[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244625

 
 

909

 
 

193379

 
 

277

Paid content will be excluded from the download.


Download | Alert*


oval:org.mitre.oval:def:1047
Buffer overflow in the SNMP Service in Microsoft Windows 2000 SP4, XP SP2, Server 2003, Server 2003 SP1, and possibly other versions allows remote attackers to execute arbitrary code via a crafted SNMP packet, aka "SNMP Memory Corruption Vulnerability."

oval:org.mitre.oval:def:313
Microsoft Internet Explorer 6 and earlier allows remote attackers to obtain sensitive information via unspecified uses of the OBJECT HTML tag, which discloses the absolute path of the corresponding TIF folder, aka "TIF Folder Information Disclosure Vulnerability," and a different issue than CVE-2006 ...

oval:org.mitre.oval:def:337
Microsoft Internet Explorer 6 and earlier allows remote attackers to read Temporary Internet Files (TIF) and obtain sensitive information via unspecified vectors involving certain drag and drop operations, aka "TIF Folder Information Disclosure Vulnerability," and a different issue than CVE-2006-557 ...

oval:org.mitre.oval:def:1385
The Graphics Rendering Engine in Microsoft Windows 2000 SP4 and XP SP2 allows local users to gain privileges via "invalid application window sizes" in layered application windows, aka the "GDI Invalid Window Size Elevation of Privilege Vulnerability."

oval:org.mitre.oval:def:413
Unspecified vulnerability in the driver for the Client Service for NetWare (CSNW) in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 up to SP1 allows remote attackers to cause a denial of service (hang and reboot) via has unknown attack vectors, aka "NetWare Driver Denial of Service Vulnerabilit ...

oval:org.mitre.oval:def:404
Buffer overflow in Client Service for NetWare (CSNW) in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 up to SP1 allows remote attackers to execute arbitrary code via crafted messages, aka "Client Service for NetWare Memory Corruption Vulnerability."

oval:org.mitre.oval:def:437
Heap-based buffer overflow in DirectAnimation.PathControl COM object (daxctle.ocx) in Microsoft Internet Explorer 6.0 SP1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a Spline function call whose first argument specifies a large number of points.

oval:org.mitre.oval:def:105
The operating system installed on the system is Microsoft Windows XP.

oval:gov.nist.usgcb.xp:def:21001
Automatic updates are not enabled

oval:gov.nist.usgcb.xp:def:21003
Windows Error Reporting is not Enabled

oval:gov.nist.usgcb.xp:def:21004
Remote Assistance is not Enabled

oval:gov.nist.usgcb.xp:def:21005
Remote Desktop Services is not Enabled

oval:org.mitre.oval:def:480
The operating system installed on the system is Microsoft Windows XP SP1 (64-bit).

oval:org.secpod.oval:def:10946
The host is installed with .NET Framework 2.0, 3.5, 3.5.1, 4.0 or 4.5 and is prone to spoofing vulnerability. A flaw is present in the application, which fails to check signatures in XML file. Successful exploitation allows attackers to make undetected changes to signed XML documents via unspecified ...

oval:org.mitre.oval:def:1873
The Just In Time (JIT) Compiler service in Microsoft .NET Framework 1.0, 1.1, and 2.0 for Windows 2000, XP, Server 2003, and Vista allows user-assisted remote attackers to execute arbitrary code via unspecified vectors involving an "unchecked buffer," probably a buffer overflow, aka ".NET JIT Compil ...

oval:org.mitre.oval:def:1854
Stack-based buffer overflow in the animated cursor code in Microsoft Windows 2000 SP4 through Vista allows remote attackers to execute arbitrary code or cause a denial of service (persistent reboot) via a large length value in the second (or later) anih block of a RIFF .ANI, cur, or .ico file, which ...

oval:org.mitre.oval:def:761
Microsoft Internet Explorer 6 allows remote attackers to execute arbitrary code by using JavaScript to cause certain errors simultaneously, which results in the access of previously freed memory, aka "Script Error Handling Memory Corruption Vulnerability."

oval:org.mitre.oval:def:1706
Heap-based buffer overflow in Microsoft Outlook Express 6 and earlier, and Windows Mail for Vista, allows remote Network News Transfer Protocol (NNTP) servers to execute arbitrary code via long NNTP responses that trigger memory corruption.

oval:org.mitre.oval:def:162
Buffer overflow in the Step-by-Step Interactive Training in Microsoft Windows 2000 SP4, XP SP2 and Professional, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a long Syllabus string in crafted bookmark link files (cbo, cbl, or .cbm), a different issue than CVE-2005-1212.

oval:org.mitre.oval:def:1103
Heap-based buffer overflow in the DirectAnimation Path Control (DirectAnimation.PathControl) COM object (daxctle.ocx) for Internet Explorer 6.0 SP1, on Chinese and possibly other Windows distributions, allows remote attackers to execute arbitrary code via unknown manipulations in arguments to the Ke ...

oval:org.mitre.oval:def:2049
Stack-based buffer overflow in the Universal Plug and Play (UPnP) service in Microsoft Windows XP SP2 allows remote attackers on the same subnet to execute arbitrary code via crafted HTTP headers in request or notification messages, which trigger memory corruption.

oval:org.mitre.oval:def:2031
Multiple buffer overflows in the (1) ActiveListen (Xlisten.dll) and (2) ActiveVoice (Xvoice.dll) speech controls, as used by Microsoft Internet Explorer 5.01, 6, and 7, allow remote attackers to execute arbitrary code via a crafted ActiveX object that triggers memory corruption, as demonstrated via ...

oval:org.mitre.oval:def:2056
The Graphics Rendering Engine in Microsoft Windows 2000 through 2000 SP4 and Windows XP through SP2 maps GDI Kernel structures on a global shared memory section that is mapped with read-only permissions, but can be remapped by other processes as read-write, which allows local users to cause a denial ...

oval:org.mitre.oval:def:456
Microsoft Internet Explorer 5.01 through 6 allows remote attackers to execute arbitrary code via crafted layout combinations involving DIV tags and HTML CSS float properties that trigger memory corruption, aka "HTML Rendering Memory Corruption Vulnerability."

oval:org.mitre.oval:def:1084
Microsoft Internet Explorer 5.01 and 6 allows remote attackers to execute arbitrary code by instantiating certain COM objects from Urlmon.dll, which triggers memory corruption during a call to the IObjectSafety function.

oval:org.secpod.oval:def:3433
The host is installed with Microsoft Time component and is prone to remote code execution vulnerability. A flaw is present in the application which is caused by a specially crafted Web page. Successful exploitation allows remote attacker gain user rights as the logged-on user.

oval:org.secpod.oval:def:6709
The host is installed with Internet Explorer 6 through 9 and is prone to an asynchronous null object access remote code execution vulnerability. A flaw is present in the application, which fails to handle deleted objects in memory. Successful exploitation could allow attackers to execute arbitrary c ...

oval:org.secpod.oval:def:6711
The host is installed with Internet Explorer 6 through 9 and is prone to a virtual function table corruption vulnerability. A flaw is present in the application, which fails to handle deleted objects in memory. Successful exploitation could allow attackers to execute arbitrary code.

oval:org.secpod.oval:def:6710
The host is installed with Internet Explorer 6 and 7 and is prone to a layout memory corruption vulnerability. A flaw is present in the application, which fails to handle deleted objects in memory. Successful exploitation could allow attackers to execute arbitrary code.

oval:org.mitre.oval:def:1605
A component in Microsoft Outlook Express 6 allows remote attackers to bypass domain restrictions and obtain sensitive information via redirections with the mhtml: URI handler, as originally reported for Internet Explorer 6 and 7, aka "URL Redirect Cross Domain Information Disclosure Vulnerability."

oval:org.secpod.oval:def:10847
The host is installed with Microsoft Internet Explorer 6 through 10 and is prone to use-after-free vulnerability. A flaw is present in the application, which fails to handle a crafted web site that triggers access to a deleted object. Successful exploitation allows attackers to execute arbitrary cod ...

oval:org.mitre.oval:def:154
Integer overflow in the ReadWideString function in agentdpv.dll in Microsoft Agent on Microsoft Windows 2000 SP4, XP SP2, and Server 2003 up to SP1 allows remote attackers to execute arbitrary code via a large length value in an .ACF file, which results in a heap-based buffer overflow.

oval:org.secpod.oval:def:10741
The host is installed with Microsoft Internet Explorer 6 through 10 and is prone to an use-after-free vulnerability. A flaw is present in the application, which fails to handle a crafted web site that triggers access to a deleted object. Successful exploitation could allow attackers to execute arbit ...

oval:org.secpod.oval:def:10742
The host is installed with Microsoft Internet Explorer 6 through 10 and is prone to an use-after-free vulnerability. A flaw is present in the application, which fails to handle a crafted web site that triggers access to a deleted object. Successful exploitation could allow attackers to execute arbit ...

oval:org.mitre.oval:def:1571
Unspecified kernel GDI functions in Microsoft Windows 2000 SP4; XP SP2; and Server 2003 Gold, SP1, and SP2 allows user-assisted remote attackers to cause a denial of service (possibly persistent restart) via a crafted Windows Metafile (WMF) image that causes an invalid dereference of an offset in a ...

oval:org.secpod.oval:def:1240
The host is installed with Adobe flash player 6 and is prone to remote code execution vulnerability. A flaw is present in application, which fails to handle specially crafted Flash content or web page. Successful exploitation could allow remote attackers to execute arbitrary code.

oval:org.mitre.oval:def:540
The OLE Dialog component in Microsoft Windows 2000 SP4, XP SP2, and 2003 SP1 allows user-assisted remote attackers to execute arbitrary code via an RTF file with a malformed OLE object that triggers memory corruption.

oval:org.mitre.oval:def:224
The hardware detection functionality in the Windows Shell in Microsoft Windows XP SP2 and Professional, and Server 2003 SP1 allows local users to gain privileges via an unvalidated parameter to a function related to the "detection and registration of new hardware."

oval:org.mitre.oval:def:125
The HTML Help ActiveX control (Hhctrl.ocx) in Microsoft Windows 2000 SP3, XP SP2 and Professional, 2003 SP1 allows remote attackers to execute arbitrary code via unspecified functions, related to uninitialized parameters.

oval:org.mitre.oval:def:1923
Buffer overflow in the Graphics Device Interface (GDI) in Microsoft Windows 2000 SP4; XP SP2; Server 2003 Gold, SP1, and SP2; and Vista allows local users to gain privileges via a crafted Enhanced Metafile (EMF) image format file.

oval:org.mitre.oval:def:1927
Buffer overflow in the Graphics Device Interface (GDI) in Microsoft Windows 2000 SP4; XP SP2; Server 2003 Gold, SP1, and SP2; and Vista allows local users to gain privileges via certain "color-related parameters" in crafted images.

oval:org.mitre.oval:def:1895
Unspecified vulnerability in the Windows Schannel Security Package for Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 and SP2, allows remote servers to execute arbitrary code or cause a denial of service via crafted digital signatures that are processed during an SSL handshake.

oval:org.mitre.oval:def:1643
Unspecified vulnerability in the Win32 API on Microsoft Windows 2000, XP SP2, and Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via certain parameters to an unspecified function.

oval:org.mitre.oval:def:2310
rpcrt4.dll (aka the RPC runtime library) in Microsoft Windows XP SP2, XP Professional x64 Edition, Server 2003 SP1 and SP2, Server 2003 x64 Edition and x64 Edition SP2, and Vista and Vista x64 Edition allows remote attackers to cause a denial of service (RPCSS service stop and system restart) via an ...

oval:org.mitre.oval:def:2045
A component in Microsoft Outlook Express 6 and Windows Mail in Windows Vista does not properly handle certain HTTP headers when processing MHTML protocol URLs, which allows remote attackers to obtain sensitive information from other Internet Explorer domains, aka "URL Parsing Cross Domain Informatio ...

oval:org.mitre.oval:def:2085
The MHTML protocol handler in Microsoft Outlook Express 6 and Windows Mail in Windows Vista does not properly handle Content-Disposition "notifications," which allows remote attackers to obtain sensitive information from other Internet Explorer domains, aka "Content Disposition Parsing Cross Domain ...

oval:org.mitre.oval:def:1055
Unspecified vulnerability in Microsoft Outlook Express 6 and earlier allows remote attackers to execute arbitrary code via a crafted contact record in a Windows Address Book (WAB) file.

oval:org.mitre.oval:def:116
Unspecified vulnerability in Microsoft Internet Explorer 6 allows remote attackers to execute arbitrary code via certain DHTML script functions, such as normalize, and "incorrectly created elements" that trigger memory corruption, aka "DHTML Script Function Memory Corruption Vulnerability."

oval:org.mitre.oval:def:1396
Unspecified vulnerability in Microsoft Internet Explorer 6 allows remote attackers to execute arbitrary code via a crafted Cascading Style Sheets (CSS) tag that triggers memory corruption.

oval:org.mitre.oval:def:1902
Race condition in Microsoft Internet Explorer 5.01, 6, and 7 allows remote attackers to execute arbitrary code by causing Internet Explorer to install multiple language packs in a way that triggers memory corruption, aka "Language Pack Installation Vulnerability."

oval:org.mitre.oval:def:1058
Integer overflow in the Vector Markup Language (VML) implementation (vgx.dll) in Microsoft Internet Explorer 5.01, 6, and 7 on Windows 2000 SP4, XP SP2, Server 2003, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a crafted web page that contains unspecified integer propert ...

oval:org.mitre.oval:def:1120
Microsoft Internet Explorer 5.01, 6, and 7 uses certain COM objects from Imjpcksid.dll as ActiveX controls, which allows remote attackers to execute arbitrary code via unspecified vectors. NOTE: this issue might be related to CVE-2006-4193.

oval:org.mitre.oval:def:441
Buffer overflow in INETCOMM.DLL, as used in Microsoft Internet Explorer 6.0 through 6.0 SP2, Windows Explorer, Outlook Express 6, and possibly other programs, allows remote user-assisted attackers to cause a denial of service (application crash) via a long mhtml URI in the URL value in a URL file.

oval:org.mitre.oval:def:538
Microsoft Excel allows user-assisted attackers to execute arbitrary javascript and redirect users to arbitrary sites via an Excel spreadsheet with an embedded Shockwave Flash Player ActiveX Object, which is automatically executed when the user opens the spreadsheet.

oval:org.secpod.oval:def:10745
The host is installed with Microsoft Active Directory or Active Directory Application Mode (ADAM) or Active Directory Lightweight Directory Service (AD LDS) or Active Directory Services and is prone to a denial of service vulnerability. A flaw is present in an application, which fails to handle a cr ...

oval:org.mitre.oval:def:214
The Execute method in the ADODB.Connection 2.7 and 2.8 ActiveX control objects (ADODB.Connection.2.7 and ADODB.Connection.2.8) in the Microsoft Data Access Components (MDAC) 2.5 SP3, 2.7 SP1, 2.8, and 2.8 SP1 does not properly track freed memory when the second argument is a BSTR, which allows remot ...

oval:org.mitre.oval:def:1275
Unspecified vulnerability in the (1) Windows Services for UNIX 3.0 and 3.5, and (2) Subsystem for UNIX-based Applications in Microsoft Windows 2000, XP, Server 2003, and Vista allows local users to gain privileges via unspecified vectors related to "certain setuid binary files."

oval:org.mitre.oval:def:4584
Buffer overflow in Macrovision SafeDisc secdrv.sys before 4.3.86.0, as shipped in Microsoft Windows XP SP2, XP Professional x64 and x64 SP2, Server 2003 SP1 and SP2, and Server 2003 x64 and x64 SP2 allows local users to overwrite arbitrary memory locations and gain privileges via a crafted argument ...

oval:org.mitre.oval:def:560
The Client-Server Run-time Subsystem in Microsoft Windows XP SP2 and Server 2003 allows local users to gain privileges via a crafted file manifest within an application, aka "File Manifest Corruption Vulnerability."

oval:org.mitre.oval:def:1703
The URL parser in Microsoft Internet Information Services (IIS) 5.1 on Windows XP Professional SP2 allows remote attackers to execute arbitrary code via multiple requests to ".dll" followed by arguments such as "~0" through "~9", which causes ntdll.dll to produce a return value that is not correctly ...

oval:org.mitre.oval:def:482
Windows Server 2003 and XP SP2, with Windows Firewall turned off, allows remote attackers to cause a denial of service (CPU consumption) via a TCP packet with the SYN flag set and the same destination and source address and port, aka a reoccurrence of the "Land" vulnerability (CVE-1999-0016).

oval:org.mitre.oval:def:908
Stack-based buffer overflow in the NetpManageIPCConnect function in the Workstation service (wkssvc.dll) in Microsoft Windows 2000 SP4 and XP SP2 allows remote attackers to execute arbitrary code via NetrJoinDomain2 RPC messages with a long hostname.

oval:org.mitre.oval:def:607
Stack-based buffer overflow in the NetpManageIPCConnect function in the Workstation service (wkssvc.dll) in Microsoft Windows 2000 SP4 and XP SP2 allows remote attackers to execute arbitrary code via NetrJoinDomain2 RPC messages with a long hostname.

oval:org.mitre.oval:def:492
Buffer overflow in the Server Service in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allows remote attackers, including anonymous users, to execute arbitrary code via a crafted RPC message, a different vulnerability than CVE-2006-1314.

oval:org.mitre.oval:def:1978
Microsoft Internet Explorer 5.01, 6, and 7 allows remote attackers to execute arbitrary code by causing Internet Explorer to access an uninitialized or deleted object, related to prototype variables and table cells, aka "Uninitialized Memory Corruption Vulnerability."

oval:org.secpod.oval:def:5096
The host is installed with Microsoft Internet Explorer 6 through 8 and is prone to a VML style remote code execution vulnerability. A flaw is present in the application, which fails to properly handle a deleted object in memory. Successful exploitation could allow attackers to execute arbitrary code ...

oval:org.secpod.oval:def:5589
The host is installed with Microsoft .Net Framework 1.1 SP1 or 2.0 SP2 or 3.0 SP2 or 3.5 SP1 or 3.5.1 or 4.0 and is prone to remote code execution vulnerability. A flaw is present in the Microsoft .NET Framework, which fails due to the improper serialization of untrusted input through partially trus ...

oval:org.secpod.oval:def:5588
The host is installed with Microsoft .Net Framework 1.1 SP1 or 2.0 SP2 or 3.0 SP2 or 3.5 SP1 or 3.5.1 or 4.0 and is prone to remote code execution vulnerability. A flaw is present in the Microsoft .NET Framework, which fails due to the improper serialization of untrusted input. Successful exploitati ...

oval:org.secpod.oval:def:5129
The host is installed with Microsoft .NET Framework 1.1 SP1 or 2.0 SP2 or 3.5.1 or 4 and is prone to remote code execution vulnerability. A flaw is present in the application, which fails to properly validate parameters when passing data to a function. Successful exploitation allows remote attackers ...

oval:org.secpod.oval:def:3431
The host is installed with Internet Explorer 6 or 7 or 8 or 9 and is prone to information disclosure vulnerability. A flaw is present in the application, which fails to properly handle Web pages. Successful exploitation allows attackers to to view content from a different domain or Internet Explorer ...

oval:org.secpod.oval:def:4137
The host is installed with Internet Explorer 6,7,8 or 9 and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to properly perform copy-and-paste operations. Successful exploitation could allow attackers to read content from a different (1) domain ...

oval:org.secpod.oval:def:4138
The host is installed with Internet Explorer 7,8 or 9 and is prone to a remote code execution vulnerability. A flaw is present in the application, which fails to properly handle access to a deleted object. Successful exploitation could allow attackers to execute arbitrary code.

oval:org.secpod.oval:def:3709
The host is installed with Windows Object Packager and is prone to remote code execution vulnerability. A flaw is present in Windows Object Packager which fails to handle a specially crafted executable file. Successful exploitation could allow attackers to gain full user rights and install programs, ...

oval:org.secpod.oval:def:5094
The host is installed with Microsoft Internet Explorer 6 or 7 and is prone to an OnReadyStateChange remote code execution vulnerability. A flaw is present in the application, which fails to handle a deleted object in memory. Successful exploitation could allow attackers to execute arbitrary code.

oval:org.secpod.oval:def:5092
The host is installed with Microsoft Internet Explorer 6 through 9 and is prone to a remote code execution vulnerability. A flaw is present in the application, which fails to handle a crafted HTML document. Successful exploitation could allow attackers to execute arbitrary code.

oval:org.secpod.oval:def:5095
The host is installed with Microsoft Internet Explorer 6 through 9 and is prone to a SelectAll remote code execution vulnerability. A flaw is present in the application, which fails to properly handle a deleted object in memory. Successful exploitation could allow attackers to execute arbitrary code ...

oval:gov.nist.usgcb.xp:def:6132
Background Intelligent Transfer Service (a.k.a. BITS)

oval:gov.nist.usgcb.xp:def:6121
Permits users to change installation options that typically are available only to system administrators. This setting bypasses some of the security features of Windows Installer.

oval:gov.nist.usgcb.xp:def:6120
Disable IE security prompt for Windows Installer scripts

oval:gov.nist.usgcb.xp:def:6122
This setting controls the ability of non-administrators to install updates that have been digitally signed by the application vendor.

oval:gov.nist.usgcb.xp:def:6596
Do not allow passwords to be saved

oval:gov.nist.usgcb.xp:def:6595
Disable remote Desktop Sharing

oval:gov.nist.usgcb.xp:def:6119
Turn off shell protocol protected mode

oval:gov.nist.usgcb.xp:def:6572
Turn off downloading of print drivers over HTTP

oval:gov.nist.usgcb.xp:def:6571
Turn off printing over HTTP

oval:gov.nist.usgcb.xp:def:6570
Turn off Search Companion content file updates

oval:gov.nist.usgcb.xp:def:6563
Offer Remote Assistance

oval:gov.nist.usgcb.xp:def:6564
Solicited Remote Assistance

oval:gov.nist.usgcb.xp:def:6567
Turn off the "Publish to Web" task for files and folders

oval:gov.nist.usgcb.xp:def:6566
RPC Endpoint Mapper Client Authentication

oval:gov.nist.usgcb.xp:def:6569
Turn off the Windows Messenger Customer Experience Improvement Program

oval:gov.nist.usgcb.xp:def:6568
Turn off Internet download for Web publishing and online ordering wizards

oval:gov.nist.usgcb.xp:def:6503
Hide mechanisms to remove zone information

oval:gov.nist.usgcb.xp:def:6502
Do not preserve zone information in file attachments

oval:gov.nist.usgcb.xp:def:6504
Notify antivirus programs when opening attachments

oval:gov.nist.usgcb.xp:def:6725
This policy setting allows you to specify the maximum amount of time that an active Terminal Services session can be idle (without user input) before it is automatically disconnected. (15 min)

oval:gov.nist.usgcb.xp:def:6726
You can use this policy setting to specify the maximum amount of time that a disconnected session is kept active on the server. By default, Terminal Services allows users to disconnect from a remote session without logging off and ending the session. (1 min)

oval:gov.nist.usgcb.xp:def:6719
WMI Performance Adapter should be configured to start "Manual"

oval:gov.nist.usgcb.xp:def:6714
Prompt for password on resume from hibernate / suspend

oval:gov.nist.usgcb.xp:def:6708
Screen Saver timeout

oval:gov.nist.usgcb.xp:def:6707
Password protect the screen saver

oval:gov.nist.usgcb.xp:def:6022
Accounts: Rename Administrator Account

oval:gov.nist.usgcb.xp:def:6027
Audit: Shut down system immediately if unable to log security audits

oval:gov.nist.usgcb.xp:def:6029
Devices: Allowed to format and eject removable media

oval:gov.nist.usgcb.xp:def:7796
MSS: (NoDefaultExempt) Enable NoDefaultExempt for IPSec Filtering

oval:gov.nist.usgcb.xp:def:6682
Turn Off the "Order Prints" Picture Task

oval:gov.nist.usgcb.xp:def:6681
Turn Off Registration if URL Connection is Referring to Microsoft.com

oval:gov.nist.usgcb.xp:def:6683
Turn off Windows Error Reporting

oval:gov.nist.usgcb.xp:def:6686
Always Use Classic Logon

oval:gov.nist.usgcb.xp:def:6680
Turn Off Internet File Association Service

oval:gov.nist.usgcb.xp:def:6672
Registry Policy Processing

oval:gov.nist.usgcb.xp:def:6675
Turn Off Event Views "Events.asp" Links

oval:gov.nist.usgcb.xp:def:6679
Turn Off Internet Connection Wizard if URL Connection is Referring to Microsoft.com

oval:gov.nist.usgcb.xp:def:6662
Turn Off Microsoft Peer-to-Peer Networking Services

oval:gov.nist.usgcb.xp:def:100212
do not display install updates and shut down

oval:gov.nist.usgcb.xp:def:100214
reschedule automatic updates

oval:gov.nist.usgcb.xp:def:100213
no auto restart with logged on users

oval:gov.nist.usgcb.xp:def:100215
configure windows time provider

oval:gov.nist.usgcb.xp:def:100208
configure automatic updates

oval:gov.nist.usgcb.xp:def:6600
Set client connection encryption level

oval:org.mitre.oval:def:100
Stack-based buffer overflow in the Vector Graphics Rendering engine (vgx.dll), as used in Microsoft Outlook and Internet Explorer 6.0 on Windows XP SP2, and possibly other versions, allows remote attackers to execute arbitrary code via a Vector Markup Language (VML) file with a long fill parameter w ...

oval:org.mitre.oval:def:1050
Unspecified vulnerability in Adobe (Macromedia) Flash Player 8.0.24.0 allows remote attackers to execute arbitrary commands via a malformed .swf file that results in "multiple improper memory access" errors.

oval:org.mitre.oval:def:115
Unspecified vulnerability in Microsoft Hyperlink Object Library (hlink.dll), possibly a buffer overflow, allows user-assisted attackers to execute arbitrary code via crafted hyperlinks that are not properly handled when hlink.dll "uses a file containing a malformed function," aka "Hyperlink Object F ...

oval:org.secpod.oval:def:1405
The host is installed with Windows XP and is prone to information disclosure vulnerability. A flaw is present in windows Kernel-mode drivers which fails to validate function parameters. Successful exploitation allow attackers to access data from any kernel-mode memory location, including access to t ...

oval:org.secpod.oval:def:6993
The host is installed with Microsoft Internet Explorer 8 or 9 and is prone to an onmove use-after-free vulnerability. A flaw is present in the application, which fails to handle a crafted web site that triggers access to an object that was not properly initialized or is deleted. Successful exploitat ...

oval:org.secpod.oval:def:6992
The host is installed with Microsoft Internet Explorer 6 through 9 and is prone to an use-after-free vulnerability. A flaw is present in the application, which fails to handle a crafted web site. Successful exploitation could allow attackers to execute arbitrary code.

oval:org.secpod.oval:def:6996
The host is installed with Microsoft Internet Explorer 6 through 8 and is prone to an cloneNode use-after-free vulnerability. A flaw is present in the application, which fails to handle a crafted web site that triggers access to a deleted object. Successful exploitation could allow attackers to exec ...

oval:org.mitre.oval:def:1248
Object linking and embedding (OLE) Automation, as used in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, Office 2004 for Mac, and Visual Basic 6.0 allows remote attackers to execute arbitrary code via the substringData method on a TextNode object, which causes an integer overflow that ...

oval:org.mitre.oval:def:13
Heap-based buffer overflow in HTML Help ActiveX control (hhctrl.ocx) in Microsoft Internet Explorer 6.0 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code by repeatedly setting the Image field of an Internet.HHCtrl.1 object to certain values, ...

oval:org.mitre.oval:def:1352
Unspecified vulnerability in Microsoft Windows Media Player 7.1, 9, 10, and 11 allows remote attackers to execute arbitrary code via a skin file (WMZ or WMD) with crafted header information that is not properly handled during decompression, aka "Windows Media Player Code Execution Vulnerability Deco ...

oval:org.mitre.oval:def:155
Untrusted search path vulnerability in Winlogon in Microsoft Windows 2000 SP4, when SafeDllSearchMode is disabled, allows local users to gain privileges via a malicious DLL in the UserProfile directory, aka "User Profile Elevation of Privilege Vulnerability."

oval:org.mitre.oval:def:1639
The Virtual DOS Machine (VDM) in the Windows Kernel in Microsoft Windows NT 4.0; 2000 SP4; XP SP2; Server 2003, 2003 SP1, and 2003 SP2; and Windows Vista before June 2006; uses insecure permissions (PAGE_READWRITE) for a physical memory view, which allows local users to gain privileges by modifying ...

oval:org.mitre.oval:def:171
Microsoft Internet Explorer 5.01 and 6 allows certain script to persist across navigations between pages, which allows remote attackers to obtain the window location of visited web pages in other domains or zones, aka "Window Location Information Disclosure Vulnerability."

oval:org.mitre.oval:def:1784
Integer underflow in the CDownloadSink class code in the Vector Markup Language (VML) component (VGX.DLL), as used in Internet Explorer 5.01, 6, and 7 allows remote attackers to execute arbitrary code via compressed content with an invalid buffer size, which triggers a heap-based buffer overflow.

oval:org.mitre.oval:def:1816
Double free vulnerability in Microsoft Windows 2000, XP, 2003, and Vista allows local users to gain privileges by calling the MessageBox function with a MB_SERVICE_NOTIFICATION message with crafted data, which sends a HardError message to Client/Server Runtime Server Subsystem (CSRSS) process, which ...

oval:org.mitre.oval:def:2013
The Client Server Run-Time Subsystem (CSRSS) in Microsoft Windows allows local users to cause a denial of service (crash) or read arbitrary memory from csrss.exe via crafted arguments to the NtRaiseHardError function with status 0x50000018, a different vulnerability than CVE-2006-6696.

oval:org.mitre.oval:def:2034
Unspecified vulnerability in Microsoft Agent (msagent\agentsvr.exe) in Windows 2000 SP4, XP SP2, and Server 2003, 2003 SP1, and 2003 SP2 allows remote attackers to execute arbitrary code via crafted URLs, which result in memory corruption.

oval:org.mitre.oval:def:2070
Interpretation conflict in ASP.NET in Microsoft .NET Framework 1.0, 1.1, and 2.0 for Windows 2000, XP, Server 2003, and Vista allows remote attackers to access configuration files and obtain sensitive information, and possibly bypass security mechanisms that try to constrain the final substring of a ...

oval:org.mitre.oval:def:2088
Integer overflow in the AttemptWrite function in Graphics Rendering Engine (GDI) on Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a crafted metafile (image) with a large record length value, which triggers a heap-based buffer overflow.

oval:org.mitre.oval:def:2093
The PE Loader service in Microsoft .NET Framework 1.0, 1.1, and 2.0 for Windows 2000, XP, Server 2003, and Vista allows remote attackers to execute arbitrary code via unspecified vectors involving an "unchecked buffer" and unvalidated message lengths, probably a buffer overflow.

oval:org.mitre.oval:def:2109
The tblinf32.dll (aka vstlbinf.dll) ActiveX control for Internet Explorer 5.01, 6 SP1, and 7 uses an incorrect IObjectsafety implementation, which allows remote attackers to execute arbitrary code by requesting the HelpString property, involving a crafted DLL file argument to the TypeLibInfoFromFile ...

oval:org.mitre.oval:def:2162
Microsoft Internet Explorer 7 allows remote attackers to prevent users from leaving a site, spoof the address bar, and conduct phishing and other attacks via onUnload Javascript handlers.

oval:org.mitre.oval:def:2207
Microsoft Windows Media Player 7.1, 9, 10, and 11 allows remote attackers to execute arbitrary code via a skin file (WMZ or WMD) with crafted header information that causes a size mismatch between compressed and decompressed data and triggers a heap-based buffer overflow, aka "Windows Media Player C ...

oval:org.mitre.oval:def:2232
Unspecified vulnerability in the pdwizard.ocx ActiveX object for Internet Explorer 5.01, 6 SP1, and 7 allows remote attackers to execute arbitrary code via unknown vectors related to Microsoft Visual Basic 6 objects and memory corruption, aka "ActiveX Object Memory Corruption Vulnerability."

oval:org.mitre.oval:def:2244
Microsoft Internet Explorer 5.01 through 7 allows remote attackers to spoof the URL address bar and other "trust UI" components via unspecified vectors, a different issue than CVE-2007-1091 and CVE-2007-3826.

oval:org.mitre.oval:def:2284
Unspecified vulnerability in Microsoft Internet Explorer 5.01 through 7 allows remote attackers to execute arbitrary code via unspecified vectors involving memory corruption from an unhandled error.

oval:org.mitre.oval:def:232
Buffer overflow in the DHCP Client service for Microsoft Windows 2000 SP4, Windows XP SP1 and SP2, and Server 2003 up to SP1 allows remote attackers to execute arbitrary code via a crafted DHCP response.

oval:org.mitre.oval:def:2324
Microsoft Internet Explorer 7 on Windows XP SP2 allows remote attackers to prevent users from leaving a site, spoof the address bar, and conduct phishing and other attacks via repeated document.open function calls after a user requests a new page, but before the onBeforeUnload function is called.

oval:org.mitre.oval:def:318
Microsoft Internet Explorer 6.0 does not properly handle Drag and Drop events, which allows remote user-assisted attackers to execute arbitrary code via a link to an SMB file share with a filename that contains encoded ..\ (\\\%2e\\\%2e\\\%5c) sequences and whose extension contains the CLSID Key ide ...

oval:org.mitre.oval:def:339
Integer overflow in Microsoft Internet Explorer 6 on Windows XP SP2 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a 0x7fffffff argument to the setSlice method on a WebViewFolderIcon ActiveX object, which leads to an invalid memory copy.

oval:org.mitre.oval:def:3622
Heap-based buffer overflow in Windows Media Format Runtime 7.1, 9, 9.5, 9.5 x64 Edition, 11, and Windows Media Services 9.1 for Microsoft Windows 2000, XP, Server 2003, and Vista allows user-assisted remote attackers to execute arbitrary code via a crafted Advanced Systems Format (ASF) file.

oval:org.mitre.oval:def:394
Buffer overflow in Adobe Flash Player 8.0.24.0 and earlier, Flash Professional 8, Flash MX 2004, and Flex 1.5 allows user-assisted remote attackers to execute arbitrary code via a long, dynamically created string in a SWF movie.

oval:org.mitre.oval:def:428
The server driver (srv.sys) in Microsoft Windows NT 4.0, 2000, XP, and Server 2003 allows remote attackers to cause a denial of service (system crash) via an SMB_COM_TRANSACTION SMB message that contains a string without null character termination, which leads to a NULL dereference in the ExecuteTra ...

oval:org.mitre.oval:def:4287
Buffer overflow in Microsoft DirectShow in Microsoft DirectX 7.0 through 10.0 allows remote attackers to execute arbitrary code via a crafted (1) WAV or (2) AVI file.

oval:org.mitre.oval:def:432
Unspecified vulnerability in Adobe (Macromedia) Flash Player 8.0.24.0 allows remote attackers to cause a denial of service (browser crash) via a malformed, compressed .swf file, a different issue than CVE-2006-3587.

oval:org.mitre.oval:def:433
Microsoft Internet Explorer 6 allows remote attackers to execute arbitrary code by using the document.getElementByID Javascript function to access crafted Cascading Style Sheet (CSS) elements, and possibly other unspecified vectors involving certain layout positioning combinations in an HTML file.

oval:org.mitre.oval:def:4332
Microsoft Internet Explorer 5.01 through 7 allows remote attackers to execute arbitrary code via "unexpected method calls to HTML objects," aka "DHTML Object Memory Corruption Vulnerability."

oval:org.mitre.oval:def:435
Buffer overflow in Microsoft Internet Information Services (IIS) 5.0, 5.1, and 6.0 allows local and possibly remote attackers to execute arbitrary code via crafted Active Server Pages (ASP).

oval:org.mitre.oval:def:4480
Microsoft Internet Explorer 5.01 through 7 allows remote attackers to execute arbitrary code via a crafted website using Javascript that creates, modifies, deletes, and accesses document objects using the tags property, which triggers heap corruption, related to uninitialized or deleted objects, a d ...

oval:org.mitre.oval:def:4553
Microsoft Internet Explorer 6 and 7 allows remote attackers to execute arbitrary code via uninitialized or deleted objects used in repeated calls to the (1) cloneNode or (2) nodeValue JavaScript function, a different issue than CVE-2007-3902 and CVE-2007-5344, a variant of "Uninitialized Memory Corr ...

oval:org.mitre.oval:def:457
Unspecified vulnerability in Pragmatic General Multicast (PGM) in Microsoft Windows XP SP2 and earlier allows remote attackers to execute arbitrary code via a crafted multicast message.

oval:org.mitre.oval:def:4581
The URL handling in Shell32.dll in the Windows shell in Microsoft Windows XP and Server 2003, with Internet Explorer 7 installed, allows remote attackers to execute arbitrary programs via invalid "\\\%" sequences in a mailto: or other URI handler, as demonstrated using mIRC, Outlook, Firefox, Adobe ...

oval:org.mitre.oval:def:4582
Use-after-free vulnerability in the CRecalcProperty function in mshtml.dll in Microsoft Internet Explorer 5.01 through 7 allows remote attackers to execute arbitrary code by calling the setExpression method and then modifying the outerHTML property of an HTML element, one variant of "Uninitialized M ...

oval:org.mitre.oval:def:462
CRLF injection vulnerability in Microsoft Internet Explorer 6.0.2800.1106 and earlier allows remote attackers to execute arbitrary FTP commands via an ftp:// URL that contains a URL-encoded newline ("\\\%0a") before the FTP command, which causes the commands to be inserted into the resulting FTP ses ...

oval:org.mitre.oval:def:502
Microsoft Internet Explorer 5.01 SP4 and 6 does not properly handle various HTML layout component combinations, which allows user-assisted remote attackers to execute arbitrary code via a crafted HTML file that leads to memory corruption, aka "HTML Rendering Memory Corruption Vulnerability."

oval:org.mitre.oval:def:521
The operating system installed on the system is Microsoft Windows XP SP2 or later

oval:org.mitre.oval:def:53
Multiple TCP/IP and ICMP implementations allow remote attackers to cause a denial of service (reset TCP connections) via spoofed ICMP error messages, aka the "blind connection-reset attack." NOTE: CVE-2004-0790, CVE-2004-0791, and CVE-2004-1060 have been SPLIT based on different attacks; CVE-2005-0 ...

oval:org.mitre.oval:def:535
Cross-site scripting (XSS) vulnerability in the Indexing Service in Microsoft Windows 2000, XP, and Server 2003, when the Encoding option is set to Auto Select, allows remote attackers to inject arbitrary web script or HTML via a UTF-7 encoded URL, which is injected into an error message whose chars ...

oval:org.mitre.oval:def:536
Buffer overflow in the Windows Media Format Runtime in Microsoft Windows Media Player (WMP) 6.4 and Windows XP SP2, Server 2003, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a crafted Advanced Systems Format (ASF) file.

oval:org.mitre.oval:def:577
Microsoft Internet Explorer 5.01 and 6 does not properly identify the originating domain zone when handling redirects, which allows remote attackers to read cross-domain web pages and possibly execute code via unspecified vectors involving a crafted web page, aka "Source Element Cross-Domain Vulnera ...

oval:org.mitre.oval:def:600
Heap-based buffer overflow in the Server Service (SRV.SYS driver) in Microsoft Windows 2000 SP4, XP SP1 and SP2, Server 2003 up to SP1, and other products, allows remote attackers to execute arbitrary code via crafted first-class Mailslot messages that triggers memory corruption and bypasses size re ...

oval:org.mitre.oval:def:618
The Microsoft Windows kernel in Microsoft Windows 2000 Server, Windows XP, and Windows Server 2003 allows remote attackers to cause a denial of service (crash) via crafted Remote Desktop Protocol (RDP) requests.

oval:org.mitre.oval:def:669
Heap-based buffer overflow in the WMCheckURLScheme function in WMVCORE.DLL in Microsoft Windows Media Player (WMP) 10.00.00.4036 on Windows XP SP2, Server 2003, and Server 2003 SP1 allows remote attackers to cause a denial of service (application crash) and execute arbitrary code via a long HREF att ...

oval:org.mitre.oval:def:709
Unspecified vulnerability in Adobe Flash Player before 9.0.16.0 allows user-assisted remote attackers to bypass the allowScriptAccess protection via unspecified vectors.

oval:org.mitre.oval:def:719
Microsoft Internet Explorer 5.01 and 6 does not properly handle uninitialized COM objects, which allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code, as demonstrated by the Nth function in the DirectAnimation.DATuple ActiveX control, aka "COM ...

oval:org.mitre.oval:def:723
Buffer overflow in the DNS Client service in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a crafted record response. NOTE: while MS06-041 implies that there is a single issue, there are multiple vectors, and likely multiple vu ...

oval:org.mitre.oval:def:738
Cross-domain vulnerability in Microsoft Internet Explorer 6.0 allows remote attackers to access restricted information from other domains via an object tag with a data parameter that references a link on the attacker's originating site that specifies a Location HTTP header that references the target ...

oval:org.mitre.oval:def:747
Buffer overflow in the Winsock API in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allows remote attackers to execute arbitrary code via unknown vectors, aka "Winsock Hostname Vulnerability."

oval:org.mitre.oval:def:7709
Multiple buffer overflows in libpng 1.2.5 and earlier, as used in multiple products, allow remote attackers to execute arbitrary code via malformed PNG images in which (1) the png_handle_tRNS function does not properly validate the length of transparency chunk (tRNS) data, or the (2) png_handle_sBIT ...

oval:org.mitre.oval:def:841
Unspecified vulnerability in Microsoft Windows 2000 SP4, XP SP1 and SP2, Server 2003 and 2003 SP1, allows remote attackers to execute arbitrary code via unspecified vectors involving unhandled exceptions, memory resident applications, and incorrectly "unloading chained exception."

oval:org.mitre.oval:def:4904
Unspecified vulnerability in an ActiveX control (dxtmsft.dll) in Microsoft Internet Explorer 5.01, 6 SP1 and SP2, and 7 allows remote attackers to execute arbitrary code via a crafted image, aka "Argument Handling Memory Corruption Vulnerability."

oval:org.mitre.oval:def:4910
Active Directory on Microsoft Windows 2000 Server SP4, XP Professional SP2 and SP3, Server 2003 SP1 and SP2, and Server 2008 allows remote authenticated users to cause a denial of service (system hang or reboot) via a crafted LDAP request.

oval:org.mitre.oval:def:13255
Microsoft Internet Explorer 6 and 7 does not properly determine the domain or security zone of origin of web script, which allows remote attackers to bypass the intended cross-domain security policy, and execute arbitrary code or obtain sensitive information, via a crafted HTML document, aka "Event ...

oval:org.secpod.oval:def:3094
The host is missing an important security update according to Microsoft security bulletin, MS08-035. The update is required to fix denial of service vulnerability. A flaw is present in the implementations of Active Directory on Microsoft Windows , which fails to handle specially crafted LDAP request ...

oval:org.secpod.oval:def:3296
The host is missing an important security update according to Microsoft security bulletin, MS08-048. The update is required to fix information disclosure vulnerability. A flaw is present in Outlook Express and Windows Mail, which fails handle a specially crafted Web page. Successful exploitation cou ...

oval:org.secpod.oval:def:3302
The host is missing a critical security update according to Microsoft security bulletin, MS08-008. The update is required to fix remote code execution vulnerability. A flaw is present in Object Linking and Embedding (OLE) Automation, which fails to handle a specially crafted Web page. Successful exp ...

oval:org.mitre.oval:def:1141
The wininet.dll FTP client code in Microsoft Internet Explorer 5.01 and 6 might allow remote attackers to execute arbitrary code via an FTP server response of a specific length that causes a terminating null byte to be written outside of a buffer, which causes heap corruption.

oval:org.mitre.oval:def:257
Microsoft Internet Explorer 5.01, 6, and 7 uses certain COM objects from (1) Msb1fren.dll, (2) Htmlmm.ocx, and (3) Blnmgrps.dll as ActiveX controls, which allows remote attackers to execute arbitrary code via unspecified vectors, a different issue than CVE-2006-4697.

oval:org.mitre.oval:def:999
Stack-based buffer overflow in the HrShellOpenWithMonikerDisplayName function in Microsoft Hyperlink Object Library (hlink.dll) allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long hyperlink, as demonstrated using an Excel worksheet with a long ...

oval:org.secpod.oval:def:1035
The host is missing an Important security update according to Microsoft security bulletin, MS11-010. The update is required to fix elevation of privilege vulnerability in Windows Client/Server Run-time Subsystem (CSRSS) in Windows XP and Windows Server 2003. A flaw is present in CSRSS, which fails t ...

oval:org.secpod.oval:def:1036
The host is missing an Important security update according to Microsoft security bulletin, MS11-011. The update is required to fix elevation of privilege vulnerability in Windows 7 or Windows Server 2003 or Windows Server 2008 or Windows Vista or Windows XP. A flaw is present in the Microsoft Window ...

oval:org.secpod.oval:def:1038
The host is missing an important security update according to Microsoft security bulletin, MS11-013. The update is required to fix elevation of privilege vulnerability in Windows 7 or Windows Server 2003 or Windows Server 2008 R2 x64 or Windows XP. The flaws are present in the implementation of Kerb ...

oval:org.secpod.oval:def:10948
The host is installed with Microsoft Internet Explorer 6 through 10 and is prone to an use after free vulnerability. A flaw is present in the application, which fails to handle a crafted web site that triggers access to a deleted object. Successful exploitation could allow attackers to execute arbit ...

oval:org.secpod.oval:def:10949
The host is installed with Microsoft Internet Explorer 8 or 9 and is prone to an use after free vulnerability. A flaw is present in the application, which fails to handle a crafted web site that triggers access to a deleted object. Successful exploitation could allow attackers to execute arbitrary c ...

oval:org.secpod.oval:def:10950
The host is installed with Microsoft Internet Explorer 6 through 8 and is prone to JSON array information disclosure vulnerability. A flaw is present in the application, which fails to properly restrict data access by VBScript. Successful exploitation could allow attackers to perform cross-domain re ...

oval:org.secpod.oval:def:10952
The host is installed with Microsoft Internet Explorer 6 through 10 and is prone to an use after free vulnerability. A flaw is present in the application, which fails to handle a crafted web site that triggers access to a deleted object. Successful exploitation could allow attackers to execute arbit ...

oval:org.secpod.oval:def:10953
The host is installed with Microsoft Internet Explorer 6 through 10 and is prone to an use after free vulnerability. A flaw is present in the application, which fails to handle a crafted web site that triggers access to a deleted object. Successful exploitation could allow attackers to execute arbit ...

oval:org.secpod.oval:def:10954
The host is installed with Microsoft Internet Explorer 6 or 7 and is prone to an use after free vulnerability. A flaw is present in the application, which fails to handle a crafted web site that triggers access to a deleted object. Successful exploitation could allow attackers to execute arbitrary c ...

oval:org.secpod.oval:def:10955
The host is installed with Microsoft Internet Explorer 8 and is prone to an use after free vulnerability. A flaw is present in the application, which fails to handle a crafted web site that triggers access to a deleted object. Successful exploitation could allow attackers to execute arbitrary code.

oval:org.secpod.oval:def:10957
The host is installed with Microsoft Internet Explorer 6 through 10 and is prone to an use after free vulnerability. A flaw is present in the application, which fails to handle a crafted web site that triggers access to a deleted object. Successful exploitation could allow attackers to execute arbit ...

oval:org.secpod.oval:def:15289
The 'DCOM: Machine access Restrictions in Security Descriptor Definition Language (SDDL) syntax' setting should be configured correctly.

oval:org.secpod.oval:def:15287
The Human Interface Device Access service should be enabled or disabled as appropriate.

oval:org.secpod.oval:def:14192
The host is installed with Microsoft Internet Explorer 8 or 9 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle a deleted object in memory. Successful exploitation could allow attackers to execute arbitrary code.

oval:org.secpod.oval:def:15281
The 'enable computer and user accounts to be trusted for delegation' user right should be assigned to the correct accounts.

oval:org.secpod.oval:def:14193
The host is installed with Microsoft Internet Explorer 6 through 10 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle a deleted object in memory. Successful exploitation could allow attackers to execute arbitrary code.

oval:org.secpod.oval:def:15282
The startup type of the client-side Domain Name Service cache (aka DNS Client) service should be correct.

oval:org.secpod.oval:def:14191
The host is installed with Microsoft Internet Explorer 6 through 10 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle a deleted object in memory. Successful exploitation could allow attackers to execute arbitrary code.

oval:org.secpod.oval:def:15280
The correct service permissions for the Printer service should be assigned.

oval:org.secpod.oval:def:15285
The 'System cryptography: Force strong key protection for user keys stored on the computer' setting should be configured correctly.

oval:org.secpod.oval:def:15286
The 'Do not Use Temp folders per Session' policy should be set correctly for Terminal Services.

oval:org.secpod.oval:def:15283
The Upload Manager service should be enabled or disabled as appropriate.

oval:org.secpod.oval:def:15284
The correct service permissions for the Remote Desktop Help Session Manager service should be assigned.

oval:org.secpod.oval:def:15298
The 'Do Not Allow New Client Connections' policy should be set correctly for Terminal Services.

oval:org.secpod.oval:def:15299
The correct service permissions for the Universal Plug and Play service should be assigned.

oval:org.secpod.oval:def:15292
The startup type of the IIS Admin service should be correct.

oval:org.secpod.oval:def:15293
TCP/IP PMTU Discovery should be properly configured.

oval:org.secpod.oval:def:15290
The 'Enable User to Use Media Source While Elevated' policy should be set correctly.

oval:org.secpod.oval:def:15291
The 'Delete Cached Copies of Roaming Profiles' policy should be set correctly.

oval:org.secpod.oval:def:15296
The correct service permissions for the Remote Registry service should be assigned.

oval:org.secpod.oval:def:15297
The correct service permissions for the Background Intelligent Transfer service should be assigned.

oval:org.secpod.oval:def:15294
If the Application log's retention method is set to 'Overwrite events by days,' an appropriate value should be set for the number of days' logs to keep.

oval:org.secpod.oval:def:15295
The 'Allow Administrator to Install from Terminal Services Session' policy should be set correctly.

oval:org.secpod.oval:def:14178
The host is installed with Microsoft Internet Explorer 6 through 10 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle a deleted object in memory. Successful exploitation could allow attackers to execute arbitrary code.

oval:org.secpod.oval:def:15267
The startup type of the Task Scheduler service should be correct.

oval:org.secpod.oval:def:15268
The startup type of the Automatic Update service should be correct.

oval:org.secpod.oval:def:14176
The host is installed with Microsoft Internet Explorer 8 or 9 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle a deleted object in memory. Successful exploitation could allow attackers to execute arbitrary code.

oval:org.secpod.oval:def:15265
The required permissions for the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib should be assigned.

oval:org.secpod.oval:def:14177
The host is installed with Microsoft Internet Explorer 8 through 10 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle a deleted object in memory. Successful exploitation could allow attackers to execute arbitrary code.

oval:org.secpod.oval:def:15266
CD-ROM Autorun should be properly configured.

oval:org.secpod.oval:def:15269
The required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum should be assigned.

oval:org.secpod.oval:def:15260
The required permissions for the file %SystemRoot%\System32\Ntbackup.exe should be assigned.

oval:org.secpod.oval:def:15263
The required permissions for the file %SystemRoot%\System32\perfmon.msc should be assigned.

oval:org.secpod.oval:def:14175
The host is installed with Microsoft Internet Explorer 6 through 10 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle a deleted object in memory. Successful exploitation could allow attackers to execute arbitrary code.

oval:org.secpod.oval:def:15264
The 'Display user information when the session is locked' setting should be configured correctly.

oval:org.secpod.oval:def:15261
The required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DNSCache should be assigned.

oval:org.secpod.oval:def:15262
The required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Ersvc\Security should be assigned.

oval:org.mitre.oval:def:7158
The design of the W3C XML Signature Syntax and Processing (XMLDsig) recommendation, as implemented in products including (1) the Oracle Security Developer Tools component in Oracle Application Server 10.1.2.3, 10.1.3.4, and 10.1.4.3IM; (2) the WebLogic Server component in BEA Product Suite 10.3, 10. ...

oval:org.secpod.oval:def:15278
If the Security log's retention method is set to 'Overwrite events by days,' an appropriate value should be set for the number of days' logs to keep.

oval:org.secpod.oval:def:15279
The 'Allow Server Operators to Schedule Tasks' policy should be set correctly.

oval:org.secpod.oval:def:14187
The host is installed with Microsoft Internet Explorer 8 through 10 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle a deleted object in memory. Successful exploitation could allow attackers to execute arbitrary code.

oval:org.secpod.oval:def:15277
The 'Terminate session when time limits are reached' policy should be set correctly for Terminal Services.

oval:org.secpod.oval:def:15270
Auditing of 'process tracking' events on failure should be enabled or disabled as appropriate.

oval:org.secpod.oval:def:15271
The startup type of the Remote Access Auto connection Manager service should be correct.

oval:org.secpod.oval:def:14180
The host is installed with Microsoft Internet Explorer 7, 8 or 9 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle a deleted object in memory. Successful exploitation could allow attackers to execute arbitrary code.

oval:org.secpod.oval:def:14185
The host is installed with Microsoft Internet Explorer 6 through 10 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle a deleted object in memory. Successful exploitation could allow attackers to execute arbitrary code.

oval:org.secpod.oval:def:15275
The required permissions for the registry key HKEY_USERS\.DEFAULT should be assigned.

oval:org.secpod.oval:def:15272
The correct service permissions for the SNMP service should be assigned.

oval:org.secpod.oval:def:15273
The correct service permissions for the SNMP Trap service should be assigned.

oval:org.secpod.oval:def:15089
The required permissions for the file %SystemRoot%\System32\RSoP.msc should be assigned.

oval:org.secpod.oval:def:15083
The required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurePipeServers\winreg should be assigned.

oval:org.secpod.oval:def:7718
The Password protect the screen saver setting should be configured correctly.

oval:org.secpod.oval:def:15084
The required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Scarddrv\Security should be assigned.

oval:org.secpod.oval:def:7719
The Screen Saver Executable Name setting should be configured correctly for the current user.

oval:org.secpod.oval:def:15081
The required permissions for the directory %SystemRoot%\System32\NTMSData should be assigned.

oval:org.secpod.oval:def:15082
The required permissions for the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSDTC\Security\XAKey should be assigned.

oval:org.secpod.oval:def:15087
The startup type of the .NET Framework service should be correct.

oval:org.secpod.oval:def:15088
The required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Wmi\Security should be assigned.

oval:org.secpod.oval:def:7715
The Screen Saver Executable Name setting should be configured correctly for the current user.

oval:org.secpod.oval:def:15085
The required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netddedsdm\Security should be assigned.

oval:org.secpod.oval:def:7716
The "Screen Saver Timeout" setting should be configured correctly for the default user.

oval:org.secpod.oval:def:15086
If the System log's retention method is set to 'Overwrite events by days,' an appropriate value should be set for the number of days' logs to keep.

oval:org.secpod.oval:def:7717
The settings of screen saver should be enabled or disabled as appropriate for the current user.

oval:org.secpod.oval:def:15080
The required permissions for the file %SystemRoot%\System32\Com\comexp.msc should be assigned.

oval:org.secpod.oval:def:7720
The settings of screen saver should be enabled or disabled as appropriate for the current user.

oval:org.secpod.oval:def:15094
The required permissions for the file %SystemRoot%\System32\dfrg.msc should be assigned.

oval:org.secpod.oval:def:15095
The required permissions for the directory %SystemDrive%\Documents and Settings\Administrator should be assigned.

oval:org.secpod.oval:def:15092
The required permissions for the directory %SystemDrive% should be assigned.

oval:org.secpod.oval:def:15093
The required permissions for the directory %SystemRoot%\Debug\UserMode\userenv.log should be assigned.

oval:org.secpod.oval:def:15098
The required permissions for the file %SystemRoot%\System32\nbstat.exe should be assigned.

oval:org.secpod.oval:def:15099
The correct service permissions for the Routing and Remote Access service should be assigned.

oval:org.secpod.oval:def:15096
The 'restrict guest access to application log' policy should be set correctly.

oval:org.secpod.oval:def:15097
The correct service permissions for the NetMeeting service should be assigned.

oval:org.secpod.oval:def:15090
The startup type of the Net Logon service should be correct.

oval:org.secpod.oval:def:15091
The correct service permissions for the Alerter service should be assigned.

oval:org.secpod.oval:def:15069
The 'Configure Windows NTP Client\CrossSiteSyncFlags' option should be configured correctly.

oval:org.secpod.oval:def:15067
The 'Configure Windows NTP Client\NtpServer' option should be configured correctly.

oval:org.secpod.oval:def:15068
The Windows XP 'Games' component should be installed or not installed as appropriate.

oval:org.secpod.oval:def:15078
The 'Configure Windows NTP Client\SpecialPollInterval' option should be configured correctly.

oval:org.secpod.oval:def:15079
The 'Configure Windows NTP Client\ResolvePeerBackoffMaxTimes' option should be configured correctly.

oval:org.secpod.oval:def:15072
The required auditing for the registry key HKEY_LOCAL_MACHINE\SYSTEM should be enabled.

oval:org.secpod.oval:def:15073
The required permissions for the file %SystemRoot%\System32\CONFIG should be assigned.

oval:org.secpod.oval:def:15070
The 'Configure Windows NTP Client\ResolvePeerBackoffMinutes' option should be configured correctly.

oval:org.secpod.oval:def:15071
The required permissions for the directory %SystemRoot%\Registration\CRMLog should be assigned.

oval:org.secpod.oval:def:15076
The required permissions for the directory %SystemRoot%\System32\dllcache should be assigned.

oval:org.secpod.oval:def:15077
The 'Configure Windows NTP Client\Type' option should be configured correctly.

oval:org.secpod.oval:def:15074
The required permissions for the directory %AllUsersProfile% should be assigned.

oval:org.secpod.oval:def:15075
The 'Configure Windows NTP Client\EventLogFlags' option should be configured correctly.

oval:org.secpod.oval:def:15201
The required permissions for the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Telephony should be assigned.

oval:org.secpod.oval:def:15202
The required permissions for the directory %SystemRoot%\Tasks should be assigned.

oval:org.secpod.oval:def:15200
The required permissions for the file %SystemRoot%\System32\netstat.exe should be assigned.

oval:org.secpod.oval:def:15205
The required permissions for the directory %SystemDrive%\Documents and Settings\Default User should be assigned.

oval:org.secpod.oval:def:15206
The required permissions for the file %SystemDrive%\IO.SYS should be assigned.

oval:org.secpod.oval:def:15203
The required permissions for the directory %SystemRoot%\security should be assigned.

oval:org.secpod.oval:def:15204
The required permissions for the registry key HKEY_USERS\.DEFAULT\Software\Microsoft\SystemCertificates\Root\ProtectedRoots should be assigned.

oval:org.secpod.oval:def:15212
The DHCP Client service should be enabled or disabled as appropriate.

oval:org.secpod.oval:def:15213
The required permissions for the file %SystemRoot%\Offline Web Pages should be assigned.

oval:org.secpod.oval:def:15210
The required permissions for the file %SystemRoot%\Installer should be assigned.

oval:org.secpod.oval:def:15211
The required permissions for the directory %SystemRoot%\System32\spool\Printers should be assigned.

oval:org.secpod.oval:def:15216
The required permissions for the file %SystemRoot%\System32\runas.exe should be assigned.

oval:org.secpod.oval:def:15217
The required permissions for the directory %AllUsersProfile%\Application Data\Microsoft\MediaIndex should be assigned.

oval:org.secpod.oval:def:15214
The required permissions for the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\UPnP Device Host should be assigned.

oval:org.secpod.oval:def:15215
The required permissions for the file %SystemRoot%\System32\drwatson.exe should be assigned.

oval:org.secpod.oval:def:15209
The required permissions for the file %SystemDrive%\System Volume Information should be assigned.

oval:org.secpod.oval:def:15207
The required permissions for the directory %SystemRoot%\System32\MSDTC should be assigned.

oval:org.secpod.oval:def:15208
The required permissions for the file %SystemRoot%\System32\ntmsmgr.msc should be assigned.

oval:org.mitre.oval:def:5825
afd.sys in the Ancillary Function Driver (AFD) component in Microsoft Windows XP SP2 and SP3 and Windows Server 2003 SP1 and SP2 does not properly validate input sent from user mode to the kernel, which allows local users to gain privileges via a crafted application, as demonstrated using crafted po ...

oval:org.mitre.oval:def:5820
Microsoft Internet Explorer 6 and 7 accesses uninitialized memory, which allows remote attackers to cause a denial of service (crash) and execute arbitrary code via unknown vectors, aka "HTML Object Memory Corruption Vulnerability."

oval:org.secpod.oval:def:15245
The Network Connections service should be enabled or disabled as appropriate.

oval:org.secpod.oval:def:15246
The required permissions for the file %SystemRoot%\System32\devmgmt.msc should be assigned.

oval:org.secpod.oval:def:15243
The System Event Notification service should be enabled or disabled as appropriate.

oval:org.secpod.oval:def:15244
The correct service permissions for the Indexing service should be assigned.

oval:org.secpod.oval:def:15249
The required permissions for the file %SystemRoot%\System32\wmimgmt.msc should be assigned.

oval:org.secpod.oval:def:15247
The required permissions for the registry key HKEY_USERS\.DEFAULT\Software\Microsoft\NetDDE should be assigned.

oval:org.secpod.oval:def:15248
The required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles should be assigned.

oval:org.secpod.oval:def:15241
The Smart Card Helper service should be enabled or disabled as appropriate.

oval:org.secpod.oval:def:15240
The Secondary Logon service should be enabled or disabled as appropriate.

oval:org.mitre.oval:def:5630
Array index vulnerability in the Event System in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote authenticated users to execute arbitrary code via a crafted event subscription request that is used to access an array of function p ...

oval:org.secpod.oval:def:15256
The required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip should be assigned.

oval:org.secpod.oval:def:15257
The 'Anonymous access to the system event log' policy should be set correctly.

oval:org.secpod.oval:def:15254
The required permissions for the directory %SystemRoot%\System32\GroupPolicy should be assigned.

oval:org.secpod.oval:def:15255
The required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Stisvc\Security should be assigned.

oval:org.secpod.oval:def:15258
The 'Do not Delete Temp folder on exit' policy should be set correctly for Terminal Services.

oval:org.secpod.oval:def:15259
Background Refresh of Group Policy should be properly configured.

oval:org.secpod.oval:def:15252
The required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Rpcss\Security should be assigned.

oval:org.secpod.oval:def:15253
The required permissions for the directory %SystemRoot%\System32\Setup should be assigned.

oval:org.secpod.oval:def:15250
The required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Wmi\Security should be assigned.

oval:org.secpod.oval:def:15251
Membership in the Power Users group should be assigned to the appropriate accounts.

oval:org.mitre.oval:def:12124
Buffer overflow in Internet Information Server (IIS) 4.0, 5.0, and 5.1 allows remote attackers to spoof the safety check for HTTP headers and cause a denial of service or execute arbitrary code via HTTP header field values.

oval:org.mitre.oval:def:6954
Buffer overflow in a component of SQL-DMO for Microsoft Data Access Components (MDAC) 2.5 through 2.7 allows remote attackers to execute arbitrary code via a long response to a broadcast request to UDP port 1434.

oval:org.secpod.oval:def:15223
The startup type of the SNMP Service service should be correct.

oval:org.secpod.oval:def:15224
The required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SysmonLog\Log Queries should be assigned.

oval:org.secpod.oval:def:15221
Show Shared Internet Connection Access UI should be properly configured.

oval:org.secpod.oval:def:15222
The required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM\clone should be assigned.

oval:org.secpod.oval:def:15227
The required permissions for the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer should be assigned.

oval:org.secpod.oval:def:15228
The 'restrict guest access to security log' policy should be set correctly.

oval:org.mitre.oval:def:5618
Use-after-free vulnerability in DirectShow in Microsoft DirectX 8.1 and 9.0 allows remote attackers to execute arbitrary code via an MJPEG file or video stream with a malformed Huffman table, which triggers an exception that frees heap memory that is later accessed, aka "MJPEG Decompression Vulnerab ...

oval:org.secpod.oval:def:15225
The required permissions for the directory %AllUsersProfile%\Application Data\Microsoft\Crypto\RSAHKLMKeys should be assigned.

oval:org.secpod.oval:def:15226
The required permissions for the directory %AllUsersProfile%\Application Data\Microsoft should be assigned.

oval:gov.nist.usgcb.xp:def:3366994
Display Error Notification

oval:gov.nist.usgcb.xp:def:3366993
Prohibit use of Internet Connection Sharing on your DNS domain network

oval:org.secpod.oval:def:15220
The correct service permissions for the SMTP service should be assigned.

oval:gov.nist.usgcb.xp:def:3366992
Prohibit use of Internet Connection Firewall on your DNS domain network

oval:gov.nist.usgcb.xp:def:3366991
Prohibit installation and configuration of Network Bridge on your DNS domain network

oval:org.secpod.oval:def:15218
The required permissions for the directory %AllUsersProfile%\Documents\desktop.ini should be assigned.

oval:org.secpod.oval:def:15219
The required permissions for the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy should be assigned.

oval:org.mitre.oval:def:12356
Cross-site scripting vulnerability in Help File search facility for Internet Information Server (IIS) 4.0, 5.0 and 5.1 allows remote attackers to embed scripts into another user's session.

oval:org.secpod.oval:def:15234
The 'Remote Control Settings' policy should be set correctly for Terminal Services.

oval:org.secpod.oval:def:15235
The required permissions for the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSDTC should be assigned.

oval:org.secpod.oval:def:15232
The 'Maximum User Ticket Lifetime' policy should be set correctly.

oval:org.secpod.oval:def:15233
The required permissions for the directory %SystemRoot%\repair should be assigned.

oval:org.secpod.oval:def:15238
The correct service permissions for the ClipBook service should be assigned.

oval:org.secpod.oval:def:15239
Auditing of 'process tracking' events on success should be enabled or disabled as appropriate.

oval:org.secpod.oval:def:15236
The Telephony service should be enabled or disabled as appropriate.

oval:org.secpod.oval:def:15237
The required permissions for the directory %SystemRoot%\System32\ias should be assigned.

oval:org.secpod.oval:def:15230
The required auditing for the registry key HKEY_LOCAL_MACHINE\SOFTWARE should be enabled.

oval:org.secpod.oval:def:15231
The required permissions for the file %SystemDrive%\NTBOOTDD.SYS should be assigned.

oval:org.mitre.oval:def:12346
Cross-site scripting vulnerability for Internet Information Server (IIS) 4.0, 5.0 and 5.1 allows remote attackers to execute arbitrary script as other web users via the error message used in a URL redirect (""302 Object Moved") message.

oval:org.secpod.oval:def:15229
Local volumes should be formatted correctly.

oval:org.mitre.oval:def:5602
Microsoft Internet Explorer 5.01, 6, and 7 accesses uninitialized memory, which allows remote attackers to cause a denial of service (crash) and execute arbitrary code via unknown vectors, a different vulnerability than CVE-2008-2254, aka "HTML Object Memory Corruption Vulnerability."

oval:org.secpod.oval:def:2993
The host is missing a critical security update according to Microsoft security bulletin, MS08-033. The update is required to fix remote code execution vulnerability. A flaw is present in Microsoft DirectX, which fails to handle a specially crafted media file. Successful exploitation could allow an ...

oval:org.secpod.oval:def:2724
The host is missing a security update according to Microsoft security bulletin, MS09-023. The update is required to fix remote code execution vulnerabilities. The flaws are present in the Microsoft ActiveX Controls and Yahoo! Music Jukebox product, which fails to handle a specially crafted Web page ...

oval:gov.nist.usgcb.xp:def:198
This definition tests the maximum allowed size of the security log is at least as big as the supplied value.

oval:gov.nist.usgcb.xp:def:197
This definition tests the maximum allowed size of the application log is at least as big as the supplied value.

oval:gov.nist.usgcb.xp:def:199
This definition tests the maximum allowed size of the system log is at least as big as the supplied value.

oval:org.mitre.oval:def:5408
Unspecified vulnerability in Local Security Authority Subsystem Service (LSASS) in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 and SP2 allows local users to gain privileges via a crafted local procedure call (LPC) request.

oval:org.mitre.oval:def:5886
The MHTML protocol handler in a component of Microsoft Outlook Express 5.5 SP2 and 6 through SP1, and Windows Mail, does not assign the correct Internet Explorer Security Zone to UNC share pathnames, which allows remote attackers to bypass intended access restrictions and read arbitrary files via an ...

oval:org.mitre.oval:def:5475
The HxTocCtrl ActiveX control (hxvz.dll), as used in Microsoft Internet Explorer 5.01 SP4 and 6 SP1, in Windows XP SP2, Server 2003 SP1 and SP2, Vista SP1, and Server 2008, allows remote attackers to execute arbitrary code via malformed arguments, which triggers memory corruption.

oval:org.mitre.oval:def:5236
Microsoft DirectX 8.1 through 9.0c, and DirectX on Microsoft XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008, does not properly perform MJPEG error checking, which allows remote attackers to execute arbitrary code via a crafted MJPEG stream in a (1) AVI or (2) ASF file, ...

oval:org.mitre.oval:def:12407
Buffer overflow in ASP Server-Side Include Function in IIS 4.0, 5.0 and 5.1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via long file names.

oval:org.secpod.oval:def:39
The host is installed with Microsoft Windows Human Interface Device (HID) driver and is prone to security bypass vulnerability. A flaw is present in the device driver, which allows keyboard or mouse functionality to the USB connection without giving a warning to the user. Successful exploitation cou ...

oval:org.mitre.oval:def:5689
Microsoft Windows Media Player 6.4, Windows Media Format Runtime 7.1 through 11, and Windows Media Services 4.1 and 9 incorrectly associate ISATAP addresses with the Local Intranet zone, which allows remote servers to capture NTLM credentials, and execute arbitrary code through credential-reflection ...

oval:org.secpod.oval:def:44
The host is installed with Microsoft Internet Explorer 9 or earlier version which is prone to denial of service vulnerability. A flaw is present in the application, which is caused by DOM implementation. Successful exploitation allows remote attackers to trigger an incorrect GUI display.

oval:org.secpod.oval:def:980
The host is missing an Important security update according to Microsoft security bulletin, MS11-033. The update is required to fix remote code execution vulnerability in Windows XP and Windows Server 2003. A flaw is present in microsoft Wordpad which does not properly parse specially crafted Word do ...

oval:org.mitre.oval:def:5266
Microsoft Internet Explorer 5.01, 6, and 7 accesses uninitialized memory in certain conditions, which allows remote attackers to cause a denial of service (crash) and execute arbitrary code via vectors related to a document object "appended in a specific order," aka "HTML Objects Memory Corruption V ...

oval:org.secpod.oval:def:53
The host is installed with Microsoft Windows Fax Services Cover Page Editor and is prone to heap-based buffer overflow vulnerability. The flaw is present in the CDrawPoly::Serialize function in fxscover.exe. Successful exploitation allows remote attackers to execute arbitrary code via a long record ...

oval:gov.nist.usgcb.xp:def:118
MSS: (NoNameReleaseOnDemand) Allow the computer to ignore NetBIOS name release requests except from WINS servers

oval:gov.nist.usgcb.xp:def:119
MSS: (NtfsDisable8dot3NameCreation) Enable the computer to stop generating 8.3 style filenames

oval:gov.nist.usgcb.xp:def:110
MSS: (AutoAdminLogon) Enable Automatic Logon disabled

oval:gov.nist.usgcb.xp:def:112
MSS: (EnableDeadGWDetect) Allow automatic detection of dead network gateways

oval:gov.nist.usgcb.xp:def:111
MSS: (DisableIPSourceRouting) IP source routing protection level

oval:gov.nist.usgcb.xp:def:113
MSS: (EnableICMPRedirect) Allow ICMP redirects to override OSPF generated routes disabled

oval:org.mitre.oval:def:5495
The (1) VBScript (VBScript.dll) and (2) JScript (JScript.dll) scripting engines 5.1 and 5.6, as used in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 and SP2, do not properly decode script, which allows remote attackers to execute arbitrary code via unknown vectors.

oval:gov.nist.usgcb.xp:def:115
MSS: (KeepAliveTime) How often keep-alive packets are sent in milliseconds

oval:gov.nist.usgcb.xp:def:107
System objects: Require case insensitivity for non-Windows subsystems

oval:gov.nist.usgcb.xp:def:106
System objects: Default owner for objects created by members of the Administrators group

oval:gov.nist.usgcb.xp:def:109
System objects: Strengthen default permissions of internal system objects (e.g. Symbolic Links)

oval:gov.nist.usgcb.xp:def:101
Recovery console: Allow automatic administrative logon

oval:org.mitre.oval:def:5487
Unspecified vulnerability in Microsoft Internet Explorer 5.01, 6 SP1 and SP2, and 7 allows remote attackers to execute arbitrary code via crafted HTML layout combinations, aka "HTML Rendering Memory Corruption Vulnerability."

oval:gov.nist.usgcb.xp:def:103
Shutdown: Allow system to be shut down without having to log on disabled

oval:gov.nist.usgcb.xp:def:102
Recovery console: Allow floppy copy and access to all drives and all folders disabled

oval:org.mitre.oval:def:5481
Stack-based buffer overflow in certain ActiveX controls in (1) FPOLE.OCX 6.0.8450.0 and (2) Foxtlib.ocx, as used in the Microsoft Visual FoxPro 6.0 fpole 1.0 Type Library; and Internet Explorer 5.01, 6 SP1 and SP2, and 7; allows remote attackers to execute arbitrary code via a long first argument to ...

oval:gov.nist.usgcb.xp:def:105
System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing

oval:gov.nist.usgcb.xp:def:104
Shutdown: Clear virtual memory pagefile

oval:org.secpod.oval:def:78
The host is installed with Microsoft Internet Explorer is prone to Cascading Style Sheets (CSS) memory corruption vulnerability. A flaw is present in the application, which fails to properly handle recursive memory access while importing a CSS. Successful exploitation could allow attackers to gain t ...

oval:gov.nist.usgcb.xp:def:139
The Administrators group and the System user should have full access to the SYSTEMROOT/system32/net1.exe file and all other users should have no file access privileges

oval:gov.nist.usgcb.xp:def:132
The Administrators group and the System user should have full access to the SYSTEMROOT/system32/debug.exe file and all other users should have no file access privileges

oval:gov.nist.usgcb.xp:def:131
The Administrators group and the System user should have full access to the SYSTEMROOT/system32/cacls.exe file and all other users should have no file access privileges

oval:gov.nist.usgcb.xp:def:134
The Administrators group and the System user should have full access to the SYSTEMROOT/system32/eventcreate.exe file and all other users should have no file access privileges

oval:gov.nist.usgcb.xp:def:133
The Administrators group and the System user should have full access to the SYSTEMROOT/system32/edlin.exe file and all other users should have no file access privileges

oval:gov.nist.usgcb.xp:def:135
The Administrators group and the System user should have full access to the SYSTEMROOT/system32/eventtriggers.exe file and all other users should have no file access privileges

oval:gov.nist.usgcb.xp:def:138
The Administrators group and the System user should have full access to the SYSTEMROOT/system32/net.exe file and all other users should have no file access privileges

oval:org.secpod.oval:def:89
The host is installed with Windows Client/Server Run-time Subsystem (CSRSS) in Windows XP and Windows Server 2003 and is prone to elevated privileges vulnerability. A flaw is present in CSRSS, which fails to handle a specially crafted application that continues to run even after log off. Successful ...

oval:gov.nist.usgcb.xp:def:130
The Administrators group and the System user should have full access to the SYSTEMROOT/system32/attrib.exe file

oval:org.secpod.oval:def:91
The host is installed with Windows XP and is prone to integer truncation vulnerability. A flaw is present in kernel, which does not properly validate user-supplied data before allocating memory. Successful exploitation allows local users to run a specially crafted application and take complete contr ...

oval:org.secpod.oval:def:90
The host is installed with Microsoft Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2 and is prone to elevation of privilege vulnerability. A flaw is present in Microsoft Windows, which fails to handle proper interaction of drivers with the Windo ...

oval:gov.nist.usgcb.xp:def:129
The Administrators group and the System user should have full access to the SYSTEMROOT/system32/at.exe file and all other users should have no file access privileges

oval:gov.nist.usgcb.xp:def:128
The Administrators group and the System user should have full access to the SYSTEMROOT/system32/arp.exe file and all other users should have no file access privileges

oval:gov.nist.usgcb.xp:def:121
MSS: (PerformRouterDiscovery) Allow IRDP to detect and configure DefaultGateway addresses

oval:gov.nist.usgcb.xp:def:123
MSS (ScreenSaverGracePeriod) The time in seconds before the screen saver grace period expires

oval:gov.nist.usgcb.xp:def:122
MSS: (SafeDllSearchMode) Enable Safe DLL search mode

oval:gov.nist.usgcb.xp:def:127
MSS: (WarningLevel) Percentage threshold for the security event log at which the system will generate a warning

oval:org.secpod.oval:def:94
The host is installed with Windows XP or Windows Server 2003 and is prone to Unkeyed checksum vulnerability. A flaw is present in Kerberos implementation, which fails to restrict support for weak hashing mechanisms such as CRC32 allowing certain aspects of a Kerberos service ticket to be forged. Suc ...

oval:org.secpod.oval:def:2527
The host is installed with Microsoft Internet Explorer 6,7,8 or 9 and is prone to a remote code execution vulnerability. A flaw is present in the application, which fails to properly handle deleted elements. Successful exploitation could allow an attacker to execute arbitrary code.

oval:org.secpod.oval:def:2529
The host is installed with Microsoft Internet Explorer 6,7,8 and is prone to a remote code execution vulnerability. A flaw is present in the applications, which fail to properly handle deleted elements. Successful exploitation could allow an attacker to execute arbitrary code.

oval:org.secpod.oval:def:2528
The host is installed with Internet Explorer 6,7,8 or 9 and is prone to a remote code execution vulnerability. A flaw is present in the applications, which fail to handle an improperly initialized object. Successful exploitation could allow attackers to execute arbitrary code.

oval:gov.nist.usgcb.xp:def:154
The Administrators group and the System user should have full access to the SYSTEMROOT/system32/secedit.exe file and all other users should have no file access privileges

oval:gov.nist.usgcb.xp:def:153
The Administrators group and the System user should have full access to the SYSTEMROOT/system32/sc.exe file and all other users should have no file access privileges

oval:gov.nist.usgcb.xp:def:156
The Administrators group and the System user should have full access to the SYSTEMROOT/system32/systeminfo.exe file and all other users should have no file access privileges

oval:gov.nist.usgcb.xp:def:155
The Administrators group and the System user should have full access to the SYSTEMROOT/system32/subst.exe file and all other users should have no file access privileges

oval:gov.nist.usgcb.xp:def:158
The Administrators group and the System user should have full access to the SYSTEMROOT/system32/tftp.exe file and all other users should have no file access privileges

oval:gov.nist.usgcb.xp:def:159
The Administrators group and the System user should have full access to the SYSTEMROOT/system32/tlntsvr.exe file and all other users should have no file access privileges

oval:gov.nist.usgcb.xp:def:150
The Administrators group and the System user should have full access to the SYSTEMROOT/system32/rexec.exe file and all other users should have no file access privileges

oval:gov.nist.usgcb.xp:def:152
The Administrators group and the System user should have full access to the SYSTEMROOT/system32/rsh.exe file and all other users should have no file access privileges

oval:gov.nist.usgcb.xp:def:151
The Administrators group and the System user should have full access to the SYSTEMROOT/system32/route.exe file and all other users should have no file access privileges

oval:org.secpod.oval:def:2532
The host is installed with Internet Explorer 8 and is prone to a remote code execution vulnerability. A flaw is present in the application, which fails to access a dereference memory address. Successful exploitation could allow attackers to execute arbitrary code.

oval:org.secpod.oval:def:2534
The host is installed with Microsoft Internet Explorer 6,7,8 or 9 and is prone to a remote code execution vulnerability. A flaw is present in the applications, which fail to properly handle a virtual function table after it has been corrupted. Successful exploitation could allow an attacker to execu ...

oval:org.secpod.oval:def:2533
The host is installed with Microsoft Internet Explorer 6,7,8 or 9 and is prone to a remote code execution vulnerability. A flaw is present in the applications, which fail to properly handle deleted elements. Successful exploitation could allow an attacker to execute arbitrary code.

oval:gov.nist.usgcb.xp:def:145
The Administrators group and the System user should have full access to the SYSTEMROOT/system32/reg.exe file and all other users should have no file access privileges

oval:gov.nist.usgcb.xp:def:144
The Administrators group and the System user should have full access to the SYSTEMROOT/system32/rcp.exe file and all other users should have no file access privileges

oval:gov.nist.usgcb.xp:def:147
The Administrators group and the System user should have full access to the SYSTEMROOT/system32/regedt32.exe file and all other users should have no file access privileges

oval:gov.nist.usgcb.xp:def:146
The Administrators group and the System user should have full access to the SYSTEMROOT/regedit.exe file and all other users should have no file access privileges

oval:gov.nist.usgcb.xp:def:149
The Administrators group and the System user should have full access to the SYSTEMROOT/system32/regsvr32.exe file and all other users should have no file access privileges

oval:gov.nist.usgcb.xp:def:148
The Administrators group and the System user should have full access to the SYSTEMROOT/system32/regini.exe file and all other users should have no file access privileges

oval:gov.nist.usgcb.xp:def:140
The Administrators group and the System user should have full access to the SYSTEMROOT/system32/netsh.exe file and all other users should have no file access privileges

oval:org.secpod.oval:def:15168
The required permissions for the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetDDE should be assigned.

oval:org.secpod.oval:def:15169
The required permissions for the file %SystemRoot%\System32\nslookup.exe should be assigned.

oval:org.secpod.oval:def:15166
The Windows Time service should be enabled or disabled as appropriate.

oval:org.secpod.oval:def:15167
The required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteAccess should be assigned.

oval:org.secpod.oval:def:8960
The host is installed with Internet Explorer 6 or 7 or 8 or 9 and is prone to information disclosure vulnerability. A flaw is present in the application, which fails to properly handle UNC share pathname in the SRC attribute of a SCRIPT element. Successful exploitation allows attackers to obtain sen ...

oval:org.secpod.oval:def:15160
The correct service permissions for the Computer Browser service should be assigned.

oval:org.secpod.oval:def:15161
The required permissions for the file %SystemDrive%\NTDETECT.COM should be assigned.

oval:org.secpod.oval:def:15164
The required permissions for the directory %SystemRoot%\System32\lusrmgr.msg should be assigned.

oval:org.secpod.oval:def:15165
The required permissions for the file %SystemRoot%\System32\compmgmt.msc should be assigned.

oval:org.secpod.oval:def:15162
The required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AppMgmt\Security should be assigned.

oval:org.secpod.oval:def:15163
The required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SNMP\Parameters\PermittedManagers should be assigned.

oval:org.secpod.oval:def:15179
The Windows Image Acquisition (WIA) service should be enabled or disabled as appropriate.

oval:org.secpod.oval:def:15177
The required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netdd\Security should be assigned.

oval:org.secpod.oval:def:15178
The required permissions for the directory %SystemRoot%\Temp should be assigned.

oval:org.secpod.oval:def:15171
The required permissions for the directory %AllUsersProfile%\Application Data should be assigned.

oval:org.secpod.oval:def:15172
The required permissions for the file %SystemRoot%\System32\gpedit.msc should be assigned.

oval:org.secpod.oval:def:15170
The required permissions for the registry key HKEY_LOCAL_MACHINE\SOFTWARE should be assigned.

oval:org.secpod.oval:def:15175
The correct service permissions for the Automatic Updates service should be assigned.

oval:org.secpod.oval:def:15176
The required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM should be assigned.

oval:org.secpod.oval:def:15173
The required permissions for the file %SystemDrive%\CONFIG.SYS should be assigned.

oval:org.secpod.oval:def:15174
The required permissions for the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ratings should be assigned.

oval:org.secpod.oval:def:15146
The correct service permissions for the Messenger service should be assigned.

oval:org.secpod.oval:def:15147
The required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ClipSrv\Security should be assigned.

oval:org.secpod.oval:def:15144
The required permissions for the file %SystemRoot%\System32\services.msc should be assigned.

oval:org.secpod.oval:def:15145
The required permissions for the directory %SystemRoot%\Driver Cache\I386\Driver.cab should be assigned.

oval:org.secpod.oval:def:15148
The correct service permissions for the Net Logon service should be assigned.

oval:org.secpod.oval:def:15149
The required permissions for the file %SystemRoot%\System32\diskmgmt.msc should be assigned.

oval:org.secpod.oval:def:15380
Access to registry editing tools should be set correctly.

oval:org.secpod.oval:def:15381
The 'Windows Firewall: Define program exceptions' policy should be configured correctly for the Domain Profile.

oval:org.secpod.oval:def:15142
The permitted number of TCP/IP Maximum Half-open Sockets should be set correctly .

oval:org.secpod.oval:def:15143
The 'Do Not Automatically Start Windows Messenger' policy should be set correctly.

oval:org.secpod.oval:def:15382
The 'Do not adjust default option to 'Install Updates and Shut Down' in Shut Down Windows dialog box' setting should be configured correctly.

oval:org.secpod.oval:def:15141
The startup type of the Simple TCP/IP service should be correct.

oval:org.secpod.oval:def:15383
The required permissions for the file %SystemRoot%\System32\telnet.exe should be assigned.

oval:org.secpod.oval:def:15157
The correct service permissions for the IIS Admin service should be assigned.

oval:org.secpod.oval:def:15158
The required permissions for the file %SystemDrive%\Documents and Settings should be assigned.

oval:org.mitre.oval:def:3
The Server Service (SRV.SYS driver) in Microsoft Windows 2000 SP4, XP SP1 and SP2, Server 2003 up to SP1, and other products, allows remote attackers to obtain sensitive information via crafted requests that leak information in SMB buffers, which are not properly initialized, aka "SMB Information Di ...

oval:org.secpod.oval:def:15155
The required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security should be assigned.

oval:org.mitre.oval:def:1
The operating system installed on the system is Microsoft Windows XP SP1 (32-bit).

oval:org.secpod.oval:def:15156
The required permissions for the directory %AllUsersProfile%\DRM should be assigned.

oval:org.secpod.oval:def:15159
The Removable Storage service should be enabled or disabled as appropriate.

oval:org.mitre.oval:def:5
Microsoft Internet Explorer 5 SP4 and 6 do not properly garbage collect when "multiple imports are used on a styleSheets collection" to construct a chain of Cascading Style Sheets (CSS), which allows remote attackers to execute arbitrary code via unspecified vectors.

oval:org.secpod.oval:def:15150
The startup type of the SNMP Trap Service service should be correct.

oval:org.secpod.oval:def:15153
The 'LDAP server signing requirements' policy should be set correctly.

oval:org.secpod.oval:def:15154
The 'Always Install with Elevated Privileges' policy should be set correctly.

oval:org.secpod.oval:def:15151
The required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CryptSvc\Security should be assigned.

oval:org.secpod.oval:def:15152
The required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32time\Security should be assigned.

oval:org.mitre.oval:def:8
Unspecified vulnerability in the Server service in Microsoft Windows 2000 SP4, Server 2003 SP1 and earlier, and XP SP2 and earlier allows remote attackers to execute arbitrary code via a crafted packet, aka "SMB Rename Vulnerability."

oval:org.mitre.oval:def:5913
Microsoft Internet Explorer 6 and 7 does not perform proper "argument validation" during print preview, which allows remote attackers to execute arbitrary code via unknown vectors, aka "HTML Component Handling Vulnerability."

oval:org.mitre.oval:def:5901
Cross-domain vulnerability in Microsoft Internet Explorer 5.01 SP4, 6, and 7 allows remote attackers to access restricted information from other domains via JavaScript that uses the Object data type for the value of a (1) location or (2) location.href property, related to incorrect determination of ...

oval:org.secpod.oval:def:15188
Membership in the Backup Operators group should be assigned to the appropriate accounts.

oval:org.secpod.oval:def:15189
The required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Scardsvr\Security should be assigned.

oval:org.secpod.oval:def:15182
The required permissions for the directory %SystemRoot%\System32 should be assigned.

oval:org.secpod.oval:def:15183
The 'DCOM: Machine Launch Restrictions in the Security Descriptor Definition Language (SDDL) syntax' security option should be set correctly.

oval:org.secpod.oval:def:15180
The 'Anonymous access to the security event log' policy should be set correctly.

oval:org.secpod.oval:def:15181
The required permissions for the directory %SystemRoot%\CSC should be assigned.

oval:org.secpod.oval:def:15186
The required auditing for %SystemDrive% directory should be enabled.

oval:org.secpod.oval:def:15187
The 'Do Not Allow Windows Messenger to be Run' policy should be set correctly.

oval:org.secpod.oval:def:15184
The required permissions for the directory %AllUsersProfile%\Application Data\Microsoft\Crypto\DSSHKLMKeys should be assigned.

oval:org.secpod.oval:def:15185
The required permissions for the directory %AllUsersProfile%\Application Data\Microsoft\Dr Watson should be assigned.

oval:org.secpod.oval:def:15199
The required permissions for the directory %AllUsersProfile%\Application Data\Microsoft\HTML Help should be assigned.

oval:org.secpod.oval:def:15193
The 'Log Successful Connections' option for the Windows Firewall should be configured correctly for the Standard Profile.

oval:org.secpod.oval:def:15194
The 'Maximum Service Ticket Litfetime' policy should be set correctly.

oval:org.secpod.oval:def:15191
The required permissions for the file %SystemRoot%\System32\eventvwr.msc should be assigned.

oval:org.secpod.oval:def:15192
The required permissions for the directory %ProgramFiles% should be assigned.

oval:org.secpod.oval:def:15197
the 'System settings: Use Certificate Rules on Windows Executables for Software Restriction Polices' setting should be configured correctly.

oval:org.secpod.oval:def:15198
The required permissions for the file %SystemRoot%\System32\ntmsoprq.msc should be assigned.

oval:org.secpod.oval:def:15195
The 'Prohibit New Task Creation' policy should be set correctly for the Task Scheduler.

oval:org.secpod.oval:def:15196
The IMAPI CD-Burning COM service should be enabled or disabled as appropriate.

oval:org.secpod.oval:def:15190
The required permissions for the file %SystemDrive%\AUTOEXEC.BAT should be assigned.

oval:org.secpod.oval:def:15322
The Cryptographic Services service should be enabled or disabled as appropriate.

oval:org.secpod.oval:def:15323
The permitted number of TCP/IP Maximum Retried Half-open Sockets should be set correctly .

oval:org.secpod.oval:def:15320
The correct service permissions for the Telnet service should be assigned.

oval:org.secpod.oval:def:15321
The 'Enable Keep-Alive Messages' policy should be set correctly for Terminal Services.

oval:org.secpod.oval:def:15326
The 'Refuse machine account password change' policy should be set correctly.

oval:org.secpod.oval:def:15327
The Remote Procedure Call (RPC) service should be enabled or disabled as appropriate.

oval:org.secpod.oval:def:15324
The 'Prevent Codec Download' policy should be set correctly for Windows MediaPlayer.

oval:org.secpod.oval:def:15325
The 'Anonymous access to the application event log' policy should be set correctly.

oval:org.secpod.oval:def:15319
The Remote Access Connection Manager service should be enabled or disabled as appropriate.

oval:org.secpod.oval:def:15317
Disallow Installation of Printers Using Kernel-mode Drivers should be properly configured.

oval:org.secpod.oval:def:15318
Always Wait for the Network at Computer Startup and Logon should be properly configured.

oval:org.secpod.oval:def:15333
The Performance Logs and Alerts service should be enabled or disabled as appropriate.

oval:org.secpod.oval:def:15334
The Volume Shadow Copy service should be enabled or disabled as appropriate.

oval:org.secpod.oval:def:15331
Administrative Shares should be enabled or disabled as appropriate.

oval:org.secpod.oval:def:15332
The Event Log service should be enabled or disabled as appropriate.

oval:org.secpod.oval:def:15337
The Windows Installer service should be enabled or disabled as appropriate.

oval:org.secpod.oval:def:15338
The Windows Management Instrumentation service should be enabled or disabled as appropriate.

oval:org.secpod.oval:def:15335
The Remote Procedure Call (RPC) Locator service should be enabled or disabled as appropriate.

oval:org.secpod.oval:def:15336
The Distributed Link Tracking Client service should be enabled or disabled as appropriate.

oval:org.secpod.oval:def:15330
Membership in the Remote Desktop Users group should be assigned to the appropriate accounts.

oval:org.secpod.oval:def:15328
The 'Limit Number of Connections' policy should be set correctly for Terminal Services.

oval:org.secpod.oval:def:15329
The correct service permissions for the Terminal Services service should be assigned.

oval:org.secpod.oval:def:15300
The startup type of the Remote Registry service should be correct.

oval:org.secpod.oval:def:15301
Automatic Execution of the System Debugger should be properly configured.

oval:org.secpod.oval:def:15304
The correct service permissions for the WWW Publishing service should be assigned.

oval:org.secpod.oval:def:15305
The log file size limit for the Windows Firewall should be configured correctly for the Standard Profile.

oval:org.secpod.oval:def:15302
The startup type of the Internet Connection Firewall service should be correct.

oval:org.secpod.oval:def:15303
The Application Management service should be enabled or disabled as appropriate.

oval:org.secpod.oval:def:15311
The 'Cache Transforms in Secure Location' policy should be set correctly.

oval:org.secpod.oval:def:15312
Computer Browser ResetBrowser Frames should be properly configured.

oval:org.secpod.oval:def:15310
Dr. Watson Crash Dumps should be properly configured.

oval:org.secpod.oval:def:15315
The Security Accounts Manager service should be enabled or disabled as appropriate.

oval:org.secpod.oval:def:15316
The correct service permissions for the Task Scheduler service should be assigned.

oval:org.secpod.oval:def:15313
The correct service permissions for the Fax service should be assigned.

oval:org.secpod.oval:def:15314
The Logical Disk Manager Administrative service should be enabled or disabled as appropriate.

oval:org.secpod.oval:def:15308
The 'Maximum User Renewal Lifetime' policy should be set correctly.

oval:org.mitre.oval:def:5923
Heap-based buffer overflow in the InternalOpenColorProfile function in mscms.dll in Microsoft Windows Image Color Management System (MSCMS) in the Image Color Management (ICM) component on Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code ...

oval:org.secpod.oval:def:15309
The MS Software Shadow Copy Provider service should be enabled or disabled as appropriate.

oval:org.secpod.oval:def:15306
The startup type of the NTLM Security Support Provider service should be correct.

oval:org.secpod.oval:def:15307
The correct service permissions for the FTP Publishing service should be assigned.

oval:org.secpod.oval:def:15124
The 'restrict guest access to system log' policy should be set correctly.

oval:org.secpod.oval:def:15366
The 'Turn Off Windows Movie Maker Online Web Links' setting should be configured correctly.

oval:org.secpod.oval:def:15125
The required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netbt should be assigned.

oval:org.secpod.oval:def:15367
The time in seconds before the screen saver grace period expires (ScreenSaverGracePeriod) setting should be configured correctly.

oval:org.secpod.oval:def:15122
The required permissions for the directory %SystemRoot%\Debug\UserMode should be assigned.

oval:org.secpod.oval:def:15364
The 'Turn off downloading of enclosures' setting should be configured correctly.

oval:org.secpod.oval:def:15123
The required permissions for the file %SystemRoot%\System32\fsmgmt.msc should be assigned.

oval:org.secpod.oval:def:15365
The 'Internet Explorer Maintenance Policy Processing - Allow processing across a slow network connection' setting should be configured correctly.

oval:org.secpod.oval:def:15128
The required permissions for the directory %SystemRoot%\$NtServicePackUninstall$ should be assigned.

oval:org.secpod.oval:def:15129
The required permissions for the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SeCEdit should be assigned.

oval:org.secpod.oval:def:15126
The 'Limit Users to One Remote Session' policy should be set correctly for Terminal Services.

oval:org.secpod.oval:def:15368
The 'Turn Off Windows Movie Maker Saving to Online Video Hosting Provider' setting should be configured correctly.

oval:org.secpod.oval:def:15127
The 'add workstations to domain' user right should be assigned to the correct accounts.

oval:org.secpod.oval:def:15120
The System Restore service should be enabled or disabled as appropriate.

oval:org.secpod.oval:def:15362
The 'Prevent IIS Installation' setting should be configured correctly.

oval:org.secpod.oval:def:15121
The required permissions for the directory %SystemRoot%\Registration should be assigned.

oval:org.secpod.oval:def:15363
The 'Prevent Desktop Shortcut Creation' setting for Windows Media Player should be configured correctly.

oval:org.secpod.oval:def:15360
The Logical Disk Manager service should be enabled or disabled as appropriate.

oval:org.secpod.oval:def:15361
The 'Turn Off Windows Movies Maker Automatic Codec Downloads' setting should be configured correctly.

oval:org.mitre.oval:def:12490
The FTP service in Internet Information Server (IIS) 4.0, 5.0 and 5.1 allows attackers who have established an FTP session to cause a denial of service via a specially crafted status request containing glob characters.

oval:org.secpod.oval:def:15119
The Help and Support service should be enabled or disabled as appropriate.

oval:org.secpod.oval:def:15136
Autoplay for Default User should be properly configured.

oval:org.secpod.oval:def:15378
The 'CD Burning features in Windows Explorer' should be enabled or disabled as appropriate.

oval:org.secpod.oval:def:15375
The 'Do not allow drive redirection' setting should be configured correctly for Terminal Services.

oval:org.secpod.oval:def:15134
The required permissions for the directory %SystemRoot%\Debug should be assigned.

oval:org.secpod.oval:def:15376
The 'Remove Security tab' setting should be configured correctly.

oval:org.secpod.oval:def:15139
The required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tapisrv\Security should be assigned.

oval:org.secpod.oval:def:15137
The required permissions for the file %SystemRoot%\System32\drwtsn32.exe should be assigned.

oval:org.secpod.oval:def:15138
The startup type of the Remote Shell service should be correct.

oval:org.secpod.oval:def:15370
The 'Turn Off Automatic Root Certificates Update' setting should be configured correctly.

oval:org.secpod.oval:def:15131
The Workstation service should be enabled or disabled as appropriate.

oval:org.secpod.oval:def:15132
The required permissions for the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Asr\Commands should be assigned.

oval:org.secpod.oval:def:15371
The 'Don't Display the Getting Started Welcome Screen at Logon' setting should be configured correctly.

oval:org.secpod.oval:def:15130
The required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Samss\Security should be assigned.

oval:org.mitre.oval:def:12008
Cross-site scripting vulnerability in Internet Information Server (IIS) 4.0, 5.0 and 5.1 allows remote attackers to execute arbitrary script as other users via an HTTP error page.

oval:org.secpod.oval:def:15102
The required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Network should be assigned.

oval:org.secpod.oval:def:15344
The Themes service should be enabled or disabled as appropriate.

oval:org.secpod.oval:def:15103
The required permissions for the file %SystemRoot%\System32\secpol.msc should be assigned.

oval:org.secpod.oval:def:15345
The Windows Management Instrumentation Driver Extensions service should be enabled or disabled as appropriate.

oval:org.secpod.oval:def:15100
Autoplay for Current User should be properly configured.

oval:org.secpod.oval:def:15101
The required permissions for the directory %SystemRoot% should be assigned.

oval:org.secpod.oval:def:15343
Domain Profile: Do not allow exceptions (SP2 only)

oval:org.secpod.oval:def:15106
The 'Allow Reconnection from Original Client Only' policy should be set correctly for Terminal Services.

oval:org.secpod.oval:def:15348
The 'Maximum tolerance for computer clock synchronization' policy should be set correctly.

oval:org.secpod.oval:def:15107
The required permissions for the file %SystemRoot%\System32\ftp.exe should be assigned.

oval:org.secpod.oval:def:15349
The Server service should be enabled or disabled as appropriate.

oval:org.secpod.oval:def:15104
The required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IRENUM\Security should be assigned.

oval:org.secpod.oval:def:15346
The Protected Storage service should be enabled or disabled as appropriate.

oval:org.secpod.oval:def:15105
The required permissions for the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies should be assigned.

oval:org.secpod.oval:def:15347
The QoS RSVP service should be enabled or disabled as appropriate.

oval:org.secpod.oval:def:15340
The log file path and name for the Windows Firewall should be configured correctly for the Standard Profile.

oval:org.secpod.oval:def:15341
The Distributed Transaction Coordinator service should be enabled or disabled as appropriate.

oval:org.secpod.oval:def:15339
The Application Layer Gateway service should be enabled or disabled as appropriate.

oval:org.secpod.oval:def:15113
The required permissions for the file %SystemRoot%\Prefetch should be assigned.

oval:org.secpod.oval:def:15355
The Windows Audio service should be enabled or disabled as appropriate.

oval:org.secpod.oval:def:15114
The startup type of the Print Services for Unix service should be correct.

oval:org.secpod.oval:def:15356
The Network Location Awareness (NLA) service should be enabled or disabled as appropriate.

oval:org.secpod.oval:def:15111
The required permissions for the file %SystemRoot%\System32\ciadv.msc should be assigned.

oval:org.secpod.oval:def:15353
The Smart Card service should be enabled or disabled as appropriate.

oval:org.secpod.oval:def:15112
The startup type of the Remote Desktop Help Session Manager service should be correct.

oval:org.secpod.oval:def:15354
The IPSEC Services service should be enabled or disabled as appropriate.

oval:org.secpod.oval:def:15117
The 'Enable User to Patch Elevated Products' policy should be set correctly.

oval:org.secpod.oval:def:15359
The Portable Media Serial Number Service service should be enabled or disabled as appropriate.

oval:org.secpod.oval:def:15118
The required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class should be assigned.

oval:org.secpod.oval:def:15115
The required permissions for the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography/Calais should be assigned.

oval:org.secpod.oval:def:15357
The TCP/IP NetBIOS Helper service should be enabled or disabled as appropriate.

oval:org.secpod.oval:def:15116
The required permissions for the file %SystemDrive%\MSDOS.SYS should be assigned.

oval:org.secpod.oval:def:15358
The 'Log Dropped Packets' option for the Windows Firewall should be configured correctly for the Standard Profile.

oval:org.secpod.oval:def:15351
The Infrared Monitor service should be enabled or disabled as appropriate.

oval:org.secpod.oval:def:15110
The required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SNMP\Parameters\ValidCommunities should be assigned.

oval:org.secpod.oval:def:15352
Standard Profile: Define port exceptions (SP2 only)

oval:org.secpod.oval:def:15350
The Uninterruptable Power Supply service should be enabled or disabled as appropriate.

oval:org.secpod.oval:def:15108
The startup type of the Simple Mail Transport Protocol (SMTP) service should be correct.

oval:org.secpod.oval:def:15109
The required permissions for the file %SystemDrive%\NTLDR should be assigned.

oval:org.secpod.oval:def:2623
The host is missing a critical security update according to Microsoft bulletin, MS08-045. The update is required to fix multiple remote code execution vulnerabilities. The flaws are present in the application, which fails to handle a specially crafted web page. Successful exploitation could allow at ...

oval:org.secpod.oval:def:2626
The host is missing a critical security update according to bulletin, MS08-078. The update is required to fix multiple remote code execution vulnerabilities. The flaw are present in the application, which fails to handle a specially crafted Web page. Successful exploitation could allow remote code e ...

oval:org.mitre.oval:def:6407
Microsoft Windows Media Runtime, as used in DirectShow WMA Voice Codec, Windows Media Audio Voice Decoder, and Audio Compression Manager (ACM), does not properly process Advanced Systems Format (ASF) files, which allows remote attackers to execute arbitrary code via a crafted audio file that uses th ...

oval:org.mitre.oval:def:5308
Unspecified vulnerability in Microsoft Internet Information Services (IIS) 5.1 through 6.0 allows remote attackers to execute arbitrary code via crafted inputs to ASP pages.

oval:org.secpod.oval:def:2606
The host is missing an important security update according to Microsoft security bulletin, MS08-002. The update is required to fix elevation of privilege vulnerability. A flaw is present in Microsoft Windows Local Security Authority Subsystem Service (LSASS), which fails to handle validating paramet ...

oval:org.mitre.oval:def:12315
The w3svc.dll ISAPI filter in Front Page Server Extensions and ASP.NET for Internet Information Server (IIS) 4.0, 5.0, and 5.1 does not properly handle the error condition when a long URL is provided, which allows remote attackers to cause a denial of service (crash) when the URL parser accesses a n ...

oval:org.mitre.oval:def:12307
Buffer overflow in the ASP data transfer mechanism in Internet Information Server (IIS) 4.0, 5.0, and 5.1 allows remote attackers to cause a denial of service or execute code, aka "Microsoft-discovered variant of Chunked Encoding buffer overrun."

oval:org.secpod.oval:def:2610
The host is missing a security update according to Microsoft security bulletin, MS09-011. The update is required to fix heap memory error. The flaw is present in MJPEG file or video stream with a malformed Huffman table, which triggers an exception that frees heap memory. Successful exploitation cou ...

oval:org.secpod.oval:def:2613
The host is missing an important security update according to Microsoft security bulletin, MS08-066. The update is required to fix elevation of privileges vulnerability. A flaw is present in Microsoft Ancillary Function Driver. Successful exploitation could allow an attacker to take complete control ...

oval:org.secpod.oval:def:2608
The host is missing a critical security update according to Microsoft security bulletin, MS08-046. The update is required to fix remote code execution vulnerability. A flaw is present in the Microsoft Image Color Management (ICM) system, which fails handle a specially crafted image file. Successful ...

oval:org.mitre.oval:def:5525
Test if this OS should support WMI service. Note: different Objects are supported on different OS. This is a generic test for the API.

oval:org.secpod.oval:def:657
The host is installed with Windows XP or Windows Server 2003 and is prone to remote code execution vulnerability. A flaw is present in microsoft wordPad which does not properly parse specially crafted Word documents. Successful exploitation allow attackers to remote code execution if a user opens a ...

oval:org.secpod.oval:def:14303
The host is missing a critical security update according to Microsoft security bulletin, MS13-057. The update is required to fix a remote code execution vulnerability. A flaw is present in the applications, which fail to handle crafted media files. Successful exploitation could allow attackers to ex ...

oval:org.secpod.oval:def:14304
The operating system installed on the system is Windows XP Media Center Edition (32-bit) Service Pack 3

oval:org.secpod.oval:def:14301
The host is installed with WMV video codec 9, Windows Media Format Runtime 9, 9.5, Windows Media Format Runtime 11, Windows Media Player 11 or 12 and is prone to a remote code execution vulnerability. A flaw is present in the applications, which fail to handle crafted media files. Successful exploit ...

oval:org.secpod.oval:def:14302
The operating system installed on the system is Windows XP Media Center Edition (32-bit)

oval:org.mitre.oval:def:6413
Unspecified vulnerability in the TLS dissector in Wireshark 1.2.0 and 1.2.1, when running on Windows, allows remote attackers to cause a denial of service (application crash) via unknown vectors related to TLS 1.2 conversations.

oval:gov.nist.usgcb.xp:def:217
NetMeeting Remote Desktop Sharing Service should be disabled

oval:gov.nist.usgcb.xp:def:216
Messenger Service should be disabled

oval:gov.nist.usgcb.xp:def:219
Routing and Remote Access Service should be disabled

oval:gov.nist.usgcb.xp:def:211
Computer Browser Service should be disabled

oval:gov.nist.usgcb.xp:def:210
ClipBook Service should be disabled

oval:gov.nist.usgcb.xp:def:213
FTP Publishing Service should be disabled

oval:gov.nist.usgcb.xp:def:212
Fax Service should be disabled

oval:gov.nist.usgcb.xp:def:215
Indexing Service should be disabled

oval:org.mitre.oval:def:6000
Microsoft Internet Explorer 7 does not properly handle errors during attempted access to deleted objects, which allows remote attackers to execute arbitrary code via a crafted HTML document, related to CFunctionPointer and the appending of document objects, aka "Uninitialized Memory Corruption Vulne ...

oval:org.mitre.oval:def:6007
Use-after-free vulnerability in mshtml.dll in Microsoft Internet Explorer 5.01, 6, and 7 on Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to execute arbitrary code via a crafted XML document containing nested SPAN elements, as exploited ...

oval:gov.nist.usgcb.xp:def:205
Retention method for system log

oval:gov.nist.usgcb.xp:def:209
Alerter Service should be disabled

oval:org.mitre.oval:def:5389
Unspecified vulnerability in Microsoft Internet Information Services (IIS) 5.0 through 7.0 allows local users to gain privileges via unknown vectors related to file change notifications in the TPRoot, NNTPFile\Root, or WWWRoot folders.

oval:org.mitre.oval:def:5388
Heap-based buffer overflow in Object Linking and Embedding (OLE) Automation in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, Vista, Office 2004 for Mac, and Visual basic 6.0 SP6 allows remote attackers to execute arbitrary code via a crafted script request.

oval:gov.nist.usgcb.xp:def:204
Retention method for security log

oval:gov.nist.usgcb.xp:def:203
This definition tests the retention method for the application log. Possible methods are - overwrite as necessary, do not overwrite, or overwrite events older than X seconds.

oval:gov.nist.usgcb.xp:def:238
No one may synchronize directory service data

oval:org.mitre.oval:def:5381
Heap-based buffer overflow in the WebDAV Mini-Redirector in Microsoft Windows XP SP2, Server 2003 SP1 and SP2, and Vista allows remote attackers to execute arbitrary code via a crafted WebDAV response.

oval:gov.nist.usgcb.xp:def:228
World Wide Web Publishing Service should be disabled

oval:gov.nist.usgcb.xp:def:227
Universal Plug and Play Device Host Service should be disabled

oval:org.mitre.oval:def:5366
Microsoft Internet Explorer 5.01, 6, and 7 does not properly handle objects that have been incorrectly initialized or deleted, which allows remote attackers to cause a denial of service (crash) and execute arbitrary code via unknown vectors, aka "Uninitialized Memory Corruption Vulnerability."

oval:gov.nist.usgcb.xp:def:223
Simple Service Discovery Protocol (SSDP) Discovery Service should be disabled

oval:gov.nist.usgcb.xp:def:226
Telnet Services Service should be disabled

oval:gov.nist.usgcb.xp:def:225
Telnet Service should be disabled

oval:org.secpod.oval:def:2664
The host is missing a critical security update according to Microsoft bulletin, MS08-022. The update is required to fix a remote code execution vulnerability. A flaw is present in (1) VBScript (VBScript.dll) and (2) JScript (JScript.dll) scripting engines 5.1 and 5.6, as used in Microsoft Windows 20 ...

oval:org.secpod.oval:def:9292
The host is installed with Internet Explorer 8 and is prone to an use after free vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to execute arbitrary code.

oval:org.secpod.oval:def:9294
The host is installed with Internet Explorer 6, 7, 8, 9 or 10 and is prone to an use after free vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to execute arbitrary code.

oval:org.secpod.oval:def:9295
The host is installed with Internet Explorer 6, 7, 8, 9 and is prone to an use after free vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to execute arbitrary code.

oval:gov.nist.usgcb.xp:def:242
This definition verifies that the Administrator account is enabled/disabled based on the policy defined by the user.

oval:gov.nist.usgcb.xp:def:246
Network DDE Share Database Manager (DSDM) Service should be disabled

oval:gov.nist.usgcb.xp:def:245
Network Dynamic Data Exchange (DDE) Service should be disabled

oval:org.mitre.oval:def:5181
Unspecified vulnerability in Active Directory on Microsoft Windows 2000 and Windows Server 2003, and Active Directory Application Mode (ADAM) on XP and Server 2003, allows remote attackers to cause a denial of service (hang and restart) via a crafted LDAP request.

oval:org.mitre.oval:def:6025
Microsoft Internet Explorer 5.01, 6, and 7 accesses uninitialized memory in certain conditions, which allows remote attackers to cause a denial of service (crash) and execute arbitrary code via vectors related to a document object "appended in a specific order" with "particular functions ... perform ...

oval:org.secpod.oval:def:2652
The host is missing a critical security update according to Microsoft security bulletin, MS08-007. The update is required to fix remote code execution vulnerability. A flaw is present in the WebDAV Mini-Redirector, which fails to handle responses and long pathnames. Successful exploitation could all ...

oval:org.secpod.oval:def:2655
The host is missing an important security update according to Microsoft security bulletin, MS08-006. The update is required to fix remote code execution vulnerability. A flaw is present in Internet Information Services (IIS), which fails to handle input to ASP Web pages. Successful exploitation coul ...

oval:org.secpod.oval:def:2654
The host is missing an important security update according to Microsoft security bulletin, MS08-005. The update is required to fix privilege escalation vulnerability. A flaw is present in Internet Information Services (IIS), which fails to handle file change notifications in the FTPRoot, NNTPFile\Ro ...

oval:org.secpod.oval:def:2659
The host is missing an important security update according to Microsoft security bulletin, MS08-003. The update is required to fix denial of service vulnerability. A flaw is present in implementations of Active Directory on Microsoft Windows 2000 Server and Windows Server 2003 and Active Directory ...

oval:org.mitre.oval:def:6255
The operating system installed on the system is Microsoft Windows XP SP2.

oval:org.secpod.oval:def:9286
The host is installed with Internet Explorer 6, 7, 8 or 9 and is prone to an use after free vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to execute arbitrary code.

oval:org.secpod.oval:def:8193
The host is installed with Internet Explorer 6, 7, 8, 9 or 10 and is prone to an InjectHTMLStream use-after-free vulnerability. A flaw is present in the application, which fails to handle a deleted object. Successful exploitation could allow attackers to execute arbitrary code.

oval:org.secpod.oval:def:9284
The host is installed with Internet Explorer 6, 7, 8, 9 or 10 and is prone to an use after free vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to execute arbitrary code.

oval:org.secpod.oval:def:9285
The host is installed with Internet Explorer 6, 7, 8 or 9 and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to execute arbitrary code.

oval:org.mitre.oval:def:1441
Unspecified vulnerability in Microsoft Internet Explorer 7 on Windows XP SP2, Windows Server 2003 SP1 or SP2, or Windows Vista allows remote attackers to execute arbitrary code via crafted HTML objects, which results in memory corruption, aka the first of two "HTML Objects Memory Corruption Vulnerab ...

oval:org.mitre.oval:def:1463
Microsoft Internet Explorer 6 SP1 on Windows 2000 SP4; 6 and 7 on Windows XP SP2, or Windows Server 2003 SP1 or SP2; and 7 on Windows Vista allows remote attackers to execute arbitrary code via certain property methods that may trigger memory corruption, aka "Property Memory Corruption Vulnerability ...

oval:org.mitre.oval:def:1722
Unspecified vulnerability in the CTableCol::OnPropertyChange method in Microsoft Internet Explorer 5.01 SP4 on Windows 2000 SP4; 6 SP1 on Windows 2000 SP4; and 6 on Windows XP SP2, or Windows Server 2003 SP1 or SP2 allows remote attackers to execute arbitrary code by calling deleteCell on a named ta ...

oval:org.mitre.oval:def:1885
Unspecified vulnerability in the mdsauth.dll COM object in Microsoft Windows Media Server in the Microsoft Internet Explorer 5.01 SP4 on Windows 2000 SP4; 6 SP1 on Windows 2000 SP4; 6 and 7 on Windows XP SP2, or Windows Server 2003 SP1 or SP2; or 7 on Windows Vista allows remote attackers to overwri ...

oval:org.mitre.oval:def:1939
Microsoft Internet Explorer 5.01 SP4 on Windows 2000 SP4; 6 SP1 on Windows 2000 SP4; 6 and 7 on Windows XP SP2, or Windows Server 2003 SP1 or SP2; and possibly 7 on Windows Vista does not properly "instantiate certain COM objects as ActiveX controls," which allows remote attackers to execute arbitra ...

oval:org.mitre.oval:def:2048
Use-after-free vulnerability in Microsoft Internet Explorer 7 on Windows XP SP2, Windows Server 2003 SP1 or SP2, or Windows Vista allows remote attackers to execute arbitrary code via crafted HTML objects, resulting in accessing deallocated memory of CMarkup objects, aka the second of two "HTML Obje ...

oval:org.mitre.oval:def:4474
Stack-based buffer overflow in the Microsoft Message Queuing (MSMQ) service in Microsoft Windows 2000 Server SP4, Windows 2000 Professional SP4, and Windows XP SP2 allows attackers to execute arbitrary code via a long string in an opnum 0x06 RPC call to port 2103. NOTE: this is remotely exploitable ...

oval:org.mitre.oval:def:1481
Kodak Image Viewer in Microsoft Windows 2000 SP4, and in some cases XP SP2 and Server 2003 SP1 and SP2, allows remote attackers to execute arbitrary code via crafted image files that trigger memory corruption, as demonstrated by a certain .tif (TIFF) file.

oval:org.secpod.oval:def:6737
The host is installed with Foxit Reader before 5.3 on Windows XP and Windows 7 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle a PDF document with a crafted attachment. Successful exploitation could allow attackers to execute arbitrary c ...

oval:org.mitre.oval:def:1715
Microsoft Internet Explorer 7.0 on Windows XP and Vista allows remote attackers to conduct phishing attacks and possibly execute arbitrary code via a res: URI to navcancl.htm with an arbitrary URL as an argument, which displays the URL in the location bar of the "Navigation Canceled" page and inject ...

oval:org.secpod.oval:def:1205
The host is installed with Microsoft Internet Explorer 6/7/8 and is prone to remote code execution vulnerability. A flaw is present in VML implementation which fails to open a specially crafted web page. Successful exploitation allows remote attackers to gain the same user rights as the logged-on us ...

oval:gov.nist.usgcb.xp:def:6626
Administrators, SERVICE, Local Service and Network Service may Create Global Objects

oval:gov.nist.usgcb.xp:def:182
Administrators may increase scheduling priority

oval:gov.nist.usgcb.xp:def:186
LOGON SERVICE and NETWORK SERVICE may log on as a service

oval:org.secpod.oval:def:15372
The 'Windows Firewall: Outbound connections' policy should be configured correctly for the Domain profile.

oval:org.secpod.oval:def:15379
The 'Windows Firewall: Apply local firewall rules' policy should be configured correctly for the Domain profile.

oval:org.secpod.oval:def:15274
The 'Always Prompt Client for Password upon Connection' policy should be set correctly for Terminal Services.

oval:gov.nist.usgcb.xp:def:170
Administrators may create a pagefile

oval:org.secpod.oval:def:15377
Processing of the legacy run list on logon should be enabled or disabled as appropriate.

oval:gov.nist.usgcb.xp:def:100
Network security: Minimum session security for NTLM SSP based (including secure RPC) servers

oval:gov.nist.usgcb.xp:def:164
Administrators, LOCAL SERVICE, NETWORK SERVICE may adjust memory quotas for a process

oval:org.secpod.oval:def:15373
The 'Secure Channel: Digitally Encrypt Secure Channel Data (When Possible)' policy should be set correctly.

oval:gov.nist.usgcb.xp:def:125
MSS: (TCPMaxConnectResponseRetransmissions) SYN-ACK retransmissions when a connection request is not acknowledged

oval:gov.nist.usgcb.xp:def:100205
do not process the run once list

oval:org.secpod.oval:def:15288
The 'Allow undock without having to logon' policy should be set correctly.

oval:gov.nist.usgcb.xp:def:677
No one is denied logon as a service

oval:gov.nist.usgcb.xp:def:190
Administrators may profile a single process

oval:gov.nist.usgcb.xp:def:243
This definition verifies that the Guest account is enabled/disabled based on the policy defined by the user.

oval:gov.nist.usgcb.xp:def:185
No one may log on as a batch job

oval:gov.nist.usgcb.xp:def:175
Guests and SUPPORT_388945a0 are denied access to this computer from the network. Note: If the SUPPORT_388945a0 accounts has been renamed perform this check manually.

oval:gov.nist.usgcb.xp:def:244
Network security: Force logoff when logon hours expire

oval:gov.nist.usgcb.xp:def:169
Administrators may change the system time

oval:gov.nist.usgcb.xp:def:6640
Administrators and SERVICE may Impersonate a Client after Authentication

oval:gov.nist.usgcb.xp:def:6565
Restrictions for Unauthenticated RPC clients

oval:org.secpod.oval:def:15342
The 'Interactive logon: Requre smart card' setting should be configured correctly.

oval:gov.nist.usgcb.xp:def:124
MSS: (SynAttackProtect) Syn attack protection level

oval:gov.nist.usgcb.xp:def:162
No one has the right to act as part of the operating system

oval:gov.nist.usgcb.xp:def:126
(TCPMaxDataRetransmissions) How many times unacknowledged data is retransmitted

oval:org.secpod.oval:def:15276
System availability to Master Browser should be properly configured.

oval:gov.nist.usgcb.xp:def:174
Administrators are allowed to debug programs

oval:gov.nist.usgcb.xp:def:180
Administrators may force shutdown from a remote system

oval:gov.nist.usgcb.xp:def:196
Administrators may take ownership of files or other objects

oval:gov.nist.usgcb.xp:def:165
Administrators and Users are allowed to log on locally

oval:gov.nist.usgcb.xp:def:176
Guests and SUPPORT_388945a0 are denied logon as a batch job. Note: If the SUPPORT_388945a0 accounts has been renamed perform this check manually.

oval:gov.nist.usgcb.xp:def:161
Administrators may access this computer from the network. NOTE: This can break IPSec see Microsoft Knowledge Base article 823659 for further guidance

oval:gov.nist.usgcb.xp:def:192
Users and Administrators may remove the computer from its docking station

oval:gov.nist.usgcb.xp:def:171
No one is allowed to create a token object

oval:gov.nist.usgcb.xp:def:188
Administrators may modify firmware environment variables

oval:gov.nist.usgcb.xp:def:187
Administrators may manage the auditing and security log

oval:gov.nist.usgcb.xp:def:195
Administrators and Users may shut down the system

oval:org.secpod.oval:def:15369
Turn off Windows Update device driver searching

oval:gov.nist.usgcb.xp:def:117
MSS: (NoDriveTypeAutoRun) Disable Autorun for all drives

oval:org.secpod.oval:def:15374
The 'Windows Firewall: Inbound connections' policy should be configured correctly for the Domain Profile.

oval:gov.nist.usgcb.xp:def:191
Administrators may profile the system performance

oval:gov.nist.usgcb.xp:def:168
Administrators and Users may bypass traverse checking

oval:gov.nist.usgcb.xp:def:181
LOCAL SERVICE and NETWORK SERVICE may generate security audits

oval:org.secpod.oval:def:15133
The 'Do Not Allow Local Administrators to Customize Permissions' policy should be set correctly for Terminal Services.

oval:org.secpod.oval:def:15140
Disable saving of dial-up passwords should be properly configured.

oval:org.secpod.oval:def:15135
Automatic Reboot After System Crash should be properly configured.

oval:gov.nist.usgcb.xp:def:194
Administrators may restore files and directories

oval:gov.nist.usgcb.xp:def:167
Administrators are allowed to back up files and directories

oval:gov.nist.usgcb.xp:def:183
Administrators may load and unload device drivers

oval:gov.nist.usgcb.xp:def:177
Guests, SUPPORT_388945a0, and any service accounts are denied logon locally. Note: If the SUPPORT_388945a0 accounts has been renamed perform this check manually.

oval:gov.nist.usgcb.xp:def:172
No one is allowed to create permanent shared objects

oval:gov.nist.usgcb.xp:def:184
No one may lock pages in memory

oval:gov.nist.usgcb.xp:def:193
LOCAL SERVICE and NETWORK SERVICE may replace a process level token

oval:gov.nist.usgcb.xp:def:189
Administrators may perform volume maintenance tasks

oval:gov.nist.usgcb.xp:def:6023
Accounts: Rename Guest Account

oval:gov.nist.usgcb.xp:def:2121


oval:gov.nist.usgcb.xp:def:20020
This policy setting determines whether or not users can connect to the computer using Terminal Services.

oval:gov.nist.usgcb.xp:def:2111
Error Reporting Service should be disabled

oval:gov.nist.usgcb.xp:def:20000
Games are not installed

oval:gov.nist.usgcb.xp:def:20001
Internet Information Services is not installed

oval:gov.nist.usgcb.xp:def:20002
Simple TCPIP Services is not installed

oval:gov.nist.usgcb.xp:def:1662
No one but Administrators and Remote Desktop Users may logon through Terminal Services

oval:gov.nist.usgcb.xp:def:2271


oval:gov.nist.usgcb.xp:def:30
Audit Directory Service Access

oval:gov.nist.usgcb.xp:def:32
Audit logon events

oval:gov.nist.usgcb.xp:def:35
Audit policy changes

oval:gov.nist.usgcb.xp:def:34
Audit object access

oval:gov.nist.usgcb.xp:def:37
Audit system events

oval:gov.nist.usgcb.xp:def:36
Audit privilege use

oval:gov.nist.usgcb.xp:def:22
Passwords must be stored using reversible encryption for all users in the domain

oval:gov.nist.usgcb.xp:def:21
Passwords must meet complexity requirements

oval:gov.nist.usgcb.xp:def:24
The maximum number of failed attempts that can occur before the account is locked out This security setting determines the number of failed logon attempts that causes a user account to be locked out. A locked-out account cannot be used until it is reset by an administrator or until the lockout dura ...

oval:gov.nist.usgcb.xp:def:23
This definition verifies that locked accounts remains locked for the defined number of minutes before they are automatically unlocked.

oval:gov.nist.usgcb.xp:def:26
Reset account lockout counters after the profile defined number of minutes

oval:gov.nist.usgcb.xp:def:27
Audit account logon events

oval:gov.nist.usgcb.xp:def:29
Audit account management

oval:gov.nist.usgcb.xp:def:17
Maximum password age is the profile defined number of days

oval:gov.nist.usgcb.xp:def:16
Password history enforcement is enabled and the profile defined number of passwords are remembered

oval:gov.nist.usgcb.xp:def:19
Minimum password length is the profile defined number of characters

oval:gov.nist.usgcb.xp:def:18
Minimum password age is the profile defined number of days

oval:gov.nist.usgcb.xp:def:612261221
Do Not Show First Use Dialog Boxes This policy prevents the Privacy Options and Installation Options dialog boxes from being displayed the first time a user starts Windows Media Player. This policy prevents the dialog boxes which allow users to select privacy, file types, and other desktop options f ...

oval:gov.nist.usgcb.xp:def:612261222
Prevents users from being prompted to update Windows Media Player. This policy prevents the Player from being updated and prevents users with administrator rights from being prompted to update the Player if an updated version is available. The Check for Player Updates command on the Help menu in the ...

oval:gov.nist.usgcb.xp:def:1351
The Administrators group and the System user should have full access and the Users group has read access to the SYSTEMROOT/system32/mshta.exe file and all other users should have no file access privileges

oval:gov.nist.usgcb.xp:def:93
Network access: Shares that can be accessed anonymously

oval:gov.nist.usgcb.xp:def:92
Network access: Remotely accessible registry paths

oval:gov.nist.usgcb.xp:def:95
Network security: Do not store LAN Manager hash value on next password change

oval:gov.nist.usgcb.xp:def:94
Network access: Sharing and security model for local accounts

oval:gov.nist.usgcb.xp:def:96
Network security: LAN Manager authentication level

oval:gov.nist.usgcb.xp:def:99
Network security: Minimum session security for NTLM SSP based (including secure RPC) clients

oval:gov.nist.usgcb.xp:def:98
Network security: LDAP client signing requirements

oval:gov.nist.usgcb.xp:def:2881
Disabling this setting will prevent all wireless wi-fi interfaces from working unless a third party management software is used to manage the device. This will not be an issue on managed desktops but will impact mobile devices.

oval:gov.nist.usgcb.xp:def:91
Network access: Named Pipes that can be accessed anonymously

oval:gov.nist.usgcb.xp:def:90
Network access: Let Everyone permissions apply to anonymous users

oval:gov.nist.usgcb.xp:def:82
Microsoft network client: Send unencrypted password to third-party SMB servers disabled

oval:gov.nist.usgcb.xp:def:81
Microsoft network client: Digitally sign communications

oval:gov.nist.usgcb.xp:def:84
Microsoft network server: Digitally sign communications (always)

oval:gov.nist.usgcb.xp:def:83
Microsoft network server: Amount of idle time required before suspending session

oval:gov.nist.usgcb.xp:def:86
Microsoft network server: Disconnect clients when logon hours expire

oval:gov.nist.usgcb.xp:def:85
Microsoft network server: Digitally sign communications (if client agrees)

oval:gov.nist.usgcb.xp:def:88
Network access: Do not allow anonymous enumeration of SAM accounts and shares

oval:gov.nist.usgcb.xp:def:87
Network access: Do not allow anonymous enumeration of SAM accounts

oval:gov.nist.usgcb.xp:def:89
Network access: Do not allow storage of credentials or .NET Passports for network authentication

oval:gov.nist.usgcb.xp:def:1781
Guests are denied logon through Terminal Services

oval:gov.nist.usgcb.xp:def:71
Set message title for users attempting to log on

oval:gov.nist.usgcb.xp:def:70
Set message text for users attempting to log on

oval:gov.nist.usgcb.xp:def:72
Number of previous logons to cache (in case domain controller is not available) is profile defined

oval:gov.nist.usgcb.xp:def:75
Require Domain Controller authentication to unlock workstation

oval:gov.nist.usgcb.xp:def:74
Prompt user to change password before expiration

oval:gov.nist.usgcb.xp:def:77
Determines if an anonymous user can request security identifier (SID) attributes for another user.

oval:gov.nist.usgcb.xp:def:79
Microsoft network client: Digitally sign communications (always)

oval:gov.nist.usgcb.xp:def:78
Smart card removal behavior for interactive logon

oval:gov.nist.usgcb.xp:def:60
Warn for unsigned driver installation

oval:gov.nist.usgcb.xp:def:62
Digitally encrypt secure channel data (when possible)

oval:gov.nist.usgcb.xp:def:61
Digitally encrypt or sign secure channel data (always)

oval:gov.nist.usgcb.xp:def:64
Disable machine account password changes

oval:gov.nist.usgcb.xp:def:63
Digitally sign secure channel data (when possible)

oval:gov.nist.usgcb.xp:def:66
Require strong (Windows 2000 or later) session key

oval:gov.nist.usgcb.xp:def:65
Maximum machine account password age is profile defined number of days

oval:gov.nist.usgcb.xp:def:68
Do not display last user name logged on

oval:gov.nist.usgcb.xp:def:69
Do not require CTRL+ALT+DEL for logon

oval:gov.nist.usgcb.xp:def:52
Audit the use of Backup and Restore privileges

oval:gov.nist.usgcb.xp:def:56
Prevent users from installing printer drivers

oval:gov.nist.usgcb.xp:def:59
Restrict floppy access to locally logged-on users only

oval:gov.nist.usgcb.xp:def:58
Restrict CD-ROM access to locally logged-on user only

oval:gov.nist.usgcb.xp:def:42


oval:gov.nist.usgcb.xp:def:45
Audit the access of global system objects is disabled

oval:org.secpod.oval:def:15242
The 'Network access: Restrict anonymous access to named pipes and shares' setting should be configured correctly.

oval:gov.nist.USGCB.xpfirewall:def:5111
The Windows Firewall: Prohibit unicast response to multicast or broadcast requests setting prevents a computer from receiving unicast responses to its outgoing multicast or broadcast messages. When this policy setting is enabled and the computer sends multicast or broadcast messages to other compute ...

oval:gov.nist.USGCB.xpfirewall:def:5113
The Windows Firewall: Allow local port exceptions setting allows administrators to use the Windows Firewall component in Control Panel to define a local port exceptions list. Windows Firewall can use two port exceptions lists; the other is defined by the Windows Firewall: Define port exceptions poli ...

oval:gov.nist.USGCB.xpfirewall:def:5100
The Windows Firewall: Protect all network connections setting turns on Windows Firewall, which replaces Internet Connection Firewall on all computers that are running Windows XP SP2. This appendix recommends configuring this setting to Enabled to protect all network connections for computers in all ...

oval:gov.nist.USGCB.xpfirewall:def:5103
The Windows Firewall: Allow local program exceptions setting allows administrators to use the Windows Firewall component in Control Panel to define a local program exceptions list. Disabling this policy setting does not allow administrators to define a local program exceptions list, and ensures that ...

oval:gov.nist.USGCB.xpfirewall:def:5101
The Windows Firewall: Do not allow exceptions setting specifies that Windows Firewall blocks all unsolicited incoming messages. This policy setting overrides all other Windows Firewall policy settings that allow such messages. If you enable this policy setting in the Windows Firewall component of Co ...

oval:gov.nist.USGCB.xpfirewall:def:5108
The Windows Firewall: Allow UPnP framework exception setting allows a computer to receive unsolicited Plug and Play messages sent by network devices, such as routers with built-in firewalls. To receive these messages, Windows Firewall opens TCP port 2869 and UDP port 1900. If you enable this policy ...

oval:gov.nist.USGCB.xpfirewall:def:5107
Many organizations use Remote Desktop connections in their normal troubleshooting procedures or operations. However, some attacks have occurred that exploited the ports typically used by Remote Desktop. To provide flexibility for remote administration, the Windows Firewall: Allow Remote Desktop exce ...

oval:gov.nist.USGCB.xpfirewall:def:5106
The Windows Firewall: Allow ICMP exceptions setting defines the set of Internet Control Message Protocol (ICMP) message types that Windows Firewall allows. Utilities can use ICMP messages to determine the status of other computers. For example, Ping uses the echo request message. If you set this pol ...

oval:gov.nist.USGCB.xpfirewall:def:5105
This setting allows file and printer sharing by configuring Windows Firewall to open UDP ports 137 and 138 and TCP ports 139 and 445. If you enable this policy setting, Windows Firewall opens these ports so that the computer can receive print jobs and requests for access to shared files. You must sp ...

oval:gov.nist.USGCB.xpfirewall:def:5109
Windows Firewall can display notifications to users when a program requests that Windows Firewall add the program to the program exceptions list. This situation occurs when programs attempt to open a port and are not allowed to do so based on current Windows Firewall rules. The Windows Firewall: Pro ...

oval:gov.nist.USGCB.xpfirewall:def:6008
The Windows Firewall port exceptions list should be defined by Group Policy, which allows you to centrally manage and deploy your port exceptions and ensure that local administrators do not create less secure settings. The Windows Firewall: Define port exceptions policy setting allows you to central ...

oval:gov.nist.USGCB.xpfirewall:def:51041
Many organizations take advantage of remote computer administration in their daily operations. However, some attacks have exploited the ports typically used by remote administration programs; Windows Firewall can block these ports. To provide flexibility for remote administration, the Windows Firewa ...

oval:gov.nist.USGCB.xpfirewall:def:5011
The Windows Firewall: Prohibit unicast response to multicast or broadcast requests setting prevents a computer from receiving unicast responses to its outgoing multicast or broadcast messages. When this policy setting is enabled and the computer sends multicast or broadcast messages to other compute ...

oval:gov.nist.USGCB.xpfirewall:def:5016
Allows Windows Firewall to record information about the unsolicited incoming messages that it receives. If you enable this policy setting, Windows Firewall writes the information to a log file. You must provide the name, location, and maximum size of the log file. The location can contain environmen ...

oval:gov.nist.USGCB.xpfirewall:def:5015
Allows Windows Firewall to record information about the unsolicited incoming messages that it receives. If you enable this policy setting, Windows Firewall writes the information to a log file. You must provide the name, location, and maximum size of the log file. The location can contain environmen ...

oval:gov.nist.USGCB.xpfirewall:def:5014
Allows Windows Firewall to record information about the unsolicited incoming messages that it receives. If you enable this policy setting, Windows Firewall writes the information to a log file. You must provide the name, location, and maximum size of the log file. The location can contain environmen ...

oval:gov.nist.USGCB.xpfirewall:def:5013
The Windows Firewall: Allow local port exceptions setting allows administrators to use the Windows Firewall component in Control Panel to define a local port exceptions list. Windows Firewall can use two port exceptions lists; the other is defined by the Windows Firewall: Define port exceptions poli ...

oval:gov.nist.USGCB.xpfirewall:def:5017
Allows Windows Firewall to record information about the unsolicited incoming messages that it receives. If you enable this policy setting, Windows Firewall writes the information to a log file. You must provide the name, location, and maximum size of the log file. The location can contain environmen ...

oval:gov.nist.USGCB.xpfirewall:def:5000
The Windows Firewall: Protect all network connections setting turns on Windows Firewall, which replaces Internet Connection Firewall on all computers that are running Windows XP SP2. This appendix recommends configuring this setting to Enabled to protect all network connections for computers in all ...

oval:gov.nist.USGCB.xpfirewall:def:5005
This setting allows file and printer sharing by configuring Windows Firewall to open UDP ports 137 and 138 and TCP ports 139 and 445. If you enable this policy setting, Windows Firewall opens these ports so that the computer can receive print jobs and requests for access to shared files. You must sp ...

oval:gov.nist.USGCB.xpfirewall:def:5004
Many organizations take advantage of remote computer administration in their daily operations. However, some attacks have exploited the ports typically used by remote administration programs; Windows Firewall can block these ports. To provide flexibility for remote administration, the Windows Firewa ...

oval:gov.nist.USGCB.xpfirewall:def:5003
The Windows Firewall: Allow local program exceptions setting allows administrators to use the Windows Firewall component in Control Panel to define a local program exceptions list. Disabling this policy setting does not allow administrators to define a local program exceptions list, and ensures that ...

oval:gov.nist.USGCB.xpfirewall:def:5009
Windows Firewall can display notifications to users when a program requests that Windows Firewall add the program to the program exceptions list. This situation occurs when programs attempt to open a port and are not allowed to do so based on current Windows Firewall rules. The Windows Firewall: Pro ...

oval:gov.nist.USGCB.xpfirewall:def:5008
The Windows Firewall: Allow UPnP framework exception setting allows a computer to receive unsolicited Plug and Play messages sent by network devices, such as routers with built-in firewalls. To receive these messages, Windows Firewall opens TCP port 2869 and UDP port 1900. If you enable this policy ...

oval:gov.nist.USGCB.xpfirewall:def:5007
Many organizations use Remote Desktop connections in their normal troubleshooting procedures or operations. However, some attacks have occurred that exploited the ports typically used by Remote Desktop. To provide flexibility for remote administration, the Windows Firewall: Allow Remote Desktop exce ...

oval:gov.nist.USGCB.xpfirewall:def:5006
The Windows Firewall: Allow ICMP exceptions setting defines the set of Internet Control Message Protocol (ICMP) message types that Windows Firewall allows. Utilities can use ICMP messages to determine the status of other computers. For example, Ping uses the echo request message. If you set this pol ...

oval:org.mitre.oval:def:186
The Window Image Acquisition (WIA) Service in Microsoft Windows XP SP2 allows local users to gain privileges via unspecified vectors involving an "unchecked buffer," probably a buffer overflow.

oval:org.mitre.oval:def:157
The MFC component in Microsoft Windows 2000 SP4, XP SP2, and 2003 SP1 and Visual Studio .NET 2000, 2002 SP1, 2003, and 2003 SP1 allows user-assisted remote attackers to execute arbitrary code via an RTF file with a malformed OLE object that triggers memory corruption. NOTE: this might be due to a st ...

oval:org.mitre.oval:def:270
TCP, when using a large Window Size, makes it easier for remote attackers to guess sequence numbers and cause a denial of service (connection loss) to persistent TCP connections by repeatedly injecting a TCP RST packet, especially in protocols that use long-lived connections, such as BGP.

oval:org.secpod.oval:def:14300
The host is missing a critical security update according to Microsoft bulletin MS13-056. The update is required to fix a remote code execution vulnerability. A flaw is present in the application, which fails to handle crafted GIF image files. Successful exploitation could allow attackers to execute ...

oval:org.secpod.oval:def:10941
The host is installed with Internet Explorer 8 or 9 and is prone to an use after free vulnerability. A flaw is present in the application, which fails to handle an object in memory that has been deleted or has not been properly allocated. Successful exploitation could allow attackers to execute arbi ...

oval:org.secpod.oval:def:9719
The host is installed with Internet Explorer 8 and is prone to a CTreeNode use after free vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to execute arbitrary code.

oval:org.secpod.oval:def:9715
The host is installed with Internet Explorer 6,7,8,9 or 10 and is prone to a CCaret use after free vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to execute arbitrary code.

oval:org.secpod.oval:def:9717
The host is installed with Internet Explorer 6,7,8,9 or 10 and is prone to a GetMarkupPtr use after free vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to execute arbitrary code.

oval:org.secpod.oval:def:9716
The host is installed with Internet Explorer 8 and is prone to a CElement use after free vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to execute arbitrary code.

oval:org.secpod.oval:def:9718
The host is installed with Internet Explorer 6,7,8,9 or 10 and is prone to a use after free vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to execute arbitrary code.

oval:org.secpod.oval:def:9720
The host is installed with Internet Explorer 6,7,8,9 or 10 and is prone to an use after free vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to execute arbitrary code.

oval:org.secpod.oval:def:9713
The host is installed with Internet Explorer 6,7,8,9 or 10 and is prone to an use after free vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to execute arbitrary code.

oval:org.secpod.oval:def:9712
The host is installed with Internet Explorer 6,7,8,9 or 10 and is prone to an onresize use after free vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to execute arbitrary code.

oval:org.secpod.oval:def:9714
The host is installed with Internet Explorer 6,7,8,9 or 10 and is prone to a CMarkupBehaviorContext use after free vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to execute arbitrary code.

oval:org.secpod.oval:def:9281
The host is installed with .NET Framework 2.0 or 3.5 or 3.5.1 or 4.0 or 4.5 and is prone to privilege escalation vulnerability. A flaw is present in the application, which fails to properly handle permissions of a callback function. Successful exploitation allows attackers to take complete control o ...

oval:org.secpod.oval:def:9291
The host is installed with Internet Explorer 8 or 9 and is prone to an use after free vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to execute arbitrary code.

oval:org.secpod.oval:def:9296
The host is installed with Internet Explorer 6, 7, 8, 9 and is prone to an use after free vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to execute arbitrary code.

oval:org.secpod.oval:def:9283
The host is installed with Internet Explorer 6 or 7 or 8 or 9 or 10 and is prone to memory corruption vulnerability. A flaw is present in the application, which fails to handle a specially crafted webpage. Successful exploitation could allow an attacker to gain the same user rights as the current us ...

oval:org.secpod.oval:def:9287
The host is installed with Internet Explorer 7, 8, 9 or 10 and is prone to an use after free vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to execute arbitrary code.

oval:org.secpod.oval:def:8339
The host is installed with Microsoft .NET Framework 2.0 SP2, 3.0, 3.5.1, 4 or 4.5 and is prone to S.DS.P buffer overflow vulnerability. A flaw is present in the application, which fails to properly handle System.DirectoryServices.Protocols (S.DS.P) namespace method. Successful exploitation allows re ...

oval:org.secpod.oval:def:8340
The host is installed with Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.0, 3.5.1, 4 or 4.5 and is prone to double construction vulnerability. A flaw is present in the application, which fails to properly handle objects in memory. Successful exploitation allows remote attackers to install programs, v ...

oval:org.secpod.oval:def:8342
The host is installed with Microsoft .NET Framework 3.5 Service Pack 1, Microsoft .NET Framework 4 or Management OData IIS Extension and is prone to a denial of service vulnerability. A flaw is present in the applications, which fail to handle crafted HTTP requests. Successful exploitation could all ...

oval:org.secpod.oval:def:8322
The host is installed with Internet Explorer 6, Internet Explorer 7 or Internet Explorer 8 and is prone to remote code execution vulnerability. A flaw is present in the application, which fails to properly handle object in memory. Successful exploitation could allow attackers to execute arbitrary co ...

oval:org.secpod.oval:def:8337
The host is installed with Microsoft .NET Framework 1.1 SP1 or 2.0 SP2 or 3.5.1 or 4 or 4.5 and is prone to WinForms buffer overflow vulnerability. A flaw is present in the application, which fails to properly handle a Windows Forms method. Successful exploitation allows remote attackers to install ...

oval:org.secpod.oval:def:8338
The host is installed with Microsoft .NET Framework 1.1 SP1 or 2.0 SP2 or 3.0 or 4 and is prone to system drawing information disclosure vulnerability. A flaw is present in the application, which fails to properly handle pointers to unmanaged memory locations. Successful exploitation allows remote a ...

oval:org.secpod.oval:def:7927
The host is installed with Microsoft .NET Framework 2.0 SP2, 3.5.1, 4 or 4.5 and is prone to Web proxy auto-discovery vulnerability. A flaw is present in the applications, which is caused by a lack of validation when the .NET Framework acquires the default web proxy settings and executes JavaScript ...

oval:org.secpod.oval:def:7928
The host is installed with Microsoft .NET Framework 4 or 4.5 and is prone to WPF reflection optimization vulnerability. A flaw is present in the applications, which fails to properly validate permissions of objects involved with reflection. Successful exploitation allows attackers to take complete c ...

oval:org.secpod.oval:def:7924
The host is installed with Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5.1 or 4 and is prone to reflection bypass vulnerability. A flaw is present in the applications, which fail to properly validate the permissions of objects performing reflection. Successful exploitation allows attackers to take ...

oval:org.secpod.oval:def:7925
The host is installed with Microsoft .NET Framework 2.0 SP2 or 3.5.1 and is prone to Code access security info disclosure vulnerability. A flaw is present in the applications, which does not properly sanitize the output of a function when called from partially trusted code. Successful exploitation a ...

oval:org.secpod.oval:def:7926
The host is installed with Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5.1 or 4 and is prone to untrusted search path vulnerability. A flaw is present in the applications, which is caused when Entity Framework, a .NET Framework component, incorrectly restricts the path used for loading external lib ...

oval:org.secpod.oval:def:6036
The host is installed with Internet Explorer 6 through 8 and is prone to a remote code execution vulnerability. A flaw is present in the application, which fails to handle an object that has been deleted. Successful exploitation could allow attackers to execute arbitrary code.

oval:org.secpod.oval:def:6035
The host is installed with Internet Explorer 6 through 9 and is prone to a remote code execution vulnerability. A flaw is present in the application, which fails to handle an object that has been deleted. Successful exploitation could allow attackers to execute arbitrary code.

oval:org.secpod.oval:def:6048
The host is installed with Internet Explorer 6 through 9 and is prone to a remote code execution vulnerability. A flaw is present in the application, which fails to handle an object that has been deleted. Successful exploitation could allow attackers to execute arbitrary code.

oval:org.secpod.oval:def:6047
The host is installed with Internet Explorer 6 through 9 and is prone to a remote code execution vulnerability. A flaw is present in the application, which fails to handle an object that has been deleted. Successful exploitation could allow attackers to execute arbitrary code.

oval:org.secpod.oval:def:6046
The host is installed with Internet Explorer 6 through 9 and is prone to a remote code execution vulnerability. A flaw is present in the application, which fails to properly handle objects in memory. Successful exploitation could allow attackers to execute arbitrary code.

oval:org.secpod.oval:def:6045
The host is installed with Internet Explorer 8 and is prone to a remote code execution vulnerability. A flaw is present in the application, which fails to properly handle objects in memory. Successful exploitation could allow attackers to execute arbitrary code.

oval:org.secpod.oval:def:6049
The host is installed with Internet Explorer 6 through 9 and is prone to a remote code execution vulnerability. A flaw is present in the application, which fails to properly handle objects in memory. Successful exploitation could allow attackers to execute arbitrary code.

oval:org.secpod.oval:def:6044
The host is installed with Internet Explorer 8 and 9 and is prone to a remote code execution vulnerability. A flaw is present in the application, which fails to properly handle objects in memory. Successful exploitation could allow attackers to execute arbitrary code.

oval:org.secpod.oval:def:6043
The host is installed with Internet Explorer 7 through 9 and is prone to a remote code execution vulnerability. A flaw is present in the application, which fails to properly create and initialize string data. Successful exploitation could allow attackers to obtain sensitive information from process ...

oval:org.secpod.oval:def:6042
The host is installed with Internet Explorer 6 through 9 and is prone to a cross site scripting vulnerability. A flaw is present in the application, which fails to handle crafted character sequences with EUC-JP encoding. Successful exploitation could allow attackers to inject arbitrary web script or ...

oval:org.secpod.oval:def:6051
The host is installed with Internet Explorer 6 through 9 and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to block cross-domain scrolling events. Successful exploitation could allow attackers to read content from a different domain or zone.

oval:org.secpod.oval:def:6050
The host is installed with Internet Explorer 8 or 9 and is prone to a remote code execution vulnerability. A flaw is present in the application, which fails to properly handle objects in memory. Successful exploitation could allow attackers to execute arbitrary code.

oval:org.secpod.oval:def:6026
The host is installed with Microsoft .Net framework 2.0 Sp2 or 3.5.1 or 4.0 or 4.5 Beta and is prone to remote code execution vulnerability. A flaw is present in the application, which fails to properly execute a function pointer. Successful exploitation allows attackers to take complete control of ...

oval:org.secpod.oval:def:6037
The host is installed with Internet Explorer 8 and 9 or Microsoft Communicator 2007 R2 or Lync 2010 or Lync 2010 Attendee Microsoft InfoPath 2007 or 2010, Microsoft SharePoint Server 2007 or 2010, Microsoft SharePoint Foundation 2010, Microsoft SharePoint Services 3.0 or Microsoft Groove Server 2010 ...

oval:org.secpod.oval:def:5629
The host is installed with Microsoft .NET Framework 4 and is prone buffer allocation vulnerability. A flaw is present in the application, which fails to handle a specially crafted Microsoft .NET Framework application. Successful exploitation could allow remote attackers to install programs, view, ch ...

oval:org.secpod.oval:def:5630
The host is installed with Microsoft .NET Framework 4 and is prone index comparison vulnerability. A flaw is present in the applications, which fails to handle WPF APIs. Successful exploitation could allow remote attackers to execute code or to elevate their user rights in any fashion.

oval:org.secpod.oval:def:5635
The host is installed with Microsoft Windows and is prone privilege escalation vulnerability. A flaw is present in the application, which fails to handle the Windows kernel-mode driver. Successful exploitation could allow remote attackers to install programs, view, change, or delete data or create n ...

oval:org.secpod.oval:def:4157
The host is installed with Microsoft .NET Framework 2.0 SP2, 3.5.1, 4.0 or Silverlight and is prone unmanaged objects vulnerability. A flaw is present in the applications, which fails to handle a specially crafted Microsoft .NET Framework application. Successful exploitation could allow remote attac ...

oval:org.secpod.oval:def:4158
The host is installed with Microsoft .NET Framework 2.0 SP2, and 3.5.1 and is prone heap corruption vulnerability. A flaw is present in the Microsoft .NET Framework, which fails to handle calculation of buffer length while processing specially crafted input. Successful exploitation could allow remot ...

oval:org.secpod.oval:def:3631
The host is installed with Microsoft .NET Framework 1.1 or 2.0 or 3.5 or 3.5.1 or 4.0 and is prone to an elevation of privilege vulnerability. A flaw is present in the applications, which fail to correctly authenticate specially crafted usernames. Successful exploitation allows remote authenticated ...

oval:org.secpod.oval:def:3632
The host is installed with Microsoft .NET Framework 1.1 or 2.0 or 3.5 or 3.5.1 or 4.0 and is prone to an elevation of privilege vulnerability. A flaw is present in the applications, which fail to properly handle cached content when Forms Authentication is used with sliding expiry. Successful exploit ...

oval:org.secpod.oval:def:3630
The host is installed with Microsoft .Net Framework 2.0 or 3.5 or 3.5.1 or 4.0 and is prone to open redirect vulnerability. A flaw is present in the applications, which fail to properly verify return URLs during the forms authentication process. Successful exploitation allows remote attackers to red ...

oval:org.secpod.oval:def:3629
The host is installed with Microsoft .NET Framework 1.1 or 2.0 or 3.5 or 3.5.1 or 4.0 and is prone to denial of service vulnerability. A flaw is present in the applications, where ASP.NET fails to properly hash specially crafted requests and inserts that data into a hash table causing a hash collisi ...

oval:org.secpod.oval:def:3713
The host is installed with Microsoft Windows and is prone to remote code execution vulnerability. A flaw is present in the application, which is caused when Windows Media Player fails to handle a specially crafted MIDI file. Successful exploitation allows attackers to run arbitrary code in the conte ...

oval:org.secpod.oval:def:3714
The host is installed with Microsoft Windows and is prone to remote code execution vulnerability. A flaw is present in the application, which is caused when filters in DirectShow do not properly handle specially crafted media files. Successful exploitation allows attackers to run arbitrary code in t ...

oval:org.secpod.oval:def:3435
The host is installed with Active Directory or Active Directory Application Mode (ADAM) or Active Directory Lightweight Directory Service (AD LDS) and is prone to a remote code execution vulnerability. A flaw is present in the application, which fails to handle a crafted application when run by an a ...

oval:org.secpod.oval:def:2716
The host is installed with Active Directory or Active Directory Application Mode (ADAM) or Active Directory Lightweight Directory Service (AD LDS) and is prone to elevation of privilege vulnerability. A flaw is present in the application, which is caused when Active Directory is configured to use LD ...

oval:org.secpod.oval:def:2537
The host is installed with Microsoft Active Accessibility component and is prone to a remote code execution vulnerability. A flaw is present in the Microsoft Active Accessibility component, which fails to handle specially crafted dynamic link library file present in the same network directory. Succe ...

oval:org.secpod.oval:def:1754
The host is installed with Microsoft .NET Framework 2.0 SP2 or 3.5.1 SP1 or 4.0 and is prone to information disclosure vulnerability. A flaw is present in the applications which fails to properly validate the trust level within the System.Net.Sockets namespace. Successful exploitation allows attacke ...

oval:org.secpod.oval:def:1733
The host is installed with Microsoft Chart controls and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to handle special characters within a specially crafted URI. Successful exploitation could allow attackers to gain sensitive information.

oval:org.secpod.oval:def:1404
The host is installed with Windows XP, Windows Vista, Windows Server 2008, Windows Server 2003 and Windows 7 and is prone to null pointer de-reference vulnerability. A flaw is present in windows Kernel-mode drivers which does not properly manage pointers to kernel-mode driver objects. Successful exp ...

oval:org.secpod.oval:def:1740
The host is installed with Microsoft Windows XP or Windows server 2003 or Windows server 2008 or Windows Vista or Windows 7 or Windows server 2008 R2 and is prone to elevation of privilege vulnerability. A flaw is present in Client/Server Run-time Subsystem (CSRSS) which fails to restrict the arbitr ...

oval:org.secpod.oval:def:1738
The host is installed with Microsoft Windows XP or Windows server 2003 or Windows server 2008 or Windows Vista or Windows 7 or Windows server 2008 R2 and is prone to elevation of privilege vulnerability. A flaw is present in Client/Server Run-time Subsystem (CSRSS) which fails to restrict the arbitr ...

oval:org.secpod.oval:def:1399
The host is installed with Windows XP, Windows Vista, Windows Server 2008, Windows Server 2003 and Windows 7 and is prone to null pointer de-reference vulnerability. A flaw is present in windows Kernel-mode drivers which does not properly manage pointers to kernel-mode driver objects. Successful exp ...

oval:org.secpod.oval:def:1401
The host is installed with Windows XP, Windows Vista, Windows Server 2008, Windows Server 2003 and Windows 7 and is prone to use after free vulnerability. A flaw is present in windows Kernel-mode drivers which does not properly manage kernel-mode driver objects. Successful exploitation allows attack ...

oval:org.secpod.oval:def:1400
The host is installed with Windows XP, Windows Vista, Windows Server 2008, Windows Server 2003 and Windows 7 and is prone to null pointer de-reference vulnerability. A flaw is present in windows Kernel-mode drivers which does not properly manage pointers to kernel-mode driver objects. Successful exp ...

oval:org.secpod.oval:def:1403
The host is installed with Windows XP, Windows Vista, Windows Server 2008, Windows Server 2003 and Windows 7 and is prone to use after free vulnerability. A flaw is present in windows Kernel-mode drivers which does not properly manage kernel-mode driver objects. Successful exploitation allows attack ...

oval:org.secpod.oval:def:1402
The host is installed with Windows XP, Windows Vista, Windows Server 2008, Windows Server 2003 and Windows 7 and is prone to use after free vulnerability. A flaw is present in windows Kernel-mode drivers which does not properly manage kernel-mode driver objects. Successful exploitation allows attack ...

oval:org.secpod.oval:def:1395
The host is installed with Windows XP, Windows Vista, Windows Server 2008, Windows Server 2003 and Windows 7 and is prone to use after free vulnerability. A flaw is present in windows Kernel-mode drivers which does not properly manage kernel-mode driver objects. Successful exploitation allows attack ...

oval:org.secpod.oval:def:1394
The host is installed with Windows XP, Windows Vista, Windows Server 2008, Windows Server 2003 and Windows 7 and is prone to use after free vulnerability. A flaw is present in windows Kernel-mode drivers which does not properly manage kernel-mode driver objects. Successful exploitation allows attack ...

oval:org.secpod.oval:def:1397
The host is installed with Windows XP, Windows Vista, Windows Server 2008, Windows Server 2003 and Windows 7 and is prone to use after free vulnerability. A flaw is present in windows Kernel-mode drivers which does not properly manage kernel-mode driver objects. Successful exploitation allows attack ...

oval:org.secpod.oval:def:1398
The host is installed with Windows XP, Windows Vista, Windows Server 2008, Windows Server 2003 and Windows 7 and is prone to use after free vulnerability. A flaw is present in windows Kernel-mode drivers which does not properly manage kernel-mode driver objects. Successful exploitation allows attack ...

oval:org.secpod.oval:def:1393
The host is installed with Windows XP, Windows Vista, Windows Server 2008, Windows Server 2003 and Windows 7 and is prone to use after free vulnerability. A flaw is present in windows Kernel-mode drivers which does not properly manage kernel-mode driver objects. Successful exploitation allows attack ...

oval:org.secpod.oval:def:1172
The host is missing an critical security update according to Microsoft security bulletin, MS11-039. The update is required to fix remote code execution vulnerability in Microsoft .Net framework and Microsoft Silverlight. A flaw is present in the applications which is caused when the .NET Framework a ...

oval:org.secpod.oval:def:1171
The host is installed with Microsoft .Net framework 2.0 SP1 or 2.0 SP2 or 3.5 or 3.5 SP1 or 4.0 or Microsoft Silverlight 4 and is prone to remote code execution vulnerability. A flaw is present in the applications which is caused when the .NET Framework or Microsoft Silverlight improperly validate a ...

oval:org.secpod.oval:def:1183
The host is missing a Critical security update according to Microsoft security bulletin, MS11-044. The update is required to fix remote code execution vulnerability in Microsoft .NET Framework on Windows 7 or Windows Server 2003 or Windows Server 2008 or Windows Vista or Windows XP. The flaw is pres ...

oval:org.secpod.oval:def:1182
The host is installed with Microsoft .NET Framework and is prone to remote code execution vulnerability. A flaw is present in the JIT compiler when IsJITOptimizerDisabled is false, which fails to handle expressions related to null strings. Successful exploitation allows an attacker to install progra ...

oval:org.secpod.oval:def:1169
The host is installed with Microsoft Windows XP SP3, Microsoft Windows Server 2003 XP2, Windows Server 2008 SP1 or SP2 and is prone to remote code execution vulnerability. A flaw is present in the application which fails to handle specially crafted request. Successful exploitation allows remote atta ...

oval:org.secpod.oval:def:993
The host is missing an critical security update according to Microsoft security bulletin, MS11-033. The update is required to fix remote code execution vulnerability in Javascript and Vbscript scripting engines. A flaw is present in the application which is caused when the scripting engines attempt ...

oval:org.secpod.oval:def:715
The host is installed with Javascript and Vbscript 5.6 or 5.7 or 5.8 scripting engines and is prone to remote code execution vulnerability. A flaw is present in the application which is caused when the scripting engines attempt to reallocate memory while decoding a script in order to run it, an inte ...

oval:org.secpod.oval:def:992
The host is missing a Critical security update according to Microsoft security bulletin, MS11-032. The update is required to fix remote code execution vulnerability in Windows 7 or Windows Server 2003 or Windows Server 2008 or Windows Vista or Windows XP. A flaw is present in the OpenType Font (OTF) ...

oval:org.secpod.oval:def:991
The host is missing an important security update according to Microsoft security bulletin, MS11-024. The update is required to fix multiple remote code execution vulnerabilities. Flaws are present in the application, whci fails to handle malicious Fax Cover Page (.cov) files. Successful exploitation ...

oval:org.secpod.oval:def:714
The host is installed with Microsoft .NET Framework and is prone to remote code execution vulnerability. A flaw is present in x86 JIT compiler, which fails to compiling certain function calls. Successful exploitation could allow remote attackers to corrupt the stack and execute remote code.

oval:org.secpod.oval:def:658
The host is installed with Windows 7 or Windows Server 2003 or Windows Server 2008 or Windows Vista or Windows XP and is prone to remote code execution vulnerability. A flaw is present in the OpenType Font (OTF) driver which fails to properly parse specially crafted OpenType fonts. Successful exploi ...

oval:org.secpod.oval:def:820
The host is missing a Critical security update according to Microsoft security bulletin, MS11-028. The update is required to fix a remote code execution vulnerability in Microsoft .NET Framework. A flaw is present in the JIT compiler, which fails to compile certain function calls. Successful ex ...

oval:org.secpod.oval:def:79
The host is installed with Microsoft Internet Explorer is prone to uninitialized memory corruption vulnerability. A flaw is present in the application, which fails to properly handle an object that has not been correctly initialized or has been deleted. Successful exploitation could allow attackers ...

oval:org.secpod.oval:def:81
The host is installed with Microsoft Internet Explorer is prone to insecure library loading vulnerability. A flaw is present in the application, which fails to properly handle loading of dll files. Successful exploitation could allow attackers to execute arbitrary code and gain the same user rights ...

oval:org.secpod.oval:def:80
The host is installed with Microsoft Internet Explorer is prone to uninitialized memory corruption vulnerability. A flaw is present in the application, which fails to properly handle an object that has not been correctly initialized or has been deleted. Successful exploitation could allow attackers ...

oval:org.secpod.oval:def:1049
The host is missing a critical security update according to Microsoft security bulletin, MS11-003. The update is required to fix memory corruption vulnerability in Microsoft Internet Explorer. A flaw is present in the application, which fails to properly handle memory access. Successful exploitation ...

oval:org.secpod.oval:def:101
A privilege escalation vulnerability is present in Windows kernel-mode drivers. A flaw is present in the driver, which fails to validate data passed from user mode to kernel mode. Successful exploitation could allow an attacker to gain additional privileges and execute arbitrary code.

oval:org.secpod.oval:def:100
A privilege escalation vulnerability is present in Windows kernel-mode drivers. A flaw is present in the driver, which fails to validate data passed from user mode to kernel mode. Successful exploitation could allow an attacker to gain additional privileges and execute arbitrary code.

oval:org.secpod.oval:def:85
The host is installed with OpenType Compact Font Format (CFF) driver and is prone to remote code execution vulnerability. A flaw is present in the driver which fails to properly parse specially crafted OpenType fonts. Successful exploitation allows an attacker to run arbitrary code in kernel mode an ...

oval:org.secpod.oval:def:99
A privilege escalation vulnerability is present in Windows kernel-mode drivers. A flaw is present in the driver, which fails to validate data passed from user mode to kernel mode. Successful exploitation could allow an attacker to gain additional privileges and execute arbitrary code.

oval:org.secpod.oval:def:98
A privilege escalation vulnerability is present in Windows kernel-mode drivers. A flaw is present in the driver, which fails to validate data passed from user mode to kernel mode. Successful exploitation could allow an attacker to gain additional privileges and execute arbitrary code.

oval:org.secpod.oval:def:1032
The host is missing a Critical security update according to Microsoft security bulletin, MS11-007. The update is required to fix remote code execution vulnerability in Windows OpenType Compact Font Format (CFF) driver. A flaw is present in the the driver which fails to properly parse specially craft ...

oval:org.secpod.oval:def:1037
The host is missing an Important security update according to Microsoft security bulletin, MS11-012. The update is required to fix elevation of privilege vulnerability in Microsoft Windows. A flaw is present in the windows kernel-mode drivers which fails to validate data passed from user mode to ker ...

oval:org.secpod.oval:def:97
A privilege escalation vulnerability is present in Windows kernel-mode drivers. A flaw is present in the driver, which fails to validate data passed from user mode to kernel mode. Successful exploitation could allow an attacker to gain additional privileges and execute arbitrary code.

oval:org.secpod.oval:def:84
The host is installed with Microsoft Graphics Rendering Engine and is prone to stack-based buffer overflow vulnerability. A flaw is present in the "CreateSizedDIBSECTION()" function within the "shimgvw.dll" module, which fails to properly parse a malformed thumbnail image. Successful exploitation co ...

oval:org.secpod.oval:def:1046
The host is missing an critical security update according to Microsoft security bulletin, MS11-006. The update is required to fix stack-based buffer overflow vulnerability. A flaw is present in the "CreateSizedDIBSECTION()" function within the "shimgvw.dll" module, which fails to properly parse a ma ...

oval:org.mitre.oval:def:6833
Untrusted search path vulnerability in wab.exe 6.00.2900.5512 in Windows Address Book in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges via a Trojan horse wab32res.dll fi ...

oval:org.mitre.oval:def:6484
Microsoft Windows Media Runtime, as used in DirectShow WMA Voice Codec, Windows Media Audio Voice Decoder, and Audio Compression Manager (ACM), does not properly initialize unspecified functions within compressed audio files, which allows remote attackers to execute arbitrary code via (1) a crafted ...

oval:org.mitre.oval:def:6149
Integer underflow in Windows HTTP Services (aka WinHTTP) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote HTTP servers to execute arbitrary code via crafted parameter values in a response, related to error handling, aka "Window ...

oval:org.mitre.oval:def:6027
Windows HTTP Services (aka WinHTTP) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, and Vista Gold allows remote web servers to impersonate arbitrary https web sites by using DNS spoofing to "forward a connection" to a different https web site that has a valid certificate mat ...

oval:org.mitre.oval:def:6081
Microsoft Internet Explorer 7, when XHTML strict mode is used, allows remote attackers to execute arbitrary code via the zoom style directive in conjunction with unspecified other directives in a malformed Cascading Style Sheets (CSS) stylesheet in a crafted HTML document, aka "CSS Memory Corruption ...

oval:org.secpod.oval:def:2360
The host is missing a critical security update according to Microsoft security bulletin, MS09-002. The update is required to fix remote code execution vulnerability in Microsoft Windows Internet Explorer. A flaw is present in the Windows Internet Explorer, which fails to handle Cascading Style Sheet ...

oval:org.mitre.oval:def:5829
Stack-based buffer overflow in Microsoft Internet Explorer 5.01 SP4, 6 SP1 on Windows 2000, and 6 on Windows XP and Server 2003 does not properly handle extraneous data associated with an object embedded in a web page, which allows remote attackers to execute arbitrary code via crafted HTML tags tha ...

oval:org.secpod.oval:def:3052
The host is missing a critical security update according to Microsoft security bulletin, MS08-073. The update is required to fix multiple remote code execution vulnerabilities. The flaws are present in Internet Explorer, which fails to handle a specially crafted Web page. Successful exploitation all ...

oval:org.mitre.oval:def:5942
Microsoft Windows Media Player 6.4, Windows Media Format Runtime 7.1 through 11, and Windows Media Services 4.1, 9, and 2008 do not properly use the Service Principal Name (SPN) identifier when validating replies to authentication requests, which allows remote servers to execute arbitrary code via v ...

oval:org.secpod.oval:def:3095
The host is missing an important security update according to Microsoft security bulletin, MS08-076. The update is required to fix multiple remote code execution vulnerabilities. The flaws are present in Windows Media Components, which fails to handle Service Principal Name (SPN) implementations and ...

oval:org.mitre.oval:def:5343
Integer overflow in Memory Manager in Microsoft Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows local users to gain privileges via a crafted application that triggers an erroneous decrement of a variable, related to validation of parameters for Virtual Add ...

oval:org.secpod.oval:def:2658
The host is missing an important security update according to Microsoft security bulletin, MS08-064. The update is required to fix privilege escalation vulnerability. A flaw is present in Virtual Address Descriptor, which fails to handle a specially crafted application. Successful exploitation could ...

oval:org.mitre.oval:def:13299
Microsoft Internet Explorer 6 and 7 does not properly determine the domain or security zone of origin of web script, which allows remote attackers to bypass the intended cross-domain security policy and obtain sensitive information via a crafted HTML document, aka "Cross-Domain Information Disclosur ...

oval:org.mitre.oval:def:12364
Microsoft Internet Explorer 6 and 7 does not properly determine the domain or security zone of origin of web script, which allows remote attackers to bypass the intended cross-domain security policy, and execute arbitrary code or obtain sensitive information, via a crafted HTML document, aka "HTML E ...

oval:org.mitre.oval:def:5437
Unspecified vulnerability in the kernel in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, through Vista SP1, and Server 2008 allows local users to execute arbitrary code via unknown vectors related to improper input validation. NOTE: it was later reported that one affected function is ...

oval:org.mitre.oval:def:5441
Heap-based buffer overflow in the CreateDIBPatternBrushPt function in GDI in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, Vista, and Server 2008 allows remote attackers to execute arbitrary code via an EMF or WMF image file with a malformed header that triggers an integer overflow, a ...

oval:org.secpod.oval:def:2651
The host is missing an important security update according to Microsoft security bulletin, MS08-025. The update is required to fix privilege escalation vulnerability. A flaw is present in the Windows kernel, which fails to handle validation of inputs passed from user mode. Successful exploitation co ...

oval:org.secpod.oval:def:2628
The host is missing a critical security update according to Microsoft bulletin, MS08-010. The update is required to fix multple remote code execution vulnerabilities. A flaw is present in the application, which fails to handle specially crafted Web page. Successful exploitation could allow attackers ...

oval:org.mitre.oval:def:5396
Use-after-free vulnerability in Microsoft Internet Explorer 6 SP1, 6 SP2, and and 7 allows remote attackers to execute arbitrary code by assigning malformed values to certain properties, as demonstrated using the by property of an animateMotion SVG element, aka "Property Memory Corruption Vulnerabil ...

oval:org.secpod.oval:def:2631
The host is missing a critical security update according to Microsoft bulletin, MS08-058. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle a crafted web page. Successful exploitation could allow attackers to execute arbitrary cod ...

oval:org.mitre.oval:def:6069
Microsoft Internet Explorer 6 SP1, 6 and 7 on Windows XP SP2 and SP3, 6 and 7 on Windows Server 2003 SP1 and SP2, 7 on Windows Vista Gold and SP1, and 7 on Windows Server 2008 allows remote attackers to execute arbitrary code via a web page that triggers presence of an object in memory that was (1) ...

oval:org.mitre.oval:def:6164
Microsoft Internet Explorer 6 SP1, 6 and 7 on Windows XP SP2 and SP3, 6 and 7 on Windows Server 2003 SP1 and SP2, 7 on Windows Vista Gold and SP1, and 7 on Windows Server 2008 does not properly handle transition errors in a request for one HTTP document followed by a request for a second HTTP docume ...

oval:org.secpod.oval:def:2558
The host is missing a critical security update according to Microsoft security bulletin, MS09-013. The update is required to fix remote code execution vulnerability in Windows HTTP Services. A flaw is present in the Windows HTTP Services(WinHTTP), which fails handle http service file winhttp.dll. Su ...

oval:org.secpod.oval:def:2370
The host is missing a critical security update according to Microsoft security bulletin, MS09-014. The update is required to fix remote code execution vulnerabilities. A flaw is present in the Windows Internet Explorer, which fails to handle specially crafted Web page. Successful exploitation could ...

oval:org.mitre.oval:def:5723
Microsoft Internet Explorer 5.01 SP4, 6 SP1, 6 and 7 on Windows XP SP2 and SP3, 6 and 7 on Windows Server 2003 SP1 and SP2, 7 on Windows Vista Gold and SP1, and 7 on Windows Server 2008 allows remote attackers to execute arbitrary code via a web page that triggers presence of an object in memory tha ...

oval:org.mitre.oval:def:5551
Unspecified vulnerability in Microsoft Internet Explorer 5.01 SP4, 6 SP1, 6 on Windows XP SP2 and SP3, and 6 on Windows Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via a web page that triggers presence of an object in memory that was (1) not properly initialized or (2) ...

oval:org.mitre.oval:def:5320
Windows HTTP Services (aka WinHTTP) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008; and WinINet in Microsoft Internet Explorer 5.01 SP4, 6 SP1, 6 and 7 on Windows XP SP2 and SP3, 6 and 7 on Windows Server 2003 SP1 and SP2, 7 on Windows Vis ...

oval:org.mitre.oval:def:6233
Windows HTTP Services (aka WinHTTP) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008; and WinINet in Microsoft Internet Explorer 5.01 SP4, 6 SP1, 6 and 7 on Windows XP SP2 and SP3, 6 and 7 on Windows Server 2003 SP1 and SP2, 7 on Windows Vis ...

oval:org.mitre.oval:def:7569
Windows HTTP Services (aka WinHTTP) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008; and WinINet in Microsoft Internet Explorer 5.01 SP4, 6 SP1, 6 and 7 on Windows XP SP2 and SP3, 6 and 7 on Windows Server 2003 SP1 and SP2, 7 on Windows Vis ...

oval:org.mitre.oval:def:5604
Microsoft Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to cause a denial of service (system hang) via a series of Pragmatic General Multicast (PGM) packets with invalid fragment options, aka the "PGM Malformed Fragment Vulnerability."

oval:org.mitre.oval:def:5473
Microsoft Windows XP SP2 and SP3, and Server 2003 SP1 and SP2, does not properly validate the option length field in Pragmatic General Multicast (PGM) packets, which allows remote attackers to cause a denial of service (infinite loop and system hang) via a crafted PGM packet, aka the "PGM Invalid Le ...

oval:org.secpod.oval:def:2657
The host is missing an important security update according to Microsoft security bulletin, MS08-036. The update is required to fix denial of service vulnerability. A flaw is present in the Pragmatic General Multicast (PGM) protocol, which fails to handle PGM packets. Successful exploitation could al ...

oval:org.secpod.oval:def:2584
The host is missing an important security update according to Microsoft security bulletin, MS08-020. The update is required to fix spoofing attack vulnerability. A flaw is present in Windows DNS clients, which fails handle a specially crafted responses to DNS requests. Successful exploitation could ...

oval:org.mitre.oval:def:5314
The DNS client in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, and Vista uses predictable DNS transaction IDs, which allows remote attackers to spoof DNS responses.

oval:org.mitre.oval:def:496
Argument injection vulnerability in the Windows Object Packager (packager.exe) in Microsoft Windows XP SP1 and SP2 and Server 2003 SP1 and earlier allows remote user-assisted attackers to execute arbitrary commands via a crafted file with a "/" (slash) character in the filename of the Command Line p ...

oval:org.mitre.oval:def:1090
The RichEdit component in Microsoft Windows 2000 SP4, XP SP2, and 2003 SP1; Office 2000 SP3, XP SP3, 2003 SP2, and Office 2004 for Mac; and Learning Essentials for Microsoft Office 1.0, 1.1, and 1.5 allows user-assisted remote attackers to execute arbitrary code via a malformed OLE object in an RTF ...

oval:org.secpod.oval:def:5627
The host is installed with Microsoft Office, Windows, .NET Framework, and Silverlight and is prone TrueType Font parsing vulnerability. A flaw is present in the applications, which fail to handle a specially crafted TrueType font file. Successful exploitation could allow remote attackers to install ...

oval:org.secpod.oval:def:5628
The host is installed with Microsoft Office, Windows, and Silverlight and is prone TrueType Font parsing vulnerability. A flaw is present in the applications, which fails to handle a specially crafted TrueType font file. Successful exploitation could allow remote attackers to install programs, view, ...

CVE    21
CVE-2007-1531
CVE-2007-0933
CVE-2007-1912
CVE-2007-6753
...
CCE    511
CCE-2387-9
CCE-4390-1
CCE-3176-5
CCE-3130-2
...
*CPE
cpe:/o:microsoft:windows_xp
XCCDF    7
xccdf_gov.nist_benchmark_USGCB-Windows-XP-firewall
xccdf_org.secpod_benchmark_Windows_XP
xccdf_gov.nist_benchmark_USGCB-Windows-XP
xccdf_org.secpod_benchmark_nerc_cip_Windows_XP
...

© SecPod Technologies