Executive Summary
This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
| Summary | |
|---|---|
| Title | Microsoft Updates for Multiple Vulnerabilities |
| Informations | |||
|---|---|---|---|
| Name | TA09-195A | First vendor Publication | 2009-07-14 |
| Vendor | US-CERT | Last vendor Modification | 2009-07-14 |
| Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C) | |||
|---|---|---|---|
| Cvss Base Score | 10 | Attack Range | Network |
| Cvss Impact Score | 10 | Attack Complexity | Low |
| Cvss Expoit Score | 10 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| Microsoft has released updates that address vulnerabilities in Microsoft Windows, Windows Server, DirectShow, Virtual PC and Server, Office Publisher, and ISA Server. I. Description As part of the Microsoft Security Bulletin Summary for July 2009, Microsoft has released updates that address several vulnerabilities in Microsoft Windows, Windows Server, DirectShow, Windows Virtual PC and Server, Office Publisher, and ISA Server. Microsoft indicates that two of these vulnerabilities, CVE-2009-1537 and CVE-2008-0015, are being actively exploited. II. Impact A remote, unauthenticated attacker could execute arbitrary code, gain elevated privileges, or cause a vulnerable application to crash. III. Solution Microsoft has provided updates for these vulnerabilities in the Microsoft Security Bulletin Summary for July 2009. The security bulletin describes any known issues related to the updates. |
Original Source
| Url : http://www.us-cert.gov/cas/techalerts/TA09-195A.html |
CAPEC : Common Attack Pattern Enumeration & Classification
| Id | Name |
|---|---|
| CAPEC-8 | Buffer Overflow in an API Call |
| CAPEC-9 | Buffer Overflow in Local Command-Line Utilities |
| CAPEC-10 | Buffer Overflow via Environment Variables |
| CAPEC-14 | Client-side Injection-induced Buffer Overflow |
| CAPEC-24 | Filter Failure through Buffer Overflow |
| CAPEC-42 | MIME Conversion |
| CAPEC-44 | Overflow Binary Resource File |
| CAPEC-45 | Buffer Overflow via Symbolic Links |
| CAPEC-46 | Overflow Variables and Tags |
| CAPEC-47 | Buffer Overflow via Parameter Expansion |
| CAPEC-100 | Overflow Buffers |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|---|---|
| 36 % | CWE-94 | Failure to Control Generation of Code ('Code Injection') |
| 21 % | CWE-264 | Permissions, Privileges, and Access Controls |
| 7 % | CWE-681 | Incorrect Conversion between Numeric Types |
| 7 % | CWE-399 | Resource Management Errors |
| 7 % | CWE-200 | Information Exposure |
| 7 % | CWE-189 | Numeric Errors (CWE/SANS Top 25) |
| 7 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
| 7 % | CWE-20 | Improper Input Validation |
OVAL Definitions
| Definition Id: oval:org.mitre.oval:def:5457 | |||
| Oval ID: | oval:org.mitre.oval:def:5457 | ||
| Title: | Embedded OpenType Font Heap Overflow Vulnerability | ||
| Description: | The Embedded OpenType (EOT) Font Engine (T2EMBED.DLL) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a crafted name table in a data record that triggers an integer truncation and a heap-based buffer overflow, aka "Embedded OpenType Font Heap Overflow Vulnerability." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2009-0231 | Version: | 4 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:5524 | |||
| Oval ID: | oval:org.mitre.oval:def:5524 | ||
| Title: | HTML Objects Memory Corruption Vulnerability | ||
| Description: | Microsoft Internet Explorer 5.01 SP4 and 6 SP1; Internet Explorer 6 for Windows XP SP2 and SP3 and Server 2003 SP2; and Internet Explorer 7 and 8 for Windows XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 do not properly handle table operations, which allows remote attackers to execute arbitrary code via a crafted HTML document that triggers memory corruption by adding malformed elements to an empty DIV element, related to the getElementsByTagName method, aka "HTML Objects Memory Corruption Vulnerability." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2009-1918 | Version: | 7 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 | Product(s): | Microsoft Internet Explorer |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:5649 | |||
| Oval ID: | oval:org.mitre.oval:def:5649 | ||
| Title: | Radius OTP Bypass Vulnerability | ||
| Description: | Microsoft Internet Security and Acceleration (ISA) Server 2006 Gold and SP1, when Radius OTP is enabled, uses the HTTP-Basic authentication method, which allows remote attackers to gain the privileges of an arbitrary account, and access published web pages, via vectors involving attempted access to a network resource behind the ISA Server, aka "Radius OTP Bypass Vulnerability." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2009-1135 | Version: | 5 |
| Platform(s): | Microsoft Windows Server 2003 | Product(s): | Microsoft Internet Security and Acceleration Server 2006 |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:5660 | |||
| Oval ID: | oval:org.mitre.oval:def:5660 | ||
| Title: | Uninitialized Memory Corruption Vulnerability | ||
| Description: | Microsoft Internet Explorer 5.01 SP4 and 6 SP1; Internet Explorer 6 for Windows XP SP2 and SP3 and Server 2003 SP2; and Internet Explorer 7 and 8 for Windows XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 do not properly handle attempts to access deleted objects in memory, which allows remote attackers to execute arbitrary code via an HTML document containing embedded style sheets that modify unspecified rule properties that cause the behavior element to be "improperly processed," aka "Uninitialized Memory Corruption Vulnerability." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2009-1919 | Version: | 7 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 | Product(s): | Microsoft Internet Explorer |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:5678 | |||
| Oval ID: | oval:org.mitre.oval:def:5678 | ||
| Title: | Embedded OpenType Font Integer Overflow Vulnerability | ||
| Description: | Integer overflow in the Embedded OpenType (EOT) Font Engine in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a crafted name table, aka "Embedded OpenType Font Integer Overflow Vulnerability." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2009-0232 | Version: | 4 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:5963 | |||
| Oval ID: | oval:org.mitre.oval:def:5963 | ||
| Title: | DirectX Pointer Validation Vulnerability | ||
| Description: | The QuickTime Movie Parser Filter in quartz.dll in DirectShow in Microsoft DirectX 7.0 through 9.0c on Windows 2000 SP4, Windows XP SP2 and SP3, and Windows Server 2003 SP2 performs updates to pointers without properly validating unspecified data values, which allows remote attackers to execute arbitrary code via a crafted QuickTime media file, aka "DirectX Pointer Validation Vulnerability." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2009-1538 | Version: | 3 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 | Product(s): | DirectX |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:6072 | |||
| Oval ID: | oval:org.mitre.oval:def:6072 | ||
| Title: | Memory Corruption Vulnerability | ||
| Description: | Microsoft Internet Explorer 6 SP1; Internet Explorer 6 for Windows XP SP2 and SP3 and Server 2003 SP2; and Internet Explorer 7 and 8 for Windows XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 do not properly handle attempts to access deleted objects in memory, which allows remote attackers to execute arbitrary code via a crafted HTML document that triggers memory corruption, aka "Memory Corruption Vulnerability." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2009-1917 | Version: | 7 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 | Product(s): | Microsoft Internet Explorer |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:6166 | |||
| Oval ID: | oval:org.mitre.oval:def:6166 | ||
| Title: | Virtual PC and Virtual Server Privileged Instruction Decoding Vulnerability | ||
| Description: | The Virtual Machine Monitor (VMM) in Microsoft Virtual PC 2004 SP1, 2007, and 2007 SP1, and Microsoft Virtual Server 2005 R2 SP1, does not enforce CPU privilege-level requirements for all machine instructions, which allows guest OS users to execute arbitrary kernel-mode code and gain privileges within the guest OS via a crafted application, aka "Virtual PC and Virtual Server Privileged Instruction Decoding Vulnerability." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2009-1542 | Version: | 3 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 | Product(s): | Microsoft Virtual Server 2005 Microsoft Virtual PC 2004 Microsoft Virtual PC 2007 |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:6237 | |||
| Oval ID: | oval:org.mitre.oval:def:6237 | ||
| Title: | DirectX NULL Byte Overwrite Vulnerability | ||
| Description: | Unspecified vulnerability in the QuickTime Movie Parser Filter in quartz.dll in DirectShow in Microsoft DirectX 7.0 through 9.0c on Windows 2000 SP4, Windows XP SP2 and SP3, and Windows Server 2003 SP2 allows remote attackers to execute arbitrary code via a crafted QuickTime media file, as exploited in the wild in May 2009, aka "DirectX NULL Byte Overwrite Vulnerability." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2009-1537 | Version: | 4 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 | Product(s): | DirectX |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:6245 | |||
| Oval ID: | oval:org.mitre.oval:def:6245 | ||
| Title: | ATL COM Initialization Vulnerability | ||
| Description: | The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold and SP1, and Visual C++ 2005 SP1 and 2008 Gold and SP1; and Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2; does not properly restrict use of OleLoadFromStream in instantiating objects from data streams, which allows remote attackers to execute arbitrary code via a crafted HTML document with an ATL (1) component or (2) control, related to ATL headers and bypassing security policies, aka "ATL COM Initialization Vulnerability." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2009-2493 | Version: | 8 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 | Product(s): | Microsoft Outlook Express Windows Media Player Windows ATL Component DHTML Editing Component ActiveX Control |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:6285 | |||
| Oval ID: | oval:org.mitre.oval:def:6285 | ||
| Title: | Pointer Dereference Vulnerability | ||
| Description: | Microsoft Office Publisher 2007 SP1 does not properly calculate object handler data for Publisher files, which allows remote attackers to execute arbitrary code via a crafted file in a legacy format that triggers memory corruption, aka "Pointer Dereference Vulnerability." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2009-0566 | Version: | 7 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista | Product(s): | Microsoft Publisher 2007 |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:6289 | |||
| Oval ID: | oval:org.mitre.oval:def:6289 | ||
| Title: | ATL Uninitialized Object Vulnerability | ||
| Description: | The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold, and Visual C++ 2005 SP1 and 2008 Gold and SP1; and Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2; does not prevent VariantClear calls on an uninitialized VARIANT, which allows remote attackers to execute arbitrary code via a malformed stream to an ATL (1) component or (2) control, related to ATL headers and error handling, aka "ATL Uninitialized Object Vulnerability." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2009-0901 | Version: | 8 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 | Product(s): | Microsoft Outlook Express Windows Media Player Windows ATL Component DHTML Editing Component ActiveX Control |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:6304 | |||
| Oval ID: | oval:org.mitre.oval:def:6304 | ||
| Title: | ATL COM Initialization Vulnerability | ||
| Description: | The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold and SP1, and Visual C++ 2005 SP1 and 2008 Gold and SP1; and Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2; does not properly restrict use of OleLoadFromStream in instantiating objects from data streams, which allows remote attackers to execute arbitrary code via a crafted HTML document with an ATL (1) component or (2) control, related to ATL headers and bypassing security policies, aka "ATL COM Initialization Vulnerability." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2009-2493 | Version: | 13 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 | Product(s): | Microsoft Visual Studio .NET 2003 Microsoft Visual Studio 2005 Microsoft Visual Studio 2008 Microsoft Visual C++ 2005 Redistributable Package Microsoft Visual C++ 2008 Redistributable Package |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:6305 | |||
| Oval ID: | oval:org.mitre.oval:def:6305 | ||
| Title: | ATL Null String Vulnerability | ||
| Description: | The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold and SP1, and Visual C++ 2005 SP1 and 2008 Gold and SP1 does not properly enforce string termination, which allows remote attackers to obtain sensitive information via a crafted HTML document with an ATL (1) component or (2) control that triggers a buffer over-read, related to ATL headers and buffer allocation, aka "ATL Null String Vulnerability." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2009-2495 | Version: | 15 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 | Product(s): | Microsoft Visual Studio .NET 2003 Microsoft Visual Studio 2005 Microsoft Visual Studio 2008 Microsoft Visual C++ 2005 Redistributable Package Microsoft Visual C++ 2008 Redistributable Package |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:6311 | |||
| Oval ID: | oval:org.mitre.oval:def:6311 | ||
| Title: | ATL Uninitialized Object Vulnerability | ||
| Description: | The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold, and Visual C++ 2005 SP1 and 2008 Gold and SP1; and Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2; does not prevent VariantClear calls on an uninitialized VARIANT, which allows remote attackers to execute arbitrary code via a malformed stream to an ATL (1) component or (2) control, related to ATL headers and error handling, aka "ATL Uninitialized Object Vulnerability." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2009-0901 | Version: | 13 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 | Product(s): | Microsoft Visual Studio .NET 2003 Microsoft Visual Studio 2005 Microsoft Visual Studio 2008 Microsoft Visual C++ 2005 Redistributable Package Microsoft Visual C++ 2008 Redistributable Package |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:6341 | |||
| Oval ID: | oval:org.mitre.oval:def:6341 | ||
| Title: | DirectX Size Validation Vulnerability | ||
| Description: | The QuickTime Movie Parser Filter in quartz.dll in DirectShow in Microsoft DirectX 7.0 through 9.0c on Windows 2000 SP4, Windows XP SP2 and SP3, and Windows Server 2003 SP2 does not properly validate unspecified size fields in QuickTime media files, which allows remote attackers to execute arbitrary code via a crafted file, aka "DirectX Size Validation Vulnerability." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2009-1539 | Version: | 3 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 | Product(s): | DirectX |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:6363 | |||
| Oval ID: | oval:org.mitre.oval:def:6363 | ||
| Title: | Microsoft Video ActiveX Control Vulnerability | ||
| Description: | Stack-based buffer overflow in the CComVariant::ReadFromStream function in the Active Template Library (ATL), as used in the MPEG2TuneRequest ActiveX control in msvidctl.dll in DirectShow, in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a crafted web page, as exploited in the wild in July 2009, aka "Microsoft Video ActiveX Control Vulnerability." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2008-0015 | Version: | 8 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 | Product(s): | Microsoft Outlook Express Windows Media Player Windows ATL Component DHTML Editing Component ActiveX Control |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:6373 | |||
| Oval ID: | oval:org.mitre.oval:def:6373 | ||
| Title: | ATL Uninitialized Object Vulnerability | ||
| Description: | The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold, and Visual C++ 2005 SP1 and 2008 Gold and SP1; and Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2; does not prevent VariantClear calls on an uninitialized VARIANT, which allows remote attackers to execute arbitrary code via a malformed stream to an ATL (1) component or (2) control, related to ATL headers and error handling, aka "ATL Uninitialized Object Vulnerability." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2009-0901 | Version: | 2 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 | Product(s): | Microsoft Outlook 2002 Microsoft Outlook 2003 Microsoft Outlook 2007 Microsoft Visio Viewer 2002 Microsoft Office Visio Viewer 2003 Microsoft Office Visio Viewer 2007 |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:6473 | |||
| Oval ID: | oval:org.mitre.oval:def:6473 | ||
| Title: | ATL COM Initialization Vulnerability | ||
| Description: | The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold and SP1, and Visual C++ 2005 SP1 and 2008 Gold and SP1; and Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2; does not properly restrict use of OleLoadFromStream in instantiating objects from data streams, which allows remote attackers to execute arbitrary code via a crafted HTML document with an ATL (1) component or (2) control, related to ATL headers and bypassing security policies, aka "ATL COM Initialization Vulnerability." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2009-2493 | Version: | 2 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 | Product(s): | Microsoft Outlook 2002 Microsoft Outlook 2003 Microsoft Outlook 2007 Microsoft Visio Viewer 2002 Microsoft Office Visio Viewer 2003 Microsoft Office Visio Viewer 2007 |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:6478 | |||
| Oval ID: | oval:org.mitre.oval:def:6478 | ||
| Title: | ATL Null String Vulnerability | ||
| Description: | The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold and SP1, and Visual C++ 2005 SP1 and 2008 Gold and SP1 does not properly enforce string termination, which allows remote attackers to obtain sensitive information via a crafted HTML document with an ATL (1) component or (2) control that triggers a buffer over-read, related to ATL headers and buffer allocation, aka "ATL Null String Vulnerability." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2009-2495 | Version: | 3 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 | Product(s): | Microsoft Outlook 2002 Microsoft Outlook 2003 Microsoft Outlook 2007 Microsoft Visio Viewer 2002 Microsoft Office Visio Viewer 2003 Microsoft Office Visio Viewer 2007 |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:6621 | |||
| Oval ID: | oval:org.mitre.oval:def:6621 | ||
| Title: | ATL COM Initialization Vulnerability (CVE-2009-2493) | ||
| Description: | The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold and SP1, and Visual C++ 2005 SP1 and 2008 Gold and SP1; and Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2; does not properly restrict use of OleLoadFromStream in instantiating objects from data streams, which allows remote attackers to execute arbitrary code via a crafted HTML document with an ATL (1) component or (2) control, related to ATL headers and bypassing security policies, aka "ATL COM Initialization Vulnerability." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2009-2493 | Version: | 1 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 | Product(s): | Microsoft Internet Explorer |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:7573 | |||
| Oval ID: | oval:org.mitre.oval:def:7573 | ||
| Title: | ATL Null String Vulnerability | ||
| Description: | The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold and SP1, and Visual C++ 2005 SP1 and 2008 Gold and SP1 does not properly enforce string termination, which allows remote attackers to obtain sensitive information via a crafted HTML document with an ATL (1) component or (2) control that triggers a buffer over-read, related to ATL headers and buffer allocation, aka "ATL Null String Vulnerability." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2009-2495 | Version: | 24 |
| Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 | Product(s): | Microsoft Outlook 2002 Microsoft Outlook 2003 Microsoft Outlook 2007 Microsoft Visio Viewer 2002 Microsoft Office Visio Viewer 2003 Microsoft Office Visio Viewer 2007 Microsoft Visual Studio .NET 2003 Microsoft Visual Studio 2005 Microsoft Visual Studio 2008 Microsoft Visual C++ 2005 Redistributable Package Microsoft Visual C++ 2008 Redistributable Package |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:7581 | |||
| Oval ID: | oval:org.mitre.oval:def:7581 | ||
| Title: | ATL Uninitialized Object Vulnerability | ||
| Description: | The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold, and Visual C++ 2005 SP1 and 2008 Gold and SP1; and Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2; does not prevent VariantClear calls on an uninitialized VARIANT, which allows remote attackers to execute arbitrary code via a malformed stream to an ATL (1) component or (2) control, related to ATL headers and error handling, aka "ATL Uninitialized Object Vulnerability." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2009-0901 | Version: | 35 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 | Product(s): | Microsoft Outlook 2002 Microsoft Outlook 2003 Microsoft Outlook 2007 Microsoft Visio Viewer 2002 Microsoft Office Visio Viewer 2003 Microsoft Office Visio Viewer 2007 Microsoft Visual Studio .NET 2003 Microsoft Visual Studio 2005 Microsoft Visual Studio 2008 Microsoft Visual C++ 2005 Redistributable Package Microsoft Visual C++ 2008 Redistributable Package Microsoft Outlook Express 5.5 Microsoft Outlook Express 6.0 Windows Media Player 9 Windows Media Player 10 Windows Media Player 11 |
| Definition Synopsis: | |||
| |||
CPE : Common Platform Enumeration
SAINT Exploits
| Description | Link |
|---|---|
| Microsoft DirectX DirectShow QuickTime movie parsing vulnerability | More info here |
| Microsoft DirectShow Video Streaming ActiveX IMPEG2TuneRequest Overflow | More info here |
| Visual Studio Active Template Library uninitialized object | More info here |
OpenVAS Exploits
| Date | Description |
|---|---|
| 2010-03-16 | Name : FreeBSD Ports: openoffice.org File : nvt/freebsd_openoffice.org.nasl |
| 2009-12-04 | Name : MS Internet Explorer 'Style' Object Remote Code Execution Vulnerability File : nvt/gb_ms_ie_style_object_remote_code_exec_vuln.nasl |
| 2009-11-11 | Name : SLES11: Security update for IBM Java 1.6.0 File : nvt/sles11_java-1_6_0-ibm1.nasl |
| 2009-10-14 | Name : Microsoft Windows ATL COM Initialization Code Execution Vulnerability (973525) File : nvt/secpod_ms09-055.nasl |
| 2009-10-14 | Name : MS ATL ActiveX Controls for MS Office Could Allow Remote Code Execution (973965) File : nvt/secpod_ms09-060.nasl |
| 2009-08-14 | Name : Vulnerabilities in Microsoft ATL Could Allow Remote Code Execution (973908) File : nvt/secpod_ms09-037.nasl |
| 2009-08-03 | Name : Microsoft Visual Studio ATL Remote Code Execution Vulnerability (969706) File : nvt/secpod_ms09-035.nasl |
| 2009-07-29 | Name : Cumulative Security Update for Internet Explorer (972260) File : nvt/secpod_ms09-034.nasl |
| 2009-07-15 | Name : Microsoft DirectShow Remote Code Execution Vulnerability (961373) File : nvt/secpod_ms09-028.nasl |
| 2009-07-15 | Name : Microsoft Embedded OpenType Font Engine Remote Code Execution Vulnerabilities... File : nvt/secpod_ms09-029.nasl |
| 2009-07-15 | Name : Microsoft Office Publisher Remote Code Execution Vulnerability (969516) File : nvt/secpod_ms09-030.nasl |
| 2009-07-15 | Name : Microsoft ISA Server Privilege Escalation Vulnerability (970953) File : nvt/secpod_ms09-031.nasl |
| 2009-07-15 | Name : Microsoft Virtual PC/Server Privilege Escalation Vulnerability (969856) File : nvt/secpod_ms09-033.nasl |
| 2009-07-09 | Name : Microsoft Video ActiveX Control 'msvidctl.dll' BOF Vulnerability File : nvt/gb_ms_video_actvx_bof_vuln_jul09.nasl |
| 2009-06-01 | Name : Vulnerability in Microsoft DirectShow Could Allow Remote Code Execution File : nvt/secpod_ms_directx_code_exec_vuln.nasl |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 56699 | Microsoft Visual Studio Active Template Library (ATL) String Manipulation Arb... |
| 56698 | Microsoft Visual Studio Active Template Library (ATL) Data Stream Object Inst... |
| 56696 | Microsoft Visual Studio Active Template Library (ATL) Headers VariantClear Co... |
| 56695 | Microsoft IE HTML Embedded CSS Property Modification Memory Corruption |
| 56694 | Microsoft IE Invalid HTML Object Element Appendage Handling Memory Corruption |
| 56693 | Microsoft IE timeChildren Object ondatasetcomplete Event Method Memory Corrup... |
| 55845 | Microsoft DirectX DirectShow quartz.dll QuickTime NumberOfEntries Field Memor... Microsoft Windows DirectDraw contains a flaw that may allow a malicious user to execute arbitrary code. The issue is triggered when Internet Explorer renders a malicious web page. It is possible that the flaw may allow arbitrary code execution resulting in a loss of confidentiality and/or availability. |
| 55844 | Microsoft DirectX DirectShow QuickTime File Pointer Validation Arbitrary Code... MS Windows DirectDraw contains a flaw that may allow a malicious user to execute arbitrary code. The issue is triggered when Internet Explorer renders a malicious web page. It is possible that the flaw may allow remote code execution resulting in a loss of integrity. |
| 55843 | Microsoft Windows Embedded OpenType (EOT) Font Name Tables Parsing Overflow |
| 55842 | Microsoft Windows Embedded OpenType (EOT) Font Data Record Parsing Overflow |
| 55838 | Microsoft Office Publisher PUBCONV.DLL Legacy Format Importation Pointer Dere... |
| 55837 | Microsoft Virtual PC / Virtual Server Instruction Decoding Unspecified Local ... |
| 55836 | Microsoft ISA Server 2006 Radius OTP Security Bypass ISA Server 2006 contains a flaw that may allow a malicious user to bypass authentication. The issue is triggered when the server receives a request from a user agent that indicates a fall-back to HTTP-Basic authentication and ISA does not properly authenticate the request. It is possible that the flaw may allow unauthenticated access resulting in a loss of confidentiality, integrity, and/or availability. |
| 55651 | Microsoft DirectShow Video Streaming ActiveX (msvidctl.dll) IMPEG2TuneRequest... A buffer overflow exists in Windows. The DirectShow ActiveX control fails to validate data passed to the IMPEG2TuneRequest interface resulting in a stack overflow. With a specially crafted website, a context-dependent attacker can cause arbitrary code execution resulting in a loss of integrity. |
| 54797 | Microsoft DirectX DirectShow quartz.dll QuickTime NULL Byte Overwrite Arbitra... |
Information Assurance Vulnerability Management (IAVM)
| Date | Description |
|---|---|
| 2009-10-15 | IAVM : 2009-A-0097 - Multiple Vulnerabilities in Microsoft Active Template Library Severity : Category II - VMSKEY : V0021756 |
| 2009-08-13 | IAVM : 2009-A-0067 - Multiple Vulnerabilities in Microsoft Active Template Library Severity : Category II - VMSKEY : V0019882 |
| 2009-07-30 | IAVM : 2009-B-0033 - Multiple Vulnerabilities in Visual Studio Active Template Library Severity : Category II - VMSKEY : V0019798 |
| 2009-07-16 | IAVM : 2009-B-0031 - Microsoft ISA Server Elevation of Privilege Vulnerability Severity : Category II - VMSKEY : V0019760 |
Snort® IPS/IDS
| Date | Description |
|---|---|
| 2019-10-17 | Microsoft DirectShow QuickTime file atom size parsing heap corruption attempt RuleID : 51557 - Revision : 1 - Type : OS-WINDOWS |
| 2019-10-17 | Microsoft DirectShow QuickTime file atom size parsing heap corruption attempt RuleID : 51556 - Revision : 1 - Type : OS-WINDOWS |
| 2019-10-17 | Microsoft DirectShow QuickTime file atom size parsing heap corruption attempt RuleID : 51555 - Revision : 1 - Type : OS-WINDOWS |
| 2014-01-10 | Microsoft Windows Embedded Open Type Font malformed name table platform type ... RuleID : 27251 - Revision : 2 - Type : FILE-OTHER |
| 2014-01-10 | Microsoft Windows Embedded Open Type Font malformed name table integer overfl... RuleID : 24535 - Revision : 4 - Type : FILE-OTHER |
| 2014-01-10 | Microsoft Windows Embedded Open Type Font malformed name table overflow attempt RuleID : 23566 - Revision : 4 - Type : FILE-OTHER |
| 2014-01-10 | Microsoft Windows AVI DirectShow QuickTime parsing overflow attempt RuleID : 23565 - Revision : 4 - Type : FILE-MULTIMEDIA |
| 2014-01-10 | Microsoft Windows Media Player DirectShow MPEG-2 memory corruption attempt RuleID : 20744 - Revision : 7 - Type : OS-WINDOWS |
| 2014-01-10 | Microsoft Office Publisher 2007 pointer dereference attempt RuleID : 19932 - Revision : 14 - Type : FILE-OFFICE |
| 2014-01-10 | Microsoft Internet Explorer empty table tag memory corruption attempt RuleID : 19814 - Revision : 9 - Type : BROWSER-IE |
| 2014-01-10 | ISA Server OTP-based Forms-authorization fallback policy bypass attempt RuleID : 17041 - Revision : 8 - Type : SERVER-OTHER |
| 2014-01-10 | Microsoft DirectShow 3 ActiveX exploit via JavaScript RuleID : 16602 - Revision : 10 - Type : BROWSER-PLUGINS |
| 2014-01-10 | Microsoft Excel Add-in for SQL Analysis Services 4 ActiveX clsid unicode access RuleID : 16166 - Revision : 6 - Type : WEB-ACTIVEX |
| 2014-01-10 | Microsoft Office Excel Add-in for SQL Analysis Services 4 ActiveX clsid access RuleID : 16165 - Revision : 13 - Type : BROWSER-PLUGINS |
| 2014-01-10 | Microsoft Excel Add-in for SQL Analysis Services 3 ActiveX clsid unicode access RuleID : 16164 - Revision : 6 - Type : WEB-ACTIVEX |
| 2014-01-10 | Microsoft Office Excel Add-in for SQL Analysis Services 3 ActiveX clsid access RuleID : 16163 - Revision : 13 - Type : BROWSER-PLUGINS |
| 2014-01-10 | Microsoft Excel Add-in for SQL Analysis Services 2 ActiveX clsid unicode access RuleID : 16162 - Revision : 6 - Type : WEB-ACTIVEX |
| 2014-01-10 | Microsoft Office Excel Add-in for SQL Analysis Services 2 ActiveX clsid access RuleID : 16161 - Revision : 13 - Type : BROWSER-PLUGINS |
| 2014-01-10 | Microsoft Excel Add-in for SQL Analysis Services 1 ActiveX clsid unicode access RuleID : 16160 - Revision : 6 - Type : WEB-ACTIVEX |
| 2014-01-10 | Microsoft Office Excel Add-in for SQL Analysis Services 1 ActiveX clsid access RuleID : 16159 - Revision : 13 - Type : BROWSER-PLUGINS |
| 2014-01-10 | Microsoft Video 6 ActiveX function call unicode access RuleID : 15905 - Revision : 6 - Type : WEB-ACTIVEX |
| 2014-01-10 | Microsoft Video 6 ActiveX function call access RuleID : 15904 - Revision : 6 - Type : WEB-ACTIVEX |
| 2014-01-10 | Microsoft Internet Explorer empty table tag memory corruption attempt RuleID : 15733 - Revision : 9 - Type : BROWSER-IE |
| 2014-01-10 | Microsoft Internet Explorer CSS handling memory corruption attempt RuleID : 15732 - Revision : 12 - Type : BROWSER-IE |
| 2014-01-10 | Microsoft Internet Explorer javascript deleted reference arbitrary code execu... RuleID : 15731 - Revision : 16 - Type : BROWSER-IE |
| 2014-01-10 | Microsoft Windows Embedded Open Type Font malformed name table platform type ... RuleID : 15695 - Revision : 15 - Type : FILE-OTHER |
| 2014-01-10 | Microsoft Windows Embedded Open Type Font malformed name table integer overfl... RuleID : 15694 - Revision : 17 - Type : FILE-OTHER |
| 2014-01-10 | Microsoft Windows Embedded Open Type Font malformed name table overflow attempt RuleID : 15693 - Revision : 16 - Type : FILE-OTHER |
| 2014-01-10 | ISA Server OTP-based Forms-authorization fallback policy bypass attempt RuleID : 15683 - Revision : 10 - Type : SERVER-OTHER |
| 2014-01-10 | Microsoft Windows DirectShow QuickTime file stsc atom parsing heap corruption... RuleID : 15682 - Revision : 16 - Type : FILE-MULTIMEDIA |
| 2014-01-10 | Microsoft Office Publisher 2007 file format arbitrary code execution attempt RuleID : 15681 - Revision : 14 - Type : FILE-OFFICE |
| 2014-01-10 | Microsoft DirectShow QuickTime file atom size parsing heap corruption attempt RuleID : 15680 - Revision : 9 - Type : OS-WINDOWS |
| 2014-01-10 | Microsoft DirectShow ActiveX exploit via JavaScript - unicode encoding RuleID : 15679 - Revision : 12 - Type : BROWSER-PLUGINS |
| 2014-01-10 | Microsoft DirectShow ActiveX exploit via JavaScript RuleID : 15678 - Revision : 10 - Type : BROWSER-PLUGINS |
| 2014-01-10 | Microsoft Video 9 ActiveX clsid unicode access RuleID : 15677 - Revision : 8 - Type : WEB-ACTIVEX |
| 2014-01-10 | Microsoft Video 9 ActiveX clsid access RuleID : 15676 - Revision : 13 - Type : BROWSER-PLUGINS |
| 2014-01-10 | Microsoft Video 8 ActiveX clsid unicode access RuleID : 15675 - Revision : 8 - Type : WEB-ACTIVEX |
| 2014-01-10 | Microsoft Video 8 ActiveX clsid access RuleID : 15674 - Revision : 13 - Type : BROWSER-PLUGINS |
| 2014-01-10 | Microsoft Video 7 ActiveX clsid unicode access RuleID : 15673 - Revision : 8 - Type : WEB-ACTIVEX |
| 2014-01-10 | Microsoft Video 7 ActiveX clsid access RuleID : 15672 - Revision : 15 - Type : BROWSER-PLUGINS |
| 2014-01-10 | Microsoft Video 6 ActiveX function call RuleID : 15671 - Revision : 15 - Type : BROWSER-PLUGINS |
| 2014-01-10 | Microsoft Video 6 ActiveX clsid access RuleID : 15670 - Revision : 18 - Type : BROWSER-PLUGINS |
| 2014-01-10 | Microsoft Video 5 ActiveX clsid unicode access RuleID : 15669 - Revision : 8 - Type : WEB-ACTIVEX |
| 2014-01-10 | Microsoft Video 5 ActiveX clsid access RuleID : 15668 - Revision : 13 - Type : BROWSER-PLUGINS |
| 2014-01-10 | Microsoft Video 45 ActiveX clsid unicode access RuleID : 15667 - Revision : 8 - Type : WEB-ACTIVEX |
| 2014-01-10 | Microsoft Video 45 ActiveX clsid access RuleID : 15666 - Revision : 13 - Type : BROWSER-PLUGINS |
| 2014-01-10 | Microsoft Video 44 ActiveX clsid unicode access RuleID : 15665 - Revision : 8 - Type : WEB-ACTIVEX |
| 2014-01-10 | Microsoft Video 44 ActiveX clsid access RuleID : 15664 - Revision : 13 - Type : BROWSER-PLUGINS |
| 2014-01-10 | Microsoft Video 43 ActiveX clsid unicode access RuleID : 15663 - Revision : 8 - Type : WEB-ACTIVEX |
| 2014-01-10 | Microsoft Video 43 ActiveX clsid access RuleID : 15662 - Revision : 13 - Type : BROWSER-PLUGINS |
| 2014-01-10 | Microsoft Video 42 ActiveX clsid unicode access RuleID : 15661 - Revision : 8 - Type : WEB-ACTIVEX |
| 2014-01-10 | Microsoft Video 42 ActiveX clsid access RuleID : 15660 - Revision : 13 - Type : BROWSER-PLUGINS |
| 2014-01-10 | Microsoft Video 41 ActiveX clsid unicode access RuleID : 15659 - Revision : 8 - Type : WEB-ACTIVEX |
| 2014-01-10 | Microsoft Video 41 ActiveX clsid access RuleID : 15658 - Revision : 13 - Type : BROWSER-PLUGINS |
| 2014-01-10 | Microsoft Video 40 ActiveX clsid unicode access RuleID : 15657 - Revision : 8 - Type : WEB-ACTIVEX |
| 2014-01-10 | Microsoft Video 40 ActiveX clsid access RuleID : 15656 - Revision : 13 - Type : BROWSER-PLUGINS |
| 2014-01-10 | Microsoft Video 4 ActiveX clsid unicode access RuleID : 15655 - Revision : 8 - Type : WEB-ACTIVEX |
| 2014-01-10 | Microsoft Video 4 ActiveX clsid access RuleID : 15654 - Revision : 13 - Type : BROWSER-PLUGINS |
| 2014-01-10 | Microsoft Video 39 ActiveX clsid unicode access RuleID : 15653 - Revision : 8 - Type : WEB-ACTIVEX |
| 2014-01-10 | Microsoft Video 39 ActiveX clsid access RuleID : 15652 - Revision : 13 - Type : BROWSER-PLUGINS |
| 2014-01-10 | Microsoft Video 38 ActiveX clsid unicode access RuleID : 15651 - Revision : 8 - Type : WEB-ACTIVEX |
| 2014-01-10 | Microsoft Video 38 ActiveX clsid access RuleID : 15650 - Revision : 13 - Type : BROWSER-PLUGINS |
| 2014-01-10 | Microsoft Video 37 ActiveX clsid unicode access RuleID : 15649 - Revision : 8 - Type : WEB-ACTIVEX |
| 2014-01-10 | Microsoft Video 37 ActiveX clsid access RuleID : 15648 - Revision : 13 - Type : BROWSER-PLUGINS |
| 2014-01-10 | Microsoft Video 36 ActiveX clsid unicode access RuleID : 15647 - Revision : 8 - Type : WEB-ACTIVEX |
| 2014-01-10 | Microsoft Video 36 ActiveX clsid access RuleID : 15646 - Revision : 13 - Type : BROWSER-PLUGINS |
| 2014-01-10 | Microsoft Video 35 ActiveX clsid unicode access RuleID : 15645 - Revision : 8 - Type : WEB-ACTIVEX |
| 2014-01-10 | Microsoft Video 35 ActiveX clsid access RuleID : 15644 - Revision : 13 - Type : BROWSER-PLUGINS |
| 2014-01-10 | Microsoft Video 34 ActiveX clsid unicode access RuleID : 15643 - Revision : 8 - Type : WEB-ACTIVEX |
| 2014-01-10 | Microsoft Video 34 ActiveX clsid access RuleID : 15642 - Revision : 13 - Type : BROWSER-PLUGINS |
| 2014-01-10 | Microsoft Video 33 ActiveX clsid unicode access RuleID : 15641 - Revision : 8 - Type : WEB-ACTIVEX |
| 2014-01-10 | Microsoft Video 33 ActiveX clsid access RuleID : 15640 - Revision : 13 - Type : BROWSER-PLUGINS |
| 2014-01-10 | Microsoft Video 32 ActiveX clsid unicode access RuleID : 15639 - Revision : 10 - Type : WEB-ACTIVEX |
| 2014-01-10 | Microsoft Video 32 ActiveX clsid access RuleID : 15638 - Revision : 18 - Type : BROWSER-PLUGINS |
| 2014-01-10 | Microsoft Video 31 ActiveX clsid unicode access RuleID : 15637 - Revision : 8 - Type : WEB-ACTIVEX |
| 2014-01-10 | Microsoft Video 31 ActiveX clsid access RuleID : 15636 - Revision : 13 - Type : BROWSER-PLUGINS |
| 2014-01-10 | Microsoft Video 30 ActiveX clsid unicode access RuleID : 15635 - Revision : 8 - Type : WEB-ACTIVEX |
| 2014-01-10 | Microsoft Video 30 ActiveX clsid access RuleID : 15634 - Revision : 13 - Type : BROWSER-PLUGINS |
| 2014-01-10 | Microsoft Video 3 ActiveX clsid unicode access RuleID : 15633 - Revision : 8 - Type : WEB-ACTIVEX |
| 2014-01-10 | Microsoft Video 3 ActiveX clsid access RuleID : 15632 - Revision : 13 - Type : BROWSER-PLUGINS |
| 2014-01-10 | Microsoft Video 29 ActiveX clsid unicode access RuleID : 15631 - Revision : 8 - Type : WEB-ACTIVEX |
| 2014-01-10 | Microsoft Video 29 ActiveX clsid access RuleID : 15630 - Revision : 13 - Type : BROWSER-PLUGINS |
| 2014-01-10 | Microsoft Video 28 ActiveX clsid unicode access RuleID : 15629 - Revision : 8 - Type : WEB-ACTIVEX |
| 2014-01-10 | Microsoft Video 28 ActiveX clsid access RuleID : 15628 - Revision : 13 - Type : BROWSER-PLUGINS |
| 2014-01-10 | Microsoft Video 27 ActiveX clsid unicode access RuleID : 15627 - Revision : 8 - Type : WEB-ACTIVEX |
| 2014-01-10 | Microsoft Video 27 ActiveX clsid access RuleID : 15626 - Revision : 13 - Type : BROWSER-PLUGINS |
| 2014-01-10 | Microsoft Video 26 ActiveX clsid unicode access RuleID : 15625 - Revision : 8 - Type : WEB-ACTIVEX |
| 2014-01-10 | Microsoft Video 26 ActiveX clsid access RuleID : 15624 - Revision : 13 - Type : BROWSER-PLUGINS |
| 2014-01-10 | Microsoft Video 25 ActiveX clsid unicode access RuleID : 15623 - Revision : 8 - Type : WEB-ACTIVEX |
| 2014-01-10 | Microsoft Video 25 ActiveX clsid access RuleID : 15622 - Revision : 13 - Type : BROWSER-PLUGINS |
| 2014-01-10 | Microsoft Video 24 ActiveX clsid unicode access RuleID : 15621 - Revision : 8 - Type : WEB-ACTIVEX |
| 2014-01-10 | Microsoft Video 24 ActiveX clsid access RuleID : 15620 - Revision : 13 - Type : BROWSER-PLUGINS |
| 2014-01-10 | Microsoft Video 23 ActiveX clsid unicode access RuleID : 15619 - Revision : 8 - Type : WEB-ACTIVEX |
| 2014-01-10 | Microsoft Video 23 ActiveX clsid access RuleID : 15618 - Revision : 13 - Type : BROWSER-PLUGINS |
| 2014-01-10 | Microsoft Video 22 ActiveX clsid unicode access RuleID : 15617 - Revision : 8 - Type : WEB-ACTIVEX |
| 2014-01-10 | Microsoft Video 22 ActiveX clsid access RuleID : 15616 - Revision : 13 - Type : BROWSER-PLUGINS |
| 2014-01-10 | Microsoft Video 21 ActiveX clsid unicode access RuleID : 15615 - Revision : 8 - Type : WEB-ACTIVEX |
| 2014-01-10 | Microsoft Video 21 ActiveX clsid access RuleID : 15614 - Revision : 13 - Type : BROWSER-PLUGINS |
| 2014-01-10 | Microsoft Video 20 ActiveX clsid unicode access RuleID : 15613 - Revision : 8 - Type : WEB-ACTIVEX |
| 2014-01-10 | Microsoft Video 20 ActiveX clsid access RuleID : 15612 - Revision : 13 - Type : BROWSER-PLUGINS |
| 2014-01-10 | Microsoft Video 2 ActiveX clsid unicode access RuleID : 15611 - Revision : 8 - Type : WEB-ACTIVEX |
| 2014-01-10 | Microsoft Video 2 ActiveX clsid access RuleID : 15610 - Revision : 13 - Type : BROWSER-PLUGINS |
| 2014-01-10 | Microsoft Video 19 ActiveX clsid unicode access RuleID : 15609 - Revision : 8 - Type : WEB-ACTIVEX |
| 2014-01-10 | Microsoft Video 19 ActiveX clsid access RuleID : 15608 - Revision : 13 - Type : BROWSER-PLUGINS |
| 2014-01-10 | Microsoft Video 18 ActiveX clsid unicode access RuleID : 15607 - Revision : 8 - Type : WEB-ACTIVEX |
| 2014-01-10 | Microsoft Video 18 ActiveX clsid access RuleID : 15606 - Revision : 13 - Type : BROWSER-PLUGINS |
| 2014-01-10 | Microsoft Video 17 ActiveX clsid unicode access RuleID : 15605 - Revision : 8 - Type : WEB-ACTIVEX |
| 2014-01-10 | Microsoft Video 17 ActiveX clsid access RuleID : 15604 - Revision : 13 - Type : BROWSER-PLUGINS |
| 2014-01-10 | Microsoft Video 16 ActiveX clsid unicode access RuleID : 15603 - Revision : 8 - Type : WEB-ACTIVEX |
| 2014-01-10 | Microsoft Video 16 ActiveX clsid access RuleID : 15602 - Revision : 13 - Type : BROWSER-PLUGINS |
| 2014-01-10 | Microsoft Video 15 ActiveX clsid unicode access RuleID : 15601 - Revision : 8 - Type : WEB-ACTIVEX |
| 2014-01-10 | Microsoft Video 15 ActiveX clsid access RuleID : 15600 - Revision : 13 - Type : BROWSER-PLUGINS |
| 2014-01-10 | Microsoft Video 14 ActiveX clsid unicode access RuleID : 15599 - Revision : 8 - Type : WEB-ACTIVEX |
| 2014-01-10 | Microsoft Video 14 ActiveX clsid access RuleID : 15598 - Revision : 13 - Type : BROWSER-PLUGINS |
| 2014-01-10 | Microsoft Video 13 ActiveX clsid unicode access RuleID : 15597 - Revision : 8 - Type : WEB-ACTIVEX |
| 2014-01-10 | Microsoft Video 13 ActiveX clsid access RuleID : 15596 - Revision : 13 - Type : BROWSER-PLUGINS |
| 2014-01-10 | Microsoft Video 12 ActiveX clsid unicode access RuleID : 15595 - Revision : 8 - Type : WEB-ACTIVEX |
| 2014-01-10 | Microsoft Video 12 ActiveX clsid access RuleID : 15594 - Revision : 13 - Type : BROWSER-PLUGINS |
| 2014-01-10 | Microsoft Video 11 ActiveX clsid unicode access RuleID : 15593 - Revision : 8 - Type : WEB-ACTIVEX |
| 2014-01-10 | Microsoft Video 11 ActiveX clsid access RuleID : 15592 - Revision : 13 - Type : BROWSER-PLUGINS |
| 2014-01-10 | Microsoft Video 10 ActiveX clsid unicode access RuleID : 15591 - Revision : 8 - Type : WEB-ACTIVEX |
| 2014-01-10 | Microsoft Video 10 ActiveX clsid access RuleID : 15590 - Revision : 13 - Type : BROWSER-PLUGINS |
| 2014-01-10 | Microsoft Video 1 ActiveX clsid unicode access RuleID : 15589 - Revision : 8 - Type : WEB-ACTIVEX |
| 2014-01-10 | Microsoft Video 1 ActiveX clsid access RuleID : 15588 - Revision : 13 - Type : BROWSER-PLUGINS |
| 2014-01-10 | Microsoft Windows AVI DirectShow QuickTime parsing overflow attempt RuleID : 15517 - Revision : 18 - Type : FILE-MULTIMEDIA |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2011-01-27 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_flash-player-6386.nasl - Type : ACT_GATHER_INFO |
| 2010-10-11 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_java-1_5_0-ibm-6741.nasl - Type : ACT_GATHER_INFO |
| 2010-03-01 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_c97d7a37223311df96dd001b2134ef46.nasl - Type : ACT_GATHER_INFO |
| 2010-02-12 | Name : The remote Windows host has a program affected by multiple buffer overflows. File : openoffice_32.nasl - Type : ACT_GATHER_INFO |
| 2010-01-08 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_java-1_5_0-ibm-6740.nasl - Type : ACT_GATHER_INFO |
| 2009-12-27 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12564.nasl - Type : ACT_GATHER_INFO |
| 2009-12-08 | Name : Arbitrary code can be executed on the remote host through a web browser. File : smb_nt_ms09-072.nasl - Type : ACT_GATHER_INFO |
| 2009-11-05 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_java-1_6_0-ibm-091102.nasl - Type : ACT_GATHER_INFO |
| 2009-10-14 | Name : Arbitrary code can be executed on the remote host through Microsoft Office Ac... File : smb_nt_ms09-060.nasl - Type : ACT_GATHER_INFO |
| 2009-10-13 | Name : The remote Windows host has multiple ActiveX controls that are affected by mu... File : smb_nt_ms09-055.nasl - Type : ACT_GATHER_INFO |
| 2009-10-06 | Name : The remote openSUSE host is missing a security update. File : suse_flash-player-6387.nasl - Type : ACT_GATHER_INFO |
| 2009-09-24 | Name : The remote SuSE 11 host is missing a security update. File : suse_11_flash-player-090731.nasl - Type : ACT_GATHER_INFO |
| 2009-08-11 | Name : Arbitrary code can be executed on the remote host through Microsoft Active Te... File : smb_nt_ms09-037.nasl - Type : ACT_GATHER_INFO |
| 2009-08-05 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_flash-player-090731.nasl - Type : ACT_GATHER_INFO |
| 2009-08-05 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_flash-player-090731.nasl - Type : ACT_GATHER_INFO |
| 2009-07-30 | Name : The remote Windows host contains a browser plugin that is affected by multipl... File : flash_player_apsb09_10.nasl - Type : ACT_GATHER_INFO |
| 2009-07-30 | Name : Arbitrary code can be executed on the remote host through Microsoft Active Te... File : smb_nt_ms09-035.nasl - Type : ACT_GATHER_INFO |
| 2009-07-29 | Name : The remote Windows host contains an Internet Explorer plugin which uses a vul... File : shockwave_player_apsb09_11.nasl - Type : ACT_GATHER_INFO |
| 2009-07-28 | Name : Arbitrary code can be executed on the remote host through a web browser. File : smb_nt_ms09-034.nasl - Type : ACT_GATHER_INFO |
| 2009-07-14 | Name : The remote host contains an application that is affected by a privilege escal... File : smb_nt_ms09-033.nasl - Type : ACT_GATHER_INFO |
| 2009-07-14 | Name : The remote host contains an application that is affected by a privilege escal... File : smb_nt_ms09-031.nasl - Type : ACT_GATHER_INFO |
| 2009-07-14 | Name : It is possible to execute arbitrary code on the remote Windows host using Mic... File : smb_nt_ms09-030.nasl - Type : ACT_GATHER_INFO |
| 2009-07-14 | Name : It is possible to execute arbitrary code on the remote Windows host using the... File : smb_nt_ms09-029.nasl - Type : ACT_GATHER_INFO |
| 2009-07-14 | Name : It is possible to execute arbitrary code on the remote Windows host using Dir... File : smb_nt_ms09-028.nasl - Type : ACT_GATHER_INFO |
| 2009-07-07 | Name : The remote Windows host is missing a security update containing ActiveX kill ... File : smb_kb_972890.nasl - Type : ACT_GATHER_INFO |
