Successful exploitation allows attack ...

oval:org.secpod.oval:def:690
The host is installed with Windows XP, Windows Vista, Windows Server 2008, Windows Server 2003 and Windows 7 and is prone to use after free vulnerability. A flaw is present in windows Kernel-mode drivers which does not properly manage kernel-mode driver objects. Successful exploitation allows attack ...

oval:org.secpod.oval:def:688
The host is installed with Windows XP, Windows Vista, Windows Server 2008, Windows Server 2003 and Windows 7 and is prone to use after free vulnerability. A flaw is present in windows Kernel-mode drivers which does not properly manage kernel-mode driver objects. Successful exploitation allows attack ...

oval:org.secpod.oval:def:687
The host is installed with Windows XP, Windows Vista, Windows Server 2008, Windows Server 2003 and Windows 7 and is prone to use after free vulnerability. A flaw is present in windows Kernel-mode drivers which does not properly manage kernel-mode driver objects. Successful exploitation allows attack ...

oval:org.secpod.oval:def:689
The host is installed with Windows XP, Windows Vista, Windows Server 2008, Windows Server 2003 and Windows 7 and is prone to use after free vulnerability. A flaw is present in windows Kernel-mode drivers which does not properly manage kernel-mode driver objects. Successful exploitation allows attack ...

oval:org.secpod.oval:def:684
The host is installed with Windows XP, Windows Vista, Windows Server 2008, Windows Server 2003 and Windows 7 and is prone to use after free vulnerability. A flaw is present in windows Kernel-mode drivers which does not properly manage kernel-mode driver objects. Successful exploitation allows attack ...

oval:org.secpod.oval:def:683
The host is installed with Windows XP, Windows Vista, Windows Server 2008, Windows Server 2003 and Windows 7 and is prone to use after free vulnerability. A flaw is present in windows Kernel-mode drivers which does not properly manage kernel-mode driver objects. Successful exploitation allows attack ...

oval:org.secpod.oval:def:686
The host is installed with Windows XP, Windows Vista, Windows Server 2008, Windows Server 2003 and Windows 7 and is prone to use after free vulnerability. A flaw is present in windows Kernel-mode drivers which does not properly manage kernel-mode driver objects. Successful exploitation allows attack ...

oval:org.secpod.oval:def:1199
The host is installed with Microsoft Internet Explorer and is prone to link properties handling memory corruption vulnerability. A flaw is present in the browser, which fails to handle link properties object. Successful exploitation could allow remote attackers to execute arbitrary code or gain sens ...

oval:org.secpod.oval:def:1193
The host is installed with Windows XP, Windows Vista, Windows Server 2008, Windows Server 2003 and Windows 7 and is prone to denial of service vulnerability. A flaw is present in distributed file system (DFS) client which fails to handle specially crafted DFS referral responses. Successful exploitat ...

oval:org.secpod.oval:def:705
The host is installed with Microsoft Internet Explorer and is prone to information disclosure vulnerability. A flaw is present in the browser, which fails to handle malicious web pages. Successful exploitation could allow remote attackers to obtain sensitive information.

oval:org.secpod.oval:def:704
The host is installed with Microsoft Internet Explorer and is prone to information disclosure vulnerability. A flaw is present in the browser, which fails to handle malicious data in frame tags. Successful exploitation could allow remote attackers to obtain sensitive information.

oval:org.secpod.oval:def:923
The host is missing an critical security update according to Microsoft security bulletin, MS11-035. The update is required to fix remote code execution vulnerability in Microsoft Windows server 2003, 2008 and 2008R2. A flaw is present in the application which is caused by a logic error in the Window ...

oval:org.secpod.oval:def:922
The host is installed with Windows Internet Name Service (WINS) and is prone to remote code execution vulnerability. A flaw is present in the application which is caused by a logic error in the Windows Internet Name Service (WINS) when handling a socket send exception. Successful exploitation allows ...

oval:org.secpod.oval:def:2537
The host is installed with Microsoft Active Accessibility component and is prone to a remote code execution vulnerability. A flaw is present in the Microsoft Active Accessibility component, which fails to handle specially crafted dynamic link library file present in the same network directory. Succe ...

oval:org.secpod.oval:def:1450
The host is installed with Microsoft Internet Explorer and is prone to memory corruption vulnerability. A flaw is present in the browser, which fails to access an object that has not been properly initialized or has been deleted. Successful exploitation could allow remote attackers to execute arbitr ...

oval:org.secpod.oval:def:1451
The host is installed with Microsoft Internet Explorer and is prone to HTTP Redirect memory corruption vulnerability. A flaw is present in the browser, which fails to access an object that has not been properly initialized or has been deleted. Successful exploitation could allow remote attackers to ...

oval:org.secpod.oval:def:2547
The host is missing a critical security update according to Microsoft security bulletin, MS11-078. The update is required to fix a remote code execution vulnerability. Flaws are present in the Microsoft .NET Framework and Microsoft Silverlight, which fails to handle specially crafted web pages by a ...

oval:org.secpod.oval:def:2548
The host is installed with Microsoft .NET Framework or Microsoft Silverlight and is prone to a remote code execution vulnerability. Flaws are present in the Microsoft ASP.NET and Microsoft Silverlight, which fails to handle specially crafted web pages. Successful exploitation could allow attackers t ...

oval:org.secpod.oval:def:1203
The host is installed with Microsoft Internet Explorer and is prone to time element memory corruption vulnerability. A flaw is present in the browser, which fails to access an object that has not been properly initialized or has been deleted. Successful exploitation could allow remote attackers to e ...

oval:org.secpod.oval:def:1202
The host is installed with Microsoft Internet Explorer and is prone to drag and drop memory corruption vulnerability. A flaw is present in the browser, which fails to access an object that has not been properly initialized or has been deleted. Successful exploitation could allow remote attackers to ...

oval:org.secpod.oval:def:1204
The host is installed with Microsoft Internet Explorer and is prone to DOM modification memory corruption vulnerability. A flaw is present in the browser, which fails to access an object that has not been properly initialized or has been deleted. Successful exploitation could allow remote attackers ...

oval:org.secpod.oval:def:1449
The host is installed with Microsoft Internet Explorer and is prone to layout memory corruption vulnerability. A flaw is present in the browser, which fails to access an object that has not been properly initialized or has been deleted. Successful exploitation could allow remote attackers to execute ...

oval:org.secpod.oval:def:1448
The host is installed with Microsoft Internet Explorer and is prone to drag and drop information disclosure vulnerability. A flaw is present in the browser, which fails to handle a crafted Web page. Successful exploitation could allow remote attackers to execute arbitrary code or gain sensitive info ...

oval:org.secpod.oval:def:1763
The host is installed with Microsoft Internet Explorer and is prone to window open race condition remote code execution vulnerability. A flaw is present in the browser, which fails to handle a object that has been corrupted due to a race condition. Successful exploitation could allow remote attacker ...

oval:org.secpod.oval:def:1183
The host is missing a Critical security update according to Microsoft security bulletin, MS11-044. The update is required to fix remote code execution vulnerability in Microsoft .NET Framework on Windows 7 or Windows Server 2003 or Windows Server 2008 or Windows Vista or Windows XP. The flaw is pres ...

oval:org.secpod.oval:def:1180
The host is installed with Windows XP, Windows Vista, Windows Server 2008, Windows Server 2003 and Windows 7 and is prone to use after free vulnerability. A flaw is present in Microsoft Server Message Block which does not properly handle specially crafted SMB responses. Successful exploitation allow ...

oval:org.secpod.oval:def:1182
The host is installed with Microsoft .NET Framework and is prone to remote code execution vulnerability. A flaw is present in the JIT compiler when IsJITOptimizerDisabled is false, which fails to handle expressions related to null strings. Successful exploitation allows an attacker to install progra ...

oval:org.secpod.oval:def:1205
The host is installed with Microsoft Internet Explorer 6/7/8 and is prone to remote code execution vulnerability. A flaw is present in VML implementation which fails to open a specially crafted web page. Successful exploitation allows remote attackers to gain the same user rights as the logged-on us ...

oval:org.secpod.oval:def:1409
The host is installed with Microsoft Windows XP or Windows server 2003 or Windows server 2008 or Windows Vista or Windows 7 or Windows server 2008 R2 and is prone to elevation of privilege vulnerability. A flaw is present in Client/Server Run-time Subsystem (CSRSS) that is caused by a memory corrupt ...

oval:org.secpod.oval:def:1410
The host is installed with Microsoft Windows XP or Windows server 2003 or Windows server 2008 or Windows Vista or Windows 7 or Windows server 2008 R2 and is prone to memory corruption vulnerability. A flaw is present in Client/Server Run-time Subsystem (CSRSS) where a NULL pointer is passed without ...

oval:org.secpod.oval:def:1412
The host is installed with Microsoft Windows XP or Windows server 2003 or Windows server 2008 or Windows Vista or Windows 7 or Windows server 2008 R2 and is prone to elevation of privilege vulnerability. A flaw is present in Client/Server Run-time Subsystem (CSRSS) that is caused by an integer overf ...

oval:org.secpod.oval:def:1411
The host is installed with Microsoft Windows XP or Windows server 2003 or Windows server 2008 or Windows Vista and is prone to elevation of privilege vulnerability. A flaw is present in Client/Server Run-time Subsystem (CSRSS) that is caused when user input is used as an index for an array without f ...

oval:org.secpod.oval:def:1177
The host is installed with Windows XP, Windows Vista, Windows Server 2008, Windows Server 2003 and Windows 7 and is prone to denial of service vulnerability. A flaw is present in distributed file system (DFS) client which fails to specially crafted DFS referral responses. Successful exploitation all ...

oval:org.secpod.oval:def:1176
The host is installed with Windows XP x64, Windows Vista x64, Windows Server 2008 x64, Windows Server 2003 x64 and Windows 7 x64 and is prone to remote code execution vulnerability. A flaw is present in windows Kernel-mode drivers which does not properly parse specially crafted OpenType fonts on x64 ...

oval:org.secpod.oval:def:1179
The host is installed with Windows XP or Windows Vista or Windows Server 2008 or Windows Server 2003 or Windows 7 and is prone to denial of service vulnerability. A flaw is present in distributed file system (DFS) client which fails to specially crafted DFS referral responses. Successful exploitatio ...

oval:org.secpod.oval:def:1178
The host is installed with Windows XP and Windows Server 2003, is prone to memory corruption vulnerability. A flaw is present in distributed file system (DFS) client which fails to parse specially crafted DFS responses. Successful exploitation allows attackers to execute arbitrary code and take comp ...

oval:org.secpod.oval:def:1393
The host is installed with Windows XP, Windows Vista, Windows Server 2008, Windows Server 2003 and Windows 7 and is prone to use after free vulnerability. A flaw is present in windows Kernel-mode drivers which does not properly manage kernel-mode driver objects. Successful exploitation allows attack ...

oval:org.secpod.oval:def:1395
The host is installed with Windows XP, Windows Vista, Windows Server 2008, Windows Server 2003 and Windows 7 and is prone to use after free vulnerability. A flaw is present in windows Kernel-mode drivers which does not properly manage kernel-mode driver objects. Successful exploitation allows attack ...

oval:org.secpod.oval:def:1394
The host is installed with Windows XP, Windows Vista, Windows Server 2008, Windows Server 2003 and Windows 7 and is prone to use after free vulnerability. A flaw is present in windows Kernel-mode drivers which does not properly manage kernel-mode driver objects. Successful exploitation allows attack ...

oval:org.secpod.oval:def:1413
The host is installed with Microsoft Windows XP or Windows server 2003 and is prone to elevation of privilege vulnerability. A flaw is present in Client/Server Run-time Subsystem (CSRSS) that is caused by an integer overflow condition. Successful exploitation allows remote attacker to execute code i ...

oval:org.secpod.oval:def:1397
The host is installed with Windows XP, Windows Vista, Windows Server 2008, Windows Server 2003 and Windows 7 and is prone to use after free vulnerability. A flaw is present in windows Kernel-mode drivers which does not properly manage kernel-mode driver objects. Successful exploitation allows attack ...

oval:org.secpod.oval:def:1399
The host is installed with Windows XP, Windows Vista, Windows Server 2008, Windows Server 2003 and Windows 7 and is prone to null pointer de-reference vulnerability. A flaw is present in windows Kernel-mode drivers which does not properly manage pointers to kernel-mode driver objects. Successful exp ...

oval:org.secpod.oval:def:1398
The host is installed with Windows XP, Windows Vista, Windows Server 2008, Windows Server 2003 and Windows 7 and is prone to use after free vulnerability. A flaw is present in windows Kernel-mode drivers which does not properly manage kernel-mode driver objects. Successful exploitation allows attack ...

oval:org.secpod.oval:def:1408
The host is missing an Important security update according to Microsoft security bulletin, MS11-054. The update is required to fix elevation of privilege vulnerability in Windows 7 or Windows Server 2003 or Windows Server 2008 or Windows Vista or Windows XP. A flaw is present in windows Kernel-mode ...

oval:org.secpod.oval:def:1401
The host is installed with Windows XP, Windows Vista, Windows Server 2008, Windows Server 2003 and Windows 7 and is prone to use after free vulnerability. A flaw is present in windows Kernel-mode drivers which does not properly manage kernel-mode driver objects. Successful exploitation allows attack ...

oval:org.secpod.oval:def:1400
The host is installed with Windows XP, Windows Vista, Windows Server 2008, Windows Server 2003 and Windows 7 and is prone to null pointer de-reference vulnerability. A flaw is present in windows Kernel-mode drivers which does not properly manage pointers to kernel-mode driver objects. Successful exp ...

oval:org.secpod.oval:def:1403
The host is installed with Windows XP, Windows Vista, Windows Server 2008, Windows Server 2003 and Windows 7 and is prone to use after free vulnerability. A flaw is present in windows Kernel-mode drivers which does not properly manage kernel-mode driver objects. Successful exploitation allows attack ...

oval:org.secpod.oval:def:1402
The host is installed with Windows XP, Windows Vista, Windows Server 2008, Windows Server 2003 and Windows 7 and is prone to use after free vulnerability. A flaw is present in windows Kernel-mode drivers which does not properly manage kernel-mode driver objects. Successful exploitation allows attack ...

oval:org.secpod.oval:def:1404
The host is installed with Windows XP, Windows Vista, Windows Server 2008, Windows Server 2003 and Windows 7 and is prone to null pointer de-reference vulnerability. A flaw is present in windows Kernel-mode drivers which does not properly manage pointers to kernel-mode driver objects. Successful exp ...

oval:org.secpod.oval:def:1168
The host is installed with Microsoft Windows XP SP2 or SP3, Windows Server 2003 SP2, Windows Vista SP1 or SP2, Windows Server 2008 and SP2 or Windows 7 and is prone to an information disclosure vulnerability. A flaw is present in the MHTML implementation which fails to open a specially crafted URL. ...

oval:org.secpod.oval:def:1764
The host is installed with Microsoft Internet Explorer and is prone to memory corruption vulnerability. A flaw is present in the browser, which fails to validate a specially crafted Web page disguised as legitimate content. Successful exploitation could allow remote attackers to execute arbitrary co ...

oval:org.secpod.oval:def:1766
The host is installed with Microsoft Internet Explorer and is prone to memory corruption vulnerability. A flaw is present in the browser, which allow script to gain access to information in another domain or Internet Explorer zone when a specially crafted strings in to a web site. Successful exploit ...

oval:org.secpod.oval:def:1765
The host is installed with Microsoft Internet Explorer and is prone to memory corruption vulnerability. A flaw is present in the browser telnet URI handler, which fails to access an object that has not been properly initialized or has been deleted. Successful exploitation could allow remote attacker ...

oval:org.secpod.oval:def:1768
The host is installed with Microsoft Internet Explorer and is prone to memory corruption vulnerability. A flaw is present in the browser, which fails to access an object that has not been properly initialized or has been deleted. Successful exploitation could allow remote attackers to execute arbitr ...

oval:org.secpod.oval:def:1767
The host is installed with Microsoft Internet Explorer and is prone to memory corruption vulnerability. A flaw is present in the browser, which fails to access an object that has not been properly initialized or has been deleted. Successful exploitation could allow remote attackers to execute arbitr ...

oval:org.secpod.oval:def:1740
The host is installed with Microsoft Windows XP or Windows server 2003 or Windows server 2008 or Windows Vista or Windows 7 or Windows server 2008 R2 and is prone to elevation of privilege vulnerability. A flaw is present in Client/Server Run-time Subsystem (CSRSS) which fails to restrict the arbitr ...

oval:org.secpod.oval:def:1738
The host is installed with Microsoft Windows XP or Windows server 2003 or Windows server 2008 or Windows Vista or Windows 7 or Windows server 2008 R2 and is prone to elevation of privilege vulnerability. A flaw is present in Client/Server Run-time Subsystem (CSRSS) which fails to restrict the arbitr ...

oval:org.secpod.oval:def:1733
The host is installed with Microsoft Chart controls and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to handle special characters within a specially crafted URI. Successful exploitation could allow attackers to gain sensitive information.

oval:org.secpod.oval:def:1732
The host is installed with Windows Server 2008 or Windows Server 2003 and is prone to denial of service vulnerability. A flaw is present in application which fails to handle an object in memory that has not been initialized. Successful exploitation could allow an attacker to cause the DNS server ser ...

oval:org.secpod.oval:def:1729
The host is installed with Windows XP or Windows Server 2003 and is prone to elevation of privilege vulnerability. A flaw is present in the application, as it fails to validate input passed from the user mode to the kernel. Successful exploitation could allow an attacker to execute arbitrary code an ...

oval:org.secpod.oval:def:2521
The host is installed with Windows kernel-mode drivers and is prone to null pointer de-reference vulnerability. A flaw is present in the application which is caused by kernel-mode drivers improper validation of data supplied from user mode to kernel mode. Successful exploitation allows attacker to e ...

oval:org.secpod.oval:def:2251
The host is installed with components which are prone to remote code execution vulnerability. Flaws are present in the Windows components, which fails to handle legitimate rich test format files, text files and .doc files present in the same network directory as a specially crafted dynamic link libr ...

oval:org.secpod.oval:def:2527
The host is installed with Microsoft Internet Explorer 6,7,8 or 9 and is prone to a remote code execution vulnerability. A flaw is present in the application, which fails to properly handle deleted elements. Successful exploitation could allow an attacker to execute arbitrary code.

oval:org.secpod.oval:def:2529
The host is installed with Microsoft Internet Explorer 6,7,8 and is prone to a remote code execution vulnerability. A flaw is present in the applications, which fail to properly handle deleted elements. Successful exploitation could allow an attacker to execute arbitrary code.

oval:org.secpod.oval:def:2528
The host is installed with Internet Explorer 6,7,8 or 9 and is prone to a remote code execution vulnerability. A flaw is present in the applications, which fail to handle an improperly initialized object. Successful exploitation could allow attackers to execute arbitrary code.

oval:org.secpod.oval:def:2523
The host is installed with Windows kernel and is prone to remote code execution vulnerability. A flaw is present in the application which is caused by improper handling of a specially crafted .fon font file. Successful exploitation allows attacker to execute arbitrary code and take complete control ...

oval:org.secpod.oval:def:2526
The host is installed with ancillary function driver (afd.sys) and is prone to elevation of privilege vulnerability. A flaw is present in the application which is caused by improper validation of input passed from user mode to the Windows kernel. Successful exploitation allows attacker to execute ar ...

oval:org.secpod.oval:def:2534
The host is installed with Microsoft Internet Explorer 6,7,8 or 9 and is prone to a remote code execution vulnerability. A flaw is present in the applications, which fail to properly handle a virtual function table after it has been corrupted. Successful exploitation could allow an attacker to execu ...

oval:org.secpod.oval:def:2533
The host is installed with Microsoft Internet Explorer 6,7,8 or 9 and is prone to a remote code execution vulnerability. A flaw is present in the applications, which fail to properly handle deleted elements. Successful exploitation could allow an attacker to execute arbitrary code.

oval:org.secpod.oval:def:2716
The host is installed with Active Directory or Active Directory Application Mode (ADAM) or Active Directory Lightweight Directory Service (AD LDS) and is prone to elevation of privilege vulnerability. A flaw is present in the application, which is caused when Active Directory is configured to use LD ...

oval:org.secpod.oval:def:2524
The host is installed with Windows kernel-mode drivers and is prone to elevation of privilege vulnerability. A flaw is present in the application which is caused by improper handling of kernel-mode driver objects. Successful exploitation allows attacker to execute arbitrary code and take complete co ...

oval:org.secpod.oval:def:1223
The host is installed with Microsoft Internet Explorer and is prone to cookiejacking vulnerability. A flaw is present in the application, which fails to properly restrict cross-zone drag-and-drop actions. Successful exploitation allow user-assisted remote attackers to read cookie files.

oval:org.secpod.oval:def:3433
The host is installed with Microsoft Time component and is prone to remote code execution vulnerability. A flaw is present in the application which is caused by a specially crafted Web page. Successful exploitation allows remote attacker gain user rights as the logged-on user.

oval:org.secpod.oval:def:3431
The host is installed with Internet Explorer 6 or 7 or 8 or 9 and is prone to information disclosure vulnerability. A flaw is present in the application, which fails to properly handle Web pages. Successful exploitation allows attackers to to view content from a different domain or Internet Explorer ...

oval:org.secpod.oval:def:3435
The host is installed with Active Directory or Active Directory Application Mode (ADAM) or Active Directory Lightweight Directory Service (AD LDS) and is prone to a remote code execution vulnerability. A flaw is present in the application, which fails to handle a crafted application when run by an a ...

oval:org.secpod.oval:def:5627
The host is installed with Microsoft Office, Windows, .NET Framework, and Silverlight and is prone TrueType Font parsing vulnerability. A flaw is present in the applications, which fail to handle a specially crafted TrueType font file. Successful exploitation could allow remote attackers to install ...

oval:org.secpod.oval:def:3419
The host is installed with Microsoft Windows XP or Microsoft Windows Server 2003 and is prone to remote code execution vulnerability. A flaw is present in the Object Linking and Embedding (OLE), which fails to properly handle OLE objects in memory. Successful exploitation allows attackers to take co ...

oval:org.secpod.oval:def:3421
The host is installed with Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows Server 2008 R2, Windows 7 and is prone to a remote code execution vulnerability. A flaw is present in the applications, which fail to handle a specially crafted TrueType font file. Successful expl ...

oval:org.secpod.oval:def:3718
The host is installed with Microsoft Windows and is prone to information disclosure vulnerability. A flaw is present in the application, which is caused by a design flaw in the SSL and TLS protocols when Cipher-block chaining (CBC) mode of operation is used. Successful exploitation allows attackers ...

oval:org.secpod.oval:def:3425
The host is installed with Microsoft Windows and is prone to elevation of privilege vulnerability. A flaw is present in the Client/Server Run-time Subsystem (CSRSS), which fails to properly validate permissions when a lower-integrity process communicates a device event message to a higher-integrity ...

oval:org.secpod.oval:def:3631
The host is installed with Microsoft .NET Framework 1.1 or 2.0 or 3.5 or 3.5.1 or 4.0 and is prone to an elevation of privilege vulnerability. A flaw is present in the applications, which fail to correctly authenticate specially crafted usernames. Successful exploitation allows remote authenticated ...

oval:org.secpod.oval:def:3632
The host is installed with Microsoft .NET Framework 1.1 or 2.0 or 3.5 or 3.5.1 or 4.0 and is prone to an elevation of privilege vulnerability. A flaw is present in the applications, which fail to properly handle cached content when Forms Authentication is used with sliding expiry. Successful exploit ...

oval:org.secpod.oval:def:3630
The host is installed with Microsoft .Net Framework 2.0 or 3.5 or 3.5.1 or 4.0 and is prone to open redirect vulnerability. A flaw is present in the applications, which fail to properly verify return URLs during the forms authentication process. Successful exploitation allows remote attackers to red ...

oval:org.secpod.oval:def:3629
The host is installed with Microsoft .NET Framework 1.1 or 2.0 or 3.5 or 3.5.1 or 4.0 and is prone to denial of service vulnerability. A flaw is present in the applications, where ASP.NET fails to properly hash specially crafted requests and inserts that data into a hash table causing a hash collisi ...

oval:org.secpod.oval:def:4731
The host is installed with Windows DNS server and is prone denial of service vulnerability. A flaw is present in the DNS server, which fails to handle a specially crafted DNS query to the target DNS server. Successful exploitation could allow remote attackers to cause system to stop responding and a ...

oval:org.secpod.oval:def:4734
The host is installed with Microsoft Windows and is prone to remote code execution vulnerability. A flaw is present in the Remote Desktop Protocol, where it accesses an object in memory that has been improperly initialized or has been deleted. Successful exploitation allows remote attackers to take ...

oval:org.secpod.oval:def:3713
The host is installed with Microsoft Windows and is prone to remote code execution vulnerability. A flaw is present in the application, which is caused when Windows Media Player fails to handle a specially crafted MIDI file. Successful exploitation allows attackers to run arbitrary code in the conte ...

oval:org.secpod.oval:def:3711
The host is installed with Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP2, and Server 2008 SP2 and is prone to a privilege escalation vulnerability. A flaw is present in the application, which fails to handle the way that the CSRSS processes a sequence of specially crafted Unicode char ...

oval:org.secpod.oval:def:3714
The host is installed with Microsoft Windows and is prone to remote code execution vulnerability. A flaw is present in the application, which is caused when filters in DirectShow do not properly handle specially crafted media files. Successful exploitation allows attackers to run arbitrary code in t ...

oval:org.secpod.oval:def:3707
The host is installed with Windows XP SP2, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, or R2 SP1, Windows 7 Gold or SP1 and is prone to a security bypass vulnerability. A flaw is present in the application, which fails to properly load structured exception handling tabl ...

oval:org.secpod.oval:def:3726
The host is installed with Microsoft Windows XP or Windows Server 2003 or Windows Server 2008 or Windows Vista or Windows 7 or Windows Server 2008 R2 and is prone to remote code execution vulnerability. A flaw is present in the applications, which does not perform proper validation on input passed f ...

oval:org.secpod.oval:def:4137
The host is installed with Internet Explorer 6,7,8 or 9 and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to properly perform copy-and-paste operations. Successful exploitation could allow attackers to read content from a different (1) domain ...

oval:org.secpod.oval:def:4138
The host is installed with Internet Explorer 7,8 or 9 and is prone to a remote code execution vulnerability. A flaw is present in the application, which fails to properly handle access to a deleted object. Successful exploitation could allow attackers to execute arbitrary code.

oval:org.secpod.oval:def:4157
The host is installed with Microsoft .NET Framework 2.0 SP2, 3.5.1, 4.0 or Silverlight and is prone unmanaged objects vulnerability. A flaw is present in the applications, which fails to handle a specially crafted Microsoft .NET Framework application. Successful exploitation could allow remote attac ...

oval:org.secpod.oval:def:3717
The host is installed with Microsoft Windows and is prone to remote code execution vulnerability. A flaw is present in the application which is caused by the way that Windows Packager loads ClickOnce applications embedded in Microsoft Office files. Successful exploitation allows remote attacker to g ...

oval:org.secpod.oval:def:3709
The host is installed with Windows Object Packager and is prone to remote code execution vulnerability. A flaw is present in Windows Object Packager which fails to handle a specially crafted executable file. Successful exploitation could allow attackers to gain full user rights and install programs, ...

oval:org.secpod.oval:def:4133
The host is installed with Microsoft Windows XP SP2, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, R2 SP1, Windows 7 Gold or SP1 on 64-bit platforms and is prone to a privilege escalation vulnerability. A flaw is present in the application, which fails to properly validate ...

oval:org.secpod.oval:def:5102
The host is installed with Windows XP SP2 or SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, R2 SP1, Windows 7 or SP1 and is prone to a remote code execution vulnerability. A flaw is present in the application, which fails to properly validate the digest of a signed por ...

oval:org.secpod.oval:def:4733
The host is installed with Windows kernel-mode driver and is prone postmessage function vulnerability. A flaw is present in the kernel-mode driver, which fails to handle PostMessage function. Successful exploitation could allow remote attackers to install programs, view, change, or delete data or cr ...

oval:org.secpod.oval:def:4134
The host is installed with Microsoft Windows Server 2003 SP2 and is prone to a privilege escalation vulnerability. A flaw is present in the application, which fails to properly validate user-mode input passed to kernel mode. Successful exploitation could allow attackers to install programs; view, ch ...

oval:org.secpod.oval:def:4131
The host is installed with Microsoft Windows XP or Windows Server 2003 or Windows Server 2008 or Windows Vista or Windows 7 or Windows Server 2008 R2 and is prone to elevation of privilege vulnerability. A flaw is present in the applications, where the Windows kernel-mode driver does not properly ha ...

oval:org.secpod.oval:def:5589
The host is installed with Microsoft .Net Framework 1.1 SP1 or 2.0 SP2 or 3.0 SP2 or 3.5 SP1 or 3.5.1 or 4.0 and is prone to remote code execution vulnerability. A flaw is present in the Microsoft .NET Framework, which fails due to the improper serialization of untrusted input through partially trus ...

oval:org.secpod.oval:def:5588
The host is installed with Microsoft .Net Framework 1.1 SP1 or 2.0 SP2 or 3.0 SP2 or 3.5 SP1 or 3.5.1 or 4.0 and is prone to remote code execution vulnerability. A flaw is present in the Microsoft .NET Framework, which fails due to the improper serialization of untrusted input. Successful exploitati ...

oval:org.secpod.oval:def:5129
The host is installed with Microsoft .NET Framework 1.1 SP1 or 2.0 SP2 or 3.5.1 or 4 and is prone to remote code execution vulnerability. A flaw is present in the application, which fails to properly validate parameters when passing data to a function. Successful exploitation allows remote attackers ...

oval:org.secpod.oval:def:5092
The host is installed with Microsoft Internet Explorer 6 through 9 and is prone to a remote code execution vulnerability. A flaw is present in the application, which fails to handle a crafted HTML document. Successful exploitation could allow attackers to execute arbitrary code.

oval:org.secpod.oval:def:6028
The host is installed with Microsoft Windows XP or Windows Server 2003 or Windows Vista or Windows Server 2008 or R2 or Windows 7 and is prone to remote code execution vulnerability. A flaw is present in the Remote Desktop Protocol, which fails to properly process RDP packets in memory. Successful e ...

oval:org.secpod.oval:def:6346
The host is installed with Microsoft Windows and is prone to command injection vulnerability. A flaw is present in the windows shell, which fails to handle file and directory names. Successful exploitation allows remote attackers to install programs, view, change or delete data or create new account ...

oval:org.secpod.oval:def:5094
The host is installed with Microsoft Internet Explorer 6 or 7 and is prone to an OnReadyStateChange remote code execution vulnerability. A flaw is present in the application, which fails to handle a deleted object in memory. Successful exploitation could allow attackers to execute arbitrary code.

oval:org.secpod.oval:def:5096
The host is installed with Microsoft Internet Explorer 6 through 8 and is prone to a VML style remote code execution vulnerability. A flaw is present in the application, which fails to properly handle a deleted object in memory. Successful exploitation could allow attackers to execute arbitrary code ...

oval:org.secpod.oval:def:5095
The host is installed with Microsoft Internet Explorer 6 through 9 and is prone to a SelectAll remote code execution vulnerability. A flaw is present in the application, which fails to properly handle a deleted object in memory. Successful exploitation could allow attackers to execute arbitrary code ...

oval:org.secpod.oval:def:5635
The host is installed with Microsoft Windows and is prone privilege escalation vulnerability. A flaw is present in the application, which fails to handle the Windows kernel-mode driver. Successful exploitation could allow remote attackers to install programs, view, change, or delete data or create n ...

oval:org.secpod.oval:def:6036
The host is installed with Internet Explorer 6 through 8 and is prone to a remote code execution vulnerability. A flaw is present in the application, which fails to handle an object that has been deleted. Successful exploitation could allow attackers to execute arbitrary code.

oval:org.secpod.oval:def:6710
The host is installed with Internet Explorer 6 and 7 and is prone to a layout memory corruption vulnerability. A flaw is present in the application, which fails to handle deleted objects in memory. Successful exploitation could allow attackers to execute arbitrary code.

oval:org.secpod.oval:def:6993
The host is installed with Microsoft Internet Explorer 8 or 9 and is prone to an onmove use-after-free vulnerability. A flaw is present in the application, which fails to handle a crafted web site that triggers access to an object that was not properly initialized or is deleted. Successful exploitat ...

oval:org.secpod.oval:def:7920
The host is installed with Microsoft Windows XP SP2 or SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2 or R2 SP1, Windows 7 or SP1, windows 8, or windows server 2012 and is prone to integer underflow vulnerability. A flaw is present in the application, which fails to pro ...

oval:org.secpod.oval:def:7921
The host is installed with Microsoft Windows XP SP2 or SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2 or R2 SP1, Windows 7 or SP1 and is prone to integer overflow vulnerability. A flaw is present in the application, which fails to properly handle a specially crafted bri ...

oval:org.secpod.oval:def:8180
The host is installed with Microsoft Windows XP SP2 or SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2 or R2 SP1, Windows 7 or SP1, Windows 8 or Windows Server 2012 and is prone to remote code execution vulnerability. A flaw is present in Windows DirectPlay, which fails ...

oval:org.secpod.oval:def:6687
The host is installed with Microsoft Windows XP, Server 2003, Vista, Server 2008, Windows 7 or Server 2008 R2 and is prone to denial of service vulnerability. A flaw is present in the application, which fails to properly handle a Remote Administration Protocol (RAP) response. Successful exploitation ...

oval:org.secpod.oval:def:6037
The host is installed with Internet Explorer 8 and 9 or Microsoft Communicator 2007 R2 or Lync 2010 or Lync 2010 Attendee Microsoft InfoPath 2007 or 2010, Microsoft SharePoint Server 2007 or 2010, Microsoft SharePoint Foundation 2010, Microsoft SharePoint Services 3.0 or Microsoft Groove Server 2010 ...

oval:org.secpod.oval:def:6034
The host is installed with Microsoft Windows XP or Windows Server 2003 or Windows Vista or Windows Server 2008 or R2 or Windows 7 and is prone to elevation of privilege vulnerability. A flaw is present in the application, which fails to properly validate input passed from user mode. Successful explo ...

oval:org.secpod.oval:def:6033
The host is installed with Microsoft Windows XP or Windows Server 2003 or Windows Vista or Windows Server 2008 or R2 or Windows 7 and is prone to elevation of privilege vulnerability. A flaw is present in the application, which fails to properly validate input passed from user mode. Successful explo ...

oval:org.secpod.oval:def:6032
The host is installed with Microsoft Windows XP or Windows Server 2003 or Windows Vista or Windows Server 2008 or R2 or Windows 7 and is prone to elevation of privilege vulnerability. A flaw is present in the application, which fails to properly validate input passed from user mode. Successful explo ...

oval:org.secpod.oval:def:6031
The host is installed with Microsoft Windows XP or Windows Server 2003 or Windows Vista or Windows Server 2008 or R2 or Windows 7 and is prone to elevation of privilege vulnerability. A flaw is present in the application, which fails to properly handle TrueType font loading. Successful exploitation ...

oval:org.secpod.oval:def:6044
The host is installed with Internet Explorer 8 and 9 and is prone to a remote code execution vulnerability. A flaw is present in the application, which fails to properly handle objects in memory. Successful exploitation could allow attackers to execute arbitrary code.

oval:org.secpod.oval:def:6043
The host is installed with Internet Explorer 7 through 9 and is prone to a remote code execution vulnerability. A flaw is present in the application, which fails to properly create and initialize string data. Successful exploitation could allow attackers to obtain sensitive information from process ...

oval:org.secpod.oval:def:6042
The host is installed with Internet Explorer 6 through 9 and is prone to a cross site scripting vulnerability. A flaw is present in the application, which fails to handle crafted character sequences with EUC-JP encoding. Successful exploitation could allow attackers to inject arbitrary web script or ...

oval:org.secpod.oval:def:6353
The host is installed with Microsoft Windows and is prone to information disclosure vulnerability. A flaw is present in the application, which is caused by a design flaw in the TLS protocol when Cipher-block chaining (CBC) mode of operation is used. Successful exploitation allows attackers to decryp ...

oval:org.secpod.oval:def:6035
The host is installed with Internet Explorer 6 through 9 and is prone to a remote code execution vulnerability. A flaw is present in the application, which fails to handle an object that has been deleted. Successful exploitation could allow attackers to execute arbitrary code.

oval:org.secpod.oval:def:6048
The host is installed with Internet Explorer 6 through 9 and is prone to a remote code execution vulnerability. A flaw is present in the application, which fails to handle an object that has been deleted. Successful exploitation could allow attackers to execute arbitrary code.

oval:org.secpod.oval:def:6047
The host is installed with Internet Explorer 6 through 9 and is prone to a remote code execution vulnerability. A flaw is present in the application, which fails to handle an object that has been deleted. Successful exploitation could allow attackers to execute arbitrary code.

oval:org.secpod.oval:def:6046
The host is installed with Internet Explorer 6 through 9 and is prone to a remote code execution vulnerability. A flaw is present in the application, which fails to properly handle objects in memory. Successful exploitation could allow attackers to execute arbitrary code.

oval:org.secpod.oval:def:6049
The host is installed with Internet Explorer 6 through 9 and is prone to a remote code execution vulnerability. A flaw is present in the application, which fails to properly handle objects in memory. Successful exploitation could allow attackers to execute arbitrary code.

oval:org.secpod.oval:def:6051
The host is installed with Internet Explorer 6 through 9 and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to block cross-domain scrolling events. Successful exploitation could allow attackers to read content from a different domain or zone.

oval:org.secpod.oval:def:6050
The host is installed with Internet Explorer 8 or 9 and is prone to a remote code execution vulnerability. A flaw is present in the application, which fails to properly handle objects in memory. Successful exploitation could allow attackers to execute arbitrary code.

oval:org.secpod.oval:def:6200
The host is installed with Microsoft XML Core Services 3.0, 4.0, 5.0 or 6.0 and is prone to remote code execution vulnerability. A flaw is present in the application, which fails to handle crafted web site. Successful exploitation allows remote attackers to execute arbitrary code or cause a denial o ...

oval:org.secpod.oval:def:6343
The host is installed with Microsoft Windows XP SP2, SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, R2 SP1, Windows 7 Gold or SP1 and is prone to an elevation of privilege vulnerability. A flaw is present in the application, which fails to properly validate parameters ...

oval:org.secpod.oval:def:6342
The host is installed with Microsoft Windows XP SP2, SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, R2 SP1, Windows 7 Gold or SP1 and is prone to an elevation of privilege vulnerability. A flaw is present in the application, which fails to handle specific keyboard layo ...

oval:org.secpod.oval:def:6349
The host is installed with Microsoft Data Access Components (MDAC) 2.8 SP1 and SP2 and Windows Data Access Components (WDAC) 6.0 and is prone to a remote code execution vulnerability. A flaw is present in the applications, which fail to handle a crafted XML data that triggers access to an uninitiali ...

oval:org.secpod.oval:def:7924
The host is installed with Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5.1 or 4 and is prone to reflection bypass vulnerability. A flaw is present in the applications, which fail to properly validate the permissions of objects performing reflection. Successful exploitation allows attackers to take ...

oval:org.secpod.oval:def:7926
The host is installed with Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5.1 or 4 and is prone to untrusted search path vulnerability. A flaw is present in the applications, which is caused when Entity Framework, a .NET Framework component, incorrectly restricts the path used for loading external lib ...

oval:org.secpod.oval:def:7311
The host is installed with Microsoft Windows XP, server 2003, server 2008, server 2008 R2, Vista or Windows 7 and is prone to integer overflow vulnerability. A flaw is present in the application, which is caused when the Windows kernel improperly handles objects in memory. Successful exploitation al ...

oval:org.secpod.oval:def:6685
The host is installed with Microsoft Windows XP SP2, SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, R2 SP1, Windows 7 Gold or SP1 and is prone to an elevation of privilege vulnerability. A flaw is present in the application, which fails to handle objects in memory prop ...

oval:org.secpod.oval:def:6709
The host is installed with Internet Explorer 6 through 9 and is prone to an asynchronous null object access remote code execution vulnerability. A flaw is present in the application, which fails to handle deleted objects in memory. Successful exploitation could allow attackers to execute arbitrary c ...

oval:org.secpod.oval:def:6711
The host is installed with Internet Explorer 6 through 9 and is prone to a virtual function table corruption vulnerability. A flaw is present in the application, which fails to handle deleted objects in memory. Successful exploitation could allow attackers to execute arbitrary code.

oval:org.secpod.oval:def:7931
The host is installed with Windows XP, Windows Vista, Windows Server 2008, Windows Server 2003 or Windows 7 and is prone to privilege escalation vulnerability. A flaw is present in the Windows kernel, which fails to properly handle the objects in memory. Successful exploitation could allow attackers ...

oval:org.secpod.oval:def:6996
The host is installed with Microsoft Internet Explorer 6 through 8 and is prone to an cloneNode use-after-free vulnerability. A flaw is present in the application, which fails to handle a crafted web site that triggers access to a deleted object. Successful exploitation could allow attackers to exec ...

oval:org.secpod.oval:def:8191
The host is installed with Windows XP, Windows Vista, Windows Server 2008,Windows Server 2008 R2, Windows Server 2003 or Windows 7 and is prone to remote code execution vulnerabilities. The flaws are present in the Windows kernel, which fails to handle a specially crafted OpenType font file. Success ...

oval:org.secpod.oval:def:7077
The host is installed with Google Chrome before 22.0.1229.79 in Microsoft Windows 7 and is prone to denial of service vulnerability. A flaw is present in the application, which fails to properly handle memory. Successful exploitation allows remote attackers to execute arbitrary code or cause a denia ...

oval:org.secpod.oval:def:7927
The host is installed with Microsoft .NET Framework 2.0 SP2, 3.5.1, 4 or 4.5 and is prone to Web proxy auto-discovery vulnerability. A flaw is present in the applications, which is caused by a lack of validation when the .NET Framework acquires the default web proxy settings and executes JavaScript ...

oval:org.secpod.oval:def:7928
The host is installed with Microsoft .NET Framework 4 or 4.5 and is prone to WPF reflection optimization vulnerability. A flaw is present in the applications, which fails to properly validate permissions of objects involved with reflection. Successful exploitation allows attackers to take complete c ...

oval:org.secpod.oval:def:8182
The host is installed with Windows XP, Windows Vista, Windows Server 2008, Windows Server 2008 R2, Windows Server 2003 or Windows 7 and is prone to a remote code execution vulnerability. A flaw is present in the application, which fails to parse filenames. Successful exploitation could allow attacke ...

oval:org.secpod.oval:def:8322
The host is installed with Internet Explorer 6, Internet Explorer 7 or Internet Explorer 8 and is prone to remote code execution vulnerability. A flaw is present in the application, which fails to properly handle object in memory. Successful exploitation could allow attackers to execute arbitrary co ...

oval:org.secpod.oval:def:8192
The host is installed with Windows XP, Windows Vista, Windows Server 2008,Windows Server 2008 R2, Windows Server 2003 or Windows 7 and is prone to remote code execution vulnerabilities. The flaws are present in the Windows kernel, which fails to handle a specially crafted TrueType font file. Success ...

oval:org.secpod.oval:def:8193
The host is installed with Internet Explorer 6, 7, 8, 9 or 10 and is prone to an InjectHTMLStream use-after-free vulnerability. A flaw is present in the application, which fails to handle a deleted object. Successful exploitation could allow attackers to execute arbitrary code.

oval:org.secpod.oval:def:8337
The host is installed with Microsoft .NET Framework 1.1 SP1 or 2.0 SP2 or 3.5.1 or 4 or 4.5 and is prone to WinForms buffer overflow vulnerability. A flaw is present in the application, which fails to properly handle a Windows Forms method. Successful exploitation allows remote attackers to install ...

oval:org.secpod.oval:def:8338
The host is installed with Microsoft .NET Framework 1.1 SP1 or 2.0 SP2 or 3.0 or 4 and is prone to system drawing information disclosure vulnerability. A flaw is present in the application, which fails to properly handle pointers to unmanaged memory locations. Successful exploitation allows remote a ...

oval:org.secpod.oval:def:8339
The host is installed with Microsoft .NET Framework 2.0 SP2, 3.0, 3.5.1, 4 or 4.5 and is prone to S.DS.P buffer overflow vulnerability. A flaw is present in the application, which fails to properly handle System.DirectoryServices.Protocols (S.DS.P) namespace method. Successful exploitation allows re ...

oval:org.secpod.oval:def:8348
The host is installed with Microsoft XML Core Services 5.0, 6.0 on Microsoft Windows or with Microsoft Groove Server 2007, Microsoft SharePoint Server 2007, Microsoft Expression Web 2, Microsoft Expression Web, Microsoft Office Compatibility Pack, Microsoft Word Viewer, Microsoft Office 2007, or Mic ...

oval:org.secpod.oval:def:8340
The host is installed with Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.0, 3.5.1, 4 or 4.5 and is prone to double construction vulnerability. A flaw is present in the application, which fails to properly handle objects in memory. Successful exploitation allows remote attackers to install programs, v ...

oval:org.secpod.oval:def:8342
The host is installed with Microsoft .NET Framework 3.5 Service Pack 1, Microsoft .NET Framework 4 or Management OData IIS Extension and is prone to a denial of service vulnerability. A flaw is present in the applications, which fail to handle crafted HTTP requests. Successful exploitation could all ...

oval:org.secpod.oval:def:8351
The host is installed with Microsoft XML Core Services 4.0, 5.0, 6.0 on Microsoft Windows or with Microsoft Groove Server 2007, Microsoft SharePoint Server 2007, Microsoft Expression Web 2, Microsoft Expression Web, Microsoft Office Compatibility Pack, Microsoft Word Viewer, Microsoft Office 2007, M ...

oval:org.secpod.oval:def:9286
The host is installed with Internet Explorer 6, 7, 8 or 9 and is prone to an use after free vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to execute arbitrary code.

oval:org.secpod.oval:def:9284
The host is installed with Internet Explorer 6, 7, 8, 9 or 10 and is prone to an use after free vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to execute arbitrary code.

oval:org.secpod.oval:def:9285
The host is installed with Internet Explorer 6, 7, 8 or 9 and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to execute arbitrary code.

oval:org.secpod.oval:def:9294
The host is installed with Internet Explorer 6, 7, 8, 9 or 10 and is prone to an use after free vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to execute arbitrary code.

oval:org.secpod.oval:def:9295
The host is installed with Internet Explorer 6, 7, 8, 9 and is prone to an use after free vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to execute arbitrary code.

oval:org.secpod.oval:def:9296
The host is installed with Internet Explorer 6, 7, 8, 9 and is prone to an use after free vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to execute arbitrary code.

oval:org.secpod.oval:def:9281
The host is installed with .NET Framework 2.0 or 3.5 or 3.5.1 or 4.0 or 4.5 and is prone to privilege escalation vulnerability. A flaw is present in the application, which fails to properly handle permissions of a callback function. Successful exploitation allows attackers to take complete control o ...

oval:org.secpod.oval:def:9283
The host is installed with Internet Explorer 6 or 7 or 8 or 9 or 10 and is prone to memory corruption vulnerability. A flaw is present in the application, which fails to handle a specially crafted webpage. Successful exploitation could allow an attacker to gain the same user rights as the current us ...

oval:org.secpod.oval:def:9712
The host is installed with Internet Explorer 6,7,8,9 or 10 and is prone to an onresize use after free vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to execute arbitrary code.

oval:org.secpod.oval:def:9229
The host is installed with Microsoft Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008 and is prone to a remote code execution vulnerability. A flaw is present in the application, which fails to handle a specially crafted media file (such as an .mpg file), a Microsoft Office docume ...

oval:org.secpod.oval:def:9713
The host is installed with Internet Explorer 6,7,8,9 or 10 and is prone to an use after free vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to execute arbitrary code.

oval:org.secpod.oval:def:9715
The host is installed with Internet Explorer 6,7,8,9 or 10 and is prone to a CCaret use after free vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to execute arbitrary code.

oval:org.secpod.oval:def:9714
The host is installed with Internet Explorer 6,7,8,9 or 10 and is prone to a CMarkupBehaviorContext use after free vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to execute arbitrary code.

oval:org.secpod.oval:def:9717
The host is installed with Internet Explorer 6,7,8,9 or 10 and is prone to a GetMarkupPtr use after free vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to execute arbitrary code.

oval:org.secpod.oval:def:9718
The host is installed with Internet Explorer 6,7,8,9 or 10 and is prone to a use after free vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to execute arbitrary code.

oval:org.secpod.oval:def:9720
The host is installed with Internet Explorer 6,7,8,9 or 10 and is prone to an use after free vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to execute arbitrary code.

oval:org.secpod.oval:def:15407
The host is installed with Microsoft Windows XP, Windows Server 2003, Windows Vista or Windows Server 2008 and is prone to remote code execution vulnerability. The flaw is present in the Windows theme file (Themeui.dll), which fails to properly handle crafted Windows theme when user forced open the ...

oval:org.secpod.oval:def:9250
The host is installed with Microsoft Windows XP, Server 2003, Server 2008, Server 2008 R2, Server 2012, Windows Vista, or Windows 7 and is prone to elevation of privilege vulnerability. A flaw is present in the application, which is caused when the Windows kernel-mode driver improperly handles objec ...

oval:org.secpod.oval:def:9251
The host is installed with Microsoft Windows XP, Server 2003, Server 2008, Server 2008 R2, Server 2012, Windows Vista, or Windows 7 and is prone to elevation of privilege vulnerability. A flaw is present in the application, which is caused when the Windows kernel-mode driver improperly handles objec ...

oval:org.secpod.oval:def:9246
The host is installed with Microsoft Windows XP, Server 2003, Server 2008, Server 2008 R2, Server 2012, Windows Vista, or Windows 7 and is prone to elevation of privilege vulnerability. A flaw is present in the application, which is caused when the Windows kernel-mode driver improperly handles objec ...

oval:org.secpod.oval:def:9247
The host is installed with Microsoft Windows XP, Server 2003, Server 2008, Server 2008 R2, Server 2012, Windows Vista, or Windows 7 and is prone to elevation of privilege vulnerability. A flaw is present in the application, which is caused when the Windows kernel-mode driver improperly handles objec ...

oval:org.secpod.oval:def:9248
The host is installed with Microsoft Windows XP, Server 2003, Server 2008, Server 2008 R2, Server 2012, Windows Vista, or Windows 7 and is prone to elevation of privilege vulnerability. A flaw is present in the application, which is caused when the Windows kernel-mode driver improperly handles objec ...

oval:org.secpod.oval:def:9249
The host is installed with Microsoft Windows XP, Server 2003, Server 2008, Server 2008 R2, Server 2012, Windows Vista, or Windows 7 and is prone to elevation of privilege vulnerability. A flaw is present in the application, which is caused when the Windows kernel-mode driver improperly handles objec ...

oval:org.secpod.oval:def:9244
The host is installed with Microsoft Windows XP, Server 2003, Server 2008, Server 2008 R2, Server 2012, Windows Vista, Windows 7, Server 2012 or Windows 8 and is prone to elevation of privilege vulnerability. A flaw is present in the application, which is caused when the Windows kernel-mode driver i ...

oval:org.secpod.oval:def:9245
The host is installed with Microsoft Windows XP, Server 2003, Server 2008, Server 2008 R2, Server 2012, Windows Vista, Windows 7, Server 2012 or Windows 8 and is prone to elevation of privilege vulnerability. A flaw is present in the application, which is caused when the Windows kernel-mode driver i ...

oval:org.secpod.oval:def:9257
The host is installed with Microsoft Windows XP, Server 2003, Server 2008, Server 2008 R2, Server 2012, Windows Vista, or Windows 7 and is prone to elevation of privilege vulnerability. A flaw is present in the application, which is caused when the Windows kernel-mode driver improperly handles objec ...

oval:org.secpod.oval:def:9258
The host is installed with Microsoft Windows XP, Server 2003, Server 2008, Server 2008 R2, Server 2012, Windows Vista, or Windows 7 and is prone to elevation of privilege vulnerability. A flaw is present in the application, which is caused when the Windows kernel-mode driver improperly handles objec ...

oval:org.secpod.oval:def:9259
The host is installed with Microsoft Windows XP, Server 2003, Server 2008, Server 2008 R2, Server 2012, Windows Vista, or Windows 7 and is prone to elevation of privilege vulnerability. A flaw is present in the application, which is caused when the Windows kernel-mode driver improperly handles objec ...

oval:org.secpod.oval:def:9253
The host is installed with Microsoft Windows XP, Server 2003, Server 2008, Server 2008 R2, Server 2012, Windows Vista, or Windows 7 and is prone to elevation of privilege vulnerability. A flaw is present in the application, which is caused when the Windows kernel-mode driver improperly handles objec ...

oval:org.secpod.oval:def:9254
The host is installed with Microsoft Windows XP, Server 2003, Server 2008, Server 2008 R2, Server 2012, Windows Vista, or Windows 7 and is prone to elevation of privilege vulnerability. A flaw is present in the application, which is caused when the Windows kernel-mode driver improperly handles objec ...

oval:org.secpod.oval:def:9255
The host is installed with Microsoft Windows XP, Server 2003, Server 2008, Server 2008 R2, Server 2012, Windows Vista, or Windows 7 and is prone to elevation of privilege vulnerability. A flaw is present in the application, which is caused when the Windows kernel-mode driver improperly handles objec ...

oval:org.secpod.oval:def:9256
The host is installed with Microsoft Windows XP, Server 2003, Server 2008, Server 2008 R2, Server 2012, Windows Vista, or Windows 7 and is prone to elevation of privilege vulnerability. A flaw is present in the application, which is caused when the Windows kernel-mode driver improperly handles objec ...

oval:org.secpod.oval:def:9252
The host is installed with Microsoft Windows XP, Server 2003, Server 2008, Server 2008 R2, Server 2012, Windows Vista, or Windows 7 and is prone to elevation of privilege vulnerability. A flaw is present in the application, which is caused when the Windows kernel-mode driver improperly handles objec ...

oval:org.secpod.oval:def:9260
The host is installed with Microsoft Windows XP, Server 2003, Server 2008, Server 2008 R2, Server 2012, Windows Vista, or Windows 7 and is prone to elevation of privilege vulnerability. A flaw is present in the application, which is caused when the Windows kernel-mode driver improperly handles objec ...

oval:org.secpod.oval:def:9268
The host is installed with Microsoft Windows XP, Server 2003, Server 2008, Server 2008 R2, Server 2012, Windows Vista, or Windows 7 and is prone to elevation of privilege vulnerability. A flaw is present in the application, which is caused when the Windows kernel-mode driver improperly handles objec ...

oval:org.secpod.oval:def:9269
The host is installed with Microsoft Windows XP, Server 2003, Server 2008, Server 2008 R2, Server 2012, Windows Vista, or Windows 7 and is prone to elevation of privilege vulnerability. A flaw is present in the application, which is caused when the Windows kernel-mode driver improperly handles objec ...

oval:org.secpod.oval:def:9264
The host is installed with Microsoft Windows XP, Server 2003, Server 2008, Server 2008 R2, Server 2012, Windows Vista, or Windows 7 and is prone to elevation of privilege vulnerability. A flaw is present in the application, which is caused when the Windows kernel-mode driver improperly handles objec ...

oval:org.secpod.oval:def:9265
The host is installed with Microsoft Windows XP, Server 2003, Server 2008, Server 2008 R2, Server 2012, Windows Vista, or Windows 7 and is prone to elevation of privilege vulnerability. A flaw is present in the application, which is caused when the Windows kernel-mode driver improperly handles objec ...

oval:org.secpod.oval:def:9266
The host is installed with Microsoft Windows XP, Server 2003, Server 2008, Server 2008 R2, Server 2012, Windows Vista, or Windows 7 and is prone to elevation of privilege vulnerability. A flaw is present in the application, which is caused when the Windows kernel-mode driver improperly handles objec ...

oval:org.secpod.oval:def:9267
The host is installed with Microsoft Windows XP, Server 2003, Server 2008, Server 2008 R2, Server 2012, Windows Vista, or Windows 7 and is prone to elevation of privilege vulnerability. A flaw is present in the application, which is caused when the Windows kernel-mode driver improperly handles objec ...

oval:org.secpod.oval:def:9261
The host is installed with Microsoft Windows XP, Server 2003, Server 2008, Server 2008 R2, Server 2012, Windows Vista, or Windows 7 and is prone to elevation of privilege vulnerability. A flaw is present in the application, which is caused when the Windows kernel-mode driver improperly handles objec ...

oval:org.secpod.oval:def:9262
The host is installed with Microsoft Windows XP, Server 2003, Server 2008, Server 2008 R2, Server 2012, Windows Vista, or Windows 7 and is prone to elevation of privilege vulnerability. A flaw is present in the application, which is caused when the Windows kernel-mode driver improperly handles objec ...

oval:org.secpod.oval:def:9263
The host is installed with Microsoft Windows XP, Server 2003, Server 2008, Server 2008 R2, Server 2012, Windows Vista, or Windows 7 and is prone to elevation of privilege vulnerability. A flaw is present in the application, which is caused when the Windows kernel-mode driver improperly handles objec ...

oval:org.secpod.oval:def:10745
The host is installed with Microsoft Active Directory or Active Directory Application Mode (ADAM) or Active Directory Lightweight Directory Service (AD LDS) or Active Directory Services and is prone to a denial of service vulnerability. A flaw is present in an application, which fails to handle a cr ...

oval:org.secpod.oval:def:9236
The host is installed with Microsoft Windows XP, Server 2003, Server 2008, Server 2008 R2, Server 2012, Windows Vista, Windows 7 or Windows 8 and is prone to elevation of privilege vulnerability. A flaw is present in the application, which is caused when the Windows kernel improperly handles objects ...

oval:org.secpod.oval:def:9237
The host is installed with Microsoft Windows XP, Server 2003, Server 2008, Server 2008 R2, Server 2012, Windows Vista, Windows 7 or Windows 8 and is prone to elevation of privilege vulnerability. A flaw is present in the application, which is caused when the Windows kernel improperly handles objects ...

oval:org.secpod.oval:def:9238
The host is installed with Microsoft Windows XP, Server 2003, Server 2008, Server 2008 R2, Server 2012, Windows Vista, Windows 7 or Windows 8 and is prone to elevation of privilege vulnerability. A flaw is present in the application, which is caused when the Windows kernel improperly handles objects ...

oval:org.secpod.oval:def:9270
The host is installed with Microsoft Windows XP, Server 2003, Server 2008, Server 2008 R2, Server 2012, Windows Vista, or Windows 7 and is prone to elevation of privilege vulnerability. A flaw is present in the application, which is caused when the Windows kernel-mode driver improperly handles objec ...

oval:org.secpod.oval:def:9271
The host is installed with Microsoft Windows XP, Server 2003, Server 2008, Server 2008 R2, Server 2012, Windows Vista, or Windows 7 and is prone to elevation of privilege vulnerability. A flaw is present in the application, which is caused when the Windows kernel-mode driver improperly handles objec ...

oval:org.secpod.oval:def:9272
The host is installed with Microsoft Windows XP, Server 2003, Server 2008, Server 2008 R2, Server 2012, Windows Vista, or Windows 7 and is prone to elevation of privilege vulnerability. A flaw is present in the application, which is caused when the Windows kernel-mode driver improperly handles objec ...

oval:org.secpod.oval:def:9273
The host is installed with Microsoft Windows XP, Server 2003, Server 2008, Server 2008 R2, Server 2012, Windows Vista or Windows 7 and is prone to elevation of privilege vulnerability. A flaw is present in the application, which is caused when the Windows kernel-mode driver improperly handles object ...

oval:org.secpod.oval:def:9742
The host is installed with Microsoft Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows 8 or Windows Server 2012 and is prone to a privilege escalation vulnerability. A flaw is present in the kernel-mode drivers, which fails to handle obje ...

oval:org.secpod.oval:def:9741
The host is installed with Microsoft Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows 8 or Windows Server 2012 and is prone to a privilege escalation vulnerability. A flaw is present in the kernel-mode drivers, which fails to handle obje ...

oval:org.secpod.oval:def:9740
The host is installed with Microsoft Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows 8 or Windows Server 2012 and is prone to a privilege escalation vulnerability. A flaw is present in the kernel-mode drivers, which fails to handle obje ...

oval:org.secpod.oval:def:10733
The host is installed with Microsoft Windows XP, Server 2003, Server 2008, R2, Server 2012, Windows Vista, Windows 7 or Windows 8 and is prone to elevation of privilege vulnerability. A flaw is present in the application, which fails to handle objects in memory. Successful exploitation allows attack ...

oval:org.secpod.oval:def:10950
The host is installed with Microsoft Internet Explorer 6 through 8 and is prone to JSON array information disclosure vulnerability. A flaw is present in the application, which fails to properly restrict data access by VBScript. Successful exploitation could allow attackers to perform cross-domain re ...

oval:org.secpod.oval:def:10729
The host is installed with Windows XP, Server 2003, Vista, or Server 2008 are prone to a CSRSS memory corruption vulnerability. A flaw is present in the application, which fails to handle a crafted application. Successful exploitation could allow attackers to gain privileges.

oval:org.secpod.oval:def:10738
The host is installed with Microsoft Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012 and is prone to a race condition vulnerability. A flaw is present in the application, which fails to properly handle objec ...

oval:org.secpod.oval:def:14307
The host is installed with Microsoft Windows Vista, Windows XP, Windows Server 2003, Windows Server 2008, Windows Server 2008 R2, Windows 7, Windows 8 or Windows Server 2012 and is prone to an elevation of privilege vulnerability. The flaw is present in the application, which fails to properly hand ...

oval:org.secpod.oval:def:10948
The host is installed with Microsoft Internet Explorer 6 through 10 and is prone to an use after free vulnerability. A flaw is present in the application, which fails to handle a crafted web site that triggers access to a deleted object. Successful exploitation could allow attackers to execute arbit ...

oval:org.secpod.oval:def:10953
The host is installed with Microsoft Internet Explorer 6 through 10 and is prone to an use after free vulnerability. A flaw is present in the application, which fails to handle a crafted web site that triggers access to a deleted object. Successful exploitation could allow attackers to execute arbit ...

oval:org.secpod.oval:def:10954
The host is installed with Microsoft Internet Explorer 6 or 7 and is prone to an use after free vulnerability. A flaw is present in the application, which fails to handle a crafted web site that triggers access to a deleted object. Successful exploitation could allow attackers to execute arbitrary c ...

oval:org.secpod.oval:def:10741
The host is installed with Microsoft Internet Explorer 6 through 10 and is prone to an use-after-free vulnerability. A flaw is present in the application, which fails to handle a crafted web site that triggers access to a deleted object. Successful exploitation could allow attackers to execute arbit ...

oval:org.secpod.oval:def:10742
The host is installed with Microsoft Internet Explorer 6 through 10 and is prone to an use-after-free vulnerability. A flaw is present in the application, which fails to handle a crafted web site that triggers access to a deleted object. Successful exploitation could allow attackers to execute arbit ...

oval:org.secpod.oval:def:10847
The host is installed with Microsoft Internet Explorer 6 through 10 and is prone to use-after-free vulnerability. A flaw is present in the application, which fails to handle a crafted web site that triggers access to a deleted object. Successful exploitation allows attackers to execute arbitrary cod ...

oval:org.secpod.oval:def:15421
The host is installed with Microsoft Windows Vista, Windows XP, Windows Server 2003, Windows Server 2008, Windows Server 2008 R2, Windows 7, Windows 8 or Windows Server 2012 and is prone to an elevation of privilege vulnerability. The flaw is present in the Windows Kernel-Mode, which fails to proper ...

oval:org.secpod.oval:def:15420
The host is installed with Microsoft Windows Vista, Windows XP, Windows Server 2003, Windows Server 2008, Windows Server 2008 R2, Windows 7, or Windows 8 and is prone to an elevation of privilege vulnerability. The flaw is present in the Windows Kernel-Mode, which fails to properly handle objects in ...

oval:org.secpod.oval:def:10946
The host is installed with .NET Framework 2.0, 3.5, 3.5.1, 4.0 or 4.5 and is prone to spoofing vulnerability. A flaw is present in the application, which fails to check signatures in XML file. Successful exploitation allows attackers to make undetected changes to signed XML documents via unspecified ...

oval:org.secpod.oval:def:10968
The host is installed with Microsoft Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, R2, Windows 7, Windows 8, Windows Server 2012 and is prone to a windows handle vulnerability. A flaw is present in the application which fails to properly handle deleted objects in memory. Succe ...

oval:org.secpod.oval:def:14308
The host is installed with Microsoft Windows Vista, Windows XP, Windows Server 2003, Windows Server 2008, Windows Server 2008 R2, Windows 7, Windows 8 or Windows Server 2012 and is prone to an elevation of privilege vulnerability. The flaw is present in the application, which fails to properly hand ...

oval:org.secpod.oval:def:15422
The host is installed with Microsoft Windows Vista, Windows XP, Windows Server 2003, Windows Server 2008, Windows Server 2008 R2, Windows 7, Windows 8 or Windows Server 2012 and is prone to an elevation of privilege vulnerability. The flaw is present in the Windows Kernel-Mode, which fails to proper ...

oval:org.secpod.oval:def:15423
The host is installed with Microsoft Windows Vista, Windows XP, Windows Server 2003, Windows Server 2008, Windows Server 2008 R2, Windows 7, Windows 8 or Windows Server 2012 and is prone to an elevation of privilege vulnerability. The flaw is present in the Windows Kernel-Mode, which fails to proper ...

oval:org.secpod.oval:def:14309
The host is installed with Microsoft Windows Vista, Windows XP, Windows Server 2003, Windows Server 2008, Windows Server 2008 R2, Windows 7, Windows 8 or Windows Server 2012 and is prone to an elevation of privilege vulnerability. The flaw is present in the application, which fails to properly hand ...

oval:org.secpod.oval:def:10957
The host is installed with Microsoft Internet Explorer 6 through 10 and is prone to an use after free vulnerability. A flaw is present in the application, which fails to handle a crafted web site that triggers access to a deleted object. Successful exploitation could allow attackers to execute arbit ...

oval:org.secpod.oval:def:14178
The host is installed with Microsoft Internet Explorer 6 through 10 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle a deleted object in memory. Successful exploitation could allow attackers to execute arbitrary code.

oval:org.secpod.oval:def:14175
The host is installed with Microsoft Internet Explorer 6 through 10 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle a deleted object in memory. Successful exploitation could allow attackers to execute arbitrary code.

oval:org.secpod.oval:def:14180
The host is installed with Microsoft Internet Explorer 7, 8 or 9 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle a deleted object in memory. Successful exploitation could allow attackers to execute arbitrary code.

oval:org.secpod.oval:def:14185
The host is installed with Microsoft Internet Explorer 6 through 10 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle a deleted object in memory. Successful exploitation could allow attackers to execute arbitrary code.

oval:org.secpod.oval:def:14282
The host is installed with Microsoft Internet Explorer 7, 8, 9 or 10 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly process a web script. Successful exploitation could allow attackers to execute arbitrary code or cause a denial of ser ...

oval:org.secpod.oval:def:15662
The host is installed with .Net framework 3.0, 3.5.1, 4.0 or 4.5 and is prone to an openType font parsing vulnerability. A flaw is present in the application, which fails to handle a crafted OTF file. Successful exploitation could allow attackers to take complete control of an affected system.

oval:org.secpod.oval:def:14327
The host is installed with Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5.1, 4 or 4.5 and is prone to delegate reflection bypass vulnerability. A flaw is present in the application, which fails to properly check the permissions of objects that use reflection. Successful exploitation allows ...

oval:org.secpod.oval:def:14328
The host is installed with Microsoft .NET Framework 2.0 SP2, 3.5.1, 4 or 4.5 or Silverlight 5 before 5.1.20513.0 and is prone to array access violation vulnerability. A flaw is present in the applications, which fail to properly prevent changes to data in multidimensional arrays of structures. Succe ...

oval:org.secpod.oval:def:14317
The host is installed with Microsoft Office 2003 SP3 /2007 SP3 /2010 SP1, Windows, Visual Studio .NET 2003 SP1, Lync 2010, Lync Basic 2013 or Lync 2010 Attendee, and is prone to remote code execution vulnerability. A flaw is present in the application, which fails to properly process crafted TrueTyp ...

oval:org.secpod.oval:def:14193
The host is installed with Microsoft Internet Explorer 6 through 10 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle a deleted object in memory. Successful exploitation could allow attackers to execute arbitrary code.

oval:org.secpod.oval:def:14191
The host is installed with Microsoft Internet Explorer 6 through 10 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle a deleted object in memory. Successful exploitation could allow attackers to execute arbitrary code.

oval:org.secpod.oval:def:14325
Microsoft .NET Framework 2.0 SP2, 3.5.1, 4 or 4.5 on 64-bit platforms and is prone to array allocation vulnerability. A flaw is present in the application, which fails to properly allocate arrays of structures. Successful exploitation allows attackers to execute arbitrary code.

oval:org.secpod.oval:def:14326
The host is installed with Microsoft .NET Framework 2.0 SP2, 3.5.1, 4 or 4.5 and is prone to anonymous method injection vulnerability. A flaw is present in the application, which fails to properly check the permissions of objects that use reflection. Successful exploitation allows attackers to execu ...

oval:org.secpod.oval:def:14293
The host is installed with Microsoft Internet Explorer 6, 7, 8, 9 or 10 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly process a webpage. Successful exploitation could allow attackers to execute arbitrary code or cause a denial of ser ...

oval:org.secpod.oval:def:14288
The host is installed with Microsoft Internet Explorer 6, 7, 8, 9 or 10 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly process a webpage. Successful exploitation could allow attackers to execute arbitrary code or cause a denial of ser ...

oval:org.secpod.oval:def:14287
The host is installed with Microsoft Internet Explorer 6, 7, 8 or 9 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly process a webpage. Successful exploitation could allow attackers to execute arbitrary code or cause a denial of service ...

oval:org.secpod.oval:def:14295
The host is installed with Microsoft Internet Explorer 7, 8, 9 or 10 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly process a webpage. Successful exploitation could allow attackers to execute arbitrary code or cause a denial of servic ...

oval:org.secpod.oval:def:14833
The host is installed with Microsoft Windows and is prone to a remote procedure call vulnerability. A flaw is present in the application, which fails to handle asynchronous RPC requests. Successful exploitation could allow attackers to execute arbitrary code.

oval:org.secpod.oval:def:14299
The host is installed with DirectShow in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8 or Windows Server 2012 and is prone to a remote code execution vulnerability. A flaw is present in the application, whic ...

oval:org.secpod.oval:def:14298
The host is installed with Microsoft Internet Explorer 6, 7, 8, 9 or 10 and is prone to a cross-site scripting vulnerability. A flaw is present in the application, which fails to properly process a HTML webpage. Successful exploitation could allow attackers to inject arbitrary web script or HTML via ...

oval:org.secpod.oval:def:14310
The host is installed with Microsoft Windows Vista, Windows XP, Windows Server 2003, Windows Server 2008, Windows Server 2008 R2 or Windows 7 and is prone to a elevation of privilege vulnerability. The flaw is present in the application, which fails to properly handle objects in memory. Successful ...

oval:org.secpod.oval:def:14311
The host is installed with Microsoft Windows Vista, Windows XP, Windows Server 2003, Windows Server 2008, Windows Server 2008 R2 or Windows 7 and is prone to a elevation of privilege vulnerability. The flaw is present in the application, which fails to properly handle objects in memory. Successful ...

oval:org.secpod.oval:def:14312
The host is installed with Microsoft Windows Vista, Windows XP, Windows Server 2003, Windows Server 2008, Windows Server 2008 R2, Windows 7, Windows 8 or Windows Server 2012 and is prone to an elevation of privilege vulnerability. The flaw is present in the application, which fails to properly hand ...

oval:org.secpod.oval:def:14324
The host is installed with Microsoft .NET Framework 2.0 SP2, 3.5.1, 4 or 4.5 and is prone to delegate serialization vulnerability. A flaw is present in the application, which fails to properly check the permissions of delegate objects. Successful exploitation allows attackers to execute arbitrary co ...

oval:org.secpod.oval:def:14827
The host is installed with Windows XP or Windows Server 2003 is prone to a code execution vulnerability. The flaw is present in the Unicode Script Processor implementation in USP10.DLL in Microsoft Windows, which is fails to validate crafted OpenType font. Successful exploitation could allow an atta ...

oval:org.secpod.oval:def:14814
The host is installed with Internet Explorer 7, 8, 9 or 10 and is prone to memory corruption vulnerability. A flaw is present in the application, which fails to properly access an object in memory. Successful exploitation allows attackers to execute arbitrary code in the context of the current user.

oval:org.secpod.oval:def:15659
The host is installed with Microsoft Windows XP, Microsoft Windows Server 2003, Microsoft Windows Vista, Microsoft Windows Server 2008, Microsoft Windows 7, Microsoft Windows Server 2008 R2, Microsoft Windows 8 or Microsoft Windows Server 2012 and is prone to remote code execution vulnerability. A f ...

oval:org.secpod.oval:def:14823
The host is installed with Internet Explorer 6, 7, 8, 9 or 10 and is prone to cross-site-scripting (XSS) vulnerability. A flaw is present in the application, which fails to properly handle certain character sequences. Successful exploitation allows attackers to perform cross-site scripting attacks.

oval:org.secpod.oval:def:15666
The host is installed with Microsoft Windows XP SP2, SP3, Server 2003 SP2, Vista SP2, Server 2008 SP2, Server 2008 R2 SP2, Windows 7 SP1, Windows Server 2012 or Windows 8 and is prone to elevation of privilege vulnerability. A flaw is present in the application, which fails to properly handle object ...

oval:org.secpod.oval:def:14815
The host is installed with Internet Explorer 6, 7, 8, 9 or 10 and is prone to memory corruption vulnerability. A flaw is present in the application, which fails to properly access an object in memory. Successful exploitation allows attackers to execute arbitrary code in the context of the current us ...

oval:org.secpod.oval:def:15397
The host is installed with Internet Explorer 7, 8, 9 or 10 and is prone to memory corruption vulnerability. The flaw is present in the application, which fails to properly handle crafted webpage. Successful exploitation allows attackers to execute arbitrary code and gain the user rights as the curre ...

oval:org.secpod.oval:def:15398
The host is installed with Internet Explorer 6, 7 or 8 and is prone to memory corruption vulnerability. The flaw is present in the application, which fails to properly handle crafted webpage. Successful exploitation allows attackers to execute arbitrary code and gain the user rights as the current u ...

oval:org.secpod.oval:def:14313
The host is installed with Microsoft Windows Vista, Windows XP, Windows Server 2003, Windows Server 2008, Windows Server 2008 R2, Windows 7, Windows 8 or Windows Server 2012 and is prone to a elevation of privilege vulnerability. The flaw is present in the application, which fails to properly handl ...

oval:org.secpod.oval:def:15663
The host is installed with .Net framework 2.0, 3.5.1, 4.0 or 4.5 and is prone to an entity expansion vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to crash the service.

oval:org.secpod.oval:def:15664
The host is installed with .Net framework 2.0, 3.5.1, 4.0 or 4.5 and is prone to a JSON parsing vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to crash the service.

oval:org.secpod.oval:def:15425
The host is installed with Microsoft Windows Vista, Windows XP, Windows Server 2003, Windows Server 2008, Windows Server 2008 R2, Windows 7, Windows 8 or Windows Server 2012 and is prone to an elevation of privilege vulnerability. The flaw is present in the Windows Kernel-Mode, which fails to proper ...

oval:org.secpod.oval:def:15426
The host is installed with Microsoft Windows Vista, Windows XP, Windows Server 2003, Windows Server 2008, Windows Server 2008 R2, Windows 7, Windows 8 or Windows Server 2012 and is prone to an elevation of privilege vulnerability. The flaw is present in the Windows Kernel-Mode, which fails to proper ...

oval:org.secpod.oval:def:15424
The host is installed with Microsoft Windows Vista, Windows XP, Windows Server 2003, Windows Server 2008, Windows Server 2008 R2, Windows 7, Windows 8 or Windows Server 2012 and is prone to an elevation of privilege vulnerability. The flaw is present in the Windows Kernel-Mode, which fails to proper ...

oval:org.secpod.oval:def:15964
The host is installed with Microsoft Windows XP SP3, Server 2003 SP2, Vista Sp2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8, Windows 8.1, Server 2012 or Server 2012 R2 and is prone to denial of service vulnerability. A flaw is present in the application, which fails to properly ha ...

oval:org.secpod.oval:def:15405
The host is installed with Microsoft Windows XP or Microsoft Windows Server 2003 and is prone to remote code execution vulnerability. The flaw is present in the Object Linking and Embedding (OLE), which fails to properly handle OLE objects in memory. Successful exploitation allows attackers to take ...

oval:org.secpod.oval:def:15667
The host is installed with Microsoft Windows XP SP2, SP3, Server 2003 SP2, Vista SP2, Server 2008 SP2, Server 2008 R2 SP2, Windows 7 SP1, Windows Server 2012 or Windows 8 and is prone to elevation of privilege vulnerability. A flaw is present in the application, which fails to properly handle object ...

oval:org.secpod.oval:def:15642
The host is installed with Microsoft Internet Explorer 6, 7, 8, 9 or 10 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to crash the service.

oval:org.secpod.oval:def:15461
The host is installed with Internet Explorer 6, 7, 8, 9, or 10 and is prone to remote code execution vulnerability. The flaw is present in the application, which fails to properly handle an object in memory that has been deleted or has not been properly allocated. Successful exploitation allows atta ...

oval:org.secpod.oval:def:15958
The host is installed with Microsoft Windows XP SP2, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2 SP1, Windows 7 SP1, Windows 8 or Windows Server 2012 and is prone to an ancillary function driver information disclosure vulnerability. A flaw is present in the application, w ...

oval:org.secpod.oval:def:15650
The host is installed with Microsoft Internet Explorer 6, 7, 8, 9 or 10 and is prone to a memory corruption vulnerability. A flaw is present in the applications, which fails to handle crafted data. Successful exploitation could allow attackers to crash the service.

oval:org.secpod.oval:def:15671
The host is installed with Microsoft Windows XP SP2, SP3, Server 2003 SP2, Vista SP2, Server 2008 SP2, Server 2008 R2 SP2, Windows 7 SP1, Windows Server 2012 or Windows 8 and is prone to remote code vulnerability. A flaw is present in the application, which fails to properly parse OpenType fonts. Su ...

oval:org.secpod.oval:def:15982
The host is installed with Microsoft Internet Explorer 6, 7, 8, 9 or 10 and is prone to a information disclosure vulnerability. The flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to bypass the Same Origin Policy and obtain sensit ...

oval:org.secpod.oval:def:15983
The host is installed with Microsoft Internet Explorer 6, 7 or 8 and is prone to a information disclosure vulnerability. The flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to read content from a different domain or zone via craft ...

oval:org.secpod.oval:def:15984
The host is installed with Microsoft Internet Explorer 6, 7, 8 or 9 and is prone to a memory corruption vulnerability. The flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to crash the service.

oval:org.secpod.oval:def:15641
The host is installed with Microsoft Internet Explorer 6, 7, 8, 9 or 10 and is prone to a memory corruption vulnerability. A flaw is present in the applications, which fails to handle crafted data. Successful exploitation could allow attackers to crash the service.

oval:org.secpod.oval:def:15969
The host is installed with Microsoft Windows XP SP2, Windows XP SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 or Windows Server 2012 R2 and is prone to remote code execution vulnerability. A flaw is prese ...

oval:org.secpod.oval:def:15998
The host is installed with Microsoft Windows XP SP3, Server 2003 SP2, Vista Sp2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8, Windows 8.1, Server 2012 or Server 2012 R2 and is prone to remote code execution vulnerability. A flaw is present in the application, which fails to handle ...

oval:org.secpod.oval:def:15990
The host is installed with Microsoft Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. The flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to crash the service.

oval:org.secpod.oval:def:15988
The host is installed with Microsoft Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. The flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to crash the service.

oval:org.secpod.oval:def:21542
The host is installed with Microsoft Windows Server 2003 and is prone to an elevation of privilege vulnerability. A flaw is present in the Transmission Control Protocol/Internet Protocol (TCP/IP) stack, which fails to handle a specially crafted objects in memory during IOCTL processing. Successful e ...

oval:org.secpod.oval:def:21548
The host is installed with Microsoft Windows Server 2003, Server 2008, Server 2008 R2, Windows Vista, Windows 7, Server 2012, Server 2012 R2, Windows 8 or Windows 8.1 and is prone to a remote code execution vulnerability. A flaw is present in the OLE automation array, which fails to handle crafted O ...

oval:org.secpod.oval:def:79
The host is installed with Microsoft Internet Explorer is prone to uninitialized memory corruption vulnerability. A flaw is present in the application, which fails to properly handle an object that has not been correctly initialized or has been deleted. Successful exploitation could allow attackers ...

oval:org.secpod.oval:def:1049
The host is missing a critical security update according to Microsoft security bulletin, MS11-003. The update is required to fix memory corruption vulnerability in Microsoft Internet Explorer. A flaw is present in the application, which fails to properly handle memory access. Successful exploitation ...

oval:org.mitre.oval:def:5481
Stack-based buffer overflow in certain ActiveX controls in (1) FPOLE.OCX 6.0.8450.0 and (2) Foxtlib.ocx, as used in the Microsoft Visual FoxPro 6.0 fpole 1.0 Type Library; and Internet Explorer 5.01, 6 SP1 and SP2, and 7; allows remote attackers to execute arbitrary code via a long first argument to ...

oval:org.mitre.oval:def:5408
Unspecified vulnerability in Local Security Authority Subsystem Service (LSASS) in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 and SP2 allows local users to gain privileges via a crafted local procedure call (LPC) request.

oval:org.mitre.oval:def:5578
Stack-based buffer overflow in Microsoft msjet40.dll 4.0.8618.0 (aka Microsoft Jet Engine), as used by Access 2003 in Microsoft Office 2003 SP3, allows user-assisted attackers to execute arbitrary code via a crafted MDB file database file containing a column structure with a modified column count. ...

oval:org.mitre.oval:def:5850
Unspecified vulnerability in the Load method in the IPersistStreamInit interface in the Active Template Library (ATL), as used in the Microsoft Video ActiveX control in msvidctl.dll in DirectShow, in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 20 ...

oval:org.mitre.oval:def:7436
Stack-based buffer overflow in the CComVariant::ReadFromStream function in the Active Template Library (ATL), as used in the MPEG2TuneRequest ActiveX control in msvidctl.dll in DirectShow, in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold ...

oval:org.mitre.oval:def:5487
Unspecified vulnerability in Microsoft Internet Explorer 5.01, 6 SP1 and SP2, and 7 allows remote attackers to execute arbitrary code via crafted HTML layout combinations, aka "HTML Rendering Memory Corruption Vulnerability."

oval:org.mitre.oval:def:5308
Unspecified vulnerability in Microsoft Internet Information Services (IIS) 5.1 through 6.0 allows remote attackers to execute arbitrary code via crafted inputs to ASP pages.

oval:org.mitre.oval:def:5389
Unspecified vulnerability in Microsoft Internet Information Services (IIS) 5.0 through 7.0 allows local users to gain privileges via unknown vectors related to file change notifications in the TPRoot, NNTPFile\Root, or WWWRoot folders.

oval:org.mitre.oval:def:4904
Unspecified vulnerability in an ActiveX control (dxtmsft.dll) in Microsoft Internet Explorer 5.01, 6 SP1 and SP2, and 7 allows remote attackers to execute arbitrary code via a crafted image, aka "Argument Handling Memory Corruption Vulnerability."

oval:org.mitre.oval:def:5396
Use-after-free vulnerability in Microsoft Internet Explorer 6 SP1, 6 SP2, and and 7 allows remote attackers to execute arbitrary code by assigning malformed values to certain properties, as demonstrated using the by property of an animateMotion SVG element, aka "Property Memory Corruption Vulnerabil ...

oval:org.mitre.oval:def:5381
Heap-based buffer overflow in the WebDAV Mini-Redirector in Microsoft Windows XP SP2, Server 2003 SP1 and SP2, and Vista allows remote attackers to execute arbitrary code via a crafted WebDAV response.

oval:org.mitre.oval:def:5181
Unspecified vulnerability in Active Directory on Microsoft Windows 2000 and Windows Server 2003, and Active Directory Application Mode (ADAM) on XP and Server 2003, allows remote attackers to cause a denial of service (hang and restart) via a crafted LDAP request.

oval:org.mitre.oval:def:5437
Unspecified vulnerability in the kernel in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, through Vista SP1, and Server 2008 allows local users to execute arbitrary code via unknown vectors related to improper input validation. NOTE: it was later reported that one affected function is ...

oval:org.mitre.oval:def:5475
The HxTocCtrl ActiveX control (hxvz.dll), as used in Microsoft Internet Explorer 5.01 SP4 and 6 SP1, in Windows XP SP2, Server 2003 SP1 and SP2, Vista SP1, and Server 2008, allows remote attackers to execute arbitrary code via malformed arguments, which triggers memory corruption.

oval:org.mitre.oval:def:5580
Stack-based buffer overflow in GDI in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, Vista, and Server 2008 allows remote attackers to execute arbitrary code via an EMF image file with crafted filename parameters, aka "GDI Stack Overflow Vulnerability."

oval:org.mitre.oval:def:5563
Use-after-free vulnerability in Microsoft Internet Explorer 5.01 SP4, 6 through SP1, and 7 allows remote attackers to execute arbitrary code via a crafted data stream that triggers memory corruption, as demonstrated using an invalid MIME-type that does not have a registered handler.

oval:org.mitre.oval:def:4910
Active Directory on Microsoft Windows 2000 Server SP4, XP Professional SP2 and SP3, Server 2003 SP1 and SP2, and Server 2008 allows remote authenticated users to cause a denial of service (system hang or reboot) via a crafted LDAP request.

oval:org.mitre.oval:def:5720
Heap-based buffer overflow in the substringData method in Microsoft Internet Explorer 6 and 7 allows remote attackers to execute arbitrary code, related to an unspecified manipulation of a DOM object before a call to this method, aka the "HTML Objects Memory Corruption Vulnerability."

oval:org.mitre.oval:def:5764
Integer overflow in the Internet Printing Protocol (IPP) ISAPI extension in Microsoft Internet Information Services (IIS) 5.0 through 7.0 on Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, and Server 2008 allows remote authenticated users to execute arbitrary code via an HTTP POST request ...

oval:org.mitre.oval:def:5582
The WINS service on Microsoft Windows 2000 SP4, and Server 2003 SP1 and SP2, does not properly validate data structures in WINS network packets, which allows local users to gain privileges via a crafted packet, aka "Memory Overwrite Vulnerability."

oval:org.mitre.oval:def:6095
The Event System in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly validate per-user subscriptions, which allows remote authenticated users to execute arbitrary code via a crafted event subscription request.

oval:org.mitre.oval:def:5291
The setRequestHeader method of the XMLHttpRequest object in Microsoft Internet Explorer 5.01, 6, and 7 does not block dangerous HTTP request headers when certain 8-bit character sequences are appended to a header name, which allows remote attackers to (1) conduct HTTP request splitting and HTTP requ ...

oval:org.mitre.oval:def:5902
The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly validate window properties sent from a parent window to a child window during creation of a new window, which allows local users to gain privileges via a crafted a ...

oval:org.mitre.oval:def:5984
Integer overflow in GDI in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to execute arbitrary code via a malformed header in a crafted WMF file, which triggers a buffer overflow, aka "GDI Integer Overflow Vulnerabilit ...

oval:org.mitre.oval:def:6010
Double free vulnerability in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows local users to gain privileges via a crafted application that makes system calls within multiple threads, aka "Windows Kernel Unhandled Exception ...

oval:org.mitre.oval:def:5820
Microsoft Internet Explorer 6 and 7 accesses uninitialized memory, which allows remote attackers to cause a denial of service (crash) and execute arbitrary code via unknown vectors, aka "HTML Object Memory Corruption Vulnerability."

oval:org.mitre.oval:def:5602
Microsoft Internet Explorer 5.01, 6, and 7 accesses uninitialized memory, which allows remote attackers to cause a denial of service (crash) and execute arbitrary code via unknown vectors, a different vulnerability than CVE-2008-2254, aka "HTML Object Memory Corruption Vulnerability."

oval:org.mitre.oval:def:5266
Microsoft Internet Explorer 5.01, 6, and 7 accesses uninitialized memory in certain conditions, which allows remote attackers to cause a denial of service (crash) and execute arbitrary code via vectors related to a document object "appended in a specific order," aka "HTML Objects Memory Corruption V ...

oval:org.mitre.oval:def:5913
Microsoft Internet Explorer 6 and 7 does not perform proper "argument validation" during print preview, which allows remote attackers to execute arbitrary code via unknown vectors, aka "HTML Component Handling Vulnerability."

oval:org.mitre.oval:def:5366
Microsoft Internet Explorer 5.01, 6, and 7 does not properly handle objects that have been incorrectly initialized or deleted, which allows remote attackers to cause a denial of service (crash) and execute arbitrary code via unknown vectors, aka "Uninitialized Memory Corruption Vulnerability."

oval:org.mitre.oval:def:6045
The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly validate parameters sent from user mode to the kernel, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Memory Corruption ...

oval:org.mitre.oval:def:6025
Microsoft Internet Explorer 5.01, 6, and 7 accesses uninitialized memory in certain conditions, which allows remote attackers to cause a denial of service (crash) and execute arbitrary code via vectors related to a document object "appended in a specific order" with "particular functions ... perform ...

oval:org.mitre.oval:def:5901
Cross-domain vulnerability in Microsoft Internet Explorer 5.01 SP4, 6, and 7 allows remote attackers to access restricted information from other domains via JavaScript that uses the Object data type for the value of a (1) location or (2) location.href property, related to incorrect determination of ...

oval:org.mitre.oval:def:6062
Heap-based buffer overflow in an API in GDI in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows context-dependent attackers to cause a denial of service or execute arbitrary code via a WMF file with a malformed file-size parameter, which ...

oval:org.mitre.oval:def:5825
afd.sys in the Ancillary Function Driver (AFD) component in Microsoft Windows XP SP2 and SP3 and Windows Server 2003 SP1 and SP2 does not properly validate input sent from user mode to the kernel, which allows local users to gain privileges via a crafted application, as demonstrated using crafted po ...

oval:org.mitre.oval:def:13299
Microsoft Internet Explorer 6 and 7 does not properly determine the domain or security zone of origin of web script, which allows remote attackers to bypass the intended cross-domain security policy and obtain sensitive information via a crafted HTML document, aka "Cross-Domain Information Disclosur ...

oval:org.mitre.oval:def:13255
Microsoft Internet Explorer 6 and 7 does not properly determine the domain or security zone of origin of web script, which allows remote attackers to bypass the intended cross-domain security policy, and execute arbitrary code or obtain sensitive information, via a crafted HTML document, aka "Event ...

oval:org.mitre.oval:def:12364
Microsoft Internet Explorer 6 and 7 does not properly determine the domain or security zone of origin of web script, which allows remote attackers to bypass the intended cross-domain security policy, and execute arbitrary code or obtain sensitive information, via a crafted HTML document, aka "HTML E ...

oval:org.mitre.oval:def:13151
Microsoft Internet Explorer 6 does not properly handle errors related to using the componentFromPoint method on xml objects that have been (1) incorrectly initialized or (2) deleted, which allows remote attackers to execute arbitrary code via a crafted HTML document, aka "Uninitialized Memory Corrup ...

oval:org.mitre.oval:def:13344
Microsoft Internet Explorer 5.01 SP4 and 6 does not properly handle errors associated with access to uninitialized memory, which allows remote attackers to execute arbitrary code via a crafted HTML document, aka "HTML Objects Memory Corruption Vulnerability."

oval:org.mitre.oval:def:5787
Buffer underflow in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to execute arbitrary code via a Server Message Block (SMB) request that contains a filename with a crafted length, aka "SMB Buffer Underflow Vulnerabil ...

oval:org.mitre.oval:def:5343
Integer overflow in Memory Manager in Microsoft Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows local users to gain privileges via a crafted application that triggers an erroneous decrement of a variable, related to validation of parameters for Virtual Add ...

oval:org.mitre.oval:def:6093
The Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, and 7 Pre-Beta allows remote attackers to execute arbitrary code via a crafted RPC request that triggers the overflow during path canonicalization, as exploited in the wild by ...

oval:org.mitre.oval:def:5706
Microsoft Internet Explorer 7 sometimes attempts to access uninitialized memory locations, which allows remote attackers to execute arbitrary code via a crafted HTML document that triggers memory corruption, related to a WebDAV request for a file with a long name, aka "HTML Objects Memory Corruption ...

oval:org.mitre.oval:def:5829
Stack-based buffer overflow in Microsoft Internet Explorer 5.01 SP4, 6 SP1 on Windows 2000, and 6 on Windows XP and Server 2003 does not properly handle extraneous data associated with an object embedded in a web page, which allows remote attackers to execute arbitrary code via crafted HTML tags tha ...

oval:org.mitre.oval:def:6007
Use-after-free vulnerability in mshtml.dll in Microsoft Internet Explorer 5.01, 6, and 7 on Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to execute arbitrary code via a crafted XML document containing nested SPAN elements, as exploited ...

oval:org.mitre.oval:def:5799
Unspecified vulnerability in the Word 6 text converter in WordPad in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2; and the Word 6 text converter in Microsoft Office Word 2000 SP3 and 2002 SP3; allows remote attackers to execute arbitrary code via a crafted Word 6 file that ...

oval:org.mitre.oval:def:7158
The design of the W3C XML Signature Syntax and Processing (XMLDsig) recommendation, as implemented in products including (1) the Oracle Security Developer Tools component in Oracle Application Server 10.1.2.3, 10.1.3.4, and 10.1.4.3IM; (2) the WebLogic Server component in BEA Product Suite 10.3, 10. ...

oval:org.mitre.oval:def:5693
Heap-based buffer overflow in Microsoft Remote Desktop Connection (formerly Terminal Services Client) running RDP 5.0 through 6.1 on Windows, and Remote Desktop Connection Client for Mac 2.0, allows remote attackers to execute arbitrary code via unspecified parameters, aka "Remote Desktop Connection ...

oval:org.mitre.oval:def:6253
Memory leak in the LDAP service in Active Directory on Microsoft Windows 2000 SP4 and Server 2003 SP2, and Active Directory Application Mode (ADAM) on Windows XP SP2 and SP3 and Server 2003 SP2, allows remote attackers to cause a denial of service (memory consumption and service outage) via (1) LDAP ...

oval:org.mitre.oval:def:6316
The JScript scripting engine 5.1, 5.6, 5.7, and 5.8 in JScript.dll in Microsoft Windows, as used in Internet Explorer, does not properly load decoded scripts into memory before execution, which allows remote attackers to execute arbitrary code via a crafted web site that triggers memory corruption, ...

oval:org.mitre.oval:def:6109
The Message Queuing (aka MSMQ) service for Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP2, and Vista Gold does not properly validate unspecified IOCTL request data from user mode before passing this data to kernel mode, which allows local users to gain privileges via a crafted request, aka "MSM ...

oval:org.mitre.oval:def:5890
Stack consumption vulnerability in the LDAP service in Active Directory on Microsoft Windows 2000 SP4, Server 2003 SP2, and Server 2008 Gold and SP2; Active Directory Application Mode (ADAM) on Windows XP SP2 and SP3 and Server 2003 SP2; and Active Directory Lightweight Directory Service (AD LDS) on ...

oval:org.mitre.oval:def:11606
The CTimeoutEventList::InsertIntoTimeoutList function in Microsoft mshtml.dll uses a certain pointer value as part of producing Timer ID values for the setTimeout and setInterval methods in VBScript and JScript, which allows remote attackers to obtain sensitive information about the heap memory addr ...

oval:org.secpod.oval:def:685
The host is installed with Windows XP, Windows Vista, Windows Server 2008, Windows Server 2003 and Windows 7 and is prone to use after free vulnerability. A flaw is present in windows Kernel-mode drivers which does not properly manage kernel-mode driver objects. Successful exploitation allows attack ...

oval:org.secpod.oval:def:823
The host is missing an Important security update according to Microsoft security bulletin, MS11-034. The update is required to fix multiple privilege escalation vulnerabilities in Microsoft Windows. The flaws are present in Windows Kernel-mode drivers related to managing driver objects. Successful e ...

oval:org.secpod.oval:def:6688
The host is installed with Microsoft Windows XP, Server 2003, Vista, Server 2008, Windows 7 or Server 2008 R2 and is prone to format string vulnerability. A flaw is present in the application, which fails to handle a specially crafted response. Successful exploitation allows attackers to take comple ...

oval:org.secpod.oval:def:9287
The host is installed with Internet Explorer 7, 8, 9 or 10 and is prone to an use after free vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to execute arbitrary code.

oval:org.mitre.oval:def:780
Multiple TCP/IP and ICMP implementations, when using Path MTU (PMTU) discovery (PMTUD), allow remote attackers to cause a denial of service (network throughput reduction for TCP connections) via forged ICMP ("Fragmentation Needed and Don't Fragment was Set") packets with a low next-hop MTU value, ak ...

oval:org.mitre.oval:def:669
Heap-based buffer overflow in the WMCheckURLScheme function in WMVCORE.DLL in Microsoft Windows Media Player (WMP) 10.00.00.4036 on Windows XP SP2, Server 2003, and Server 2003 SP1 allows remote attackers to cause a denial of service (application crash) and execute arbitrary code via a long HREF att ...

oval:org.mitre.oval:def:2013
The Client Server Run-Time Subsystem (CSRSS) in Microsoft Windows allows local users to cause a denial of service (crash) or read arbitrary memory from csrss.exe via crafted arguments to the NtRaiseHardError function with status 0x50000018, a different vulnerability than CVE-2006-6696.

oval:org.mitre.oval:def:5388
Heap-based buffer overflow in Object Linking and Embedding (OLE) Automation in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, Vista, Office 2004 for Mac, and Visual basic 6.0 SP6 allows remote attackers to execute arbitrary code via a crafted script request.

oval:org.mitre.oval:def:5489
A certain ActiveX control in sapi.dll (aka the Speech API) in Speech Components in Microsoft Windows Vista, when the Speech Recognition feature is enabled, allows user-assisted remote attackers to delete arbitrary files, and conduct other unauthorized activities, via a web page with an embedded soun ...

oval:org.secpod.oval:def:23739
The host is installed with Microsoft Windows Server 2003, 2003 SP2, 2008, 2008 SP2, 2008 R2, 2008 R2 SP1, 2012 or 2012 R2 and is prone to a spoofing vulnerability. A flaw is present in the application, which fails to properly establish a secure communications channel. Successful exploitation could a ...

oval:org.secpod.oval:def:24338
The host is installed with Microsoft .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2, Office 2007 SP3 and 2010 SP2, Live Meeting 2007 Console, Lync 2010, Lync 2010 Attendee, Lync 2013 SP1, Lync Basic 2013 SP1, Silverlight 5 or Silverlight 5 Developer Runtime and is prone to a truetype f ...

oval:org.mitre.oval:def:2689
TCP, when using a large Window Size, makes it easier for remote attackers to guess sequence numbers and cause a denial of service (connection loss) to persistent TCP connections by repeatedly injecting a TCP RST packet, especially in protocols that use long-lived connections, such as BGP.

oval:org.mitre.oval:def:4804
Multiple TCP/IP and ICMP implementations allow remote attackers to cause a denial of service (reset TCP connections) via spoofed ICMP error messages, aka the "blind connection-reset attack." NOTE: CVE-2004-0790, CVE-2004-0791, and CVE-2004-1060 have been SPLIT based on different attacks; CVE-2005-0 ...

oval:org.mitre.oval:def:4549
Microsoft Windows XP SP2 and earlier, 2000 SP3 and SP4, Server 2003, and older operating systems allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted IP packets with malformed options, aka the "IP Validation Vulnerability."

oval:org.mitre.oval:def:4978
Windows Server 2003 and XP SP2, with Windows Firewall turned off, allows remote attackers to cause a denial of service (CPU consumption) via a TCP packet with the SYN flag set and the same destination and source address and port, aka a reoccurrence of the "Land" vulnerability (CVE-1999-0016).

oval:org.mitre.oval:def:609
The Microsoft Windows kernel in Microsoft Windows 2000 Server, Windows XP, and Windows Server 2003 allows remote attackers to cause a denial of service (crash) via crafted Remote Desktop Protocol (RDP) requests.

oval:org.mitre.oval:def:536
Buffer overflow in the Windows Media Format Runtime in Microsoft Windows Media Player (WMP) 6.4 and Windows XP SP2, Server 2003, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a crafted Advanced Systems Format (ASF) file.

oval:org.mitre.oval:def:1816
Double free vulnerability in Microsoft Windows 2000, XP, 2003, and Vista allows local users to gain privileges by calling the MessageBox function with a MB_SERVICE_NOTIFICATION message with crafted data, which sends a HardError message to Client/Server Runtime Server Subsystem (CSRSS) process, which ...

oval:org.mitre.oval:def:2012
The LDAP service in Windows Active Directory in Microsoft Windows 2000 Server SP4, Server 2003 SP1 and SP2, Server 2003 x64 Edition and SP2, and Server 2003 for Itanium-based Systems SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted LDAP request with an unspecified number o ...

oval:org.mitre.oval:def:5271
The kernel in Microsoft Windows 2000 SP4, XP SP2, and Server 2003, when ICMP Router Discovery Protocol (RDP) is enabled, allows remote attackers to cause a denial of service via fragmented router advertisement ICMP packets that trigger an out-of-bounds read, aka "Windows Kernel TCP/IP/ICMP Vulnerabi ...

oval:org.mitre.oval:def:5370
Unspecified vulnerability in the kernel in Microsoft Windows XP SP2, Server 2003, and Vista allows remote attackers to cause a denial of service (CPU consumption) and possibly execute arbitrary code via crafted (1) IGMPv3 and (2) MLDv2 packets that trigger memory corruption, aka "Windows Kernel TCP/ ...

oval:org.mitre.oval:def:1639
The Virtual DOS Machine (VDM) in the Windows Kernel in Microsoft Windows NT 4.0; 2000 SP4; XP SP2; Server 2003, 2003 SP1, and 2003 SP2; and Windows Vista before June 2006; uses insecure permissions (PAGE_READWRITE) for a physical memory view, which allows local users to gain privileges by modifying ...

oval:org.mitre.oval:def:1228
Stack-based buffer overflow in the RPC interface in the Domain Name System (DNS) Server Service in Microsoft Windows 2000 Server SP 4, Server 2003 SP 1, and Server 2003 SP 2 allows remote attackers to execute arbitrary code via a long zone name containing character constants represented by escape se ...

oval:org.mitre.oval:def:1481
Kodak Image Viewer in Microsoft Windows 2000 SP4, and in some cases XP SP2 and Server 2003 SP1 and SP2, allows remote attackers to execute arbitrary code via crafted image files that trigger memory corruption, as demonstrated by a certain .tif (TIFF) file.

oval:org.secpod.oval:def:23492
The host is installed with Microsoft Windows Server 2003 SP2, Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8, 8.1, Server 2012 or Server 2012 R2 and is prone to an elevation of privilege vulnerability. A flaw is present in the application, which improperly handles objects i ...

oval:org.secpod.oval:def:23110
The host is installed with Microsoft Windows Server 2003, Windows 7, 8, 8.1, Server 2008, 2008 R2, 2012 or 2012 R2 and is prone to an elevation of privilege vulnerability. A flaw is present in the application, which fails to validate user privileges to load registry hives. Successful exploitation co ...

oval:org.secpod.oval:def:23477
The host is installed with Microsoft Windows Server 2003, Server 2008, Server 2008 R2, Windows Vista, Windows 7, Server 2012, Server 2012 R2, Windows 8 or Windows 8.1 and is prone to a security feature bypass vulnerability. A flaw is present in the group policy application of security configuration ...

oval:org.secpod.oval:def:23099
The host is installed with Microsoft Windows Server 2003, Server 2008, Server 2008 R2, Windows Vista, Windows 7, Server 2012, Server 2012 R2, Windows 8 or Windows 8.1 and is prone to an elevation of privilege vulnerability. A flaw is present in the WebDAV Kernel-Mode Driver, which fails to properly ...

oval:org.secpod.oval:def:23109
The host is installed with Microsoft Windows Server 2003, Server 2008, Server 2008 R2, Server 2012 or Server 2012 R2 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to handle specially crafted username strings. Successful exploitation could allow ...

oval:org.secpod.oval:def:23103
The host is installed with Microsoft Windows Server 2003, Server 2008, Server 2008 R2, Windows Vista, Windows 7, Server 2012, Server 2012 R2, Windows 8 or Windows 8.1 and is prone to a remote code execution vulnerability. A flaw is present in the OLE automation array, which fails to handle specially ...

oval:org.secpod.oval:def:23500
The host is installed with Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle objects in memory. Successful exploitation could allow attackers to gain the same user rights as the current user.

oval:org.secpod.oval:def:23493
The host is installed with Microsoft Windows Server 2003 SP2, Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8, 8.1, Server 2012 or Server 2012 R2 and is prone to a security feature bypass vulnerability. A flaw is present in the application, which fails to properly validate a ...

oval:org.secpod.oval:def:23505
The host is installed with Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle objects in memory. Successful exploitation could allow attackers to gain the same user rights as the current user.

oval:org.secpod.oval:def:23504
The host is installed with Internet Explorer 6, 7, 8, 9 or 10 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle objects in memory. Successful exploitation could allow attackers to gain the same user rights as the current user.

oval:org.secpod.oval:def:23503
The host is installed with Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle objects in memory. Successful exploitation could allow attackers to gain the same user rights as the current user.

oval:org.secpod.oval:def:23508
The host is installed with Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle objects in memory. Successful exploitation could allow attackers to gain the same user rights as the current user.

oval:org.secpod.oval:def:23511
The host is installed with Internet Explorer 6 or 8 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle objects in memory. Successful exploitation could allow attackers to gain the same user rights as the current user.

oval:org.secpod.oval:def:23790
The host is installed with VBScript engine 5.6, 5.7 or 5.8 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle a crafted website. Successful exploitation could allow attackers to gain the same user rights as the current user.

oval:org.secpod.oval:def:23513
The host is installed with Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle objects in memory. Successful exploitation could allow attackers to gain the same user rights as the current user.

oval:org.secpod.oval:def:23512
The host is installed with Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle objects in memory. Successful exploitation could allow attackers to gain the same user rights as the current user.

oval:org.secpod.oval:def:23515
The host is installed with Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle objects in memory. Successful exploitation could allow attackers to gain the same user rights as the current user.

oval:org.secpod.oval:def:23520
The host is installed with Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle objects in memory. Successful exploitation could allow attackers to gain the same user rights as the current user.

oval:org.secpod.oval:def:23524
The host is installed with Internet Explorer 6, 7 or 8 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle objects in memory. Successful exploitation could allow attackers to gain the same user rights as the current user.

oval:org.secpod.oval:def:23534
The host is installed with Internet Explorer 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which does not properly validate permissions under specific conditions, potentially allowing script to be run with elevated privileges. Successful e ...

oval:org.secpod.oval:def:23530
The host is installed with Internet Explorer 6, 7 or 8 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle objects in memory. Successful exploitation could allow attackers to gain the same user rights as the current user.

oval:org.secpod.oval:def:23491
The host is missing an important security update according to Microsoft security bulletin MS15-010. The update is required to fix multiple vulnerabilities. The flaw is present in the Windows Kernel-Mode driver, which fails to handle crafted vectors. Successful exploitation could allow attackers to g ...

oval:org.secpod.oval:def:23495
The host is installed with Microsoft Windows Server 2003 SP2, Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8, 8.1, Server 2012 or Server 2012 R2 and is prone to a denial of service vulnerability. A flaw is present in the application, which improperly handles a malicious fil ...

oval:org.secpod.oval:def:23494
The host is installed with Microsoft Windows Server 2003 SP2, Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8, 8.1, Server 2012 or Server 2012 R2 and is prone to an elevation of privilege vulnerability. A flaw is present in the application, which improperly handles objects i ...

oval:org.secpod.oval:def:23481
The host is installed with Microsoft Windows Server 2003, Server 2008, Server 2008 R2, Server 2008 R2 IA64, Windows Vista, Windows 7, Server 2012, Server 2012 R2, Windows 8 or Windows 8.1 and is prone to an information disclosure vulnerability. A flaw is present in the Graphics Component, which fail ...

oval:org.secpod.oval:def:23532
The host is installed with Internet Explorer 6, 7, 8 or 9 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle objects in memory. Successful exploitation could allow attackers to gain the same user rights as the current user.

oval:org.secpod.oval:def:23741
The host is installed with Microsoft Windows Server 2003 SP2, Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8, Windows 8.1, Server 2012 or Server 2012 R2 and is prone to an information disclosure vulnerability. A flaw is present in the Windows kernel-mode driver, which fails ...

oval:org.secpod.oval:def:23539
The host is installed with Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to a cross-domain information disclosure vulnerability. A flaw is present in the application, which does not properly enforce cross-domain policies. Successful exploitation could allow an attacker to gain access to inform ...

oval:org.secpod.oval:def:23775
The host is installed with Microsoft Windows Server 2003 SP2, Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1 and is prone to an elevation of privilege vulnerability. The flaw is present in the application, when Windows fails to properly validate and enforce impersonation levels. An at ...

oval:org.secpod.oval:def:23754
The host is installed with Microsoft Windows Server 2003, 2008, 2008 R2, 2012, 2012 R2, Windows Vista, 7, 8 or 8.1 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to properly manage memory when parsing fonts. Successful exploitation could allow at ...

oval:org.secpod.oval:def:23773
The host is installed with Microsoft Windows Server 2003, 2008, 2008 R2, 2012, 2012 R2, Windows Vista, 7, 8, 8.1 and is prone to a WTS remote code execution vulnerability. A flaw is present in the application, which fails to properly handle objects in memory. Successful exploitation could allow atta ...

oval:org.secpod.oval:def:23763
The host is installed with Microsoft Windows Server 2003, Server 2008, Server 2008 R2, Server 2008 R2 IA64, Windows Vista, Windows 7, Server 2012, Server 2012 R2, Windows 8 or Windows 8.1 and is prone to an information disclosure vulnerability. A flaw is present which exists when Windows fails to pr ...

oval:org.secpod.oval:def:23759
The host is installed with Microsoft Windows Server 2003, 2008, 2008 R2, 2012, 2012 R2, Windows Vista, 7, 8 or 8.1 and is prone to a remote code execution vulnerability. A flaw is present in the application, which fails to properly handle a specially crafted file or website. Successful exploitation ...

oval:org.secpod.oval:def:23758
The host is installed with Microsoft Windows Server 2003, 2008, 2008 R2, 2012, 2012 R2, Windows Vista, 7, 8 or 8.1 and is prone to a remote code execution vulnerability. A flaw is present in the application, which fails to properly handle a specially crafted file or website. Successful exploitation ...

oval:org.secpod.oval:def:23757
The host is installed with Microsoft Windows Server 2003, 2008, 2008 R2, 2012, 2012 R2, Windows Vista, 7, 8 or 8.1 and is prone to a remote code execution vulnerability. A flaw is present in the application, which fails to properly handle a specially crafted file or website. Successful exploitation ...

oval:org.secpod.oval:def:23756
The host is installed with Microsoft Windows Server 2003, 2008, 2008 R2, 2012, 2012 R2, Windows Vista, 7, 8 or 8.1 and is prone to a remote code execution vulnerability. A flaw is present in the application, which fails to properly handle a specially crafted file or website. Successful exploitation ...

oval:org.secpod.oval:def:23755
The host is installed with Microsoft Windows Server 2003, 2008, 2008 R2, 2012, 2012 R2, Windows Vista, 7, 8 or 8.1 and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to properly read or display certain fonts. Successful exploitation could allow ...

oval:org.secpod.oval:def:23761
The host is installed with Microsoft Windows Server 2003, 2008, 2008 R2, 2012, 2012 R2, Windows Vista, 7, 8 or 8.1 and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to properly read or display certain fonts. Successful exploitation could allow ...

oval:org.secpod.oval:def:23760
The host is installed with Microsoft Windows Server 2003, 2008, 2008 R2, 2012, 2012 R2, Windows Vista, 7, 8 or 8.1 and is prone to a remote code execution vulnerability. A flaw is present in the application, which fails to properly handle a specially crafted file or website. Successful exploitation ...

oval:org.secpod.oval:def:23743
The host is installed with Microsoft Windows Server 2003 SP2, Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8, Windows 8.1, Server 2012 or Server 2012 R2 and is prone to an information disclosure vulnerability. A flaw is present in the Windows kernel-mode driver, which deref ...

oval:org.secpod.oval:def:23742
The host is installed with Microsoft Windows Server 2003 SP2, Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8, Windows 8.1, Server 2012 or Server 2012 R2 and is prone to an information disclosure vulnerability. A flaw is present in the Windows kernel-mode driver, which leaks ...

oval:org.secpod.oval:def:23774
The host is installed with Microsoft Windows Server 2003, 2008, 2008 R2, 2012, 2012 R2, Windows Vista, 7, 8, 8.1 and is prone to a DLL planting remote code execution vulnerability. A flaw is present in the application, which fails to properly handle loading of DLL files. Successful exploitation coul ...

oval:org.secpod.oval:def:23788
The host is installed with Internet Explorer 7, 8, 9, 10 or 11 and is prone to an elevation of privilege vulnerability. A flaw is present in the application, which does not properly enforce cross-domain policies. Successful exploitation could allow attackers to access information from one domain and ...

oval:org.secpod.oval:def:23779
The host is installed with Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle objects in memory. Successful exploitation could allow attackers to gain the same user rights as the current user.

oval:org.secpod.oval:def:23778
The host is installed with Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle objects in memory. Successful exploitation could allow attackers to gain the same user rights as the current user.

oval:org.secpod.oval:def:23765
The host is installed with Microsoft Windows Server 2003 SP2, Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8, 8.1, Server 2012 or Server 2012 R2 and is prone to a security feature bypass vulnerability. A flaw is present in the application, that is caused by an issue in the ...

oval:org.secpod.oval:def:24082
The host is installed with Microsoft XML Core Services 3.0 in Microsoft Windows Server 2003 SP2, Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1 and is prone to a same origin policy SFB vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful ...

oval:org.secpod.oval:def:24086
The host is installed with Microsoft Windows Server 2003 SP2, Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1 and is prone to a remote code execution vulnerability. A flaw is present in the application, which fails to process certain specially crafted Enhanced Metafile (EMF) image form ...

oval:org.secpod.oval:def:24109
The host is installed with Microsoft Server 2003, Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8, Server 2012, Windows 8.1 or Server 2012 R2 and is prone to MS-DOS device name vulnerability. A flaw is present in the application, which fails to properly validate and enforce ...

oval:org.secpod.oval:def:24110
The host is installed with .NET Framework 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4.0, 4.5 or 4.5.1 and is prone to an information disclosure vulnerability. A flaw is present in the application, which improperly handles certain requests on systems that have custom error messages disabled. Successful exploitat ...

oval:org.secpod.oval:def:24089
The host is installed with Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle objects in memory. Successful exploitation could allow attackers to gain the same user rights as the current user.

oval:org.secpod.oval:def:24098
The host is installed with Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to an ASLR bypass vulnerability. A flaw is present in the application, which does not use the Address Space Layout Randomization (ASLR) security feature. Successful exploitation could allow attackers to bypass the Address ...

oval:org.secpod.oval:def:24095
The host is installed with Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle objects in memory. Successful exploitation could allow attackers to gain the same user rights as the current user.

oval:org.secpod.oval:def:24279
The host is installed with Microsoft Windows Server 2003 SP2, Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8, Windows 8.1, Server 2012 or Server 2012 R2 and is prone to an information disclosure vulnerability. A flaw is present in the Windows kernel-mode driver, which leaks ...

oval:org.secpod.oval:def:24304
The host is installed with .NET Framework 2.0 SP2, 3.5, 3.5.1, 4.0, 4.5, 4.5.1 or 4.5.2 and is prone to a denial of service vulnerability. A flaw is present in the application, which improperly handle crafted XML data. Successful exploitation allows attackers to degrade the performance of a .NET-ena ...

oval:org.secpod.oval:def:24303
The host is installed with .NET Framework 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4.0, 4.5, 4.5.1 or 4.5.2 and is prone to an elevation of privilege vulnerability. A flaw is present in the Windows Forms, which improperly handle objects in memory. Successful exploitation allows attackers to take complete contr ...

oval:org.secpod.oval:def:24339
The host is installed with Microsoft .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2 and is prone to an opentype font parsing vulnerability. A flaw is present in the applications, which fail to handle a crafted OpenType font. Successful exploitation could allow attackers to execute arbi ...

oval:org.secpod.oval:def:24280
The host is installed with Microsoft Windows Server 2003 SP2, Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8, Windows 8.1, Server 2012 or Server 2012 R2 and is prone to an information disclosure vulnerability. A flaw is present in the Windows kernel-mode driver, which leaks ...

oval:org.secpod.oval:def:24281
The host is installed with Microsoft Windows Server 2003 SP2, Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8, Windows 8.1, Server 2012 or Server 2012 R2 and is prone to an information disclosure vulnerability. A flaw is present in the Windows kernel-mode driver, which leaks ...

oval:org.secpod.oval:def:24282
The host is installed with Microsoft Windows Server 2003 SP2, Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8, Windows 8.1, Server 2012 or Server 2012 R2 and is prone to an information disclosure vulnerability. A flaw is present in the Windows kernel-mode driver, which leaks ...

oval:org.secpod.oval:def:24283
The host is installed with Microsoft Windows Server 2003 SP2, Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8, Windows 8.1, Server 2012 or Server 2012 R2 and is prone to an information disclosure vulnerability. A flaw is present in the Windows kernel-mode driver, which leaks ...

oval:org.secpod.oval:def:24336
The host is installed with VBScript engine 5.6, 5.7 or 5.8 and is prone to a ASLR vulnerability. A flaw is present in the application, which fails to handle a crafted website. Successful exploitation could allow attackers to execute remote code on a target system.

oval:org.secpod.oval:def:24864
The host is installed with Internet Explorer 6, 7, 8, or 9 and is prone to a memory corruption vulnerability. A flaw is present in the application, which improperly accesses objects in memory. Successful exploitation could allow attackers to execute arbitrary code in the context of the current user.

oval:org.secpod.oval:def:24325
The host is installed with Internet Explorer 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which improperly accesses objects in memory. Successful exploitation could allow attackers to execute arbitrary code in the context of the current u ...

oval:org.secpod.oval:def:24337
The host is installed with JScript and Vbscript 5.6 or 5.7 or 5.8 scripting engines and is prone to ASLR bypass vulnerability. A flaw is present in the application, which fails to handle a crafted website. Successful exploitation could allow attackers to execute remote code on a target system.

oval:org.secpod.oval:def:24315
The host is installed with Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which improperly accesses objects in memory. Successful exploitation could allow attackers to execute arbitrary code in the context of the curren ...

oval:org.secpod.oval:def:24326
The host is installed with Internet Explorer 7, 8, 9, 10 or 11 and is prone to a information disclosure vulnerability. A flaw is present in the application, which does not properly restrict access to the clipboard of a user who visits a website. Successful exploitation could allow attackers to colle ...

oval:org.secpod.oval:def:24284
The host is installed with Microsoft Windows Server 2003 SP2, Vista SP2 or Server 2008 SP2 and is prone to an elevation of privilege vulnerability. A flaw is present in the Windows kernel-mode driver, which improperly handles objects in memory. Successful exploitation allows remote attackers to exec ...

oval:org.secpod.oval:def:24316
The host is installed with Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which improperly accesses objects in memory. Successful exploitation could allow attackers to execute arbitrary code in the context of the curren ...

oval:org.secpod.oval:def:24317
The host is installed with Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to an elevation of privilege vulnerability. A flaw is present in the application, which does not properly validate permissions under specific conditions. Successful exploitation could allow attackers to elevate privileges ...

oval:org.secpod.oval:def:24318
The host is installed with Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which improperly accesses objects in memory. Successful exploitation could allow attackers to execute arbitrary code in the context of the curren ...

oval:org.secpod.oval:def:24299
The host is installed with Microsoft Windows Server 2003, 2008, 2008 R2, 2012, 2012 R2, Windows 7, 8, 8.1 and is prone to an information disclosure vulnerability. A flaw is present in the application, which allows the use of a weak Diffie-Hellman ephemeral (DFE) key length of 512 bits in an encrypte ...

oval:org.secpod.oval:def:24854
The host is installed with Microsoft Windows Server 2003 SP2, Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8, Windows 8.1, Server 2012 or Server 2012 R2 and is prone to a Microsoft Windows Kernel brush object use after free vulnerability. A flaw is present in the applicatio ...

oval:org.secpod.oval:def:24855
The host is installed with Microsoft Windows Server 2003 SP2, Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8, Windows 8.1, Server 2012 or Server 2012 R2 and is prone to a Win32k Pool buffer overflow vulnerability. A flaw is present in the application, which fails to properl ...

oval:org.secpod.oval:def:24847
The host is installed with Microsoft Windows Server 2003 SP2, Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8, Windows 8.1, Server 2012 or Server 2012 R2 and is prone to an information disclosure vulnerability. A flaw is present in the Windows kernel-mode driver, which fails ...

oval:org.secpod.oval:def:24848
The host is installed with Microsoft Windows Server 2003 SP2, Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8, Windows 8.1, Server 2012 or Server 2012 R2 and is prone to an use after free vulnerability. A flaw is present in the Windows kernel-mode driver, which fails to prop ...

oval:org.secpod.oval:def:24849
The host is installed with Microsoft Windows Server 2003 SP2, Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8, Windows 8.1, Server 2012 or Server 2012 R2 and is prone to a Win32k null pointer dereference vulnerability. A flaw is present in the application, which fails to pro ...

oval:org.secpod.oval:def:24850
The host is installed with Microsoft Windows Server 2003 SP2, Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8, Windows 8.1, Server 2012 or Server 2012 R2 and is prone to a kernel bitmap handling use after free vulnerability. A flaw is present in the application, which fails ...

oval:org.secpod.oval:def:24851
The host is installed with Microsoft Windows Server 2003 SP2, Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8, Windows 8.1, Server 2012 or Server 2012 R2 and is prone to a Microsoft Windows station use after free vulnerability. A flaw is present in the application, which fai ...

oval:org.secpod.oval:def:24852
The host is installed with Microsoft Windows Server 2003 SP2, Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8, Windows 8.1, Server 2012 or Server 2012 R2 and is prone to a Microsoft Windows Kernel object use after free vulnerability. A flaw is present in the application, whi ...

oval:org.secpod.oval:def:24853
The host is installed with Microsoft Windows Server 2003 SP2, Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8, Windows 8.1, Server 2012 or Server 2012 R2 and is prone to a Win32k buffer overflow vulnerability. A flaw is present in the application, which fails to properly val ...

oval:org.secpod.oval:def:24859
The host is installed with Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which improperly accesses objects in memory. Successful exploitation could allow attackers to execute arbitrary code in the context of the curren ...

oval:org.secpod.oval:def:24879
The host is installed with Internet Explorer 7, 8, 9, 10 or 11 and is prone to a privilege escalation vulnerability. A flaw is present in the application, which improperly accesses objects in memory. Successful exploitation could allow attackers to execute arbitrary code in the context of the curren ...

oval:org.secpod.oval:def:24860
The host is installed with Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which improperly accesses objects in memory. Successful exploitation could allow attackers to execute arbitrary code in the context of the curren ...

oval:org.secpod.oval:def:24861
The host is installed with Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which improperly accesses objects in memory. Successful exploitation could allow attackers to execute arbitrary code in the context of the curren ...

oval:org.secpod.oval:def:24862
The host is installed with Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which improperly accesses objects in memory. Successful exploitation could allow attackers to execute arbitrary code in the context of the curren ...

oval:org.secpod.oval:def:24880
The host is installed with Internet Explorer 7, 8, 9, 10 or 11 and is prone to a privilege escalation vulnerability. A flaw is present in the application, which improperly accesses objects in memory. Successful exploitation could allow attackers to execute arbitrary code in the context of the curren ...

oval:org.secpod.oval:def:24857
The host is installed with Microsoft Windows Server 2003 SP2 and is prone to a Win32k memory corruption elevation of privilege vulnerability. A flaw is present in the application, which fails to properly validate user input. Successful exploitation allows remote attackers to gain elevated privileges ...

oval:org.secpod.oval:def:24863
The host is installed with Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which improperly accesses objects in memory. Successful exploitation could allow attackers to execute arbitrary code in the context of the curren ...

oval:org.secpod.oval:def:24856
The host is installed with Microsoft Windows Server 2003 SP2, Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8, Windows 8.1, Server 2012 or Server 2012 R2 and is prone to a Win32k elevation of privilege vulnerability. A flaw is present in the application, which fails to prope ...

oval:org.secpod.oval:def:25349
The host is installed with Microsoft Windows Server 2003 SP2, Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8, Windows 8.1, Server 2012 or Server 2012 R2 and is prone to an elevation of privilege vulnerability. A flaw is present in the Windows kernel-mode driver, which fails ...

oval:org.secpod.oval:def:25354
The host is installed with Microsoft Windows Server 2003 SP2, Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8 or Server 2012 and is prone to an elevation of privilege vulnerability. A flaw is present in the Windows kernel-mode driver, which fails to properly handle objects i ...

oval:org.secpod.oval:def:25344
The host is installed with Microsoft Windows Server 2003 SP2, Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8, 8.1, Server 2012, 2012 R2 and is prone to an elevation of privilege vulnerability. A flaw is present in the application, which fails to process certain specially cr ...

oval:org.secpod.oval:def:25350
The host is installed with Microsoft Windows Server 2003 SP2, Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8, Windows 8.1, Server 2012 or Server 2012 R2 and is prone to an information disclosure vulnerability. A flaw is present in the Windows kernel-mode driver, which fails ...

oval:org.secpod.oval:def:25338
The host is installed with Microsoft Windows 2003 SP2, Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8, 8.1, Server 2012 or Server 2012 R2 and is prone to a RPC elevation of privilege vulnerability. A flaw is present in the application, which inadvertently allows DCE/RPC con ...

oval:org.secpod.oval:def:25342
The host is installed with Microsoft Server 2003, Server 2008, Server 2008 R2, Windows Vista, Windows 7, Server 2012, Server 2012 R2, Windows 8 or Windows 8.1 and is prone to an elevation of privilege vulnerability. A flaw is present in the application, which improperly handles custom action scripts ...

oval:org.secpod.oval:def:25402
The host is installed with Vbscript 5.6 or 5.7 or 5.8 scripting engines and is prone to memory corruption vulnerability. A flaw is present in the application, which fails to handle objects in memory. Successful exploitation could allow attackers to execute remote code on a target system.

oval:org.secpod.oval:def:25336
The host is installed with Microsoft Windows Server 2003, 2003 SP2, 2008, 2008 SP2, 2008 R2, 2008 R2 SP1, 2012 or 2012 R2 and is prone to an elevation of privilege vulnerability. A flaw is present in the application, which fails to properly establish a secure communications channel to a primary doma ...

oval:org.secpod.oval:def:25374
The host is installed with Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which improperly accesses objects in memory. Successful exploitation could allow attackers to execute arbitrary code in the context of the curren ...

oval:org.secpod.oval:def:25375
The host is installed with Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which improperly accesses objects in memory. Successful exploitation could allow attackers to execute arbitrary code in the context of the curren ...

oval:org.secpod.oval:def:25341
The host is missing an important security update according to Microsoft security bulletin, MS15-077. The update is required to fix a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle objects in memory. An attacker who successfully exploited this vu ...

oval:org.secpod.oval:def:25340
The host is installed with Microsoft Windows Server 2003, 2008, 2008 R2, 2012, 2012 R2, Windows Vista, 7, 8 or 8.1 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle objects in memory. An attacker who successfully exploited this vu ...

oval:org.secpod.oval:def:25376
The host is installed with Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which improperly accesses objects in memory. Successful exploitation could allow attackers to execute arbitrary code in the context of the curren ...

oval:org.secpod.oval:def:25377
The host is installed with Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which improperly accesses objects in memory. Successful exploitation could allow attackers to execute arbitrary code in the context of the curren ...

oval:org.secpod.oval:def:25378
The host is installed with Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which improperly accesses objects in memory. Successful exploitation could allow attackers to execute arbitrary code in the context of the curren ...

oval:org.secpod.oval:def:25401
The host is installed with Internet Explorer 7, 8, 9, 10 or 11 and is prone to an elevation of privilege Vulnerability. A flaw is present in the application, which does not properly validate permissions under specific conditions. An attacker who successfully exploited the vulnerability could elevate ...

oval:org.secpod.oval:def:25379
The host is installed with Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which improperly accesses objects in memory. Successful exploitation could allow attackers to execute arbitrary code in the context of the curren ...

oval:org.secpod.oval:def:25346
The host is installed with Microsoft Server 2003, Server 2008, Server 2008 R2, Windows Vista, Windows 7, Server 2012, Server 2012 R2, Windows 8 or Windows 8.1 and is prone to an OLE elevation of privilege vulnerability. A flaw is present in the application, which fails to properly validate user inpu ...

oval:org.secpod.oval:def:25347
The host is installed with Microsoft Server 2003, Server 2008, Server 2008 R2, Windows Vista, Windows 7, Server 2012, Server 2012 R2, Windows 8 or Windows 8.1 and is prone to an OLE elevation of privilege vulnerability. A flaw is present in the application, which fails to properly validate user inpu ...

oval:org.secpod.oval:def:25380
The host is installed with Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to an information disclosure vulnerability. A flaw is present in the application, which does not properly handle requests for module resources. Successful exploitation could allow attackers to detect the existence of spec ...

oval:org.secpod.oval:def:25381
The host is installed with Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to an ASLR bypass vulnerability. A flaw is present in the application, which fails to handle the memory offsets of specific instructions in a given call stack. An attacker who successfully exploited this vulnerability cou ...

oval:org.secpod.oval:def:25382
The host is installed with Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which improperly accesses objects in memory. Successful exploitation could allow attackers to execute arbitrary code in the context of the curren ...

oval:org.mitre.oval:def:128
The operating system installed on the system is Microsoft Windows Server 2003.

oval:org.secpod.oval:def:10157
Use of the built-in Administrator account should be enabled or disabled as appropriate.

oval:org.secpod.oval:def:10165
The account description for the built-in Administrator account should be set as appropriate.

oval:org.secpod.oval:def:8369
Use of the built-in Guest account should be enabled or disabled as appropriate.

oval:org.secpod.oval:def:8364
The built-in Administrator account should be correctly named.

oval:org.secpod.oval:def:8465
The built-in Guest account should be correctly named.

oval:org.secpod.oval:def:8428
The "log on locally" user right should be assigned to the correct accounts.

oval:org.secpod.oval:def:8423
The "increase scheduling priority" user right should be assigned to the correct accounts.

oval:org.secpod.oval:def:8411
The "act as part of the operating system" user right should be assigned to the correct accounts.

oval:org.secpod.oval:def:8480
The "Create global objects" user right should be assigned to the correct accounts.

oval:org.secpod.oval:def:8379
The "adjust memory quotas for a process" user right should be assigned to the correct accounts.

oval:org.secpod.oval:def:8371
The "lock pages in memory" user right should be assigned to the correct accounts.

oval:org.secpod.oval:def:8421
The "deny logon locally" user right should be assigned to the correct accounts.

oval:org.secpod.oval:def:8422
The "create a pagefile" user right should be assigned to the correct accounts.

oval:org.secpod.oval:def:8405
The "replace a process-level token" user right should be assigned to the correct accounts.

oval:org.secpod.oval:def:8407
The "restore files and directories" user right should be assigned to the correct accounts.

oval:org.secpod.oval:def:8408
The "enable computer and user accounts to be trusted for delegation" user right should be assigned to the correct accounts.

oval:org.secpod.oval:def:8414
The "Create a token object" user right should be assigned to the correct accounts. The "Create a token object" user right should be assigned to the correct accounts.

oval:org.secpod.oval:def:8415
The "allow logon through Terminal Services" user right should be assigned to the correct accounts.

oval:org.secpod.oval:def:8412
The "generate security audits" user right should be assigned to the correct accounts.

oval:org.secpod.oval:def:10033
The 'deny logon as a batch job' user right should be assigned to the correct accounts.

oval:org.secpod.oval:def:10079
The "deny logon through Terminal Services" user right should be assigned to the correct accounts.

oval:org.secpod.oval:def:8483
The "Impersonate a client after authentication" user right should be assigned to the correct accounts.

oval:org.secpod.oval:def:10064
The 'perform volume maintenance tasks' user right should be assigned to the correct accounts.

oval:org.secpod.oval:def:8389
The "access this computer from the network" user right should be assigned to the correct accounts.

oval:org.secpod.oval:def:8385
The "create permanent shared objects" user right should be assigned to the correct accounts.

oval:org.secpod.oval:def:8395
The "synchronize directory service data" user right should be assigned to the correct accounts.

oval:org.secpod.oval:def:8391
The "shut down the system" user right should be assigned to the correct accounts.

oval:org.secpod.oval:def:8392
The "add workstations to domain" user right should be assigned to the correct accounts.

oval:org.secpod.oval:def:8394
The "force shutdown from a remote system" user right should be assigned to the correct accounts.

oval:org.secpod.oval:def:8363
The "take ownership of files or other objects" user right should be assigned to the correct accounts.

oval:org.secpod.oval:def:8365
The "profile single process" user right should be assigned to the correct accounts.

oval:org.secpod.oval:def:8377
The "deny access to this computer from the network" user right should be assigned to the correct accounts.

oval:org.secpod.oval:def:8375
The "profile system performance" user right should be assigned to the correct accounts.

oval:org.secpod.oval:def:8424
The "deny logon as a service" user right should be assigned to the correct accounts.

oval:org.secpod.oval:def:10062
The 'load and unload device drivers' user right should be assigned to the correct accounts.

oval:org.secpod.oval:def:8381
The "log on as a batch job" user right should be assigned to the correct accounts.

oval:org.secpod.oval:def:8382
The "modify firmware environment values" user right should be assigned to the correct accounts. The "modify firmware environment values" user right should be assigned to the correct accounts.

oval:org.secpod.oval:def:8390
The "log on as a service" user right should be assigned to the correct accounts.

oval:org.secpod.oval:def:8397
The "bypass traverse checking" user right should be assigned to the correct accounts.

oval:org.secpod.oval:def:8366
The "back up files and directories" user right should be assigned to the correct accounts.

oval:org.secpod.oval:def:8355
The "debug programs" user right should be assigned to the correct accounts.

oval:org.secpod.oval:def:8358
The "remove computer from docking station" user right should be assigned to the correct accounts.

oval:org.secpod.oval:def:10112
The 'manage auditing and security log' user right should be assigned to the correct accounts.

oval:org.secpod.oval:def:8420
The "maximum password age" policy should meet minimum requirements.

oval:org.mitre.oval:def:8509
Apple Safari on Mac OS X, and before 3.1.2 on Windows, does not prompt the user before downloading an object that has an unrecognized content type, which allows remote attackers to place malware into the (1) Desktop directory on Windows or (2) Downloads directory on Mac OS X, and subsequently allows ...

oval:org.secpod.oval:def:5636
The host is installed with Microsoft Windows and is prone privilege escalation vulnerability. A flaw is present in the application, which fails to handle the Windows kernel-mode driver. Successful exploitation could allow remote attackers to install programs, view, change, or delete data or create n ...

oval:org.secpod.oval:def:6992
The host is installed with Microsoft Internet Explorer 6 through 9 and is prone to an use-after-free vulnerability. A flaw is present in the application, which fails to handle a crafted web site. Successful exploitation could allow attackers to execute arbitrary code.

oval:org.secpod.oval:def:7894
The "account lockout duration" policy should meet minimum requirements.

oval:org.secpod.oval:def:8356
The "account lockout duration" policy should meet minimum requirements.

oval:org.mitre.oval:def:6716
The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold and SP1, and Visual C++ 2005 SP1 and 2008 Gold and SP1; and Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2; does not properly re ...

oval:org.mitre.oval:def:7581
The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold, and Visual C++ 2005 SP1 and 2008 Gold and SP1; and Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2; does not prevent VariantClea ...

oval:org.mitre.oval:def:6491
GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Windows Server 2003 SP2, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Off ...

oval:org.mitre.oval:def:6282
Multiple integer overflows in unspecified APIs in GDI+ in Microsoft .NET Framework 1.1 SP1, .NET Framework 2.0 SP1 and SP2, Windows XP SP2 and SP3, Windows Server 2003 SP2, Vista Gold and SP1, Server 2008 Gold, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project ...

oval:org.secpod.oval:def:8362
The "LDAP client signing requirements" policy should be set correctly.

oval:org.secpod.oval:def:8437
The "Minimum session security for NTLM SSP based clients" policy should be set correctly.

oval:org.mitre.oval:def:5314
The DNS client in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, and Vista uses predictable DNS transaction IDs, which allows remote attackers to spoof DNS responses.

oval:org.secpod.oval:def:5628
The host is installed with Microsoft Office, Windows, and Silverlight and is prone TrueType Font parsing vulnerability. A flaw is present in the applications, which fails to handle a specially crafted TrueType font file. Successful exploitation could allow remote attackers to install programs, view, ...

oval:org.secpod.oval:def:5634
The host is installed with Microsoft Windows and is prone privilege escalation vulnerability. A flaw is present in the application, which fails to handle the Windows kernel-mode driver. Successful exploitation could allow remote attackers to install programs, view, change, or delete data or create n ...

CVE    6
CVE-2009-0320
CVE-2008-5044
CVE-2009-2653
CVE-2017-8461
...
CCE    297
CCE-2900-9
CCE-3633-5
CCE-3702-8
CCE-3790-3
...
*CPE
cpe:/o:microsoft:windows_server_2003
XCCDF    5
xccdf_org.secpod_benchmark_cip_std_ver3_Windows_2003
xccdf_org.secpod_benchmark_general_Windows_2003
xccdf_nist_benchmark_Windows_server_2003
xccdf_org.secpod_benchmark_Windows_2003
...

© 2013 SecPod Technologies