Download
| Alert*
oval:org.secpod.oval:def:24849
The host is installed with Microsoft Windows Server 2003 SP2, Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8, Windows 8.1, Server 2012 or Server 2012 R2 and is prone to a Win32k null pointer dereference vulnerability. A flaw is present in the application, which fails to pro ... oval:org.secpod.oval:def:21558 The host is installed with Microsoft Windows Vista, Server 2008, Windows 7, Server 2008 R2, Windows 8, Windows 8.1, Server 2012 or Server 2012 R2 and is prone to a security bypass vulnerability. A flaw is present in the application, which fails to properly handle failed logon attempts. Successful ex ... oval:org.secpod.oval:def:21559 The host is missing an important update according to Microsoft Security bulletin, MS14-074. The update is required to fix a security bypass vulnerability. A flaw is present in the application, which fails to properly handle failed logon attempts. Successful exploitation could allow an attacker to by ... oval:org.secpod.oval:def:10945 The host is missing an important security update according to Microsoft bulletin, MS13-040. The update is required to fix spoofing vulnerability. A flaw is present in the application, which fails to properly handle a specially crafted XML file. Successful exploitation allows attackers to gain access ... oval:org.secpod.oval:def:10946 The host is installed with .NET Framework 2.0, 3.5, 3.5.1, 4.0 or 4.5 and is prone to spoofing vulnerability. A flaw is present in the application, which fails to check signatures in XML file. Successful exploitation allows attackers to make undetected changes to signed XML documents via unspecified ... oval:org.secpod.oval:def:23103 The host is installed with Microsoft Windows Server 2003, Server 2008, Server 2008 R2, Windows Vista, Windows 7, Server 2012, Server 2012 R2, Windows 8 or Windows 8.1 and is prone to a remote code execution vulnerability. A flaw is present in the OLE automation array, which fails to handle specially ... oval:org.secpod.oval:def:23102 The host is missing an critical security update according to Microsoft security bulletin, MS15-002. The update is required to fix a remote code execution vulnerability. A flaw is present in the application, which fails to handle specially crafted packets. Successful exploitation could allow attacker ... oval:org.secpod.oval:def:24855 The host is installed with Microsoft Windows Server 2003 SP2, Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8, Windows 8.1, Server 2012 or Server 2012 R2 and is prone to a Win32k Pool buffer overflow vulnerability. A flaw is present in the application, which fails to properl ... oval:org.secpod.oval:def:24856 The host is installed with Microsoft Windows Server 2003 SP2, Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8, Windows 8.1, Server 2012 or Server 2012 R2 and is prone to a Win32k elevation of privilege vulnerability. A flaw is present in the application, which fails to prope ... oval:org.secpod.oval:def:24858 The host is missing an important security update according to Microsoft security bulletin, MS15-061. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to properly validate user input. Successful exploitation allows remote attackers to gain ... oval:org.secpod.oval:def:24853 The host is installed with Microsoft Windows Server 2003 SP2, Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8, Windows 8.1, Server 2012 or Server 2012 R2 and is prone to a Win32k buffer overflow vulnerability. A flaw is present in the application, which fails to properly val ... oval:org.secpod.oval:def:25800 The host is installed with Microsoft Windows Vista SP2 or Windows Server 2008 SP2 and is prone to a memory corruption vulnerability. A flaw is present in the application, which improperly handles certain logging activities. Successful exploitation could allow attackers to take complete control of an ... oval:org.secpod.oval:def:25801 The host is missing an important security update according to Microsoft security bulletin, MS15-083. The update is required to fix a memory corruption vulnerability. A flaw is present in the application, which improperly handles certain logging activities. Successful exploitation could allow attacke ... oval:org.secpod.oval:def:23759 The host is installed with Microsoft Windows Server 2003, 2008, 2008 R2, 2012, 2012 R2, Windows Vista, 7, 8 or 8.1 and is prone to a remote code execution vulnerability. A flaw is present in the application, which fails to properly handle a specially crafted file or website. Successful exploitation ... oval:org.secpod.oval:def:23758 The host is installed with Microsoft Windows Server 2003, 2008, 2008 R2, 2012, 2012 R2, Windows Vista, 7, 8 or 8.1 and is prone to a remote code execution vulnerability. A flaw is present in the application, which fails to properly handle a specially crafted file or website. Successful exploitation ... oval:org.secpod.oval:def:23757 The host is installed with Microsoft Windows Server 2003, 2008, 2008 R2, 2012, 2012 R2, Windows Vista, 7, 8 or 8.1 and is prone to a remote code execution vulnerability. A flaw is present in the application, which fails to properly handle a specially crafted file or website. Successful exploitation ... oval:org.secpod.oval:def:23756 The host is installed with Microsoft Windows Server 2003, 2008, 2008 R2, 2012, 2012 R2, Windows Vista, 7, 8 or 8.1 and is prone to a remote code execution vulnerability. A flaw is present in the application, which fails to properly handle a specially crafted file or website. Successful exploitation ... oval:org.secpod.oval:def:23755 The host is installed with Microsoft Windows Server 2003, 2008, 2008 R2, 2012, 2012 R2, Windows Vista, 7, 8 or 8.1 and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to properly read or display certain fonts. Successful exploitation could allow ... oval:org.secpod.oval:def:23754 The host is installed with Microsoft Windows Server 2003, 2008, 2008 R2, 2012, 2012 R2, Windows Vista, 7, 8 or 8.1 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to properly manage memory when parsing fonts. Successful exploitation could allow at ... oval:org.secpod.oval:def:23762 The host is missing a critical security update according to Microsoft security bulletin, MS15-021. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted fonts. Successful exploitation could allow attackers to execute arbitrary ... oval:org.secpod.oval:def:20770 The host is installed with Microsoft Server 2008, Server 2008 R2, Windows Vista, Windows 7, Server 2012, Server 2012 R2, Windows 8 or Windows 8.1 and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to handle a crafted application. An attacker wh ... oval:org.secpod.oval:def:24301 The host is installed with Microsoft Windows Vista, Server 2008, Windows 7, 2008 R2, Windows 8, 8.1, Server 2012 or Server 2012 R2 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to handle a specially crafted .msc file. Successful exploitation cou ... oval:org.secpod.oval:def:24302 The host is missing an important security update according to Microsoft Security bulletin, MS15-054. The update is required to fix a denial of service vulnerability. A flaw is present in the application, which fails to handle a specially crafted .msc file. Successful exploitation could allow attacke ... oval:org.secpod.oval:def:18533 The host is installed with .NET Framework 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4.0, 4.5 or 4.5.1 and is prone to privilege escalation vulnerability. A flaw is present in the application, which fails to handles TypeFilterLevel checks for some malformed objects. Successful exploitation allows attacker to exe ... oval:org.secpod.oval:def:18532 The host is missing an important security update according to Microsoft bulletin, MS14-026. The update is required to fix multiple vulnerabilities. The flaw is present in the .NET Remoting implementation, which fails to handle a crafted website. Successful exploitation allows attacker to execute arb ... oval:org.secpod.oval:def:6709 The host is installed with Internet Explorer 6 through 9 and is prone to an asynchronous null object access remote code execution vulnerability. A flaw is present in the application, which fails to handle deleted objects in memory. Successful exploitation could allow attackers to execute arbitrary c ... oval:org.secpod.oval:def:6712 The host is missing a critical security update, according to Microsoft security bulletin MS12-052. The update is required to fix multiple vulnerabilities. A flaw is present in the application, which fails to handle deleted objects in memory. Successful exploitation could allow attackers to execute a ... oval:org.secpod.oval:def:6711 The host is installed with Internet Explorer 6 through 9 and is prone to a virtual function table corruption vulnerability. A flaw is present in the application, which fails to handle deleted objects in memory. Successful exploitation could allow attackers to execute arbitrary code. oval:org.secpod.oval:def:6710 The host is installed with Internet Explorer 6 and 7 and is prone to a layout memory corruption vulnerability. A flaw is present in the application, which fails to handle deleted objects in memory. Successful exploitation could allow attackers to execute arbitrary code. oval:org.secpod.oval:def:21363 The host is missing an important security update according to Microsoft security bulletin, MS14-058. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to properly handle objects in memory and TrueType fonts. Successful exploitation could al ... oval:org.secpod.oval:def:21362 The host is installed with Microsoft Windows Server 2003, Server 2008, Server 2008 R2, Windows Vista, Windows 7, Server 2012, Server 2012 R2, Windows 8 or Windows 8.1 and is prone to a remote code execution vulnerability. A flaw is present in the application, which fails to properly handle TrueType ... oval:org.secpod.oval:def:24087 The host is missing a critical security update according to Microsoft security bulletin, MS15-035. The update is required to fix a remote code execution vulnerability. A flaw is present in the application, which fails to process certain specially crafted Enhanced Metafile (EMF) image format files. S ... oval:org.secpod.oval:def:24086 The host is installed with Microsoft Windows Server 2003 SP2, Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1 and is prone to a remote code execution vulnerability. A flaw is present in the application, which fails to process certain specially crafted Enhanced Metafile (EMF) image form ... oval:org.secpod.oval:def:3433 The host is installed with Microsoft Time component and is prone to remote code execution vulnerability. A flaw is present in the application which is caused by a specially crafted Web page. Successful exploitation allows remote attacker gain user rights as the logged-on user. oval:org.secpod.oval:def:3434 The host is missing a critical security update according to Microsoft security bulletin, MS11-090. The update is required to fix remote code execution vulnerability. A flaw is present in Internet Explorer, which fails to handle a specially crafted web page. Successful exploitation could allow an at ... oval:org.secpod.oval:def:21554 The host is installed with Microsoft Windows Server 2003 SP2, Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8, 8.1, Server 2012 or Server 2012 R2 and is prone to a remote code execution vulnerability. A flaw is present in the application, which fails to properly handle proce ... oval:org.secpod.oval:def:21555 The host is missing a critical security update according to Microsoft bulletin, MS14-066. The update is required to fix a remote code execution vulnerability. A flaw is present in the application, which fails to properly handle processing of specially crafted packets. Successful exploitation allows ... oval:org.secpod.oval:def:21549 The host is installed with Microsoft Windows Server 2008, Server 2008 R2, Windows Vista, Windows 7, Server 2012, Server 2012 R2, Windows 8 or Windows 8.1 and is prone to a remote code execution vulnerability. A flaw is present in the application, which fails to handle crafted OLE objects. Successful ... oval:org.secpod.oval:def:21547 The host is missing an critical security update according to Microsoft security bulletin, MS14-064. The update is required to fix a remote code execution vulnerability. A flaw is present in the application, which fails to handle crafted OLE objects. Successful exploitation could allow attackers to r ... oval:org.secpod.oval:def:21548 The host is installed with Microsoft Windows Server 2003, Server 2008, Server 2008 R2, Windows Vista, Windows 7, Server 2012, Server 2012 R2, Windows 8 or Windows 8.1 and is prone to a remote code execution vulnerability. A flaw is present in the OLE automation array, which fails to handle crafted O ... oval:org.secpod.oval:def:21543 The host is installed with Microsoft XML Core Services 3.0 on Microsoft Windows Server 2003 SP2, Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8, 8.1, Server 2012 or Server 2012 R2 and is prone to a remote code execution vulnerability. A flaw is present in the application, w ... oval:org.secpod.oval:def:21544 The host is missing a critical security update according to Microsoft bulletin, MS14-067. The update is required to fix a remote code execution vulnerability. A flaw is present in the application, which improperly parses XML content. Successful exploitation allows attackers to run arbitrary code and ... oval:org.secpod.oval:def:23760 The host is installed with Microsoft Windows Server 2003, 2008, 2008 R2, 2012, 2012 R2, Windows Vista, 7, 8 or 8.1 and is prone to a remote code execution vulnerability. A flaw is present in the application, which fails to properly handle a specially crafted file or website. Successful exploitation ... oval:org.secpod.oval:def:23478 The host is missing an important security update according to Microsoft security bulletin, MS15-014. The update is required to fix a security feature bypass vulnerability. A flaw is present in the group policy application of security configuration policies that could cause group policy settings on a ... oval:org.secpod.oval:def:23477 The host is installed with Microsoft Windows Server 2003, Server 2008, Server 2008 R2, Windows Vista, Windows 7, Server 2012, Server 2012 R2, Windows 8 or Windows 8.1 and is prone to a security feature bypass vulnerability. A flaw is present in the group policy application of security configuration ... oval:org.secpod.oval:def:25336 The host is installed with Microsoft Windows Server 2003, 2003 SP2, 2008, 2008 SP2, 2008 R2, 2008 R2 SP1, 2012 or 2012 R2 and is prone to an elevation of privilege vulnerability. A flaw is present in the application, which fails to properly establish a secure communications channel to a primary doma ... oval:org.secpod.oval:def:25337 The host is missing an important security update according to Microsoft security bulletin, MS15-071. The update is required to fix an elevation of privilege vulnerability. A flaw is present in the application, which fails to properly establish a secure communications channel to a primary domain cont ... oval:org.secpod.oval:def:24847 The host is installed with Microsoft Windows Server 2003 SP2, Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8, Windows 8.1, Server 2012 or Server 2012 R2 and is prone to an information disclosure vulnerability. A flaw is present in the Windows kernel-mode driver, which fails ... oval:org.secpod.oval:def:25349 The host is installed with Microsoft Windows Server 2003 SP2, Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8, Windows 8.1, Server 2012 or Server 2012 R2 and is prone to an elevation of privilege vulnerability. A flaw is present in the Windows kernel-mode driver, which fails ... oval:org.secpod.oval:def:25354 The host is installed with Microsoft Windows Server 2003 SP2, Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8 or Server 2012 and is prone to an elevation of privilege vulnerability. A flaw is present in the Windows kernel-mode driver, which fails to properly handle objects i ... oval:org.secpod.oval:def:25355 The host is missing an important security update according to Microsoft security bulletin, MS15-073. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted content. Successful exploitation allows remote attackers to install pro ... oval:org.secpod.oval:def:25350 The host is installed with Microsoft Windows Server 2003 SP2, Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8, Windows 8.1, Server 2012 or Server 2012 R2 and is prone to an information disclosure vulnerability. A flaw is present in the Windows kernel-mode driver, which fails ... oval:org.secpod.oval:def:25806 The host is installed with Microsoft XML Core Services 3.0 or Microsoft XML Core Services 6.0 on Microsoft Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8, 8.1, Server 2012 or Server 2012 R2 or Microsoft XML Core Services 5.0 on Microsoft Office 2007 SP2, SP3 or Micr ... oval:org.secpod.oval:def:23745 The host is missing an important security update according to Microsoft security bulletin MS15-023. The update is required to fix multiple vulnerabilities. The flaws are present in the Windows Kernel-Mode driver, which fails to handle crafted vectors. Successful exploitation could allow attackers to ... oval:org.secpod.oval:def:23743 The host is installed with Microsoft Windows Server 2003 SP2, Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8, Windows 8.1, Server 2012 or Server 2012 R2 and is prone to an information disclosure vulnerability. A flaw is present in the Windows kernel-mode driver, which deref ... oval:org.secpod.oval:def:23753 The host is missing an important security update according to Microsoft security bulletin MS15-029. The update is required to fix an information disclosure vulnerability. A flaw is present in the application, which fails to properly handle uninitialized memory when parsing certain, specially crafted ... oval:org.secpod.oval:def:23752 The host is installed with Microsoft Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8, Windows 8.1, Server 2012 or Server 2012 R2 and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to properly handle uninitialize ... oval:org.secpod.oval:def:23742 The host is installed with Microsoft Windows Server 2003 SP2, Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8, Windows 8.1, Server 2012 or Server 2012 R2 and is prone to an information disclosure vulnerability. A flaw is present in the Windows kernel-mode driver, which leaks ... oval:org.secpod.oval:def:23741 The host is installed with Microsoft Windows Server 2003 SP2, Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8, Windows 8.1, Server 2012 or Server 2012 R2 and is prone to an information disclosure vulnerability. A flaw is present in the Windows kernel-mode driver, which fails ... oval:org.secpod.oval:def:23761 The host is installed with Microsoft Windows Server 2003, 2008, 2008 R2, 2012, 2012 R2, Windows Vista, 7, 8 or 8.1 and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to properly read or display certain fonts. Successful exploitation could allow ... oval:org.secpod.oval:def:24285 The host is missing an important security update according to Microsoft bulletin, MS15-051. The update is required to fix multiple vulnerabilities. The flaws are present in the Windows kernel-mode driver, which leaks private address information during a function call or improperly handles objects in ... oval:org.secpod.oval:def:24280 The host is installed with Microsoft Windows Server 2003 SP2, Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8, Windows 8.1, Server 2012 or Server 2012 R2 and is prone to an information disclosure vulnerability. A flaw is present in the Windows kernel-mode driver, which leaks ... oval:org.secpod.oval:def:24281 The host is installed with Microsoft Windows Server 2003 SP2, Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8, Windows 8.1, Server 2012 or Server 2012 R2 and is prone to an information disclosure vulnerability. A flaw is present in the Windows kernel-mode driver, which leaks ... oval:org.secpod.oval:def:24282 The host is installed with Microsoft Windows Server 2003 SP2, Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8, Windows 8.1, Server 2012 or Server 2012 R2 and is prone to an information disclosure vulnerability. A flaw is present in the Windows kernel-mode driver, which leaks ... oval:org.secpod.oval:def:24283 The host is installed with Microsoft Windows Server 2003 SP2, Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8, Windows 8.1, Server 2012 or Server 2012 R2 and is prone to an information disclosure vulnerability. A flaw is present in the Windows kernel-mode driver, which leaks ... oval:org.secpod.oval:def:24284 The host is installed with Microsoft Windows Server 2003 SP2, Vista SP2 or Server 2008 SP2 and is prone to an elevation of privilege vulnerability. A flaw is present in the Windows kernel-mode driver, which improperly handles objects in memory. Successful exploitation allows remote attackers to exec ... oval:org.secpod.oval:def:24279 The host is installed with Microsoft Windows Server 2003 SP2, Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8, Windows 8.1, Server 2012 or Server 2012 R2 and is prone to an information disclosure vulnerability. A flaw is present in the Windows kernel-mode driver, which leaks ... oval:org.secpod.oval:def:24299 The host is installed with Microsoft Windows Server 2003, 2008, 2008 R2, 2012, 2012 R2, Windows 7, 8, 8.1 and is prone to an information disclosure vulnerability. A flaw is present in the application, which allows the use of a weak Diffie-Hellman ephemeral (DFE) key length of 512 bits in an encrypte ... oval:org.secpod.oval:def:24300 The host is missing an important security update according to Microsoft security bulletin, MS15-055. The update is required to fix an information disclosure vulnerability. A flaw is present in the application, which allows the use of a weak Diffie-Hellman ephemeral (DFE) key length of 512 bits in an ... oval:org.secpod.oval:def:21367 The host is installed with Microsoft Windows Server 2003, Vista or Server 2008 and is prone to an elevation of privilege vulnerability. A flaw is present in the application, which is caused when the FASTFAT driver executes a function that results in a buffer under-allocation issue. Successful exploi ... oval:org.secpod.oval:def:21373 The host is installed with .Net framework 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1 or 4.5.2 and is prone to a remote code execution vulnerability. A flaw is present in the application, which fails to properly parse specially crafted internationalized resource identifiers resulting in memory corruption. Su ... oval:org.secpod.oval:def:21366 The host is missing a critical security update according to Microsoft security bulletin, MS14-063. The update is required to fix an elevation of privilege vulnerability. A flaw is present in the application, which is caused when the FASTFAT driver executes a function that results in a buffer under-a ... oval:org.secpod.oval:def:10741 The host is installed with Microsoft Internet Explorer 6 through 10 and is prone to an use-after-free vulnerability. A flaw is present in the application, which fails to handle a crafted web site that triggers access to a deleted object. Successful exploitation could allow attackers to execute arbit ... oval:org.secpod.oval:def:10742 The host is installed with Microsoft Internet Explorer 6 through 10 and is prone to an use-after-free vulnerability. A flaw is present in the application, which fails to handle a crafted web site that triggers access to a deleted object. Successful exploitation could allow attackers to execute arbit ... oval:org.secpod.oval:def:10743 The host is missing a critical security update according to Microsoft Security bulletin MS13-028. The update is required to fix multiple use-after-free vulnerabilities. The flaws are present in the application, which fails to handle a crafted web site that triggers access to a deleted object. Succes ... oval:org.secpod.oval:def:21094 The host is missing a critical security update according to Microsoft bulletin, MS14-053. The update is required to fix a denial of service vulnerability. A flaw are present in the applications, which does not properly use a hash table for request data. Successful exploitation allows for an unauthen ... oval:org.secpod.oval:def:21095 The host is installed with .Net framework 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1 or 4.5.2 and is prone to denial of service vulnerability. A flaw are present in the applications, which does not properly use a hash table for request data. Successful exploitation allows for an unauthenti ... oval:org.secpod.oval:def:10847 The host is installed with Microsoft Internet Explorer 6 through 10 and is prone to use-after-free vulnerability. A flaw is present in the application, which fails to handle a crafted web site that triggers access to a deleted object. Successful exploitation allows attackers to execute arbitrary cod ... oval:org.secpod.oval:def:21590 The host is installed with Internet Explorer 6, 7, 8, 9 or 10 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle a crafted website. Successful exploitation could allow attackers to gain the same user rights as the current user. oval:org.secpod.oval:def:19797 The host is installed with Microsoft Windows Vista, Server 2008, Windows 7, Windows 8, Windows Server 2012, Windows Server 2008 R2, Windows 8.1 or Windows Server 2012 R2 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to properly processes special ... oval:org.secpod.oval:def:19798 The host is missing an important security update according to Microsoft bulletin MS14-031. The update is required to fix a denial of service vulnerability. A flaw is present in the application, which fails to properly processes specially crafted packets. Successful exploitation could allow attackers ... oval:org.secpod.oval:def:33792 The host is installed with Microsoft Server 2008, Server 2008 R2, Windows Vista, Windows 7, Server 2012, Server 2012 R2 or Windows 8.1 and is prone to an OLE Remote code execution vulnerability. A flaw is present in the application, which fails to properly validate user input. An attacker who succes ... oval:org.secpod.oval:def:33791 The host is missing an important security update according to Microsoft security bulletin, MS16-044. The update is required to fix a remote code execution vulnerability. A flaw is present in the application, which fails to properly validate user input. An attacker who successfully exploited this vul ... oval:org.secpod.oval:def:21835 The host is missing a important security update according to Microsoft security advisory, 2905247. The update is required to fix an elevation of privilege vulnerability. A flaw is present in the application, which fails to handle a improper configuration of view state MAC. Successful exploitation al ... oval:org.secpod.oval:def:6016 The host is missing a critical security update according to Microsoft Security Advisory, 2718704. The update is required to fix spoofing vulnerability. A flaw is present in the application, which fails to properly handle authorization of digital certificates. Successful exploitation could allow atta ... oval:org.secpod.oval:def:6975 The host is missing a security update according to Microsoft security advisory, 2736233. The update is required to provide a security feature in IE, which prevents ActiveX control from ever being loaded by the Internet Explorer HTML-rendering engine. Successful exploitation could allow attackers to ... oval:org.secpod.oval:def:6736 The host is missing a critical security update according to Microsoft Security Advisory, 2661254. The update is required to fix spoofing vulnerability. A flaw is present in the application, which fails to properly handle certificates with RSA keys less than 1024 bits in length. Successful exploitati ... oval:org.secpod.oval:def:6408 The host is missing a critical security update according to Microsoft Security Advisory, 2728973. The update is required to fix spoofing vulnerability. A flaw is present in the application, which fails to handle CA certificates. Successful exploitation could allow attackers to use these certificates ... oval:org.secpod.oval:def:4749 The host is missing a critical security update according to Microsoft Security Advisory, 2647518. The update is required to fix remote code execution vulnerability. A flaw is present in the application, which fails to prevent few ActiveX controls from being run in Internet Explorer. Successful explo ... oval:org.secpod.oval:def:5642 The host is missing a critical security update according to Microsoft Security Advisory, 2695962. The update is required to fix remote code execution vulnerability. A flaw is present in the application, which fails to prevent few ActiveX controls from being run in Internet Explorer. Successful explo ... oval:org.secpod.oval:def:24841 The host is installed with Microsoft Windows Vista, Windows 7, Windows 8, Windows Server 2008, Windows Server 2008 R2 or Windows Server 2012 and is prone to an elevation of privilege vulnerability. A flaw is present in the application, which fails to properly validate user input. Successful exploita ... oval:org.secpod.oval:def:24842 The host is missing an important security update according to Microsoft security bulletin, MS15-063. The update is required to fix an elevation of privilege vulnerability. A flaw is present in the application, which fails to properly validate user input. Successful exploitation could allow attackers ... oval:org.secpod.oval:def:2298 The host is missing a critical security update according to Microsoft security bulletin, MS09-055. The update is required to fix remote code execution vulnerabilities. The flaws are present in the Microsoft Active Template Library (ATL) ActiveX Controls. Successful exploitation allows an attacker to ... oval:org.mitre.oval:def:7581 The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold, and Visual C++ 2005 SP1 and 2008 Gold and SP1; and Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2; does not prevent VariantClea ... oval:org.mitre.oval:def:6245 The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold and SP1, and Visual C++ 2005 SP1 and 2008 Gold and SP1; and Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2; does not properly re ... oval:org.mitre.oval:def:6289 The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold, and Visual C++ 2005 SP1 and 2008 Gold and SP1; and Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2; does not prevent VariantClea ... oval:org.mitre.oval:def:6716 The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold and SP1, and Visual C++ 2005 SP1 and 2008 Gold and SP1; and Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2; does not properly re ... oval:org.secpod.oval:def:2513 The host is missing an critical security update according to Microsoft security bulletin, MS09-072. The update is required to fix multiple memory corruption vulnerabilities. The flaws are present in the Internet Explorer, which fails to handle objects in memory. Successful exploitation allows an att ... oval:org.secpod.oval:def:2621 The host is missing a critical security update according to Microsoft security bulletin, MS09-037. The update is required to fix remote code execution vulnerabilities. The flaws are present in the Microsoft Active Template Library (ATL) header. Components and controls built using ATL headers fails t ... oval:org.mitre.oval:def:6421 The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold and SP1, and Visual C++ 2005 SP1 and 2008 Gold and SP1; and Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2; does not properly re ... oval:org.secpod.oval:def:24110 The host is installed with .NET Framework 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4.0, 4.5 or 4.5.1 and is prone to an information disclosure vulnerability. A flaw is present in the application, which improperly handles certain requests on systems that have custom error messages disabled. Successful exploitat ... oval:org.secpod.oval:def:24111 The host is missing an important security update according to Microsoft bulletin, MS15-041. The update is required to fix an information disclosure vulnerability. A flaw is present in the application, which improperly handles certain requests on systems that have custom error messages disabled. Succ ... oval:org.secpod.oval:def:23773 The host is installed with Microsoft Windows Server 2003, 2008, 2008 R2, 2012, 2012 R2, Windows Vista, 7, 8, 8.1 and is prone to a WTS remote code execution vulnerability. A flaw is present in the application, which fails to properly handle objects in memory. Successful exploitation could allow atta ... oval:org.secpod.oval:def:23772 The host is missing a critical security update according to Microsoft security bulletin, MS15-020. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to properly handle a crafted file. Successful exploitation could allow attackers to execute ... oval:org.secpod.oval:def:24339 The host is installed with Microsoft .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2 and is prone to an opentype font parsing vulnerability. A flaw is present in the applications, which fail to handle a crafted OpenType font. Successful exploitation could allow attackers to execute arbi ... oval:org.secpod.oval:def:35586 The host is installed Microsoft Windows Server 2008, 2008 R2, 2012 or 2012 R2 and is prone a memory corruption vulnerability. A flaw is present in the DNS server, which fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could gain the same user righ ... oval:org.secpod.oval:def:35585 The host is missing an important security update according to Microsoft security bulletin, MS16-076. The update is required to fix a memory corruption vulnerability. A flaw is present in the DNS server, which fails to properly handle objects in memory. An attacker who successfully exploited this vul ... oval:org.secpod.oval:def:21365 The host is installed with Microsoft Windows Server 2008, Server 2008 R2, Windows Vista, Windows 7, Server 2012, Server 2012 R2, Windows 8 or Windows 8.1 and is prone to a remote code execution vulnerability. A flaw is present in the application, which fails to handle crafted OLE objects. Successful ... oval:org.secpod.oval:def:21364 The host is missing an important security update according to Microsoft security bulletin, MS14-060. The update is required to fix remote code execution vulnerability. A flaw is present in the application, which fails to handle crafted OLE objects. Successful exploitation could allow attackers to ru ... oval:org.secpod.oval:def:25346 The host is installed with Microsoft Server 2003, Server 2008, Server 2008 R2, Windows Vista, Windows 7, Server 2012, Server 2012 R2, Windows 8 or Windows 8.1 and is prone to an OLE elevation of privilege vulnerability. A flaw is present in the application, which fails to properly validate user inpu ... oval:org.secpod.oval:def:25347 The host is installed with Microsoft Server 2003, Server 2008, Server 2008 R2, Windows Vista, Windows 7, Server 2012, Server 2012 R2, Windows 8 or Windows 8.1 and is prone to an OLE elevation of privilege vulnerability. A flaw is present in the application, which fails to properly validate user inpu ... oval:org.secpod.oval:def:25348 The host is missing an important security update according to Microsoft security bulletin, MS15-075. The update is required to fix a multiple elevation of privilege vulnerabilities. The flaws are present in the application, which fails to properly validate user input. An attacker who successfully ex ... oval:org.secpod.oval:def:25844 The host is installed with Microsoft Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8, Server 2012, Windows 8.1 or Server 2012 R2 and is prone to an Onetype font parsing vulnerability. A flaw is present in the application, which fails to handle a crafted OpenType font ... oval:org.secpod.oval:def:25847 The host is installed with Microsoft Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8, Server 2012, Windows 8.1 or Server 2012 R2 and is prone to an elevation of privilege vulnerability. A flaw is present in the application, which terminates a process when a user logs ... oval:org.secpod.oval:def:25848 The host is installed with Microsoft Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8, Server 2012, Windows 8.1 or Server 2012 R2 and is prone to a security feature bypass vulnerability. A flaw is present in the Windows kernel-mode driver, which fails to properly vali ... oval:org.secpod.oval:def:25853 The host is installed with Microsoft Microsoft Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8, Server 2012, Windows 8.1, Server 2012 R2, .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2 or 4.6 and is prone to an Onetype font parsing vulnerability. A flaw ... oval:org.secpod.oval:def:25814 The host is installed with Microsoft Windows Server 2008 R2, Server 2008, Windows Vista, Windows 7, Server 2012, Server 2012 R2, Windows 8 or Windows 8.1 and is prone to a remote desktop session host spoofing vulnerability. A flaw is present in the application, which fails to properly validate certi ... oval:org.secpod.oval:def:25816 The host is missing an important security update according to Microsoft security bulletin, MS15-082. The update is required to fix multiple remote code execution vulnerabilities. The flaws are present in the application, which fails to properly validate certificates during authentication. Successful ... oval:org.secpod.oval:def:21565 The host is missing an important security update according to Microsoft bulletin, MS14-072. The update is required to fix an elevation of privilege vulnerability. A flaw is present in the application, which fails to handle TypeFilterLevel checks for some malformed objects. Successful exploitation al ... oval:org.secpod.oval:def:21556 The host is installed with Microsoft Windows Vista, Server 2008, Windows 7, Server 2008 R2, Windows 8, Windows 8.1, Server 2012 or Server 2012 R2 and is prone to an elevation of privilege vulnerability. A flaw is present in the application, which fails to validate permissions under specific conditio ... oval:org.secpod.oval:def:21557 The host is missing an important security update according to Microsoft security bulletin, MS14-071. The update is required to fix an elevation of privilege vulnerability. A flaw is present in the application, which fails to validate permissions under specific conditions. Successful exploitation cou ... oval:org.secpod.oval:def:21564 The host is installed with .NET Framework 1.1 SP1, 2.0 SP2, 3.5.1, 4.0, 4.5 or 4.5.1 and is prone to elevation of privilege vulnerability. A flaw is present in the application, which fails to handle TypeFilterLevel checks for some malformed objects. Successful exploitation allows attacker to execute ... oval:org.secpod.oval:def:18531 The host is missing an important security update according to Microsoft security bulletin, MS14-025. The update is required to fix an elevation of privilege vulnerability. A flaw is present in the application, which fails to properly handle passwords being distributed by Active Directory. Successful ... oval:org.secpod.oval:def:18530 The host is installed with Microsoft Windows Vista, Server 2008, Windows 7, Server 2008 R2, Windows 8, Server 2012, Windows 8.1 or Server 2012 R2 and is prone to an elevation of privilege vulnerability. A flaw is present in the application, which fails to properly handle passwords being distributed ... oval:org.secpod.oval:def:19801 The host is installed with Microsoft XML Core Services 3.0 on Microsoft Windows Server 2003 SP2, Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8, 8.1, Server 2012 or Server 2012 R2 or Microsoft XML Core Services 6.0 on Microsoft Windows Server 2003 SP2, Vista SP2, Server 200 ... oval:org.secpod.oval:def:19802 The host is missing an important security update according to Microsoft bulletin, MS14-033. The update is required to fix an information disclosure vulnerability. A flaw is present in the application, which is caused when Microsoft XML Core Services (MSXML) parses XML content and does not properly e ... oval:org.secpod.oval:def:20814 The host is installed with .Net framework 2.0, 3.0 or 3.5.1 and is prone to an security feature bypass vulnerability. A flaw is present in the application, which fails to handle a crafted web site. Successful exploitation could allow an attacker to bypass the Address Space Layout Randomization (ASLR ... oval:org.secpod.oval:def:20815 The host is missing an important security update according to Microsoft bulletin, MS14-046. The update is required to fix a security feature bypass vulnerability. A flaw is present in the application, which fails to handle a crafted web site. Successful exploitation could allow an attacker to bypass ... oval:org.secpod.oval:def:23105 The host is missing an important security update according to Microsoft security bulletin, MS15-005. The update is required to fix a security feature bypass vulnerability. A flaw is present in the application, which fails to fails to properly validate whether a domain-connected computer is connected ... oval:org.secpod.oval:def:23111 The host is missing an important security update according to Microsoft security bulletin, MS15-003. The update is required to fix an elevation of privilege vulnerability. A flaw is present in the application, which fails to validate user privileges to load registry hives. Successful exploitation co ... oval:org.secpod.oval:def:23110 The host is installed with Microsoft Windows Server 2003, Windows 7, 8, 8.1, Server 2008, 2008 R2, 2012 or 2012 R2 and is prone to an elevation of privilege vulnerability. A flaw is present in the application, which fails to validate user privileges to load registry hives. Successful exploitation co ... oval:org.secpod.oval:def:23104 The host is installed with Microsoft Windows 7, 8, 8.1, Server 2008, 2008 R2, 2012 or 2012 R2 and is prone to a security feature bypass vulnerability. A flaw is present in the application, which fails to fails to properly validate whether a domain-connected computer is connected to the domain or to ... oval:org.secpod.oval:def:20094 The host is installed with Microsoft Windows Server 2008, Server 2008 R2, Windows Vista, Windows 7, Server 2012, Server 2012 R2, Windows 8 or Windows 8.1 and is prone to an elevation of privilege vulnerability. A flaw is present in the application, which fails to properly handle objects in memory. S ... oval:org.secpod.oval:def:20095 The host is missing an important security update according to Microsoft security bulletin, MS14-039. The update is required to fix elevation of privilege vulnerability. A flaw is present in the application, which fails to properly handle objects in memory. Successful exploitation could allow attacke ... oval:org.secpod.oval:def:21374 The host is installed with .Net framework 2.0 SP2 or 3.5.1 and is prone to a ASLR execution vulnerability. A flaw is present in the application, which fails to properly handle a specially crafted content. Successful exploitation allows attacker to bypass the ASLR security feature. oval:org.secpod.oval:def:21375 The host is missing a critical security update according to Microsoft bulletin, MS14-057. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle a specially crafted URI request containing international characters. Successful exploitati ... oval:org.secpod.oval:def:21372 The host is installed with .Net framework 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1 or 4.5.2 and is prone to an elevation of privilege vulnerability. A flaw is present in the application, which inadvertently processes data prior to verification. Successful exploitation allows attacker to take complete cont ... oval:org.secpod.oval:def:21361 The host is installed with Microsoft Windows Server 2003, Server 2008, Server 2008 R2, Windows Vista, Windows 7, Server 2012, Server 2012 R2, Windows 8 or Windows 8.1 and is prone to an elevation of privilege vulnerability. A flaw is present in the application, which fails to properly handle objects ... oval:org.secpod.oval:def:18181 The host is missing an important security update according to Microsoft security bulletin, MS14-027. The update is required to fix an elevation of privilege vulnerability. A flaw is present in the application, which fails to properly handle file association. Successful exploitation could allow attac ... oval:org.secpod.oval:def:18180 The host is installed with Windows Server 2003, Server 2008, Vista, Windows 7, Server 2008 R2, Server 2012, Windows 8.1 or Server 2012 R2 and is prone to an elevation of privilege vulnerability. A flaw is present in the application, which fails to properly handle file association. Successful exploit ... oval:org.secpod.oval:def:25338 The host is installed with Microsoft Windows 2003 SP2, Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8, 8.1, Server 2012 or Server 2012 R2 and is prone to a RPC elevation of privilege vulnerability. A flaw is present in the application, which inadvertently allows DCE/RPC con ... oval:org.secpod.oval:def:25339 The host is missing an important security update according to Microsoft security bulletin, MS15-076. The update is required to fix a RPC elevation of privilege vulnerability. A flaw is present in the application, which inadvertently allows DCE/RPC connection reflection. An attacker who successfully ... oval:org.secpod.oval:def:25341 The host is missing an important security update according to Microsoft security bulletin, MS15-077. The update is required to fix a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle objects in memory. An attacker who successfully exploited this vu ... oval:org.secpod.oval:def:25344 The host is installed with Microsoft Windows Server 2003 SP2, Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8, 8.1, Server 2012, 2012 R2 and is prone to an elevation of privilege vulnerability. A flaw is present in the application, which fails to process certain specially cr ... oval:org.secpod.oval:def:25345 The host is missing an important security update according to Microsoft security bulletin, MS15-072. The update is required to fix an elevation of privilege vulnerability. A flaw is present in the application, which fails to process certain specially crafted bitmap conversions. Successful exploitati ... oval:org.secpod.oval:def:25340 The host is installed with Microsoft Windows Server 2003, 2008, 2008 R2, 2012, 2012 R2, Windows Vista, 7, 8 or 8.1 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle objects in memory. An attacker who successfully exploited this vu ... oval:org.secpod.oval:def:24082 The host is installed with Microsoft XML Core Services 3.0 in Microsoft Windows Server 2003 SP2, Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1 and is prone to a same origin policy SFB vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful ... oval:org.secpod.oval:def:24083 The host is missing an important security update according to Microsoft security bulletin, MS15-039. The update is required to fix a same origin policy SFB vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to access ... oval:org.secpod.oval:def:32914 The host is installed with Vista SP2, Server 2008 SP2, Windows 7 SP1 or Server 2008 R2 SP1 and is prone to an elevation of privilege vulnerability. A flaw is present in the Windows kernel, which fails to properly handle objects in memory. Successful exploitation could run arbitrary code in kernel mo ... oval:org.secpod.oval:def:25810 The host is installed with Microsoft Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8, Server 2012, Windows 8.1 or Server 2012 R2 and is prone to an elevation of privilege vulnerability. A flaw is present in the application, which fails to properly validate and enforc ... oval:org.secpod.oval:def:34303 The host is missing an important security update according to Microsoft security bulletin, MS16-058. The update is required to fix a remote code execution vulnerability. A flaw is present in the application, which fails to properly validate input before loading certain libraries. An attacker who suc ... oval:org.secpod.oval:def:34302 The host is installed with Microsoft Windows Vista or Server 2008 and is prone to a remote code execution vulnerability. A flaw is present in the application, which fails to properly validate input before loading certain libraries. An attacker who successfully exploited this vulnerability could take ... oval:org.secpod.oval:def:25811 The host is installed with Microsoft Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8, Server 2012, Windows 8.1 or Server 2012 R2 and is prone to an elevation of privilege vulnerability. A flaw is present in the application, which improperly allows certain registry in ... oval:org.secpod.oval:def:25812 The host is installed with Microsoft Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8, Server 2012, Windows 8.1 or Server 2012 R2 and is prone to an elevation of privilege vulnerability. A flaw is present in the application, which improperly allows certain filesystem ... oval:org.secpod.oval:def:25813 The host is missing an important security update according to Microsoft bulletin, MS15-090. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle a specially crafted application. An attacker who successfully exploited this vulnerabili ... oval:org.secpod.oval:def:21569 The host is installed with Microsoft Input method editor Japanese on Microsoft Windows Server 2003, Server 2008, Server 2008 R2 or Windows 7 and is prone to an elevation of privilege vulnerability. A flaw is present in the application, which fails to properly handle a specially crafted file. Success ... oval:org.secpod.oval:def:21572 The host is missing a moderate security update according to Microsoft security bulletin, MS14-078. The update is required to fix an elevation of privilege vulnerability. A flaw is present in the application, which fails to properly handle a specially crafted file. Successful exploitation could allow ... oval:org.secpod.oval:def:23777 The host is missing an important security update according to Microsoft bulletin, MS15-025. The update is required to fix an elevation of privilege vulnerability. A flaw is present in windows kernel, which fails to properly validate and enforce impersonation levels or improperly allows a user to mod ... oval:org.secpod.oval:def:23776 The host is installed with Microsoft Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8, 8.1, Server 2012 or Server 2012 R2 and is prone to an elevation of privilege vulnerability. The flaw is present in the application, which exists in the way that Windows Registry Vir ... oval:org.secpod.oval:def:37930 The host is missing an important security update according to Microsoft security bulletin, MS16-139. The update is required to fix an elevation of privilege vulnerability. A flaw is present in the application, which fails to properly handle Windows Kernel API. An attacker who successfully exploited ... oval:org.secpod.oval:def:37929 The host is installed with Microsoft Windows Vista SP2, Server 2008 SP2, Windows 7 SP1 or Server 2008 R2 SP1 and is prone to an elevation of privilege vulnerability. A flaw is present in the application, which fails to properly handle Windows Kernel API. An attacker who successfully exploited the vu ... oval:org.secpod.oval:def:23775 The host is installed with Microsoft Windows Server 2003 SP2, Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1 and is prone to an elevation of privilege vulnerability. The flaw is present in the application, when Windows fails to properly validate and enforce impersonation levels. An at ... oval:org.secpod.oval:def:20773 The host is missing an important security update according to Microsoft security bulletin, MS14-049. The update is required to fix an elevation of privilege vulnerability. A flaw is present in the application, which improperly handles the repair of a previously installed application. Successful expl ... oval:org.secpod.oval:def:20768 The host is installed with Microsoft Server 2003, Server 2008, Server 2008 R2, Windows Vista, Windows 7, Server 2012, Server 2012 R2, Windows 8 or Windows 8.1 and is prone to an elevation of privilege vulnerability. A flaw is present in the application, which fails to handle a crafted application. S ... oval:org.secpod.oval:def:21615 The host is installed with Microsoft Windows 2003 SP2, Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8, 8.1, Server 2012 or Server 2012 R2 and is prone to a remote elevation of privilege vulnerability. A flaw is present in the application, which fails to handle a forged sign ... oval:org.secpod.oval:def:20769 The host is installed with Microsoft Server 2003, Server 2008, Server 2008 R2, Windows Vista, Windows 7, Server 2012, Server 2012 R2, Windows 8 or Windows 8.1 and is prone to an elevation of privilege vulnerability. A flaw is present in the application, which fails to handle a crafted application. S ... oval:org.secpod.oval:def:21616 The host is missing a critical security update according to Microsoft security bulletin, MS14-068. The update is required to fix a remote elevation of privilege vulnerability. A flaw is present in the application, which fails to handle a forged signature in a ticket. Successful exploitation could al ... oval:org.secpod.oval:def:20771 The host is missing an important security update according to Microsoft security bulletin, MS14-045. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to properly handle a crafted application. Successful exploitation could allow attackers t ... oval:org.secpod.oval:def:20772 The host is installed with Microsoft Server 2003, Server 2008, Server 2008 R2, Windows Vista, Windows 7, Server 2012, Server 2012 R2, Windows 8 or Windows 8.1 and is prone to an elevation of privilege vulnerability. A flaw is present in the application, which improperly handles the repair of a previ ... oval:org.secpod.oval:def:24297 The host is installed with Windows Vista, 7, 8 or 8.1, Server 2008, 2008 R2, 2012 or 2012 R2 and is prone to an elevation of privilege vulnerability. A flaw is present in the application, which improperly verifies impersonation levels. Successful exploitation could allow attackers to gain elevated p ... oval:org.secpod.oval:def:24298 The host is missing an important security update according to Microsoft security bulletin, MS15-050. The update is required to fix an elevation of privilege vulnerability. A flaw is present in the application, which improperly verifies impersonation levels. Successful exploitation could allow attack ... oval:org.secpod.oval:def:24303 The host is installed with .NET Framework 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4.0, 4.5, 4.5.1 or 4.5.2 and is prone to an elevation of privilege vulnerability. A flaw is present in the Windows Forms, which improperly handle objects in memory. Successful exploitation allows attackers to take complete contr ... oval:org.secpod.oval:def:23492 The host is installed with Microsoft Windows Server 2003 SP2, Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8, 8.1, Server 2012 or Server 2012 R2 and is prone to an elevation of privilege vulnerability. A flaw is present in the application, which improperly handles objects i ... oval:org.secpod.oval:def:23491 The host is missing an important security update according to Microsoft security bulletin MS15-010. The update is required to fix multiple vulnerabilities. The flaw is present in the Windows Kernel-Mode driver, which fails to handle crafted vectors. Successful exploitation could allow attackers to g ... oval:org.secpod.oval:def:23495 The host is installed with Microsoft Windows Server 2003 SP2, Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8, 8.1, Server 2012 or Server 2012 R2 and is prone to a denial of service vulnerability. A flaw is present in the application, which improperly handles a malicious fil ... oval:org.secpod.oval:def:23494 The host is installed with Microsoft Windows Server 2003 SP2, Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8, 8.1, Server 2012 or Server 2012 R2 and is prone to an elevation of privilege vulnerability. A flaw is present in the application, which improperly handles objects i ... oval:org.secpod.oval:def:20096 The host is installed with Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, Windows 8.1 or Windows Server 2012 R2 and is prone to a privilege escalation vulnerability. A flaw is present in the application, which fails to properly validat ... oval:org.secpod.oval:def:20097 The host is missing an important security update according to Microsoft bulletin, MS14-040. The update is required to fix a privilege escalation vulnerability. The flaw is present in the application, which fails to properly validate user-mode input passed to kernel mode. Successful exploitation coul ... oval:org.secpod.oval:def:24854 The host is installed with Microsoft Windows Server 2003 SP2, Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8, Windows 8.1, Server 2012 or Server 2012 R2 and is prone to a Microsoft Windows Kernel brush object use after free vulnerability. A flaw is present in the applicatio ... oval:org.secpod.oval:def:24845 The host is installed with Microsoft Windows Vista, Windows 7, Windows 8, Windows Server 2008, Windows Server 2008 R2, Windows 8.1, Windows Server 2012 or Windows Server 2012 R2 and is prone to an use after free vulnerability. A flaw is present in the application, which fails to properly access an o ... oval:org.secpod.oval:def:24846 The host is missing an important security update according to Microsoft security bulletin, MS15-060. The update is required to fix an use after free vulnerability. A flaw is present in the application, which fails to properly access an object in memory. Successful exploitation could allow attackers ... oval:org.secpod.oval:def:24848 The host is installed with Microsoft Windows Server 2003 SP2, Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8, Windows 8.1, Server 2012 or Server 2012 R2 and is prone to an use after free vulnerability. A flaw is present in the Windows kernel-mode driver, which fails to prop ... oval:org.secpod.oval:def:24850 The host is installed with Microsoft Windows Server 2003 SP2, Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8, Windows 8.1, Server 2012 or Server 2012 R2 and is prone to a kernel bitmap handling use after free vulnerability. A flaw is present in the application, which fails ... oval:org.secpod.oval:def:24851 The host is installed with Microsoft Windows Server 2003 SP2, Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8, Windows 8.1, Server 2012 or Server 2012 R2 and is prone to a Microsoft Windows station use after free vulnerability. A flaw is present in the application, which fai ... oval:org.secpod.oval:def:24852 The host is installed with Microsoft Windows Server 2003 SP2, Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8, Windows 8.1, Server 2012 or Server 2012 R2 and is prone to a Microsoft Windows Kernel object use after free vulnerability. A flaw is present in the application, whi ... oval:org.secpod.oval:def:17389 The host is installed with Windows XP, Windows Vista, Windows Server 2008, Windows Server 2008 R2, Windows Server 2003, Windows 7, Windows 8, Windows Server 2012, Windows 8.1 or Windows Server 2012 R2 and is prone to a remote code execution vulnerability. A flaw is present in the application, which ... oval:org.secpod.oval:def:17388 The host is missing a critical security update according to Microsoft security bulletin, MS14-019. The update is required to fix a remote code execution vulnerability. A flaw is present in the application, which improperly restricts the path used for processing .bat and .cmd files. Successful exploi ... oval:org.secpod.oval:def:23774 The host is installed with Microsoft Windows Server 2003, 2008, 2008 R2, 2012, 2012 R2, Windows Vista, 7, 8, 8.1 and is prone to a DLL planting remote code execution vulnerability. A flaw is present in the application, which fails to properly handle loading of DLL files. Successful exploitation coul ... oval:org.secpod.oval:def:25808 The host is installed with Microsoft XML Core Services 3.0 or on Microsoft Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8, 8.1, Server 2012 or Server 2012 R2 or Microsoft XML Core Services 5.0 on Microsoft Office 2007 SP2 and is prone to an information disclosure vu ... oval:org.secpod.oval:def:25809 The host is missing an important security update according to Microsoft security bulletin, MS15-084. The update is required to fix multiple information disclosure vulnerabilities. The flaws are present in the applications, which expose memory addresses not intended for public disclosure or explicitl ... oval:org.secpod.oval:def:25807 The host is installed with Microsoft XML Core Services 3.0 or on Microsoft Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8, 8.1, Server 2012 or Server 2012 R2 or Microsoft XML Core Services 5.0 on Microsoft Office 2007 SP2 and is prone to an information disclosure vu ... oval:org.secpod.oval:def:23766 The host is missing an important security update according to Microsoft bulletin, MS15-031. The update is required to fix a security feature bypass vulnerability. A flaw is present in the application, that is caused by an issue in the TLS state machine whereby a client system accepts an RSA key with ... oval:org.secpod.oval:def:23765 The host is installed with Microsoft Windows Server 2003 SP2, Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8, 8.1, Server 2012 or Server 2012 R2 and is prone to a security feature bypass vulnerability. A flaw is present in the application, that is caused by an issue in the ... oval:org.secpod.oval:def:24304 The host is installed with .NET Framework 2.0 SP2, 3.5, 3.5.1, 4.0, 4.5, 4.5.1 or 4.5.2 and is prone to a denial of service vulnerability. A flaw is present in the application, which improperly handle crafted XML data. Successful exploitation allows attackers to degrade the performance of a .NET-ena ... oval:org.secpod.oval:def:24305 The host is missing an important security update according to Microsoft bulletin, MS15-048. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to properly handle a specially crafted vectors. Successful exploitation could allow attackers to t ... oval:org.secpod.oval:def:21539 The host is missing a moderate security update according to Microsoft security bulletin, MS14-079. The update is required to fix denial of service vulnerability. A flaw is present in the application, which fails to properly handle a specially crafted TrueType fonts. Successful exploitation could all ... oval:org.secpod.oval:def:21540 The host is installed with Microsoft Windows Server 2003, Server 2008, Server 2008 R2, Windows Vista, Windows 7, Server 2012, Server 2012 R2, Windows 8 or Windows 8.1 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to properly handle a specially c ... oval:org.secpod.oval:def:4145 The host is missing an important security update according to Microsoft security bulletin, MS12-012. The update is required to fix a remote code execution vulnerability. A flaw is present in the Color Control Panel, which fails to properly handle dll files. Successful exploitation allows attackers t ... oval:org.secpod.oval:def:5096 The host is installed with Microsoft Internet Explorer 6 through 8 and is prone to a VML style remote code execution vulnerability. A flaw is present in the application, which fails to properly handle a deleted object in memory. Successful exploitation could allow attackers to execute arbitrary code ... oval:org.secpod.oval:def:3937 The host is installed with Microsoft Windows Server 2008 or Microsoft Windows Server 2008 R2 and is prone to untrusted search path vulnerability. A flaw is present in the Color Control Panel, which allows dll hijacking via a Trojan horse sti.dll file in the current working directory. Successful expl ... oval:org.secpod.oval:def:4137 The host is installed with Internet Explorer 6,7,8 or 9 and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to properly perform copy-and-paste operations. Successful exploitation could allow attackers to read content from a different (1) domain ... oval:org.secpod.oval:def:4138 The host is installed with Internet Explorer 7,8 or 9 and is prone to a remote code execution vulnerability. A flaw is present in the application, which fails to properly handle access to a deleted object. Successful exploitation could allow attackers to execute arbitrary code. oval:org.secpod.oval:def:4136 The host is missing a critical security update according to Microsoft bulletin, MS12-010. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle a specially crafted web page. Successful exploitation could allow attackers to execute arb ... oval:org.secpod.oval:def:5094 The host is installed with Microsoft Internet Explorer 6 or 7 and is prone to an OnReadyStateChange remote code execution vulnerability. A flaw is present in the application, which fails to handle a deleted object in memory. Successful exploitation could allow attackers to execute arbitrary code. oval:org.secpod.oval:def:5092 The host is installed with Microsoft Internet Explorer 6 through 9 and is prone to a remote code execution vulnerability. A flaw is present in the application, which fails to handle a crafted HTML document. Successful exploitation could allow attackers to execute arbitrary code. oval:org.secpod.oval:def:5097 The host is missing a critical security update according to Microsoft security bulletin, MS12-023. The update is required to fix multiple remote code execution vulnerabilities. The flaws are present in the application, which fails to properly handle malicious data. Successful exploitation could allo ... oval:org.secpod.oval:def:5095 The host is installed with Microsoft Internet Explorer 6 through 9 and is prone to a SelectAll remote code execution vulnerability. A flaw is present in the application, which fails to properly handle a deleted object in memory. Successful exploitation could allow attackers to execute arbitrary code ... oval:org.secpod.oval:def:5586 The host is missing a critical security update according to Microsoft security bulletin, MS12-035. The update is required to fix a remote code execution vulnerability. The flaws are present in .NET Framework, which fail to handle a specially crafted webpage. Successful exploitation could allow remot ... oval:org.secpod.oval:def:5583 The host is missing an important security update according to Microsoft security bulletin, MS12-032. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to properly handle crafted data. Successful exploitation could allow attackers to gain pr ... oval:org.secpod.oval:def:5589 The host is installed with Microsoft .Net Framework 1.1 SP1 or 2.0 SP2 or 3.0 SP2 or 3.5 SP1 or 3.5.1 or 4.0 and is prone to remote code execution vulnerability. A flaw is present in the Microsoft .NET Framework, which fails due to the improper serialization of untrusted input through partially trus ... oval:org.secpod.oval:def:5588 The host is installed with Microsoft .Net Framework 1.1 SP1 or 2.0 SP2 or 3.0 SP2 or 3.5 SP1 or 3.5.1 or 4.0 and is prone to remote code execution vulnerability. A flaw is present in the Microsoft .NET Framework, which fails due to the improper serialization of untrusted input. Successful exploitati ... oval:org.secpod.oval:def:5581 The host is installed with Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2 or R2 SP1, or Windows 7 or SP1 and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to properly enforce firewall rules for outbound broadcast packets. Successful ... oval:org.secpod.oval:def:5130 The host is missing an important security update according to Microsoft security bulletin, MS12-025. The update is required to fix a remote code execution vulnerability. A flaw is present in the application, which fails to properly validate parameters when passing data to a function. Successful expl ... oval:org.secpod.oval:def:5129 The host is installed with Microsoft .NET Framework 1.1 SP1 or 2.0 SP2 or 3.5.1 or 4 and is prone to remote code execution vulnerability. A flaw is present in the application, which fails to properly validate parameters when passing data to a function. Successful exploitation allows remote attackers ... oval:org.secpod.oval:def:3431 The host is installed with Internet Explorer 6 or 7 or 8 or 9 and is prone to information disclosure vulnerability. A flaw is present in the application, which fails to properly handle Web pages. Successful exploitation allows attackers to to view content from a different domain or Internet Explorer ... oval:org.secpod.oval:def:3432 The host is missing an important security update according to Microsoft security bulletin, MS11-099. The update is required to fix information disclosure and remote code execution vulnerabilities. The flaws are present in the applications, which fail to properly handle XSS Filter and loading of libr ... oval:org.secpod.oval:def:4731 The host is installed with Windows DNS server and is prone denial of service vulnerability. A flaw is present in the DNS server, which fails to handle a specially crafted DNS query to the target DNS server. Successful exploitation could allow remote attackers to cause system to stop responding and a ... oval:org.secpod.oval:def:1203 The host is installed with Microsoft Internet Explorer and is prone to time element memory corruption vulnerability. A flaw is present in the browser, which fails to access an object that has not been properly initialized or has been deleted. Successful exploitation could allow remote attackers to e ... oval:org.secpod.oval:def:1383 The host is missing a critical security update according to Microsoft security bulletin, MS10-041. The update is required to fix data tampering vulnerability. A flaw is present in the Microsoft .NET Framework, which allows data tampering of signed XML content without being detected. Successful explo ... oval:org.secpod.oval:def:1589 The host is missing a critical security update according to Microsoft security bulletin, MS10-065. The update is required to fix multiple vulnerability. Multiple flaws are present in the asp.dll in Internet Information Services (IIS) in Microsoft Windows, which is due to improper ASP implementation ... oval:org.secpod.oval:def:1214 The host is missing a critical security update according to Microsoft security bulletin, MS10-051. The update is required to fix a remote code execution vulnerability. The flaws are present in the Microsoft XML Core Services (MSXML) which fails to handle HTTP responses. Successful exploitation allow ... oval:org.secpod.oval:def:6994 The host is installed with Microsoft Internet Explorer 9 and is prone to an event listener use-after-free vulnerability. A flaw is present in the application, which fails to handle a crafted web site. Successful exploitation could allow attackers to execute arbitrary code. oval:org.secpod.oval:def:6993 The host is installed with Microsoft Internet Explorer 8 or 9 and is prone to an onmove use-after-free vulnerability. A flaw is present in the application, which fails to handle a crafted web site that triggers access to an object that was not properly initialized or is deleted. Successful exploitat ... oval:org.secpod.oval:def:6992 The host is installed with Microsoft Internet Explorer 6 through 9 and is prone to an use-after-free vulnerability. A flaw is present in the application, which fails to handle a crafted web site. Successful exploitation could allow attackers to execute arbitrary code. oval:org.secpod.oval:def:6997 The host is missing a critical security update according to Microsoft security bulletin, MS12-063. The update is required to fix multiple use after free vulnerabilities. The flaws are present in the application, which fails to handle a crafted web site. Successful exploitation could allow attackers ... oval:org.secpod.oval:def:6996 The host is installed with Microsoft Internet Explorer 6 through 8 and is prone to an cloneNode use-after-free vulnerability. A flaw is present in the application, which fails to handle a crafted web site that triggers access to a deleted object. Successful exploitation could allow attackers to exec ... oval:org.secpod.oval:def:6995 The host is installed with Microsoft Internet Explorer 9 and is prone to an layout use-after-free vulnerability. A flaw is present in the application, which fails to handle a crafted web site that triggers access to a deleted object. Successful exploitation could allow attackers to execute arbitrary ... oval:org.secpod.oval:def:1381 The host is missing a critical security update according to Microsoft security bulletin, MS10-083. The update is required to fix remote code execution vulnerability. A flaw is present in the Windows Shell and WordPad in Microsoft Windows, which fails to validate COM objects during instantiation. Suc ... oval:org.mitre.oval:def:8428 The Key Distribution Center (KDC) in Kerberos in Microsoft Windows 2000 SP4, Server 2003 SP2, and Server 2008 Gold and SP2, when a trust relationship with a non-Windows Kerberos realm exists, allows remote authenticated users to cause a denial of service (NULL pointer dereference and domain controll ... oval:org.secpod.oval:def:10777 The host is missing an important security update according to Microsoft security bulletin, MS13-029. The update is required to fix remote code execution vulnerability in Microsoft Windows Remote Desktop Client. A flaw is present in the application which fails to handle the specially crafted webpage. ... oval:org.secpod.oval:def:10778 The host is installed with Microsoft Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, Server 2008 R2 and is prone to remote code execution vulnerability. A flaw is present in the application, which fails to handle specially crafted webpage. Successful exploitation coul ... oval:org.secpod.oval:def:10948 The host is installed with Microsoft Internet Explorer 6 through 10 and is prone to an use after free vulnerability. A flaw is present in the application, which fails to handle a crafted web site that triggers access to a deleted object. Successful exploitation could allow attackers to execute arbit ... oval:org.secpod.oval:def:10958 The host is missing a critical security update according to Microsoft Security bulletin MS13-037. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle a crafted web site that triggers access to a deleted object. Successful exploitati ... oval:org.secpod.oval:def:10950 The host is installed with Microsoft Internet Explorer 6 through 8 and is prone to JSON array information disclosure vulnerability. A flaw is present in the application, which fails to properly restrict data access by VBScript. Successful exploitation could allow attackers to perform cross-domain re ... oval:org.secpod.oval:def:10953 The host is installed with Microsoft Internet Explorer 6 through 10 and is prone to an use after free vulnerability. A flaw is present in the application, which fails to handle a crafted web site that triggers access to a deleted object. Successful exploitation could allow attackers to execute arbit ... oval:org.secpod.oval:def:10954 The host is installed with Microsoft Internet Explorer 6 or 7 and is prone to an use after free vulnerability. A flaw is present in the application, which fails to handle a crafted web site that triggers access to a deleted object. Successful exploitation could allow attackers to execute arbitrary c ... oval:org.secpod.oval:def:10957 The host is installed with Microsoft Internet Explorer 6 through 10 and is prone to an use after free vulnerability. A flaw is present in the application, which fails to handle a crafted web site that triggers access to a deleted object. Successful exploitation could allow attackers to execute arbit ... oval:org.secpod.oval:def:14193 The host is installed with Microsoft Internet Explorer 6 through 10 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle a deleted object in memory. Successful exploitation could allow attackers to execute arbitrary code. oval:org.secpod.oval:def:14191 The host is installed with Microsoft Internet Explorer 6 through 10 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle a deleted object in memory. Successful exploitation could allow attackers to execute arbitrary code. oval:org.secpod.oval:def:14194 The host is missing a critical security update according to Microsoft security bulletin, MS13-047. The update is required to fix multiple memory corruption vulnerabilities. The flaws are present in the application, which fails to properly handle a deleted object in memory. Successful exploitation co ... oval:org.secpod.oval:def:63120 An elevation of privilege vulnerability exists in .NET Framework which could allow an attacker to elevate their privilege level. To exploit the vulnerability, an attacker would first have to access the local machine, and then run a malicious program. oval:org.secpod.oval:def:14178 The host is installed with Microsoft Internet Explorer 6 through 10 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle a deleted object in memory. Successful exploitation could allow attackers to execute arbitrary code. oval:org.secpod.oval:def:14175 The host is installed with Microsoft Internet Explorer 6 through 10 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle a deleted object in memory. Successful exploitation could allow attackers to execute arbitrary code. oval:org.secpod.oval:def:14180 The host is installed with Microsoft Internet Explorer 7, 8 or 9 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle a deleted object in memory. Successful exploitation could allow attackers to execute arbitrary code. oval:org.secpod.oval:def:14185 The host is installed with Microsoft Internet Explorer 6 through 10 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle a deleted object in memory. Successful exploitation could allow attackers to execute arbitrary code. oval:org.secpod.oval:def:40472 The host is missing security update for KB4019115. This security update resolves vulnerabilities in Microsoft .NET Framework that could allow to present a certificate that is marked invalid for a specific use, but the component uses it for that purpose. oval:org.secpod.oval:def:40882 An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory.To exploit this vulnerability, an authenticated attacker could run a specially crafted application. An attacker who successfully exploited this vulnerability could obtain information to fu ... oval:org.secpod.oval:def:16776 The host is installed with Microsoft Internet Explorer 6, 7 or 8 and is prone to memory corruption vulnerability. A flaw is present in the application, which fails to properly handle the access of an object in memory. Successful exploitation allows attackers to execute arbitrary code or cause a deni ... oval:org.secpod.oval:def:39408 Multiple information disclosure vulnerabilities exist in the way that the Color Management Module (ICM32.dll) handles objects in memory. These vulnerabilities allow an attacker to retrieve information to bypassusermode ASLR (Address Space Layout Randomization) on a targeted system. By itself, the in ... oval:org.secpod.oval:def:16786 The host is missing a important security update according to Microsoft bulletin, MS14-009. The update is required to fix multiple vulnerabilities. The flaws are present in microsoft graphic component, which fails to handle a crafted website. Successful exploitation allows remote attackers to bypass ... oval:org.secpod.oval:def:16789 The host is installed with .NET Framework 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4.0, 4.5 or 4.5.1 and is prone to type traversal vulnerability. A flaw is present in the application, which improperly verifies that a method is safe for execution. Successful exploitation allows attacker to take complete contro ... oval:org.secpod.oval:def:16788 The host is installed with .NET Framework 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4.0, 4.5 or 4.5.1 and is prone to post request denial of service vulnerability. A flaw is present in the application, which improperly identifies stale or closed HTTP client connections. Successful exploitation allows attackers ... oval:org.secpod.oval:def:16753 The host is installed with Microsoft XML Core Services 3.0 on Microsoft Windows XP SP3, Server 2003 SP2, Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8, 8.1, Server 2012 or Server 2012 R2 and is prone to information disclosure vulnerability. A flaw is present in the applica ... oval:org.secpod.oval:def:16754 The host is missing an important security update according to Microsoft bulletin, MS14-005. The update is required to fix an information disclosure vulnerability. A flaw is present in the application, which is caused when Internet Explorer does not properly enforce cross-domain policies. Successful ... oval:org.secpod.oval:def:40431 An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. An authenticated attacker could exploit this vulnerability by runnin ... oval:org.secpod.oval:def:40436 An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. An authenticated attacker could exploit this vulnerability by runnin ... oval:org.secpod.oval:def:40437 An elevation of privilege vulnerability exists in the way that the Windows Kernel handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. On systems with Windows 7 for x64-based Systems or later installed, this vulnerability c ... oval:org.secpod.oval:def:16766 The host is installed with Microsoft Internet Explorer 6, 7, 8, 9 or 10 and is prone to memory corruption vulnerability. A flaw is present in the application, which fails to properly handle the access of an object in memory. Successful exploitation allows attackers to execute arbitrary code or cause ... oval:org.secpod.oval:def:40438 An information disclosure vulnerability exists when the win32k component improperly provides kernel information. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system.To exploit the vulnerability, an attacker would have to either log ... oval:org.secpod.oval:def:16758 The host is missing a critical security update according to Microsoft security bulletin, MS14-011. The update is required to fix a memory corruption vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to execute arbit ... oval:org.secpod.oval:def:57288 An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system.There are multiple ways an attacker could exploit th ... oval:org.secpod.oval:def:57287 An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system.There are multiple ways an attacker could exploit th ... oval:org.secpod.oval:def:57286 An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system.There are multiple ways an attacker could exploit th ... oval:org.secpod.oval:def:57285 An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system.There are multiple ways an attacker could exploit th ... oval:org.secpod.oval:def:57291 An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system.There are multiple ways an attacker could exploit th ... oval:org.mitre.oval:def:12365 Microsoft .NET Framework 1.1 SP1, 2.0 SP1 and SP2, 3.5, 3.5 SP1, 3.5.1, and 4.0, as used for ASP.NET in Microsoft Internet Information Services (IIS), provides detailed error codes during decryption attempts, which allows remote attackers to decrypt and modify encrypted View State (aka __VIEWSTATE) ... oval:org.secpod.oval:def:15461 The host is installed with Internet Explorer 6, 7, 8, 9, or 10 and is prone to remote code execution vulnerability. The flaw is present in the application, which fails to properly handle an object in memory that has been deleted or has not been properly allocated. Successful exploitation allows atta ... oval:org.secpod.oval:def:16790 The host is installed with .NET Framework 2.0 SP2 or 3.5.1 and is prone to address space layout randomization vulnerability. A flaw is present in the application, which fails to handle ASLR security feature. Successful exploitation allows attacker to bypass the ASLR security feature. oval:org.secpod.oval:def:61311 An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system.An authenticated attacker could exploit this vulnerability by running ... oval:org.secpod.oval:def:39419 A remote code execution vulnerability exists when Windows improperly validates input before loading dynamic link library (DLL) files. An attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete da ... oval:org.secpod.oval:def:49699 An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. An authenticated attacker could exploit this vulnerability by runnin ... oval:org.secpod.oval:def:15964 The host is installed with Microsoft Windows XP SP3, Server 2003 SP2, Vista Sp2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8, Windows 8.1, Server 2012 or Server 2012 R2 and is prone to denial of service vulnerability. A flaw is present in the application, which fails to properly ha ... oval:org.secpod.oval:def:40922 An elevation of privilege vulnerability exists when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or ... oval:org.secpod.oval:def:40923 An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. An authenticated attacker could exploit this vulnerability by runnin ... oval:org.secpod.oval:def:40928 The host is missing security update for KB4021903 oval:org.secpod.oval:def:40929 The host is missing security update for KB4021923 oval:org.secpod.oval:def:49743 The host is missing an important security update for KB4471319 oval:org.secpod.oval:def:15970 The host is missing a critical security update according to Microsoft security bulletin, MS13-089. The update is required to fix remote code execution vulnerability. The flaw is present in Windows GDI, which fails to handle a specially crafted Windows Write file in WordPad. Successful exploitation a ... oval:org.secpod.oval:def:40931 The host is missing security update for KB4022010 oval:org.secpod.oval:def:49749 The host is missing an important security update for KB4471325 oval:org.secpod.oval:def:40932 The host is missing security update for KB4022013 oval:org.secpod.oval:def:40930 The host is missing security update for KB4022008 oval:org.secpod.oval:def:15969 The host is installed with Microsoft Windows XP SP2, Windows XP SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 or Windows Server 2012 R2 and is prone to remote code execution vulnerability. A flaw is prese ... oval:org.secpod.oval:def:15967 The host is missing an important security update according to Microsoft bulletin, MS13-095. The update is required to fix denial of service vulnerability. A flaw is present in the application, which fails to properly handle a specially crafted X.509 certificate. Successful exploitation allows attack ... oval:org.secpod.oval:def:40942 The host is missing security update for KB4022887 oval:org.secpod.oval:def:40940 The host is missing security update for KB4022883 oval:org.secpod.oval:def:49764 The host is missing a critical security update 4470500 oval:org.secpod.oval:def:49774 The host is missing a critical security update 4470640 oval:org.mitre.oval:def:11574 Use-after-free vulnerability in Microsoft Internet Explorer 6, 7, and 8 allows remote attackers to execute arbitrary code via vectors related to Cascading Style Sheets (CSS) token sequences and the clip attribute, aka an "invalid flag reference" issue or "Uninitialized Memory Corruption Vulnerabilit ... oval:org.secpod.oval:def:57321 The host is missing an important security update for KB4507414 oval:org.secpod.oval:def:57316 The host is missing an important security update for KB4507423 oval:org.secpod.oval:def:15999 The host is missing a critical security update according to Microsoft bulletin, MS13-090. The update is required to fix remote code execution vulnerability. A flaw is present in the application, which fails to handle InformationCardSigninHelper Class ActiveX control. Successful exploitation allows a ... oval:org.secpod.oval:def:15982 The host is installed with Microsoft Internet Explorer 6, 7, 8, 9 or 10 and is prone to a information disclosure vulnerability. The flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to bypass the Same Origin Policy and obtain sensit ... oval:org.secpod.oval:def:15983 The host is installed with Microsoft Internet Explorer 6, 7 or 8 and is prone to a information disclosure vulnerability. The flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to read content from a different domain or zone via craft ... oval:org.secpod.oval:def:15984 The host is installed with Microsoft Internet Explorer 6, 7, 8 or 9 and is prone to a memory corruption vulnerability. The flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to crash the service. oval:org.secpod.oval:def:38616 The host is installed with Microsoft Windows Vista SP2, Server 2008 SP2, Windows 7 SP1 or Server 2008 R2 SP1 and is prone to a denial of service vulnerability. A flaw is present in the Windows Local Security Authority Subsystem Service, which improperly handles specially crafted authentication reque ... oval:org.secpod.oval:def:38617 The host is missing an important update according to Microsoft bulletin, MS17-004. The update is required to fix a denial of service vulnerability. A flaw is present in the Windows Local Security Authority Subsystem Service, which improperly handles specially crafted authentication request. An attac ... oval:org.secpod.oval:def:15998 The host is installed with Microsoft Windows XP SP3, Server 2003 SP2, Vista Sp2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8, Windows 8.1, Server 2012 or Server 2012 R2 and is prone to remote code execution vulnerability. A flaw is present in the application, which fails to handle ... oval:org.secpod.oval:def:40910 An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory.To exploit this vulnerability, an authenticated attacker could run a specially crafted application. An attacker who successfully exploited this vulnerability could obtain information to fu ... oval:org.secpod.oval:def:40917 An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory.To exploit this vulnerability, an authenticated attacker could run a specially crafted application. An attacker who successfully exploited this vulnerability could obtain information to fu ... oval:org.secpod.oval:def:2353 The host is missing a important security update according to Microsoft security bulletin, MS09-026. The update is required to fix privilege escalation vulnerability. A flaw is present in the Windows RPC. The RPC Marshalling Engine fails to update its internal state appropriately. Successful exploita ... oval:org.mitre.oval:def:11994 Microsoft Internet Explorer 6, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability ... oval:org.secpod.oval:def:53 The host is installed with Microsoft Windows Fax Services Cover Page Editor and is prone to heap-based buffer overflow vulnerability. The flaw is present in the CDrawPoly::Serialize function in fxscover.exe. Successful exploitation allows remote attackers to execute arbitrary code via a long record ... oval:org.secpod.oval:def:57305 An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or ... oval:org.mitre.oval:def:6150 The operating system installed on the system is Microsoft Windows Server 2008 Itanium Edition Service Pack 2 oval:org.secpod.oval:def:63182 The host is missing an important security update for KB4556854 oval:org.secpod.oval:def:63186 The host is missing a critical security update for KB4556860 oval:org.secpod.oval:def:16013 The host is installed with Microsoft Windows XP SP2, SP3, Server 2003 SP2, Vista SP1, SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8, Windows 8.1, Server 2012 or Server 2012 R2 and is prone to security feature bypass vulnerability. A flaw is present in the application, which fail ... oval:org.secpod.oval:def:16014 The host is missing an important security update according to Microsoft advisory, 2862152. The update is required to fix security feature bypass vulnerability. A flaw is present in the application, which fails to properly handle a DirectAccess server. Successful exploitation allows the attacker to s ... oval:org.secpod.oval:def:14298 The host is installed with Microsoft Internet Explorer 6, 7, 8, 9 or 10 and is prone to a cross-site scripting vulnerability. A flaw is present in the application, which fails to properly process a HTML webpage. Successful exploitation could allow attackers to inject arbitrary web script or HTML via ... oval:org.secpod.oval:def:14295 The host is installed with Microsoft Internet Explorer 7, 8, 9 or 10 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly process a webpage. Successful exploitation could allow attackers to execute arbitrary code or cause a denial of servic ... oval:org.secpod.oval:def:14293 The host is installed with Microsoft Internet Explorer 6, 7, 8, 9 or 10 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly process a webpage. Successful exploitation could allow attackers to execute arbitrary code or cause a denial of ser ... oval:org.secpod.oval:def:38295 The host is installed with Microsoft Windows Vista SP2, Server 2008 SP2, Windows 7 SP1 or Server 2008 R2 SP1 and is prone to an information disclosure vulnerability. A flaw is present in the windows GDI component, which improperly discloses the contents of its memory. An attacker who successfully ex ... oval:org.secpod.oval:def:40533 An information disclosure vulnerability exists in the way some ActiveX objects are instantiated. An attacker who successfully exploited this vulnerability could gain access to protected memory contents.To exploit this vulnerability, an attacker would need to convince a user to open a malicious docum ... oval:org.secpod.oval:def:40534 The host is missing security updates for KB4018927. oval:org.mitre.oval:def:12279 Use-after-free vulnerability in Microsoft Internet Explorer 6, 7, and 8 allows remote attackers to execute arbitrary code via vectors related to Cascading Style Sheets (CSS) token sequences and the clip attribute, aka an "invalid flag reference" issue or "Uninitialized Memory Corruption Vulnerabilit ... oval:org.secpod.oval:def:40966 A remote code execution vulnerability exists due to the way Windows Uniscribe handles objects in memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts ... oval:org.secpod.oval:def:14288 The host is installed with Microsoft Internet Explorer 6, 7, 8, 9 or 10 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly process a webpage. Successful exploitation could allow attackers to execute arbitrary code or cause a denial of ser ... oval:org.secpod.oval:def:14289 The host is installed with Microsoft Internet Explorer 7 or 8 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly process a webpage. Successful exploitation could allow attackers to execute arbitrary code or cause a denial of service via a ... oval:org.secpod.oval:def:14287 The host is installed with Microsoft Internet Explorer 6, 7, 8 or 9 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly process a webpage. Successful exploitation could allow attackers to execute arbitrary code or cause a denial of service ... oval:org.secpod.oval:def:40970 An information disclosure vulnerability exists when Windows Uniscribe improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit the vulne ... oval:org.secpod.oval:def:14281 The host is missing a critical security update according to Microsoft security bulletin, MS13-055. The update is required to fix multiple remote code execution vulnerabilities. The flaws are present in the application, which fails to properly handle crafted webpage. Successful exploitation could all ... oval:org.secpod.oval:def:14282 The host is installed with Microsoft Internet Explorer 7, 8, 9 or 10 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly process a web script. Successful exploitation could allow attackers to execute arbitrary code or cause a denial of ser ... oval:org.secpod.oval:def:40502 The host is missing security updates for KB4018466. oval:org.secpod.oval:def:40503 The host is missing security updates for KB4019204. oval:org.secpod.oval:def:40507 The host is missing security updates for KB4018885. oval:org.secpod.oval:def:40504 The host is missing security updates for KB4018556. oval:org.secpod.oval:def:40505 The host is missing security updates for KB4019149. oval:org.secpod.oval:def:40508 The host is missing security updates for KB4019206. oval:org.secpod.oval:def:40509 The host is missing security updates for KB4018821. oval:org.mitre.oval:def:12322 Microsoft Internet Explorer 6, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "HTML Element Memory Corruption Vulnerability. ... oval:org.secpod.oval:def:15642 The host is installed with Microsoft Internet Explorer 6, 7, 8, 9 or 10 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to crash the service. oval:org.secpod.oval:def:16977 The host is installed with Microsoft Windows XP, Server 2003, Server 2008, Server 2008 R2, Windows Vista, Windows 7, Server 2012, Server 2012 R2, Windows 8 or Windows 8.1 and is prone to an elevation of privilege vulnerability. A flaw is present in the application, which fails to properly handle obj ... oval:org.secpod.oval:def:14313 The host is installed with Microsoft Windows Vista, Windows XP, Windows Server 2003, Windows Server 2008, Windows Server 2008 R2, Windows 7, Windows 8 or Windows Server 2012 and is prone to a elevation of privilege vulnerability. The flaw is present in the application, which fails to properly handl ... oval:org.secpod.oval:def:15651 The host is missing a critical security update according to Microsoft security bulletin, MS13-080. The update is required to fix multiple memory corruption vulnerabilities. The flaw are present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to c ... oval:org.secpod.oval:def:14325 Microsoft .NET Framework 2.0 SP2, 3.5.1, 4 or 4.5 on 64-bit platforms and is prone to array allocation vulnerability. A flaw is present in the application, which fails to properly allocate arrays of structures. Successful exploitation allows attackers to execute arbitrary code. oval:org.secpod.oval:def:16988 The host is installed with Internet Explorer 6 through 8 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle objects in memory. Successful exploitation could allow attackers to gain the same user rights as the current user or execut ... oval:org.secpod.oval:def:14326 The host is installed with Microsoft .NET Framework 2.0 SP2, 3.5.1, 4 or 4.5 and is prone to anonymous method injection vulnerability. A flaw is present in the application, which fails to properly check the permissions of objects that use reflection. Successful exploitation allows attackers to execu ... oval:org.secpod.oval:def:16987 The host is installed with Internet Explorer 6 through 8 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle objects in memory. Successful exploitation could allow attackers to gain the same user rights as the current user or execut ... oval:org.secpod.oval:def:14324 The host is installed with Microsoft .NET Framework 2.0 SP2, 3.5.1, 4 or 4.5 and is prone to delegate serialization vulnerability. A flaw is present in the application, which fails to properly check the permissions of delegate objects. Successful exploitation allows attackers to execute arbitrary co ... oval:org.secpod.oval:def:61944 The host is missing a security update 4541504 oval:org.secpod.oval:def:61943 The host is missing an important security update for KB4541506 oval:org.secpod.oval:def:16979 The host is missing an important security update according to Microsoft security bulletin, MS14-015. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to properly handle objects in memory. Successful exploitation could allow attackers to di ... oval:org.secpod.oval:def:16978 The host is installed with Microsoft Windows XP, Server 2003, Server 2008, Server 2008 R2, Windows Vista, Windows 7, Server 2012, Server 2012 R2, Windows 8 or Windows 8.1 and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to properly handle obj ... oval:org.secpod.oval:def:616 The host is missing a critical security update according to Microsoft Security Advisory, 2718704. The update is required to fix spoofing vulnerability. A flaw is present in the application, which fails to properly handle authorization of digital certificates. Successful exploitation could allow atta ... oval:org.mitre.oval:def:6227 The RPC Marshalling Engine (aka NDR) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 does not properly maintain its internal state, which allows remote attackers to overwrite arbitrary memory locations via a crafted RPC message that trigg ... oval:org.mitre.oval:def:11853 Race condition in Microsoft Internet Explorer 6, 7, and 8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via vectors related to an object in memory, aka "Race Condition Memory Corruption Vulnerability." oval:org.mitre.oval:def:6287 The Windows Print Spooler in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 allows remote authenticated users to gain privileges via a crafted RPC message that triggers loading of a DLL file from an arbitrary directory, aka "Print Spooler L ... oval:org.mitre.oval:def:7127 Stack consumption vulnerability in the ASP implementation in Microsoft Internet Information Services (IIS) 5.1, 6.0, 7.0, and 7.5 allows remote attackers to cause a denial of service (daemon outage) via a crafted request, related to asp.dll, aka "IIS Repeated Parameter Request Denial of Service Vuln ... oval:org.mitre.oval:def:11832 Microsoft Internet Explorer 6, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "HTML Layout Memory Corruption Vulnerability." oval:org.secpod.oval:def:8180 The host is installed with Microsoft Windows XP SP2 or SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2 or R2 SP1, Windows 7 or SP1, Windows 8 or Windows Server 2012 and is prone to remote code execution vulnerability. A flaw is present in Windows DirectPlay, which fails ... oval:org.secpod.oval:def:8181 The host is missing an important security update according to Microsoft bulletin, MS12-082. The update is required to fix remote code execution vulnerability. A flaw is present in Windows DirectPlay, which fails to properly handle specially crafted office documents. Successful exploitation allows at ... oval:org.secpod.oval:def:8192 The host is installed with Windows XP, Windows Vista, Windows Server 2008,Windows Server 2008 R2, Windows Server 2003 or Windows 7 and is prone to remote code execution vulnerabilities. The flaws are present in the Windows kernel, which fails to handle a specially crafted TrueType font file. Success ... oval:org.secpod.oval:def:8193 The host is installed with Internet Explorer 6, 7, 8, 9 or 10 and is prone to an InjectHTMLStream use-after-free vulnerability. A flaw is present in the application, which fails to handle a deleted object. Successful exploitation could allow attackers to execute arbitrary code. oval:org.secpod.oval:def:57910 An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delet ... oval:org.mitre.oval:def:7170 vbscript.dll in VBScript 5.1, 5.6, 5.7, and 5.8 in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2, when Internet Explorer is used, allows user-assisted remote attackers to execute arbitrary code by referencing a (1) local pathname, (2) UNC share pathname, or (3) WebDAV server with a ... oval:org.secpod.oval:def:2047 The host is missing a critical security update according to Microsoft security bulletin, MS10-070. The update is required to fix information disclosure vulnerability. A flaw is present in ASP.NET (.Net Framework) encryption implementation in IIS, which fails to evaluate generated error codes during ... oval:org.secpod.oval:def:31750 The host is missing an important security update according to Microsoft security bulletin, MS15-126. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle a crafted website. An attacker who successfully exploited the vulnerability cou ... oval:org.secpod.oval:def:57940 The host is missing an important security update for KB4512476 oval:org.mitre.oval:def:7158 The design of the W3C XML Signature Syntax and Processing (XMLDsig) recommendation, as implemented in products including (1) the Oracle Security Developer Tools component in Oracle Application Server 10.1.2.3, 10.1.3.4, and 10.1.4.3IM; (2) the WebLogic Server component in BEA Product Suite 10.3, 10. ... oval:org.secpod.oval:def:57931 A memory corruption vulnerability exists in the Windows Server DHCP service when an attacker sends specially crafted packets to a DHCP server. An attacker who successfully exploited the vulnerability could run arbitrary code on the DHCP server.To exploit the vulnerability, an attacker could send a s ... oval:org.secpod.oval:def:57938 An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system.To exploit this vulnerability, an attacker would have to log on to an ... oval:org.secpod.oval:def:57950 The host is missing an important security update for KB4512491 oval:org.secpod.oval:def:63795 The host is missing an important security update for KB4561670 oval:org.secpod.oval:def:2034 The host is missing a critical security update according to Microsoft security bulletin, MS10-022. The update is required to fix remote code execution vulnerability. A flaw is present in VBScript engine, which fails to process WIndows help files in protected mode. User is forced to press the F1 key ... oval:org.secpod.oval:def:16188 The host is installed with Microsoft Internet Explorer 6, 7, 8 or 9 and is prone to remote code execution vulnerability. A flaw is present in the application, which fails to handle an object in memory. Successful exploitation allows attackers to execute arbitrary code in the context of the current u ... oval:org.secpod.oval:def:57903 An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise a users system.There are multiple ways an attacker could exploit the ... oval:org.secpod.oval:def:15663 The host is installed with .Net framework 2.0, 3.5.1, 4.0 or 4.5 and is prone to an entity expansion vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to crash the service. oval:org.secpod.oval:def:15664 The host is installed with .Net framework 2.0, 3.5.1, 4.0 or 4.5 and is prone to a JSON parsing vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to crash the service. oval:org.secpod.oval:def:15661 The host is missing a critical security update, according to Microsoft bulletin MS13-082. The update is required to fix multiple remote code execution vulnerabilities. The flaws are present in the application, which fails to handle crafted OpenType font (OTF) file. Successful exploitation could allo ... oval:org.secpod.oval:def:15662 The host is installed with .Net framework 3.0, 3.5.1, 4.0 or 4.5 and is prone to an openType font parsing vulnerability. A flaw is present in the application, which fails to handle a crafted OTF file. Successful exploitation could allow attackers to take complete control of an affected system. oval:org.secpod.oval:def:14327 The host is installed with Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5.1, 4 or 4.5 and is prone to delegate reflection bypass vulnerability. A flaw is present in the application, which fails to properly check the permissions of objects that use reflection. Successful exploitation allows ... oval:org.secpod.oval:def:63791 The host is missing a security update 4561645 oval:org.secpod.oval:def:31728 The host is installed with Internet Explorer 7 or 8 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly access objects in memory. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current u ... oval:org.secpod.oval:def:31729 The host is installed with Internet Explorer 7 or 8 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly access objects in memory. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current u ... oval:org.secpod.oval:def:7328 The host is missing a critical security update according to Microsoft Security Advisory, 2749655. The update is required to fix compatibility issues. An issue is present in the specific digital certificates, which fail to handle proper timestamp attributes. This issue could adversely impact the abil ... oval:org.secpod.oval:def:31702 The host is installed with Microsoft Vista SP2, Server 2008 SP2, Windows 7 SP1 or Server 2008 R2 SP1and is prone to a remote code execution vulnerability. A flaw is present in the application, which fails to properly validate input before loading libraries. Successful exploitation could allow attack ... oval:org.mitre.oval:def:5850 Unspecified vulnerability in the Load method in the IPersistStreamInit interface in the Active Template Library (ATL), as used in the Microsoft Video ActiveX control in msvidctl.dll in DirectShow, in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 20 ... oval:org.secpod.oval:def:2585 The host is missing a critical security update according to Microsoft security bulletin, MS10-060. The update is required to fix code execution vulnerability. A flaw is present in the CLR Virtual Method (CLR) in Microsoft .NET Framework, which fails to handle interfaces and delegations to virtual me ... oval:org.mitre.oval:def:6363 Stack-based buffer overflow in the CComVariant::ReadFromStream function in the Active Template Library (ATL), as used in the MPEG2TuneRequest ActiveX control in msvidctl.dll in DirectShow, in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold ... oval:org.secpod.oval:def:16196 The host is installed with Microsoft Windows XP SP2, SP3, Server 2003 SP2, Vista SP2, Server 2008 SP2, Server 2008 R2 SP2, Windows 7 SP1, Windows Server 2012 or Windows 8 and is prone to denial of service vulnerability. The flaw is present in the application, which fails to properly handle objects i ... oval:org.secpod.oval:def:16190 The host is installed with Microsoft Internet Explorer 7 and is prone to remote code execution vulnerability. A flaw is present in the application, which fails to handle an object in memory. Successful exploitation allows attackers to execute arbitrary code in the context of the current user. oval:org.secpod.oval:def:30013 The host is missing a critical security update according to Microsoft bulletin, MS15-108. The update is required to fix multiple vulnerabilities. The flaws are present in the applications, which fail to handle objects in memory. An attacker who successfully exploited the vulnerabilities could gain t ... oval:org.mitre.oval:def:11730 Microsoft XML Core Services (aka MSXML) 3.0 does not properly handle HTTP responses, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted response, aka "Msxml2.XMLHTTP.3.0 Response Handling Memory Corruption Vulnerability." oval:org.secpod.oval:def:64257 The host is missing a critical security update for KB4566520 oval:org.secpod.oval:def:14823 The host is installed with Internet Explorer 6, 7, 8, 9 or 10 and is prone to cross-site-scripting (XSS) vulnerability. A flaw is present in the application, which fails to properly handle certain character sequences. Successful exploitation allows attackers to perform cross-site scripting attacks. oval:org.secpod.oval:def:64262 The host is missing a critical security update for KB4566469 oval:org.secpod.oval:def:2534 The host is installed with Microsoft Internet Explorer 6,7,8 or 9 and is prone to a remote code execution vulnerability. A flaw is present in the applications, which fail to properly handle a virtual function table after it has been corrupted. Successful exploitation could allow an attacker to execu ... oval:org.secpod.oval:def:2533 The host is installed with Microsoft Internet Explorer 6,7,8 or 9 and is prone to a remote code execution vulnerability. A flaw is present in the applications, which fail to properly handle deleted elements. Successful exploitation could allow an attacker to execute arbitrary code. oval:org.secpod.oval:def:2535 The host is missing a critical security update according to MS11-081. The update is required to fix multiple remote code execution vulnerabilities. The flaws are present in the applications, which fail to handle specially crafted webpage. Successful exploitation could allow attackers to gain same us ... oval:org.secpod.oval:def:14814 The host is installed with Internet Explorer 7, 8, 9 or 10 and is prone to memory corruption vulnerability. A flaw is present in the application, which fails to properly access an object in memory. Successful exploitation allows attackers to execute arbitrary code in the context of the current user. oval:org.secpod.oval:def:14815 The host is installed with Internet Explorer 6, 7, 8, 9 or 10 and is prone to memory corruption vulnerability. A flaw is present in the application, which fails to properly access an object in memory. Successful exploitation allows attackers to execute arbitrary code in the context of the current us ... oval:org.secpod.oval:def:39379 An information disclosure vulnerability exists when Windows Uniscribe improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit the vulne ... oval:org.secpod.oval:def:39370 A remote code execution vulnerability exists due to the way Windows Uniscribe handles objects in memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts ... oval:org.secpod.oval:def:39371 A remote code execution vulnerability exists due to the way Windows Uniscribe handles objects in memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts ... oval:org.secpod.oval:def:39372 A remote code execution vulnerability exists due to the way Windows Uniscribe handles objects in memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts ... oval:org.secpod.oval:def:39373 A remote code execution vulnerability exists due to the way Windows Uniscribe handles objects in memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts ... oval:org.secpod.oval:def:39374 A remote code execution vulnerability exists due to the way Windows Uniscribe handles objects in memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts ... oval:org.secpod.oval:def:39375 A remote code execution vulnerability exists due to the way Windows Uniscribe handles objects in memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts ... oval:org.secpod.oval:def:39376 A remote code execution vulnerability exists due to the way Windows Uniscribe handles objects in memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts ... oval:org.secpod.oval:def:39360 An elevation of privilege vulnerability exists when the Windows Kernel API improperly handles registry objects in memory. An attacker who successfully exploited the vulnerability could gain elevated privileges on a targeted system. A locally authenticated attacker could exploit this vulnerability by ... oval:org.secpod.oval:def:64355 The host is missing a critical security update for KB4565536 oval:org.secpod.oval:def:41236 The host is missing a security update KB4026061 oval:org.secpod.oval:def:39359 An elevation of privilege vulnerability exists when the Windows Transaction Manager improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context.In a local attack scenario, an attacker could exploit this vulnerability by r ... oval:org.secpod.oval:def:41247 The host is missing a security update 4022748 oval:org.secpod.oval:def:15397 The host is installed with Internet Explorer 7, 8, 9 or 10 and is prone to memory corruption vulnerability. The flaw is present in the application, which fails to properly handle crafted webpage. Successful exploitation allows attackers to execute arbitrary code and gain the user rights as the curre ... oval:org.secpod.oval:def:41244 The host is missing a security update KB4026059 oval:org.secpod.oval:def:15398 The host is installed with Internet Explorer 6, 7 or 8 and is prone to memory corruption vulnerability. The flaw is present in the application, which fails to properly handle crafted webpage. Successful exploitation allows attackers to execute arbitrary code and gain the user rights as the current u ... oval:org.secpod.oval:def:41245 The host is missing a security update KB4025409 oval:org.secpod.oval:def:41248 The host is missing a security update KB4025877 oval:org.secpod.oval:def:15392 The host is missing a critical security update according to Microsoft bulletin, MS13-069. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to properly access an object in memory. Successful exploitation allows attackers to execute arbitrar ... oval:org.secpod.oval:def:41253 The host is missing a security update KB4025674 oval:org.secpod.oval:def:41254 The host is missing a security update KB4022914 oval:org.secpod.oval:def:64353 The host is missing a critical security update 4565529 oval:org.secpod.oval:def:41653 An information disclosure vulnerability exists when the Volume Manager Extension Driver component improperly provides kernel information. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system.To exploit this vulnerability, an attacke ... oval:org.secpod.oval:def:41655 A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploits exploited this vulnerability would gain code execution on the target system. Users whose accounts are configured to have fewer user ri ... oval:org.secpod.oval:def:41668 The host is missing a security update 4034744 oval:org.secpod.oval:def:49155 The host is missing an important security update for KB4467700 oval:org.secpod.oval:def:41671 The host is missing a security update 4035055 oval:org.secpod.oval:def:41672 The host is missing a security update 4035056 oval:org.secpod.oval:def:49159 The host is missing an important security update for KB4467706 oval:org.secpod.oval:def:41675 The host is missing a security update 4034775 oval:org.secpod.oval:def:41676 The host is missing a security update 4035679 oval:org.secpod.oval:def:41673 The host is missing a security update 4034034 oval:org.secpod.oval:def:41674 The host is missing a security update 4022750 oval:org.secpod.oval:def:39391 An information disclosure vulnerability exists when Windows Uniscribe improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit the vulne ... oval:org.secpod.oval:def:39392 An information disclosure vulnerability exists when Windows Uniscribe improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit the vulne ... oval:org.secpod.oval:def:39393 An information disclosure vulnerability exists when Windows Uniscribe improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit the vulne ... oval:org.secpod.oval:def:39394 An information disclosure vulnerability exists when Windows Uniscribe improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit the vulne ... oval:org.secpod.oval:def:39395 An information disclosure vulnerability exists when Windows Uniscribe improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit the vulne ... oval:org.secpod.oval:def:39396 An information disclosure vulnerability exists when Windows Uniscribe improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit the vulne ... oval:org.secpod.oval:def:39397 An information disclosure vulnerability exists when Windows Uniscribe improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit the vulne ... oval:org.secpod.oval:def:39390 An information disclosure vulnerability exists when Windows Uniscribe improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit the vulne ... oval:org.secpod.oval:def:39388 An information disclosure vulnerability exists when Windows Uniscribe improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit the vulne ... oval:org.secpod.oval:def:39389 An information disclosure vulnerability exists when Windows Uniscribe improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit the vulne ... oval:org.secpod.oval:def:41685 The host is missing a security update 4034745 oval:org.secpod.oval:def:39380 An information disclosure vulnerability exists when Windows Uniscribe improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit the vulne ... oval:org.secpod.oval:def:39381 An information disclosure vulnerability exists when Windows Uniscribe improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit the vulne ... oval:org.secpod.oval:def:39382 An information disclosure vulnerability exists when Windows Uniscribe improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit the vulne ... oval:org.secpod.oval:def:39383 An information disclosure vulnerability exists when Windows Uniscribe improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit the vulne ... oval:org.secpod.oval:def:39384 An information disclosure vulnerability exists when Windows Uniscribe improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit the vulne ... oval:org.secpod.oval:def:39385 An information disclosure vulnerability exists when Windows Uniscribe improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit the vulne ... oval:org.secpod.oval:def:39386 An information disclosure vulnerability exists when Windows Uniscribe improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit the vulne ... oval:org.secpod.oval:def:39387 An information disclosure vulnerability exists when Windows Uniscribe improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit the vulne ... oval:org.secpod.oval:def:39778 An elevation of privilege vulnerability exists in Windows when the Microsoft Graphics Component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or del ... oval:org.mitre.oval:def:12055 Microsoft Internet Explorer 6, 7, and 8 does not prevent rendering of cached content as HTML, which allows remote attackers to access content from a different (1) domain or (2) zone via unspecified script code, aka "Cross-Domain Information Disclosure Vulnerability," a different vulnerability than C ... oval:org.secpod.oval:def:49113 An elevation of privilege vulnerability exists when Windows improperly handles calls to Win32k.sys. An attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the local system. An attacker could then install programs; view, change, or delete data; ... oval:org.mitre.oval:def:12033 The Common Language Runtime (CLR) in Microsoft .NET Framework 2.0 SP1, 2.0 SP2, 3.5, 3.5 SP1, and 3.5.1, and Microsoft Silverlight 2 and 3 before 3.0.50611.0 on Windows and before 3.0.41130.0 on Mac OS X, does not properly handle interfaces and delegations to virtual methods, which allows remote att ... oval:org.secpod.oval:def:62565 The host is missing a critical security update for KB4550957 oval:org.secpod.oval:def:62564 The host is missing a critical security update for KB4550951 oval:org.secpod.oval:def:16211 The host is missing a critical security update according to Microsoft security bulletin, MS13-099. The update is required to fix remote code execution vulnerability. The flaw is present in Microsoft Scripting Runtime Object Library, which fails to handle a website that hosts specially crafted conten ... oval:org.secpod.oval:def:16210 The host is installed with Microsoft Windows XP SP2, Windows XP SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 or Windows Server 2012 R2 and is prone to use after free vulnerability. A flaw is present in th ... oval:org.secpod.oval:def:30963 The host is missing an important security update according to Microsoft security bulletin, MS15-117. The update is required to fix an elevation of privilege vulnerability. A flaw is present in the application, which fails to properly check the length of a buffer prior to copying memory into it. Succ ... oval:org.secpod.oval:def:30962 The host is installed with Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1 or Windows 7 SP1 and is prone to an elevation of privilege vulnerability. A flaw is present in the application, which fails to properly check the length of a buffer prior to copying memory into it. Successful ... oval:org.secpod.oval:def:30968 The host is installed with Microsoft Windows Server 2008, 2008 R2, 2012, 2012 R2, Windows 7, 8 or 8.1 and is prone to a tls triple handshake vulnerability. A flaw is present in the application, which fails to properly extend master secret binding support to all supported version of TLS. Successful e ... oval:org.secpod.oval:def:30969 The host is missing an important security update according to Microsoft security bulletin, MS15-121. The update is required to fix a tls triple handshake vulnerability. A flaw is present in the application, which fails to properly extend master secret binding support to all supported version of TLS. ... oval:org.secpod.oval:def:39812 The host missing security update for KB4014793. oval:org.secpod.oval:def:2626 The host is missing a critical security update according to bulletin, MS08-078. The update is required to fix multiple remote code execution vulnerabilities. The flaw are present in the application, which fails to handle a specially crafted Web page. Successful exploitation could allow remote code e ... oval:org.secpod.oval:def:33236 The host is installed with Vista SP2, Server 2008 SP2, Windows 7 SP1 or Server 2008 R2 SP1 and is prone to an elevation of privilege vulnerability. A flaw is present in the Windows, which fails to properly sanitize handles in memory. An attacker who successfully exploited this vulnerability could ru ... oval:org.secpod.oval:def:39834 The host is missing security update for KB4015380. oval:org.secpod.oval:def:39835 The host is missing security update for KB4015068. oval:org.secpod.oval:def:26520 The host is installed with Internet Explorer 7 or 8 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly access objects in memory. Successful exploitation could allow attackers to execute arbitrary code in the context of the currently logge ... oval:org.secpod.oval:def:26507 The host is missing an important security update according to Microsoft bulletin, MS15-096. The update is required to fix a denial of service vulnerability. A flaw is present in an application, which fails to handle creation of multiple machine accounts. An attacker who successfully exploited this v ... oval:org.secpod.oval:def:26506 The host is installed with Microsoft Active Directory Services and is prone to a denial of service vulnerability. A flaw is present in an application, which fails to handle creation of multiple machine accounts. An attacker who successfully exploited this vulnerability could cause the Active Directo ... oval:org.secpod.oval:def:39814 The host is missing security update for KB4015195. This security update resolves multiple vulnerabilities in Microsoft windows that could allow attackers to execute arbitrary code in the context of the current user. oval:org.secpod.oval:def:39815 The host is missing security update for KB4015067. This security update resolves multiple vulnerabilities in Microsoft windows that could allow attackers to execute arbitrary code in the context of the current user. oval:org.mitre.oval:def:6007 Use-after-free vulnerability in mshtml.dll in Microsoft Internet Explorer 5.01, 6, and 7 on Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to execute arbitrary code via a crafted XML document containing nested SPAN elements, as exploited ... oval:org.mitre.oval:def:11606 The CTimeoutEventList::InsertIntoTimeoutList function in Microsoft mshtml.dll uses a certain pointer value as part of producing Timer ID values for the setTimeout and setInterval methods in VBScript and JScript, which allows remote attackers to obtain sensitive information about the heap memory addr ... oval:org.secpod.oval:def:2668 The host is missing a critical security update according to Microsoft security bulletin, MS10-014. The update is required to fix denial of service vulnerability. A flaw is present in the Kerberos server, which fails to handle Ticket-Granting-Ticket renewal requests by a client. Successful exploitati ... oval:org.secpod.oval:def:33235 The host is missing an important security update according to Microsoft bulletin, MS16-031. The update is required to fix an elevation of privilege vulnerability. A flaw is present in windows, which fails to properly sanitize handles in memory, certain scenarios involving junction and mount-point cr ... oval:org.secpod.oval:def:9294 The host is installed with Internet Explorer 6, 7, 8, 9 or 10 and is prone to an use after free vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to execute arbitrary code. oval:org.secpod.oval:def:9295 The host is installed with Internet Explorer 6, 7, 8, 9 and is prone to an use after free vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to execute arbitrary code. oval:org.secpod.oval:def:41268 The host is missing a security update KB4025240 oval:org.secpod.oval:def:41275 The host is missing a security update 4025497 oval:org.secpod.oval:def:33213 The host is installed with Microsoft Windows Vista SP2 or Windows Server 2008 SP2 and is prone to a remote code execution vulnerability. A flaw is present in the Windows, which fails to properly validate input before loading certain libraries. Successful exploitation could allow remote attackers to ... oval:org.secpod.oval:def:33212 The host is missing an important security update according to Microsoft security bulletin, MS16-025. The update is required to fix a remote code execution vulnerability. A flaw is present in the Windows, which fails to properly validate input before loading certain libraries. Successful exploitation ... oval:org.secpod.oval:def:9286 The host is installed with Internet Explorer 6, 7, 8 or 9 and is prone to an use after free vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to execute arbitrary code. oval:org.secpod.oval:def:9284 The host is installed with Internet Explorer 6, 7, 8, 9 or 10 and is prone to an use after free vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to execute arbitrary code. oval:org.secpod.oval:def:9285 The host is installed with Internet Explorer 6, 7, 8 or 9 and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to execute arbitrary code. oval:org.secpod.oval:def:61357 The host is missing a critical security update for KB4537822 oval:org.secpod.oval:def:61352 The host is missing an important security update for KB4537810 oval:org.secpod.oval:def:16176 The host is missing an important security update according to Microsoft security bulletin, MS13-098. The updated is required to fix a signature validation vulnerability. The flaw is present in WinVerifyTrust in the operating system, which fails to handle signature. Successful exploitation could allo ... oval:org.secpod.oval:def:15980 The host is missing a critical security update according to Microsoft security bulletin, MS13-088. The update is required to fix multiple memory corruption vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to ... oval:org.secpod.oval:def:15990 The host is installed with Microsoft Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. The flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to crash the service. oval:org.secpod.oval:def:15988 The host is installed with Microsoft Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. The flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to crash the service. oval:org.secpod.oval:def:15641 The host is installed with Microsoft Internet Explorer 6, 7, 8, 9 or 10 and is prone to a memory corruption vulnerability. A flaw is present in the applications, which fails to handle crafted data. Successful exploitation could allow attackers to crash the service. oval:org.secpod.oval:def:15650 The host is installed with Microsoft Internet Explorer 6, 7, 8, 9 or 10 and is prone to a memory corruption vulnerability. A flaw is present in the applications, which fails to handle crafted data. Successful exploitation could allow attackers to crash the service. oval:org.secpod.oval:def:16185 The host is installed with Microsoft Internet Explorer 7, 8, 9, 10 or 11 and is prone to elevation of privilege vulnerability. A flaw is present in the application, which fails to properly validate permissions. Successful exploitation allows attackers to gain elevation of privilege. oval:org.secpod.oval:def:16186 The host is installed with Microsoft Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to remote code execution vulnerability. A flaw is present in the application, which fails to handle an object in memory. Successful exploitation allows attackers to execute arbitrary code in the context of the c ... oval:org.secpod.oval:def:16771 The host is installed with Microsoft Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to memory corruption vulnerability. A flaw is present in the application, which fails to properly handle the access of an object in memory. Successful exploitation allows attackers to execute arbitrary code or c ... oval:org.secpod.oval:def:16781 The host is installed with Microsoft Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to memory corruption vulnerability. A flaw is present in the application, which fails to properly handle the access of an object in memory. Successful exploitation allows attackers to execute arbitrary code or c ... oval:org.secpod.oval:def:16780 The host is installed with Microsoft Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to memory corruption vulnerability. A flaw is present in the application, which fails to properly handle the access of an object in memory. Successful exploitation allows attackers to execute arbitrary code or c ... oval:org.secpod.oval:def:16757 The host is installed with VBScript engine 5.6, 5.7 or 5.8 or Microsoft Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to execute arbitra ... oval:org.secpod.oval:def:16762 The host is missing a critical security update according to Microsoft bulletin, MS14-010. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle certain vectors related to memory. Successful exploitation allows attackers to execute arb ... oval:org.secpod.oval:def:16984 The host is installed with Internet Explorer 6 through 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle objects in memory. Successful exploitation could allow attackers to gain the same user rights as the current user or execu ... oval:org.secpod.oval:def:16187 The host is installed with Microsoft Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to remote code execution vulnerability. A flaw is present in the application, which fails to handle an object in memory. Successful exploitation allows attackers to execute arbitrary code in the context of the c ... oval:org.secpod.oval:def:17002 The host is missing a critical security update according to Microsoft security bulletin, MS14-012. The update is required to fix multiple memory corruption vulnerabilities.The flaws are present in the application, which fails to properly handle objects in memory. Successful exploitation could allow ... oval:org.secpod.oval:def:16995 The host is installed with Internet Explorer 6 through 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle objects in memory. Successful exploitation could allow attackers to gain the same user rights as the current user or execu ... oval:org.secpod.oval:def:16990 The host is installed with Internet Explorer 6 through 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle objects in memory. Successful exploitation could allow attackers to gain the same user rights as the current user or execu ... oval:org.secpod.oval:def:16191 The host is missing a critical security update according to Microsoft bulletin, MS13-097. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to properly validate permissions and handle an object in memory. Successful exploitation allows atta ... oval:org.secpod.oval:def:19864 The host is installed with IE 6,7 or 8 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to gain the same user rights as the current user. oval:org.secpod.oval:def:18542 The host is missing a critical security update according to Microsoft bulletin, MS14-029. The update is required to fix remote code execution vulnerability. The flaws are present in the application, which fails to handle certain vectors related to memory. Successful exploitation allows attackers to ... oval:org.secpod.oval:def:18541 The host is installed with Microsoft Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to remote code execution vulnerability. A flaw is present in the application, which fails to properly handle the access of an object in memory. Successful exploitation allows attackers to execute arbitrary code ... oval:org.secpod.oval:def:18540 The host is installed with Microsoft Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to remote code execution vulnerability. A flaw is present in the application, which fails to properly handle the access of an object in memory. Successful exploitation allows attackers to execute arbitrary code ... oval:org.secpod.oval:def:19814 The host is installed with IE 6,7,8,9,10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to gain the same user rights as the current user. oval:org.secpod.oval:def:19815 The host is installed with IE 6,7,8,9,10 or 11 and is prone to a TLS server certificate renegotiation vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to gain the same user rights as the current user. oval:org.secpod.oval:def:19810 The host is installed with IE 6,7,8,9,10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to gain the same user rights as the current user. oval:org.secpod.oval:def:19811 The host is installed with IE 7,8,9,10 or 11 and is prone to an elevation of privilege vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to gain the same user rights as the current user. oval:org.secpod.oval:def:19809 The host is installed with IE 6,7,8,9,10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to gain the same user rights as the current user. oval:org.secpod.oval:def:19808 The host is missing a critical security update according to Microsoft security bulletin, MS14-035. The update is required to fix multiple vulnerabilities. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to gain the same user rig ... oval:org.secpod.oval:def:19858 The host is installed with IE 6 or 7 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to gain the same user rights as the current user. oval:org.secpod.oval:def:19859 The host is installed with IE 6,7 or 8 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to gain the same user rights as the current user. oval:org.secpod.oval:def:19822 The host is installed with IE 6,7,8,9,10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to gain the same user rights as the current user. oval:org.secpod.oval:def:19819 The host is installed with IE 6,7,8,9,10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to gain the same user rights as the current user. oval:org.secpod.oval:def:19837 The host is installed with IE 6,8,9,10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to gain the same user rights as the current user. oval:org.secpod.oval:def:19833 The host is installed with IE 7,8,9,10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to gain the same user rights as the current user. oval:org.secpod.oval:def:17397 The host is missing a critical security update according to Microsoft bulletin, MS14-018. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted website. Successful exploitation allows attacker to execute arbitrary code in the ... oval:org.secpod.oval:def:17396 The host is installed with Microsoft Internet Explorer 6, 7, 8 or 9 and is prone to memory corruption vulnerability. A flaw is present in the application, which fails to handle a crafted website. Successful exploitation allows attackers to execute arbitrary code in the context of the current user. oval:org.secpod.oval:def:17395 The host is installed with Microsoft Internet Explorer 6 or 7 and is prone to memory corruption vulnerability. A flaw is present in the application, which fails to handle a crafted website. Successful exploitation allows attackers to execute arbitrary code in the context of the current user. oval:org.secpod.oval:def:17584 The host is installed with Microsoft Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to memory corruption vulnerability. A flaw is present in the application, which fails to properly handle the access of an object in memory. Successful exploitation allows attackers to execute arbitrary code or c ... oval:org.secpod.oval:def:17583 The host is missing a critical security update according to Microsoft bulletin, MS14-021. The update is required to fix memory corruption vulnerability. The flaws are present in the application, which fails to handle certain vectors related to memory. Successful exploitation allows attackers to exec ... oval:org.secpod.oval:def:19842 The host is installed with IE 6,7,8,9,10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to gain the same user rights as the current user. oval:org.secpod.oval:def:19839 The host is installed with IE 6,7,8,9,10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to gain the same user rights as the current user. oval:org.secpod.oval:def:19849 The host is installed with IE 6,7,8,9,10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to gain the same user rights as the current user. oval:org.secpod.oval:def:20116 The host is installed with Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly access objects in memory. Successful exploitation could allow attackers to execute arbitrary code. oval:org.secpod.oval:def:20114 The host is installed with Internet Explorer 6, 7 or 8 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly access objects in memory. Successful exploitation could allow attackers to execute arbitrary code. oval:org.secpod.oval:def:20122 The host is installed with Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly access objects in memory. Successful exploitation could allow attackers to execute arbitrary code. oval:org.secpod.oval:def:20123 The host is installed with Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly access objects in memory. Successful exploitation could allow attackers to execute arbitrary code. oval:org.secpod.oval:def:20107 The host is installed with Internet Explorer 6 or 7 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly access objects in memory. Successful exploitation could allow attackers to execute arbitrary code. oval:org.secpod.oval:def:20104 The host is installed with Internet Explorer 7 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly access objects in memory. Successful exploitation could allow attackers to execute arbitrary code. oval:org.secpod.oval:def:20102 The host is installed with Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly access objects in memory. Successful exploitation could allow attackers to execute arbitrary code. oval:org.secpod.oval:def:20103 The host is installed with Internet Explorer 7, 8, 9, 10 or 11 and is prone to a Extended Validation (EV) certificate security feature bypass vulnerability. A flaw is present in the application , which force to prevent the use of wildcard certificates. Successful exploitation could allow attackers t ... oval:org.secpod.oval:def:20112 The host is installed with Internet Explorer 6 or 7 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly access objects in memory. Successful exploitation could allow attackers to execute arbitrary code. oval:org.secpod.oval:def:20125 The host is missing a critical security update according to Microsoft bulletin, MS14-037. The update is required to fix multiple memory corruption vulnerabilities. The flaws are present in the application, which fails to properly access objects in memory. Successful exploitation could allow attacker ... oval:org.secpod.oval:def:20798 The host is installed with Internet Explorer 7, 8, 9 or 10 and is prone to a memory corruption vulnerability. A flaw is present in the application , which fails to properly access objects in memory. Successful exploitation could allow attackers to execute arbitrary code. oval:org.secpod.oval:def:21390 The host is missing a critical security update according to Microsoft bulletin, MS14-056. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to properly access objects in memory or handle a crafted webpage. Successful exploitation could allo ... oval:org.secpod.oval:def:21379 The host is installed with Internet Explorer 6, 7, 8, 9 or 10 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle a crafted website. Successful exploitation could allow attackers to elevate privileges in affected versions of Internet Explore ... oval:org.secpod.oval:def:21380 The host is installed with Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle a crafted website. Successful exploitation could allow attackers to elevate privileges in affected versions of Internet Exp ... oval:org.secpod.oval:def:21385 The host is installed with Internet Explorer 6, 7 or 8 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle a crafted website. Successful exploitation could allow attackers to elevate privileges in affected versions of Internet Explorer. oval:org.secpod.oval:def:21386 The host is installed with Internet Explorer 6 or 7 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle a crafted website. Successful exploitation could allow attackers to elevate privileges in affected versions of Internet Explorer. oval:org.secpod.oval:def:21384 The host is installed with Internet Explorer 6 or 7 and is prone to a elevation of privilege vulnerability. A flaw is present in the application, which fails to handle a crafted website. Successful exploitation could allow attackers to elevate privileges in affected versions of Internet Explorer. oval:org.secpod.oval:def:21376 The host is installed with Internet Explorer 7, 8, 9, 10 or 11 and is prone to a elevation of privilege vulnerability. A flaw is present in the application, which fails to handle a crafted website. Successful exploitation could allow attackers to elevate privileges in affected versions of Internet E ... oval:org.secpod.oval:def:21377 The host is installed with Internet Explorer 7, 8, 9, 10 or 11 and is prone to a elevation of privilege vulnerability. A flaw is present in the application, which fails to handle a crafted website. Successful exploitation could allow attackers to elevate privileges in affected versions of Internet E ... oval:org.secpod.oval:def:21050 The host is installed with Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to a information disclosure vulnerability. A flaw is present in the application, which fails to handle a crafted website. Successful exploitation could allow attackers to detect anti-malware applications in use on a targe ... oval:org.secpod.oval:def:21057 The host is installed with Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which improperly accesses objects in memory. Successful exploitation could allow attackers to execute arbitrary code or cause a denial of service ... oval:org.secpod.oval:def:21058 The host is installed with Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which improperly accesses objects in memory. Successful exploitation could allow attackers to execute arbitrary code or cause a denial of service ... oval:org.secpod.oval:def:21055 The host is installed with Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which improperly accesses objects in memory. Successful exploitation could allow attackers to execute arbitrary code or cause a denial of service ... oval:org.secpod.oval:def:21056 The host is installed with Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which improperly accesses objects in memory. Successful exploitation could allow attackers to execute arbitrary code or cause a denial of service ... oval:org.secpod.oval:def:21053 The host is installed with Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which improperly accesses objects in memory. Successful exploitation could allow attackers to execute arbitrary code or cause a denial of service ... oval:org.secpod.oval:def:21054 The host is installed with Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which improperly accesses objects in memory. Successful exploitation could allow attackers to execute arbitrary code or cause a denial of service ... oval:org.secpod.oval:def:21051 The host is installed with Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which improperly accesses objects in memory. Successful exploitation could allow attackers to execute arbitrary code or cause a denial of service ... oval:org.secpod.oval:def:21052 The host is installed with Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which improperly accesses objects in memory. Successful exploitation could allow attackers to execute arbitrary code or cause a denial of service ... oval:org.secpod.oval:def:21086 The host is installed with Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which improperly accesses objects in memory. Successful exploitation could allow attackers to execute arbitrary code or cause a denial of service ... oval:org.secpod.oval:def:21087 The host is missing a critical security update according to Microsoft bulletin, MS14-052. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to properly access objects in memory or handle a crafted webpage. Successful exploitation could allo ... oval:org.secpod.oval:def:21070 The host is installed with Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which improperly accesses objects in memory. Successful exploitation could allow attackers to execute arbitrary code or cause a denial of service ... oval:org.secpod.oval:def:21078 The host is installed with Internet Explorer 6 through 8 and is prone to a memory corruption vulnerability. A flaw is present in the application, which improperly accesses objects in memory. Successful exploitation could allow attackers to execute arbitrary code or cause a denial of service. oval:org.secpod.oval:def:21075 The host is installed with Internet Explorer 6 through 10 and is prone to a memory corruption vulnerability. A flaw is present in the application, which improperly accesses objects in memory. Successful exploitation could allow attackers to execute arbitrary code or cause a denial of service. oval:org.secpod.oval:def:21059 The host is installed with Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which improperly accesses objects in memory. Successful exploitation could allow attackers to execute arbitrary code or cause a denial of service ... oval:org.secpod.oval:def:21060 The host is installed with Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which improperly accesses objects in memory. Successful exploitation could allow attackers to execute arbitrary code or cause a denial of service ... oval:org.secpod.oval:def:21061 The host is installed with Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which improperly accesses objects in memory. Successful exploitation could allow attackers to execute arbitrary code or cause a denial of service ... oval:org.secpod.oval:def:21068 The host is installed with Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which improperly accesses objects in memory. Successful exploitation could allow attackers to execute arbitrary code or cause a denial of service ... oval:org.secpod.oval:def:21069 The host is installed with Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which improperly accesses objects in memory. Successful exploitation could allow attackers to execute arbitrary code or cause a denial of service ... oval:org.secpod.oval:def:21066 The host is installed with Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which improperly accesses objects in memory. Successful exploitation could allow attackers to execute arbitrary code or cause a denial of service ... oval:org.secpod.oval:def:21067 The host is installed with Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which improperly accesses objects in memory. Successful exploitation could allow attackers to execute arbitrary code or cause a denial of service ... oval:org.secpod.oval:def:21064 The host is installed with Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which improperly accesses objects in memory. Successful exploitation could allow attackers to execute arbitrary code or cause a denial of service ... oval:org.secpod.oval:def:21065 The host is installed with Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which improperly accesses objects in memory. Successful exploitation could allow attackers to execute arbitrary code or cause a denial of service ... oval:org.secpod.oval:def:21062 The host is installed with Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which improperly accesses objects in memory. Successful exploitation could allow attackers to execute arbitrary code or cause a denial of service ... oval:org.secpod.oval:def:21063 The host is installed with Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which improperly accesses objects in memory. Successful exploitation could allow attackers to execute arbitrary code or cause a denial of service ... oval:org.secpod.oval:def:21574 The host is installed with Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle a crafted website. Successful exploitation could allow attackers to gain the same user rights as the current user. oval:org.secpod.oval:def:21573 The host is missing a critical security update according to Microsoft bulletin, MS14-065. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to properly access objects in memory or to handle a crafted webpage. Successful exploitation could a ... oval:org.secpod.oval:def:21587 The host is installed with Internet Explorer 7, 8, 9, 10 or 11 and is prone to a clipboard information disclosure vulnerability. A flaw is present in the application, which does not properly restrict access to the clipboard of a user who visits a website. Successful exploitation could allow attacker ... oval:org.secpod.oval:def:21578 The host is installed with Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle a crafted website. Successful exploitation could allow attackers to gain the same user rights as the current user. oval:org.secpod.oval:def:21577 The host is installed with Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to a cross-domain information disclosure vulnerability. A flaw is present in the application, which does not properly enforce cross-domain policies. Successful exploitation could allow an attacker to gain access to inform ... oval:org.secpod.oval:def:21866 The host is installed with Internet Explorer 6, 7 or 8 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle a crafted website. Successful exploitation could allow attackers to gain the same user rights as the current user. oval:org.secpod.oval:def:21871 The host is missing a critical security update according to Microsoft bulletin, MS14-080. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to properly handle a crafted website or crafted content. Successful exploitation could allow attacke ... oval:org.secpod.oval:def:21857 The host is installed with Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle a crafted website. Successful exploitation could allow attackers to gain the same user rights as the current user. oval:org.secpod.oval:def:21861 The host is installed with Internet Explorer 6 or 7 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle a crafted website. Successful exploitation could allow attackers to gain the same user rights as the current user. oval:org.secpod.oval:def:23508 The host is installed with Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle objects in memory. Successful exploitation could allow attackers to gain the same user rights as the current user. oval:org.secpod.oval:def:23505 The host is installed with Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle objects in memory. Successful exploitation could allow attackers to gain the same user rights as the current user. oval:org.secpod.oval:def:23504 The host is installed with Internet Explorer 6, 7, 8, 9 or 10 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle objects in memory. Successful exploitation could allow attackers to gain the same user rights as the current user. oval:org.secpod.oval:def:23503 The host is installed with Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle objects in memory. Successful exploitation could allow attackers to gain the same user rights as the current user. oval:org.secpod.oval:def:23500 The host is installed with Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle objects in memory. Successful exploitation could allow attackers to gain the same user rights as the current user. oval:org.secpod.oval:def:23539 The host is installed with Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to a cross-domain information disclosure vulnerability. A flaw is present in the application, which does not properly enforce cross-domain policies. Successful exploitation could allow an attacker to gain access to inform ... oval:org.secpod.oval:def:23534 The host is installed with Internet Explorer 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which does not properly validate permissions under specific conditions, potentially allowing script to be run with elevated privileges. Successful e ... oval:org.secpod.oval:def:23524 The host is installed with Internet Explorer 6, 7 or 8 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle objects in memory. Successful exploitation could allow attackers to gain the same user rights as the current user. oval:org.secpod.oval:def:23532 The host is installed with Internet Explorer 6, 7, 8 or 9 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle objects in memory. Successful exploitation could allow attackers to gain the same user rights as the current user. oval:org.secpod.oval:def:23530 The host is installed with Internet Explorer 6, 7 or 8 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle objects in memory. Successful exploitation could allow attackers to gain the same user rights as the current user. oval:org.secpod.oval:def:23515 The host is installed with Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle objects in memory. Successful exploitation could allow attackers to gain the same user rights as the current user. oval:org.secpod.oval:def:23513 The host is installed with Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle objects in memory. Successful exploitation could allow attackers to gain the same user rights as the current user. oval:org.secpod.oval:def:23512 The host is installed with Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle objects in memory. Successful exploitation could allow attackers to gain the same user rights as the current user. oval:org.secpod.oval:def:23520 The host is installed with Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle objects in memory. Successful exploitation could allow attackers to gain the same user rights as the current user. oval:org.secpod.oval:def:23789 The host is missing a critical security update according to Microsoft bulletin, MS15-018. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to properly handle a specially crafted webpage. Successful exploitation could allow attackers to gai ... oval:org.secpod.oval:def:23788 The host is installed with Internet Explorer 7, 8, 9, 10 or 11 and is prone to an elevation of privilege vulnerability. A flaw is present in the application, which does not properly enforce cross-domain policies. Successful exploitation could allow attackers to access information from one domain and ... oval:org.secpod.oval:def:23791 The host is missing a critical security update according to Microsoft security bulletin, MS14-084. The update is required to fix a memory corruption vulnerability. A flaw is present in the application, which fails to handle a crafted website. Successful exploitation could allow attackers to gain the ... oval:org.secpod.oval:def:23790 The host is installed with VBScript engine 5.6, 5.7 or 5.8 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle a crafted website. Successful exploitation could allow attackers to gain the same user rights as the current user. oval:org.secpod.oval:def:23779 The host is installed with Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle objects in memory. Successful exploitation could allow attackers to gain the same user rights as the current user. oval:org.secpod.oval:def:23778 The host is installed with Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle objects in memory. Successful exploitation could allow attackers to gain the same user rights as the current user. oval:org.secpod.oval:def:23498 The host is missing a critical security update according to Microsoft bulletin, MS15-009. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to properly handle a crafted website or objects in memory. Successful exploitation could allow attac ... oval:org.secpod.oval:def:24098 The host is installed with Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to an ASLR bypass vulnerability. A flaw is present in the application, which does not use the Address Space Layout Randomization (ASLR) security feature. Successful exploitation could allow attackers to bypass the Address ... oval:org.secpod.oval:def:24095 The host is installed with Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle objects in memory. Successful exploitation could allow attackers to gain the same user rights as the current user. oval:org.secpod.oval:def:24088 The host is missing a critical security update according to Microsoft bulletin, MS15-032. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to properly handle a specially crafted webpage. Successful exploitation could allow attackers to gai ... oval:org.secpod.oval:def:24089 The host is installed with Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle objects in memory. Successful exploitation could allow attackers to gain the same user rights as the current user. oval:org.secpod.oval:def:24315 The host is installed with Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which improperly accesses objects in memory. Successful exploitation could allow attackers to execute arbitrary code in the context of the curren ... oval:org.secpod.oval:def:24316 The host is installed with Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which improperly accesses objects in memory. Successful exploitation could allow attackers to execute arbitrary code in the context of the curren ... oval:org.secpod.oval:def:24317 The host is installed with Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to an elevation of privilege vulnerability. A flaw is present in the application, which does not properly validate permissions under specific conditions. Successful exploitation could allow attackers to elevate privileges ... oval:org.secpod.oval:def:24318 The host is installed with Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which improperly accesses objects in memory. Successful exploitation could allow attackers to execute arbitrary code in the context of the curren ... oval:org.secpod.oval:def:24314 The host is missing a critical security update according to Microsoft bulletin, MS15-043. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to properly handle a specially crafted webpage. Successful exploitation could allow attackers to gai ... oval:org.secpod.oval:def:24337 The host is installed with JScript and Vbscript 5.6 or 5.7 or 5.8 scripting engines and is prone to ASLR bypass vulnerability. A flaw is present in the application, which fails to handle a crafted website. Successful exploitation could allow attackers to execute remote code on a target system. oval:org.secpod.oval:def:24335 The host is missing an important security update according to Microsoft bulletin, MS15-053. The update is required to fix ASLR bypass vulnerability. The flaws are present in the application, which fails to handle a crafted website. Successful exploitation could allow attackers to execute remote code ... oval:org.secpod.oval:def:24336 The host is installed with VBScript engine 5.6, 5.7 or 5.8 and is prone to a ASLR vulnerability. A flaw is present in the application, which fails to handle a crafted website. Successful exploitation could allow attackers to execute remote code on a target system. oval:org.secpod.oval:def:24325 The host is installed with Internet Explorer 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which improperly accesses objects in memory. Successful exploitation could allow attackers to execute arbitrary code in the context of the current u ... oval:org.secpod.oval:def:24326 The host is installed with Internet Explorer 7, 8, 9, 10 or 11 and is prone to a information disclosure vulnerability. A flaw is present in the application, which does not properly restrict access to the clipboard of a user who visits a website. Successful exploitation could allow attackers to colle ... oval:org.secpod.oval:def:25374 The host is installed with Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which improperly accesses objects in memory. Successful exploitation could allow attackers to execute arbitrary code in the context of the curren ... oval:org.secpod.oval:def:25375 The host is installed with Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which improperly accesses objects in memory. Successful exploitation could allow attackers to execute arbitrary code in the context of the curren ... oval:org.secpod.oval:def:25376 The host is installed with Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which improperly accesses objects in memory. Successful exploitation could allow attackers to execute arbitrary code in the context of the curren ... oval:org.secpod.oval:def:25377 The host is installed with Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which improperly accesses objects in memory. Successful exploitation could allow attackers to execute arbitrary code in the context of the curren ... oval:org.secpod.oval:def:25378 The host is installed with Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which improperly accesses objects in memory. Successful exploitation could allow attackers to execute arbitrary code in the context of the curren ... oval:org.secpod.oval:def:25379 The host is installed with Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which improperly accesses objects in memory. Successful exploitation could allow attackers to execute arbitrary code in the context of the curren ... oval:org.secpod.oval:def:25380 The host is installed with Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to an information disclosure vulnerability. A flaw is present in the application, which does not properly handle requests for module resources. Successful exploitation could allow attackers to detect the existence of spec ... oval:org.secpod.oval:def:25381 The host is installed with Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to an ASLR bypass vulnerability. A flaw is present in the application, which fails to handle the memory offsets of specific instructions in a given call stack. An attacker who successfully exploited this vulnerability cou ... oval:org.secpod.oval:def:25382 The host is installed with Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which improperly accesses objects in memory. Successful exploitation could allow attackers to execute arbitrary code in the context of the curren ... oval:org.secpod.oval:def:25404 The host is missing an critical security update according to Microsoft bulletin, MS15-066. The update is required to fix ASLR bypass vulnerability. The flaws are present in the application, which fails to handle a crafted website. Successful exploitation could allow attackers to execute remote code ... oval:org.secpod.oval:def:25401 The host is installed with Internet Explorer 7, 8, 9, 10 or 11 and is prone to an elevation of privilege Vulnerability. A flaw is present in the application, which does not properly validate permissions under specific conditions. An attacker who successfully exploited the vulnerability could elevate ... oval:org.secpod.oval:def:25402 The host is installed with Vbscript 5.6 or 5.7 or 5.8 scripting engines and is prone to memory corruption vulnerability. A flaw is present in the application, which fails to handle objects in memory. Successful exploitation could allow attackers to execute remote code on a target system. oval:org.secpod.oval:def:25403 The host is missing a critical security update according to Microsoft security bulletin, MS15-065. The update is required to fix multiple memory corruption vulnerabilities. The flaws are present in the application, which improperly accesses objects in memory. Successful exploitation could allow atta ... oval:org.secpod.oval:def:25826 The host is installed with Internet Explorer 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle crafted data. Successful exploitation could allow attackers to execute arbitrary code. oval:org.secpod.oval:def:26514 The host is installed with Internet Explorer 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly access objects in memory. Successful exploitation could allow attackers to execute arbitrary code in the context of the curr ... oval:org.secpod.oval:def:26515 The host is installed with Internet Explorer 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly access objects in memory. Successful exploitation could allow attackers to execute arbitrary code in the context of the curr ... oval:org.secpod.oval:def:31733 The host is installed with Internet Explorer 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly access objects in memory. An attacker who successfully exploited these vulnerabilities could gain the same user rights as th ... oval:org.secpod.oval:def:20801 The host is installed with Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application , which fails to properly access objects in memory. Successful exploitation could allow attackers to execute arbitrary code. oval:org.secpod.oval:def:20786 The host is installed with Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application , which fails to properly access objects in memory. Successful exploitation could allow attackers to execute arbitrary code. oval:org.secpod.oval:def:20785 The host is installed with Internet Explorer 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application , which fails to properly access objects in memory. Successful exploitation could allow attackers to execute arbitrary code. oval:org.secpod.oval:def:20793 The host is installed with Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application , which fails to properly access objects in memory. Successful exploitation could allow attackers to execute arbitrary code. oval:org.secpod.oval:def:20792 The host is installed with Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application , which fails to properly access objects in memory. Successful exploitation could allow attackers to execute arbitrary code. oval:org.secpod.oval:def:20777 The host is installed with Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application , which fails to properly access objects in memory. Successful exploitation could allow attackers to execute arbitrary code. oval:org.secpod.oval:def:20776 The host is missing a critical security update according to Microsoft bulletin, MS14-051. The update is required to fix multiple memory corruption vulnerabilities. The flaws are present in the application, which fails to properly access objects in memory. Successful exploitation could allow attacker ... oval:org.secpod.oval:def:20783 The host is installed with Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application , which fails to properly access objects in memory. Successful exploitation could allow attackers to execute arbitrary code. oval:org.secpod.oval:def:42742 The host is missing a security update 4049164 oval:org.secpod.oval:def:42740 The host is missing a security update 4048968 oval:org.secpod.oval:def:42721 An information disclosure vulnerability exists in the way that the Microsoft Windows Embedded OpenType (EOT) font engine parses specially crafted embedded fonts. An attacker who successfully exploited this vulnerability could potentially read data that was not intended to be disclosed. Note that thi ... oval:org.secpod.oval:def:42720 An information disclosure vulnerability exists in the way that the Microsoft Windows Embedded OpenType (EOT) font engine parses specially crafted embedded fonts. An attacker who successfully exploited this vulnerability could potentially read data that was not intended to be disclosed. Note that thi ... oval:org.secpod.oval:def:42727 A Win32k information disclosure vulnerability exists when the Windows GDI component improperly discloses kernel memory addresses. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. To exploit this vulnerability, an attacker woul ... oval:org.secpod.oval:def:42736 The host is missing a security update 4047211 oval:org.secpod.oval:def:42739 The host is missing a security update 4046184 oval:org.secpod.oval:def:42738 The host is missing a security update 4048970 oval:org.secpod.oval:def:42349 The host is missing a security update 4042121 oval:org.secpod.oval:def:42350 The host is missing a security update 4041995 oval:org.secpod.oval:def:42354 The host is missing a security update 4042007 oval:org.secpod.oval:def:42358 The host is missing a security update 4041944 oval:org.secpod.oval:def:42365 The host is missing a security update 4041671 oval:org.secpod.oval:def:42368 The host is missing a security update 4042120 oval:org.secpod.oval:def:42367 The host is missing a security update 4042123 oval:org.secpod.oval:def:42366 The host is missing a security update 4042122 oval:org.secpod.oval:def:42070 The host is missing a security update 4040978 oval:org.secpod.oval:def:42072 The host is missing a security update 4040964 oval:org.secpod.oval:def:42028 The host is missing a security update 4039266 oval:org.secpod.oval:def:42029 The host is missing a security update 4038874 oval:org.secpod.oval:def:42030 The host is missing a security update 4032201 oval:org.secpod.oval:def:42034 The host is missing a security update 4039384 oval:org.secpod.oval:def:42039 The host is missing a security update 4034786 oval:org.secpod.oval:def:42043 The host is missing a security update 4039038 oval:org.secpod.oval:def:42062 The host is missing a security update 4041086 oval:org.secpod.oval:def:42001 An information disclosure vulnerability exists when the Windows GDI+ component improperly discloses kernel memory addresses. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. To exploit this vulnerability, an attacker would hav ... oval:org.secpod.oval:def:42005 A information disclosure vulnerability exists when the Windows GDI+ component improperly discloses kernel memory addresses. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. To exploit this vulnerability, an attacker would have ... oval:org.secpod.oval:def:42004 A information disclosure vulnerability exists when the Windows GDI+ component improperly discloses kernel memory addresses. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. To exploit this vulnerability, an attacker would have ... oval:org.secpod.oval:def:42017 An information disclosure vulnerability exists in the Microsoft Common Console Document (.msc) when it improperly parses XML input containing a reference to an external entity. An attacker who successfully exploited this vulnerability could read arbitrary files via an XML external entity (XXE) decla ... oval:org.secpod.oval:def:43900 The host is missing an important security update for KB4073079 oval:org.secpod.oval:def:44608 An elevation of privilege vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete da ... oval:org.secpod.oval:def:43882 The host is missing an important security update for KB4073080 oval:org.secpod.oval:def:43886 The host is missing an important security update for KB4058165 oval:org.secpod.oval:def:43888 The host is missing an important security update for KB4034044 oval:org.secpod.oval:def:43890 The host is missing an important security update for KB4074603 oval:org.secpod.oval:def:43891 The host is missing a critical security update for KB4074851 oval:org.secpod.oval:def:43855 An information disclosure vulnerability exists when the Windows kernel fails to properly initialize a memory address. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. To exploit this vulnerability, an attacker would have to l ... oval:org.secpod.oval:def:45373 An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or ... oval:org.secpod.oval:def:45434 The host is missing an important security update for KB4131188 oval:org.secpod.oval:def:46027 An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new a ... oval:org.secpod.oval:def:47131 A remote code execution vulnerability exists in Microsoft Windows that could allow remote code execution if a .LNK file is processed. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user r ... oval:org.secpod.oval:def:47135 A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delet ... oval:org.secpod.oval:def:47134 An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit ... oval:org.secpod.oval:def:47159 The host is missing a critical security update for KB4340939 oval:org.secpod.oval:def:47435 An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. To exploit this vulnerability, an attacker would have to log on to a ... oval:org.secpod.oval:def:50739 An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. An authenticated attacker could exploit this vulnerability by runnin ... oval:org.secpod.oval:def:50741 An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit t ... oval:org.secpod.oval:def:50749 The host is missing an important security update for KB4487019 oval:org.secpod.oval:def:50751 The host is missing an important security update for KB4487023 oval:org.secpod.oval:def:54703 A remote code execution vulnerability exists in Remote Desktop Services formerly known as Terminal Services when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests. This vulnerability is pre-authentication and requires no user interaction. An a ... oval:org.secpod.oval:def:51406 An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or ... oval:org.secpod.oval:def:55386 An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or ... oval:org.secpod.oval:def:55387 An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system.There are multiple ways an attacker could exploit th ... oval:org.secpod.oval:def:55390 An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system.There are multiple ways an attacker could exploit th ... oval:org.secpod.oval:def:55399 An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system.There are multiple ways an attacker could exploit th ... oval:org.secpod.oval:def:55397 An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system.There are multiple ways an attacker could exploit th ... oval:org.secpod.oval:def:55403 An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system.There are multiple ways an attacker could exploit th ... oval:org.secpod.oval:def:55404 An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system.There are multiple ways an attacker could exploit th ... oval:org.secpod.oval:def:55401 An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system.There are multiple ways an attacker could exploit th ... oval:org.secpod.oval:def:58494 An elevation of privilege vulnerability exists when DirectX improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full ... oval:org.secpod.oval:def:55421 An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system.There are multiple ways an attacker could exploit th ... oval:org.secpod.oval:def:55422 An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system.There are multiple ways an attacker could exploit th ... oval:org.secpod.oval:def:55420 An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system.There are multiple ways an attacker could exploit th ... oval:org.secpod.oval:def:55431 The host is missing an important security update for KB4503273 oval:org.secpod.oval:def:55437 The host is missing a moderate severity security update for KB4503287 oval:org.secpod.oval:def:60679 The host is missing an important security update for KB4534303 oval:org.secpod.oval:def:60683 The host is missing a security update 4534312 oval:org.secpod.oval:def:60698 The host is missing a critical security update for KB4534979 oval:org.secpod.oval:def:60703 The host is missing a critical security update for KB4535105 oval:org.secpod.oval:def:59872 An information disclosure vulnerability exists when the win32k component improperly provides kernel information. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system.To exploit this vulnerability, an attacker would have to log on to ... oval:org.secpod.oval:def:1741 The host is missing an important security update according to Microsoft security bulletin, MS11-056. The update is required to fix elevation of privilege vulnerability in Windows Client/Server Run-time Subsystem. The flaw is present in Client/Server Run-time Subsystem (CSRSS), which fails to restric ... oval:org.secpod.oval:def:39758 A remote code execution vulnerability exists in the way that Microsoft Office and WordPad parse specially crafted files. An attacker who successfully exploited this vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or creat ... oval:org.mitre.oval:def:6340 The TCP implementation in (1) Linux, (2) platforms based on BSD Unix, (3) Microsoft Windows, (4) Cisco products, and probably other operating systems allows remote attackers to cause a denial of service (connection queue exhaustion) via multiple vectors that manipulate information in the TCP state t ... oval:org.secpod.oval:def:49101 A remote code execution vulnerability exists in the way that Windows Deployment Services TFTP Server handles objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary code with elevated permissions on a target system. To exploit the vulnerability, an attac ... oval:org.secpod.oval:def:59879 An elevation of privilege vulnerability exists when Windows improperly handles COM object creation. An attacker who successfully exploited the vulnerability could run arbitrary code with elevated privileges.To exploit this vulnerability, an attacker would first have to log on to the system. An attac ... oval:org.secpod.oval:def:54863 The host is missing an important security update for KB4498964 oval:org.secpod.oval:def:54868 The host is missing an important security update for KB4499409 oval:org.secpod.oval:def:30020 The host is installed with Internet Explorer 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly access objects in memory. An attacker who successfully exploited these vulnerabilities could gain the same user rights as th ... oval:org.secpod.oval:def:54742 The host is missing an important security update for KB4499149 oval:org.secpod.oval:def:54752 The host is missing an important security update 4499180 oval:org.secpod.oval:def:54195 The host is missing an important security update for KB4493458 oval:org.secpod.oval:def:54199 The host is missing an important security update for KB4493471 oval:org.secpod.oval:def:40941 The host is missing security update for KB4022884 oval:org.secpod.oval:def:11229 The host is missing an important security update according to Microsoft security advisory (2820197). The update is required to fix a vulnerability, which prevents ActiveX control from being loaded by the Internet Explorer. Successful exploitation could allow attackers to execute arbitrary code. oval:org.secpod.oval:def:43889 The host is missing an important security update for KB4074836 oval:org.secpod.oval:def:14209 The host is missing a security update according to Microsoft advisory, 2854544. The update is required to fix a update to improve cryptography and digital certificate handling in windows. The flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow ... oval:org.secpod.oval:def:32584 The host is installed with Microsoft Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8, 8.1, Server 2012 or 2012 R2 and is prone to an ASLR bypass vulnerability. A flaw is present in the Windows graphics device interface, which fails to handle objects in memory. Succe ... oval:org.secpod.oval:def:32591 The host is missing a critical security update according to Microsoft security bulletin, MS16-003. The update is required to fix an information disclosure vulnerability. A flaw is present in the applications, which fail to properly access objects in memory. An attacker who successfully exploited the ... oval:org.secpod.oval:def:32614 The host is installed with Microsoft Windows Vista SP2, Windows Server 2008 SP2, Windows 7 SP1 or Windows Server 2008 R2 SP1 and is prone to privilege escalation vulnerability. A flaw is present in the system, which fails to load DLL file. Successful exploitation could allow local attackers to gain ... oval:org.secpod.oval:def:34331 The host is missing an critical security update according to Microsoft security bulletin, MS16-053. The update is required to fix multiple memory corruption vulnerabilities. The flaws are present in the application, which improperly accesses objects in memory. Successful exploitation can corrupt mem ... oval:org.secpod.oval:def:35611 The host is missing a critical security update according to Microsoft security bulletin, MS16-069. The update is required to fix multiple memory corruption vulnerabilities. The flaws are present in VBScript engine, which improperly handles objects in memory in Internet Explorer. Successful exploitat ... oval:org.secpod.oval:def:35923 The host is missing a critical security update according to Microsoft bulletin, MS16-086. The update is required to fix memory corruption vulnerability. A flaw is present in application, which improperly handles objects in memory in Internet Explorer. Successful exploitation could allow attackers to ... oval:org.secpod.oval:def:37006 The host is installed with Vista SP2, Server 2008 SP2, Server 2008 R2 SP1 and is prone to an elevation of privilege vulnerability. A flaw is present in the application, which fails to properly handle kernel API enforced permissions. An attacker who successfully exploited the vulnerability could impe ... oval:org.secpod.oval:def:37486 The host is missing an important security update according to Microsoft security bulletin, MS16-126. The update is required to fix an information disclosure vulnerability. A flaw is present in the application, which fails to properly handle session objects and kernel API enforced permissions. Succes ... oval:org.secpod.oval:def:44646 The host is missing an important security update for KB4089344 oval:org.secpod.oval:def:44658 The host is missing an important security update for KB4089229 oval:org.secpod.oval:def:44655 The host is missing an important security update for KB4089175 oval:org.secpod.oval:def:44657 The host is missing an important security update for KB4087398 oval:org.secpod.oval:def:45003 The host is missing an important security update for KB4091756 oval:org.secpod.oval:def:45005 The host is missing an important security update for KB4093478 oval:org.secpod.oval:def:45007 The host is missing an important security update for KB4093227 oval:org.secpod.oval:def:45010 The host is missing a moderate severity security update for KB4093224 oval:org.secpod.oval:def:45011 The host is missing a critical security update for KB4093223 oval:org.secpod.oval:def:45427 The host is missing an important security update 4095513 oval:org.secpod.oval:def:45432 The host is missing an important security update for KB4095873 oval:org.secpod.oval:def:45439 The host is missing an important security update for KB4130944 oval:org.secpod.oval:def:45442 The host is missing an important security update for KB4101477 oval:org.secpod.oval:def:44638 The host is missing an important security update for KB4056564 oval:org.secpod.oval:def:46383 The host is missing an important security update for KB4291391 oval:org.secpod.oval:def:46385 The host is missing an important security update for KB4295656 oval:org.secpod.oval:def:46384 The host is missing an important security update for KB4293756 oval:org.secpod.oval:def:46393 The host is missing an important security update for KB4338422 oval:org.secpod.oval:def:46403 The host is missing an important security update for KB4338611 oval:org.secpod.oval:def:46419 The host is missing an important security update for KB4339503 oval:org.secpod.oval:def:46418 The host is missing an important security update for KB4339291 oval:org.secpod.oval:def:46421 The host is missing an important security update for KB4340583 oval:org.secpod.oval:def:46420 The host is missing an important security update for KB4339854 oval:org.secpod.oval:def:46042 The host is missing a critical security update for KB4230467 oval:org.secpod.oval:def:46043 The host is missing an important security update for KB4234459 oval:org.secpod.oval:def:46055 The host is missing an important security update for KB4294413 oval:org.secpod.oval:def:47161 The host is missing an important security update for KB4343674 oval:org.secpod.oval:def:47173 The host is missing a critical security update for KB4344104 oval:org.secpod.oval:def:47181 The host is missing an important security update for KB4344151 oval:org.secpod.oval:def:47191 The host is missing an important security update for KB4344176 oval:org.secpod.oval:def:47158 The host is missing an important security update for KB4340937 oval:org.secpod.oval:def:47157 The host is missing an important security update for KB4338380 oval:org.secpod.oval:def:47492 The host is missing a critical security update 4457984 oval:org.secpod.oval:def:47491 The host is missing a critical security update for KB4458010 oval:org.secpod.oval:def:47499 The host is missing a critical security update for KB4457043 oval:org.secpod.oval:def:47509 The host is missing a critical security update for KB4457035 oval:org.secpod.oval:def:47510 The host is missing a critical security update 4457054 oval:org.secpod.oval:def:47931 The host is missing a critical security update for KB4463097 oval:org.secpod.oval:def:47932 The host is missing a critical security update for KB4463104 oval:org.secpod.oval:def:50129 The host is missing an important security update for KB4480957 oval:org.secpod.oval:def:50136 The host is missing an important security update for KB4480968 oval:org.secpod.oval:def:50144 The host is missing an important security security update 4480055 oval:org.secpod.oval:def:50154 The host is missing an important security security update 4480072 oval:org.secpod.oval:def:50758 The host is missing an important security security update 4483451 oval:org.secpod.oval:def:50768 The host is missing an important security security update 4483470 oval:org.secpod.oval:def:58506 The host is missing an important security update for KB4516026 oval:org.secpod.oval:def:58516 The host is missing an important security update for KB4516051 oval:org.secpod.oval:def:59913 The host is missing an important security update for KB4530695 oval:org.secpod.oval:def:59919 The host is missing a security update 4530719 oval:org.secpod.oval:def:40971 A remote code execution vulnerability exists when Office improperly validates input before loading dynamic link library (DLL) files. An attacker who successfully exploited this vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete da ... oval:org.secpod.oval:def:78089 The host is missing an important security update for KB5011525 oval:org.secpod.oval:def:78092 The host is missing an important security update for KB5011534 oval:org.secpod.oval:def:41237 The host is missing a security update KB4032955 oval:org.secpod.oval:def:41273 The host is missing a security update 4025398 oval:org.secpod.oval:def:41272 The host is missing a security update 4025397 oval:org.secpod.oval:def:51419 The host is missing an critical security update for KB4489876 oval:org.secpod.oval:def:51420 The host is missing an critical security update for KB4489880 oval:org.secpod.oval:def:59672 An information disclosure vulnerability exists in Windows Adobe Type Manager Font Driver (ATMFD.dll) when it fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could potentially read data that was not intended to be disclosed. Note that this vulner ... oval:org.secpod.oval:def:59683 An information disclosure vulnerability exists when DirectWrite improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system.There are multiple ways an attacker could exploit the vulnerabilit ... oval:org.secpod.oval:def:59692 A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; ... oval:org.secpod.oval:def:19803 The host is missing a critical security update according to Microsoft bulletin, MS14-036. The update is required to fix remote code execution vulnerabilities. The flaws are present in the applications, which fail to properly validate specially crafted image files. Successful exploitation allows atta ... oval:org.secpod.oval:def:19806 The host is installed with Microsoft Office 2010, 2007, Lync 2010, 2013, SP1, Lync Basic 2013, SP1 or Lync 2010 Attendee and is prone to remote code execution vulnerability. A flaw is present in the applications, which fail to properly handle specially crafted files in a way that corrupts memory. Su ... oval:org.secpod.oval:def:19807 The host is installed with Microsoft Office 2010, 2007, Lync 2010, 2013, SP1, Lync Basic 2013, SP1 or Lync 2010 Attendee and is prone to remote code execution vulnerability. A flaw is present in the applications, which fail to properly validate specially crafted files. Successful exploitation allows ... oval:org.secpod.oval:def:21875 The host is installed with Microsoft Windows Server 2003, Server 2008, Server 2008 R2, Windows Vista, Windows 7, Server 2012, Server 2012 R2, Windows 8 or Windows 8.1 and is prone to an information disclosure vulnerability. A flaw is present in the Graphics Component, which improperly handles the de ... oval:org.secpod.oval:def:21874 The host is missing an important security update according to Microsoft bulletin, MS14-085. The update is required to fix an information disclosure vulnerability. A flaw is present in the application, which improperly handles the decoding of JPEG images in memory. Successful exploitation allows atta ... oval:org.secpod.oval:def:23481 The host is installed with Microsoft Windows Server 2003, Server 2008, Server 2008 R2, Server 2008 R2 IA64, Windows Vista, Windows 7, Server 2012, Server 2012 R2, Windows 8 or Windows 8.1 and is prone to an information disclosure vulnerability. A flaw is present in the Graphics Component, which fail ... oval:org.secpod.oval:def:23482 The host is missing an important security update according to Microsoft security bulletin MS15-016. The update is required to fix an information disclosure vulnerability. A flaw is present in the Graphics Component, which fails to properly handle uninitialized memory when parsing certain, specially ... oval:org.secpod.oval:def:23764 The host is missing an important security update according to Microsoft security bulletin MS15-024. The update is required to fix an information disclosure vulnerability. A flaw is present which exists when Windows fails to properly handle uninitialized memory when parsing certain, specially crafted ... oval:org.secpod.oval:def:23763 The host is installed with Microsoft Windows Server 2003, Server 2008, Server 2008 R2, Server 2008 R2 IA64, Windows Vista, Windows 7, Server 2012, Server 2012 R2, Windows 8 or Windows 8.1 and is prone to an information disclosure vulnerability. A flaw is present which exists when Windows fails to pr ... oval:org.secpod.oval:def:47926 An information disclosure vulnerability exists in the way that Microsoft Graphics Components handle objects in memory. An attacker who successfully exploited the vulnerability could obtain information that could be useful for further exploitation. To exploit the vulnerability, a user would have to o ... oval:org.secpod.oval:def:63254 The host is missing an important security update for KB4556402 oval:org.secpod.oval:def:63259 The host is missing an important security update for KB4556406 oval:org.secpod.oval:def:58971 The host is missing a security update 4520009 oval:org.secpod.oval:def:58965 The host is missing an important security update for KB4520002 oval:org.secpod.oval:def:58941 A security feature bypass vulnerability exists in Microsoft Windows when a man-in-the-middle attacker is able to successfully bypass the NTLMv2 protection if a client is also sending LMv2 responses. An attacker who successfully exploited this vulnerability could gain the ability to downgrade NTLM se ... oval:org.secpod.oval:def:58954 An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delet ... oval:org.secpod.oval:def:58956 An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delet ... oval:org.secpod.oval:def:1223 The host is installed with Microsoft Internet Explorer and is prone to cookiejacking vulnerability. A flaw is present in the application, which fails to properly restrict cross-zone drag-and-drop actions. Successful exploitation allow user-assisted remote attackers to read cookie files. oval:org.secpod.oval:def:1762 The host is missing a Critical security update according to Microsoft security bulletin MS11-057. The update is required to fix multilple vulnerabilities. The flaws are present in the browser, which fails to access an object that has not been properly initialized or has been deleted. Successful expl ... oval:org.mitre.oval:def:6696 Stack-based buffer overflow in the UpdateFrameTitleForDocument method in the CFrameWnd class in mfc42.dll in the Microsoft Foundation Class (MFC) Library in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allo ... oval:org.secpod.oval:def:1388 The host is missing a critical security update according to Microsoft security bulletin, MS10-074. The update is required to fix stack-based buffer overflow vulnerability. A flaw is present in the 'UpdateFrameTitleForDocument' method in the CFrameWnd class in 'mfc42.dll' in the Microsoft Foundation ... oval:org.mitre.oval:def:6508 Stack consumption vulnerability in the FTP Service in Microsoft Internet Information Services (IIS) 5.0 through 7.0 allows remote authenticated users to cause a denial of service (daemon crash) via a list (ls) -R command containing a wildcard that references a subdirectory, followed by a .. (dot dot ... oval:org.secpod.oval:def:2643 The host is missing an important security update according to Microsoft security bulletin, MS09-053. The update is required to fix remote code execution vulnerabilities. The flaws are present in the FTP Service in Microsoft Internet Information Services, which fails to handle the FTP Service list op ... oval:org.secpod.oval:def:23493 The host is installed with Microsoft Windows Server 2003 SP2, Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8, 8.1, Server 2012 or Server 2012 R2 and is prone to a security feature bypass vulnerability. A flaw is present in the application, which fails to properly validate a ... oval:org.secpod.oval:def:23484 The host is missing a critical security update according to Microsoft bulletin, MS15-011. The update is required to fix a remote code execution vulnerability. The flaw is present in the Group Policy, which fails to handle files that originate from unfamiliar or untrusted sources. An attacker who suc ... oval:org.secpod.oval:def:23483 The host is installed with Microsoft Windows Server 2008, Server 2008 R2, Server 2008 R2 IA64, Windows Vista, Windows 7, Server 2012, Server 2012 R2, Windows 8 or Windows 8.1 and is prone to a remote code execution vulnerability. The flaw is present in the Group Policy, which fails to handle files t ... oval:org.secpod.oval:def:23739 The host is installed with Microsoft Windows Server 2003, 2003 SP2, 2008, 2008 SP2, 2008 R2, 2008 R2 SP1, 2012 or 2012 R2 and is prone to a spoofing vulnerability. A flaw is present in the application, which fails to properly establish a secure communications channel. Successful exploitation could a ... oval:org.secpod.oval:def:23740 The host is missing an important security update according to Microsoft security bulletin, MS15-027. The update is required to fix a spoofing vulnerability. A flaw is present in the application, which fails to properly establish a secure communications channel. Successful exploitation could allow at ... oval:org.secpod.oval:def:15958 The host is installed with Microsoft Windows XP SP2, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2 SP1, Windows 7 SP1, Windows 8 or Windows Server 2012 and is prone to an ancillary function driver information disclosure vulnerability. A flaw is present in the application, w ... oval:org.secpod.oval:def:15959 The host is missing an important security update according to Microsoft bulletin, MS13-093. The update is required to fix an ancillary function driver information disclosure vulnerability. A flaw is present in the application, which fails to properly copy data between kernel and user memory. Success ... oval:org.secpod.oval:def:15665 The host is missing a critical security update according to Microsoft bulletin, MS13-081. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to properly handle certain objects in memory and fails to properly parse certain elements. Successfu ... oval:org.secpod.oval:def:15671 The host is installed with Microsoft Windows XP SP2, SP3, Server 2003 SP2, Vista SP2, Server 2008 SP2, Server 2008 R2 SP2, Windows 7 SP1, Windows Server 2012 or Windows 8 and is prone to remote code vulnerability. A flaw is present in the application, which fails to properly parse OpenType fonts. Su ... oval:org.secpod.oval:def:16195 The host is installed with Microsoft Windows Vista SP2, Server 2008 SP2, Server 2008 R2 SP2, Windows 7 SP1, Windows Server 2012 or Windows 8 and is prone to elevation of privilege vulnerability. A flaw is present in the application, which fails to properly handle objects in memory. Successful exploi ... oval:org.secpod.oval:def:16197 The host is missing a critical security update according to Microsoft bulletin, MS13-101. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to properly handle certain objects in memory. Successful exploitation allows local users to gain pri ... oval:org.secpod.oval:def:16201 The host is missing a critical security update according to Microsoft security bulletin, MS13-096. The update is required to fix a remote code execution vulnerability. The flaw is present in the graphics component in Microsoft Windows Vista, Windows Server 2008, Office 2003 SP3 /2007 SP3 /2010 SP1, ... oval:org.secpod.oval:def:15667 The host is installed with Microsoft Windows XP SP2, SP3, Server 2003 SP2, Vista SP2, Server 2008 SP2, Server 2008 R2 SP2, Windows 7 SP1, Windows Server 2012 or Windows 8 and is prone to elevation of privilege vulnerability. A flaw is present in the application, which fails to properly handle object ... oval:org.secpod.oval:def:15666 The host is installed with Microsoft Windows XP SP2, SP3, Server 2003 SP2, Vista SP2, Server 2008 SP2, Server 2008 R2 SP2, Windows 7 SP1, Windows Server 2012 or Windows 8 and is prone to elevation of privilege vulnerability. A flaw is present in the application, which fails to properly handle object ... oval:org.secpod.oval:def:15660 The host is missing a critical security update according to Microsoft Security bulletin, MS13-083. The update is required to fix a remote code execution vulnerability. A flaw is present in the the way that the Windows common control library (aka Comctl32.dll) handles allocating memory for data struc ... oval:org.secpod.oval:def:15659 The host is installed with Microsoft Windows XP, Microsoft Windows Server 2003, Microsoft Windows Vista, Microsoft Windows Server 2008, Microsoft Windows 7, Microsoft Windows Server 2008 R2, Microsoft Windows 8 or Microsoft Windows Server 2012 and is prone to remote code execution vulnerability. A f ... oval:org.secpod.oval:def:15670 The host is installed with Microsoft Windows Vista SP2, Server 2008 SP2, Server 2008 R2 SP2 or Windows 7 SP1 and is prone to elevation of privilege vulnerability. A flaw is present in the application, which fails to properly handle objects in memory. Successful exploitation allows attackers to run a ... oval:org.secpod.oval:def:15425 The host is installed with Microsoft Windows Vista, Windows XP, Windows Server 2003, Windows Server 2008, Windows Server 2008 R2, Windows 7, Windows 8 or Windows Server 2012 and is prone to an elevation of privilege vulnerability. The flaw is present in the Windows Kernel-Mode, which fails to proper ... oval:org.secpod.oval:def:15426 The host is installed with Microsoft Windows Vista, Windows XP, Windows Server 2003, Windows Server 2008, Windows Server 2008 R2, Windows 7, Windows 8 or Windows Server 2012 and is prone to an elevation of privilege vulnerability. The flaw is present in the Windows Kernel-Mode, which fails to proper ... oval:org.secpod.oval:def:15423 The host is installed with Microsoft Windows Vista, Windows XP, Windows Server 2003, Windows Server 2008, Windows Server 2008 R2, Windows 7, Windows 8 or Windows Server 2012 and is prone to an elevation of privilege vulnerability. The flaw is present in the Windows Kernel-Mode, which fails to proper ... oval:org.secpod.oval:def:15424 The host is installed with Microsoft Windows Vista, Windows XP, Windows Server 2003, Windows Server 2008, Windows Server 2008 R2, Windows 7, Windows 8 or Windows Server 2012 and is prone to an elevation of privilege vulnerability. The flaw is present in the Windows Kernel-Mode, which fails to proper ... oval:org.secpod.oval:def:15419 The host is missing an important security update according to Microsoft security bulletin MS13-076. The update is required to fix multiple vulnerabilities. The flaws are present in the windows Kernel-Mode driver, which fails to properly handle objects in memory. Successful exploitation could allow a ... oval:org.secpod.oval:def:15421 The host is installed with Microsoft Windows Vista, Windows XP, Windows Server 2003, Windows Server 2008, Windows Server 2008 R2, Windows 7, Windows 8 or Windows Server 2012 and is prone to an elevation of privilege vulnerability. The flaw is present in the Windows Kernel-Mode, which fails to proper ... oval:org.secpod.oval:def:15422 The host is installed with Microsoft Windows Vista, Windows XP, Windows Server 2003, Windows Server 2008, Windows Server 2008 R2, Windows 7, Windows 8 or Windows Server 2012 and is prone to an elevation of privilege vulnerability. The flaw is present in the Windows Kernel-Mode, which fails to proper ... oval:org.secpod.oval:def:15420 The host is installed with Microsoft Windows Vista, Windows XP, Windows Server 2003, Windows Server 2008, Windows Server 2008 R2, Windows 7, or Windows 8 and is prone to an elevation of privilege vulnerability. The flaw is present in the Windows Kernel-Mode, which fails to properly handle objects in ... oval:org.secpod.oval:def:14824 The host is installed with Internet Explorer 7, 8, 9 or 10 and is prone to elevation of privilege vulnerability. A flaw is present in the application, which fails to properly access an object in memory. Successful exploitation allows attackers to elevate the privileges of a process that is launched ... oval:org.secpod.oval:def:14825 The host is missing a critical security update according to Microsoft bulletin, MS13-059. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to properly access an object in memory. Successful exploitation allows attackers to execute arbitrar ... oval:org.secpod.oval:def:15407 The host is installed with Microsoft Windows XP, Windows Server 2003, Windows Vista or Windows Server 2008 and is prone to remote code execution vulnerability. The flaw is present in the Windows theme file (Themeui.dll), which fails to properly handle crafted Windows theme when user forced open the ... oval:org.secpod.oval:def:15406 The host is missing an important security update according to Microsoft security bulletin, MS13-071. The update is required to fix remote code execution vulnerability. The flaw is present in the Windows theme file (Themeui.dll), which fails to properly handle crafted Windows theme when user forced o ... oval:org.secpod.oval:def:14299 The host is installed with DirectShow in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8 or Windows Server 2012 and is prone to a remote code execution vulnerability. A flaw is present in the application, whic ... oval:org.secpod.oval:def:14314 The host is missing an important security update according to Microsoft security bulletin MS13-053. The update is required to fix multiple vulnerabilities. The flaws are present in the windows kernel-mode driver, which fails to properly handle objects in memory. Successful exploitation could allow a ... oval:org.secpod.oval:def:14312 The host is installed with Microsoft Windows Vista, Windows XP, Windows Server 2003, Windows Server 2008, Windows Server 2008 R2, Windows 7, Windows 8 or Windows Server 2012 and is prone to an elevation of privilege vulnerability. The flaw is present in the application, which fails to properly hand ... oval:org.secpod.oval:def:14300 The host is missing a critical security update according to Microsoft bulletin MS13-056. The update is required to fix a remote code execution vulnerability. A flaw is present in the application, which fails to handle crafted GIF image files. Successful exploitation could allow attackers to execute ... oval:org.secpod.oval:def:14842 The host is installed with Microsoft Windows Vista, Server 2008, Windows 7, Windows 8, Windows Server 2012 or Windows Server 2008 R2 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to properly allocate memory for incoming ICMPv6 packets. Successfu ... oval:org.secpod.oval:def:14843 The host is missing an important security update according to Microsoft advisory MS13-065. The update is required to fix a denial of service vulnerability. A flaw is present in the application which fails to properly allocate memory for incoming ICMPv6 packets. Successful exploitation could allow at ... oval:org.secpod.oval:def:14833 The host is installed with Microsoft Windows and is prone to a remote procedure call vulnerability. A flaw is present in the application, which fails to handle asynchronous RPC requests. Successful exploitation could allow attackers to execute arbitrary code. oval:org.secpod.oval:def:14834 The host is missing an important security update according to Microsoft bulletin MS13-062. The update is required to fix a remote procedure call vulnerability. A flaw is present in the application, which fails to handle asynchronous RPC requests. Successful exploitation could allow attackers to exec ... oval:org.secpod.oval:def:14310 The host is installed with Microsoft Windows Vista, Windows XP, Windows Server 2003, Windows Server 2008, Windows Server 2008 R2 or Windows 7 and is prone to a elevation of privilege vulnerability. The flaw is present in the application, which fails to properly handle objects in memory. Successful ... oval:org.secpod.oval:def:14311 The host is installed with Microsoft Windows Vista, Windows XP, Windows Server 2003, Windows Server 2008, Windows Server 2008 R2 or Windows 7 and is prone to a elevation of privilege vulnerability. The flaw is present in the application, which fails to properly handle objects in memory. Successful ... oval:org.secpod.oval:def:14315 The host is missing an important security update according to Microsoft security bulletin, MS13-054. The update is required to fix multiple vulnerabilities. The flaws are present in the Microsoft Office 2003 SP3 /2007 SP3 /2010 SP1, Windows, Visual Studio .NET 2003 SP1, Lync 2010, Lync Basic 2013 or ... oval:org.secpod.oval:def:14308 The host is installed with Microsoft Windows Vista, Windows XP, Windows Server 2003, Windows Server 2008, Windows Server 2008 R2, Windows 7, Windows 8 or Windows Server 2012 and is prone to an elevation of privilege vulnerability. The flaw is present in the application, which fails to properly hand ... oval:org.secpod.oval:def:14309 The host is installed with Microsoft Windows Vista, Windows XP, Windows Server 2003, Windows Server 2008, Windows Server 2008 R2, Windows 7, Windows 8 or Windows Server 2012 and is prone to an elevation of privilege vulnerability. The flaw is present in the application, which fails to properly hand ... oval:org.secpod.oval:def:14198 The host is missing an important security update according to Microsoft security bulletin MS13-049. The update is required to fix a denial of service vulnerability. A flaw is present in the application, which fails to properly handle packets during TCP connection. Successful exploitation could allow ... oval:org.secpod.oval:def:14199 The host is missing an important security update according to Microsoft security bulletin, MS13-050. The update is required to fix privilege escalation vulnerability in Microsoft Windows Print Spooler components. A flaw is present in the Windows print server which fails to validate a specially craft ... oval:org.secpod.oval:def:14197 The host is installed with Microsoft Windows Vista, Windows Server 2008, Windows Server 2008 R2, Windows 7, Windows 8 or Windows Server 2012 and is prone to a TCP/IP integer overflow vulnerability. A flaw is present in the application, which fails to properly handle packets during TCP connection. S ... oval:org.secpod.oval:def:14200 The host is installed with Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows 8 or Windows 2012 and is prone to a privilege escalation vulnerability. A flaw is present in the Windows Print Spooler components which fails to validate a specially crafted print job. Successfu ... oval:org.secpod.oval:def:14307 The host is installed with Microsoft Windows Vista, Windows XP, Windows Server 2003, Windows Server 2008, Windows Server 2008 R2, Windows 7, Windows 8 or Windows Server 2012 and is prone to an elevation of privilege vulnerability. The flaw is present in the application, which fails to properly hand ... oval:org.secpod.oval:def:10969 The host is missing an important security update according to Microsoft security bulletin MS13-046. The update is required to fix a windows handle vulnerability. A flaw is present in the application which fails to properly handle deleted objects in memory. Successful exploitation could allow attacke ... oval:org.secpod.oval:def:10966 The host is installed with Microsoft Windows Vista, Windows Server 2008 or R2 , Windows 7 SP1, Windows 8, Windows Server 2012 and is prone to a privilege escalation vulnerability. A flaw is present in the application, which fails to properly handle objects in memory. Successful exploitation could al ... oval:org.secpod.oval:def:10968 The host is installed with Microsoft Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, R2, Windows 7, Windows 8, Windows Server 2012 and is prone to a windows handle vulnerability. A flaw is present in the application which fails to properly handle deleted objects in memory. Succe ... oval:org.secpod.oval:def:10729 The host is installed with Windows XP, Server 2003, Vista, or Server 2008 are prone to a CSRSS memory corruption vulnerability. A flaw is present in the application, which fails to handle a crafted application. Successful exploitation could allow attackers to gain privileges. oval:org.secpod.oval:def:10740 The host is missing an important security update according to Microsoft security bulletin MS13-031. The update is required to fix multiple race condition vulnerabilities. The flaws are present in the application, which fails to properly handle objects in memory. Successful exploitation could allow a ... oval:org.secpod.oval:def:10738 The host is installed with Microsoft Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012 and is prone to a race condition vulnerability. A flaw is present in the application, which fails to properly handle objec ... oval:org.secpod.oval:def:10730 The host is missing an important security update according to Microsoft bulletin MS13-033. The update is required to fix a CSRSS memory corruption vulnerability. A flaw is present in the application, which fails to handle a crafted application. Successful exploitation could allow attackers to gain p ... oval:org.secpod.oval:def:10733 The host is installed with Microsoft Windows XP, Server 2003, Server 2008, R2, Server 2012, Windows Vista, Windows 7 or Windows 8 and is prone to elevation of privilege vulnerability. A flaw is present in the application, which fails to handle objects in memory. Successful exploitation allows attack ... oval:org.secpod.oval:def:10734 The host is missing an important security update according to Microsoft security bulletin, MS13-036. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle certain vectors related to memory and crafted files. Successful exploitation al ... oval:org.secpod.oval:def:10736 The host is installed with Microsoft Windows Server 2008, R2, Server 2012, Windows Vista, Windows 7 or Windows 8 and is prone to elevation of privilege vulnerability. A flaw is present in the application, which fails to handle objects in memory. Successful exploitation allows attackers to gain eleva ... oval:org.secpod.oval:def:10737 The host is installed with Microsoft Windows Server 2008, R2, Windows Vista or Windows 7 and is prone to elevation of privilege vulnerability. A flaw is present in the application, which fails to handle objects in memory. Successful exploitation allows attackers to gain elevated privileges and read ... oval:org.secpod.oval:def:9739 The host is missing an important security update according to MS bulletin, MS13-027 and is prone to an privilege escalation vulnerability. A flaw is present in the kernel-mode drivers, which fails to properly handle objects in memory. Successful exploitation could allow attackers to run arbitrary co ... oval:org.secpod.oval:def:9742 The host is installed with Microsoft Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows 8 or Windows Server 2012 and is prone to a privilege escalation vulnerability. A flaw is present in the kernel-mode drivers, which fails to handle obje ... oval:org.secpod.oval:def:9741 The host is installed with Microsoft Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows 8 or Windows Server 2012 and is prone to a privilege escalation vulnerability. A flaw is present in the kernel-mode drivers, which fails to handle obje ... oval:org.secpod.oval:def:9740 The host is installed with Microsoft Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows 8 or Windows Server 2012 and is prone to a privilege escalation vulnerability. A flaw is present in the kernel-mode drivers, which fails to handle obje ... oval:org.secpod.oval:def:9711 The host is missing a critical security update according to Microsoft bulletin, MS13-012 and is prone to multiple use after free vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to execute arbitrary code. oval:org.secpod.oval:def:9715 The host is installed with Internet Explorer 6,7,8,9 or 10 and is prone to a CCaret use after free vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to execute arbitrary code. oval:org.secpod.oval:def:9717 The host is installed with Internet Explorer 6,7,8,9 or 10 and is prone to a GetMarkupPtr use after free vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to execute arbitrary code. oval:org.secpod.oval:def:9718 The host is installed with Internet Explorer 6,7,8,9 or 10 and is prone to a use after free vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to execute arbitrary code. oval:org.secpod.oval:def:9720 The host is installed with Internet Explorer 6,7,8,9 or 10 and is prone to an use after free vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to execute arbitrary code. oval:org.secpod.oval:def:9713 The host is installed with Internet Explorer 6,7,8,9 or 10 and is prone to an use after free vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to execute arbitrary code. oval:org.secpod.oval:def:9712 The host is installed with Internet Explorer 6,7,8,9 or 10 and is prone to an onresize use after free vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to execute arbitrary code. oval:org.secpod.oval:def:9714 The host is installed with Internet Explorer 6,7,8,9 or 10 and is prone to a CMarkupBehaviorContext use after free vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to execute arbitrary code. oval:org.secpod.oval:def:14835 The host is installed with Windows Vista, Windows Server 2008, Windows 7 or Windows Server 2008 R2 and is prone to a ASLR security feature bypass vulnerability. The flaw is present in Windows Kernel, which fails to properly handle the implementation of Address Space Layout Randomization (ASLR). Succ ... oval:org.secpod.oval:def:14839 The host is missing an important security update according to Microsoft security bulletin MS13-063. The update is required to fix elevation of privilege vulnerability. The flaw is present in the Windows kernel, which fails to handle memory corruption condition in the NT Virtual DOS Machine (NTVDM).S ... oval:org.secpod.oval:def:9239 The host is missing an important security update according to Microsoft bulletin, MS13-017. The update is required to fix multiple elevation of privilege vulnerabilities. The flaws are present in the application, which is caused when the Windows kernel improperly handles objects in memory. Successfu ... oval:org.secpod.oval:def:9238 The host is installed with Microsoft Windows XP, Server 2003, Server 2008, Server 2008 R2, Server 2012, Windows Vista, Windows 7 or Windows 8 and is prone to elevation of privilege vulnerability. A flaw is present in the application, which is caused when the Windows kernel improperly handles objects ... oval:org.secpod.oval:def:9236 The host is installed with Microsoft Windows XP, Server 2003, Server 2008, Server 2008 R2, Server 2012, Windows Vista, Windows 7 or Windows 8 and is prone to elevation of privilege vulnerability. A flaw is present in the application, which is caused when the Windows kernel improperly handles objects ... oval:org.secpod.oval:def:9237 The host is installed with Microsoft Windows XP, Server 2003, Server 2008, Server 2008 R2, Server 2012, Windows Vista, Windows 7 or Windows 8 and is prone to elevation of privilege vulnerability. A flaw is present in the application, which is caused when the Windows kernel improperly handles objects ... oval:org.secpod.oval:def:9271 The host is installed with Microsoft Windows XP, Server 2003, Server 2008, Server 2008 R2, Server 2012, Windows Vista, or Windows 7 and is prone to elevation of privilege vulnerability. A flaw is present in the application, which is caused when the Windows kernel-mode driver improperly handles objec ... oval:org.secpod.oval:def:9272 The host is installed with Microsoft Windows XP, Server 2003, Server 2008, Server 2008 R2, Server 2012, Windows Vista, or Windows 7 and is prone to elevation of privilege vulnerability. A flaw is present in the application, which is caused when the Windows kernel-mode driver improperly handles objec ... oval:org.secpod.oval:def:9273 The host is installed with Microsoft Windows XP, Server 2003, Server 2008, Server 2008 R2, Server 2012, Windows Vista or Windows 7 and is prone to elevation of privilege vulnerability. A flaw is present in the application, which is caused when the Windows kernel-mode driver improperly handles object ... oval:org.secpod.oval:def:9274 The host is missing an important security update according to Microsoft bulletin, MS13-016. The update is required to fix multiple elevation of privilege vulnerabilities. The flaws are present in the application, which is caused when the Windows kernel-mode driver improperly handles objects in memor ... oval:org.secpod.oval:def:9268 The host is installed with Microsoft Windows XP, Server 2003, Server 2008, Server 2008 R2, Server 2012, Windows Vista, or Windows 7 and is prone to elevation of privilege vulnerability. A flaw is present in the application, which is caused when the Windows kernel-mode driver improperly handles objec ... oval:org.secpod.oval:def:9269 The host is installed with Microsoft Windows XP, Server 2003, Server 2008, Server 2008 R2, Server 2012, Windows Vista, or Windows 7 and is prone to elevation of privilege vulnerability. A flaw is present in the application, which is caused when the Windows kernel-mode driver improperly handles objec ... oval:org.secpod.oval:def:9266 The host is installed with Microsoft Windows XP, Server 2003, Server 2008, Server 2008 R2, Server 2012, Windows Vista, or Windows 7 and is prone to elevation of privilege vulnerability. A flaw is present in the application, which is caused when the Windows kernel-mode driver improperly handles objec ... oval:org.secpod.oval:def:9267 The host is installed with Microsoft Windows XP, Server 2003, Server 2008, Server 2008 R2, Server 2012, Windows Vista, or Windows 7 and is prone to elevation of privilege vulnerability. A flaw is present in the application, which is caused when the Windows kernel-mode driver improperly handles objec ... oval:org.secpod.oval:def:9270 The host is installed with Microsoft Windows XP, Server 2003, Server 2008, Server 2008 R2, Server 2012, Windows Vista, or Windows 7 and is prone to elevation of privilege vulnerability. A flaw is present in the application, which is caused when the Windows kernel-mode driver improperly handles objec ... oval:org.secpod.oval:def:9264 The host is installed with Microsoft Windows XP, Server 2003, Server 2008, Server 2008 R2, Server 2012, Windows Vista, or Windows 7 and is prone to elevation of privilege vulnerability. A flaw is present in the application, which is caused when the Windows kernel-mode driver improperly handles objec ... oval:org.secpod.oval:def:9265 The host is installed with Microsoft Windows XP, Server 2003, Server 2008, Server 2008 R2, Server 2012, Windows Vista, or Windows 7 and is prone to elevation of privilege vulnerability. A flaw is present in the application, which is caused when the Windows kernel-mode driver improperly handles objec ... oval:org.secpod.oval:def:9261 The host is installed with Microsoft Windows XP, Server 2003, Server 2008, Server 2008 R2, Server 2012, Windows Vista, or Windows 7 and is prone to elevation of privilege vulnerability. A flaw is present in the application, which is caused when the Windows kernel-mode driver improperly handles objec ... oval:org.secpod.oval:def:9262 The host is installed with Microsoft Windows XP, Server 2003, Server 2008, Server 2008 R2, Server 2012, Windows Vista, or Windows 7 and is prone to elevation of privilege vulnerability. A flaw is present in the application, which is caused when the Windows kernel-mode driver improperly handles objec ... oval:org.secpod.oval:def:9263 The host is installed with Microsoft Windows XP, Server 2003, Server 2008, Server 2008 R2, Server 2012, Windows Vista, or Windows 7 and is prone to elevation of privilege vulnerability. A flaw is present in the application, which is caused when the Windows kernel-mode driver improperly handles objec ... oval:org.secpod.oval:def:9257 The host is installed with Microsoft Windows XP, Server 2003, Server 2008, Server 2008 R2, Server 2012, Windows Vista, or Windows 7 and is prone to elevation of privilege vulnerability. A flaw is present in the application, which is caused when the Windows kernel-mode driver improperly handles objec ... oval:org.secpod.oval:def:9258 The host is installed with Microsoft Windows XP, Server 2003, Server 2008, Server 2008 R2, Server 2012, Windows Vista, or Windows 7 and is prone to elevation of privilege vulnerability. A flaw is present in the application, which is caused when the Windows kernel-mode driver improperly handles objec ... oval:org.secpod.oval:def:9259 The host is installed with Microsoft Windows XP, Server 2003, Server 2008, Server 2008 R2, Server 2012, Windows Vista, or Windows 7 and is prone to elevation of privilege vulnerability. A flaw is present in the application, which is caused when the Windows kernel-mode driver improperly handles objec ... oval:org.secpod.oval:def:9256 The host is installed with Microsoft Windows XP, Server 2003, Server 2008, Server 2008 R2, Server 2012, Windows Vista, or Windows 7 and is prone to elevation of privilege vulnerability. A flaw is present in the application, which is caused when the Windows kernel-mode driver improperly handles objec ... oval:org.secpod.oval:def:9260 The host is installed with Microsoft Windows XP, Server 2003, Server 2008, Server 2008 R2, Server 2012, Windows Vista, or Windows 7 and is prone to elevation of privilege vulnerability. A flaw is present in the application, which is caused when the Windows kernel-mode driver improperly handles objec ... oval:org.secpod.oval:def:9253 The host is installed with Microsoft Windows XP, Server 2003, Server 2008, Server 2008 R2, Server 2012, Windows Vista, or Windows 7 and is prone to elevation of privilege vulnerability. A flaw is present in the application, which is caused when the Windows kernel-mode driver improperly handles objec ... oval:org.secpod.oval:def:9254 The host is installed with Microsoft Windows XP, Server 2003, Server 2008, Server 2008 R2, Server 2012, Windows Vista, or Windows 7 and is prone to elevation of privilege vulnerability. A flaw is present in the application, which is caused when the Windows kernel-mode driver improperly handles objec ... oval:org.secpod.oval:def:9255 The host is installed with Microsoft Windows XP, Server 2003, Server 2008, Server 2008 R2, Server 2012, Windows Vista, or Windows 7 and is prone to elevation of privilege vulnerability. A flaw is present in the application, which is caused when the Windows kernel-mode driver improperly handles objec ... oval:org.secpod.oval:def:9251 The host is installed with Microsoft Windows XP, Server 2003, Server 2008, Server 2008 R2, Server 2012, Windows Vista, or Windows 7 and is prone to elevation of privilege vulnerability. A flaw is present in the application, which is caused when the Windows kernel-mode driver improperly handles objec ... oval:org.secpod.oval:def:9252 The host is installed with Microsoft Windows XP, Server 2003, Server 2008, Server 2008 R2, Server 2012, Windows Vista, or Windows 7 and is prone to elevation of privilege vulnerability. A flaw is present in the application, which is caused when the Windows kernel-mode driver improperly handles objec ... oval:org.secpod.oval:def:9250 The host is installed with Microsoft Windows XP, Server 2003, Server 2008, Server 2008 R2, Server 2012, Windows Vista, or Windows 7 and is prone to elevation of privilege vulnerability. A flaw is present in the application, which is caused when the Windows kernel-mode driver improperly handles objec ... oval:org.secpod.oval:def:9246 The host is installed with Microsoft Windows XP, Server 2003, Server 2008, Server 2008 R2, Server 2012, Windows Vista, or Windows 7 and is prone to elevation of privilege vulnerability. A flaw is present in the application, which is caused when the Windows kernel-mode driver improperly handles objec ... oval:org.secpod.oval:def:9247 The host is installed with Microsoft Windows XP, Server 2003, Server 2008, Server 2008 R2, Server 2012, Windows Vista, or Windows 7 and is prone to elevation of privilege vulnerability. A flaw is present in the application, which is caused when the Windows kernel-mode driver improperly handles objec ... oval:org.secpod.oval:def:9248 The host is installed with Microsoft Windows XP, Server 2003, Server 2008, Server 2008 R2, Server 2012, Windows Vista, or Windows 7 and is prone to elevation of privilege vulnerability. A flaw is present in the application, which is caused when the Windows kernel-mode driver improperly handles objec ... oval:org.secpod.oval:def:9249 The host is installed with Microsoft Windows XP, Server 2003, Server 2008, Server 2008 R2, Server 2012, Windows Vista, or Windows 7 and is prone to elevation of privilege vulnerability. A flaw is present in the application, which is caused when the Windows kernel-mode driver improperly handles objec ... oval:org.secpod.oval:def:9230 The host is missing a critical security update according to Microsoft Security bulletin, MS13-011. The update is required to fix a remote code execution vulnerability. A flaw is present in the application, which fails to handle a specially crafted media file (such as an .mpg file), a Microsoft Offi ... oval:org.secpod.oval:def:9244 The host is installed with Microsoft Windows XP, Server 2003, Server 2008, Server 2008 R2, Server 2012, Windows Vista, Windows 7, Server 2012 or Windows 8 and is prone to elevation of privilege vulnerability. A flaw is present in the application, which is caused when the Windows kernel-mode driver i ... oval:org.secpod.oval:def:9245 The host is installed with Microsoft Windows XP, Server 2003, Server 2008, Server 2008 R2, Server 2012, Windows Vista, Windows 7, Server 2012 or Windows 8 and is prone to elevation of privilege vulnerability. A flaw is present in the application, which is caused when the Windows kernel-mode driver i ... oval:org.secpod.oval:def:9240 The host is installed with Microsoft Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows 8 or Windows Server 2012 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to properly handle a connection termination sequence. Succ ... oval:org.secpod.oval:def:9241 The host is missing an important security update according to Microsoft security bulletin MS13-018. The update is required to fix a denial of service vulnerability. A flaw is present in the application, which fails to properly handle a connection termination sequence. Successful exploitation could a ... oval:org.secpod.oval:def:9229 The host is installed with Microsoft Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008 and is prone to a remote code execution vulnerability. A flaw is present in the application, which fails to handle a specially crafted media file (such as an .mpg file), a Microsoft Office docume ... oval:org.secpod.oval:def:9280 The host is missing an important security update according to Microsoft bulletin, MS13-015. The update is required to fix privilege escalation vulnerability. A flaw is present in the application, which fails to properly handle a web browser that can run XAML Browser Applications. Successful exploita ... oval:org.secpod.oval:def:9281 The host is installed with .NET Framework 2.0 or 3.5 or 3.5.1 or 4.0 or 4.5 and is prone to privilege escalation vulnerability. A flaw is present in the application, which fails to properly handle permissions of a callback function. Successful exploitation allows attackers to take complete control o ... oval:org.secpod.oval:def:9297 The host is missing a critical security update according to Microsoft security bulletin, MS13-009. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to execute arbitrary ... oval:org.secpod.oval:def:9296 The host is installed with Internet Explorer 6, 7, 8, 9 and is prone to an use after free vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to execute arbitrary code. oval:org.secpod.oval:def:9282 The host is missing a critical security update according to Microsoft security bulletin, MS13-010. The update is required to fix remote code execution vulnerability. A flaw is present in the microsoft implementation of Vector Markup Language, which fails to handle a specially crafted webpage. Succes ... oval:org.secpod.oval:def:9283 The host is installed with Internet Explorer 6 or 7 or 8 or 9 or 10 and is prone to memory corruption vulnerability. A flaw is present in the application, which fails to handle a specially crafted webpage. Successful exploitation could allow an attacker to gain the same user rights as the current us ... oval:org.secpod.oval:def:8333 The host is installed with Windows Vista, Windows Server 2008,Windows Server 2008 R2, Windows 7, Windows 8 or Windows Server 2012 and is prone to a privilege escalation vulnerability. A flaw is present in the application, which fails to properly handle window broadcast messages. Successful exploitat ... oval:org.secpod.oval:def:8334 The host is missing an important security update according to MS bulletin, MS13-005 and is prone to an privilege escalation vulnerability. A flaw is present in the application, which fails to properly handle window broadcast messages. Successful exploitation could allow attackers to take complete co ... oval:org.secpod.oval:def:8335 The host is installed with Microsoft Windows Vista, Windows 7, Windows server 2008, Windows server 208 R2, Windows 8 or Windows server 2012 and is prone to security feature bypass vulnerability. A flaw is present in the application, which fails to properly handle SSL/TLS session version negotiation. ... oval:org.secpod.oval:def:8336 The host is missing an important security update according to Microsoft bulletin, MS13-006. The update is required to fix security feature bypass vulnerability. A flaw is present in the application, which fails to properly handle SSL/TLS session version negotiation. Successful exploitation allows at ... oval:org.secpod.oval:def:9287 The host is installed with Internet Explorer 7, 8, 9 or 10 and is prone to an use after free vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to execute arbitrary code. oval:org.secpod.oval:def:8339 The host is installed with Microsoft .NET Framework 2.0 SP2, 3.0, 3.5.1, 4 or 4.5 and is prone to S.DS.P buffer overflow vulnerability. A flaw is present in the application, which fails to properly handle System.DirectoryServices.Protocols (S.DS.P) namespace method. Successful exploitation allows re ... oval:org.secpod.oval:def:8344 The host is missing an important security update according Microsoft bulletin MS13-007. The update is required to fix a denial of service vulnerability. A flaw is present in the applications, which fail to handle crafted HTTP requests. Successful exploitation could allow attackers to crash the servi ... oval:org.secpod.oval:def:8340 The host is installed with Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.0, 3.5.1, 4 or 4.5 and is prone to double construction vulnerability. A flaw is present in the application, which fails to properly handle objects in memory. Successful exploitation allows remote attackers to install programs, v ... oval:org.secpod.oval:def:8341 The host is missing an important security update according to Microsoft security bulletin, MS13-004. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to properly handle the vectors related to memory. Successful exploitation allows remote a ... oval:org.secpod.oval:def:8342 The host is installed with Microsoft .NET Framework 3.5 Service Pack 1, Microsoft .NET Framework 4 or Management OData IIS Extension and is prone to a denial of service vulnerability. A flaw is present in the applications, which fail to handle crafted HTTP requests. Successful exploitation could all ... oval:org.secpod.oval:def:8352 The host is missing a critical security update according to MS13-002. The update is required to fix multiple MSXML vulnerabilities. The flaws are present in the applications, which fail to properly handle XML content. Successful exploitation allows attackers to execute arbitrary code. oval:org.secpod.oval:def:8197 The host is missing a critical security update according to Microsoft security bulletin MS12-077. The update is required to fix multiple use-after-free vulnerabilities. The flaws are present in the application, which fails to handle a deleted object. Successful exploitation could allow attackers to ... oval:org.secpod.oval:def:8196 The host is installed with Internet Explorer 9 or 10 and is prone to an improper ref counting use-after-free vulnerability. A flaw is present in the application, which fails to handle a deleted or improperly initialized object. Successful exploitation could allow attackers to execute arbitrary code. oval:org.secpod.oval:def:8322 The host is installed with Internet Explorer 6, Internet Explorer 7 or Internet Explorer 8 and is prone to remote code execution vulnerability. A flaw is present in the application, which fails to properly handle object in memory. Successful exploitation could allow attackers to execute arbitrary co ... oval:org.secpod.oval:def:8321 The host is missing a critical security update according to Microsoft Security Bulletin, MS13-008. The update is required to fix remote code execution vulnerability. A flaw is present in the application, which fails to properly handle object in memory. Successful exploitation could allow attackers t ... oval:org.secpod.oval:def:8337 The host is installed with Microsoft .NET Framework 1.1 SP1 or 2.0 SP2 or 3.5.1 or 4 or 4.5 and is prone to WinForms buffer overflow vulnerability. A flaw is present in the application, which fails to properly handle a Windows Forms method. Successful exploitation allows remote attackers to install ... oval:org.secpod.oval:def:8338 The host is installed with Microsoft .NET Framework 1.1 SP1 or 2.0 SP2 or 3.0 or 4 and is prone to system drawing information disclosure vulnerability. A flaw is present in the application, which fails to properly handle pointers to unmanaged memory locations. Successful exploitation allows remote a ... oval:org.secpod.oval:def:8182 The host is installed with Windows XP, Windows Vista, Windows Server 2008, Windows Server 2008 R2, Windows Server 2003 or Windows 7 and is prone to a remote code execution vulnerability. A flaw is present in the application, which fails to parse filenames. Successful exploitation could allow attacke ... oval:org.secpod.oval:def:8183 The host is missing a critical security update according to Microsoft security bulletin, MS12-081. The update is required to fix a remote code execution vulnerability. A flaw is present in the application, which fails to parse filenames. Successful exploitation could allow attackers to execute arbit ... oval:org.secpod.oval:def:8190 The host is missing a critical security update according to Microsoft security bulletin, MS12-078. The update is required to fix remote code execution vulnerabilities. The flaws are present in the Windows kernel, which fails to handle the objects in memory. Successful exploitation could allow remote ... oval:org.secpod.oval:def:8191 The host is installed with Windows XP, Windows Vista, Windows Server 2008,Windows Server 2008 R2, Windows Server 2003 or Windows 7 and is prone to remote code execution vulnerabilities. The flaws are present in the Windows kernel, which fails to handle a specially crafted OpenType font file. Success ... oval:org.secpod.oval:def:7927 The host is installed with Microsoft .NET Framework 2.0 SP2, 3.5.1, 4 or 4.5 and is prone to Web proxy auto-discovery vulnerability. A flaw is present in the applications, which is caused by a lack of validation when the .NET Framework acquires the default web proxy settings and executes JavaScript ... oval:org.secpod.oval:def:7929 The host is missing a critical security update according to Microsoft Security Bulletin, MS12-074. The update is required to fix multiple vulnerabilities. The flaws are present in the applications, which fail to handle certain vectors and properly perform validations. Successful exploitation allows ... oval:org.secpod.oval:def:7931 The host is installed with Windows XP, Windows Vista, Windows Server 2008, Windows Server 2003 or Windows 7 and is prone to privilege escalation vulnerability. A flaw is present in the Windows kernel, which fails to properly handle the objects in memory. Successful exploitation could allow attackers ... oval:org.secpod.oval:def:7924 The host is installed with Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5.1 or 4 and is prone to reflection bypass vulnerability. A flaw is present in the applications, which fail to properly validate the permissions of objects performing reflection. Successful exploitation allows attackers to take ... oval:org.secpod.oval:def:7925 The host is installed with Microsoft .NET Framework 2.0 SP2 or 3.5.1 and is prone to Code access security info disclosure vulnerability. A flaw is present in the applications, which does not properly sanitize the output of a function when called from partially trusted code. Successful exploitation a ... oval:org.secpod.oval:def:7926 The host is installed with Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5.1 or 4 and is prone to untrusted search path vulnerability. A flaw is present in the applications, which is caused when Entity Framework, a .NET Framework component, incorrectly restricts the path used for loading external lib ... oval:org.secpod.oval:def:7930 The host is missing a critical security update according to Microsoft security bulletin, MS12-075. The update is required to fix remote code execution vulnerabilities. The flaws are present in the Windows kernel, which fails to handle the webpage that embeds TrueType font files. Successful exploitat ... oval:org.secpod.oval:def:7311 The host is installed with Microsoft Windows XP, server 2003, server 2008, server 2008 R2, Vista or Windows 7 and is prone to integer overflow vulnerability. A flaw is present in the application, which is caused when the Windows kernel improperly handles objects in memory. Successful exploitation al ... oval:org.secpod.oval:def:7312 The host is missing an important security update according to Microsoft security bulletin, MS12-068. The update is required to fix integer overflow vulnerability. A flaw is present in the application, which is caused when the Windows kernel improperly handles objects in memory. Successful exploitati ... oval:org.secpod.oval:def:7077 The host is installed with Google Chrome before 22.0.1229.79 in Microsoft Windows 7 and is prone to denial of service vulnerability. A flaw is present in the application, which fails to properly handle memory. Successful exploitation allows remote attackers to execute arbitrary code or cause a denia ... oval:org.secpod.oval:def:6686 The host is missing an important security update according to Microsoft security bulletin, MS12-055. The update is required to fix multiple elevation of privilege vulnerabilities. The flaws are present in the application, which fails to handle objects in memory properly. Successful exploitation coul ... oval:org.secpod.oval:def:6685 The host is installed with Microsoft Windows XP SP2, SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, R2 SP1, Windows 7 Gold or SP1 and is prone to an elevation of privilege vulnerability. A flaw is present in the application, which fails to handle objects in memory prop ... oval:org.secpod.oval:def:6688 The host is installed with Microsoft Windows XP, Server 2003, Vista, Server 2008, Windows 7 or Server 2008 R2 and is prone to format string vulnerability. A flaw is present in the application, which fails to handle a specially crafted response. Successful exploitation allows attackers to take comple ... oval:org.secpod.oval:def:6687 The host is installed with Microsoft Windows XP, Server 2003, Vista, Server 2008, Windows 7 or Server 2008 R2 and is prone to denial of service vulnerability. A flaw is present in the application, which fails to properly handle a Remote Administration Protocol (RAP) response. Successful exploitation ... oval:org.secpod.oval:def:6691 The host is missing a critical security update according to Microsoft security bulletin, MS12-054. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to properly handle a Remote Administration Protocol (RAP) response. Successful exploitation ... oval:org.secpod.oval:def:6344 The host is missing an important security update according to Microsoft security bulletin, MS12-047. The update is required to fix multiple elevation of privilege vulnerabilities. The flaws are present in the application, which fails to properly validate parameters when creating a hook procedure. Su ... oval:org.secpod.oval:def:6343 The host is installed with Microsoft Windows XP SP2, SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, R2 SP1, Windows 7 Gold or SP1 and is prone to an elevation of privilege vulnerability. A flaw is present in the application, which fails to properly validate parameters ... oval:org.secpod.oval:def:6342 The host is installed with Microsoft Windows XP SP2, SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, R2 SP1, Windows 7 Gold or SP1 and is prone to an elevation of privilege vulnerability. A flaw is present in the application, which fails to handle specific keyboard layo ... oval:org.secpod.oval:def:6349 The host is installed with Microsoft Data Access Components (MDAC) 2.8 SP1 and SP2 and Windows Data Access Components (WDAC) 6.0 and is prone to a remote code execution vulnerability. A flaw is present in the applications, which fail to handle a crafted XML data that triggers access to an uninitiali ... oval:org.secpod.oval:def:6350 The host is missing a critical security update according to Microsoft security bulletin, MS12-045. The update is required to fix a remote code execution vulnerability. A flaw is present in the applications, which fail to handle a crafted XML data that triggers access to an uninitialized object in me ... oval:org.secpod.oval:def:6345 The host is missing an important security update according to Microsoft security bulletin, MS12-048. The update is required to fix remote code execution vulnerability. A flaw is present in the Windows Shell, which fails to handle a file or directory with a specially crafted name. Successful exploita ... oval:org.secpod.oval:def:6346 The host is installed with Microsoft Windows and is prone to command injection vulnerability. A flaw is present in the windows shell, which fails to handle file and directory names. Successful exploitation allows remote attackers to install programs, view, change or delete data or create new account ... oval:org.secpod.oval:def:6340 The host is installed with Microsoft Internet Explorer 9 and is prone to a remote code execution vulnerability. A flaw is present in the application, which fails to properly handle a deleted object. Successful exploitation could allow attackers to execute arbitrary code. oval:org.secpod.oval:def:6354 The host is missing an important security update according to Microsoft bulletin, MS12-049. The update is required to fix information disclosure vulnerability. A flaw is present in the application, which is caused by a design flaw in the TLS protocol when Cipher-block chaining (CBC) mode of operatio ... oval:org.secpod.oval:def:6353 The host is installed with Microsoft Windows and is prone to information disclosure vulnerability. A flaw is present in the application, which is caused by a design flaw in the TLS protocol when Cipher-block chaining (CBC) mode of operation is used. Successful exploitation allows attackers to decryp ... oval:org.secpod.oval:def:6339 The host is installed with Microsoft Internet Explorer 9 and is prone to a cached object remote code execution vulnerability. A flaw is present in the application, which fails to properly handle a deleted object. Successful exploitation could allow attackers to execute arbitrary code. oval:org.secpod.oval:def:6036 The host is installed with Internet Explorer 6 through 8 and is prone to a remote code execution vulnerability. A flaw is present in the application, which fails to handle an object that has been deleted. Successful exploitation could allow attackers to execute arbitrary code. oval:org.secpod.oval:def:6035 The host is installed with Internet Explorer 6 through 9 and is prone to a remote code execution vulnerability. A flaw is present in the application, which fails to handle an object that has been deleted. Successful exploitation could allow attackers to execute arbitrary code. oval:org.secpod.oval:def:6047 The host is installed with Internet Explorer 6 through 9 and is prone to a remote code execution vulnerability. A flaw is present in the application, which fails to handle an object that has been deleted. Successful exploitation could allow attackers to execute arbitrary code. oval:org.secpod.oval:def:6046 The host is installed with Internet Explorer 6 through 9 and is prone to a remote code execution vulnerability. A flaw is present in the application, which fails to properly handle objects in memory. Successful exploitation could allow attackers to execute arbitrary code. oval:org.secpod.oval:def:6049 The host is installed with Internet Explorer 6 through 9 and is prone to a remote code execution vulnerability. A flaw is present in the application, which fails to properly handle objects in memory. Successful exploitation could allow attackers to execute arbitrary code. oval:org.secpod.oval:def:6043 The host is installed with Internet Explorer 7 through 9 and is prone to a remote code execution vulnerability. A flaw is present in the application, which fails to properly create and initialize string data. Successful exploitation could allow attackers to obtain sensitive information from process ... oval:org.secpod.oval:def:6042 The host is installed with Internet Explorer 6 through 9 and is prone to a cross site scripting vulnerability. A flaw is present in the application, which fails to handle crafted character sequences with EUC-JP encoding. Successful exploitation could allow attackers to inject arbitrary web script or ... oval:org.secpod.oval:def:6051 The host is installed with Internet Explorer 6 through 9 and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to block cross-domain scrolling events. Successful exploitation could allow attackers to read content from a different domain or zone. oval:org.secpod.oval:def:6052 The host is missing a critical security update according to Microsoft security bulletin, MS12-037. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails sanitize malicious input. Successful exploitation could allow attackers to execute arbitrar ... oval:org.secpod.oval:def:6199 The host is missing a critical security update according to Microsoft security bulletin, MS12-043. The update is required to fix remote code execution vulnerability. A flaw is present in the applications, which fail to handle a specially crafted webpage. Successful exploitation could allow attackers ... oval:org.secpod.oval:def:6029 The host is missing an important security update according to Microsoft bulletin, MS12-041. The update is required to fix elevation of privilege vulnerabilities. The flaws are present in the application, which fails to properly validate input passed from user mode. Successful exploitation allows att ... oval:org.secpod.oval:def:6033 The host is installed with Microsoft Windows XP or Windows Server 2003 or Windows Vista or Windows Server 2008 or R2 or Windows 7 and is prone to elevation of privilege vulnerability. A flaw is present in the application, which fails to properly validate input passed from user mode. Successful explo ... oval:org.secpod.oval:def:6032 The host is installed with Microsoft Windows XP or Windows Server 2003 or Windows Vista or Windows Server 2008 or R2 or Windows 7 and is prone to elevation of privilege vulnerability. A flaw is present in the application, which fails to properly validate input passed from user mode. Successful explo ... oval:org.secpod.oval:def:6031 The host is installed with Microsoft Windows XP or Windows Server 2003 or Windows Vista or Windows Server 2008 or R2 or Windows 7 and is prone to elevation of privilege vulnerability. A flaw is present in the application, which fails to properly handle TrueType font loading. Successful exploitation ... oval:org.secpod.oval:def:6026 The host is installed with Microsoft .Net framework 2.0 Sp2 or 3.5.1 or 4.0 or 4.5 Beta and is prone to remote code execution vulnerability. A flaw is present in the application, which fails to properly execute a function pointer. Successful exploitation allows attackers to take complete control of ... oval:org.secpod.oval:def:6024 The host is missing a critical security update according to Microsoft bulletin, MS12-038. The update is required to fix remote code execution vulnerability. A flaw is present in the application, which fails to properly execute a function pointer. Successful exploitation allows attackers to take comp ... oval:org.secpod.oval:def:6034 The host is installed with Microsoft Windows XP or Windows Server 2003 or Windows Vista or Windows Server 2008 or R2 or Windows 7 and is prone to elevation of privilege vulnerability. A flaw is present in the application, which fails to properly validate input passed from user mode. Successful explo ... oval:org.secpod.oval:def:5102 The host is installed with Windows XP SP2 or SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, R2 SP1, Windows 7 or SP1 and is prone to a remote code execution vulnerability. A flaw is present in the application, which fails to properly validate the digest of a signed por ... oval:org.secpod.oval:def:5585 The host is installed with Windows Vista SP2 or Windows Server 2008 SP2 or 2008 R2 or 2008 R2 SP1 or Windows 7 or SP1 and is prone to a privilege escalation vulnerability. A flaw is present in Windows Partition Manager, which fails to handle a specially crafted application. Successful exploitation c ... oval:org.secpod.oval:def:5584 The host is missing an important security update according to Microsoft security bulletin, MS12-033. The update is required to fix privilege escalation vulnerability. A flaw is present in Windows Partition Manager, which fails to handle a specially crafted application. Successful exploitation could ... oval:org.secpod.oval:def:5103 The host is missing a critical security update according to Microsoft bulletin, MS12-024. The update is required to fix a remote code execution vulnerability. A flaw is present in the application, which fails to properly validate the digest of a signed portable executable (PE) file. Successful explo ... oval:org.secpod.oval:def:6028 The host is installed with Microsoft Windows XP or Windows Server 2003 or Windows Vista or Windows Server 2008 or R2 or Windows 7 and is prone to remote code execution vulnerability. A flaw is present in the Remote Desktop Protocol, which fails to properly process RDP packets in memory. Successful e ... oval:org.secpod.oval:def:6027 The host is missing a critical security update according to MS12-036. The update is required to fix remote code execution vulnerability. A flaw is present in the application, which fails to handle specially crafted RDP packets. Successful exploitation allows remote attackers to take complete control ... oval:org.secpod.oval:def:5634 The host is installed with Microsoft Windows and is prone privilege escalation vulnerability. A flaw is present in the application, which fails to handle the Windows kernel-mode driver. Successful exploitation could allow remote attackers to install programs, view, change, or delete data or create n ... oval:org.secpod.oval:def:5636 The host is installed with Microsoft Windows and is prone privilege escalation vulnerability. A flaw is present in the application, which fails to handle the Windows kernel-mode driver. Successful exploitation could allow remote attackers to install programs, view, change, or delete data or create n ... oval:org.secpod.oval:def:5635 The host is installed with Microsoft Windows and is prone privilege escalation vulnerability. A flaw is present in the application, which fails to handle the Windows kernel-mode driver. Successful exploitation could allow remote attackers to install programs, view, change, or delete data or create n ... oval:org.secpod.oval:def:4131 The host is installed with Microsoft Windows XP or Windows Server 2003 or Windows Server 2008 or Windows Vista or Windows 7 or Windows Server 2008 R2 and is prone to elevation of privilege vulnerability. A flaw is present in the applications, where the Windows kernel-mode driver does not properly ha ... oval:org.secpod.oval:def:4132 The host is missing a critical security update according to Microsoft security bulletin, MS12-008. The update is required to fix multiple remote code execution vulnerabilities. The flaws are present in the applications, where the Windows kernel-mode driver fails to properly manage specific keyboard ... oval:org.secpod.oval:def:4146 The host is missing a critical security update according to Microsoft security bulletin, MS12-013. The update is required to fix remote code execution vulnerability. A flaw is present in Microsoft Windows C Run-Time Library, which fails to handle a specially crafted media file that is hosted on a we ... oval:org.secpod.oval:def:4147 The host is installed with Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, R2 SP1, R2-IA64 and Windows 7, SP1 and is prone buffer overflow vulnerability. A flaw is present in the C Run-Time Library msvcrt.dll file, which fails to handle a specially crafted media file. Successful exploitati ... oval:org.secpod.oval:def:3726 The host is installed with Microsoft Windows XP or Windows Server 2003 or Windows Server 2008 or Windows Vista or Windows 7 or Windows Server 2008 R2 and is prone to remote code execution vulnerability. A flaw is present in the applications, which does not perform proper validation on input passed f ... oval:org.secpod.oval:def:4732 The host is missing an important security update according to Microsoft security bulletin, MS12-018. The update is required to fix a privilege escalation vulnerability. A flaw is present in the microsoft windows kernel-mode drivers, which fails to handle a specially crafted application. Successful e ... oval:org.secpod.oval:def:4736 The host is missing a critical security update according to MS12-020. The update is required to fix remote code execution and denial of service vulnerabilities. The flaws are present in the application, which fails to properly process malicious contents. Successful exploitation allows remote attacke ... oval:org.secpod.oval:def:4733 The host is installed with Windows kernel-mode driver and is prone postmessage function vulnerability. A flaw is present in the kernel-mode driver, which fails to handle PostMessage function. Successful exploitation could allow remote attackers to install programs, view, change, or delete data or cr ... oval:org.secpod.oval:def:4734 The host is installed with Microsoft Windows and is prone to remote code execution vulnerability. A flaw is present in the Remote Desktop Protocol, where it accesses an object in memory that has been improperly initialized or has been deleted. Successful exploitation allows remote attackers to take ... oval:org.secpod.oval:def:4738 The host is installed with Windows DirectWrite and is prone denial of service vulnerability. A flaw is present in the DirectWrite application, which fails to handle a specially crafted sequence of unicode characters. Successful exploitation could allow remote attackers to cause a target application ... oval:org.secpod.oval:def:4133 The host is installed with Microsoft Windows XP SP2, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, R2 SP1, Windows 7 Gold or SP1 on 64-bit platforms and is prone to a privilege escalation vulnerability. A flaw is present in the application, which fails to properly validate ... oval:org.secpod.oval:def:4135 The host is missing an important security update according to Microsoft bulletin, MS12-009. The update is required to fix multiple privilege escalation vulnerabilities. The flaws are present in the application, which fails to properly validate user-mode input passed to kernel mode. Successful exploi ... oval:org.secpod.oval:def:4156 The host is missing a critical security update according to Microsoft security bulletin, MS12-016. The update is required to fix remote code execution vulnerabilities. The flaws are present in Microsoft .NET Framework and Microsoft Silverlight, which fails to handle a specially crafted web page usin ... oval:org.secpod.oval:def:4157 The host is installed with Microsoft .NET Framework 2.0 SP2, 3.5.1, 4.0 or Silverlight and is prone unmanaged objects vulnerability. A flaw is present in the applications, which fails to handle a specially crafted Microsoft .NET Framework application. Successful exploitation could allow remote attac ... oval:org.secpod.oval:def:4158 The host is installed with Microsoft .NET Framework 2.0 SP2, and 3.5.1 and is prone heap corruption vulnerability. A flaw is present in the Microsoft .NET Framework, which fails to handle calculation of buffer length while processing specially crafted input. Successful exploitation could allow remot ... oval:org.secpod.oval:def:3712 The host is installed is missing an important security update according to Microsoft security bulletin, ms12-003. The update is required to fix a privilege escalation vulnerability. A flaw is present in the application, which fails to handle the way that the CSRSS processes a sequence of specially c ... oval:org.secpod.oval:def:3711 The host is installed with Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP2, and Server 2008 SP2 and is prone to a privilege escalation vulnerability. A flaw is present in the application, which fails to handle the way that the CSRSS processes a sequence of specially crafted Unicode char ... oval:org.secpod.oval:def:3716 The host is missing an important security update according to Microsoft security bulletin, MS12-005. The update is required to fix remote code execution vulnerability. A flaw is present in the in Microsoft Windows, which fails to handle a specially crafted Microsoft Office file containing a maliciou ... oval:org.secpod.oval:def:3717 The host is installed with Microsoft Windows and is prone to remote code execution vulnerability. A flaw is present in the application which is caused by the way that Windows Packager loads ClickOnce applications embedded in Microsoft Office files. Successful exploitation allows remote attacker to g ... oval:org.secpod.oval:def:3631 The host is installed with Microsoft .NET Framework 1.1 or 2.0 or 3.5 or 3.5.1 or 4.0 and is prone to an elevation of privilege vulnerability. A flaw is present in the applications, which fail to correctly authenticate specially crafted usernames. Successful exploitation allows remote authenticated ... oval:org.secpod.oval:def:3632 The host is installed with Microsoft .NET Framework 1.1 or 2.0 or 3.5 or 3.5.1 or 4.0 and is prone to an elevation of privilege vulnerability. A flaw is present in the applications, which fail to properly handle cached content when Forms Authentication is used with sliding expiry. Successful exploit ... oval:org.secpod.oval:def:3630 The host is installed with Microsoft .Net Framework 2.0 or 3.5 or 3.5.1 or 4.0 and is prone to open redirect vulnerability. A flaw is present in the applications, which fail to properly verify return URLs during the forms authentication process. Successful exploitation allows remote attackers to red ... oval:org.secpod.oval:def:3633 The host is missing a critical security update according to Microsoft security bulletin, MS11-100. The update is required to fix multiple elevation of privilege vulnerabilities. The flaws are present in the applications, which fail to properly handle the Forms Authentication feature in ASP.NET subsy ... oval:org.secpod.oval:def:3629 The host is installed with Microsoft .NET Framework 1.1 or 2.0 or 3.5 or 3.5.1 or 4.0 and is prone to denial of service vulnerability. A flaw is present in the applications, where ASP.NET fails to properly hash specially crafted requests and inserts that data into a hash table causing a hash collisi ... oval:org.secpod.oval:def:3713 The host is installed with Microsoft Windows and is prone to remote code execution vulnerability. A flaw is present in the application, which is caused when Windows Media Player fails to handle a specially crafted MIDI file. Successful exploitation allows attackers to run arbitrary code in the conte ... oval:org.secpod.oval:def:3714 The host is installed with Microsoft Windows and is prone to remote code execution vulnerability. A flaw is present in the application, which is caused when filters in DirectShow do not properly handle specially crafted media files. Successful exploitation allows attackers to run arbitrary code in t ... oval:org.secpod.oval:def:3715 The host is missing a critical security update according to Microsoft bulletin MS12-004. The update is required to fix remote code execution vulnerability. A flaw is present in the application, which fails to handle a specially crafted media files. Successful exploitation allows attackers to run ar ... oval:org.secpod.oval:def:3707 The host is installed with Windows XP SP2, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, or R2 SP1, Windows 7 Gold or SP1 and is prone to a security bypass vulnerability. A flaw is present in the application, which fails to properly load structured exception handling tabl ... oval:org.secpod.oval:def:3708 The host is missing an important security update according to Microsoft security bulletin, MS12-001. The update is required to fix a security bypass vulnerability. A flaw is present in the application, which fails to properly load structured exception handling tables. Successful exploitation could ... oval:org.secpod.oval:def:3435 The host is installed with Active Directory or Active Directory Application Mode (ADAM) or Active Directory Lightweight Directory Service (AD LDS) and is prone to a remote code execution vulnerability. A flaw is present in the application, which fails to handle a crafted application when run by an a ... oval:org.secpod.oval:def:3426 The host is missing an important security update according to Microsoft security bulletin, MS11-097. The update is required to fix elevation of privilege vulnerability. A flaw is present in the Client/Server Run-time Subsystem (CSRSS), which fails to properly validate permissions when a lower-integr ... oval:org.secpod.oval:def:2721 The host is missing a critical security update according to Microsoft security bulletin, MS11-083. The update is required to fix a remote code execution vulnerability. A flaw is present in the applications, which fail to handle the processing of a continuous flow of specially crafted UDP packets to ... oval:org.secpod.oval:def:2714 The host is missing an important security update according to Microsoft security bulletin, MS11-085. The update is required to fix remote code execution vulnerability. A flaw is present in the Windows Mail and Windows Meeting Space, which fails to handle a specially crafted dynamic link library (DLL ... oval:org.secpod.oval:def:3422 The host is missing a critical security update according to Microsoft security bulletin, MS11-087. The update is required to fix a remote code execution vulnerability. A flaw is present in the application, which fails to handle a specially crafted TrueType font file. Successful exploitation could al ... oval:org.secpod.oval:def:2520 The host is missing an important security update according to Microsoft security bulletin, MS11-077. The update is required to fix remote code execution vulnerabilities. The flaws are present in Microsoft Windows, which fails to handle a specially crafted font file (such as a .fon file) in a network ... oval:org.secpod.oval:def:2251 The host is installed with components which are prone to remote code execution vulnerability. Flaws are present in the Windows components, which fails to handle legitimate rich test format files, text files and .doc files present in the same network directory as a specially crafted dynamic link libr ... oval:org.secpod.oval:def:2252 The host is missing an important security update according to Microsoft security bulletin, MS11-071. The update is required to fix a remote code execution vulnerability.Flaws are present in the Windows components, which fails to handle legitimate rich test format files, text files and .doc files pre ... oval:org.secpod.oval:def:2536 The host is missing a important security update according to Microsoft security bulletin, MS11-075. The update is required to fix a remote code execution vulnerability. A flaw is present in the Microsoft Active Accessibility component, which fails to handle specially crafted dynamic link library fil ... oval:org.secpod.oval:def:2537 The host is installed with Microsoft Active Accessibility component and is prone to a remote code execution vulnerability. A flaw is present in the Microsoft Active Accessibility component, which fails to handle specially crafted dynamic link library file present in the same network directory. Succe ... oval:org.secpod.oval:def:1755 The host is missing a moderatesecurity update according to Microsoft security bulletin, MS11-069. The update is required to fix an information disclosure vulnerability. A flaw is present in the applications which fails to properly validate the trust level within the System.Net.Sockets namespace. Suc ... oval:org.secpod.oval:def:1754 The host is installed with Microsoft .NET Framework 2.0 SP2 or 3.5.1 SP1 or 4.0 and is prone to information disclosure vulnerability. A flaw is present in the applications which fails to properly validate the trust level within the System.Net.Sockets namespace. Successful exploitation allows attacke ... oval:org.secpod.oval:def:1749 The host is missing a moderate security update according to Microsoft security bulletin, MS11-068. The update is required to fix a denial of service vulnerability. A flaw is present in operating system, the way Windows Kernel accesses a specially crafted file on the network share or a web site. Succ ... oval:org.secpod.oval:def:1735 The host is missing an important security update according to microsoft bulletin MS11-066. The update is required to fix an information disclosure vulnerability. A flaw is present in the application, which fails to handle special characters within a specially crafted URI. Successful exploitation cou ... oval:org.secpod.oval:def:1408 The host is missing an Important security update according to Microsoft security bulletin, MS11-054. The update is required to fix elevation of privilege vulnerability in Windows 7 or Windows Server 2003 or Windows Server 2008 or Windows Vista or Windows XP. A flaw is present in windows Kernel-mode ... oval:org.secpod.oval:def:1404 The host is installed with Windows XP, Windows Vista, Windows Server 2008, Windows Server 2003 and Windows 7 and is prone to null pointer de-reference vulnerability. A flaw is present in windows Kernel-mode drivers which does not properly manage pointers to kernel-mode driver objects. Successful exp ... oval:org.secpod.oval:def:1407 The host is installed with Windows Vista, Windows Server 2008 and Windows 7 and is prone to null pointer de-reference vulnerability. A flaw is present in windows Kernel-mode drivers which does not properly manage pointers to kernel-mode driver objects. Successful exploitation allows attackers to run ... oval:org.secpod.oval:def:1406 The host is installed with Windows Vista, Windows Server 2008 and Windows 7 and is prone to null pointer de-reference vulnerability. A flaw is present in windows Kernel-mode drivers which does not properly manage pointers to kernel-mode driver objects. Successful exploitation allows attackers to run ... oval:org.secpod.oval:def:1744 The host is missing an important security update according to Microsoft bulletin MS11-064. The update is required to fix multiple denial of service vulnerabilities. A flaw is present in the application, which fails to handle specially crafted ICMP messages. Successful exploitation allows attackers t ... oval:org.secpod.oval:def:1739 The host is missing an important security update according to Microsoft security bulletin, MS11-056. The update is required to fix elevation of privilege vulnerability in Windows Client/Server Run-time Subsystem. The flaw is present in Client/Server Run-time Subsystem (CSRSS), which fails to restric ... oval:org.secpod.oval:def:1399 The host is installed with Windows XP, Windows Vista, Windows Server 2008, Windows Server 2003 and Windows 7 and is prone to null pointer de-reference vulnerability. A flaw is present in windows Kernel-mode drivers which does not properly manage pointers to kernel-mode driver objects. Successful exp ... oval:org.secpod.oval:def:1401 The host is installed with Windows XP, Windows Vista, Windows Server 2008, Windows Server 2003 and Windows 7 and is prone to use after free vulnerability. A flaw is present in windows Kernel-mode drivers which does not properly manage kernel-mode driver objects. Successful exploitation allows attack ... oval:org.secpod.oval:def:1400 The host is installed with Windows XP, Windows Vista, Windows Server 2008, Windows Server 2003 and Windows 7 and is prone to null pointer de-reference vulnerability. A flaw is present in windows Kernel-mode drivers which does not properly manage pointers to kernel-mode driver objects. Successful exp ... oval:org.secpod.oval:def:1403 The host is installed with Windows XP, Windows Vista, Windows Server 2008, Windows Server 2003 and Windows 7 and is prone to use after free vulnerability. A flaw is present in windows Kernel-mode drivers which does not properly manage kernel-mode driver objects. Successful exploitation allows attack ... oval:org.secpod.oval:def:1402 The host is installed with Windows XP, Windows Vista, Windows Server 2008, Windows Server 2003 and Windows 7 and is prone to use after free vulnerability. A flaw is present in windows Kernel-mode drivers which does not properly manage kernel-mode driver objects. Successful exploitation allows attack ... oval:org.secpod.oval:def:1395 The host is installed with Windows XP, Windows Vista, Windows Server 2008, Windows Server 2003 and Windows 7 and is prone to use after free vulnerability. A flaw is present in windows Kernel-mode drivers which does not properly manage kernel-mode driver objects. Successful exploitation allows attack ... oval:org.secpod.oval:def:1394 The host is installed with Windows XP, Windows Vista, Windows Server 2008, Windows Server 2003 and Windows 7 and is prone to use after free vulnerability. A flaw is present in windows Kernel-mode drivers which does not properly manage kernel-mode driver objects. Successful exploitation allows attack ... oval:org.secpod.oval:def:1397 The host is installed with Windows XP, Windows Vista, Windows Server 2008, Windows Server 2003 and Windows 7 and is prone to use after free vulnerability. A flaw is present in windows Kernel-mode drivers which does not properly manage kernel-mode driver objects. Successful exploitation allows attack ... oval:org.secpod.oval:def:1396 The host is installed with Windows Vista, Windows Server 2008 and Windows 7 and is prone to use after free vulnerability. A flaw is present in windows Kernel-mode drivers which does not properly manage kernel-mode driver objects. Successful exploitation allows attackers to run arbitrary code in kern ... oval:org.secpod.oval:def:1398 The host is installed with Windows XP, Windows Vista, Windows Server 2008, Windows Server 2003 and Windows 7 and is prone to use after free vulnerability. A flaw is present in windows Kernel-mode drivers which does not properly manage kernel-mode driver objects. Successful exploitation allows attack ... oval:org.secpod.oval:def:1393 The host is installed with Windows XP, Windows Vista, Windows Server 2008, Windows Server 2003 and Windows 7 and is prone to use after free vulnerability. A flaw is present in windows Kernel-mode drivers which does not properly manage kernel-mode driver objects. Successful exploitation allows attack ... oval:org.secpod.oval:def:1410 The host is installed with Microsoft Windows XP or Windows server 2003 or Windows server 2008 or Windows Vista or Windows 7 or Windows server 2008 R2 and is prone to memory corruption vulnerability. A flaw is present in Client/Server Run-time Subsystem (CSRSS) where a NULL pointer is passed without ... oval:org.secpod.oval:def:1412 The host is installed with Microsoft Windows XP or Windows server 2003 or Windows server 2008 or Windows Vista or Windows 7 or Windows server 2008 R2 and is prone to elevation of privilege vulnerability. A flaw is present in Client/Server Run-time Subsystem (CSRSS) that is caused by an integer overf ... oval:org.secpod.oval:def:1411 The host is installed with Microsoft Windows XP or Windows server 2003 or Windows server 2008 or Windows Vista and is prone to elevation of privilege vulnerability. A flaw is present in Client/Server Run-time Subsystem (CSRSS) that is caused when user input is used as an index for an array without f ... oval:org.secpod.oval:def:1414 The host is missing an important security update according to Microsoft security bulletin, MS11-056. The update is required to fix elevation of privilege vulnerability in Windows Client/Server Run-time Subsystem. A flaw is present in Client/Server Run-time Subsystem (CSRSS) that is caused by an inte ... oval:org.secpod.oval:def:1409 The host is installed with Microsoft Windows XP or Windows server 2003 or Windows server 2008 or Windows Vista or Windows 7 or Windows server 2008 R2 and is prone to elevation of privilege vulnerability. A flaw is present in Client/Server Run-time Subsystem (CSRSS) that is caused by a memory corrupt ... oval:org.secpod.oval:def:2723 The host is missing a Critical security update according to Microsoft security bulletin, MS11-037. The update is required to fix an information disclosure vulnerability. A flaw is present in the application, as it fails to handle the way that MHTML interprets MIME-formatted requests for content that ... oval:org.secpod.oval:def:1198 The host is missing a Critical security update according to Microsoft security bulletin MS11-050. The update is required to fix multilple vulnerabilities. The flaws are present in the browser, which fails to access an object that has not been properly initialized or has been deleted. Successful expl ... oval:org.secpod.oval:def:1168 The host is installed with Microsoft Windows XP SP2 or SP3, Windows Server 2003 SP2, Windows Vista SP1 or SP2, Windows Server 2008 and SP2 or Windows 7 and is prone to an information disclosure vulnerability. A flaw is present in the MHTML implementation which fails to open a specially crafted URL. ... oval:org.secpod.oval:def:1170 The host is missing a Critical security update according to Microsoft security bulletin, MS11-038. The update is required to fix remote code execution vulnerability. A flaw is present in the application which fails to handle specially crafted request. Successful exploitation allows remote attackers ... oval:org.secpod.oval:def:1183 The host is missing a Critical security update according to Microsoft security bulletin, MS11-044. The update is required to fix remote code execution vulnerability in Microsoft .NET Framework on Windows 7 or Windows Server 2003 or Windows Server 2008 or Windows Vista or Windows XP. The flaw is pres ... oval:org.secpod.oval:def:1169 The host is installed with Microsoft Windows XP SP3, Microsoft Windows Server 2003 XP2, Windows Server 2008 SP1 or SP2 and is prone to remote code execution vulnerability. A flaw is present in the application which fails to handle specially crafted request. Successful exploitation allows remote atta ... oval:org.secpod.oval:def:1201 The host is installed with Microsoft Internet Explorer and is prone information disclosure vulnerability. A flaw is present in the browser, which fails to handle a crafted Web page. Successful exploitation could allow remote attackers to execute arbitrary code or gain sensitive information. oval:org.secpod.oval:def:821 The host is missing a Critical security update according to Microsoft security bulletin, MS11-018. The update is required to fix multiple remote code execution vulnerabilities in Microsoft Internet Explorer. The flaws are present in the browser, which fails to implement appropriate memory protection ... oval:org.secpod.oval:def:993 The host is missing an critical security update according to Microsoft security bulletin, MS11-033. The update is required to fix remote code execution vulnerability in Javascript and Vbscript scripting engines. A flaw is present in the application which is caused when the scripting engines attempt ... oval:org.secpod.oval:def:715 The host is installed with Javascript and Vbscript 5.6 or 5.7 or 5.8 scripting engines and is prone to remote code execution vulnerability. A flaw is present in the application which is caused when the scripting engines attempt to reallocate memory while decoding a script in order to run it, an inte ... oval:org.secpod.oval:def:995 The host is missing a critical security update according to Microsoft security bulletin, MS11-029. The update is required to fix remote code execution vulnerability in Microsoft Windows. A flaw is present in GDI+ which does not properly handle integer calculations. Successful exploitation allows att ... oval:org.secpod.oval:def:714 The host is installed with Microsoft .NET Framework and is prone to remote code execution vulnerability. A flaw is present in x86 JIT compiler, which fails to compiling certain function calls. Successful exploitation could allow remote attackers to corrupt the stack and execute remote code. oval:org.secpod.oval:def:990 The host is missing an Important security update according to Microsoft security bulletin, MS11-017. The update is required to fix remote code execution vulnerability in Microsoft Windows Remote Desktop Client. A flaw is present in the application which fails to handle the loading of DLL files. Succ ... oval:org.secpod.oval:def:1049 The host is missing a critical security update according to Microsoft security bulletin, MS11-003. The update is required to fix memory corruption vulnerability in Microsoft Internet Explorer. A flaw is present in the application, which fails to properly handle memory access. Successful exploitation ... oval:org.mitre.oval:def:12411 Microsoft Data Access Components (MDAC) 2.8 SP1 and SP2, and Windows Data Access Components (WDAC) 6.0, does not properly validate memory allocation for internal data structures, which allows remote attackers to execute arbitrary code, possibly via a large CacheSize property that triggers an integer ... oval:org.mitre.oval:def:12333 Integer signedness error in the SQLConnectW function in an ODBC API (odbc32.dll) in Microsoft Data Access Components (MDAC) 2.8 SP1 and SP2, and Windows Data Access Components (WDAC) 6.0, allows remote attackers to execute arbitrary code via a long string in the Data Source Name (DSN) and a crafted ... oval:org.mitre.oval:def:12323 The Consent User Interface (UI) in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly handle an unspecified registry-key value, which allows local users with SeImpersonatePrivilege rights to gain privileges via a crafted application, aka "Cons ... oval:org.secpod.oval:def:1273 The host is missing a critical security update according to Microsoft security bulletin, MS10-100. The update is required to fix local privilege escalation vulnerability. A flaw is present in the Consent User Interface (UI) in User Account Control (UAC), which fails to handle an unspecified registry ... oval:org.mitre.oval:def:11671 Stack-based buffer overflow in the CreateSizedDIBSECTION function in shimgvw.dll in the Windows Shell graphics processor (aka graphics rendering engine) in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary ... oval:org.mitre.oval:def:12357 The OpenType Font (OTF) driver in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly perform array indexing, which allows local users to gain privileges via a crafted OpenType font, aka "OpenTyp ... oval:org.mitre.oval:def:12280 The OpenType Font (OTF) driver in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges via a crafted CMAP table in an OpenType font, aka "OpenType CMAP Table Vulnerability." oval:org.mitre.oval:def:12329 Double free vulnerability in the OpenType Font (OTF) driver in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges via a crafted OpenType font, aka "OpenType Font Double Free ... oval:org.mitre.oval:def:12317 win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly link driver objects, which allows local users to gain privileges via a crafted application that trigge ... oval:org.mitre.oval:def:11762 win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly allocate memory for copies from user mode, which allows local users to gain privileges via a crafted a ... oval:org.secpod.oval:def:1270 The host is missing a critical security update according to Microsoft security bulletin, MS10-098. The update is required to fix multiple vulnerabilities. Flaws are present in the Win32k.sys in the kernel-mode drivers, which fails to allocate memory when copying data from user mode. Successful explo ... oval:org.secpod.oval:def:1351 The host is missing a critical security update according to Microsoft security bulletin, MS10-091. The update is required to fix multiple vulnerabilities. Multiple flaws are present in the OpenType Font (OTF) driver, which fails to parse specially crafted OpenType fonts. Successful exploitation coul ... oval:org.mitre.oval:def:11959 Double free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold and SP2, and Windows 7 allows local users to gain privileges via a crafted application, aka "Win32k Double Free Vulnera ... oval:org.mitre.oval:def:12252 Buffer overflow in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges via vectors related to improper memory allocation for copies fr ... oval:org.mitre.oval:def:12304 The Windows Task Scheduler in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly determine the security context of scheduled tasks, which allows local users to gain privileges via a crafted application, aka "Task Scheduler Vulnerability." NOTE ... oval:org.secpod.oval:def:1561 The host is missing a critical security update according to Microsoft security bulletin, MS10-090. The update is required to fix multiple vulnerabilities. Multiple flaws are present in the Internet Explorer, which fails to handle objects in memory and script. Successful exploitation could allow an a ... oval:org.mitre.oval:def:12194 Double free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges via a crafted application, aka "Win32k PFE Pointer Do ... oval:org.mitre.oval:def:12204 Microsoft Internet Explorer 6 and 7 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "HTML Object Memory Corruption Vulnerability." oval:org.secpod.oval:def:1352 The host is missing a critical security update according to Microsoft security bulletin, MS10-092. The update is required to fix privilege escalation vulnerability. A flaw is present in the Microsoft Windows Task Scheduler, which fails to validate whether scheduled tasks run within the intended secu ... oval:org.mitre.oval:def:6928 Microsoft Internet Explorer 6 through 8 does not properly restrict script access to content from a different (1) domain or (2) zone, which allows remote attackers to obtain sensitive information via a crafted web site, aka "Cross-Domain Information Disclosure Vulnerability." oval:org.mitre.oval:def:7410 Microsoft Internet Explorer 6 through 8 does not properly handle unspecified special characters in Cascading Style Sheets (CSS) documents, which allows remote attackers to obtain sensitive information from a different (1) domain or (2) zone via a crafted web site, aka "CSS Special Character Informat ... oval:org.mitre.oval:def:7417 The implementation of HTML content creation in Microsoft Internet Explorer 6 through 8 does not remove the Anchor element during pasting and editing, which might allow remote attackers to obtain sensitive deleted information by visiting a web page, aka "Anchor Element Information Disclosure Vulnerab ... oval:org.mitre.oval:def:7482 mshtmled.dll in Microsoft Internet Explorer 7 and 8 allows remote attackers to execute arbitrary code via a crafted Microsoft Office document that causes the HtmlDlgHelper class destructor to access uninitialized memory, aka "Uninitialized Memory Corruption Vulnerability." oval:org.mitre.oval:def:6832 Microsoft Internet Explorer 6 through 8 does not properly handle objects in memory in certain circumstances involving use of Microsoft Word to read Word documents, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, ... oval:org.mitre.oval:def:6806 The Secure Channel (aka SChannel) security package in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7, when IIS 7.x is used, does not properly process client certificates during SSL and TLS handshakes, which allows remote attackers to cause a denial of servi ... oval:org.mitre.oval:def:6824 The JIT compiler in Microsoft .NET Framework 4.0 on 64-bit platforms does not properly perform optimizations, which allows remote attackers to execute arbitrary code via a crafted .NET application that triggers memory corruption, aka ".NET Framework x64 JIT Compiler Vulnerability." oval:org.secpod.oval:def:1376 The host is missing a critical security update according to Microsoft security bulletin, MS10-085. The update is required to fix denial of service vulnerability. A flaw is present in the SChannel security package in Microsoft Windows, which fails to validate a specially crafted packet message sent v ... oval:org.secpod.oval:def:1384 The host is missing a critical security update according to Microsoft security bulletin, MS10-077. The update is required to fix remote code execution vulnerability. A flaw is present in the .NET Framework, which is due to an unspecified error in the JIT compiler while optimizing code. Successful ex ... oval:org.secpod.oval:def:1390 The host is missing a critical security update according to Microsoft security bulletin, MS10-076. The update is required to fix integer overflow vulnerability. A flaw is present in the Embedded OpenType (EOT) Font Engine (t2embed.dll) in Microsoft Windows, which fails to parse 'hdmx' records in an ... oval:org.secpod.oval:def:1456 The host is missing a critical security update according to Microsoft security bulletin, MS10-081. The update is required to fix heap-based buffer overflow vulnerability. A flaw is present in the common control library (Comctl32.dll) in Microsoft Windows, which fails to handle messages passed from a ... oval:org.secpod.oval:def:1520 The host is missing a critical security update according to Microsoft security bulletin, MS10-073. The update is required to fix privilege escalation vulnerability. A flaw is present in the Win32k.sys in Kernel-Mode drivers in the Microsoft Windows, which fails to load keyboard layouts from disk or ... oval:org.mitre.oval:def:7514 The kernel-mode drivers in Microsoft Windows XP SP3 do not properly perform indexing of a function-pointer table during the loading of keyboard layouts from disk, which allows local users to gain privileges via a crafted application, as demonstrated in the wild in July 2010 by the Stuxnet worm, aka ... oval:org.mitre.oval:def:6653 Microsoft Windows Media Player (WMP) 9 through 12 does not properly deallocate objects during a browser reload action, which allows user-assisted remote attackers to execute arbitrary code via crafted media content referenced in an HTML document, aka "Windows Media Player Memory Corruption Vulnerabi ... oval:org.mitre.oval:def:7272 Heap-based buffer overflow in Comctl32.dll (aka the common control library) in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7, when a third-party SVG viewer is used, allows remote attackers to execute arbitra ... oval:org.mitre.oval:def:12085 The kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 do not properly manage a window class, which allows local users to gain privileges by creating a window, then using (1) the SetWindowL ... oval:org.mitre.oval:def:6881 Integer overflow in the Embedded OpenType (EOT) Font Engine in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows remote attackers to execute arbitrary code via a crafted table in an embedded font, aka "Em ... oval:org.secpod.oval:def:1380 The host is missing a critical security update according to Microsoft security bulletin, MS10-082. The update is required to fix remote code execution vulnerability. A flaw is present in the Microsoft Windows Media Player (WMP), which fails to deallocate objects during a browser reload action. Succe ... oval:org.mitre.oval:def:12352 Untrusted search path vulnerability in wab.exe 6.00.2900.5512 in Windows Address Book in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges via a Trojan horse wab32res.dll fi ... oval:org.secpod.oval:def:2064 The host is missing a critical security update according to Microsoft security bulletin, MS10-062. The update is required to fix code execution vulnerability. A flaw is present in the MPEG-4 codec in the Windows Media codecs in Microsoft Windows, which fails to handle crafted media content with MPEG ... oval:org.secpod.oval:def:2079 The host is missing a critical security update according to Microsoft security bulletin, MS10-068. The update is required to fix heap-based buffer overflow vulnerability. A flaw is present in the Local Security Authority Subsystem Service (LSASS) in Microsoft Windows, which fails to validate malform ... oval:org.secpod.oval:def:1272 The host is missing a critical security update according to Microsoft security bulletin, MS10-096. The update is required to fix remote code execution vulnerability. A flaw is present in the wab.exe in Windows Address Book, which fails to load dynamic-link libraries. Successful exploitation could al ... oval:org.secpod.oval:def:1726 The host is missing a critical security update according to Microsoft security bulletin, MS10-061. The update is required to fix code execution vulnerability. A flaw is present in the Print Spooler service in Microsoft Windows, which fails to validate spooler access permissions when printer sharing ... oval:org.mitre.oval:def:7318 The MPEG-4 codec in the Windows Media codecs in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, and Server 2008 Gold and SP2 does not properly handle crafted media content with MPEG-4 video encoding, which allows remote attackers to execute arbitrary code via a file in an unspe ... oval:org.mitre.oval:def:7358 The Print Spooler service in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7, when printer sharing is enabled, does not properly validate spooler access permissions, which allows remote attackers to create fil ... oval:org.mitre.oval:def:11426 The Tracing Feature for Services in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly determine the length of strings in the registry, which allows local users to gain privileges or cause a denial of service (memory corruption) via vectors in ... oval:org.mitre.oval:def:12082 The Tracing Feature for Services in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 has incorrect ACLs on its registry keys, which allows local users to gain privileges via vectors involving a named pipe and impersonation, aka "Tracing Registry Key ACL Vulne ... oval:org.secpod.oval:def:1725 The host is missing a critical security update according to Microsoft security bulletin, MS10-059. The update is required to fix privilege escalation vulnerability. A flaw is present in the Tracing Feature for Services in Microsoft Windows, which fails to process specially crafted long strings from ... oval:org.mitre.oval:def:11106 The SMB Server in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate fields in an SMB request, which allows remote attackers to execute arbitrary code via a crafted SMB packet, aka "SMB ... oval:org.secpod.oval:def:1575 The host is missing a critical security update according to Microsoft security bulletin, MS10-054. The update is required to fix code execution vulnerabilities. Multiple flaws are present in the SMB Server in Microsoft Windows, which fails to validate fields in a SMB request. Successful exploitation ... oval:org.mitre.oval:def:12072 Stack consumption vulnerability in the SMB Server in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows remote attackers to cause a denial of service (system hang) via a malformed SMBv2 compounded request, aka "SMB Stack Exhaustion Vulnerability." oval:org.mitre.oval:def:12015 The SMB Server in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate an internal variable in an SMB packet, which allows remote attackers to cause a denial of service (system hang) via a crafted (1) SMBv1 or (2) SMBv2 packet, aka "SMB ... oval:org.mitre.oval:def:12006 The Windows kernel-mode drivers in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, and Windows Server 2008 Gold and SP2 do not properly validate user-mode input passed to kernel mode, which allows local users to gain privileges via a crafted applic ... oval:org.mitre.oval:def:11663 The Windows kernel-mode drivers in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 do not properly validate pseudo-handle values in callback parameters during window creation, which allows local ... oval:org.secpod.oval:def:1375 The host is missing a critical security update according to Microsoft security bulletin, MS10-048. The update is required to fix privilege escalation vulnerabilities. Flaws are present in the Windows Kernel-Mode Drivers, which fails to validate specially crafted applications. Successful exploitatio ... oval:org.mitre.oval:def:11044 Double free vulnerability in the kernel in Microsoft Windows Vista SP1 and SP2, and Windows Server 2008 Gold and SP2, allows local users to gain privileges via a crafted application, related to object initialization during error handling, aka "Windows Kernel Double Free Vulnerability." oval:org.mitre.oval:def:11020 The Windows kernel-mode drivers in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 do not properly validate an unspecified system-call argument, which allows local users to cause a denial of serv ... oval:org.mitre.oval:def:11845 The TCP/IP stack in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly handle malformed IPv6 packets, which allows remote attackers to cause a denial of service (system hang) via multiple crafted packets, aka "IPv6 Memory Corruption Vulnerabil ... oval:org.mitre.oval:def:11789 The kernel in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate ACLs on kernel objects, which allows local users to cause a denial of service (reboot) via a crafted application, aka "Windows Kernel Improper Validation Vulnerability." oval:org.secpod.oval:def:1268 The host is missing a critical security update according to Microsoft security bulletin, MS10-047. The update is required to fix privilege escalation vulnerabilities. Flaws are present in the Windows Kernel, which fails to initialize and validate kernel objects while handling certain errors. Success ... oval:org.secpod.oval:def:1724 The host is missing a critical security update according to Microsoft security bulletin, MS10-058. The update is required to fix multiple vulnerabilities. Multiple flaws are present in the TCP/IP stack in Microsoft Windows, which fails to handle malformed IPv6 packets. Successful exploitation could ... oval:org.mitre.oval:def:11564 Windows Shell in Microsoft Windows XP SP3, Server 2003 SP2, Vista SP1 and SP2, Server 2008 SP2 and R2, and Windows 7 allows local users or remote attackers to execute arbitrary code via a crafted (1) .LNK or (2) .PIF shortcut file, which is not properly handled during icon display in Windows Explore ... oval:org.mitre.oval:def:7406 Microsoft Internet Explorer 6 SP1 and SP2, 7, and 8 allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, related to the CStyleSheet object and a free of the root container, aka "Memory Corrupti ... oval:org.mitre.oval:def:11954 Microsoft Internet Explorer 6, 7, and 8 does not properly determine the origin of script code, which allows remote attackers to execute script in an unintended domain or security zone, and obtain sensitive information, via unspecified vectors, aka "Event Handler Cross-Domain Vulnerability." oval:org.secpod.oval:def:3297 The host is missing a critical security update according to Microsoft security bulletin, MS10-033. The update is required to fix remote code execution vulnerabilities. The flaws are present in the Microsoft Windows Media Decompression, which fails to parse a crafted media file or streaming content. ... oval:org.mitre.oval:def:7517 Unspecified vulnerability in Quartz.dll for DirectShow; Windows Media Format Runtime 9, 9.5, and 11; Media Encoder 9; and the Asycfilt.dll COM component allows remote attackers to execute arbitrary code via a media file with crafted compression data, aka "Media Decompression Vulnerability." oval:org.mitre.oval:def:12215 Use-after-free vulnerability in the kernel-mode drivers in Microsoft Windows Vista SP1 and SP2 and Server 2008 Gold and SP2 allows local users to gain privileges or cause a denial of service (system crash) by using a large number of calls to the NtUserCheckAccessForIntegrityLevel function to trigger ... oval:org.secpod.oval:def:1216 The host is missing a Critical security update according to Microsoft security bulletin, MS10-053. The update is required to fix multiple vulnerabilities. Flaws are present in the Internet Explorer which fails to properly access an object that has not been correctly initialized or has been deleted.. ... oval:org.secpod.oval:def:1378 The host is missing a Critical security update according to Microsoft security bulletin, MS10-046. The update is required to fix remote code execution vulnerability. A flaw is present in the Windows Shell, which fails to parse a malicious shortcut file and executes a malicious code when the operatin ... oval:org.secpod.oval:def:2669 The host is missing a critical security update according to Microsoft security bulletin, MS10-035. The update is required to fix multiple vulnerabilities. Flaws are present in the Internet Explorer, which fails to handle objects in memory, sanitize HTML scripts and improper data caching. Successful ... oval:org.secpod.oval:def:1447 The host is missing a critical security update according to Microsoft security bulletin, MS10-032. The update is required to fix privilege escalation vulnerabilities. Flaws are present in the Windows kernel-mode drivers, which fails to validate callback parameter and the way it provides outlines of ... oval:org.secpod.oval:def:1990 The host is missing a critical security update according to Microsoft security bulletin, MS10-034. The update is required to fix remote code execution vulnerability. A flaw is present in the activex control iedvtool.dll and max3activex.dll, which fails to handle specially crafted Web page. Successfu ... oval:org.mitre.oval:def:7609 The Windows kernel-mode drivers in win32k.sys in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, and Server 2008 Gold and SP2 "do not properly validate changes in certain kernel objects," which allows local users to execute arbitrary code via vectors related to Device ... oval:org.mitre.oval:def:7283 The Windows kernel-mode drivers in win32k.sys in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, Server 2008 Gold and SP2, Windows 7, and Server 2008 R2 allows local users to execute arbitrary code via vectors related to "glyph outline information" and TrueType fonts, ... oval:org.mitre.oval:def:7324 Microsoft Internet Explorer 6 SP1 and SP2, 7, and 8 allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability." oval:org.mitre.oval:def:6948 The Windows kernel-mode drivers in win32k.sys in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, Server 2008 Gold and SP2, Windows 7, and Server 2008 R2 "do not properly validate all callback parameters when creating a new window," which allows local users to execute ... oval:org.secpod.oval:def:1523 The host is missing a Critical security update according to Microsoft security bulletin, MS10-040. The update is required to fix remote code execution vulnerability. A flaw is present in the Internet Information Services (IIS), which fails to validate a specially crafted HTTP request. Successful exp ... oval:org.mitre.oval:def:7149 Unspecified vulnerability in Microsoft IIS 6.0, 7.0, and 7.5, when Extended Protection for Authentication is enabled, allows remote authenticated users to execute arbitrary code via unknown vectors related to "token checking" that trigger memory corruption, aka "IIS Authentication Memory Corruption ... oval:org.secpod.oval:def:1457 The host is missing a critical security update according to Microsoft security bulletin, MS10-029. The update is required to fix address spoofing vulnerability. A flaw is present in the ISATAP Component, which fails to check the inner packet's IPv6 source address in a tunneled ISATAP packets. Succes ... oval:org.mitre.oval:def:7012 The kernel in Microsoft Windows Vista Gold, SP1, and SP2, and Windows Server 2008 Gold and SP2, does not properly handle unspecified exceptions, which allows local users to cause a denial of service (reboot) via a crafted application, aka "Windows Kernel Exception Handler Vulnerability." oval:org.mitre.oval:def:7072 Unspecified vulnerability in the Windows OpenType Compact Font Format (CFF) driver in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, Server 2008 SP2 and R2, and Windows 7 allows local users to execute arbitrary code via unknown vectors related to improper validation ... oval:org.mitre.oval:def:7574 Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allow remote attackers to bypass intended IPv4 source-address restrictions via a mismatched IPv6 source address in a tunneled ISATAP packet, aka "ISATAP IPv6 Source Address Spoofing Vulnerabilit ... oval:org.secpod.oval:def:1585 The host is missing a critical security update according to Microsoft security bulletin, MS10-021. The update is required to fix privilege escalation vulnerabilities. Flaws are present in the Windows Kernel, which fails to validate specially crafted applications like the creation of symbolic links o ... oval:org.secpod.oval:def:2048 The host is missing a critical security update according to Microsoft security bulletin, MS10-019. The update is required to fix remote code execution vulnerabilities. Flaws are present in the Windows cabinet file viewer shell extension and authenticode signature verification used for portable execu ... oval:org.secpod.oval:def:2033 The host is missing a critical security update according to Microsoft security bulletin, MS10-030. The update is required to fix remote code execution vulnerability. Flaws are present in Outlook Express and Windows Mail, which fails to handle a specially crafted mail responses. Successful exploitati ... oval:org.mitre.oval:def:6734 Integer overflow in inetcomm.dll in Microsoft Outlook Express 5.5 SP2, 6, and 6 SP1; Windows Live Mail on Windows XP SP2 and SP3, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7; and Windows Mail on Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and ... oval:org.mitre.oval:def:6886 The Authenticode Signature verification functionality in cabview.dll in Cabinet File Viewer Shell Extension 5.1, 6.0, and 6.1 in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does no ... oval:org.secpod.oval:def:1382 The host is missing a critical security update according to Microsoft security bulletin, MS10-037. The update is required to fix privilege escalation vulnerability. A flaw is present in the Windows OpenType Compact Font Format (CFF) driver, which fails to validate a specially crafted CFF font. Succ ... oval:org.mitre.oval:def:6918 The SMB client in Microsoft Windows Server 2003 SP2, Vista Gold, SP1, and SP2, and Windows Server 2008 Gold and SP2 allows remote SMB servers and man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and reboot) via a crafted SMB transaction response t ... oval:org.secpod.oval:def:1584 The host is missing a critical security update according to Microsoft security bulletin, MS10-020. The update is required to fix remote code execution vulnerabilities. Flaws are present in the Windows SMB Client, which fails to handle a specially crafted SMB response sent to a client-initiated SMB r ... oval:org.mitre.oval:def:7129 The SMB client in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly allocate memory for SMB responses, which allows remote SMB servers and man-in-the-middle attackers t ... oval:org.mitre.oval:def:6787 The WinVerifyTrust function in Authenticode Signature Verification 5.1, 6.0, and 6.1 in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly use unspecified fields in a fi ... oval:org.mitre.oval:def:6770 The kernel in Microsoft Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly translate a registry key's virtual path to its real path, which allows local users to cause a denial of service (reboot) via a crafted application, aka "Windows Virtual Pa ... oval:org.mitre.oval:def:7840 Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, and 7 does not properly handle unspecified "encoding strings," which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site, aka "Post Encoding Information Disclosure Vulnerability." oval:org.mitre.oval:def:8302 Microsoft Internet Explorer 6, 6 SP1, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulner ... oval:org.mitre.oval:def:8446 Use-after-free vulnerability in the Peer Objects component (aka iepeers.dll) in Microsoft Internet Explorer 6, 6 SP1, and 7 allows remote attackers to execute arbitrary code via vectors involving access to an invalid pointer after the deletion of an object, as exploited in the wild in March 2010, ak ... oval:org.secpod.oval:def:2032 The host is missing a critical security update according to Microsoft security bulletin, MS10-018. The update is required to fix multiple vulnerabilities. Flaws are present in the Internet Explorer, which fails to verify the origin of scripts and handle objects in memory and improper validation of l ... oval:org.mitre.oval:def:8532 Microsoft Internet Explorer 7 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, leading to memory corruption, aka "HTML Rendering Memory Corruption Vulnerability." oval:org.mitre.oval:def:8554 Microsoft Internet Explorer 6, 6 SP1, and 7 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerabi ... oval:org.mitre.oval:def:8553 Cross-domain vulnerability in Microsoft Internet Explorer 6, 6 SP1, 7, and 8 allows user-assisted remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via a crafted HTML document in a situation where the client user drags one browser window across another ... oval:org.mitre.oval:def:6814 The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 does not properly validate a registry-key argument to an unspecified system call, which allows local users to cause a denial of service (reboot) via a crafted application ... oval:org.mitre.oval:def:7774 Race condition in Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, and 7 allows remote attackers to execute arbitrary code via a crafted HTML document that triggers memory corruption, aka "Race Condition Memory Corruption Vulnerability." oval:org.mitre.oval:def:8424 The Microsoft Data Analyzer ActiveX control (aka the Office Excel ActiveX control for Data Analysis) in max3activex.dll in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows remote ... oval:org.mitre.oval:def:8400 The TCP/IP implementation in Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2, when a custom network driver is used, does not properly handle local fragmentation of Encapsulating Security Payload (ESP) over UDP packets, which allows remote attackers to execute arbitrary code v ... oval:org.mitre.oval:def:8449 The TCP/IP implementation in Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2 allows remote attackers to cause a denial of service (system hang) via crafted packets with malformed TCP selective acknowledgement (SACK) values, aka "TCP/IP Selective Acknowledgement Vulnerability. ... oval:org.secpod.oval:def:1565 The host is missing a critical security update according to Microsoft security bulletin, MS10-013. The update is required to fix remote code execution vulnerability. A flaw is present in Microsoft DirectShow, which fails to parse a specially crafted AVI file before opening it. Successful exploitatio ... oval:org.mitre.oval:def:8478 The TCP/IP implementation in Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2, when IPv6 is enabled, does not properly perform bounds checking on ICMPv6 Router Advertisement packets, which allows remote attackers to execute arbitrary code via crafted packets, aka "ICMPv6 Route ... oval:org.secpod.oval:def:2030 The host is missing a critical security update according to Microsoft security bulletin, MS10-008. The update is required to fix remote code execution vulnerability. A flaw is present in the activex control max3activex.dll, which fails to handle specially crafted Web page. Successful exploitation al ... oval:org.secpod.oval:def:2036 The host is missing a critical security update according to Microsoft security bulletin, MS10-009. The update is required to fix remote code execution vulnerabilities. Flaws are present in the Windows TCP/IP implementation, which fails to handle specially crafted ICMPv6 packets. Successful exploitat ... oval:org.mitre.oval:def:8064 Heap-based buffer overflow in DirectShow in Microsoft DirectX, as used in the AVI Filter on Windows 2000 SP4, Windows XP SP2 and SP3, and Windows Server 2003 SP2, and in Quartz on Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 ... oval:org.mitre.oval:def:8516 The TCP/IP implementation in Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2, when IPv6 is enabled, does not properly perform bounds checking on ICMPv6 Route Information packets, which allows remote attackers to execute arbitrary code via crafted packets, aka "ICMPv6 Route In ... oval:org.mitre.oval:def:8314 The SMB implementation in the Server service in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate the share and servername fields in SMB packets, which allows ... oval:org.mitre.oval:def:8438 The SMB implementation in the Server service in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate request fields, which allows remote authenticated users to ex ... oval:org.secpod.oval:def:2035 The host is missing a critical security update according to Microsoft security bulletin, MS10-012. The update is required to fix remote code execution vulnerabilities. A flaw is present in the SMB Server, which fails to validate crafted SMB requests. Successful exploitation could allow an attacker t ... oval:org.mitre.oval:def:8524 Multiple race conditions in the SMB implementation in the Server service in Microsoft Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allow remote attackers to cause a denial of service (system hang) via a crafted (1) SMBv1 or (2) SMBv2 Negotiate packet, aka "S ... oval:org.mitre.oval:def:7751 The SMB implementation in the Server service in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not use a sufficient source of entropy, which allows remote attackers to obtain acc ... oval:org.mitre.oval:def:8298 Race condition in the SMB client implementation in Microsoft Windows Server 2008 R2 and Windows 7 allows remote SMB servers and man-in-the-middle attackers to execute arbitrary code, and in the SMB client implementation in Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2 allows local us ... oval:org.secpod.oval:def:1568 The host is missing a critical security update according to Microsoft security bulletin, MS10-006. The update is required to fix code execution vulnerabilities. Flaws are present in the SMB Client in Microsoft Windows, which fails to validate crafted response from SMB servers and man-in-the-middle a ... oval:org.mitre.oval:def:7145 Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, 7, and 8 does not prevent rendering of non-HTML local files as HTML documents, which allows remote attackers to bypass intended access restrictions and read arbitrary files via vectors involving JavaScript exploit code that constructs a reference to a ... oval:org.mitre.oval:def:8324 Integer overflow in the Embedded OpenType (EOT) Font Engine (t2embed.dll) in Microsoft Windows 2000 SP4; Windows XP SP2 and SP3; Windows Server 2003 SP2; Windows Vista Gold, SP1, and SP2; Windows Server 2008 Gold, SP2, and R2; and Windows 7 allows remote attackers to execute arbitrary code via compr ... oval:org.mitre.oval:def:8392 Double free vulnerability in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows local users to gain privileges via a crafted application, aka "Windows Kernel Double Free Vulnerability." oval:org.secpod.oval:def:1727 The host is missing a critical security update according to Microsoft security bulletin, MS10-015. The update is required to fix privilege escalation vulnerabilities. Flaws are present in the Windows Kernel, which fails to handle certain exceptions. Successful exploitation could allow an attacker t ... oval:org.secpod.oval:def:2286 The host is missing a critical security update according to Microsoft security bulletin, MS09-071. The update is required to fix remote code execution vulnerabilities. Flaws are present in the Microsoft Internet Authentication Service, which fails to validates authentication requests by PEAP clients ... oval:org.mitre.oval:def:6063 The Internet Authentication Service (IAS) in Microsoft Windows Vista SP2 and Server 2008 SP2 does not properly validate MS-CHAP v2 Protected Extensible Authentication Protocol (PEAP) authentication requests, which allows remote attackers to execute arbitrary code via crafted structures in a malforme ... oval:org.mitre.oval:def:6519 Microsoft Internet Explorer 7 and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability." oval:org.mitre.oval:def:6570 Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability," a diffe ... oval:org.mitre.oval:def:6382 Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability," a diffe ... oval:org.mitre.oval:def:6079 The Web Services on Devices API (WSDAPI) in Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2 does not properly process the headers of WSD messages, which allows remote attackers to execute arbitrary code via a crafted (1) message or (2) response, aka "Web Services on Devices API Memory ... oval:org.secpod.oval:def:2283 The host is missing a critical security update according to Microsoft security bulletin, MS09-063. The update is required to fix remote code execution vulnerability. A flaw is present in the Web Services on Devices Application Programming Interface (WSDAPI), which fails to process headers in WSD mes ... oval:org.secpod.oval:def:2244 The host is missing a critical security update according to Microsoft security bulletin, MS09-065. The update is required to fix remote code execution vulnerabilities. The flaws are present in the Windows kernel, which fails to validate the argument passed to the system call and input passed from us ... oval:org.mitre.oval:def:6277 The Graphics Device Interface (GDI) in win32k.sys in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, ak ... oval:org.mitre.oval:def:6381 Microsoft Internet Explorer 6 and 7 does not properly handle objects in memory that (1) were not properly initialized or (2) are deleted, which allows remote attackers to execute arbitrary code via vectors involving a call to the getElementsByTagName method for the STYLE tag name, selection of the s ... oval:org.mitre.oval:def:6190 Microsoft Internet Explorer 6, 6 SP1, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulner ... oval:org.mitre.oval:def:5766 Microsoft Internet Explorer 6, 6 SP1, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulner ... oval:org.secpod.oval:def:2514 The host is missing a critical security update according to Microsoft security bulletin, MS09-054. The update is required to fix remote code execution vulnerabilities. The flaws are present in the Internet Explorer, which fails to handle a specially crafted Web page. Successful exploitation allows a ... oval:org.mitre.oval:def:6336 Microsoft Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold and SP2, and Windows 7 RC do not properly process the command value in an SMB Multi-Protocol Negotiate Request packet, which allows remote attackers to execute arbitrary code via a crafted SMBv2 packet to the Server service, aka "S ... oval:org.mitre.oval:def:5588 win32k.sys in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 does not correctly validate an argument to an unspecified system call, which allows local users to gain privileges via a crafted application that triggers a ... oval:org.secpod.oval:def:2296 The host is missing an important security update according to Microsoft security bulletin, MS09-059. The update is required to fix denial of service vulnerability. A flaw is present in the Microsoft Windows Local Security Authority Subsystem Service (LSASS), which fails handle malformed packets duri ... oval:org.mitre.oval:def:6263 Integer underflow in the NTLM authentication feature in the Local Security Authority Subsystem Service (LSASS) in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows remote attackers to cause a denia ... oval:org.mitre.oval:def:5595 Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2 do not properly validate fields in SMBv2 packets, which allows remote attackers to cause a denial of service (infinite loop and system hang) via a crafted packet to the Server service, aka "SMBv2 Infinite Loop Vulnerability." oval:org.mitre.oval:def:6419 Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, 7, and 8 does not properly handle argument validation for unspecified variables, which allows remote attackers to execute arbitrary code via a crafted HTML document, aka "HTML Component Handling Vulnerability." oval:org.mitre.oval:def:6506 Integer underflow in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows local users to gain privileges via a crafted application that triggers an incorrect truncation of a 64-bit integer to a 32-bit integer, aka "W ... oval:org.mitre.oval:def:6186 Integer overflow in the CryptoAPI component in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows man-in-the-middle attackers to spoof arbitrary SSL servers and other entities via ... oval:org.mitre.oval:def:6264 The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold and SP1, and Server 2008 Gold does not properly validate data sent from user mode, which allows local users to gain privileges via a crafted PE .exe file that triggers a NULL pointer dereference during chain traver ... oval:org.mitre.oval:def:5842 The CryptoAPI component in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7, as used by Internet Explorer and other applications, does not properly handle a '\0' character in a domain n ... oval:org.secpod.oval:def:2565 The host is missing an important security update according to Microsoft security bulletin, MS09-056. The update is required to fix spoofing vulnerabilities. The flaws are present in the Windows CryptoAPI, which fails to validate certificate names that contain null terminators and ASN.1 object identi ... oval:org.secpod.oval:def:2566 The host is missing an important security update according to Microsoft security bulletin, MS09-058. The update is required to fix remote privilege escalation vulnerabilities. The flaws are present in the Windows kernel, which fails to validate data within an executable and clean up exceptions under ... oval:org.mitre.oval:def:6510 The Common Language Runtime (CLR) in Microsoft .NET Framework 2.0, 2.0 SP1, 2.0 SP2, 3.5, and 3.5 SP1, and Silverlight 2, does not properly handle interfaces, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP), (2) a crafted Silverlight applicat ... oval:org.secpod.oval:def:2640 The host is missing a critical security update according to Microsoft security bulletin, MS09-061. The update is required to fix remote code execution vulnerabilities. The flaws are present in the Microsoft .NET Common Language Runtime (CLR), which fails to handle interfaces and verify the rules of ... oval:org.secpod.oval:def:2354 The host is missing a critical security update according to Microsoft security bulletin, MS09-050. The update is required to fix remote code execution vulnerabilities in Server Message Block Version 2 (SMBv2). The flaws are present in the Server Message Block Version 2, which fails handle a speciall ... oval:org.mitre.oval:def:5716 Microsoft .NET Framework 1.0 SP3, 1.1 SP1, and 2.0 SP1 does not properly validate .NET verifiable code, which allows remote attackers to obtain unintended access to stack memory, and execute arbitrary code, via (1) a crafted XAML browser application (XBAP), (2) a crafted ASP.NET application, or (3) ... oval:org.mitre.oval:def:6489 Array index error in the SMBv2 protocol implementation in srv2.sys in Microsoft Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold and SP2, and Windows 7 RC allows remote attackers to execute arbitrary code or cause a denial of service (system crash) via an & (ampersand) character in a Proce ... oval:org.mitre.oval:def:6454 Unspecified vulnerability in Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, and 7 allows remote attackers to execute arbitrary code via a crafted data stream header that triggers memory corruption, aka "Data Stream Header Corruption Vulnerability." oval:org.mitre.oval:def:6451 Microsoft .NET Framework 2.0, 2.0 SP1, and 3.5 does not properly enforce a certain type-equality constraint in .NET verifiable code, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Fra ... oval:org.mitre.oval:def:6316 The JScript scripting engine 5.1, 5.6, 5.7, and 5.8 in JScript.dll in Microsoft Windows, as used in Internet Explorer, does not properly load decoded scripts into memory before execution, which allows remote attackers to execute arbitrary code via a crafted web site that triggers memory corruption, ... oval:org.secpod.oval:def:2561 The host is missing a critical security update according to Microsoft security bulletin, MS09-045. The update is required to fix remote code execution vulnerability. A flaw is present in JScript Scripting Engine, which fails to handle a specially crafted file or visited a specially crafted Web site ... oval:org.secpod.oval:def:2556 The host is missing a critical security update according to Microsoft security bulletin, MS09-048. The update is required to fix remote code execution vulnerabilities. The flaws are present in the Transmission Control Protocol/Internet Protocol (TCP/IP) processing, which fails to handle specially cr ... oval:org.mitre.oval:def:6374 The TCP/IP implementation in Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2 does not properly manage state information, which allows remote attackers to execute arbitrary code by sending packets to a listening service, and thereby triggering misinterpretation of an unspecifi ... oval:org.mitre.oval:def:5965 Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allow remote attackers to cause a denial of service (TCP outage) via a series of TCP sessions that have pending data and a (1) small or (2) zero receive window size, and remain in the ... oval:org.secpod.oval:def:2297 The host is missing a critical security update according to Microsoft security bulletin, MS09-038. The update is required to fix remote code execution vulnerabilities in Windows Media File Processing. The flaws are present in the Windows Media file processing, which fails to handle a specially craft ... oval:org.mitre.oval:def:7436 Stack-based buffer overflow in the CComVariant::ReadFromStream function in the Active Template Library (ATL), as used in the MPEG2TuneRequest ActiveX control in msvidctl.dll in DirectShow, in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold ... oval:org.secpod.oval:def:2371 The host is missing an important security update according to Microsoft security bulletin, MS09-042. The update is required to fix remote code execution vulnerability. A flaw is present in the Windows Telnet service, which fails validate authentication replies and allows for the relay of credentials ... oval:org.mitre.oval:def:5708 The Active Template Library (ATL) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via vectors related to erroneous free operations after reading a variant from a stream and deleti ... oval:org.mitre.oval:def:5412 Unspecified vulnerability in Avifil32.dll in the Windows Media file handling functionality in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a malformed header in a crafted AVI ... oval:org.mitre.oval:def:6329 Heap-based buffer overflow in the Microsoft Terminal Services Client ActiveX control running RDP 6.1 on Windows XP SP2, Vista SP1 or SP2, or Server 2008 Gold or SP2; or 5.2 or 6.1 on Windows XP SP3; allows remote attackers to execute arbitrary code via unspecified parameters to unknown methods, aka ... oval:org.mitre.oval:def:6302 The Telnet service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote Telnet servers to execute arbitrary code on a client machine by replaying the NTLM credentials of a client user, aka "Telnet Credential Reflection V ... oval:org.mitre.oval:def:5930 Integer overflow in Avifil32.dll in the Windows Media file handling functionality in Microsoft Windows allows remote attackers to execute arbitrary code on a Windows 2000 SP4 system via a crafted AVI file, or cause a denial of service on a Windows XP SP2 or SP3, Server 2003 SP2, Vista Gold, SP1, or ... oval:org.secpod.oval:def:2642 The host is missing a critical security update according to Microsoft security bulletin, MS09-044. The update is required to fix remote code execution vulnerabilities. The flaws are present in Microsoft Remote Desktop Connection, which fails to processes specific parameters returned by the RDP serve ... oval:org.mitre.oval:def:5660 Microsoft Internet Explorer 5.01 SP4 and 6 SP1; Internet Explorer 6 for Windows XP SP2 and SP3 and Server 2003 SP2; and Internet Explorer 7 and 8 for Windows XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 do not properly handle attempts to access deleted obje ... oval:org.mitre.oval:def:5693 Heap-based buffer overflow in Microsoft Remote Desktop Connection (formerly Terminal Services Client) running RDP 5.0 through 6.1 on Windows, and Remote Desktop Connection Client for Mac 2.0, allows remote attackers to execute arbitrary code via unspecified parameters, aka "Remote Desktop Connection ... oval:org.secpod.oval:def:2375 The host is missing a critical security update according to Microsoft security bulletin, MS09-034. The update is required to fix remote code execution vulnerabilities. The flaws are present in the Internet Explorer, which fails to handle a specially crafted Web page. Successful exploitation allows a ... oval:org.mitre.oval:def:6286 Double free vulnerability in the Workstation service in Microsoft Windows allows remote authenticated users to gain privileges via a crafted RPC message to a Windows XP SP2 or SP3 or Server 2003 SP2 system, or cause a denial of service via a crafted RPC message to a Vista Gold, SP1, or SP2 or Server ... oval:org.secpod.oval:def:2560 The host is missing a important security update according to Microsoft security bulletin, MS09-041. The update is required to fix privilege elevation vulnerability. The flaw is present in the Windows Workstation Service, which fails to handle a specially crafted RPC message. Successful exploitation ... oval:org.mitre.oval:def:5524 Microsoft Internet Explorer 5.01 SP4 and 6 SP1; Internet Explorer 6 for Windows XP SP2 and SP3 and Server 2003 SP2; and Internet Explorer 7 and 8 for Windows XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 do not properly handle table operations, which allows ... oval:org.mitre.oval:def:6072 Microsoft Internet Explorer 6 SP1; Internet Explorer 6 for Windows XP SP2 and SP3 and Server 2003 SP2; and Internet Explorer 7 and 8 for Windows XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 do not properly handle attempts to access deleted objects in memory ... oval:org.mitre.oval:def:5678 Integer overflow in the Embedded OpenType (EOT) Font Engine in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a crafted name table, aka "Embedded OpenType Font Integer Overflow ... oval:org.mitre.oval:def:6308 Microsoft Internet Explorer 7 for Windows XP SP2 and SP3; 7 for Server 2003 SP2; 7 for Vista Gold, SP1, and SP2; and 7 for Server 2008 SP2 allows remote attackers to execute arbitrary code via frequent calls to the getElementsByTagName function combined with the creation of an object during reorderi ... oval:org.secpod.oval:def:2359 The host is missing a important security update according to Microsoft security bulletin, MS09-025. The update is required to fix elevation escalation vulnerabilities in windows. A flaw is present in the Windows kernel , which fails to handle specific kernel object. Successful exploitation could all ... oval:org.mitre.oval:def:6294 Use-after-free vulnerability in Microsoft Internet Explorer 7 for Windows XP SP2 and SP3; 7 for Server 2003 SP2; 7 for Vista Gold, SP1, and SP2; and 7 for Server 2008 SP2 allows remote attackers to execute arbitrary code by repeatedly adding HTML document nodes and calling event handlers, which trig ... oval:org.mitre.oval:def:6278 Microsoft Internet Explorer 5.01 SP4; 6 SP1; 6 and 7 for Windows XP SP2 and SP3; 6 and 7 for Server 2003 SP2; 7 for Vista Gold, SP1, and SP2; and 7 for Server 2008 SP2 does not prevent HTML rendering of cached content, which allows remote attackers to bypass the Same Origin Policy via unspecified ve ... oval:org.mitre.oval:def:6260 Microsoft Internet Explorer 6 and 7 for Windows XP SP2 and SP3; 6 and 7 for Server 2003 SP2; 7 for Vista Gold, SP1, and SP2; and 7 for Server 2008 SP2 does not properly synchronize AJAX requests, which allows allows remote attackers to execute arbitrary code via a large number of concurrent, asynchr ... oval:org.mitre.oval:def:6295 Microsoft Internet Explorer 7 for Windows XP SP2 and SP3; 7 for Server 2003 SP2; 7 for Vista Gold, SP1, and SP2; and 7 for Server 2008 SP2 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by calling the setCapture method on a collection of crafted o ... oval:org.secpod.oval:def:2294 The host is missing a critical security update according to Microsoft security bulletin, MS09-022. The update is required to fix remote code execution vulnerability in Windows. A flaw is present in the Windows Print Spooler, which fails handle specially crafted RPC request. Successful exploitation c ... oval:org.mitre.oval:def:6206 The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 does not properly validate changes to unspecified kernel objects, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Desktop Vulnerability. ... oval:org.mitre.oval:def:6231 The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 does not properly validate user-mode pointers in unspecified error conditions, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Pointer V ... oval:org.mitre.oval:def:5815 The Windows Printing Service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 allows local users to read arbitrary files via a crafted separator page, aka "Print Spooler Read File Vulnerability." oval:org.mitre.oval:def:5912 The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 does not properly validate an argument to an unspecified system call, which allows local users to gain privileges via a crafted application, aka "Windows Driver Class Registration ... oval:org.mitre.oval:def:6041 Race condition in Microsoft Internet Explorer 6 SP1; 6 and 7 for Windows XP SP2 and SP3; 6 and 7 for Server 2003 SP2; 7 for Vista Gold, SP1, and SP2; and 7 for Server 2008 SP2 allows remote attackers to execute arbitrary code or perform other actions upon a page transition, with the permissions of t ... oval:org.secpod.oval:def:78827 The host is missing an important security update for KB5012332 oval:org.secpod.oval:def:78828 The host is missing an important security update for KB5012327 oval:org.secpod.oval:def:77177 The host is missing a critical security update for KB5009627 oval:org.secpod.oval:def:77172 The host is missing a critical security update for KB5009601 oval:org.secpod.oval:def:41246 The host is missing a security update KB4022746 oval:org.secpod.oval:def:76476 The host is missing a critical security update for KB5008274 oval:org.secpod.oval:def:76475 The host is missing a critical security update for KB5008271 oval:org.secpod.oval:def:75854 The host is missing a critical security update for KB5007263 oval:org.secpod.oval:def:75850 The host is missing a critical security update for KB5007246 oval:org.secpod.oval:def:75369 The host is missing an important security update for KB5006736 oval:org.secpod.oval:def:75365 The host is missing an important security update for KB5006715 oval:org.secpod.oval:def:74937 The host is missing a critical security update for KB5005606 oval:org.secpod.oval:def:74941 The host is missing a critical security update for KB5005618 oval:org.secpod.oval:def:74341 The host is missing a critical security update for KB5005090 oval:org.secpod.oval:def:74343 The host is missing a critical security update for KB5005095 oval:org.secpod.oval:def:73848 The host is missing a critical security update for KB5004299 oval:org.secpod.oval:def:73850 The host is missing a critical security update for KB5004305 oval:org.secpod.oval:def:77689 The host is missing an important security update for KB5010384 oval:org.secpod.oval:def:77693 The host is missing an important security update for KB5010403 oval:org.secpod.oval:def:73278 The host is missing a critical security update for KB5003661 oval:org.secpod.oval:def:73284 The host is missing an important security update for KB5003695 oval:org.secpod.oval:def:71069 The host is missing a critical security update for KB5001332 oval:org.secpod.oval:def:71068 The host is missing a critical security update for KB5001389 oval:org.secpod.oval:def:70058 The host is missing an important security update for KB5000844 oval:org.secpod.oval:def:70063 The host is missing a critical security update for KB5000856 oval:org.secpod.oval:def:69060 The host is missing an important security update for KB4602961 oval:org.secpod.oval:def:69065 The host is missing an important security update for KB4603005 oval:org.secpod.oval:def:68254 The host is missing a critical security update for KB4598287 oval:org.secpod.oval:def:68255 The host is missing an important security update for KB4598288 oval:org.secpod.oval:def:66160 The host is missing a critical security update for KB4580385 oval:org.secpod.oval:def:66158 The host is missing an important security update for KB4580378 oval:org.secpod.oval:def:66119 The host is missing an important security update for KB4579980 oval:org.secpod.oval:def:66124 The host is missing an important security update for KB4580470 oval:org.secpod.oval:def:69079 The host is missing an important security update for KB4601360 oval:org.secpod.oval:def:69077 The host is missing an important security update 4601366 oval:org.secpod.oval:def:1455 The host is missing a critical security update according to Microsoft security bulletin, MS10-071. The update is required to fix multiple vulnerabilities. Multiple flaws are present in Microsoft Internet Explorer, which fails to handle unspecified special characters in CSS documents. Successful expl ... oval:org.mitre.oval:def:7059 Use-after-free vulnerability in the CAttrArray::PrivateFind function in mshtml.dll in Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code by setting an unspecified property of a stylesheet object, aka "Uninitialized Memory Corruption Vulnerability." oval:org.mitre.oval:def:5457 The Embedded OpenType (EOT) Font Engine (T2EMBED.DLL) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a crafted name table in a data record that triggers an integer truncation ... oval:org.secpod.oval:def:2577 The host is missing a critical security update according to Microsoft security bulletin, MS09-029. The update is required to fix remote code execution vulnerabilities. The flaws are present in the Microsoft Windows component, the Embedded OpenType (EOT) Font Engine, which fails to parse data records ... oval:org.secpod.oval:def:2653 The host is missing a critical security update according to Microsoft security bulletin, MS09-019. The update is required to fix Information Disclosure Vulnerability. A flaw is present in Internet Explorer, which fails to handle a specially crafted Web page. Successful exploitation could allow an at ... oval:org.secpod.oval:def:66943 The host is missing an important security update for KB4586807 oval:org.secpod.oval:def:66945 The host is missing a critical security update 4586817 oval:org.secpod.oval:def:43399 An information disclosure vulnerability exists in the way that the Color Management Module (ICM32.dll) handles objects in memory. This vulnerability allows an attacker to retrieve information to bypass usermode ASLR (Address Space Layout Randomization) on a targeted system. By itself, the informatio ... oval:org.secpod.oval:def:43407 A Win32k information disclosure vulnerability exists when the Windows GDI component improperly discloses kernel memory addresses. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. To exploit this vulnerability, an attacker woul ... oval:org.secpod.oval:def:43412 An elevation of privilege vulnerability exists in Windows Adobe Type Manager Font Driver (ATMFD.dll) when it fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code and take control of an affected system. An attacker could th ... oval:org.secpod.oval:def:43419 The host is missing a security update 4056942 oval:org.secpod.oval:def:43421 The host is missing a security update 4056941 oval:org.secpod.oval:def:43420 The host is missing a security update 4056944 oval:org.secpod.oval:def:43424 The host is missing a security update 4056615 oval:org.secpod.oval:def:43423 The host is missing a security update 4056613 oval:org.secpod.oval:def:43430 The host is missing a security update 4056759 oval:org.secpod.oval:def:24879 The host is installed with Internet Explorer 7, 8, 9, 10 or 11 and is prone to a privilege escalation vulnerability. A flaw is present in the application, which improperly accesses objects in memory. Successful exploitation could allow attackers to execute arbitrary code in the context of the curren ... oval:org.secpod.oval:def:24880 The host is installed with Internet Explorer 7, 8, 9, 10 or 11 and is prone to a privilege escalation vulnerability. A flaw is present in the application, which improperly accesses objects in memory. Successful exploitation could allow attackers to execute arbitrary code in the context of the curren ... oval:org.secpod.oval:def:24883 The host is missing a critical security update according to Microsoft security bulletin, MS15-066. The update is required to fix multiple memory corruption vulnerabilities. The flaws are present in the application, which improperly accesses objects in memory. Successful exploitation could allow atta ... oval:org.secpod.oval:def:24859 The host is installed with Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which improperly accesses objects in memory. Successful exploitation could allow attackers to execute arbitrary code in the context of the curren ... oval:org.secpod.oval:def:24860 The host is installed with Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which improperly accesses objects in memory. Successful exploitation could allow attackers to execute arbitrary code in the context of the curren ... oval:org.secpod.oval:def:24861 The host is installed with Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which improperly accesses objects in memory. Successful exploitation could allow attackers to execute arbitrary code in the context of the curren ... oval:org.secpod.oval:def:24862 The host is installed with Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which improperly accesses objects in memory. Successful exploitation could allow attackers to execute arbitrary code in the context of the curren ... oval:org.secpod.oval:def:24863 The host is installed with Internet Explorer 6, 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which improperly accesses objects in memory. Successful exploitation could allow attackers to execute arbitrary code in the context of the curren ... oval:org.secpod.oval:def:24864 The host is installed with Internet Explorer 6, 7, 8, or 9 and is prone to a memory corruption vulnerability. A flaw is present in the application, which improperly accesses objects in memory. Successful exploitation could allow attackers to execute arbitrary code in the context of the current user. oval:org.mitre.oval:def:8267 Microsoft Internet Explorer 6, 6 SP1, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "HTML Object Memory Corruption Vulnerab ... oval:org.mitre.oval:def:8464 The URL validation functionality in Microsoft Internet Explorer 5.01, 6, 6 SP1, 7 and 8, and the ShellExecute API function in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2, does not properly process input parameters, which allows remote attackers to execute arbitrary local programs via a cra ... oval:org.secpod.oval:def:2031 The host is missing a critical security update according to Microsoft security bulletin, MS10-002. The update is required to fix multiple vulnerabilities. Flaws are present in the Internet Explorer which fails to handle objects in memory, input parameters and HTML attributes. Successful exploitation ... oval:org.mitre.oval:def:8186 Microsoft Internet Explorer 6, 6 SP1, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulner ... oval:org.mitre.oval:def:6835 Use-after-free vulnerability in Microsoft Internet Explorer 6, 6 SP1, 7, and 8 on Windows 2000 SP4; Windows XP SP2 and SP3; Windows Server 2003 SP2; Windows Vista Gold, SP1, and SP2; Windows Server 2008 Gold, SP2, and R2; and Windows 7 allows remote attackers to execute arbitrary code by accessing a ... oval:org.secpod.oval:def:1245 The host is missing a critical security update according to Microsoft security bulletin, MS10-049. The update is required to fix remote code execution vulnerabilities. Flaws are present in the the Secure Channel (SChannel) which fails to validate a malformed certificate request message sent by the s ... oval:org.secpod.oval:def:6200 The host is installed with Microsoft XML Core Services 3.0, 4.0, 5.0 or 6.0 and is prone to remote code execution vulnerability. A flaw is present in the application, which fails to handle crafted web site. Successful exploitation allows remote attackers to execute arbitrary code or cause a denial o ... oval:org.secpod.oval:def:2040 The host is missing a critical security update according to Microsoft security bulletin, MS10-063. The update is required to fix code execution vulnerability. A flaw is present in the Unicode Script Processor implementation in USP10.DLL in Microsoft Windows, which is due to two array-indexing errors ... oval:org.mitre.oval:def:7214 The Uniscribe (aka new Unicode Script Processor) implementation in USP10.DLL in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, and Server 2008 Gold and SP2, and Microsoft Office XP SP3, 2003 SP3, and 2007 SP2, does not properly validate tables associated with malformed OpenTyp ... oval:org.mitre.oval:def:7286 Windows Shell and WordPad in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7; Microsoft Office XP SP3; Office 2003 SP3; and Office System 2007 SP1 and SP2 do not properly validate COM objects during instantiat ... oval:org.secpod.oval:def:5631 The host is installed with Microsoft Office, Windows and is prone GDI+ record type vulnerability. A flaw is present in the applications, which fail to handle a specially crafted EMF images. Successful exploitation could allow remote attackers to install programs, view, change, or delete data or crea ... oval:org.secpod.oval:def:16204 The host is installed with Microsoft Windows Vista, Windows Server 2008, Microsoft Office 2003 SP3, Office 2007 SP3, Office 2010 SP1/SP2, Lync 2010, Lync Basic 2013 or Lync 2010 Attendee, and is prone to a remote code execution vulnerability. The flaw is present in the graphics component, which fail ... oval:org.secpod.oval:def:8348 The host is installed with Microsoft XML Core Services 5.0, 6.0 on Microsoft Windows or with Microsoft Groove Server 2007, Microsoft SharePoint Server 2007, Microsoft Expression Web 2, Microsoft Expression Web, Microsoft Office Compatibility Pack, Microsoft Word Viewer, Microsoft Office 2007, or Mic ... oval:org.secpod.oval:def:8351 The host is installed with Microsoft XML Core Services 4.0, 5.0, 6.0 on Microsoft Windows or with Microsoft Groove Server 2007, Microsoft SharePoint Server 2007, Microsoft Expression Web 2, Microsoft Expression Web, Microsoft Office Compatibility Pack, Microsoft Word Viewer, Microsoft Office 2007, M ... oval:org.secpod.oval:def:25342 The host is installed with Microsoft Server 2003, Server 2008, Server 2008 R2, Windows Vista, Windows 7, Server 2012, Server 2012 R2, Windows 8 or Windows 8.1 and is prone to an elevation of privilege vulnerability. A flaw is present in the application, which improperly handles custom action scripts ... oval:org.secpod.oval:def:25343 The host is missing an important security update according to Microsoft security bulletin, MS15-074. The update is required to fix an elevation of privilege vulnerability. A flaw is present in the application, which improperly handles custom action scripts. Successful exploitation could allow attack ... oval:org.secpod.oval:def:25415 The host is installed with Microsoft Windows Server 2008, 2008 R2, 2012, 2012 R2, Windows Vista, 7, 8 or 8.1 and is prone to a remote code execution vulnerability. A flaw is present in the application, which improperly handles specially crafted OpenType fonts. An attacker who successfully exploited ... oval:org.secpod.oval:def:25416 The host is missing a critical security update according to Microsoft security bulletin, MS15-078. The update is required to fix a remote code execution vulnerability. A flaw is present in the application, which improperly handles specially crafted OpenType fonts. An attacker who successfully exploi ... oval:org.secpod.oval:def:25804 The host is installed with Microsoft Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8, 8.1, 10, Server 2012 or Server 2012 R2 and is prone to a mount manager elevation of privilege vulnerability. The flaw is present in the application, which fails to properly process ... oval:org.secpod.oval:def:25805 The host is missing an important security update according to Microsoft security bulletin, MS15-085. The update is required to fix a mount manager elevation of privilege vulnerability. The flaw is present in the application, which fails to properly process symbolic links. Successful exploitation cou ... oval:org.secpod.oval:def:25822 The host is missing an important security update according to Microsoft security bulletin, MS15-088. The update is required to fix an unsafe command line parameter passing vulnerability. A flaw is present in the application, which fails to properly handle unsafe command line parameters. Successful e ... oval:org.secpod.oval:def:25888 The host is installed with Internet Explorer 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which improperly accesses objects in memory. Successful exploitation could allow attackers to execute arbitrary code in the context of the current u ... oval:org.secpod.oval:def:25889 The host is missing a critical security update according to Microsoft security bulletin, MS15-093. The update is required to fix a memory corruption vulnerability. A flaw is present in the application, which improperly accesses objects in memory. Successful exploitation could allow attackers to exec ... oval:org.secpod.oval:def:25858 The host is installed with Microsoft Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8, Server 2012, Windows 8.1, Windows 10 or Server 2012 R2 and is prone to a security feature bypass vulnerability. A flaw is present in the application, which fails to properly validat ... oval:org.secpod.oval:def:25845 The host is installed with Microsoft Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8, Server 2012, Windows 8.1, Windows 10 or Server 2012 R2 and is prone to an ASLR security feature bypass vulnerability. A flaw is present in the application, which fails to properly i ... oval:org.secpod.oval:def:25851 The host is installed with Microsoft Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8, Server 2012, Windows 8.1, Windows 10 or Server 2012 R2 and is prone to an Onetype font parsing vulnerability. A flaw is present in the application, which fails to handle a crafted O ... oval:org.secpod.oval:def:25852 The host is installed with Microsoft Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8, Server 2012, Windows 8.1, Windows 10 or Server 2012 R2 and is prone to an Onetype font parsing vulnerability. A flaw is present in the application, which fails to handle a crafted O ... oval:org.secpod.oval:def:25854 The host is installed with Microsoft Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8, Server 2012, Windows 8.1, Windows 10 or Server 2012 R2 and is prone to an Onetype font parsing vulnerability. A flaw is present in the applications, which fail to handle a crafted O ... oval:org.secpod.oval:def:25836 The host is missing a critical security update according to Microsoft security bulletin, MS15-079. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to properly handle crafted data. Successful exploitation could allow attackers to execute a ... oval:org.secpod.oval:def:25823 The host is installed with Microsoft Excel 2007, 2010, 2013, Powerpoint 2007, 2010, 2013, Visio 2007, 2010, 2013, Word 2007, 2010, 2013, Internet Explorer 7, 8, 9, 10 or 11, Microsoft Windows Server 2008, 2008 R2, 2012, 2012 R2, Windows Vista, 7, 8, 8.1 or 10 and is prone to an unsafe command line p ... oval:org.secpod.oval:def:25824 The host is installed with Internet Explorer 7, 8, 9, 10, 11 or Microsoft Edge on Microsoft Windows 10 and is prone to a memory corruption vulnerability. A flaw is present in the applications, which fail to properly handle crafted data. Successful exploitation could allow attackers to execute arbitr ... oval:org.secpod.oval:def:25825 The host is installed with Internet Explorer 7, 8, 9, 10 or 11 and is prone to an ASLR bypass vulnerability. A flaw is present in the application, which fails to properly use ASLR security feature. Successful exploitation could allow attackers to bypass the Address Space Layout Randomization. oval:org.secpod.oval:def:26559 The host is installed with Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, Windows 8.1, Windows 10 or Windows Server 2012 R2 and is prone to font driver elevation of privilege vulnerability. A flaw is present in the application, which fail to han ... oval:org.secpod.oval:def:26562 The host is installed with Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, Windows 8.1, Windows 10 or Windows Server 2012 R2 and is prone to a Win32k memory corruption vulnerability. A flaw is present in the application, which fails to properly h ... oval:org.secpod.oval:def:26561 The host is installed with Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, Windows 8.1, Windows 10 or Windows Server 2012 R2 and is prone to a Win32k memory corruption vulnerability. A flaw is present in the application, which fails to properly h ... oval:org.secpod.oval:def:26560 The host is installed with Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, Windows 8.1, Windows 10 or Windows Server 2012 R2 and is prone to a Win32k memory corruption vulnerability. A flaw is present in the application, which fails to properly h ... oval:org.secpod.oval:def:26556 The host is installed with Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, Windows 8.1, Windows 10 or Windows Server 2012 R2 and is prone to an opentype font parsing vulnerability. A flaw is present in the application, which fail to handle specia ... oval:org.secpod.oval:def:26558 The host is installed with Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, Windows 8.1, Windows 10 or Windows Server 2012 R2 and is prone to a Win32k memory corruption vulnerability. A flaw is present in the application, which fails to properly h ... oval:org.secpod.oval:def:26557 The host is installed with Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, Windows 8.1, Windows 10 or Windows Server 2012 R2 and is prone to a font driver elevation of privilege vulnerability. A flaw is present in the application, which fail to h ... oval:org.secpod.oval:def:29997 The host is missing an important security update according to Microsoft bulletin, MS15-111. The update is required to fix multiple vulnerabilities. The flaws are present in windows kernel, which fails to properly handle objects in memory, certain scenarios involving junction and mount-point creation ... oval:org.secpod.oval:def:29998 The host is installed with Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8, Server 2012, Windows 8.1, Server 2012 R2 or Windows 10 and is prone to a kernel memory corruption vulnerability. A flaw is present in the Windows kernel, which fails to properly handle objects in mem ... oval:org.secpod.oval:def:26523 The host is installed with Microsoft Edge on Microsoft Windows 10 or Internet Explorer 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the applications, which fail to properly access objects in memory. Successful exploitation could allow attackers to execute ... oval:org.secpod.oval:def:26522 The host is missing a critical security update according to Microsoft security bulletin, MS15-094. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to properly handle a specially crafted webpage. Successful exploitation could allow attacke ... oval:org.secpod.oval:def:26524 The host is installed with Microsoft Edge on Microsoft Windows 10 or Internet Explorer 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the applications, which fail to properly access objects in memory. Successful exploitation could allow attackers to execute ... oval:org.secpod.oval:def:26509 The host is installed with Internet Explorer 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly access objects in memory. Successful exploitation could allow attackers to execute arbitrary code in the context of the curr ... oval:org.secpod.oval:def:26508 The host is installed with Internet Explorer 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly access objects in memory. Successful exploitation could allow attackers to execute arbitrary code in the context of the curr ... oval:org.secpod.oval:def:26510 The host is installed with Internet Explorer 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly access objects in memory. Successful exploitation could allow attackers to execute arbitrary code in the context of the curr ... oval:org.secpod.oval:def:30000 The host is installed with Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8, Server 2012, Windows 8.1, Server 2012 R2 or Windows 10 and is prone to an elevation of privilege vulnerability. A flaw is present in the application, which improperly validates junctions in certain s ... oval:org.secpod.oval:def:30021 The host is installed with Internet Explorer 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly access objects in memory. An attacker who successfully exploited these vulnerabilities could gain the same user rights as th ... oval:org.secpod.oval:def:30018 The host is installed with JScript and Vbscript 5.7 or 5.8 scripting engines and is prone to an information disclosure vulnerability. A flaw is present in the applications, which improperly disclose the contents of its memory. Successful exploitation could provide an attacker with information to fur ... oval:org.secpod.oval:def:30019 The host is missing a critical security update according to Microsoft bulletin, MS15-106. The update is required to fix multiple vulnerabilities. The flaws are present in the applications, which fails to properly access objects in memory. An attacker who successfully exploited these vulnerabilities ... oval:org.secpod.oval:def:30014 The host is installed with JScript and Vbscript 5.7 or 5.8 scripting engines and is prone to memory corruption vulnerability. A flaw is present in the applications, which fail to handle objects in memory. An attacker who successfully exploited the vulnerabilities could gain the same user rights as t ... oval:org.secpod.oval:def:30015 The host is installed with JScript and Vbscript 5.7 or 5.8 scripting engines and is prone to an ASLR bypass vulnerability. A flaw is present in the applications, which fail to use the Address Space Layout Randomization (ASLR) security feature. Successful exploitation could allow attacker to more rel ... oval:org.secpod.oval:def:30016 The host is installed with JScript and Vbscript 5.7 or 5.8 scripting engines and is prone to a memory corruption vulnerability. A flaw is present in the applications, which fail to handle objects in memory. An attacker who successfully exploited the vulnerabilities could gain the same user rights as ... oval:org.secpod.oval:def:30003 The host is missing a critical security update according to Microsoft security bulletin, MS15-109. The update is required to fix a remote code execution vulnerability. A flaw is present in the application, which fails to properly handle a specially crafted toolbar object. Successful exploitation cou ... oval:org.secpod.oval:def:30004 The host is installed with Microsoft Windows Vista, Server 2008, Windows 7, Server 2008 R2, Windows 8, 8.1, 10, Server 2012 or Server 2012 R2 and is prone to an use-after-free vulnerability. A flaw is present in the application, which fails to properly handle objects in memory. Successful exploitati ... oval:org.secpod.oval:def:30974 The host is installed with Microsoft Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8, 8.1, Server 2012, Server 2012 R2 or Windows 10 and is prone to a security feature bypass vulnerability. The flaw is present in the application, which fails to properly validate perm ... oval:org.secpod.oval:def:30975 The host is installed with Microsoft Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8, Server 2012, Windows 8.1, Server 2012 R2 or Windows 10 and is prone to an elevation of privilege vulnerability. A flaw is present in the Windows kernel-mode driver, which fails to properly ... oval:org.secpod.oval:def:30972 The host is installed with Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, Windows 8.1, Windows Server 2012 R2 or Windows 10 and is prone to an elevation of privilege vulnerability. A flaw is present in the application, which makes a ca ... oval:org.secpod.oval:def:29999 The host is installed with Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8, Server 2012, Windows 8.1, Server 2012 R2 or Windows 10 and is prone to an elevation of privilege vulnerability. A flaw is present in the Windows kernel, which fails to properly handle objects in memo ... oval:org.secpod.oval:def:30973 The host is missing an important security update according to Microsoft security bulletin, MS15-119. The update is required to fix an elevation of privilege vulnerability. A flaw is present in the application, which makes a call to a memory address without verifying that the address is valid. Succes ... oval:org.secpod.oval:def:30966 The host is installed with Microsoft Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8, 8.1, 10, Server 2012 or Server 2012 R2 and is prone to a security feature bypass vulnerability. A flaw is present in the Windows Kerberos, which fails to check the password change o ... oval:org.secpod.oval:def:30967 The host is missing an important security update according to Microsoft security bulletin, MS15-122. The update is required to fix a security feature bypass vulnerability. A flaw is present in the Windows Kerberos, which fails to check the password change of a user signing into a workstation. An att ... oval:org.secpod.oval:def:31698 The host is installed with Microsoft Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8, Server 2012, Windows 8.1, Server 2012 R2 or Windows 10 and is prone to an elevation of privilege vulnerability. A flaw is present in the Windows Pragmatic General Multicast (PGM) protocol, ... oval:org.secpod.oval:def:31699 The host is missing an important security update according to Microsoft security bulletin, MS15-133. The update is required to fix an elevation of privilege vulnerability. A flaw is present in the Windows Pragmatic General Multicast (PGM) protocol, which fails to properly handle freed memory content ... oval:org.secpod.oval:def:30985 The host is installed with Internet Explorer 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly access objects in memory. An attacker who successfully exploited these vulnerabilities could gain the same user rights as th ... oval:org.secpod.oval:def:30986 The host is installed with Internet Explorer 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly access objects in memory. An attacker who successfully exploited these vulnerabilities could gain the same user rights as th ... oval:org.secpod.oval:def:30987 The host is installed with Internet Explorer 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly access objects in memory. An attacker who successfully exploited these vulnerabilities could gain the same user rights as th ... oval:org.secpod.oval:def:30981 The host is missing a critical security update according to Microsoft security bulletin, MS15-115. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to properly handle crafted data. Successful exploitation could allow attackers to execute a ... oval:org.secpod.oval:def:30982 The host is installed with Internet Explorer 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly access objects in memory. An attacker who successfully exploited these vulnerabilities could gain the same user rights as th ... oval:org.secpod.oval:def:30983 The host is installed with Internet Explorer 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly access objects in memory. An attacker who successfully exploited these vulnerabilities could gain the same user rights as th ... oval:org.secpod.oval:def:30984 The host is installed with Internet Explorer 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly access objects in memory. An attacker who successfully exploited these vulnerabilities could gain the same user rights as th ... oval:org.secpod.oval:def:30976 The host is installed with Microsoft Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8, Server 2012, Windows 8.1, Server 2012 R2 or Windows 10 and is prone to an elevation of privilege vulnerability. A flaw is present in the Windows kernel-mode driver, which fails to properly ... oval:org.secpod.oval:def:30977 The host is installed with Microsoft Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8, Server 2012, Windows 8.1, Server 2012 R2 or Windows 10 and is prone to an information disclosure vulnerability. A flaw is present in the Windows kernel-mode driver, which fails to properly ... oval:org.secpod.oval:def:30978 The host is installed with Microsoft Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8, Server 2012, Windows 8.1, Server 2012 R2 or Windows 10 and is prone to a remote code execution vulnerability. A flaw is present in the Windows graphics memory, which fails to properly handl ... oval:org.secpod.oval:def:30979 The host is installed with Microsoft Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8, Server 2012, Windows 8.1, Server 2012 R2 or Windows 10 and is prone to a remote code execution vulnerability. A flaw is present in the Windows graphics memory, which fails to properly handl ... oval:org.secpod.oval:def:31007 The host is missing a critical security update according to Microsoft security bulletin, MS15-112. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to properly handle objects in memory. Successful exploitation could allow attackers to exec ... oval:org.secpod.oval:def:31751 The host is missing a critical security update according to Microsoft security bulletin, MS15-124. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to properly handle a specially crafted webpage. Successful exploitation could allow attacke ... oval:org.secpod.oval:def:31748 The host is installed with Vbscript or JScript 5.7 or 5.8 scripting engines and is prone to an information disclosure vulnerability. A flaw is present in the application, which discloses the contents of its memory. Successful exploitation could allow attackers to compromise the users computer or dat ... oval:org.secpod.oval:def:31749 The host is installed with Vbscript or JScript 5.7 or 5.8 scripting engines and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle objects in memory. An attacker who successfully exploited the vulnerability could gain the same user rights as th ... oval:org.secpod.oval:def:31716 The host is installed with Microsoft Edge, Internet Explorer 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the applications, which fail to properly access objects in memory. An attacker who successfully exploited these vulnerabilities could gain the same u ... oval:org.secpod.oval:def:31717 The host is installed with Microsoft Edge, Internet Explorer 7, 8, 9, 10 or 11 and is prone to an ASLR bypass vulnerability. A flaw is present in the applications, which fail to properly access objects in memory. An attacker who successfully exploited it could bypass the Address Space Layout Randomi ... oval:org.secpod.oval:def:31701 The host is installed with Microsoft Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Microsoft Windows 8, Windows Server 2012, Windows 8.1, Windows 10 or Windows Server 2012 R2 and is prone to a remote code execution vulnerability. A flaw is present in the application, which fails to ... oval:org.secpod.oval:def:31703 The host is missing an important security update according to Microsoft security bulletin, MS15-132. The update is required to fix multiple remote code execution vulnerabilities. The flaws are present in the application, which fails to properly validate input before loading libraries. Successful exp ... oval:org.secpod.oval:def:31708 The host is installed with Microsoft Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8, 8.1, Server 2012, Server 2012 R2 or Windows 10 and is prone to an elevation of kernel memory privilege vulnerability in Microsoft Windows. The flaw is present in the windows, which ... oval:org.secpod.oval:def:31705 The host is installed with Microsoft Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8, 8.1, Server 2012, Server 2012 R2 or Windows 10 and is prone to an elevation of kernel memory privilege vulnerability in Microsoft Windows. The flaw is present in the windows, which ... oval:org.secpod.oval:def:31706 The host is installed with Microsoft Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8, 8.1, Server 2012, Server 2012 R2 or Windows 10 and is prone to an elevation of kernel memory privilege vulnerability in Microsoft Windows. The flaw is present in the windows, which ... oval:org.secpod.oval:def:31707 The host is missing a important security update according to Microsoft security bulletin, MS15-135. The update is required to fix multiple vulnerabilities. The flaws are present in the windows, which fails to handle kernel memory objects. Successful exploitation could allow attackers to run arbitrar ... oval:org.secpod.oval:def:32586 The host is missing an critical security update according to Microsoft security bulletin, MS16-005. The update is required to fix a remote code execution vulnerability. A flaw is present in the Windows Kernel-Mode drivers, which fails to handle objects in memory. Successful exploitation could allow ... oval:org.secpod.oval:def:32585 The host is installed with Microsoft Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1 or Windows 10 and is prone to a remote code execution vulnerability. A flaw is present in the Windows kernel-mode driver, which fails to properly handle objects in memory. An attacker who succe ... oval:org.secpod.oval:def:32592 The host is installed with Vbscript or JScript 5.7 or 5.8 scripting engines and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle a crafted web page discloses the contents of its memory. Successful exploitation could allow attackers to execute ... oval:org.secpod.oval:def:32588 The host is installed with Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8, Server 2012, Windows 8.1, Server 2012 R2 or Windows 10 and is prone to an elevation of privilege vulnerability. A flaw is present in the Windows kernel, which fails to properly handle objects in memo ... oval:org.secpod.oval:def:32587 The host is missing an important security update according to Microsoft bulletin, MS16-008. The update is required to fix multiple vulnerabilities. The flaws are present in windows kernel, which fails to properly handle objects in memory, certain scenarios involving junction and mount-point creation ... oval:org.secpod.oval:def:32589 The host is installed with Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8, Server 2012, Windows 8.1, Server 2012 R2 or Windows 10 and is prone to an elevation of privilege vulnerability. A flaw is present in the Windows kernel, which fails to properly handle objects in memo ... oval:org.secpod.oval:def:32867 The host is missing a important security update according to Microsoft security bulletin, MS16-018. The update is required to fix an elevation of privilege vulnerability. A flaw is present in the Windows kernel, which fails to handle specific kernel objects in memory. Successful exploitation could a ... oval:org.secpod.oval:def:32868 The host is installed with Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Server 2012, Windows 8.1, Server 2012 R2 or Windows 10 and is prone to an elevation of privilege vulnerability. A flaw is present in the Windows kernel, which fails to properly handle objects in memory. An atta ... oval:org.secpod.oval:def:32610 The host is installed with Microsoft Windows Vista SP2, Windows Server 2008 SP2, Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8, Windows Server 2012, Windows 8.1, Windows Server 2012 R2 or Windows 10 and is prone to remote code execution vulnerability via a crafted file. A flaw is present in t ... oval:org.secpod.oval:def:32611 The host is installed with Microsoft Windows Vista SP2, Windows Server 2008 SP2, Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8, Windows Server 2012, Windows 8.1, Windows Server 2012 R2 or Windows 10 and is prone to remote code execution vulnerability. A flaw is present in the system, which fa ... oval:org.secpod.oval:def:32609 The host is installed with Microsoft Windows Vista SP2, Windows Server 2008 SP2, Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8, Windows 8.1, Windows Server 2012 R2 or Windows 10 and is prone to privilege escalation vulnerability. A flaw is present in the system, which fails to load DLL file p ... oval:org.secpod.oval:def:32608 The host is missing an important security update according to Microsoft security bulletin, MS16-007. The update is required to fix multiple remote code execution vulnerabilities. The flaws are present in the operation system, which fail to load DLL files while processing. An attacker who successfull ... oval:org.secpod.oval:def:32913 The host is missing a critical security update according to Microsoft security bulletin, MS16-014. The update is required to fix multiple remote code execution vulnerabilities. The flaws are present in the Microsoft Windows, which fails to properly handle crafted file. Successful exploitation could ... oval:org.secpod.oval:def:32918 The host is installed with Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Server 2012, Windows 8.1, Server 2012 R2 or Windows 10 and is prone to a security bypass vulnerability. A flaw is present in the Windows, when Kerberos fails to check the password change of a user signing into ... oval:org.secpod.oval:def:32915 The host is installed with Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Server 2012, Windows 8.1, Server 2012 R2 or Windows 10 and is prone to remote code execution vulnerability. A flaw is present in the Windows, which fails validates input before loading dynamic link library (DLL ... oval:org.secpod.oval:def:32916 The host is installed with Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Server 2012, Windows 8.1, Server 2012 R2 or Windows 10 and is prone to remote code execution vulnerability. A flaw is present in the Windows, which fails validates input before loading dynamic link library (DLL ... oval:org.secpod.oval:def:33233 The host is installed with Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Server 2012, Windows 8.1, Server 2012 R2 or Windows 10 and is prone to an elevation of privilege vulnerability. A flaw is present in the Windows kernel, which fails to properly handle objects in memory. ... oval:org.secpod.oval:def:33232 The host is installed with Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Server 2012, Windows 8.1, Server 2012 R2 or Windows 10 and is prone to an elevation of privilege vulnerability. A flaw is present in the Windows kernel, which fails to properly handle objects in memory. ... oval:org.secpod.oval:def:33234 The host is installed with Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Server 2012, Windows 8.1, Server 2012 R2 or Windows 10 and is prone to an elevation of privilege vulnerability. A flaw is present in the Windows kernel, which fails to properly handle objects in memory. ... oval:org.secpod.oval:def:33231 The host is installed with Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Server 2012, Windows 8.1, Server 2012 R2 or Windows 10 and is prone to an elevation of privilege vulnerability. A flaw is present in the Windows Kernel, which fails to properly handle objects in memory. ... oval:org.secpod.oval:def:33230 The host is missing a important security update according to Microsoft security bulletin, MS16-034. The update is required to fix multiple elevation of privilege vulnerabilities. The flaws are present in the Windows Kernel, which fails to handle specific Kernel objects in memory. Successful exploita ... oval:org.secpod.oval:def:33229 The host is installed with Microsoft Windows Server 2008, 2008 R2, 2012, 2012 R2, Windows Vista, 7, 8.1 or 10 and is prone to a denial of service vulnerability. A flaw is present in the application, which improperly handles specially crafted document and specially crafted embedded OpenType fonts. An ... oval:org.secpod.oval:def:33226 The host is missing a important security update according to Microsoft security bulletin, MS16-032. The update is required to fix an elevation of privilege vulnerability. A flaw is present in the Secondary Logon Service in Microsoft Windows, which fails to properly manage request handles in memory. ... oval:org.secpod.oval:def:33225 The host is installed with Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Server 2012, Windows 8.1, Server 2012 R2 or Windows 10 and is prone to an elevation of privilege vulnerability. A flaw is present in the Secondary Logon Service in Microsoft Windows, which fails to properly man ... oval:org.secpod.oval:def:33228 The host is installed with Microsoft Windows Server 2008, 2008 R2, 2012, 2012 R2, Windows Vista, 7, 8.1 or 10 and is prone to a remote code execution vulnerability. A flaw is present in the application, which improperly handles specially crafted fonts. An attacker who successfully exploited this vul ... oval:org.secpod.oval:def:33227 The host is missing a important security update according to Microsoft security bulletin, MS16-026. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which improperly handles specially crafted fonts. An attacker who successfully exploited this vulnerab ... oval:org.secpod.oval:def:33222 The host is missing an important security update according to Microsoft security bulletin, MS16-030. The update is required to fix remote code execution vulnerabilities. The flaws are present in the Windows OLE, which fails to properly validate user input. Successful exploitation could allow attacke ... oval:org.secpod.oval:def:33221 The host is installed with Microsoft Windows Server 2008, Server 2008 R2, Windows Vista, Windows 7, Server 2012, Server 2012 R2, Windows 8.1 or Windows 10 and is prone to a remote code execution vulnerability. A flaw is present in the Windows OLE, which fails to properly validate user input. Success ... oval:org.secpod.oval:def:33224 The host is missing an important security update according to Microsoft security bulletin, MS16-033. The update is required to fix an elevation of privilege vulnerability. A flaw is present in USB Mass Storage, which fails to properly validate objects in memory. Successful exploitation could allow a ... oval:org.secpod.oval:def:33223 The host is installed with Microsoft Windows Server 2008, Server 2008 R2, Windows Vista, Windows 7, Server 2012, Server 2012 R2, Windows 8.1 or Windows 10 and is prone to an elevation of privilege vulnerability. A flaw is present in USB Mass Storage, which fails to properly validate objects in memor ... oval:org.secpod.oval:def:33220 The host is installed with Microsoft Windows Server 2008, Server 2008 R2, Windows Vista, Windows 7, Server 2012, Server 2012 R2, Windows 8.1 or Windows 10 and is prone to a remote code execution vulnerability. A flaw is present in the Windows OLE, which fails to properly validate user input. Success ... oval:org.secpod.oval:def:33798 The host is installed with Microsoft XML Core Services 3.0 in Microsoft Windows Server 2012, Windows server2012 R2, Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 10 or Windows 8.1 and is prone to a remote code execution vulnerability. A flaw is present in the application, wh ... oval:org.secpod.oval:def:33797 The host is missing a critical security update according to Microsoft security bulletin, MS16-040. The update is required to fix a remote code execution vulnerability. A flaw is present in the application, which fails to handle parser while processing user input. Successful exploitation could allow ... oval:org.secpod.oval:def:34338 The host is installed with Vbscript 5.7, Internet Explorer 7, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which improperly handles JScript and VBScript engines render when handling objects in memory in Internet Explorer. Successful exploitatio ... oval:org.secpod.oval:def:34333 The host is missing an critical security update according to Microsoft security bulletin, MS16-051. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which improperly accesses objects in memory. Successful exploitation can corrupt memory in such a way ... oval:org.secpod.oval:def:35629 The host is installed with Vbscript 5.7, Internet Explorer 7, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in VBScript engine, which improperly handles objects in memory in Internet Explorer. Successful exploitation could allow attackers to gain the same user righ ... oval:org.secpod.oval:def:35627 The host is installed with Vbscript 5.7, Internet Explorer 7, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in VBScript engine, which improperly handles objects in memory in Internet Explorer. Successful exploitation could allow attackers to gain the same user righ ... oval:org.secpod.oval:def:35628 The host is installed with Vbscript 5.7, Internet Explorer 7, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in VBScript engine, which improperly handles objects in memory in Internet Explorer. Successful exploitation could allow attackers to gain the same user righ ... oval:org.secpod.oval:def:35945 The host is installed with Vbscript 5.7, Internet Explorer 7, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in VBScript engine, which improperly handles objects in memory in Internet Explorer. Successful exploitation could allow attackers to corrupt memory, execute ... oval:org.secpod.oval:def:37476 The host is installed with Internet Explorer 9, 10 or 11 and is prone to an information disclosure vulnerability. A flaw is present in the Internet Messaging API, which fails to properly handle objects in memory. Successful exploitation could allow the attacker to test for the presence of files on d ... oval:org.secpod.oval:def:38294 The host is installed with Microsoft Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8.1, Windows 10, Server 2012, Server 2016 or Server 2012 R2 and is prone to a remote code execution vulnerability. A flaw is present in the Windows Uniscribe, which fails to properly h ... oval:org.secpod.oval:def:39308 The host is installed with Microsoft XML Core Services 3.0 in Microsoft Windows Server 2012, Windows server2012 R2, Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Server 2016, Windows 10 or Windows 8.1 and is prone to an information Disclosure vulnerability. A flaw is present in the ... oval:org.secpod.oval:def:39309 The host is missing a critical security update according to Microsoft security bulletin, MS17-022. The update is required to fix an information disclosure vulnerability. A flaw is present in the application, which fails to properly handle objects in memory. Successful exploitation could allow attack ... oval:org.secpod.oval:def:47218 An attacker who has successfully exploited L1TF may be able to read privileged data across trust boundaries. In shared resource environments (such that exist in some cloud services configurations), this vulnerability could allow one virtual machine to improperly access information from another. An a ... oval:org.secpod.oval:def:61871 An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory, allowing an attacker to retrieve information from a targeted system. By itself, the information disclosure does not allow arbitrary code execution; however, it could ... oval:org.secpod.oval:def:57923 A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability ... oval:org.secpod.oval:def:26552 The host is installed with .NET Framework 2.0 SP2, 3.5, 3.5.1, 4.0, 4.5, 4.5.1, 4.5.2 or 4.6 and is prone to an elevation of privilege vulnerability. A flaw is present in the application, which fails to validate the number of objects in memory before copying those objects into an array. An attacker ... oval:org.secpod.oval:def:26554 The host is missing an important security update according to Microsoft bulletin, MS15-101. The update is required to fix multiple elevation of privilege vulnerabilities. The flaws are present in the application, which improperly optimizes certain parameters resulting in a code generation error. An ... oval:org.secpod.oval:def:33790 The host is missing a important security update according to Microsoft security bulletin, MS16-047. The update is required to fix SAM and LSAD downgrade vulnerability. A flaw is present in the Security Account Manager (SAM) and Local Security Authority (Domain Policy) (LSAD) remote protocols, which ... oval:org.secpod.oval:def:33789 The host is installed with Microsoft Windows Vista SP2, Windows Server 2008 SP2, Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1, Windows Server 2012 R2 or Windows 10 and is prone to SAM and LSAD downgrade vulnerability. A flaw is present in the Security Account Manager (SAM) and Local Securi ... oval:org.secpod.oval:def:25855 The host is installed with Microsoft Microsoft Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8, Server 2012, Windows 8.1, Server 2012 R2, Windows 10, .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, or 4.6 and is prone to an Onetype font parsing vulnerabilit ... oval:org.secpod.oval:def:34326 The host is installed with Microsoft Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8.1, Windows 10, Server 2012 or 2012 R2 and is prone to an use-after-free vulnerability. A flaw is present in the Windows GDI component, which fails to handle objects in memory. Succes ... oval:org.secpod.oval:def:34323 The host is missing an critical security update according to Microsoft security bulletin, MS16-055. The update is required to fix multiple vulnerabilities. A flaw is present in the Windows graphics component, which fails to handle objects in memory. Successful exploitation could allow attackers to o ... oval:org.secpod.oval:def:34324 The host is installed with Microsoft Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8.1, Server 2012 or 2012 R2 and is prone to a memory corruption vulnerability. A flaw is present in the windows imaging component, which fails to handle objects in memory. Successful e ... oval:org.secpod.oval:def:34312 The host is installed with Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Server 2012, Windows 8.1, Server 2012 R2 or Windows 10 and is prone to an elevation of privilege vulnerability. A flaw is present in the application, which fails to properly handle parsing of certain symbolic l ... oval:org.secpod.oval:def:34313 The host is missing an important security update according to Microsoft security bulletin, MS16-060. The update is required to fix an elevation of privilege vulnerability. A flaw is present in the application, which fails to properly handle parsing of certain symbolic links. Successful exploitation ... oval:org.secpod.oval:def:34310 The host is installed with Microsoft Windows Vista, 7, 8.1, 10, Server 2008, 2008 R2, 2012 or 2012 R2 and is prone to a RPC network data representation engine elevation of privilege vulnerability. A flaw is present in the application, which fails to properly handle specially crafted Remote Procedure ... oval:org.secpod.oval:def:34311 The host is missing an important security update according to Microsoft security bulletin, MS16-061. The update is required to fix a RPC network data representation engine elevation of privilege vulnerability. A flaw is present in the application, which fails to properly handle specially crafted Rem ... oval:org.secpod.oval:def:33967 The host is installed with Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Server 2012, Windows 8.1, Server 2012 R2 or Windows 10 and is prone to an elevation of privilege vulnerability. A flaw is present in the Windows Kernel, which fails to properly handle objects in memory. ... oval:org.secpod.oval:def:33966 The host is installed with Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Server 2012, Windows 8.1, Server 2012 R2 or Windows 10 and is prone to an elevation of privilege vulnerability. A flaw is present in the Windows Kernel, which fails to properly handle objects in memory. ... oval:org.secpod.oval:def:33965 The host is installed with Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Server 2012, Windows 8.1, Server 2012 R2 or Windows 10 and is prone to an elevation of privilege vulnerability. A flaw is present in the Windows Kernel, which fails to properly handle objects in memory. ... oval:org.secpod.oval:def:33262 The host is installed with .NET Framework 2.0 SP2, 3.0, 3.5, 3.5.1, 4.5.2, 4.6 or 4.6.1 and is prone to a security feature bypass vulnerability. A flaw is present in the .NET Framework component, which does not properly validate certain elements of a signed XML document. Successful exploitation allo ... oval:org.secpod.oval:def:33261 The host is missing a important security update according to Microsoft security bulletin, MS16-035. The update is required to fix a security feature bypass vulnerability. The flaw is present in the .NET Framework, which does not properly validate certain elements of a signed XML document. Successful ... oval:org.secpod.oval:def:31010 The host is installed with .Net framework 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2 or 4.6 and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to handle specially crafted XML files. An attacker who successfully exploited this vulnerability could ... oval:org.secpod.oval:def:31011 The host is installed with .Net framework 4, 4.5, 4.5.1, 4.5.2 or 4.6 and is prone to an elevation of privilege vulnerability. A flaw is present in the application, which improperly validates values in HTTP requests. An attacker who successfully exploited the vulnerability could leverage a vulnerabl ... oval:org.secpod.oval:def:31012 The host is installed with .Net framework 2.0 SP2, 3.5.1 and is prone to an ASLR bypass vulnerability. A flaw is present in the application, which does not properly implement the Address Space Layout Randomization (ASLR) security feature. An attacker who successfully exploited this vulnerability cou ... oval:org.secpod.oval:def:31013 The host is missing an important security update according to Microsoft bulletin, MS15-118. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted vectors. An attacker who successfully exploited this vulnerability could take co ... oval:org.secpod.oval:def:35571 The host is missing an important security update according to Microsoft security bulletin, MS16-072. The update is required to fix a group policy elevation of privilege vulnerability. A flaw is present in the group policy, which fails to properly handle group policy updates process. An attacker who ... oval:org.secpod.oval:def:35572 The host is installed with Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Server 2012, Windows 8.1, Server 2012 R2 or Windows 10 and is prone to a group policy elevation of privilege vulnerability. A flaw is present in the group policy, which fails to properly handle group po ... oval:org.secpod.oval:def:35581 The host is missing an important security update according to Microsoft security bulletin, MS16-073. The update is required to fix multiple vulnerabilities. The flaws are present in the Windows, which fails to properly handle objects in memory and memory addresses. An attacker who successfully explo ... oval:org.secpod.oval:def:35588 The host is installed with Microsoft Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8.1, Server 2012, Server 2012 R2 or Windows 10 and is prone to an information disclosure vulnerability. A flaw is present in the windows graphics component, which fails to handle objec ... oval:org.secpod.oval:def:35589 The host is installed with Microsoft Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8.1, Server 2012, Server 2012 R2 or Windows 10 and is prone to an elevation of privilege vulnerability. A flaw is present in the adobe type manager font driver, which fails to handle o ... oval:org.secpod.oval:def:35587 The host is missing a critical security update according to Microsoft security bulletin, MS16-074. The update is required to fix multiple vulnerabilities. The flaws are present in the windows graphics component, which fails to handle objects in memory. Successful exploitation could allow attackers t ... oval:org.secpod.oval:def:35582 The host is installed with Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Server 2012, Windows 8.1, Server 2012 R2 or Windows 10 and is prone to an elevation of privilege vulnerability. A flaw is present in the Windows Kernel, which fails to properly handle objects in memory. ... oval:org.secpod.oval:def:35583 The host is installed with Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Server 2012, Windows 8.1, Server 2012 R2 or Windows 10 and is prone to an elevation of privilege vulnerability. A flaw is present in the Windows Kernel, which fails to properly handle objects in memory. ... oval:org.secpod.oval:def:35953 The host is missing a critical security update according to Microsoft security bulletin, MS16-087. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to execute arbitrary ... oval:org.secpod.oval:def:35951 The host is installed with Microsoft Windows Vista, Windows 7, Windows 8.1, Windows 10, Windows Server 2008, Server 2008 R2, Server 2012 or Server 2012 R2 and is prone to a remote code execution vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful explo ... oval:org.secpod.oval:def:35952 The host is installed with Microsoft Windows Vista, Windows 7, Windows 8.1, Windows 10, Windows Server 2008, Server 2008 R2, Server 2012 or Server 2012 R2 and is prone to an elevation privilege vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploi ... oval:org.secpod.oval:def:35946 The host is installed with .NET Framework 2.0 SP2, 3.5.1, 4.5.2, 4.6 or 4.6.1 and is prone to an information disclosure vulnerability. A flaw is present in the application, which improperly parses XML input containing a reference to an external entity. Successful exploitation allows attackers to rea ... oval:org.secpod.oval:def:35947 The host is missing an important security update according to Microsoft security bulletin, MS16-091. The update is required to fix an information disclosure vulnerability. A flaw is present in the application, which improperly parses XML input containing a reference to an external entity. Successful ... oval:org.secpod.oval:def:34356 The host is missing an important security update according to Microsoft security bulletin, MS16-062. The update is required to fix multiple vulnerabilities. A flaw is present in the Windows, which fails to properly handle objects in memory and memory addresses. An attacker who successfully exploited ... oval:org.secpod.oval:def:34354 The host is installed with Microsoft Server 2008, Server 2008 R2, Windows Vista, Windows 7, Server 2012, Server 2012 R2, Windows 8.1 or Windows 10 and is prone to an elevation of privilege vulnerability. A flaw is present in the application, which fails to handle objects in memory and incorrectly ma ... oval:org.secpod.oval:def:34352 The host is installed with Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Server 2012, Windows 8.1, Server 2012 R2 or Windows 10 and is prone to an elevation of privilege vulnerability. A flaw is present in the Windows Kernel, which fails to properly handle objects in memory. ... oval:org.secpod.oval:def:34353 The host is installed with Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Server 2012, Windows 8.1, Server 2012 R2 or Windows 10 and is prone to an information disclosure vulnerability. A flaw is present in the Windows Kernel, which fails to properly handle memory addresses. ... oval:org.secpod.oval:def:34350 The host is installed with Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Server 2012, Windows 8.1, Server 2012 R2 or Windows 10 and is prone to an elevation of privilege vulnerability. A flaw is present in the Windows Kernel, which fails to properly handle objects in memory. ... oval:org.secpod.oval:def:34351 The host is installed with Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Server 2012, Windows 8.1, Server 2012 R2 or Windows 10 and is prone to an elevation of privilege vulnerability. A flaw is present in the Windows Kernel, which fails to properly handle objects in memory. ... oval:org.secpod.oval:def:34349 The host is installed with Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Server 2012, Windows 8.1, Server 2012 R2 or Windows 10 and is prone to an elevation of privilege vulnerability. A flaw is present in the Windows Kernel, which fails to properly handle objects in memory. ... oval:org.secpod.oval:def:34330 The host is missing an critical security update according to Microsoft security bulletin, MS16-065. The update is required to fix a TLS/SSL information disclosure vulnerability. A flaw is present in the TLS/SSL protocol, which fails to properly handle an injection of unencrypted data into the secure ... oval:org.secpod.oval:def:34329 The host is installed with .NET Framework 2.0 SP2, 3.5.1, 4.5.2, 4.6 or 4.6.1 and is prone to a TLS/SSL information disclosure vulnerability. A flaw is present in the TLS/SSL protocol, which fails to properly handle an injection of unencrypted data into the secure channel and then man-in-the-middle ... oval:org.secpod.oval:def:34327 The host is installed with Microsoft Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8.1, Windows 10, Server 2012 or 2012 R2 and is prone to an information disclosure vulnerability. A flaw is present in the Windows GDI component, which improperly discloses the contents ... oval:org.secpod.oval:def:34328 The host is installed with Microsoft Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8.1, Windows 10, Server 2012 or 2012 R2 and is prone to an information disclosure vulnerability. A flaw is present in the Windows GDI component, which improperly discloses the contents ... oval:org.secpod.oval:def:35610 The host is installed with Microsoft Windows Vista SP2, Windows Server 2008 SP2, Windows 7 SP1, Windows Server 2008 R2 SP1, Windows Server 2012, Windows 8.1, Windows Server 2012 R2 or Windows 10 and is prone to an elevation of privilege vulnerability. A flaw is present in the microsoft server messag ... oval:org.secpod.oval:def:35609 The host is missing an important security update according to Microsoft security bulletin, MS16-075. The update is required to fix an elevation of privilege vulnerability. A flaw is present in the microsoft server message block, which fails to handle authentication request intended for another servi ... oval:org.secpod.oval:def:35620 The host is installed with Internet Explorer 9, 10 or 11 and is prone to an elevation of privilege vulnerability. A flaw is present in the application, where Web Proxy Auto Discovery (WPAD) protocol falls back to a vulnerable proxy discovery process. Successful exploitation could allow attackers to ... oval:org.secpod.oval:def:35614 The host is missing an important security update according to Microsoft security bulletin, MS16-077. The update is required to fix multiple elevation of privilege vulnerabilities. The flaws are present in the application, which improperly handle certain proxy discovery scenarios using the Web Proxy ... oval:org.secpod.oval:def:35615 The host is installed with Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Server 2012, Windows 8.1, Server 2012 R2 or Windows 10 and is prone to an elevation of privilege vulnerability. A flaw is present in the application, which improperly handle certain proxy discovery scen ... oval:org.secpod.oval:def:35613 The host is missing a critical security update according to Microsoft security bulletin, MS16-063. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle objects in memory or Web Proxy Auto Discovery (WPAD) protocol. Successful exploit ... oval:org.secpod.oval:def:35865 The host is installed with Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Server 2012, Windows 8.1, Server 2012 R2 or Windows 10 and is prone to an information disclosure vulnerability. A flaw is present in the Windows GDI component, which improperly discloses kernel memory a ... oval:org.secpod.oval:def:35866 The host is missing an important security update according to Microsoft bulletin, MS16-090. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which improperly handles kernel memory. An attacker who successfully exploited these vulnerabilities could obt ... oval:org.secpod.oval:def:35863 The host is installed with Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Server 2012, Windows 8.1, Server 2012 R2 or Windows 10 and is prone to an elevation of privilege vulnerability. A flaw is present in the Windows Kernel, which fails to properly handle objects in memory. ... oval:org.secpod.oval:def:35861 The host is installed with Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Server 2012, Windows 8.1, Server 2012 R2 or Windows 10 and is prone to an elevation of privilege vulnerability. A flaw is present in the Windows Kernel, which fails to properly handle objects in memory. ... oval:org.secpod.oval:def:35862 The host is installed with Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Server 2012, Windows 8.1, Server 2012 R2 or Windows 10 and is prone to an elevation of privilege vulnerability. A flaw is present in the Windows Kernel, which fails to properly handle objects in memory. ... oval:org.secpod.oval:def:35860 The host is installed with Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Server 2012, Windows 8.1, Server 2012 R2 or Windows 10 and is prone to an elevation of privilege vulnerability. A flaw is present in the Windows Kernel, which fails to properly handle objects in memory. ... oval:org.secpod.oval:def:41215 An Denial Of Service vulnerability exists when Windows Explorer attempts to open a non-existent file.An attacker who successfully exploited this vulnerability could cause a denial of service.A attacker could exploit this vulnerability by hosting a specially crafted web site and convince a user to br ... oval:org.secpod.oval:def:42330 An information disclosure vulnerability exists in the Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (ASLR) bypass. An attacker who successfully exploited the vulnerability could retrieve the memory address of a kern ... oval:org.secpod.oval:def:44970 An information disclosure vulnerability exists when the Windows kernel fails to properly initialize a memory address. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. To exploit this vulnerability, an attacker would have to l ... oval:org.secpod.oval:def:44974 An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. To exploit this vulnerability, an attacker would have to log on to ... oval:org.secpod.oval:def:46372 An elevation of privilege vulnerability exists when Windows fails a check, allowing a sandbox escape. An attacker who successfully exploited the vulnerability could use the sandbox escape to elevate privileges on an affected system. This vulnerability by itself does not allow arbitrary code executi ... oval:org.secpod.oval:def:59685 An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delet ... oval:org.secpod.oval:def:36997 The host is missing an important security update according to Microsoft bulletin, MS16-098. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which improperly handles kernel memory. An attacker who successfully exploited these vulnerabilities could obt ... oval:org.secpod.oval:def:36995 The host is installed with Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Server 2012, Windows 8.1, Server 2012 R2 or Windows 10 and is prone to an elevation of privilege vulnerability. A flaw is present in the Windows Graphics Device Interface (GDI), which fails to properly ... oval:org.secpod.oval:def:36994 The host is installed with Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Server 2012, Windows 8.1, Server 2012 R2 or Windows 10 and is prone to an information disclosure vulnerability. A flaw is present in the Windows Graphics Device Interface (GDI), which fails to properly ... oval:org.secpod.oval:def:36992 The host is installed with Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Server 2012, Windows 8.1, Server 2012 R2 or Windows 10 and is prone to an elevation of privilege vulnerability. A flaw is present in the Windows Kernel, which fails to properly handle objects in memory. ... oval:org.secpod.oval:def:37011 The host is missing an important security update according to Microsoft security bulletin, MS16-111. The update is required to fix an elevation of privilege vulnerability. A flaw is present in the application, which fails to properly handle session objects and kernel API enforced permissions. Succes ... oval:org.secpod.oval:def:37010 The host is installed with Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Server 2012, Windows 8.1, Server 2012 R2 or Windows 10 and is prone to an elevation of privilege vulnerability. A flaw is present in the application, which fails to properly handle session objects. Successful e ... oval:org.secpod.oval:def:37009 The host is installed with Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Server 2012, Windows 8.1, Server 2012 R2 or Windows 10 and is prone to an elevation of privilege vulnerability. A flaw is present in the application, which fails to properly handle session objects. Successful e ... oval:org.secpod.oval:def:37008 The host is installed with Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Server 2012, Windows 8.1, Server 2012 R2 or Windows 10 and is prone to an elevation of privilege vulnerability. A flaw is present in the application, which fails to properly handle kernel API enforced permissio ... oval:org.secpod.oval:def:37007 The host is installed with Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Server 2012, Windows 8.1, Server 2012 R2 or Windows 10 and is prone to an elevation of privilege vulnerability. A flaw is present in the application, where kernel API improperly allows a user to access sensitiv ... oval:org.secpod.oval:def:36743 The host is installed with Microsoft Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8.1, 10, Server 2012 or Server 2012 R2 and is prone to a kerberos security feature bypass vulnerability. A flaw is present in the Windows Kerberos, which fails to properly handle a pas ... oval:org.secpod.oval:def:36742 The host is missing an important security update according to Microsoft security bulletin, MS16-101. The update is required to fix multiple vulnerabilities. The flaws are present in the Windows Kerberos, which fails to properly handle a password change request and falls back to NT LAN Manager (NTLM) ... oval:org.secpod.oval:def:36723 The host is installed with Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Server 2012, Windows 8.1, Server 2012 R2 or Windows 10 and is prone to an elevation of privilege vulnerability. A flaw is present in the Windows Kernel, which fails to properly handle objects in memory. ... oval:org.secpod.oval:def:36722 The host is installed with Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Server 2012, Windows 8.1, Server 2012 R2 or Windows 10 and is prone to an elevation of privilege vulnerability. A flaw is present in the Windows Kernel, which fails to properly handle objects in memory. ... oval:org.secpod.oval:def:36721 The host is installed with Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Server 2012, Windows 8.1, Server 2012 R2 or Windows 10 and is prone to an elevation of privilege vulnerability. A flaw is present in the Windows Kernel, which fails to properly handle objects in memory. ... oval:org.secpod.oval:def:36720 The host is installed with Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Server 2012, Windows 8.1, Server 2012 R2 or Windows 10 and is prone to an elevation of privilege vulnerability. A flaw is present in the Windows Kernel, which fails to properly handle objects in memory. ... oval:org.secpod.oval:def:36719 The host is missing an important security update according to Microsoft bulletin, MS16-098. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which improperly handles kernel memory. An attacker who successfully exploited these vulnerabilities could obt ... oval:org.secpod.oval:def:37437 The host is installed with Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Server 2012, Windows 8.1, Server 2012 R2 or Windows 10 and is prone to an elevation of privilege vulnerability. A flaw is present in the Windows Kernel, which fails to properly handle objects in memory. ... oval:org.secpod.oval:def:37435 The host is installed with Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Server 2012, Windows 8.1, Server 2012 R2 or Windows 10 and is prone to an elevation of privilege vulnerability. A flaw is present in the Windows Kernel, which fails to properly handle objects in memory. ... oval:org.secpod.oval:def:37891 The host is installed with Microsoft Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8.1, 10, Server 2012 or Server 2012 R2 and is prone to an elevation of privilege vulnerability. A flaw is present in the Windows Common Log File System Driver, which fails to properly ... oval:org.secpod.oval:def:37890 The host is installed with Microsoft Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8.1, 10, Server 2012 or Server 2012 R2 and is prone to an elevation of privilege vulnerability. A flaw is present in the Windows Common Log File System Driver, which fails to properly ... oval:org.secpod.oval:def:37898 The host is missing an important security update according to Microsoft security bulletin, MS16-134. The update is required to fix multiple elevation of privilege vulnerabilities. The flaws are present in the Windows Common Log File System Driver, which fails to properly handle objects in memory. An ... oval:org.secpod.oval:def:37897 The host is installed with Microsoft Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8.1, 10, Server 2012 or Server 2012 R2 and is prone to an elevation of privilege vulnerability. A flaw is present in the Windows Common Log File System Driver, which fails to properly ... oval:org.secpod.oval:def:37896 The host is installed with Microsoft Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8.1, 10, Server 2012 or Server 2012 R2 and is prone to an elevation of privilege vulnerability. A flaw is present in the Windows Common Log File System Driver, which fails to properly ... oval:org.secpod.oval:def:37895 The host is installed with Microsoft Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8.1, 10, Server 2012 or Server 2012 R2 and is prone to an elevation of privilege vulnerability. A flaw is present in the Windows Common Log File System Driver, which fails to properly ... oval:org.secpod.oval:def:37894 The host is installed with Microsoft Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8.1, 10, Server 2012 or Server 2012 R2 and is prone to an elevation of privilege vulnerability. A flaw is present in the Windows Common Log File System Driver, which fails to properly ... oval:org.secpod.oval:def:37893 The host is installed with Microsoft Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8.1, 10, Server 2012 or Server 2012 R2 and is prone to an elevation of privilege vulnerability. A flaw is present in the Windows Common Log File System Driver, which fails to properly ... oval:org.secpod.oval:def:37892 The host is installed with Microsoft Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8.1, 10, Server 2012 or Server 2012 R2 and is prone to an elevation of privilege vulnerability. A flaw is present in the Windows Common Log File System Driver, which fails to properly ... oval:org.secpod.oval:def:37889 The host is installed with Microsoft Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8.1, 10, Server 2012 or Server 2012 R2 and is prone to an elevation of privilege vulnerability. A flaw is present in the Windows Common Log File System Driver, which fails to properly ... oval:org.secpod.oval:def:37888 The host is installed with Microsoft Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8.1, 10, Server 2012 or Server 2012 R2 and is prone to an elevation of privilege vulnerability. A flaw is present in the Windows Common Log File System Driver, which fails to properly ... oval:org.secpod.oval:def:37072 The host is missing an critical security update according to Microsoft security bulletin, MS16-116. The update is required to fix a memory corruption vulnerability. A flaw is present in the application, which fails to handle objects in memory. Successful exploitation could allow attackers to run arb ... oval:org.secpod.oval:def:37069 The host is installed with Internet Explorer 9, 10, 11 and is prone to a memory corruption vulnerability. A flaw is present in Internet Explorer, which improperly handles objects in memory. Successful exploitation could allow attackers to gain the same user rights as the current user, if the current ... oval:org.secpod.oval:def:37055 The host is missing an important security update according to Microsoft bulletin, MS16-110. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to properly handle crafted vectors. An attacker who successfully exploited this vulnerability coul ... oval:org.secpod.oval:def:37053 The host is installed with Microsoft Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8.1, 10, Server 2012 or Server 2012 R2 and is prone to a remote code execution vulnerability. A flaw is present in the application, which fails to properly handle objects in memory. An ... oval:org.secpod.oval:def:37050 The host is missing an important security update according to Microsoft security bulletin, MS16-114. The update is required to fix a remote code execution vulnerability. A flaw is present in the application, which improperly handles crafted packets. Successful exploitation could allow attackers to e ... oval:org.secpod.oval:def:37049 The host is installed with Microsoft Windows Vista SP2, Windows 7 SP1, Windows 8.1, Windows 10, Windows Server 2008 SP2,Windows Server 2008 R2 SP1, Windows Server 2012 or Windows Server 2012 R2 and is prone to a remote code execution vulnerability. A flaw is present in the application, which imprope ... oval:org.secpod.oval:def:37440 The host is missing a critical security update according to Microsoft security bulletin, MS16-123. The update is required to fix multiple elevation of privilege vulnerabilities. A flaw is present in the Windows Kernel, which fails to properly handle objects in memory. An attacker who successfully ex ... oval:org.secpod.oval:def:37445 The host is missing an important security update according to Microsoft security bulletin, MS16-124. The update is required to fix an elevation of privilege vulnerability. A flaw is present in the application, which fails to properly handle session objects and kernel API enforced permissions. Succes ... oval:org.secpod.oval:def:37441 The host is installed with Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Server 2012, Windows 8.1, Server 2012 R2 or Windows 10 and is prone to an elevation of privilege vulnerability. A flaw is present in the application, which fails to properly handle session objects. Successful e ... oval:org.secpod.oval:def:37439 The host is installed with Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Server 2012, Windows 8.1, Server 2012 R2 or Windows 10 and is prone to an elevation of privilege vulnerability. A flaw is present in the Windows Kernel, which fails to properly handle objects in memory. ... oval:org.secpod.oval:def:37438 The host is installed with Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Server 2012, Windows 8.1, Server 2012 R2 or Windows 10 and is prone to an elevation of privilege vulnerability. A flaw is present in the Windows Kernel, which fails to properly handle objects in memory. ... oval:org.secpod.oval:def:37493 The host is installed with Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Server 2012, Windows 8.1, Server 2012 R2 or Windows 10 and is prone to a remote code execution vulnerability. A flaw is present in the Windows Graphics Component, which fails to properly handle objects ... oval:org.secpod.oval:def:37492 The host is installed with Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Server 2012, Windows 8.1, Server 2012 R2 or Windows 10 and is prone to an elevation of privilege vulnerability. A flaw is present in the Windows Kernel, which fails to properly handle objects in memory. ... oval:org.secpod.oval:def:37925 The host is missing an important security update according to Microsoft security bulletin, MS16-137. The update is required to fix multiple vulnerability. A flaw is present in the application, which fails to properly handle crafted vectors. An attacker who successfully exploited this vulnerability c ... oval:org.secpod.oval:def:37923 The host is installed with Microsoft Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8.1, 10, Server 2012 or Server 2012 R2 and is prone to an elevation of privilege vulnerability. A flaw is present in the Windows NTLM, which fails to properly handle NTLM password chan ... oval:org.secpod.oval:def:37922 The host is installed with Microsoft Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8.1, 10, Server 2012 or Server 2012 R2 and is prone to a denial of service vulnerability. A flaw is present in the Windows Local Security Authority Subsystem Service (LSASS), which fai ... oval:org.secpod.oval:def:37921 The host is missing an important security update according to Microsoft security bulletin, MS16-135. The update is required to fix multiple vulnerabilities. The flaws are present in the Windows Kernel-mode driver, which fails to properly handle a specially crafted application. An attacker who succes ... oval:org.secpod.oval:def:37920 The host is installed with Microsoft Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8.1, 10, Server 2012, Server 2012 R2 or Server 2016 and is prone to an elevation of privilege vulnerability. A flaw is present in the Windows kernel-mode driver, which fails to properl ... oval:org.secpod.oval:def:37918 The host is installed with Microsoft Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8.1, 10, Server 2012, Server 2012 R2 or Server 2016 and is prone to an information disclosure vulnerability. A flaw is present in the Windows Bowser.sys Kernel-Mode driver, which fails ... oval:org.secpod.oval:def:37917 The host is installed with Microsoft Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8.1, 10, Server 2012, Server 2012 R2 or Server 2016 and is prone to an elevation of privilege vulnerability. A flaw is present in the Windows kernel-mode driver, which fails to properl ... oval:org.secpod.oval:def:37916 The host is installed with Microsoft Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8.1, 10, Server 2012, Server 2012 R2 or Server 2016 and is prone to an information disclosure vulnerability. A flaw is present in the Windows Kernel, which fails to properly handle spe ... oval:org.secpod.oval:def:39409 Multiple information disclosure vulnerabilities exist in the way that the Color Management Module (ICM32.dll) handles objects in memory. These vulnerabilities allow an attacker to retrieve information to bypassusermode ASLR (Address Space Layout Randomization) on a targeted system. By itself, the in ... oval:org.secpod.oval:def:39400 An elevation of privilege vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete da ... oval:org.secpod.oval:def:39401 An elevation of privilege vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete da ... oval:org.secpod.oval:def:39402 An elevation of privilege vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete da ... oval:org.secpod.oval:def:39403 An elevation of privilege vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete da ... oval:org.secpod.oval:def:39405 An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory, allowing an attacker to retrieve information from a targeted system. By itself, the information disclosure does not allow arbitrary code execution; however, it could ... oval:org.secpod.oval:def:39114 The host is installed with Microsoft Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8.1, Server 2012, Server 2012 R2, Server 2016, or Windows 10 and is prone to an information disclosure vulnerability. A flaw is present in the windows GDI, which fails to handle a craf ... oval:org.secpod.oval:def:38291 The host is missing an important security update according to Microsoft security bulletin, MS16-153. The update is required to fix an information disclosure vulnerability. A flaw is present in the Windows Common Log File System Driver, which fails to properly handle objects in memory. An attacker wh ... oval:org.secpod.oval:def:38292 The host is installed with Microsoft Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8.1, Windows 10, Server 2012, Server 2016 or Server 2012 R2 and is prone to an information disclosure vulnerability. A flaw is present in the Windows Common Log File System Driver, whi ... oval:org.secpod.oval:def:38293 The host is missing an important security update according to Microsoft security bulletin, MS16-147. The update is required to fix a remote code execution vulnerability. A flaw is present in the Windows Uniscribe, which fails to properly handle objects in memory. An attacker who successfully exploit ... oval:org.secpod.oval:def:38296 The host is installed with Microsoft Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8.1, Server 2012, Server 2012 R2, Windows 10 or Server 2016 and is prone to a remote code execution vulnerability. A flaw is present in the windows GDI component, which improperly hand ... oval:org.secpod.oval:def:38298 The host is missing an critical security update according to Microsoft bulletin, MS16-146. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to properly handle crafted website. Successful exploitation could allow remote code execution. oval:org.secpod.oval:def:38320 The host is installed with Microsoft Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8.1, Windows 10, Server 2012, Server 2016 or Server 2012 R2 and is prone to an elevation of privilege Vulnerability. A flaw is present in the Windows kernel-mode driver, which fails to ... oval:org.secpod.oval:def:38318 The host is missing an important security update according to Microsoft security bulletin, MS16-151. The update is required to fix multiple vulnerabilities. The flaws are present in the Windows Kernel-mode driver, which fails to properly handle a specially crafted application. An attacker who succes ... oval:org.secpod.oval:def:38319 The host is installed with Microsoft Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8.1, Windows 10, Server 2012, Server 2016 or Server 2012 R2 and is prone to an elevation of privilege Vulnerability. A flaw is present in the Microsoft Graphics Component, which fails ... oval:org.secpod.oval:def:38315 The host is installed with Microsoft Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8.1, 10, Server 2012, Server 2012 R2 or Server 2016 and is prone to an information disclosure vulnerability. A flaw is present in the Windows Crypto Driver, which improperly handles ob ... oval:org.secpod.oval:def:38316 The host is installed with Microsoft Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8.1, 10, Server 2012, Server 2012 R2 or Server 2016 and is prone to an elevation of privilege vulnerability. A flaw is present in the Windows Installer, which improperly sanitize input ... oval:org.secpod.oval:def:38317 The host is missing an important security update according to Microsoft bulletin, MS16-149. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to properly handle crafted application. Successful exploitation could allow elevation of privileg ... oval:org.secpod.oval:def:37939 The host is installed with Microsoft Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8.1, Server 2012, Server 2012 R2 and 10 and is prone to an remote code execution vulnerability. A flaw is present in the specially crafted embedded fonts, which fails to properly hand ... oval:org.secpod.oval:def:37936 The host is installed with Microsoft Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8.1, Server 2012, Server 2012 R2 and 10 and is prone to an information disclosure vulnerability. A flaw is present in the ATMFD component, which fails to properly handle objects in mem ... oval:org.secpod.oval:def:37935 The host is missing an important security update according to Microsoft security bulletin, MS16-132. The update is required to fix multiple vulnerabilities. The flaws are present in the Microsoft Graphics component, which fails to properly handle a specially crafted object in memory. An attacker who ... oval:org.secpod.oval:def:37934 The host is missing a critical security update according to Microsoft security bulletin, MS16-130. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to properly handle specially crafted application. Successful exploitation could allow attac ... oval:org.secpod.oval:def:37933 The host is installed with Microsoft Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8.1, 10, Server 2012 or Server 2012 R2 and is prone to a remote code execution vulnerability. A flaw is present in the Windows image file loading functionality, which improperly handle ... oval:org.secpod.oval:def:37931 The host is installed with Microsoft Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8.1, 10, Server 2012 or Server 2012 R2 and is prone to an elevation of privilege vulnerability. A flaw is present in the Windows IME, which improperly handles DLL loading. Successful e ... oval:org.secpod.oval:def:39377 A remote code execution vulnerability exists due to the way Windows Uniscribe handles objects in memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts ... oval:org.secpod.oval:def:39378 The host is missing a critical security update according to Microsoft security bulletin, MS17-011. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to execute arbitrary ... oval:org.secpod.oval:def:39364 An elevation of privilege vulnerability exists when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or ... oval:org.secpod.oval:def:39365 The host is missing an important security update according to Microsoft security bulletin, MS17-018. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted application. Successful exploitation could allow attackers to take comp ... oval:org.secpod.oval:def:39356 An elevation of privilege vulnerability exists in the way that the Windows Kernel API enforces permissions. An attacker who successfully exploited the vulnerability could run processes in an elevated context. To exploit the vulnerability, a locally authenticated attacker could run a specially crafte ... oval:org.secpod.oval:def:39357 An elevation of privilege vulnerability exists when Windows fails to check the length of a buffer prior to copying memory to it. An attacker who successfully exploited the vulnerability could gain elevated privileges on a targeted system. To exploit the vulnerability, an attacker would first need ac ... oval:org.secpod.oval:def:39358 The host is missing an important security update according to Microsoft security bulletin, MS17-017. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted application. Successful exploitation could allow attackers to escalate ... oval:org.secpod.oval:def:39399 An information disclosure vulnerability exists when Windows Uniscribe improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit the vulne ... oval:org.secpod.oval:def:39398 An information disclosure vulnerability exists when Windows Uniscribe improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user's system. There are multiple ways an attacker could exploit the vuln ... oval:org.secpod.oval:def:39322 The host is missing an important security update according to Microsoft security bulletin, MS17-021. The update is required to fix an information disclosure vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to discl ... oval:org.secpod.oval:def:39321 An information disclosure vulnerability exists in the way Windows DirectShow handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise a target system.In a web-based attack scenario, an attacker could host a website used to att ... oval:org.secpod.oval:def:39312 Remote code execution vulnerabilities exist in the way that the Microsoft Server Message Block 1.0 (SMBv1) server handles certain requests. An attacker who successfully exploited the vulnerabilities could gain the ability to execute code on the target server.To exploit the vulnerability, in most sit ... oval:org.secpod.oval:def:39313 Remote code execution vulnerabilities exist in the way that the Microsoft Server Message Block 1.0 (SMBv1) server handles certain requests. An attacker who successfully exploited the vulnerabilities could gain the ability to execute code on the target server.To exploit the vulnerability, in most sit ... oval:org.secpod.oval:def:39314 Remote code execution vulnerabilities exist in the way that the Microsoft Server Message Block 1.0 (SMBv1) server handles certain requests. An attacker who successfully exploited the vulnerabilities could gain the ability to execute code on the target server.To exploit the vulnerability, in most sit ... oval:org.secpod.oval:def:39315 Remote code execution vulnerabilities exist in the way that the Microsoft Server Message Block 1.0 (SMBv1) server handles certain requests. An attacker who successfully exploited the vulnerabilities could gain the ability to execute code on the target server.To exploit the vulnerability, in most sit ... oval:org.secpod.oval:def:39316 An information disclosure vulnerability exists in the way that the Microsoft Server Message Block 1.0 (SMBv1) server handles certain requests. An attacker who successfully exploited this vulnerability could craft a special packet, which could lead to information disclosure from the server. To exploi ... oval:org.secpod.oval:def:39317 Remote code execution vulnerabilities exist in the way that the Microsoft Server Message Block 1.0 (SMBv1) server handles certain requests. An attacker who successfully exploited the vulnerabilities could gain the ability to execute code on the target server.To exploit the vulnerability, in most sit ... oval:org.secpod.oval:def:39318 The host is missing a critical security update according to Microsoft security bulletin, MS17-010. The update is required to fix multiple vulnerabilities. The flaws are present in the applications, which fails to handle crafted data. Successful exploitation could allow attackers to gain the ability ... oval:org.secpod.oval:def:39306 An elevation of privilege vulnerability exists when Microsoft IIS Server fails to properly sanitize a specially crafted request. An attacker who successfully exploited this vulnerability could then perform cross-site scripting attacks on affected systems and run script in the security context of the ... oval:org.secpod.oval:def:39307 The host is missing an important security update according to Microsoft security bulletin, MS17-016. The update is required to fix an XSS elevation of privilege vulnerability. The flaws are present in the application, which fails to handle crafted data. Successful exploitation could allow attackers ... oval:org.secpod.oval:def:40443 An information disclosure vulnerability exists in the way that the Microsoft Server Message Block 1.0 (SMBv1) server handles certain requests. An attacker who successfully exploited this vulnerability could craft a special packet, which could lead to information disclosure from the server. To exploi ... oval:org.secpod.oval:def:40444 An information disclosure vulnerability exists in the way that the Microsoft Server Message Block 1.0 (SMBv1) server handles certain requests. An attacker who successfully exploited this vulnerability could craft a special packet, which could lead to information disclosure from the server. To exploi ... oval:org.secpod.oval:def:40442 An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delet ... oval:org.secpod.oval:def:40447 An information disclosure vulnerability exists in the way that the Microsoft Server Message Block 1.0 (SMBv1) server handles certain requests. An attacker who successfully exploited this vulnerability could craft a special packet, which could lead to information disclosure from the server. To exploi ... oval:org.secpod.oval:def:40448 A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 1.0 (SMBv1) server handles certain requests. An attacker who successfully exploited the vulnerability could gain the ability to execute code on the target server.To exploit the vulnerability, in most situ ... oval:org.secpod.oval:def:40445 A denial of service vulnerability exists in the Microsoft Server Block Message (SMB) when an attacker sends specially crafted requests to the server. An attacker who exploited this vulnerability could cause the affected system to stop responding until it is manually restarted. To attempt to exploit ... oval:org.secpod.oval:def:40446 An information disclosure vulnerability exists in the way that the Microsoft Server Message Block 1.0 (SMBv1) server handles certain requests. An attacker who successfully exploited this vulnerability could craft a special packet, which could lead to information disclosure from the server. To exploi ... oval:org.secpod.oval:def:40449 A denial of service vulnerability exists in the Microsoft Server Block Message (SMB) when an attacker sends specially crafted requests to the server. An attacker who exploited this vulnerability could cause the affected system to stop responding until it is manually restarted. To attempt to exploit ... oval:org.secpod.oval:def:40450 An information disclosure vulnerability exists in the way that the Microsoft Server Message Block 1.0 (SMBv1) server handles certain requests. An attacker who successfully exploited this vulnerability could craft a special packet, which could lead to information disclosure from the server. To exploi ... oval:org.secpod.oval:def:40451 An information disclosure vulnerability exists in the way that the Microsoft Server Message Block 1.0 (SMBv1) server handles certain requests. An attacker who successfully exploited this vulnerability could craft a special packet, which could lead to information disclosure from the server. To exploi ... oval:org.secpod.oval:def:40454 A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 1.0 (SMBv1) server handles certain requests. An attacker who successfully exploited the vulnerability could gain the ability to execute code on the target server.To exploit the vulnerability, in most situ ... oval:org.secpod.oval:def:40455 A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 1.0 (SMBv1) server handles certain requests. An attacker who successfully exploited the vulnerability could gain the ability to execute code on the target server.To exploit the vulnerability, in most situ ... oval:org.secpod.oval:def:40452 An information disclosure vulnerability exists in the way that the Microsoft Server Message Block 1.0 (SMBv1) server handles certain requests. An attacker who successfully exploited this vulnerability could craft a special packet, which could lead to information disclosure from the server. To exploi ... oval:org.secpod.oval:def:40453 A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 1.0 (SMBv1) server handles certain requests. An attacker who successfully exploited the vulnerability could gain the ability to execute code on the target server.To exploit the vulnerability, in most situ ... oval:org.secpod.oval:def:40456 A denial of service vulnerability exists in the Microsoft Server Block Message (SMB) when an attacker sends specially crafted requests to the server. An attacker who exploited this vulnerability could cause the affected system to stop responding until it is manually restarted. To attempt to exploit ... oval:org.secpod.oval:def:40471 The host is installed with .NET Framework 2.0 SP2, 3.5.1, 4.5.2, 4.6, 4.7, 4.6.1 or 4.6.2 and is prone to a security feature bypass vulnerability. A flaw is present in the application, which fails to properly validate certificates. Successful exploitation allows attackers to present a certificate th ... oval:org.secpod.oval:def:40883 An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory.To exploit this vulnerability, an authenticated attacker could run a specially crafted application. An attacker who successfully exploited this vulnerability could obtain information to fu ... oval:org.secpod.oval:def:40884 An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory.To exploit this vulnerability, an authenticated attacker could run a specially crafted application. An attacker who successfully exploited this vulnerability could obtain information to fu ... oval:org.secpod.oval:def:40881 An information disclosure vulnerability exists when the Windows kernel fails to properly initialize a memory address, allowing an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (KASLR) bypass.An attacker who successfully exploited this vulnerability c ... oval:org.secpod.oval:def:40887 An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory.To exploit this vulnerability, an authenticated attacker could run a specially crafted application. An attacker who successfully exploited this vulnerability could obtain information to fu ... oval:org.secpod.oval:def:40888 An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory.To exploit this vulnerability, an authenticated attacker could run a specially crafted application. An attacker who successfully exploited this vulnerability could obtain information to fu ... oval:org.secpod.oval:def:40885 An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory.To exploit this vulnerability, an authenticated attacker could run a specially crafted application. An attacker who successfully exploited this vulnerability could obtain information to fu ... oval:org.secpod.oval:def:40886 An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory.To exploit this vulnerability, an authenticated attacker could run a specially crafted application. An attacker who successfully exploited this vulnerability could obtain information to fu ... oval:org.secpod.oval:def:40889 An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory.To exploit this vulnerability, an authenticated attacker could run a specially crafted application. An attacker who successfully exploited this vulnerability could obtain information to fu ... oval:org.secpod.oval:def:40890 An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory.To exploit this vulnerability, an authenticated attacker could run a specially crafted application. An attacker who successfully exploited this vulnerability could obtain information to fu ... oval:org.secpod.oval:def:40891 An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory.To exploit this vulnerability, an authenticated attacker could run a specially crafted application. An attacker who successfully exploited this vulnerability could obtain information to fu ... oval:org.secpod.oval:def:40892 An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory.To exploit this vulnerability, an authenticated attacker could run a specially crafted application. An attacker who successfully exploited this vulnerability could obtain information to fu ... oval:org.secpod.oval:def:40429 An elevation of privilege vulnerability exists when the Windows improperly handles objects in memory. In a local attack scenario, an attacker could exploit this vulnerability by running a specially crafted application to take control over the affected system. An attacker who successfully exploited t ... oval:org.secpod.oval:def:40432 An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory, allowing an attacker to retrieve information from a targeted system. By itself, the information disclosure does not allow arbitrary code execution; however, it could ... oval:org.secpod.oval:def:40434 An elevation of privilege exists in Windows COM Aggregate Marshaler. An attacker who successfully exploited the vulnerability could run arbitrary code with elevated privileges.To exploit the vulnerability, an attacker could run a specially crafted application that could exploit the vulnerability. Th ... oval:org.secpod.oval:def:40435 An elevation of privilege vulnerability exists when Windows fails to properly validate input before loading type libraries. An attacker could use this vulnerability to elevate their privilege level. To exploit this vulnerability an attacker would first need to have access to the local system and hav ... oval:org.secpod.oval:def:40439 An elevation of privilege vulnerability exists when Windows improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context. On systems with Windows 7 for x64-based Systems or later installed, this vulnerability can lead to d ... oval:org.secpod.oval:def:40440 An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory.An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system.An authenticated attacker could exploit this vulnerability by runn ... oval:org.secpod.oval:def:39421 The host is missing a critical security update according to Microsoft security bulletin, MS17-012. The update is required to fix a remote code execution vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to execute a ... oval:org.secpod.oval:def:40879 An information disclosure vulnerability exists when the Windows kernel fails to properly initialize a memory address, allowing an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (KASLR) bypass.An attacker who successfully exploited this vulnerability c ... oval:org.secpod.oval:def:40880 An information disclosure vulnerability exists when the Windows kernel fails to properly initialize a memory address, allowing an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (KASLR) bypass.An attacker who successfully exploited this vulnerability c ... oval:org.secpod.oval:def:40900 An elevation of privilege vulnerability exists when tdx.sys fails to check the length of a buffer prior to copying memory to it.To exploit the vulnerability, in a local attack scenario, an attacker could run a specially crafted application to elevate the attacker's privilege level. An attacker who s ... oval:org.secpod.oval:def:39780 A remote code execution vulnerability exists in the way that the VBScript engine, when rendered in Internet Explorer, handles objects in memory. In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit this vulnerability through Internet Explorer ... oval:org.secpod.oval:def:39781 A Win32k information disclosure vulnerability exists when the win32k component improperly provides kernel information. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system.To exploit this vulnerability, an attacker would have to log ... oval:org.secpod.oval:def:39841 An information disclosure vulnerability exists in Adobe Type Manager Font Driver (ATMFD.dll) when it fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system.There are multiple ways an attacke ... oval:org.secpod.oval:def:39838 An elevation of privilege vulnerability exists when LDAP request buffer lengths are improperly calculated; In a remote attack scenario, an attacker could exploit this vulnerability by running a specially crafted application to send malicious traffic to a Domain Controller. An attacker who successful ... oval:org.secpod.oval:def:40925 A remote code execution vulnerability exists when Microsoft Windows fails to properly handle cabinet files.To exploit the vulnerability, an attacker would have to convince a user to either open a specially crafted cabinet file or spoof a network printer and trick a user into installing a malicious c ... oval:org.secpod.oval:def:40958 An information disclosure vulnerability exists when Windows Uniscribe improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit the vulne ... oval:org.secpod.oval:def:40904 A remote code execution vulnerability exists in Microsoft Windows that could allow remote code execution if a .LNK file is processed.An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rig ... oval:org.secpod.oval:def:40908 An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory.To exploit this vulnerability, an authenticated attacker could run a specially crafted application. An attacker who successfully exploited this vulnerability could obtain information to fu ... oval:org.secpod.oval:def:40909 An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory.To exploit this vulnerability, an authenticated attacker could run a specially crafted application. An attacker who successfully exploited this vulnerability could obtain information to fu ... oval:org.secpod.oval:def:40913 An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory.To exploit this vulnerability, an authenticated attacker could run a specially crafted application. An attacker who successfully exploited this vulnerability could obtain information to fu ... oval:org.secpod.oval:def:40914 An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory.To exploit this vulnerability, an authenticated attacker could run a specially crafted application. An attacker who successfully exploited this vulnerability could obtain information to fu ... oval:org.secpod.oval:def:40911 An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory.To exploit this vulnerability, an authenticated attacker could run a specially crafted application. An attacker who successfully exploited this vulnerability could obtain information to fu ... oval:org.secpod.oval:def:40915 An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory.To exploit this vulnerability, an authenticated attacker could run a specially crafted application. An attacker who successfully exploited this vulnerability could obtain information to fu ... oval:org.secpod.oval:def:40916 An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory.To exploit this vulnerability, an authenticated attacker could run a specially crafted application. An attacker who successfully exploited this vulnerability could obtain information to fu ... oval:org.secpod.oval:def:40960 An information disclosure vulnerability exists when Windows Uniscribe improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit the vulne ... oval:org.secpod.oval:def:40961 An information disclosure vulnerability exists when Windows Uniscribe improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit the vulne ... oval:org.secpod.oval:def:40964 An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system.There are multiple ways an attacker could exploit th ... oval:org.secpod.oval:def:40962 An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system.There are multiple ways an attacker could exploit th ... oval:org.secpod.oval:def:40963 An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system.There are multiple ways an attacker could exploit th ... oval:org.secpod.oval:def:40968 An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system.There are multiple ways an attacker could exploit th ... oval:org.secpod.oval:def:40969 An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system.There are multiple ways an attacker could exploit th ... oval:org.secpod.oval:def:40967 An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system.There are multiple ways an attacker could exploit th ... oval:org.secpod.oval:def:41198 An elevation of privilege vulnerability exists in Windows when the Microsoft Graphics Component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or del ... oval:org.secpod.oval:def:41199 An information disclosure vulnerability exists in Microsoft Windows when Win32k fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system.To exploit the vulnerability, an attacker could create ... oval:org.secpod.oval:def:41165 An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. An authenticated attacker could exploit this vulnerability by runnin ... oval:org.secpod.oval:def:41213 An Information Disclosure vulnerability exists when the HTTP.sys server application component improperly handles objects in memory.An attacker who successfully exploited this vulnerability could obtain information to further compromise the HTTP.sys server application system.A remote unauthenticated ... oval:org.secpod.oval:def:41211 An elevation of privilege vulnerability exists in Windows when the Microsoft Graphics Component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or del ... oval:org.secpod.oval:def:41212 An elevation of privilege vulnerability exists when Windows improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context.To exploit the vulnerability, an attacker would have to either log on locally to an affected system, ... oval:org.secpod.oval:def:41217 A remote code execution vulnerability exists when Windows Search handles objects in memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full use ... oval:org.secpod.oval:def:41218 An elevation of privilege vulnerability exists when the Windows Common Log File System (CLFS) driver improperly handles objects in memory.In a local attack scenario, an attacker could exploit this vulnerability by running a specially crafted application to take control of the affected system. An att ... oval:org.secpod.oval:def:41216 A remote code execution vulnerability exists in the way that Microsoft WordPad parses specially crafted files.Exploitation of this vulnerability requires that a user open a specially crafted file with an affected version of Microsoft WordPad. In an email attack scenario, an attacker could exploit th ... oval:org.secpod.oval:def:41200 A security feature bypass vulnerability exists in Microsoft Windows when Kerberos fails to prevent tampering with the SNAME field during ticket exchange. An attacker who successfully exploited this vulnerability could use it to bypass Extended Protection for Authentication.To exploit this vulnerabil ... oval:org.secpod.oval:def:41201 An elevation of privilege vulnerability exists in Windows when the Microsoft Graphics Component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or del ... oval:org.secpod.oval:def:41207 An elevation of privilege vulnerability exists in Windows when the Microsoft Graphics Component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or del ... oval:org.secpod.oval:def:41204 An elevation of privilege vulnerability exists in Microsoft Windows when Kerberos falls back to NT LAN Manager (NTLM) Authentication Protocol as the default authentication protocol.In a remote attack scenario, an attacker could exploit this vulnerability by running a specially crafted application to ... oval:org.secpod.oval:def:41205 An information disclosure vulnerability exists when the Windows kernel fails to properly initialize a memory address, allowing an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (KASLR) bypass.An attacker who successfully exploited this vulnerability c ... oval:org.secpod.oval:def:41209 An elevation of privilege vulnerability exists in Windows when the Microsoft Graphics Component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or del ... oval:org.secpod.oval:def:41210 An elevation of privilege vulnerability exists in Windows when the Microsoft Graphics Component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or del ... oval:org.secpod.oval:def:41640 A denial of service vulnerability exists when Microsoft Windows improperly handles NetBIOS packets.An attacker who successfully exploited this vulnerability could cause a target computer to become completely unresponsive.A remote unauthenticated attacker could exploit this vulnerability by sending a ... oval:org.secpod.oval:def:41641 A buffer overflow vulnerability exists in the Microsoft JET Database Engine that could allow remote code execution on an affected system.An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, ... oval:org.secpod.oval:def:41267 An elevation of privilege vulnerability exists in Windows when the Microsoft Graphics Component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or del ... oval:org.secpod.oval:def:41276 A remote code execution vulnerability exists when Windows Explorer improperly handles executable files and shares during rename operations. An attacker who successfully exploited this vulnerability could run arbitrary code in the context of another user. Users not running as administrators would be ... oval:org.secpod.oval:def:41279 An information disclosure vulnerability exists in the Windows Performance Monitor Console when it improperly parses XML input containing a reference to an external entity. An attacker who successfully exploited this vulnerability could read arbitrary files via an XML external entity (XXE)declaration ... oval:org.secpod.oval:def:41277 An information disclosure vulnerability exists in the Windows System Information Console when it improperly parses XML input containing a reference to an external entity. An attacker who successfully exploited this vulnerability could read arbitrary files via an XML external entity (XXE)declaration. ... oval:org.secpod.oval:def:42319 A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploited the vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; o ... oval:org.secpod.oval:def:42321 An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. To exploit this vulnerability, an attacker would have to log on to a ... oval:org.secpod.oval:def:42320 A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploited the vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; o ... oval:org.secpod.oval:def:42323 A remote code execution vulnerability exists when Windows Search handles objects in memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full use ... oval:org.secpod.oval:def:42327 A denial of service vulnerability exists in the Microsoft Server Block Message (SMB) when an attacker sends specially crafted requests to the server. An attacker who exploited this vulnerability could cause the affected system to crash. To attempt to exploit this issue, an attacker would need to sen ... oval:org.secpod.oval:def:42326 A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 1.0 (SMBv1) server handles certain requests. An attacker who successfully exploited the vulnerability could gain the ability to execute code on the target server. To exploit the vulnerability, in most sit ... oval:org.secpod.oval:def:42332 An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. To exploit this vulnerability, an attacker would have to log on to a ... oval:org.secpod.oval:def:42331 An information disclosure vulnerability exists in the Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (ASLR) bypass. An attacker who successfully exploited the vulnerability could retrieve the memory address of a kern ... oval:org.secpod.oval:def:42335 An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory. To exploit this vulnerability, an authenticated attacker could run a specially crafted application. An attacker who successfully exploited this vulnerability could obtain information to f ... oval:org.secpod.oval:def:42334 An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory, allowing an attacker to retrieve information from a targeted system. By itself, the information disclosure does not allow arbitrary code execution; however, it could ... oval:org.secpod.oval:def:42333 An information disclosure vulnerability exists in the way that the Windows SMB Server handles certain requests. An authenticated attacker who successfully exploited this vulnerability could craft a special packet, which could lead to information disclosure from the server. To exploit the vulnerabili ... oval:org.secpod.oval:def:42339 An elevation of privilege vulnerability exists when the Windows Graphics Component improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context. In a local attack scenario, an attacker could exploit this vulnerability by r ... oval:org.secpod.oval:def:42343 An elevation of privilege vulnerability exists when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or ... oval:org.secpod.oval:def:42341 An elevation of privilege vulnerability exists when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or ... oval:org.secpod.oval:def:42717 A denial of service vulnerability exists when Windows Search improperly handles objects in memory. An attacker who successfully exploited the vulnerability could cause a remote denial of service against a system. To exploit the vulnerability, the attacker could send specially crafted messages to th ... oval:org.secpod.oval:def:42719 An information disclosure vulnerability exists when the Windows kernel fails to properly initialize a memory address. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. To exploit this vulnerability, an attacker would have to l ... oval:org.secpod.oval:def:42724 An information disclosure vulnerability exists when the Windows kernel fails to properly initialize a memory address. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. To exploit this vulnerability, an attacker would have to l ... oval:org.secpod.oval:def:42723 An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new a ... oval:org.secpod.oval:def:42729 An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory. To exploit this vulnerability, an authenticated attacker could run a specially crafted application. An attacker who successfully exploited this vulnerability could obtain information to ... oval:org.secpod.oval:def:42728 An information disclosure vulnerability exists when the Windows kernel fails to properly initialize a memory address. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. To exploit this vulnerability, an attacker would have to l ... oval:org.secpod.oval:def:42726 A Win32k information disclosure vulnerability exists when the Windows GDI component improperly discloses kernel memory addresses. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. To exploit this vulnerability, an attacker woul ... oval:org.secpod.oval:def:42347 A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory via the Microsoft Windows Text Services Framework. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attac ... oval:org.secpod.oval:def:42346 A buffer overflow vulnerability exists in the Microsoft JET Database Engine that could allow remote code execution on an affected system. An attacker who successfully exploited this vulnerability could take control of an affected system. An attacker could then install programs; view, change, or dele ... oval:org.secpod.oval:def:42345 A buffer overflow vulnerability exists in the Microsoft JET Database Engine that could allow remote code execution on an affected system. An attacker who successfully exploited this vulnerability could take control of an affected system. An attacker could then install programs; view, change, or dele ... oval:org.secpod.oval:def:41999 An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. To exploit this vulnerability, an attacker would have to log on to ... oval:org.secpod.oval:def:41997 An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delet ... oval:org.secpod.oval:def:41996 A spoofing vulnerability exists in Microsoft's implementation of the Bluetooth stack. An attacker who successfully exploited this vulnerability could perform a man-in-the-middle attack and force a user's computer to unknowingly route traffic through the attacker's computer. The attacker can then mon ... oval:org.secpod.oval:def:42081 A remote code execution vulnerability exists when Microsoft .NET Framework processes untrusted input. An attacker who successfully exploited this vulnerability in software using the .NET framework could take control of an affected system. An attacker could then install programs; view, change, or del ... oval:org.secpod.oval:def:42058 A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; ... oval:org.secpod.oval:def:42002 A information disclosure vulnerability exists when the Windows GDI+ component improperly discloses kernel memory addresses. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. To exploit this vulnerability, an attacker would have ... oval:org.secpod.oval:def:42000 An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. To exploit this vulnerability, an attacker would have to log on to ... oval:org.secpod.oval:def:42003 An information disclosure vulnerability exists when the Microsoft Windows Graphics Component improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. To exploit this vulnerability, an attacker wou ... oval:org.secpod.oval:def:42008 An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface+ (GDI+) handles objects in memory, allowing an attacker to retrieve information from a targeted system. By itself, the information disclosure does not allow arbitrary code execution; however, it cou ... oval:org.secpod.oval:def:42007 An Information disclosure vulnerability exists in Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (KASLR) bypass. An attacker who successfully exploited this vulnerability could retrieve the memory address of a kernel ... oval:org.secpod.oval:def:42010 A remote code execution vulnerability exists when Windows Shell does not properly validate file copy destinations. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, ... oval:org.secpod.oval:def:42016 An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. To exploit this vulnerability, an attacker would have to log on to ... oval:org.secpod.oval:def:42015 An information disclosure vulnerability exists when the Windows kernel fails to properly initialize a memory address, allowing an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (KASLR) bypass. An attacker who successfully exploited this vulnerability ... oval:org.secpod.oval:def:42024 An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or ... oval:org.secpod.oval:def:42023 An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. To exploit this vulnerability, an attacker would have to log on to ... oval:org.secpod.oval:def:41652 An information disclosure vulnerability exists when the win32k component improperly provides kernel information. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system.To exploit this vulnerability, an attacker would have to log on to ... oval:org.secpod.oval:def:41644 An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or ... oval:org.secpod.oval:def:41645 A remote code execution vulnerability exists when Windows Search handles objects in memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full use ... oval:org.secpod.oval:def:41648 An elevation of privilege vulnerability exists when the Windows Common Log File System (CLFS) driver improperly handles objects in memory.In a local attack scenario, an attacker could exploit this vulnerability by running a specially crafted application to take control of the affected system. An att ... oval:org.secpod.oval:def:41650 This security update resolves a vulnerability in Windows Error Reporting (WER). The vulnerability could allow elevation of privilege if successfully exploited by an attacker. An attacker who successfully exploited this vulnerability could gain greater access to sensitive information and system funct ... oval:org.secpod.oval:def:43168 An information disclosure vulnerability exists when the Windows its:// protocol handler unnecessarily sends traffic to a remote site in order to determine the zone of a provided URL. This could potentially result in the disclosure of sensitive information to a malicious site. To exploit the vulnera ... oval:org.secpod.oval:def:43166 A remote code execution vulnerability exists in RPC if the server has Routing and Remote Access enabled. An attacker who successfully exploited this vulnerability could execute code on the target system. An attacker could then install programs; view, change, or delete data; or create new accounts wi ... oval:org.secpod.oval:def:44969 A denial of service vulnerability exists in the way that Windows SNMP Service handles malformed SNMP traps. An attacker who successfully exploited the vulnerability could cause a target system to stop responding. Note that the denial of service condition would not allow an attacker to execute code ... oval:org.secpod.oval:def:44979 An information disclosure vulnerability exists in the Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (ASLR) bypass. An attacker who successfully exploited the vulnerability could retrieve the memory address of a kern ... oval:org.secpod.oval:def:44980 An information disclosure vulnerability exists in the Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (ASLR) bypass. An attacker who successfully exploited the vulnerability could retrieve the memory address of a kern ... oval:org.secpod.oval:def:44981 An information disclosure vulnerability exists in the Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (ASLR) bypass. An attacker who successfully exploited the vulnerability could retrieve the memory address of a kern ... oval:org.secpod.oval:def:44605 An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory. To exploit this vulnerability, an authenticated attacker could run a specially crafted application. An attacker who successfully exploited this vulnerability could obtain information to ... oval:org.secpod.oval:def:44606 An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory. To exploit this vulnerability, an authenticated attacker could run a specially crafted application. An attacker who successfully exploited this vulnerability could obtain information to ... oval:org.secpod.oval:def:44607 An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory. To exploit this vulnerability, an authenticated attacker could run a specially crafted application. An attacker who successfully exploited this vulnerability could obtain information to ... oval:org.secpod.oval:def:44609 An elevation of privilege vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete da ... oval:org.secpod.oval:def:44616 A remote code execution vulnerability exists when Windows Shell does not properly validate file copy destinations. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, ... oval:org.secpod.oval:def:44610 An elevation of privilege vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete da ... oval:org.secpod.oval:def:44611 An elevation of privilege vulnerability exists in the Windows Installer when the Windows Installer fails to properly sanitize input leading to an insecure library loading behavior. A locally authenticated attacker could run arbitrary code with elevated system privileges. An attacker could then inst ... oval:org.secpod.oval:def:44625 An information disclosure vulnerability exists in the Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (ASLR) bypass. An attacker who successfully exploited the vulnerability could retrieve the memory address of a kern ... oval:org.secpod.oval:def:44626 An information disclosure vulnerability exists in the Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (ASLR) bypass. An attacker who successfully exploited the vulnerability could retrieve the memory address of a kern ... oval:org.secpod.oval:def:44627 An information disclosure vulnerability exists in the Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (ASLR) bypass. An attacker who successfully exploited the vulnerability could retrieve the memory address of a kern ... oval:org.secpod.oval:def:44628 An information disclosure vulnerability exists in the Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (ASLR) bypass. An attacker who successfully exploited the vulnerability could retrieve the memory address of a kern ... oval:org.secpod.oval:def:44621 An information disclosure vulnerability exists in the Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (ASLR) bypass. An attacker who successfully exploited the vulnerability could retrieve the memory address of a kern ... oval:org.secpod.oval:def:44622 An information disclosure vulnerability exists in the Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (ASLR) bypass. An attacker who successfully exploited the vulnerability could retrieve the memory address of a kern ... oval:org.secpod.oval:def:44623 An information disclosure vulnerability exists in the Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (ASLR) bypass. An attacker who successfully exploited the vulnerability could retrieve the memory address of a kern ... oval:org.secpod.oval:def:44624 An information disclosure vulnerability exists in the Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (ASLR) bypass. An attacker who successfully exploited the vulnerability could retrieve the memory address of a kern ... oval:org.secpod.oval:def:44630 An information disclosure vulnerability exists in the Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (ASLR) bypass. An attacker who successfully exploited the vulnerability could retrieve the memory address of a kern ... oval:org.secpod.oval:def:43873 An information disclosure vulnerability exists when VBScript improperly discloses the contents of its memory, which could provide an attacker with information to further compromise the users computer or data. To exploit the vulnerability, an attacker must know the memory address of where the object ... oval:org.secpod.oval:def:43406 An elevation of privilege vulnerability exists in the Microsoft Server Message Block (SMB) Server when an attacker with valid credentials attempts to open a specially crafted file over the SMB protocol on the same machine. An attacker who successfully exploited this vulnerability could bypass certai ... oval:org.secpod.oval:def:43405 An elevation of privilege vulnerability exists in the way that the Windows Kernel API enforces permissions. An attacker who successfully exploited the vulnerability could impersonate processes, interject cross-process communication, or interrupt system functionality. To exploit the vulnerability, a ... oval:org.secpod.oval:def:43404 An information disclosure vulnerability exists in the Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (ASLR) bypass. An attacker who successfully exploited the vulnerability could retrieve the memory address of a kern ... oval:org.secpod.oval:def:43411 An information disclosure vulnerability exists in Windows Adobe Type Manager Font Driver (ATMFD.dll) when it fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could potentially read data that was not intended to be disclosed. Note that this vulner ... oval:org.secpod.oval:def:43848 An elevation of privilege vulnerability exists in the way that the Windows Kernel handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. To exploit the vulnerability, a locally authenticated attacker could run a specially cr ... oval:org.secpod.oval:def:43851 An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. To exploit this vulnerability, an attacker would have to log on to ... oval:org.secpod.oval:def:43856 An elevation of privilege vulnerability exists in the way that the Windows Kernel handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. To exploit the vulnerability, a locally authenticated attacker could run a specially cr ... oval:org.secpod.oval:def:43860 A remote code execution vulnerability exists in StructuredQuery when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative us ... oval:org.secpod.oval:def:43865 An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. To exploit this vulnerability, an attacker would have to log on to ... oval:org.secpod.oval:def:43864 An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. To exploit this vulnerability, an attacker would have to log on to ... oval:org.secpod.oval:def:43869 An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new a ... oval:org.secpod.oval:def:43872 An elevation of privilege vulnerability exists when the Windows Common Log File System (CLFS) driver improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context. To exploit the vulnerability, an attacker would first have ... oval:org.secpod.oval:def:43871 An elevation of privilege vulnerability exists when the Windows Common Log File System (CLFS) driver improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context. To exploit the vulnerability, an attacker would first have ... oval:org.secpod.oval:def:43459 A Denial of Service vulnerability exists when .NET, and .NET core, improperly process XML documents. An attacker who successfully exploited this vulnerability could cause a denial of service against a .NET application. A remote unauthenticated attacker could exploit this vulnerability by issuing spe ... oval:org.secpod.oval:def:43461 A security feature bypass vulnerability exists when Microsoft .NET Framework (and .NET Core) components do not completely validate certificates. An attacker could present a certificate that is marked invalid for a specific use, but the component uses it for that purpose. This action disregards the E ... oval:org.secpod.oval:def:45382 An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or ... oval:org.secpod.oval:def:45387 A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability ... oval:org.secpod.oval:def:45384 An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or ... oval:org.secpod.oval:def:45385 An elevation of privilege vulnerability exists when the Windows Common Log File System (CLFS) driver improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context. To exploit the vulnerability, an attacker would first have ... oval:org.secpod.oval:def:45368 A remote code execution vulnerability exists in Microsoft COM for Windows when it fails to properly handle serialized objects. An attacker who successfully exploited the vulnerability could use a specially crafted file or script to perform actions. In an email attack scenario, an attacker could exp ... oval:org.secpod.oval:def:45379 A remote code execution vulnerability exists in the way that Windows handles objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary code with elevated permissions on a target system. To exploit the vulnerability, an attacker who has a domain user account ... oval:org.secpod.oval:def:45374 An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or ... oval:org.secpod.oval:def:44982 An information disclosure vulnerability exists in the Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (ASLR) bypass. An attacker who successfully exploited the vulnerability could retrieve the memory address of a kern ... oval:org.secpod.oval:def:44983 An information disclosure vulnerability exists in the Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (ASLR) bypass. An attacker who successfully exploited the vulnerability could retrieve the memory address of a kern ... oval:org.secpod.oval:def:44984 An information disclosure vulnerability exists in the Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (ASLR) bypass. An attacker who successfully exploited the vulnerability could retrieve the memory address of a kern ... oval:org.secpod.oval:def:44985 An information disclosure vulnerability exists in the Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (ASLR) bypass. An attacker who successfully exploited the vulnerability could retrieve the memory address of a kern ... oval:org.secpod.oval:def:44986 A denial of service vulnerability exists in Remote Desktop Protocol (RDP) when an attacker connects to the target system using RDP and sends specially crafted requests. An attacker who successfully exploited this vulnerability could cause the RDP service on the target system to stop responding. To e ... oval:org.secpod.oval:def:44991 A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploited the vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; o ... oval:org.secpod.oval:def:44992 A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploited the vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; o ... oval:org.secpod.oval:def:44993 A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploited the vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; o ... oval:org.secpod.oval:def:44994 A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploited the vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; o ... oval:org.secpod.oval:def:44995 A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploited the vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; o ... oval:org.secpod.oval:def:44996 A denial of service vulnerability exists in the way that Windows handles objects in memory. An attacker who successfully exploited the vulnerability could cause a target system to stop responding. Note that the denial of service condition would not allow an attacker to execute code or to elevate use ... oval:org.secpod.oval:def:46367 A denial of service vulnerability exists in Windows Domain Name System (DNS) DNSAPI.dll when it fails to properly handle DNS responses. An attacker who successfully exploited the vulnerability could cause a system to stop responding. Note that the denial of service condition would not allow an attac ... oval:org.secpod.oval:def:46366 An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delet ... oval:org.secpod.oval:def:46369 An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new a ... oval:org.secpod.oval:def:46368 A security feature bypass vulnerability exists when Microsoft WordPad improperly handles embedded OLE objects. An attacker who successfully exploited the vulnerability could bypass content blocking. In a file-sharing attack scenario, an attacker could provide a specially crafted document file desig ... oval:org.secpod.oval:def:46364 A denial of service vulnerability exists when Windows improperly handles File Transfer Protocol (FTP) connections. An attacker who successfully exploited the vulnerability could cause a target system to stop responding. To exploit the vulnerability, an unauthenticated attacker could send specially ... oval:org.secpod.oval:def:46370 A denial of service vulnerability exists when Windows improperly handles objects in memory. An attacker who successfully exploited the vulnerability could cause a target system to stop responding. To exploit this vulnerability, an attacker would have to log on to an affected system and run a specia ... oval:org.secpod.oval:def:46373 An elevation of privilege vulnerability exists in .NET Framework which could allow an attacker to elevate their privilege level. To exploit the vulnerability, an attacker would first have to access the local machine, and then run a malicious program. The update addresses the vulnerability by correct ... oval:org.secpod.oval:def:46375 A remote code execution vulnerability exists when the Microsoft .NET Framework fails to validate input properly. An attacker who successfully exploited this vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new ac ... oval:org.secpod.oval:def:45407 A security feature bypass vulnerability exists in .Net Framework which could allow an attacker to bypass Device Guard. An attacker who successfully exploited this vulnerability could circumvent a User Mode Code Integrity (UMCI) policy on the machine. To exploit the vulnerability, an attacker would f ... oval:org.secpod.oval:def:45408 A denial of service vulnerability exists when .NET and .NET Core improperly process XML documents. An attacker who successfully exploited this vulnerability could cause a denial of service against a .NET application. A remote unauthenticated attacker could exploit this vulnerability by issuing speci ... oval:org.secpod.oval:def:46006 A denial of service vulnerability exists in the way that the Windows Code Integrity Module performs hashing. An attacker who successfully exploited the vulnerability could cause a system to stop responding. Note that the denial of service condition would not allow an attacker to execute code or to ... oval:org.secpod.oval:def:46005 An elevation of privilege vulnerability exists when NTFS improperly checks access. An attacker who successfully exploited this vulnerability could run processes in an elevated context. To exploit the vulnerability, an attacker would first have to log on to the system, and then run a specially craft ... oval:org.secpod.oval:def:46009 An elevation of privilege vulnerability exists when the (Human Interface Device) HID Parser Library driver improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context. To exploit the vulnerability, an attacker would firs ... oval:org.secpod.oval:def:46013 An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. To exploit this vulnerability, an attacker would have to log on to ... oval:org.secpod.oval:def:46028 A remote code execution vulnerability exists in Windows Domain Name System (DNS) DNSAPI.dll when it fails to properly handle DNS responses. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the Local System Account. To exploit the vulnerability, the ... oval:org.secpod.oval:def:47128 An elevation of privilege vulnerability exists in the Windows Installer when the Windows Installer fails to properly sanitize input leading to an insecure library loading behavior. A locally authenticated attacker could run arbitrary code with elevated system privileges. An attacker could then inst ... oval:org.secpod.oval:def:47127 A remote code execution vulnerability exists in "Microsoft COM for Windows" when it fails to properly handle serialized objects. An attacker who successfully exploited the vulnerability could use a specially crafted file or script to perform actions. In an email attack scenario, an attack ... oval:org.secpod.oval:def:47129 A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploited the vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; o ... oval:org.secpod.oval:def:47130 A remote code execution vulnerability exists in Microsoft Windows that could allow remote code execution if a .LNK file is processed. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user r ... oval:org.secpod.oval:def:47136 An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit ... oval:org.secpod.oval:def:47133 An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit ... oval:org.secpod.oval:def:47132 An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. To exploit this vulnerability, an attacker would have to log on to ... oval:org.secpod.oval:def:47153 An information disclosure vulnerability exists in Microsoft .NET Framework that could allow an attacker to access information in multi-tenant environments. The vulnerability is caused when .NET Framework is used in high-load/high-density network connections where content from one stream can blend in ... oval:org.secpod.oval:def:49095 An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory. To exploit this vulnerability, an authenticated attacker could run a specially crafted application. An attacker who successfully exploited this vulnerability could obtain information to ... oval:org.secpod.oval:def:47438 A buffer overflow vulnerability exists in the Microsoft JET Database Engine that could allow remote code execution on an affected system. An attacker who successfully exploited this vulnerability could take control of an affected system. An attacker could then install programs; view, change, or dele ... oval:org.secpod.oval:def:47437 A buffer overflow vulnerability exists in the Microsoft JET Database Engine that could allow remote code execution on an affected system. An attacker who successfully exploited this vulnerability could take control of an affected system. An attacker could then install programs; view, change, or dele ... oval:org.secpod.oval:def:47444 An information disclosure vulnerability exists when the Windows Graphics component improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. An authenticated attacker could exploit this vulnerabili ... oval:org.secpod.oval:def:47441 A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input. An attacker who successfully exploited the vulnerability could run malicious code remotely to take control of the users system. To exploit the vulnerability, an attacker could host a ... oval:org.secpod.oval:def:47440 An information disclosure vulnerability exists when the Windows kernel fails to properly initialize a memory address. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. To exploit this vulnerability, an attacker would have to lo ... oval:org.secpod.oval:def:47443 An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit t ... oval:org.secpod.oval:def:47457 An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. To exploit this vulnerability, an attacker would have to log on to a ... oval:org.secpod.oval:def:47451 An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (ALPC). An attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the local system. An attacker could then install programs; view, ... oval:org.secpod.oval:def:47454 An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. An authenticated attacker could exploit this vulnerability by runnin ... oval:org.secpod.oval:def:47453 An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. An authenticated attacker could exploit this vulnerability by runnin ... oval:org.secpod.oval:def:47461 An elevation of privilege vulnerability exists when Windows, allowing a sandbox escape. An attacker who successfully exploited the vulnerability could use the sandbox escape to elevate privileges on an affected system. This vulnerability by itself does not allow arbitrary code execution. However, th ... oval:org.secpod.oval:def:47463 A remote code execution vulnerability exists when Microsoft .NET Framework processes untrusted input. An attacker who successfully exploited this vulnerability in software using the .NET framework could take control of an affected system. An attacker could then install programs; view, change, or del ... oval:org.secpod.oval:def:47462 A remote code execution vulnerability exists when Windows does not properly handle specially crafted image files. An attacker who successfully exploited the vulnerability could execute arbitrary code. To exploit the vulnerability, an attacker would have to convince a user to download an image file. ... oval:org.secpod.oval:def:47433 A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; ... oval:org.secpod.oval:def:47432 An information disclosure vulnerability exists in Windows when the Windows bowser.sys kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could potentially disclose contents of System memory. To exploit this vulnerability, an attack ... oval:org.secpod.oval:def:49106 A remote code execution vulnerability exists in the way that Microsoft Graphics Components handle objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary code on a target system. To exploit the vulnerability, a user would have to open a specially crafted ... oval:org.secpod.oval:def:49111 An information disclosure vulnerability exists when the win32k component improperly provides kernel information. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. To exploit this vulnerability, an attacker would have to log on ... oval:org.secpod.oval:def:50728 An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or ... oval:org.secpod.oval:def:57887 A memory corruption vulnerability exists in the Windows DHCP client when an attacker sends specially crafted DHCP responses to a client. An attacker who successfully exploited the vulnerability could run arbitrary code on the client machine.To exploit the vulnerability, an attacker could send specia ... oval:org.secpod.oval:def:59668 An elevation of privilege vulnerability exists when the Windows Graphics Component improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context.In a local attack scenario, an attacker could exploit this vulnerability by ru ... oval:org.secpod.oval:def:59867 An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or ... oval:org.secpod.oval:def:47904 An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or ... oval:org.secpod.oval:def:47903 A remote code execution vulnerability exists in the Microsoft JET Database Engine. An attacker who successfully exploited this vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. ... oval:org.secpod.oval:def:47905 An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory, allowing an attacker to retrieve information from a targeted system. By itself, the information disclosure does not allow arbitrary code execution; however, it could ... oval:org.secpod.oval:def:47900 An Elevation of Privilege vulnerability exists in Filter Manager when it improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute elevated code and take control of an affected system. An attacker could then install programs; view, change, or delet ... oval:org.secpod.oval:def:47901 An elevation of privilege vulnerability exists when NTFS improperly checks access. An attacker who successfully exploited this vulnerability could run processes in an elevated context. To exploit the vulnerability, an attacker would first have to log on to the system, and then run a specially craft ... oval:org.secpod.oval:def:47909 An information disclosure vulnerability exists when DirectX improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. An authenticated attacker could exploit this vulnerability by running a specia ... oval:org.secpod.oval:def:49693 An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit t ... oval:org.secpod.oval:def:49694 An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit t ... oval:org.secpod.oval:def:49691 An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. To exploit this vulnerability, an attacker would have to log on to a ... oval:org.secpod.oval:def:49692 An information disclosure vulnerability exists when Remote Procedure Call runtime improperly initializes objects in memory. To exploit this vulnerability, an authenticated attacker could run a specially crafted application. An attacker who successfully exploited this vulnerability could obtain infor ... oval:org.secpod.oval:def:49696 An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new a ... oval:org.secpod.oval:def:49705 An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delet ... oval:org.secpod.oval:def:49704 An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or ... oval:org.secpod.oval:def:49716 A denial of service vulnerability exists when .NET Framework improperly handles special web requests. An attacker who successfully exploited this vulnerability could cause a denial of service against an .NET Framework web application. The vulnerability can be exploited remotely, without authenticati ... oval:org.secpod.oval:def:49717 A remote code execution vulnerability exists when the Microsoft .NET Framework fails to validate input properly. An attacker who successfully exploited this vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new ac ... oval:org.secpod.oval:def:47914 A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input. An attacker who successfully exploited the vulnerability could run malicious code remotely to take control of the users system. To exploit the vulnerability, an attacker could host a ... oval:org.secpod.oval:def:47927 A remote code execution vulnerability exists in the way that Microsoft Graphics Components handle objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary code on a target system. To exploit the vulnerability, a user would have to open a specially crafted f ... oval:org.secpod.oval:def:44619 A remote code execution vulnerability exists in the Credential Security Support Provider protocol (CredSSP). An attacker who successfully exploited this vulnerability could relay user credentials and use them to execute code on the target system. CredSSP is an authentication provider which processe ... oval:org.secpod.oval:def:50070 An information disclosure vulnerability exists in .NET Framework and .NET Core which allows bypassing Cross-origin Resource Sharing (CORS) configurations. An attacker who successfully exploited the vulnerability could retrieve content, that is normally restricted, from a web application. oval:org.secpod.oval:def:50071 An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. To exploit this vulnerability, an attacker would have to log on to a ... oval:org.secpod.oval:def:50072 A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open ... oval:org.secpod.oval:def:50073 An elevation of privilege vulnerability exists when Windows improperly handles authentication requests. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could exploit this vulnerability by running a specially crafted application on the ... oval:org.secpod.oval:def:49092 A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability ... oval:org.secpod.oval:def:49094 An information disclosure vulnerability exists when Kernel Remote Procedure Call Provider driver improperly initializes objects in memory. To exploit this vulnerability, an authenticated attacker could run a specially crafted application. An attacker who successfully exploited this vulnerability co ... oval:org.secpod.oval:def:49105 An elevation of privilege exists in Windows COM Aggregate Marshaler. An attacker who successfully exploited the vulnerability could run arbitrary code with elevated privileges. To exploit the vulnerability, an attacker could run a specially crafted application that could exploit the vulnerability. ... oval:org.secpod.oval:def:49109 An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or ... oval:org.secpod.oval:def:47897 A security feature bypass vulnerability exists in DNS Global Blocklist feature. An attacker who successfully exploited this vulnerability could redirect traffic to malicious DNS endpoints. The update addresses the vulnerability by updating DNS Server Role record additions to not bypass the Global ... oval:org.secpod.oval:def:47899 An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. To exploit this vulnerability, an attacker would have to log on to ... oval:org.secpod.oval:def:50720 An information disclosure vulnerability exists when the Human Interface Devices (HID) component improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the victims system. To exploit the vulnerability, an attacker ... oval:org.secpod.oval:def:50721 An information disclosure vulnerability exists when the Human Interface Devices (HID) component improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the victims system. To exploit the vulnerability, an attacker ... oval:org.secpod.oval:def:50722 An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit t ... oval:org.secpod.oval:def:50723 An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit t ... oval:org.secpod.oval:def:50724 An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit t ... oval:org.secpod.oval:def:50725 A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delet ... oval:org.secpod.oval:def:50726 An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit t ... oval:org.secpod.oval:def:50727 An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. To exploit this vulnerability, an attacker would have to log on to a ... oval:org.secpod.oval:def:50729 A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open ... oval:org.secpod.oval:def:50731 An information disclosure vulnerability exists when the win32k component improperly provides kernel information. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. To exploit this vulnerability, an attacker would have to log on t ... oval:org.secpod.oval:def:50734 An information vulnerability exists when Windows improperly discloses file information. Successful exploitation of the vulnerability could allow the attacker to read the contents of files on disk. To exploit the vulnerability, an attacker would have to log onto an affected system and run a specially ... oval:org.secpod.oval:def:50738 An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit t ... oval:org.secpod.oval:def:50740 A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delet ... oval:org.secpod.oval:def:50709 A remote code execution vulnerability exists in .NET Framework and Visual Studio software when the software fails to check the source markup of a file. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged ... oval:org.secpod.oval:def:50710 A vulnerability exists in certain .Net Framework API's and Visual Studio in the way they parse URL's. An attacker who successfully exploited this vulnerability could use it to bypass security logic intended to ensure that a user-provided URL belonged to a specific hostname or a subdomain of that hos ... oval:org.secpod.oval:def:50711 A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 2.0 (SMBv2) server handles certain requests. An attacker who successfully exploited the vulnerability could gain the ability to execute code on the target server. To exploit the vulnerability, in most sit ... oval:org.secpod.oval:def:50713 A memory corruption vulnerability exists in the Windows Server DHCP service when an attacker sends specially crafted packets to a DHCP server. An attacker who successfully exploited the vulnerability could run arbitrary code on the DHCP server. To exploit the vulnerability, an attacker could send a ... oval:org.secpod.oval:def:50715 A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open ... oval:org.secpod.oval:def:50716 A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open ... oval:org.secpod.oval:def:50717 A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open ... oval:org.secpod.oval:def:50718 A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open ... oval:org.secpod.oval:def:50719 A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open ... oval:org.secpod.oval:def:50075 An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. To exploit this vulnerability, an attacker would have to log on to a ... oval:org.secpod.oval:def:50080 An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. To exploit this vulnerability, an attacker would have to log on to a ... oval:org.secpod.oval:def:50082 An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. An authenticated attacker could exploit this vulnerability by runnin ... oval:org.secpod.oval:def:51374 An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit ... oval:org.secpod.oval:def:51373 A remote code execution vulnerability exists in the way that Windows Deployment Services TFTP Server handles objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary code with elevated permissions on a target system. To exploit the vulnerability, an attac ... oval:org.secpod.oval:def:50090 A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open ... oval:org.secpod.oval:def:50091 A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open ... oval:org.secpod.oval:def:50092 A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open ... oval:org.secpod.oval:def:50093 A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open ... oval:org.secpod.oval:def:50094 A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open ... oval:org.secpod.oval:def:50095 A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open ... oval:org.secpod.oval:def:50096 A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open ... oval:org.secpod.oval:def:50097 A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open ... oval:org.secpod.oval:def:50088 A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open ... oval:org.secpod.oval:def:50089 A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open ... oval:org.secpod.oval:def:51375 A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to ope ... oval:org.secpod.oval:def:51377 An elevation of privilege vulnerability exists in Active Directory Forest trusts due to a default setting that lets an attacker in the trusting forest request delegation of a TGT for an identity from the trusted forest. To exploit this vulnerability, an attacker would first need to compromise an Act ... oval:org.secpod.oval:def:51379 A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system. An attacker who successfully exploited the vulnerability could cause the host server to crash. To exploit the vulnerab ... oval:org.secpod.oval:def:51390 An information disclosure vulnerability exists in the way that the Windows SMB Server handles certain requests. An authenticated attacker who successfully exploited this vulnerability could craft a special packet, which could lead to information disclosure from the server. To exploit the vulnerabil ... oval:org.secpod.oval:def:51392 A denial of service vulnerability exists when Windows improperly handles objects in memory. An attacker who successfully exploited the vulnerability could cause a target system to stop responding. To exploit this vulnerability, an attacker would have to log on to an affected system and run a specia ... oval:org.secpod.oval:def:51394 A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input. An attacker who successfully exploited the vulnerability could run malicious code remotely to take control of the users system. To exploit the vulnerability, an attacker could host a ... oval:org.secpod.oval:def:51393 An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. To exploit this vulnerability, an attacker would have to log on to ... oval:org.secpod.oval:def:51396 A remote code execution vulnerability exists in the way that comctl32.dll handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could g ... oval:org.secpod.oval:def:51395 An information disclosure vulnerability exists when the Windows Print Spooler does not properly handle objects in memory. An attacker who successfully exploited this vulnerability could use the information to further exploit the victim system. To exploit this vulnerability, an attacker would have t ... oval:org.secpod.oval:def:51389 An information disclosure vulnerability exists in the way that the Windows SMB Server handles certain requests. An authenticated attacker who successfully exploited this vulnerability could craft a special packet, which could lead to information disclosure from the server. To exploit the vulnerabil ... oval:org.secpod.oval:def:51388 An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. To exploit this vulnerability, an attacker would have to log on to ... oval:org.secpod.oval:def:51398 An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory. To exploit this vulnerability, an authenticated attacker could run a specially crafted application. An attacker who successfully exploited this vulnerability could obtain information to ... oval:org.secpod.oval:def:51399 A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability ... oval:org.secpod.oval:def:51400 An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit ... oval:org.secpod.oval:def:51401 An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. To exploit this vulnerability, an attacker would have to log on to ... oval:org.secpod.oval:def:51404 A remote code execution vulnerability exists in the way that the ActiveX Data objects (ADO) handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vul ... oval:org.secpod.oval:def:51403 An information disclosure vulnerability exists when the Windows kernel fails to properly initialize a memory address. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. To exploit this vulnerability, an attacker would have to l ... oval:org.secpod.oval:def:51407 An information disclosure vulnerability exists in the way that the Windows SMB Server handles certain requests. An authenticated attacker who successfully exploited this vulnerability could craft a special packet, which could lead to information disclosure from the server. To exploit the vulnerabil ... oval:org.secpod.oval:def:54171 An elevation of privilege vulnerability exists when Windows improperly handles calls to the LUAFV driver (luafv.sys). An attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the local system. An attacker could then install programs; view, change, ... oval:org.secpod.oval:def:54174 An information disclosure vulnerability exists when the Terminal Services component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise a users system.To exploit this vulnerability, an attacker would ... oval:org.secpod.oval:def:54173 An information disclosure vulnerability exists when Windows Task Scheduler improperly discloses credentials to Windows Credential Manager. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. An attacker could then install programs ... oval:org.secpod.oval:def:54178 An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system.To exploit this vulnerability, an attacker would have to log on to an ... oval:org.secpod.oval:def:54179 A remote code execution vulnerability exists when the IOleCvt interface renders ASP webpage content. An attacker who successfully exploited the vulnerability could run malicious code remotely to take control of the users system.In a web-based attack scenario, an attacker could host a specially craft ... oval:org.secpod.oval:def:54177 A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability ... oval:org.secpod.oval:def:54169 An elevation of privilege vulnerability exists when Windows improperly handles calls to the LUAFV driver (luafv.sys). An attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the local system. An attacker could then install programs; view, change, ... oval:org.secpod.oval:def:54181 A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system.An attacker could exploit this vulnerability by enticing a victim to open ... oval:org.secpod.oval:def:54182 An information disclosure vulnerability exists when the win32k component improperly provides kernel information. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system.To exploit this vulnerability, an attacker would have to log on to ... oval:org.secpod.oval:def:54180 A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system.An attacker could exploit this vulnerability by enticing a victim to open ... oval:org.secpod.oval:def:54185 A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delet ... oval:org.secpod.oval:def:54186 A remote code execution vulnerability exists when Windows improperly handles objects in memory. An attacker who successfully exploited the vulnerability could take control of an affected system.To exploit the vulnerability, an authenticated attacker could connect via the Windows Remote Registry Serv ... oval:org.secpod.oval:def:54183 An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system.There are multiple ways an attacker could exploit th ... oval:org.secpod.oval:def:54184 A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system.An attacker could exploit this vulnerability by enticing a victim to open ... oval:org.secpod.oval:def:54187 An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or ... oval:org.secpod.oval:def:54188 A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system.An attacker could exploit this vulnerability by enticing a victim to open ... oval:org.secpod.oval:def:54156 An elevation of privilege vulnerability exists when Windows improperly handles calls to the LUAFV driver (luafv.sys). An attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the local system. An attacker could then install programs; view, change, ... oval:org.secpod.oval:def:54157 A security feature bypass vulnerability exists in Windows which could allow an attacker to bypass Device Guard when Windows improperly handles calls to the LUAFV driver (luafv.sys). An attacker who successfully exploited this vulnerability could circumvent a User Mode Code Integrity (UMCI) policy on ... oval:org.secpod.oval:def:54155 An elevation of privilege vulnerability exists when Windows improperly handles calls to the LUAFV driver (luafv.sys). An attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the local system. An attacker could then install programs; view, change, ... oval:org.secpod.oval:def:54163 A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input. An attacker who successfully exploited the vulnerability could run malicious code remotely to take control of the users system.To exploit the vulnerability, an attacker could host a s ... oval:org.secpod.oval:def:54164 A remote code execution vulnerability exists when OLE automation improperly handles objects in memory. An attacker who successfully exploited the vulnerability could gain execution on the victim system.To exploit the vulnerability, an attacker could host a specially crafted website designed to invok ... oval:org.secpod.oval:def:54161 A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input. An attacker who successfully exploited the vulnerability could run malicious code remotely to take control of the users system.To exploit the vulnerability, an attacker could host a s ... oval:org.secpod.oval:def:54162 A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input. An attacker who successfully exploited the vulnerability could run malicious code remotely to take control of the users system.To exploit the vulnerability, an attacker could host a s ... oval:org.secpod.oval:def:54167 An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system.There are multiple ways an attacker could exploit th ... oval:org.secpod.oval:def:54168 An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or ... oval:org.secpod.oval:def:54165 A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input. An attacker who successfully exploited the vulnerability could run malicious code remotely to take control of the users system.To exploit the vulnerability, an attacker could host a s ... oval:org.secpod.oval:def:54166 An elevation of privilege vulnerability exists when Windows improperly handles calls to the LUAFV driver (luafv.sys). An attacker who successfully exploited this vulnerability could set the short name of a file with a long name to an arbitrary short name, overriding the file system with limited priv ... oval:org.secpod.oval:def:54158 An elevation of privilege vulnerability exists when the Windows Client Server Run-Time Subsystem (CSRSS) fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code. An attacker could then install programs; view, change, or delete da ... oval:org.secpod.oval:def:54721 A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system.An attacker could exploit this vulnerability by enticing a victim to open ... oval:org.secpod.oval:def:54722 A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system.An attacker could exploit this vulnerability by enticing a victim to open ... oval:org.secpod.oval:def:54720 A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system.An attacker could exploit this vulnerability by enticing a victim to open ... oval:org.secpod.oval:def:54725 A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system.An attacker could exploit this vulnerability by enticing a victim to open ... oval:org.secpod.oval:def:54726 A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system.An attacker could exploit this vulnerability by enticing a victim to open ... oval:org.secpod.oval:def:54723 A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system.An attacker could exploit this vulnerability by enticing a victim to open ... oval:org.secpod.oval:def:54724 A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system.An attacker could exploit this vulnerability by enticing a victim to open ... oval:org.secpod.oval:def:54727 A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system.An attacker could exploit this vulnerability by enticing a victim to open ... oval:org.secpod.oval:def:54728 A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delet ... oval:org.secpod.oval:def:54732 An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system.There are multiple ways an attacker could exploit th ... oval:org.secpod.oval:def:54730 An elevation of privilege vulnerability exists in Microsoft Windows when Windows fails to properly handle certain symbolic links. An attacker who successfully exploited this vulnerability could potentially set certain items to run at a higher level and thereby elevate permissions.To exploit this vul ... oval:org.secpod.oval:def:54707 An elevation of privilege vulnerability exists in Microsoft Windows when a man-in-the-middle attacker is able to successfully decode and replace authentication request using Kerberos, allowing an attacker to be validated as an Administrator.The update addresses this vulnerability by changing how the ... oval:org.secpod.oval:def:54708 An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system.There are multiple ways an attacker could exploit th ... oval:org.secpod.oval:def:54710 An elevation of privilege vulnerability exists when the Windows Kernel improperly handles key enumeration. An attacker who successfully exploited the vulnerability could gain elevated privileges on a targeted system.A locally authenticated attacker could exploit this vulnerability by running a spec ... oval:org.secpod.oval:def:54711 An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system.There are multiple ways an attacker could exploit th ... oval:org.secpod.oval:def:54714 A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system.An attacker could exploit this vulnerability by enticing a victim to open ... oval:org.secpod.oval:def:54715 A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system.An attacker could exploit this vulnerability by enticing a victim to open ... oval:org.secpod.oval:def:54712 A remote code execution vulnerability exists when Microsoft Windows OLE fails to properly validate user input. An attacker could exploit the vulnerability to execute malicious code.To exploit the vulnerability, an attacker would have to convince a user to open a specially crafted file or a program, ... oval:org.secpod.oval:def:54718 A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system.An attacker could exploit this vulnerability by enticing a victim to open ... oval:org.secpod.oval:def:54719 A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system.An attacker could exploit this vulnerability by enticing a victim to open ... oval:org.secpod.oval:def:54716 A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system.An attacker could exploit this vulnerability by enticing a victim to open ... oval:org.secpod.oval:def:55380 A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system.An attacker could exploit this vulnerability by enticing a victim to open ... oval:org.secpod.oval:def:55381 A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system.An attacker could exploit this vulnerability by enticing a victim to open ... oval:org.secpod.oval:def:55382 A denial of service exists in Microsoft IIS Server when the optional request filtering feature improperly handles requests. An attacker who successfully exploited this vulnerability could perform a temporary denial of service against pages configured to use request filtering.To exploit this vulnerab ... oval:org.secpod.oval:def:55379 A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system.An attacker could exploit this vulnerability by enticing a victim to open ... oval:org.secpod.oval:def:55367 An elevation of privilege vulnerability exists in the Windows Installer when the Windows Installer fails to properly sanitize input leading to an insecure library loading behavior.A locally authenticated attacker could run arbitrary code with elevated system privileges. An attacker could then instal ... oval:org.secpod.oval:def:55373 A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system. To exploit the vulnerability, an attacker could run a specially crafted application on a guest operating system that could cause ... oval:org.secpod.oval:def:55374 A remote code execution vulnerability exists in the way that ActiveX Data Objects (ADO) handle objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary code with the victim users privileges.An attacker could craft a website that exploits the vulnerability a ... oval:org.secpod.oval:def:55372 A denial of service vulnerability exists when Microsoft Hyper-V on a host server fails to properly validate input from a privileged user on a guest operating system. To exploit the vulnerability, an attacker who already has a privileged account on a guest operating system, running as a virtual machi ... oval:org.secpod.oval:def:55377 A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system.An attacker could exploit this vulnerability by enticing a victim to open ... oval:org.secpod.oval:def:55378 A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system.An attacker could exploit this vulnerability by enticing a victim to open ... oval:org.secpod.oval:def:55375 A remote code execution vulnerability exists in the way that comctl32.dll handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could g ... oval:org.secpod.oval:def:55376 A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system.An attacker could exploit this vulnerability by enticing a victim to open ... oval:org.secpod.oval:def:54189 A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system.An attacker could exploit this vulnerability by enticing a victim to open ... oval:org.secpod.oval:def:57280 An information disclosure vulnerability exists when DirectWrite improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system.There are multiple ways an attacker could exploit the vulnerabilit ... oval:org.secpod.oval:def:57284 An information disclosure vulnerability exists when DirectWrite improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system.There are multiple ways an attacker could exploit the vulnerabilit ... oval:org.secpod.oval:def:57283 An information disclosure vulnerability exists when the win32k component improperly provides kernel information. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system.To exploit this vulnerability, an attacker would have to log on to ... oval:org.secpod.oval:def:57282 An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system.There are multiple ways an attacker could exploit th ... oval:org.secpod.oval:def:57281 An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system.There are multiple ways an attacker could exploit th ... oval:org.secpod.oval:def:57289 A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delet ... oval:org.secpod.oval:def:57290 An information disclosure vulnerability exists when the Windows RDP client improperly discloses the contents of its memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system.To exploit this vulnerability, an attacker would have ... oval:org.secpod.oval:def:57307 A remote code execution vulnerability exists in .NET software when the software fails to check the source markup of a file. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user ... oval:org.secpod.oval:def:57306 A denial of service vulnerability exists when Microsoft Common Object Runtime Library improperly handles web requests. An attacker who successfully exploited this vulnerability could cause a denial of service against a .NET web application. A remote unauthenticated attacker could exploit this vulner ... oval:org.secpod.oval:def:57872 An elevation of privilege exists in the p2pimsvc service where an attacker who successfully exploited the vulnerability could run arbitrary code with elevated privileges. To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially craft ... oval:org.secpod.oval:def:55384 An information disclosure vulnerability exists in the Windows Event Viewer (eventvwr.msc) when it improperly parses XML input containing a reference to an external entity. An attacker who successfully exploited this vulnerability could read arbitrary files via an XML external entity (XXE) declaratio ... oval:org.secpod.oval:def:55388 This security update corrects a denial of service in the Local Security Authority Subsystem Service (LSASS) caused when an authenticated attacker sends a specially crafted authentication request. A remote attacker who successfully exploited this vulnerability could cause a denial of service on the t ... oval:org.secpod.oval:def:55389 A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system.An attacker could exploit this vulnerability by enticing a victim to open ... oval:org.secpod.oval:def:55392 An elevation of privilege vulnerability exists when the Windows Common Log File System (CLFS) driver improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context.To exploit the vulnerability, an attacker would first have t ... oval:org.secpod.oval:def:55394 An elevation of privilege vulnerability exists when the Windows User Profile Service (ProfSvc) improperly handles symlinks. An attacker who successfully exploited this vulnerability could delete files and folders in an elevated context.To exploit this vulnerability, an attacker would first have to l ... oval:org.secpod.oval:def:55398 An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system.There are multiple ways an attacker could exploit th ... oval:org.secpod.oval:def:55400 An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system.There are multiple ways an attacker could exploit th ... oval:org.secpod.oval:def:55410 A denial of service vulnerability exists when Windows improperly handles objects in memory. An attacker who successfully exploited the vulnerability could cause a target system to stop responding.To exploit this vulnerability, an attacker would have to log on to an affected system and run a speciall ... oval:org.secpod.oval:def:55402 An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or ... oval:org.secpod.oval:def:55407 A security feature bypass vulnerability exists where a NETLOGON message is able to obtain the session key and sign messages.To exploit this vulnerability, an attacker could send a specially crafted authentication request. An attacker who successfully exploited this vulnerability could access another ... oval:org.secpod.oval:def:55405 An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or ... oval:org.secpod.oval:def:57262 An elevation of privilege exists in Windows Audio Service. An attacker who successfully exploited the vulnerability could run arbitrary code with elevated privileges.To exploit the vulnerability, an attacker could run a specially crafted application that could exploit the vulnerability. This vulnera ... oval:org.secpod.oval:def:57266 A remote code execution vulnerability exists in Remote Desktop Services formerly known as Terminal Services when an authenticated attacker abuses clipboard redirection. An attacker who successfully exploited this vulnerability could execute arbitrary code on the victim system. An attacker could th ... oval:org.secpod.oval:def:57273 An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system.To exploit this vulnerability, an attacker would have to log on to an ... oval:org.secpod.oval:def:57272 An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system.An authenticated attacker could exploit this vulnerability by running ... oval:org.secpod.oval:def:57277 An elevation of privilege vulnerability exists in rpcss.dll when the RPC service Activation Kernel improperly handles an RPC request.To exploit this vulnerability, a low level authenticated attacker could run a specially crafted application.The security update addresses this vulnerability by correct ... oval:org.secpod.oval:def:57276 An elevation of privilege vulnerability exists in the way that the wlansvc.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.To exploit the vulnerability, a locally authenticated attacker could run a specially crafted ... oval:org.secpod.oval:def:55414 An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory.To exploit this vulnerability, an authenticated attacker could run a specially crafted application. An attacker who successfully exploited this vulnerability could obtain information to fu ... oval:org.secpod.oval:def:55415 A tampering vulnerability exists in Microsoft Windows when a man-in-the-middle attacker is able to successfully bypass the NTLM MIC (Message Integrity Check) protection. An attacker who successfully exploited this vulnerability could gain the ability to downgrade NTLM security features.To exploit th ... oval:org.secpod.oval:def:55419 An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system.There are multiple ways an attacker could exploit th ... oval:org.secpod.oval:def:55424 An elevation of privilege vulnerability exists when the Windows Shell fails to validate folder shortcuts. An attacker who successfully exploited the vulnerability could elevate privileges by escaping a sandbox.To exploit this vulnerability, an attacker would require unprivileged execution on the vic ... oval:org.secpod.oval:def:57882 A denial of service vulnerability exists when Windows improperly handles objects in memory. An attacker who successfully exploited the vulnerability could cause a target system to stop responding.To exploit this vulnerability, an attacker would have to log on to an affected system and run a speciall ... oval:org.secpod.oval:def:57881 A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system. An attacker who successfully exploited the vulnerability could cause the host server to crash.To exploit the vulnerabil ... oval:org.secpod.oval:def:57880 A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system. An attacker who successfully exploited the vulnerability could cause the host server to crash.To exploit the vulnerabil ... oval:org.secpod.oval:def:57885 A remote code execution vulnerability exists when Windows Hyper-V Network Switch on a host server fails to properly validate input from an authenticated user on a guest operating system. To exploit the vulnerability, an attacker could run a specially crafted application on a guest operating system t ... oval:org.secpod.oval:def:57877 A denial of service vulnerability exists when the XmlLite runtime (XmlLite.dll) improperly parses XML input. An attacker who successfully exploited this vulnerability could cause a denial of service against an XML application. A remote unauthenticated attacker could exploit this vulnerability by iss ... oval:org.secpod.oval:def:57893 A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploited the vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; o ... oval:org.secpod.oval:def:57892 An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise a users system.There are multiple ways an attacker could exploit the ... oval:org.secpod.oval:def:57890 An information disclosure vulnerability exists when the Windows Graphics component improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system.An authenticated attacker could exploit this vulnerabilit ... oval:org.secpod.oval:def:57897 An information disclosure vulnerability exists when the Microsoft Windows Graphics Component improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system.To exploit this vulnerability, an attacker would ... oval:org.secpod.oval:def:57896 A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system.An attacker could exploit this vulnerability by enticing a victim to open ... oval:org.secpod.oval:def:57895 A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system.An attacker could exploit this vulnerability by enticing a victim to open ... oval:org.secpod.oval:def:57894 A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploited the vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; o ... oval:org.secpod.oval:def:57889 A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input. An attacker who successfully exploited the vulnerability could run malicious code remotely to take control of the users system.To exploit the vulnerability, an attacker could host a s ... oval:org.secpod.oval:def:57899 A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploited the vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; o ... oval:org.secpod.oval:def:57898 A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploited the vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; o ... oval:org.secpod.oval:def:57918 An elevation of privilege vulnerability exists in the way that the ssdpsrv.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.To exploit the vulnerability, a locally authenticated attacker could run a specially crafted ... oval:org.secpod.oval:def:57917 An elevation of privilege vulnerability exists in the way that the rpcss.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.To exploit the vulnerability, a locally authenticated attacker could run a specially crafted a ... oval:org.secpod.oval:def:57930 A memory corruption vulnerability exists in the Windows Server DHCP service when processing specially crafted packets. An attacker who successfully exploited the vulnerability could cause the DHCP server service to stop responding.To exploit the vulnerability, a remote unauthenticated attacker could ... oval:org.secpod.oval:def:57901 A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploited the vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; o ... oval:org.secpod.oval:def:57900 A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploited the vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; o ... oval:org.secpod.oval:def:57905 A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system.An attacker could exploit this vulnerability by enticing a victim to open ... oval:org.secpod.oval:def:57904 A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system.An attacker could exploit this vulnerability by enticing a victim to open ... oval:org.secpod.oval:def:57902 An information disclosure vulnerability exists when the Microsoft Windows Graphics Component improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system.To exploit this vulnerability, an attacker would ... oval:org.secpod.oval:def:57909 An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new a ... oval:org.secpod.oval:def:57908 An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (ALPC).An attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the local system. An attacker could then install programs; view, ... oval:org.secpod.oval:def:57907 An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new a ... oval:org.secpod.oval:def:57906 An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise a users system.There are multiple ways an attacker could exploit the ... oval:org.secpod.oval:def:58451 An elevation of privilege vulnerability exists in Windows Text Service Framework (TSF) when the TSF server process does not validate the source of input or commands it receives. An attacker who successfully exploited this vulnerability could inject commands or read input sent through a malicious Inp ... oval:org.secpod.oval:def:58454 An elevation of privilege exists in hdAudio.sys which may lead to an out of band write. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could then install programs; view, change or delete data. To exploit this vulnerability, an attack ... oval:org.secpod.oval:def:58466 An elevation of privilege vulnerability exists in the way that ws2ifsl.sys (Winsock) handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated privileges.To exploit the vulnerability, a locally authenticated attacker could run a specially cr ... oval:org.secpod.oval:def:58468 An information disclosure vulnerability exists when the Windows Transaction Manager improperly handles objects in memory. An attacker who successfully exploited this vulnerability could potentially read data that was not intended to be disclosed.To exploit the vulnerability, an attacker would first ... oval:org.secpod.oval:def:58469 A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system.An attacker could exploit this vulnerability by enticing a victim to open ... oval:org.secpod.oval:def:58465 An elevation of privilege vulnerability exists when the Windows Common Log File System (CLFS) driver improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context.To exploit the vulnerability, an attacker would first have t ... oval:org.secpod.oval:def:58470 A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system.An attacker could exploit this vulnerability by enticing a victim to open ... oval:org.secpod.oval:def:58430 A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open ... oval:org.secpod.oval:def:58053 A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open ... oval:org.secpod.oval:def:58471 A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system.An attacker could exploit this vulnerability by enticing a victim to open ... oval:org.secpod.oval:def:58472 A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system.An attacker could exploit this vulnerability by enticing a victim to open ... oval:org.secpod.oval:def:58477 A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system.An attacker could exploit this vulnerability by enticing a victim to open ... oval:org.secpod.oval:def:58478 A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system.An attacker could exploit this vulnerability by enticing a victim to open ... oval:org.secpod.oval:def:58473 An information disclosure vulnerability exists when DirectWrite improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system.There are multiple ways an attacker could exploit the vulnerabilit ... oval:org.secpod.oval:def:58474 An information disclosure vulnerability exists when DirectWrite improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system.There are multiple ways an attacker could exploit the vulnerabilit ... oval:org.secpod.oval:def:58475 A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system.An attacker could exploit this vulnerability by enticing a victim to open ... oval:org.secpod.oval:def:58476 A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system.An attacker could exploit this vulnerability by enticing a victim to open ... oval:org.secpod.oval:def:58480 An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system.There are multiple ways an attacker could exploit th ... oval:org.secpod.oval:def:58483 An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or ... oval:org.secpod.oval:def:58488 An information disclosure vulnerability exists when the Windows kernel fails to properly initialize a memory address. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system.To exploit this vulnerability, an attacker would have to log ... oval:org.secpod.oval:def:58484 An elevation of privilege exists when Winlogon does not properly handle file path information. An attacker who successfully exploited this vulnerability could run arbitrary code. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.To ex ... oval:org.secpod.oval:def:58491 A remote code execution vulnerability exists in Microsoft Windows that could allow remote code execution if a .LNK file is processed.An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rig ... oval:org.secpod.oval:def:58492 An information disclosure exists in the Windows Common Log File System (CLFS) driver when it fails to properly handle sandbox checks. An attacker who successfully exploited this vulnerability could potentially read data outside their expected limits.To exploit the vulnerability, an attacker would fi ... oval:org.secpod.oval:def:58495 An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or ... oval:org.secpod.oval:def:58496 An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system.There are multiple ways an attacker could exploit th ... oval:org.secpod.oval:def:58498 A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server. An attacker who successfully exploited this vulnerability could execute arbitrary code on the computer of the connecting client. An attacker could then install programs; view ... oval:org.secpod.oval:def:58930 An elevation of privilege vulnerability exists in Windows Error Reporting (WER) when WER handles and executes files. The vulnerability could allow elevation of privilege if an attacker can successfully exploit it.An attacker who successfully exploited the vulnerability could gain greater access to s ... oval:org.secpod.oval:def:58926 An elevation of privilege vulnerability exists when Windows Error Reporting manager improperly handles hard links. An attacker who successfully exploited this vulnerability could overwrite a targeted file leading to an elevated status.To exploit this vulnerability, an attacker would first have to lo ... oval:org.secpod.oval:def:58923 A tampering vulnerability exists in Microsoft Windows when a man-in-the-middle attacker is able to successfully bypass the NTLM MIC (Message Integrity Check) protection. An attacker who successfully exploited this vulnerability could gain the ability to downgrade NTLM security features.To exploit th ... oval:org.secpod.oval:def:58929 A spoofing vulnerability exists when Transport Layer Security (TLS) accesses non- Extended Master Secret (EMS) sessions. An attacker who successfully exploited this vulnerability may gain access to unauthorized information.To exploit the vulnerability, an attacker would have to conduct a man-in-the- ... oval:org.secpod.oval:def:58942 An elevation of privilege vulnerability exists when Windows Error Reporting manager improperly handles hard links. An attacker who successfully exploited this vulnerability could overwrite a targeted file leading to an elevated status.To exploit this vulnerability, an attacker would first have to lo ... oval:org.secpod.oval:def:58936 A denial of service vulnerability exists in Remote Desktop Protocol (RDP) when an attacker connects to the target system using RDP and sends specially crafted requests. An attacker who successfully exploited this vulnerability could cause the RDP service on the target system to stop responding.To ex ... oval:org.secpod.oval:def:58937 A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server. An attacker who successfully exploited this vulnerability could execute arbitrary code on the computer of the connecting client. An attacker could then install programs; view ... oval:org.secpod.oval:def:58951 A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system.An attacker could exploit this vulnerability by enticing a victim to open ... oval:org.secpod.oval:def:58952 A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system.An attacker could exploit this vulnerability by enticing a victim to open ... oval:org.secpod.oval:def:58947 An information disclosure vulnerability exists in the way that the Windows Code Integrity Module handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system.To exploit the vulnerability, an attacker would have ... oval:org.secpod.oval:def:58949 A denial of service vulnerability exists when Windows improperly handles objects in memory. An attacker who successfully exploited the vulnerability could cause a target system to stop responding.To exploit this vulnerability, an attacker would have to log on to an affected system and run a speciall ... oval:org.secpod.oval:def:58944 An elevation of privilege vulnerability exists when umpo.dll of the Power Service, improperly handles a Registry Restore Key function. An attacker who successfully exploited this vulnerability could delete a targeted registry key leading to an elevated status.To exploit this vulnerability, an attack ... oval:org.secpod.oval:def:58945 An elevation of privilege vulnerability exists when Windows Error Reporting manager improperly handles a process crash. An attacker who successfully exploited this vulnerability could delete a targeted file leading to an elevated status.To exploit this vulnerability, an attacker would first have to ... oval:org.secpod.oval:def:58957 An elevation of privilege vulnerability exists when Microsoft IIS Server fails to check the length of a buffer prior to copying memory to it.An attacker who successfully exploited this vulnerability can allow an unprivileged function ran by the user to execute code in the context of NT AUTHORITY\sy ... oval:org.secpod.oval:def:59660 An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or ... oval:org.secpod.oval:def:59666 An elevation of privilege vulnerability exists when the Windows Universal Plug and Play (UPnP) service improperly allows COM object creation. An attacker who successfully exploited this vulnerability could run arbitrary code with elevated system privileges. An attacker could then install programs; v ... oval:org.secpod.oval:def:59667 A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system.An attacker could exploit this vulnerability by enticing a victim to open ... oval:org.secpod.oval:def:59661 An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or ... oval:org.secpod.oval:def:59662 An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or ... oval:org.secpod.oval:def:59659 An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or ... oval:org.secpod.oval:def:60641 An elevation of privilege vulnerability exists when Microsoft Cryptographic Services improperly handles files. An attacker could exploit the vulnerability to overwrite or modify a protected file leading to a privilege escalation.To exploit the vulnerability, an attacker would first require execution ... oval:org.secpod.oval:def:59670 An information disclosure vulnerability exists when the Windows Remote Procedure Call (RPC) runtime improperly initializes objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system.To exploit this vulnerability, an au ... oval:org.secpod.oval:def:59671 An information disclosure vulnerability exists when DirectWrite improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system.There are multiple ways an attacker could exploit the vulnerabilit ... oval:org.secpod.oval:def:59676 An information vulnerability exists when Windows Modules Installer Service improperly discloses file information. Successful exploitation of the vulnerability could allow the attacker to read the contents of a log file on disk.To exploit the vulnerability, an attacker would have to log onto an affec ... oval:org.secpod.oval:def:59677 A remote code execution vulnerability exists in Microsoft Windows when the Windows Adobe Type Manager Library improperly handles specially crafted OpenType fonts. For all systems except Windows 10, an attacker who successfully exploited the vulnerability could execute code remotely. For systems runn ... oval:org.secpod.oval:def:59673 An elevation of privilege vulnerability exists in Windows Installer because of the way Windows Installer handles certain filesystem operations.To exploit the vulnerability, an attacker would require unprivileged execution on the victim system. After successfully exploiting the vulnerability, an atta ... oval:org.secpod.oval:def:59669 An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or ... oval:org.secpod.oval:def:59681 A security feature bypass vulnerability exists when Windows Netlogon improperly handles a secure communications channel. An attacker who successfully exploited the vulnerability could downgrade aspects of the connection allowing for further modification of the transmission.To exploit the vulnerabili ... oval:org.secpod.oval:def:59684 An elevation of privilege vulnerability exists when the Windows Graphics Component improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context.In a local attack scenario, an attacker could exploit this vulnerability by ru ... oval:org.secpod.oval:def:59686 An elevation of privilege vulnerability exists when the Windows Graphics Component improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context.In a local attack scenario, an attacker could exploit this vulnerability by ru ... oval:org.secpod.oval:def:59690 An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system.There are multiple ways an attacker could exploit th ... oval:org.secpod.oval:def:59693 An elevation of privilege vulnerability exists when the Windows User Profile Service (ProfSvc) improperly handles symlinks. An attacker who successfully exploited this vulnerability could delete files and folders in an elevated context.To exploit this vulnerability, an attacker would first have to l ... oval:org.secpod.oval:def:59694 A remote code execution vulnerability exists in Microsoft Windows when the Windows Adobe Type Manager Library improperly handles specially crafted OpenType fonts. For all systems except Windows 10, an attacker who successfully exploited the vulnerability could execute code remotely. For systems runn ... oval:org.secpod.oval:def:60629 A remote code execution vulnerability exists when the Microsoft .NET Framework fails to validate input properly. An attacker who successfully exploited this vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new ac ... oval:org.secpod.oval:def:60627 A remote code execution vulnerability exists in .NET software when the software fails to check the source markup of a file. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user ... oval:org.secpod.oval:def:60628 A remote code execution vulnerability exists in .NET software when the software fails to check the source markup of a file. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user ... oval:org.secpod.oval:def:59655 An elevation of privilege vulnerability exists in the Windows Certificate Dialog when it does not properly enforce user privileges. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could then install programs; view, change or delete da ... oval:org.secpod.oval:def:59657 A denial of service vulnerability exists when Windows improperly handles objects in memory. An attacker who successfully exploited the vulnerability could cause a target system to stop responding.To exploit this vulnerability, an attacker would have to log on to an affected system and run a speciall ... oval:org.secpod.oval:def:59653 A security feature bypass vulnerability exists where a NETLOGON message is able to obtain the session key and sign messages.To exploit this vulnerability, an attacker could send a specially crafted authentication request. An attacker who successfully exploited this vulnerability could access another ... oval:org.secpod.oval:def:60638 An information disclosure vulnerability exists in the Windows Common Log File System (CLFS) driver when it fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could potentially read data that was not intended to be disclosed. Note that this vulnerabi ... oval:org.secpod.oval:def:60631 An information disclosure vulnerability exists when the win32k component improperly provides kernel information. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system.To exploit this vulnerability, an attacker would have to log on to ... oval:org.secpod.oval:def:59876 An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system.To exploit this vulnerability, an attacker would have to log on to an ... oval:org.secpod.oval:def:59870 An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system.There are multiple ways an attacker could exploit th ... oval:org.secpod.oval:def:59871 A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; ... oval:org.secpod.oval:def:59868 An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system.There are multiple ways an attacker could exploit th ... oval:org.secpod.oval:def:59869 An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system.There are multiple ways an attacker could exploit th ... oval:org.secpod.oval:def:59883 A remote code execution vulnerability exists when Microsoft Windows OLE fails to properly validate user input. An attacker could exploit the vulnerability to execute malicious code.To exploit the vulnerability, an attacker would have to convince a user to open a specially crafted file or a program, ... oval:org.secpod.oval:def:59884 A security feature bypass vulnerability exists when Microsoft Defender improperly handles specific buffers. An attacker could exploit the vulnerability to trigger warnings and false positives when no threat is present.To exploit the vulnerability, an attacker would first require execution permission ... oval:org.secpod.oval:def:61304 A remote code execution vulnerability exists when the Windows Imaging Library improperly handles memory.To exploit this vulnerability, an attacker would first have to coerce a victim to open a specially crafted file.The security update addresses the vulnerability by correcting how the Windows Imagin ... oval:org.secpod.oval:def:61302 An information disclosure vulnerability exists when the Windows Network Driver Interface Specification (NDIS) improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to di ... oval:org.secpod.oval:def:60656 An elevation of privilege vulnerability exists in Microsoft Windows when Windows fails to properly handle certain symbolic links. An attacker who successfully exploited this vulnerability could potentially set certain items to run at a higher level and thereby elevate permissions.To exploit this vul ... oval:org.secpod.oval:def:60655 An elevation of privilege vulnerability exists when the Windows Common Log File System (CLFS) driver improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context.To exploit the vulnerability, an attacker would first have t ... oval:org.secpod.oval:def:60663 An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface Plus (GDI+) handles objects in memory, allowing an attacker to retrieve information from a targeted system. By itself, the information disclosure does not allow arbitrary code execution; however, it ... oval:org.secpod.oval:def:60662 An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or ... oval:org.secpod.oval:def:60660 An information disclosure vulnerability exists in the Windows Common Log File System (CLFS) driver when it fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could potentially read data that was not intended to be disclosed. Note that this vulnerabi ... oval:org.secpod.oval:def:61298 An elevation of privilege vulnerability exists in the Windows Installer when MSI packages process symbolic links. An attacker who successfully exploited this vulnerability could bypass access restrictions to add or remove files.To exploit this vulnerability, an attacker would first have to log on t ... oval:org.secpod.oval:def:61297 An elevation of privilege vulnerability exists in the Windows Installer when MSI packages process symbolic links. An attacker who successfully exploited this vulnerability could bypass access restrictions to add or remove files.To exploit this vulnerability, an attacker would first have to log on t ... oval:org.secpod.oval:def:61253 An elevation of privilege vulnerability exists when the Windows Graphics Component improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context.In a local attack scenario, an attacker could exploit this vulnerability by ru ... oval:org.secpod.oval:def:61285 An information disclosure vulnerability exists in the Windows Common Log File System (CLFS) driver when it fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could potentially read data that was not intended to be disclosed. Note that this vulnerabi ... oval:org.secpod.oval:def:61284 An elevation of privilege vulnerability exists when the Windows Common Log File System (CLFS) driver improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context.To exploit the vulnerability, an attacker would first have t ... oval:org.secpod.oval:def:61283 A remote code execution vulnerability exists in Remote Desktop Services formerly known as Terminal Services when an authenticated attacker abuses clipboard redirection. An attacker who successfully exploited this vulnerability could execute arbitrary code on the victim system. An attacker could th ... oval:org.secpod.oval:def:61296 An elevation of privilege vulnerability exists in the way that the Windows Function Discovery Service handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.To exploit the vulnerability, a locally authenticated attacker could ... oval:org.secpod.oval:def:61295 An elevation of privilege vulnerability exists in the way that the Windows Function Discovery Service handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.To exploit the vulnerability, a locally authenticated attacker could ... oval:org.secpod.oval:def:61293 An elevation of privilege vulnerability exists when Windows Error Reporting manager improperly handles hard links. An attacker who successfully exploited this vulnerability could overwrite a targeted file leading to an elevated status.To exploit this vulnerability, an attacker would first have to lo ... oval:org.secpod.oval:def:61292 An information disclosure vulnerability exists in the Cryptography Next Generation (CNG) service when it fails to properly handle objects in memory.To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application.The security update addres ... oval:org.secpod.oval:def:61291 An information disclosure vulnerability exists in the Cryptography Next Generation (CNG) service when it fails to properly handle objects in memory.To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application.The security update addres ... oval:org.secpod.oval:def:61290 An information disclosure vulnerability exists in the Cryptography Next Generation (CNG) service when it fails to properly handle objects in memory.To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application.The security update addres ... oval:org.secpod.oval:def:61287 An elevation of privilege vulnerability exists in Active Directory Forest trusts due to a default setting that lets an attacker in the trusting forest request delegation of a TGT for an identity from the trusted forest. To exploit this vulnerability, an attacker would first need to compromise an Act ... oval:org.secpod.oval:def:61229 An elevation of privilege vulnerability exists in the way that the Windows Kernel handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.To exploit the vulnerability, a locally authenticated attacker could run a specially craf ... oval:org.secpod.oval:def:61225 A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server. An attacker who successfully exploited this vulnerability could execute arbitrary code on the computer of the connecting client. An attacker could then install programs; view ... oval:org.secpod.oval:def:61241 An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or ... oval:org.secpod.oval:def:61238 An elevation of privilege vulnerability exists when the Windows Graphics Component improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context.In a local attack scenario, an attacker could exploit this vulnerability by ru ... oval:org.secpod.oval:def:61236 An information disclosure vulnerability exists when the Telephony Service improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise a users system.To exploit this vulnerability, an attacker would have to l ... oval:org.secpod.oval:def:61235 An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delet ... oval:org.secpod.oval:def:61251 An elevation of privilege vulnerability exists in the way that the tapisrv.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.To exploit the vulnerability, a locally authenticated attacker could run a specially crafted ... oval:org.secpod.oval:def:61250 An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or ... oval:org.secpod.oval:def:61248 An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or ... oval:org.secpod.oval:def:61247 An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or ... oval:org.secpod.oval:def:61246 An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or ... oval:org.secpod.oval:def:61245 An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or ... oval:org.secpod.oval:def:61244 An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or ... oval:org.secpod.oval:def:61243 An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or ... oval:org.secpod.oval:def:61242 An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or ... oval:org.secpod.oval:def:61308 An elevation of privilege vulnerability exists when the Windows User Profile Service (ProfSvc) improperly handles symlinks. An attacker who successfully exploited this vulnerability could delete files and folders in an elevated context.To exploit this vulnerability, an attacker would first have to l ... oval:org.secpod.oval:def:61307 A remote code execution vulnerability exists in Microsoft Windows that could allow remote code execution if a .LNK file is processed.An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rig ... oval:org.secpod.oval:def:61317 An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory, allowing an attacker to retrieve information from a targeted system. By itself, the information disclosure does not allow arbitrary code execution; however, it could ... oval:org.secpod.oval:def:61328 An information disclosure vulnerability exists in the Cryptography Next Generation (CNG) service when it fails to properly handle objects in memory.To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application.The security update addres ... oval:org.secpod.oval:def:61327 An information disclosure vulnerability exists in the Cryptography Next Generation (CNG) service when it fails to properly handle objects in memory.To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application.The security update addres ... oval:org.secpod.oval:def:61326 An elevation of privilege vulnerability exists in Windows Error Reporting (WER) when WER handles and executes files. The vulnerability could allow elevation of privilege if an attacker can successfully exploit it.An attacker who successfully exploited the vulnerability could gain greater access to s ... oval:org.secpod.oval:def:61325 An elevation of privilege vulnerability exists in Windows Error Reporting (WER) when WER handles and executes files. The vulnerability could allow elevation of privilege if an attacker can successfully exploit it.An attacker who successfully exploited the vulnerability could gain greater access to s ... oval:org.secpod.oval:def:61320 An information disclosure vulnerability exists in the Cryptography Next Generation (CNG) service when it fails to properly handle objects in memory.To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application.The security update addres ... oval:org.secpod.oval:def:61851 An elevation of privilege vulnerability exists when the Windows Graphics Component improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context.In a local attack scenario, an attacker could exploit this vulnerability by ru ... oval:org.secpod.oval:def:61850 An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or ... oval:org.secpod.oval:def:61866 An elevation of privilege vulnerability exists in Windows Installer because of the way Windows Installer handles certain filesystem operations.To exploit the vulnerability, an attacker would require unprivileged execution on the victim system. After successfully exploiting the vulnerability, an atta ... oval:org.secpod.oval:def:61865 An elevation of privilege vulnerability exists in Windows Installer because of the way Windows Installer handles certain filesystem operations.To exploit the vulnerability, an attacker would require unprivileged execution on the victim system. After successfully exploiting the vulnerability, an atta ... oval:org.secpod.oval:def:61863 An elevation of privilege vulnerability exists in Windows Installer because of the way Windows Installer handles certain filesystem operations.To exploit the vulnerability, an attacker would require unprivileged execution on the victim system. After successfully exploiting the vulnerability, an atta ... oval:org.secpod.oval:def:61879 An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or ... oval:org.secpod.oval:def:61878 A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delet ... oval:org.secpod.oval:def:61877 An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system.There are multiple ways an attacker could exploit th ... oval:org.secpod.oval:def:61876 A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delet ... oval:org.secpod.oval:def:61875 An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system.There are multiple ways an attacker could exploit th ... oval:org.secpod.oval:def:61873 An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or ... oval:org.secpod.oval:def:61888 An elevation of privilege vulnerability exists when the Windows ActiveX Installer Service improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges.The ... oval:org.secpod.oval:def:61887 An elevation of privilege vulnerability exists when the Windows CSC Service improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges.The security upda ... oval:org.secpod.oval:def:61883 A remote code execution vulnerability exists in Microsoft Windows that could allow remote code execution if a .LNK file is processed.An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rig ... oval:org.secpod.oval:def:61882 A tampering vulnerability exists when Microsoft IIS Server improperly handles malformed request headers. An attacker who successfully exploited the vulnerability could cause a vulnerable server to improperly process HTTP headers and tamper with the responses returned to clients.To exploit the vulner ... oval:org.secpod.oval:def:61849 An elevation of privilege vulnerability exists in the Windows Installer when MSI packages process symbolic links. An attacker who successfully exploited this vulnerability could bypass access restrictions to add or remove files.To exploit this vulnerability, an attacker would first have to log on t ... oval:org.secpod.oval:def:61845 An elevation of privilege vulnerability exists when Windows Error Reporting improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges.The security upda ... oval:org.secpod.oval:def:61889 An elevation of privilege vulnerability exists when the Windows CSC Service improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges.The security upda ... oval:org.secpod.oval:def:61898 An elevation of privilege vulnerability exists when the Windows Background Intelligent Transfer Service (BITS) improperly handles symbolic links. An attacker who successfully exploited this vulnerability could overwrite a targeted file leading to an elevated status.To exploit this vulnerability, an ... oval:org.secpod.oval:def:61895 An elevation of privilege vulnerability exists when the Windows Universal Plug and Play (UPnP) service improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code with elevated system privileges. An attacker could then install programs; vi ... oval:org.secpod.oval:def:61894 An elevation of privilege vulnerability exists when the Windows Universal Plug and Play (UPnP) service improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code with elevated system privileges. An attacker could then install programs; vi ... oval:org.secpod.oval:def:61908 An information disclosure vulnerability exists in Windows when the Windows Imaging Component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user's system.There are multiple ways an attacker coul ... oval:org.secpod.oval:def:61907 An elevation of privilege vulnerability exists when Windows improperly handles hard links. An attacker who successfully exploited this vulnerability could overwrite a targeted file leading to an elevated status.To exploit this vulnerability, an attacker would first have to log on to the system. An a ... oval:org.secpod.oval:def:61903 An elevation of privilege vulnerability exists when the Windows Language Pack Installer improperly handles file operations. An attacker who successfully exploited this vulnerability could run processes in an elevated context.An attacker could exploit this vulnerability by running a specially crafted ... oval:org.secpod.oval:def:62473 A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system.An attacker could exploit this vulnerability by enticing a victim to open ... oval:org.secpod.oval:def:62472 A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system.An attacker could exploit this vulnerability by enticing a victim to open ... oval:org.secpod.oval:def:62471 An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delet ... oval:org.secpod.oval:def:62470 An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delet ... oval:org.secpod.oval:def:62469 An information disclosure vulnerability exists when certain central processing units (CPU) speculatively access memory. An attacker who successfully exploited the vulnerability could read privileged data across trust boundaries.To exploit this vulnerability, an attacker would have to log on to an af ... oval:org.secpod.oval:def:62468 A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system.An attacker could exploit this vulnerability by enticing a victim to open ... oval:org.secpod.oval:def:62463 A remoted code execution vulnerability exists in the way that Microsoft Windows Codecs Library handles objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary code.Exploitation of the vulnerability requires that a program process a specially crafted image ... oval:org.secpod.oval:def:62484 An information disclosure vulnerability exists when the Microsoft Windows Graphics Component improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system.To exploit this vulnerability, an attacker would ... oval:org.secpod.oval:def:62483 An elevation of privilege vulnerability exists when the Windows Graphics Component improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context.In a local attack scenario, an attacker could exploit this vulnerability by ru ... oval:org.secpod.oval:def:62481 An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new a ... oval:org.secpod.oval:def:62480 A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system.An attacker could exploit this vulnerability by enticing a victim to open ... oval:org.secpod.oval:def:62479 A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system.An attacker could exploit this vulnerability by enticing a victim to open ... oval:org.secpod.oval:def:62478 A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system.An attacker could exploit this vulnerability by enticing a victim to open ... oval:org.secpod.oval:def:62477 A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system.An attacker could exploit this vulnerability by enticing a victim to open ... oval:org.secpod.oval:def:62476 A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system.An attacker could exploit this vulnerability by enticing a victim to open ... oval:org.secpod.oval:def:62475 An information disclosure vulnerability exists when the Microsoft Windows Graphics Component improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system.To exploit this vulnerability, an attacker would ... oval:org.secpod.oval:def:62474 An information disclosure vulnerability exists when the Microsoft Windows Graphics Component improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system.To exploit this vulnerability, an attacker would ... oval:org.secpod.oval:def:62487 An elevation of privilege vulnerability exists in the way that the Windows Kernel handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.To exploit the vulnerability, a locally authenticated attacker could run a specially craf ... oval:org.secpod.oval:def:62486 A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system.An attacker could exploit this vulnerability by enticing a victim to open ... oval:org.secpod.oval:def:62485 An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system.To exploit this vulnerability, an attacker would have to log on to an ... oval:org.secpod.oval:def:62461 An information disclosure vulnerability exists when Media Foundation improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system.To exploit this vulnerability, an attacker would have to log onto an af ... oval:org.secpod.oval:def:62457 A remote code execution vulnerability exists in the way that Microsoft Graphics Components handle objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary code on a target system.To exploit the vulnerability, a user would have to open a specially crafted fi ... oval:org.secpod.oval:def:62456 A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system.An attacker could exploit this vulnerability by enticing a victim to open ... oval:org.secpod.oval:def:62160 Microsoft is aware of limited targeted attacks that could leverage un-patched vulnerabilities in the Adobe Type Manager Library, and is providing the following guidance to help reduce customer risk until the security update is released. Two remote code execution vulnerabilities exist in Microsoft Wi ... oval:org.secpod.oval:def:62518 A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploited the vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; o ... oval:org.secpod.oval:def:63126 A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system.An attacker could exploit this vulnerability by enticing a victim to open ... oval:org.secpod.oval:def:63127 An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delet ... oval:org.secpod.oval:def:63128 A remote code execution vulnerability exists in the way that Windows handles objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary code with elevated permissions on a target system.To exploit the vulnerability, an attacker who has a domain user account c ... oval:org.secpod.oval:def:63130 An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system.To exploit this vulnerability, an attacker would have to log on to an ... oval:org.secpod.oval:def:63119 A denial of service vulnerability exists when .NET Core or .NET Framework improperly handles web requests. An attacker who successfully exploited this vulnerability could cause a denial of service against a .NET Core or .NET Framework web application. The vulnerability can be exploited remotely, wit ... oval:org.secpod.oval:def:63122 An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system.There are multiple ways an attacker could exploit th ... oval:org.secpod.oval:def:63145 An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new a ... oval:org.secpod.oval:def:63134 An elevation of privilege vulnerability exists in Windows Installer because of the way Windows Installer handles certain filesystem operations.To exploit the vulnerability, an attacker would require unprivileged execution on the victim system. After successfully exploiting the vulnerability, an atta ... oval:org.secpod.oval:def:63136 An elevation of privilege vulnerability exists when the Windows Printer Service improperly validates file paths while loading printer drivers. An authenticated attacker who successfully exploited this vulnerability could run arbitrary code with elevated system privileges.To exploit this vulnerabilit ... oval:org.secpod.oval:def:62542 An elevation of privilege vulnerability exists in the way that the Microsoft Store Install Service handles file operations in protected locations. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.To exploit the vulnerability, a locally authenticat ... oval:org.secpod.oval:def:62534 A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delet ... oval:org.secpod.oval:def:62533 An information disclosure vulnerability exists when the win32k component improperly provides kernel information. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system.To exploit this vulnerability, an attacker would have to log on to ... oval:org.secpod.oval:def:62532 An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system.There are multiple ways an attacker could exploit th ... oval:org.secpod.oval:def:63099 A security feature bypass vulnerability exists in Microsoft Windows when the Task Scheduler service fails to properly verify client connections over RPC. An attacker who successfully exploited this vulnerability could run arbitrary code as an administrator. An attacker could then install programs; v ... oval:org.secpod.oval:def:63098 An elevation of privilege vulnerability exists when the Windows Background Intelligent Transfer Service (BITS) IIS module improperly handles uploaded content. An attacker who successfully exploited this vulnerability could upload restricted file types to an IIS-hosted folder.To exploit this vulnerab ... oval:org.secpod.oval:def:63095 An elevation of privilege vulnerability exists when the Windows Print Spooler service improperly allows arbitrary writing to the file system. An attacker who successfully exploited this vulnerability could run arbitrary code with elevated system privileges. An attacker could then install programs; v ... oval:org.secpod.oval:def:63094 A remote code execution vulnerability exists in the way that the Microsoft Script Runtime handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulne ... oval:org.secpod.oval:def:63092 An elevation of privilege vulnerability exists when the Windows Print Spooler service improperly allows arbitrary writing to the file system. An attacker who successfully exploited this vulnerability could run arbitrary code with elevated system privileges. An attacker could then install programs; v ... oval:org.secpod.oval:def:63146 An information disclosure vulnerability exists when the Windows Client Server Run-Time Subsystem (CSRSS) fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system.To exploit this vulnerability, ... oval:org.secpod.oval:def:63169 A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system.An attacker could exploit this vulnerability by enticing a victim to open ... oval:org.secpod.oval:def:63170 A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system.An attacker could exploit this vulnerability by enticing a victim to open ... oval:org.secpod.oval:def:63171 A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system.An attacker could exploit this vulnerability by enticing a victim to open ... oval:org.secpod.oval:def:63157 An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory, allowing an attacker to retrieve information from a targeted system. By itself, the information disclosure does not allow arbitrary code execution; however, it could ... oval:org.secpod.oval:def:63158 An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delet ... oval:org.secpod.oval:def:63162 A remote code execution vulnerability exists in the way that Microsoft Graphics Components handle objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary code on a target system.To exploit the vulnerability, a user would have to open a specially crafted fi ... oval:org.secpod.oval:def:63163 An elevation of privilege vulnerability exists when the Windows Common Log File System (CLFS) driver improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context.To exploit the vulnerability, an attacker would first have t ... oval:org.secpod.oval:def:63686 A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory. An attacker who successfully exploited the vulnerability could install programs; view, change, or delete data; or create new accounts with full user rights.There are multiple ways an attacker ... oval:org.secpod.oval:def:63687 An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delet ... oval:org.secpod.oval:def:63688 An elevation of privilege vulnerability exists when Windows Modules Installer Service improperly handles class object members.A locally authenticated attacker could run arbitrary code with elevated system privileges. An attacker could then install programs; view, change, or delete data; or create ne ... oval:org.secpod.oval:def:63675 An information disclosure vulnerability exists when the Microsoft Windows Graphics Component improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system.To exploit this vulnerability, an attacker would ... oval:org.secpod.oval:def:63676 A denial of service vulnerability exists when Windows Registry improperly handles filesystem operations. An attacker who successfully exploited the vulnerability could cause a denial of service against a system.To exploit the vulnerability, an attacker who has access to the system could run a specia ... oval:org.secpod.oval:def:63677 An elevation of privilege vulnerability exists in the way that the printconfig.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.To exploit the vulnerability, a locally authenticated attacker could run a specially cra ... oval:org.secpod.oval:def:63672 An elevation of privilege vulnerability exists in the way that the Windows WalletService handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.To exploit the vulnerability, a locally authenticated attacker could run a special ... oval:org.secpod.oval:def:63703 An elevation of privilege vulnerability exists in Windows Text Service Framework (TSF) when the TSF server fails to properly handle messages sent from TSF clients. An attacker who successfully exploited this vulnerability could run arbitrary code in a privileged process. An attacker could then insta ... oval:org.secpod.oval:def:63704 An elevation of privilege vulnerability exists when Group Policy improperly checks access. An attacker who successfully exploited this vulnerability could run processes in an elevated context.To exploit the vulnerability, an attacker would first have to log on to the system, and then run a specially ... oval:org.secpod.oval:def:63721 A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system.An attacker could exploit this vulnerability by enticing a victim to open ... oval:org.secpod.oval:def:63712 An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delet ... oval:org.secpod.oval:def:63713 A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system.An attacker could exploit this vulnerability by enticing a victim to open ... oval:org.secpod.oval:def:63716 An elevation of privilege vulnerability exists when an OLE Automation component improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges.The security ... oval:org.secpod.oval:def:64214 A remote code execution vulnerability exists in .NET Framework, Microsoft SharePoint, and Visual Studio when the software fails to check the source markup of XML file input. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the process responsible fo ... oval:org.secpod.oval:def:63764 An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system.There are multiple ways an attacker could exploit th ... oval:org.secpod.oval:def:63751 A remote code execution vulnerability exists when Microsoft Windows fails to properly handle cabinet files.To exploit the vulnerability, an attacker would have to convince a user to either open a specially crafted cabinet file or spoof a network printer and trick a user into installing a malicious c ... oval:org.secpod.oval:def:63752 A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 1.0 (SMBv1) server handles certain requests. An attacker who successfully exploited the vulnerability could gain the ability to execute code on the target server.To exploit the vulnerability, in most situ ... oval:org.secpod.oval:def:63753 An elevation of privilege vulnerability exists in Windows Installer because of the way Windows Installer handles certain filesystem operations.To exploit the vulnerability, an attacker would require unprivileged execution on the victim system. After successfully exploiting the vulnerability, an atta ... oval:org.secpod.oval:def:63725 An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new a ... oval:org.secpod.oval:def:63726 An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delet ... oval:org.secpod.oval:def:63728 An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delet ... oval:org.secpod.oval:def:63729 An elevation of privilege vulnerability exists when the Windows Background Intelligent Transfer Service (BITS) IIS module improperly handles uploaded content. An attacker who successfully exploited this vulnerability could upload restricted file types to an IIS-hosted folder.To exploit this vulnerab ... oval:org.secpod.oval:def:63743 A remote code execution vulnerability exists when Microsoft Windows OLE fails to properly validate user input. An attacker could exploit the vulnerability to execute malicious code.To exploit the vulnerability, an attacker would have to convince a user to open either a specially crafted file or a pr ... oval:org.secpod.oval:def:63749 An elevation of privilege vulnerability exists in the way that the Windows Network Connections Service handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.To exploit the vulnerability, a locally authenticated attacker could ... oval:org.secpod.oval:def:63730 An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new a ... oval:org.secpod.oval:def:63735 An elevation of privilege vulnerability exists in the way that the wlansvc.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.To exploit the vulnerability, a locally authenticated attacker could run a specially crafted ... oval:org.secpod.oval:def:63737 An elevation of privilege vulnerability exists in the Windows Installer when the Windows Installer fails to properly sanitize input leading to an insecure library loading behavior.A locally authenticated attacker could run arbitrary code with elevated system privileges. An attacker could then instal ... oval:org.secpod.oval:def:66070 An information disclosure vulnerability exists when the .NET Framework improperly handles objects in memory. An attacker who successfully exploited the vulnerability could disclose contents of an affected system's memory. To exploit the vulnerability, an authenticated attacker would need to run a sp ... oval:org.secpod.oval:def:69004 The host is installed with .NEt Framework and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to properly handle unspecified vectors. Successful exploitation allows attackers to perform denial of service attacks. oval:org.secpod.oval:def:77180 .NET Framework Denial of Service Vulnerability oval:org.secpod.oval:def:78757 .NET Framework Denial of Service Vulnerability oval:org.secpod.oval:def:16177 WinVerifyTrust Signature Validation Vulnerability. A flaw is present in the WinVerifyTrust function in the operating system, which fails to handle the Windows Authenticode signature verification for portable executable (PE) files. Successful exploitation could allow remote attackers to execute arbit ... oval:org.secpod.oval:def:79936 .NET Framework Denial of Service Vulnerability oval:org.secpod.oval:def:46374 A security feature bypass vulnerability exists when Microsoft .NET Framework components do not correctly validate certificates. An attacker could present expired certificates when challenged. The security update addresses the vulnerability by ensuring that .NET Framework components correctly validat ... oval:org.mitre.oval:def:7315 The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple C ... oval:org.secpod.oval:def:5624 The host is missing an important security update according to Microsoft security bulletin, MS12-034. The update is required to fix multiple vulnerabilities. The flaws are present in the Microsoft Office, Windows, .NET Framework, and Silverlight, which fail to handle a specially crafted document or a ... oval:org.secpod.oval:def:14317 The host is installed with Microsoft Office 2003 SP3 /2007 SP3 /2010 SP1, Windows, Visual Studio .NET 2003 SP1, Lync 2010, Lync Basic 2013 or Lync 2010 Attendee, and is prone to remote code execution vulnerability. A flaw is present in the application, which fails to properly process crafted TrueTyp ... oval:org.secpod.oval:def:14328 The host is installed with Microsoft .NET Framework 2.0 SP2, 3.5.1, 4 or 4.5 or Silverlight 5 before 5.1.20513.0 and is prone to array access violation vulnerability. A flaw is present in the applications, which fail to properly prevent changes to data in multidimensional arrays of structures. Succe ... oval:org.secpod.oval:def:24338 The host is installed with Microsoft .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2, Office 2007 SP3 and 2010 SP2, Live Meeting 2007 Console, Lync 2010, Lync 2010 Attendee, Lync 2013 SP1, Lync Basic 2013 SP1, Silverlight 5 or Silverlight 5 Developer Runtime and is prone to a truetype f ... oval:org.secpod.oval:def:25846 The host is installed with Microsoft Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8, Server 2012, Windows 8.1, Server 2012 R2, WIndows 10, Microsoft Office 2007 SP3 or 2010 SP2, Live Meeting 2007 Console, Lync 2010, Lync 2010 Attendee, Lync 2013 SP1, Lync Basic 2013 ... oval:org.secpod.oval:def:25849 The host is installed with Microsoft Microsoft Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8, Server 2012, Windows 8.1, Server 2012 R2, Windows 10, .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, 4.6, Office 2007 SP3 or 2010 SP2, Live Meeting 2007 Console ... oval:org.secpod.oval:def:25850 The host is installed with Microsoft Microsoft Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8, Server 2012, Windows 8.1, Server 2012 R2, Windows 10, .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, 4.6, Office 2007 SP3 or 2010 SP2, Live Meeting 2007 Console ... oval:org.secpod.oval:def:25856 The host is installed with Microsoft Microsoft Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8, Server 2012, Windows 8.1, Server 2012 R2, .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, 4.6, Office 2007 SP3 or 2010 SP2, Live Meeting 2007 Console, Lync 2010, ... oval:org.secpod.oval:def:25857 The host is installed with Microsoft Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8, Server 2012, Windows 8.1, Server 2012 R2, .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, 4.6, Office 2007 SP3 or 2010 SP2, Live Meeting 2007 Console, Lync 2010, Lync 2010 ... oval:org.secpod.oval:def:5627 The host is installed with Microsoft Office, Windows, .NET Framework, and Silverlight and is prone TrueType Font parsing vulnerability. A flaw is present in the applications, which fail to handle a specially crafted TrueType font file. Successful exploitation could allow remote attackers to install ... oval:org.secpod.oval:def:5628 The host is installed with Microsoft Office, Windows, and Silverlight and is prone TrueType Font parsing vulnerability. A flaw is present in the applications, which fails to handle a specially crafted TrueType font file. Successful exploitation could allow remote attackers to install programs, view, ... oval:org.secpod.oval:def:1171 The host is installed with Microsoft .Net framework 2.0 SP1 or 2.0 SP2 or 3.5 or 3.5 SP1 or 4.0 or Microsoft Silverlight 4 and is prone to remote code execution vulnerability. A flaw is present in the applications which is caused when the .NET Framework or Microsoft Silverlight improperly validate a ... oval:org.secpod.oval:def:1172 The host is missing an critical security update according to Microsoft security bulletin, MS11-039. The update is required to fix remote code execution vulnerability in Microsoft .Net framework and Microsoft Silverlight. A flaw is present in the applications which is caused when the .NET Framework a ... oval:org.secpod.oval:def:25859 The host is missing a critical security update according to Microsoft security bulletin, MS15-080. The update is required fix multiple vulnerabilities. The flaws are present in the applications, which fail to handle a crafted TrueType fonts or OneType fonts. Successful exploitation could allow attac ... oval:org.secpod.oval:def:2548 The host is installed with Microsoft .NET Framework or Microsoft Silverlight and is prone to a remote code execution vulnerability. Flaws are present in the Microsoft ASP.NET and Microsoft Silverlight, which fails to handle specially crafted web pages. Successful exploitation could allow attackers t ... oval:org.secpod.oval:def:2547 The host is missing a critical security update according to Microsoft security bulletin, MS11-078. The update is required to fix a remote code execution vulnerability. Flaws are present in the Microsoft .NET Framework and Microsoft Silverlight, which fails to handle specially crafted web pages by a ... oval:org.secpod.oval:def:14322 The host is missing a critical security update according to Microsoft bulletin, ms13-052. The update is required to fix multiple vulnerabilities. The flaws are present in the applications, which fail to properly handle certain vectors and improper validations. Successful exploitation allows attacker ... oval:org.secpod.oval:def:24340 The host is missing a critical security update according to Microsoft security bulletin, MS15-044. The update is required fix multiple remote code execution vulnerabilities. The flaws are present in the applications, which fail to handle a crafted TrueType or OpenType font. Successful exploitation c ... oval:org.secpod.oval:def:49162 The host is missing a critical servicing stack security update for ADV990001 oval:org.secpod.oval:def:39411 The host is missing an critical security update according to Microsoft bulletin, MS17-013. The update is required to fix multiple vulnerabilities. The flaws are present in the applications, which improperly handles GDI components. An attacker who successfully exploited these vulnerabilities could ex ... oval:org.secpod.oval:def:39407 A remote code execution vulnerability exists due to the way the Windows Graphics Component handles objects in memory. An attacker who successfully exploited the vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create n ... oval:org.secpod.oval:def:39404 An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory, allowing an attacker to retrieve information from a targeted system. By itself, the information disclosure does not allow arbitrary code execution; however, it could ... oval:org.secpod.oval:def:39406 An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain informationto further compromise the user's system.There are multiple ways an attacker could exploit th ... oval:org.secpod.oval:def:26564 The host is installed with Windows Vista SP2, Windows Server 2008 SP2, Microsoft Lync 2010, Microsoft Lync Basic 2013, Skype For Business 2016, Microsoft Lync 2010 Attendee, Microsoft live meeting 2007, Microsoft Office 2007, Microsoft Office 2010 and is prone to a graphics component buffer overflow ... oval:org.secpod.oval:def:26555 The host is missing a critical security update according to Microsoft security bulletin, MS15-097. The update is required to multiple remote code execution vulnerabilities. The flaws are present in the applications, which fail to handle a specially crafted document. Successful exploitation could all ... oval:org.secpod.oval:def:40959 A remote code execution vulnerability exists due to the way Windows Uniscribe handles objects in memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts ... oval:org.secpod.oval:def:40965 A remote code execution vulnerability exist when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; o ... oval:org.secpod.oval:def:31755 The host is installed with Microsoft Lync 2010, Microsoft Skype For business 2016, Microsoft Skype For Business Basic 2016, Microsoft Lync Basic 2013, Microsoft Lync 2010 Attendee, Microsoft live meeting 2007, Microsoft Live Meeting 2007 Add-In, Microsoft Office 2007, Microsoft Office 2010 or Word V ... oval:org.secpod.oval:def:31756 The host is installed with Microsoft Lync 2010, Microsoft Skype For business 2016, Microsoft Skype For Business Basic 2016, Microsoft Lync Basic 2013, Microsoft Lync 2010 Attendee, Microsoft live meeting 2007, Microsoft Live Meeting 2007 Add-In, Microsoft Office 2007, Microsoft Office 2010 or Word V ... oval:org.secpod.oval:def:31757 The host is missing a critical security update according to Microsoft security bulletin, MS15-128. The update is required to fix graphics memory corruption vulnerabilities. The flaws are present in the Windows font library, which improperly handles specially crafted embedded fonts. An attacker who s ... oval:org.secpod.oval:def:31753 The host is installed with Microsoft Lync 2010, Microsoft Skype For business 2016, Microsoft Skype For Business Basic 2016, Microsoft Lync Basic 2013, Microsoft Lync 2010 Attendee, Microsoft live meeting 2007, Microsoft Live Meeting 2007 Add-In, Microsoft Office 2007, Microsoft Office 2010, .NET Fra ... oval:org.secpod.oval:def:33963 The host is missing a critical security update according to Microsoft security bulletin, MS16-039. The update is required to fix multiple vulnerabilities. The flaws are present in the Windows font library, which improperly handles specially crafted embedded fonts. An attacker who successfully exploi ... oval:org.secpod.oval:def:33964 The host is installed with Microsoft Lync 2010, Microsoft Skype For business 2016, Microsoft Skype For Business Basic 2016, Microsoft Lync Basic 2013, Microsoft Lync 2010 Attendee, .NET Framework 3.0 SP2, 3.5, 3.5.1, Microsoft live meeting 2007, Microsoft Live Meeting 2007 Add-In, Microsoft Office 2 ... oval:org.secpod.oval:def:37495 The host is installed with Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Server 2012, Windows 8.1, Server 2012 R2, Windows 10, Microsoft Skype For business 2016, Microsoft Skype For Business Basic 2016, Microsoft lync 2013, lync 2010, live meeting console 2007, Microsoft Off ... oval:org.secpod.oval:def:37494 The host is installed with Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Server 2012, Windows 8.1, Server 2012 R2, Windows 10, Microsoft Skype For business 2016, Microsoft Skype For Business Basic 2016, Microsoft lync 2013, lync 2010, live meeting console 2007, Microsoft Off ... oval:org.secpod.oval:def:37491 The host is installed with Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Server 2012, Windows 8.1, Server 2012 R2, Windows 10, Microsoft Skype For business 2016, Microsoft Skype For Business Basic 2016, Microsoft lync 2013, lync 2010, live meeting console 2007, Microsoft Off ... oval:org.secpod.oval:def:37490 The host is installed with Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Server 2012, Windows 8.1, Server 2012 R2, Windows 10, Microsoft Skype For business 2016, Microsoft Skype For Business Basic 2016, Microsoft lync 2013, lync 2010, live meeting console 2007, Microsoft Off ... oval:org.secpod.oval:def:37496 The host is missing an critical security update according to Microsoft bulletin, MS16-120. The update is required to fix multiple vulnerabilities. The flaws are present in the applications, which improperly handles GDI components. An attacker who successfully exploited these vulnerabilities could ob ... oval:org.secpod.oval:def:37489 The host is installed with Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Server 2012, Windows 8.1, Server 2012 R2, Windows 10, .net framework 3.0, 4.6, 4.5 SP2, 3.5.1, Microsoft Skype For business 2016, Microsoft Skype For Business Basic 2016, Microsoft lync 2013, lync 2010, ... oval:org.secpod.oval:def:42057 An information disclosure vulnerability exists when Windows Uniscribe improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit the vulne ... oval:org.secpod.oval:def:42056 An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory, allowing an attacker to retrieve information from a targeted system. By itself, the information disclosure does not allow arbitrary code execution; however, it could ... oval:org.secpod.oval:def:42059 A remote code execution vulnerability exists due to the way Windows Uniscribe handles objects in memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts ... oval:org.secpod.oval:def:36739 The host is missing a critical security update according to Microsoft security bulletin, MS16-097. The update is required to fix multiple remote code execution vulnerabilities. The flaws are present in the Windows font library, which improperly handles specially crafted embedded fonts. Successful ex ... oval:org.secpod.oval:def:36738 The host is installed with Microsoft Windows Vista, 7, Server 2008, Server 2008 R2, Microsoft Lync 2010, Microsoft Skype For business 2016, Microsoft Skype For Business Basic 2016, Microsoft Lync Basic 2013, Microsoft Lync 2010 Attendee, Microsoft live meeting 2007, Microsoft Live Meeting 2007 Add-I ... oval:org.secpod.oval:def:36737 The host is installed with Microsoft Windows Vista, 7, Server 2008, Server 2008 R2, Microsoft Skype For business 2016, Microsoft Skype For Business Basic 2016, Microsoft Lync 2010, Microsoft Lync Basic 2013, Microsoft Lync 2010 Attendee, Microsoft live meeting 2007, Microsoft Live Meeting 2007 Add-I ... oval:org.secpod.oval:def:36736 The host is installed with Microsoft Windows Vista, 7, 8.1, 10, Server 2008, Server 2008 R2, Server 2012 or Server 2012 R2 Microsoft Lync 2010, Microsoft Skype For business 2016, Microsoft Skype For Business Basic 2016, Microsoft Lync Basic 2013, Microsoft Lync 2010 Attendee, Microsoft live meeting ... oval:org.secpod.oval:def:64908 An elevation of privilege vulnerability exists when ASP.NET or .NET web applications running on IIS improperly allow access to cached files. An attacker who successfully exploited this vulnerability could gain access to restricted files.To exploit this vulnerability, an attacker would need to send a ... oval:org.secpod.oval:def:64909 A remote code execution vulnerability exists when Microsoft .NET Framework processes input. An attacker who successfully exploited this vulnerability could take control of an affected system. To exploit the vulnerability, an attacker would need to be able to upload a specially crafted file to a web ... oval:org.secpod.oval:def:64953 The host is missing an important security update for KB4570509 oval:org.secpod.oval:def:64948 The host is missing an important security update for KB4570503 oval:org.secpod.oval:def:65086 The host is missing a critical security update for KB4571746 oval:org.secpod.oval:def:67713 The host is missing an important security update for KB4592498 oval:org.secpod.oval:def:67715 The host is missing a security update 4592504 oval:org.secpod.oval:def:65523 The host is missing a critical security update for KB4577070 oval:org.secpod.oval:def:59644 An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system.To exploit this vulnerability, an attacker would have to log on to an ... oval:org.secpod.oval:def:59718 The host is missing a security update 4525239 oval:org.secpod.oval:def:59714 The host is missing a critical security update for KB4525234 oval:org.secpod.oval:def:57333 The host is missing an important security update for KB4507461 oval:org.secpod.oval:def:57326 The host is missing an important security update for KB4507452 oval:org.secpod.oval:def:47216 An attacker who has successfully exploited L1TF may be able to read privileged data across trust boundaries. In shared resource environments (such that exist in some cloud services configurations), this vulnerability could allow one virtual machine to improperly access information from another. An a ... oval:org.secpod.oval:def:47217 An attacker who has successfully exploited L1TF may be able to read privileged data across trust boundaries. In shared resource environments (such that exist in some cloud services configurations), this vulnerability could allow one virtual machine to improperly access information from another. An a ... oval:org.secpod.oval:def:47219 An attacker who has successfully exploited L1TF may be able to read privileged data across trust boundaries. In shared resource environments (such that exist in some cloud services configurations), this vulnerability could allow one virtual machine to improperly access information from another. An a ... oval:org.secpod.oval:def:45388 An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new a ... oval:org.secpod.oval:def:47526 The host is missing an important security update according to MS advisory ADV180022. oval:org.secpod.oval:def:47525 Microsoft is aware of a denial of service vulnerability (named "FragmentSmack" CVE-2018-5391) affecting Windows systems. An attacker could send many 8-byte sized IP fragments with random starting offsets, but withhold the last fragment and exploit the worst-case complexity of linked lists in reassem ... oval:org.secpod.oval:def:45416 The host is missing an important security update for KB4134651 oval:org.secpod.oval:def:3718 The host is installed with Microsoft Windows and is prone to information disclosure vulnerability. A flaw is present in the application, which is caused by a design flaw in the SSL and TLS protocols when Cipher-block chaining (CBC) mode of operation is used. Successful exploitation allows attackers ... oval:org.secpod.oval:def:3719 The host is missing an important security update according to Microsoft bulletin MS12-006. The update is required to fix information disclosure vulnerability. A flaw is present in the application, which is caused by a design flaw in the SSL and TLS protocols when Cipher-block chaining (CBC) mode of ... oval:org.secpod.oval:def:65083 The host is missing a moderate severity security update for KB4571730 oval:org.secpod.oval:def:65521 The host is missing an important security update for KB4577064 oval:org.secpod.oval:def:71877 The host is missing a critical security update for KB5003210 oval:org.secpod.oval:def:71879 The host is missing a critical security update for KB5003225 |