Executive Summary



This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Summary
Title Microsoft Updates for Multiple Vulnerabilities
Informations
Name TA11-102A First vendor Publication 2011-04-12
Vendor US-CERT Last vendor Modification 2011-04-12
Severity (Vendor) N/A Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score 10 Attack Range Network
Cvss Impact Score 10 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

There are multiple vulnerabilities in Microsoft Windows, Office, Internet Explorer, and Visual Studio. Microsoft has released updates to address these vulnerabilities.

I. Description

The Microsoft Security Bulletin Summary for April 2011 describes multiple vulnerabilities in Microsoft Windows, Office, Internet Explorer, and Visual Studio. Microsoft has released updates to address the vulnerabilities.

II. Impact

A remote, unauthenticated attacker could execute arbitrary code, cause a denial of service, or gain unauthorized access to your files or system.

III. Solution

Apply updates

Microsoft has provided updates for these vulnerabilities in the Microsoft Security Bulletin Summary for April 2011. That bulletin describes any known issues related to the updates. Administrators are encouraged to note these issues and test for any potentially adverse effects. In addition, administrators should consider using an automated update distribution system such as Windows Server Update Services (WSUS).

Original Source

Url : http://www.us-cert.gov/cas/techalerts/TA11-102A.html

CWE : Common Weakness Enumeration

% Id Name
44 % CWE-399 Resource Management Errors
19 % CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
15 % CWE-20 Improper Input Validation
8 % CWE-189 Numeric Errors (CWE/SANS Top 25)
4 % CWE-264 Permissions, Privileges, and Access Controls
2 % CWE-476 NULL Pointer Dereference
2 % CWE-426 Untrusted Search Path
2 % CWE-200 Information Exposure
2 % CWE-94 Failure to Control Generation of Code ('Code Injection')
2 % CWE-79 Failure to Preserve Web Page Structure ('Cross-site Scripting') (CWE/SANS Top 25)

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:11676
 
Oval ID: oval:org.mitre.oval:def:11676
Title: Excel Record Parsing WriteAV Vulnerability
Description: Microsoft Excel 2002 SP3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted RealTimeData record, related to a stTopic field, doubly-byte characters, and an incorrect pointer calculation, aka "Excel Record Parsing WriteAV Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2011-0101
Version: 6
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows Server 2008
Microsoft Windows 7
Product(s): Microsoft Excel 2002
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:11708
 
Oval ID: oval:org.mitre.oval:def:11708
Title: Win32k Use After Free Vulnerability (CVE-2011-0674)
Description: Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2011-0674
Version: 9
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows 7
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:11726
 
Oval ID: oval:org.mitre.oval:def:11726
Title: Win32k Use After Free Vulnerability (CVE-2011-1239)
Description: Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2011-1239
Version: 9
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows 7
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:11761
 
Oval ID: oval:org.mitre.oval:def:11761
Title: Persist Directory RCE Vulnerability
Description: Microsoft PowerPoint 2002 SP3, 2003 SP3, 2007 SP2, and 2010; Office 2004, 2008, and 2011 for Mac; Open XML File Format Converter for Mac; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2; PowerPoint Viewer; PowerPoint Viewer 2007 SP2; and PowerPoint Web App do not properly validate PersistDirectoryEntry records in PowerPoint documents, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a Slide with a malformed record, which triggers an exception and later use of an unspecified method, aka "Persist Directory RCE Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2011-0656
Version: 13
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows 7
Product(s): Microsoft Office PowerPoint 2002
Microsoft Office PowerPoint 2003
Microsoft Office PowerPoint 2007
Microsoft Office PowerPoint 2010
Microsoft Office Compatibility Pack
Microsoft PowerPoint Viewer 2007
Microsoft PowerPoint Viewer
soft PowerPoint Web App
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:11767
 
Oval ID: oval:org.mitre.oval:def:11767
Title: Excel Buffer Overwrite Vulnerability
Description: Microsoft Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted HLink record in an Excel file, aka "Excel Buffer Overwrite Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2011-0104
Version: 6
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows Server 2008
Microsoft Windows 7
Product(s): Microsoft Excel 2002
Microsoft Excel 2003
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:11812
 
Oval ID: oval:org.mitre.oval:def:11812
Title: Win32k Null Pointer De-reference Vulnerability (CVE-2011-1233)
Description: win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2011-1233
Version: 9
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows 7
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:11838
 
Oval ID: oval:org.mitre.oval:def:11838
Title: DEPRECATED: Use-after-free vulnerability in the ReleaseInterface function in MSHTML.DLL in Microsoft Internet Explorer 8.0.7600.16385
Description: Use-after-free vulnerability in the ReleaseInterface function in MSHTML.DLL in Microsoft Internet Explorer 8.0.7600.16385 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to the DOM implementation and the BreakAASpecial and BreakCircularMemoryReferences functions, as demonstrated by cross_fuzz, involving circular memory references.
Family: windows Class: vulnerability
Reference(s): CVE-2011-0346
Version: 4
Platform(s): Microsoft Windows 2000
Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows XP
Product(s): Microsoft Internet Explorer
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:11854
 
Oval ID: oval:org.mitre.oval:def:11854
Title: GDI+ Integer Overflow Vulnerability
Description: Integer overflow in gdiplus.dll in GDI+ in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold and SP2, and Office XP SP3 allows remote attackers to execute arbitrary code via a crafted EMF image, aka "GDI+ Integer Overflow Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2011-0041
Version: 12
Platform(s): Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Product(s): Microsoft Office XP
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:11860
 
Oval ID: oval:org.mitre.oval:def:11860
Title: OpenType Font Stack Overflow Vulnerability
Description: Stack-based buffer overflow in the OpenType Compact Font Format (aka OTF or CFF) driver in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via crafted parameter values in an OpenType font, aka "OpenType Font Stack Overflow Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2011-0034
Version: 5
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows 7
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:11882
 
Oval ID: oval:org.mitre.oval:def:11882
Title: MSHTML Memory Corruption Vulnerability
Description: Use-after-free vulnerability in the ReleaseInterface function in MSHTML.DLL in Microsoft Internet Explorer 6, 7, and 8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to the DOM implementation and the BreakAASpecial and BreakCircularMemoryReferences functions, as demonstrated by cross_fuzz, aka "MSHTML Memory Corruption Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2011-0346
Version: 10
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows 7
Product(s): Microsoft Internet Explorer 6
Microsoft Internet Explorer 7
Microsoft Internet Explorer 8
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:11902
 
Oval ID: oval:org.mitre.oval:def:11902
Title: DNS Query Vulnerability
Description: DNSAPI.dll in the DNS client in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly process DNS queries, which allows remote attackers to execute arbitrary code via (1) a crafted LLMNR broadcast query or (2) a crafted application, aka "DNS Query Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2011-0657
Version: 5
Platform(s): Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows 7
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:11942
 
Oval ID: oval:org.mitre.oval:def:11942
Title: Win32k Use After Free Vulnerability (CVE-2011-0671)
Description: Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2011-0671
Version: 9
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows 7
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:11978
 
Oval ID: oval:org.mitre.oval:def:11978
Title: OfficeArt Atom RCE Vulnerability
Description: Microsoft PowerPoint 2002 SP3, 2003 SP3, and 2007 SP2; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2; and PowerPoint Viewer 2007 SP2 do not properly handle Office Art containers that have invalid records, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a PowerPoint document with a container that triggers certain access to an uninitialized object, aka "OfficeArt Atom RCE Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2011-0976
Version: 9
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows 7
Product(s): Microsoft Office PowerPoint 2002
Microsoft Office PowerPoint 2003
Microsoft Office PowerPoint 2007
Microsoft Office Compatibility Pack
Microsoft PowerPoint Viewer 2007
Microsoft PowerPoint Viewer
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:11995
 
Oval ID: oval:org.mitre.oval:def:11995
Title: SMB Client Response Parsing Vulnerability
Description: The SMB client in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote SMB servers to execute arbitrary code via a crafted (1) SMBv1 or (2) SMBv2 response, aka "SMB Client Response Parsing Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2011-0660
Version: 7
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:12014
 
Oval ID: oval:org.mitre.oval:def:12014
Title: Win32k Null Pointer De-reference Vulnerability (CVE-2011-1225)
Description: win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2011-1225
Version: 9
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows 7
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:12017
 
Oval ID: oval:org.mitre.oval:def:12017
Title: Win32k Null Pointer De-reference Vulnerability (CVE-2011-1228)
Description: win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2011-1228
Version: 9
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows 7
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:12018
 
Oval ID: oval:org.mitre.oval:def:12018
Title: Excel Dangling Pointer Vulnerability
Description: Microsoft Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly parse Office Art objects, which allows remote attackers to execute arbitrary code via vectors related to a function pointer, aka "Excel Dangling Pointer Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2011-0980
Version: 6
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows Server 2008
Microsoft Windows 7
Product(s): Microsoft Excel 2002
Microsoft Excel 2003
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:12034
 
Oval ID: oval:org.mitre.oval:def:12034
Title: Excel Heap Overflow Vulnerability
Description: Integer signedness error in Microsoft Excel 2002 SP3, 2003 SP3, 2007 SP2, and 2010; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Excel Viewer SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2 allows remote attackers to execute arbitrary code via an XLS file with a large record size, aka "Excel Heap Overflow Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2011-0098
Version: 12
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows Server 2008
Microsoft Windows 7
Product(s): Microsoft Excel 2002
Microsoft Excel 2003
Microsoft Excel 2010
Microsoft Office Excel Viewer
Microsoft Office Compatibility Pack
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:12036
 
Oval ID: oval:org.mitre.oval:def:12036
Title: Win32k Null Pointer De-reference Vulnerability (CVE-2011-1231)
Description: win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2011-1231
Version: 9
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows 7
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:12076
 
Oval ID: oval:org.mitre.oval:def:12076
Title: SMB Transaction Parsing Vulnerability
Description: The SMB Server service in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly validate fields in SMB requests, which allows remote attackers to execute arbitrary code via a malformed request in a (1) SMBv1 or (2) SMBv2 packet, aka "SMB Transaction Parsing Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2011-0661
Version: 5
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows 7
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:12164
 
Oval ID: oval:org.mitre.oval:def:12164
Title: Win32k Null Pointer De-reference Vulnerability (CVE-2011-1230)
Description: win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2011-1230
Version: 9
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows 7
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:12167
 
Oval ID: oval:org.mitre.oval:def:12167
Title: Win32k Use After Free Vulnerability (CVE-2011-0672)
Description: Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2011-0672
Version: 9
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows 7
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:12183
 
Oval ID: oval:org.mitre.oval:def:12183
Title: Win32k Use After Free Vulnerability (CVE-2011-0675)
Description: Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2011-0675
Version: 10
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows 7
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:12221
 
Oval ID: oval:org.mitre.oval:def:12221
Title: Win32k Use After Free Vulnerability (CVE-2011-1234)
Description: Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2011-1234
Version: 9
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows 7
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:12228
 
Oval ID: oval:org.mitre.oval:def:12228
Title: Object Management Memory Corruption Vulnerability
Description: Microsoft Internet Explorer 6, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, as demonstrated by Stephen Fewer as the first of three chained vulnerabilities during a Pwn2Own competition at CanSecWest 2011, aka "Object Management Memory Corruption Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2011-1345
Version: 9
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows 7
Product(s): Microsoft Internet Explorer 6
Microsoft Internet Explorer 7
Microsoft Internet Explorer 8
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:12301
 
Oval ID: oval:org.mitre.oval:def:12301
Title: WordPad Converter Parsing Vulnerability
Description: WordPad in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly parse fields in Word documents, which allows remote attackers to execute arbitrary code via a crafted .doc file, aka "WordPad Converter Parsing Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2011-0028
Version: 8
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:12302
 
Oval ID: oval:org.mitre.oval:def:12302
Title: Win32k Use After Free Vulnerability (CVE-2011-1235)
Description: Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2011-1235
Version: 9
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows 7
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:12337
 
Oval ID: oval:org.mitre.oval:def:12337
Title: Win32k Use After Free Vulnerability (CVE-2011-0670)
Description: Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2011-0670
Version: 9
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows 7
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:12339
 
Oval ID: oval:org.mitre.oval:def:12339
Title: Microsoft Office Graphic Object Dereferencing Vulnerability
Description: Use-after-free vulnerability in Microsoft Office XP SP3, Office 2003 SP3, Office 2007 SP2, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via malformed shape data in the Office drawing file format, aka "Microsoft Office Graphic Object Dereferencing Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2011-0977
Version: 6
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows Server 2008
Microsoft Windows 7
Product(s): Microsoft Office XP
Microsoft Office 2003
Microsoft Office 2007
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:12340
 
Oval ID: oval:org.mitre.oval:def:12340
Title: Win32k Use After Free Vulnerability (CVE-2011-0667)
Description: Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2011-0667
Version: 9
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows 7
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:12347
 
Oval ID: oval:org.mitre.oval:def:12347
Title: Win32k Use After Free Vulnerability (CVE-2011-0666)
Description: Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2011-0666
Version: 9
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows 7
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:12385
 
Oval ID: oval:org.mitre.oval:def:12385
Title: Javascript Information Disclosure Vulnerability
Description: Microsoft Internet Explorer 6 and 7 does not properly restrict script access to content from a (1) different domain or (2) different zone, which allows remote attackers to obtain sensitive information via a crafted web site, aka "Javascript Information Disclosure Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2011-1245
Version: 7
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows Server 2008
Microsoft Windows 7
Product(s): Microsoft Internet Explorer 6
Microsoft Internet Explorer 7
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:12390
 
Oval ID: oval:org.mitre.oval:def:12390
Title: Fax Cover Page Editor Memory Corruption Vulnerability
Description: fxscover.exe in the Fax Cover Page Editor in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly parse FAX cover pages, which allows remote attackers to execute arbitrary code via a crafted .cov file, aka "Fax Cover Page Editor Memory Corruption Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2010-3974
Version: 5
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows 7
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:12392
 
Oval ID: oval:org.mitre.oval:def:12392
Title: Win32k Null Pointer De-reference Vulnerability (CVE-2011-1232)
Description: win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2011-1232
Version: 9
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows 7
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:12406
 
Oval ID: oval:org.mitre.oval:def:12406
Title: .NET Framework Stack Corruption Vulnerability
Description: The x86 JIT compiler in Microsoft .NET Framework 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0 does not properly compile function calls, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka ".NET Framework Stack Corruption Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2010-3958
Version: 9
Platform(s): Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Product(s): Microsoft .NET Framework
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:12416
 
Oval ID: oval:org.mitre.oval:def:12416
Title: Win32k Null Pointer De-reference Vulnerability (CVE-2011-0676)
Description: win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2011-0676
Version: 9
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows 7
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:12417
 
Oval ID: oval:org.mitre.oval:def:12417
Title: Win32k Use After Free Vulnerability (CVE-2011-1238)
Description: Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2011-1238
Version: 9
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows 7
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:12439
 
Oval ID: oval:org.mitre.oval:def:12439
Title: Excel Array Indexing Vulnerability
Description: Stack-based buffer overflow in Microsoft Excel 2002 SP3, 2003 SP3, and 2007 SP2; Office 2004 for Mac; Excel Viewer SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2 allows remote attackers to execute arbitrary code via vectors related to an axis properties record, and improper incrementing of an array index, aka "Excel Array Indexing Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2011-0978
Version: 11
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows Server 2008
Microsoft Windows 7
Product(s): Microsoft Excel 2002
Microsoft Excel 2003
Microsoft Office Excel Viewer
Microsoft Office Compatibility Pack
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:12457
 
Oval ID: oval:org.mitre.oval:def:12457
Title: MFC Insecure Library Loading Vulnerability
Description: Untrusted search path vulnerability in the Microsoft Foundation Class (MFC) Library in Microsoft Visual Studio .NET 2003 SP1; Visual Studio 2005 SP1, 2008 SP1, and 2010; and Visual C++ 2005 SP1, 2008 SP1, and 2010 allows local users to gain privileges via a Trojan horse dwmapi.dll file in the current working directory during execution of an MFC application such as AtlTraceTool8.exe (aka ATL MFC Trace Tool), as demonstrated by a directory that contains a TRC, cur, rs, rct, or res file, aka "MFC Insecure Library Loading Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2010-3190
Version: 19
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows Server 2008
Microsoft Windows 7
Product(s): Microsoft Visual Studio .NET 2003
Microsoft Visual Studio 2005
Microsoft Visual Studio 2008
Microsoft Visual Studio 2010
Microsoft Visual C++ 2005 Redistributable Package
Microsoft Visual C++ 2008 Redistributable Package
Microsoft Visual C++ 2010 Redistributable Package
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:12463
 
Oval ID: oval:org.mitre.oval:def:12463
Title: Layouts Handling Memory Corruption Vulnerability
Description: Use-after-free vulnerability in Microsoft Internet Explorer 6 and 7 allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, aka "Layouts Handling Memory Corruption Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2011-0094
Version: 8
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows Server 2008
Microsoft Windows 7
Product(s): Microsoft Internet Explorer 6
Microsoft Internet Explorer 7
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:12467
 
Oval ID: oval:org.mitre.oval:def:12467
Title: Win32k Use After Free Vulnerability (CVE-2011-1237)
Description: Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2011-1237
Version: 9
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows 7
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:12474
 
Oval ID: oval:org.mitre.oval:def:12474
Title: DEPRECATED: Win32k Null Pointer De-reference Vulnerability (CVE-2011-0676)
Description: win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2011-0676
Version: 7
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows 7
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:12478
 
Oval ID: oval:org.mitre.oval:def:12478
Title: Win32k Use After Free Vulnerability (CVE-2011-1236)
Description: Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2011-1236
Version: 9
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows 7
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:12503
 
Oval ID: oval:org.mitre.oval:def:12503
Title: Win32k Null Pointer De-reference Vulnerability (CVE-2011-1229)
Description: win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2011-1229
Version: 9
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows 7
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:12525
 
Oval ID: oval:org.mitre.oval:def:12525
Title: Win32k Use After Free Vulnerability (CVE-2011-1242)
Description: Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2011-1242
Version: 9
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows 7
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:12526
 
Oval ID: oval:org.mitre.oval:def:12526
Title: Win32k Use After Free Vulnerability (CVE-2011-0665)
Description: Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2011-0665
Version: 9
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows 7
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:12540
 
Oval ID: oval:org.mitre.oval:def:12540
Title: Win32k Use After Free Vulnerability (CVE-2011-1241)
Description: Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2011-1241
Version: 9
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows 7
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:12543
 
Oval ID: oval:org.mitre.oval:def:12543
Title: Win32k Use After Free Vulnerability (CVE-2011-0662)
Description: Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2011-0662
Version: 9
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows 7
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:12546
 
Oval ID: oval:org.mitre.oval:def:12546
Title: Win32k Null Pointer De-reference Vulnerability (CVE-2011-0673)
Description: win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP3 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, aka "Win32k Null Pointer De-reference Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2011-0673
Version: 3
Platform(s): Microsoft Windows XP
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:12547
 
Oval ID: oval:org.mitre.oval:def:12547
Title: Win32k Use After Free Vulnerability (CVE-2011-1240)
Description: Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2011-1240
Version: 9
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows 7
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:12595
 
Oval ID: oval:org.mitre.oval:def:12595
Title: Excel Linked List Corruption Vulnerability
Description: Microsoft Excel 2002 SP3, 2003 SP3, 2007 SP2, and 2010; Office 2004, 2008, and 2011 for Mac; Open XML File Format Converter for Mac; and Excel Viewer SP2 do not properly handle errors during the parsing of Office Art records in Excel spreadsheets, which allows remote attackers to execute arbitrary code via a malformed object record, related to a "stray reference," aka "Excel Linked List Corruption Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2011-0979
Version: 9
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows Server 2008
Microsoft Windows 7
Product(s): Microsoft Excel 2002
Microsoft Excel 2003
Microsoft Excel 2010
Microsoft Office Excel Viewer
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:12612
 
Oval ID: oval:org.mitre.oval:def:12612
Title: Excel Integer Overrun Vulnerability
Description: Integer underflow in Microsoft Excel 2002 SP3, 2003 SP3, 2007 SP2, and 2010; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Excel Viewer SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2 allows remote attackers to execute arbitrary code via a crafted 400h substream in an Excel file, which triggers a stack-based buffer overflow, aka "Excel Integer Overrun Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2011-0097
Version: 12
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows Server 2008
Microsoft Windows 7
Product(s): Microsoft Excel 2002
Microsoft Excel 2003
Microsoft Excel 2010
Microsoft Office Excel Viewer
Microsoft Office Compatibility Pack
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:12613
 
Oval ID: oval:org.mitre.oval:def:12613
Title: Win32k Null Pointer De-reference Vulnerability (CVE-2011-1226)
Description: win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2011-1226
Version: 9
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows 7
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:12616
 
Oval ID: oval:org.mitre.oval:def:12616
Title: Excel Memory Corruption Vulnerability
Description: Microsoft Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted record information in an Excel file, aka "Excel Memory Corruption Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2011-0103
Version: 5
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows Server 2008
Microsoft Windows 7
Product(s): Microsoft Excel 2002
Microsoft Excel 2003
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:12618
 
Oval ID: oval:org.mitre.oval:def:12618
Title: Excel Data Initialization Vulnerability
Description: Microsoft Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac obtain a certain length value from an uninitialized memory location, which allows remote attackers to trigger a buffer overflow and execute arbitrary code via a crafted Excel file, aka "Excel Data Initialization Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2011-0105
Version: 5
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows Server 2008
Microsoft Windows 7
Product(s): Microsoft Excel 2002
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:12624
 
Oval ID: oval:org.mitre.oval:def:12624
Title: Floating Point Techno-color Time Bandit RCE Vulnerability
Description: Microsoft PowerPoint 2007 SP2 and 2010; Office 2004, 2008, and 2011 for Mac; Open XML File Format Converter for Mac; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2; PowerPoint Viewer; PowerPoint Viewer 2007 SP2; and PowerPoint Web App do not properly validate TimeColorBehaviorContainer Floating Point records in PowerPoint documents, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted document containing an invalid record, aka "Floating Point Techno-color Time Bandit RCE Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2011-0655
Version: 11
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows 7
Product(s): Microsoft Office PowerPoint 2007
Microsoft Office PowerPoint 2010
Microsoft Office Compatibility Pack
Microsoft PowerPoint Viewer 2007
Microsoft PowerPoint Viewer
Microsoft PowerPoint Web App
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:12637
 
Oval ID: oval:org.mitre.oval:def:12637
Title: Browser Pool Corruption Vulnerability
Description: Integer underflow in the BowserWriteErrorLogEntry function in the Common Internet File System (CIFS) browser service in Mrxsmb.sys or bowser.sys in Active Directory in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code or cause a denial of service (system crash) via a malformed BROWSER ELECTION message, leading to a heap-based buffer overflow, aka "Browser Pool Corruption Vulnerability." NOTE: some of these details are obtained from third party information.
Family: windows Class: vulnerability
Reference(s): CVE-2011-0654
Version: 8
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:12653
 
Oval ID: oval:org.mitre.oval:def:12653
Title: Win32k Null Pointer De-reference Vulnerability (CVE-2011-0677)
Description: win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2011-0677
Version: 9
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows 7
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:12655
 
Oval ID: oval:org.mitre.oval:def:12655
Title: Office Component Insecure Library Loading Vulnerability
Description: Untrusted search path vulnerability in Microsoft Office XP SP3, Office 2003 SP3, and Office 2007 SP2 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .docx file, aka "Office Component Insecure Library Loading Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2011-0107
Version: 5
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows Server 2008
Microsoft Windows 7
Product(s): Microsoft Office XP
Microsoft Office 2003
Microsoft Office 2007
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:12673
 
Oval ID: oval:org.mitre.oval:def:12673
Title: Scripting Memory Reallocation Vulnerability
Description: Multiple integer overflows in the Microsoft (1) JScript 5.6 through 5.8 and (2) VBScript 5.6 through 5.8 scripting engines allow remote attackers to execute arbitrary code via a crafted web page, aka "Scripting Memory Reallocation Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2011-0663
Version: 17
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Product(s): VBScript 5.6
VBScript 5.7
VBScript 5.8
JScript 5.6
JScript 5.7
JScript 5.8
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:12681
 
Oval ID: oval:org.mitre.oval:def:12681
Title: Win32k Null Pointer De-reference Vulnerability (CVE-2011-1227)
Description: win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2011-1227
Version: 9
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows 7
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:12689
 
Oval ID: oval:org.mitre.oval:def:12689
Title: Fax Cover Page Use After Free Vulnerability
Description: Heap-based buffer overflow in the CDrawPoly::Serialize function in fxscover.exe in Microsoft Windows Fax Services Cover Page Editor 5.2 r2 in Windows XP Professional SP3, Server 2003 R2 Enterprise Edition SP2, and Windows 7 Professional allows remote attackers to execute arbitrary code via a long record in a Fax Cover Page (.cov) file. NOTE: some of these details are obtained from third party information.
Family: windows Class: vulnerability
Reference(s): CVE-2010-4701
Version: 6
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows 7
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6956
 
Oval ID: oval:org.mitre.oval:def:6956
Title: MHTML Mime-Formatted Request Vulnerability
Description: The MHTML protocol handler in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle a MIME format in a request for content blocks in a document, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted web site that is visited in Internet Explorer, aka "MHTML Mime-Formatted Request Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2011-0096
Version: 11
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:7378
 
Oval ID: oval:org.mitre.oval:def:7378
Title: DEPRECATED: Untrusted search path vulnerability in ATL MFC Trace Tool as used in Microsoft Visual Studio 2010
Description: Untrusted search path vulnerability in ATL MFC Trace Tool (AtlTraceTool8.exe), as used in Microsoft Visual Studio, allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll that is located in the same folder as a TRC, cur, rs, rct, or res file.
Family: windows Class: vulnerability
Reference(s): CVE-2010-3190
Version: 4
Platform(s): Microsoft Windows 2000
Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows XP
Product(s): Microsoft Visual Studio
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 1
Application 1
Application 1
Application 1
Application 1
Application 1
Application 1
Application 1
Application 1
Application 1
Application 1
Application 1
Application 1
Application 1
Application 1
Application 1
Application 1
Application 1
Application 1
Application 1
Application 1
Application 1
Application 1
Application 1
Application 1
Application 1
Application 1
Application 4
Application 7
Application 1
Application 3
Application 3
Application 6
Application 1
Application 1
Application 1
Application 7
Application 1
Application 1
Application 3
Application 3
Application 3
Application 1
Os 7
Os 6
Os 3
Os 16
Os 8
Os 6

SAINT Exploits

Description Link
Microsoft Excel Substream Parsing Integer Overflow More info here
Microsoft Excel Data Validation Record Parsing Overflow More info here
Microsoft PowerPoint Floating Point Techno-color Time Bandit vulnerability More info here
Microsoft Windows Fax Cover Page Editor Double Free Memory Corruption Vulnerability More info here

ExploitDB Exploits

id Description
2011-11-05 MS11-021 Microsoft Office 2007 Excel .xlb Buffer Overflow
2011-07-18 GDI+ CreateDashedPath Integer overflow in gdiplus.dll
2011-04-29 Microsoft Office Excel Axis Properties Record Parsing Buffer Overflow PoC

OpenVAS Exploits

Date Description
2012-03-06 Name : Microsoft SMB Transaction Parsing Remote Code Execution Vulnerability
File : nvt/secpod_ms11-020_remote.nasl
2011-04-13 Name : Microsoft Windows SMB Server Remote Code Execution Vulnerability (2508429)
File : nvt/secpod_ms11-020.nasl
2011-04-13 Name : Microsoft .NET Framework Remote Code Execution Vulnerability (2484015)
File : nvt/secpod_ms11-028.nasl
2011-04-13 Name : Windows MHTML Information Disclosure Vulnerability (2503658)
File : nvt/secpod_ms11-026.nasl
2011-04-13 Name : Microsoft Foundation Class (MFC) Library Remote Code Execution Vulnerability ...
File : nvt/secpod_ms11-025.nasl
2011-04-13 Name : Windows Fax Cover Page Editor Remote Code Execution Vulnerability (2527308)
File : nvt/secpod_ms11-024.nasl
2011-04-13 Name : Microsoft Office Remote Code Execution Vulnerabilites (2489293)
File : nvt/secpod_ms11-023.nasl
2011-04-13 Name : Microsoft Office PowerPoint Remote Code Execution Vulnerabilities (2489283)
File : nvt/secpod_ms11-022.nasl
2011-04-13 Name : Microsoft Office Excel Remote Code Execution Vulnerabilities (2489279)
File : nvt/secpod_ms11-021.nasl
2011-04-13 Name : Microsoft SMB Client Remote Code Execution Vulnerabilities (2511455)
File : nvt/secpod_ms11-019.nasl
2011-04-13 Name : Microsoft Internet Explorer Multiple Vulnerabilities (2497640)
File : nvt/secpod_ms11-018.nasl
2011-04-13 Name : Microsoft GDI+ Remote Code Execution Vulnerability (2489979)
File : nvt/secpod_ms11-029.nasl
2011-04-13 Name : Microsoft DNS Resolution Remote Code Execution Vulnerability (2509553)
File : nvt/secpod_ms11-030.nasl
2011-04-13 Name : Microsoft JScript and VBScript Scripting Engines Remote Code Execution Vulner...
File : nvt/secpod_ms11-031.nasl
2011-04-13 Name : Windows OpenType Compact Font Format (CFF) Driver Remote Code Execution Vulne...
File : nvt/secpod_ms11-032.nasl
2011-04-13 Name : WordPad Text Converters Remote Code Execution Vulnerability (2485663)
File : nvt/secpod_ms11-033.nasl
2011-04-13 Name : Windows Kernel-Mode Drivers Privilege Elevation Vulnerabilities (2506223)
File : nvt/secpod_ms11-034.nasl
2011-02-23 Name : Microsoft Office Excel 2003 Invalid Object Type Remote Code Execution Vulnera...
File : nvt/gb_ms_office_excel_art_object_code_exec_vuln.nasl
2011-02-23 Name : Microsoft PowerPoint 2007 OfficeArt Atom Remote Code Execution Vulnerability
File : nvt/gb_ms_power_point_code_exec_vuln.nasl
2011-02-23 Name : Microsoft Office Excel Axis and Art Object Parsing Remote Code Execution Vuln...
File : nvt/gb_ms_office_excel_mult_code_exec_vuln.nasl
2011-02-23 Name : Microsoft Excel 2007 Office Drawing Layer Remote Code Execution Vulnerability
File : nvt/gb_ms_office_excel_drawing_layer_code_exec_vuln.nasl
2011-02-18 Name : Microsoft Windows2k3 Active Directory 'BROWSER ELECTION' Buffer Overflow Vuln...
File : nvt/gb_ms_windows2k3_active_directory_bof_vuln.nasl
2011-02-05 Name : Microsoft Internet Explorer Information Disclosure Vulnerability (2501696)
File : nvt/secpod_ms_ie_mhtml_info_disc_vuln.nasl
2011-02-01 Name : Microsoft Internet Explorer 'ReleaseInterface()' Remote Code Execution Vulner...
File : nvt/gb_ms_ie_releaseinterface_code_execution_vuln.nasl
2011-01-27 Name : Microsoft Windows Fax Cover Page Editor BOF Vulnerabilities
File : nvt/gb_ms_windows_fscpe_bof_vuln.nasl
2010-09-29 Name : Microsoft Visual Studio Insecure Library Loading Vulnerability
File : nvt/secpod_ms_visual_studio_insecure_lib_load_vuln.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
71782 Microsoft .NET Framework x86 JIT Compiler XAML Browser Application (XBAP) Pro...

A memory corruption flaw exists in Microsoft .NET Framework. The x86 JIT compiler fails to sanitize user-supplied input when compiling function calls, resulting in memory corruption. With a specially crafted XAML browser, ASP.NET or .NET Framework application, a context-dependent attacker can execute arbitrary code.
71781 Microsoft Windows SMB Transaction Parsing Unspecified Remote Code Execution

Microsoft Windows contains a flaw related to the SMB Server service. This may allow a remote attacker to use a crafted SMB packet to execute arbitrary code.
71780 Microsoft Windows DNS Client Service LLMNR Query Processing Remote Code Execu...

Microsoft Windows contains a flaw related to the DNSAPI.dll component in the DNS client failing to properly process DNS queries. This may allow a remote attacker to use a crafted LLMNR broadcast query to TCP/UDP port 5355, or a crafted application to execute arbitrary code.
71779 Microsoft Windows/Office GDI+ (gdiplus.dll) EMF File Processing Overflow

Microsoft Windows and Office are prone to an overflow condition. The gdiplus.dll library in GDI+ fails to properly sanitize user-supplied input resulting in an integer overflow. With a specially crafted EMF image, a context-dependent attacker can potentially execute arbitrary code.
71778 Microsoft Windows Wordpad Word 97 Converter sprmTTextFlow / sprmTSplit PRLs P...

A memory corruption flaw exists in Microsoft Windows. The Word 97 converter, mswrd8.wpc or mswrd864.wpc, fails to sanitize user-supplied input when parsing cell ranges supplied in sprmTTextFlow and sprmTSplit PRLs, resulting in memory corruption. With a specially crafted .doc file, a context-dependent attacker can execute arbitrary code.
71776 Microsoft Windows OpenType Font (OTF) Driver Font Processing Overflow

Microsoft Windows is prone to an overflow condition. The OpenType Compact Font Format driver fails to properly sanitize user-supplied input resulting in a stack-based buffer overflow. With specially crafted parameter values in an OpenType font, a context-dependent attacker can potentially execute arbitrary code.
71775 Microsoft Windows Fax Cover Page Editor Memory Corruption

A memory corruption flaw exists in Microsoft Windows. The fxscover.exe application in the Fax Cover Page Editor fails to sanitize user-supplied input when parsing FAX cover pages, resulting in memory corruption. With a specially crafted .cov file, a context-dependent attacker can execute arbitrary code.
71774 Microsoft Windows JScript / VBScript Engine Scripting Memory Reallocation Ove...

Microsoft Windows is prone to an overflow condition. The JScript and VBScript scripting engines fail to properly sanitize user-supplied input resulting in an integer overflow. With a specially crafted web page, a context-dependent attacker can potentially execute arbitrary code.
71773 Microsoft Windows Common Internet File System (CIFS) Malformed Browser Messag...

Microsoft Windows is prone to an overflow condition. The 'BowserWriteErrorLogEntry' function in the CIFS browser service in 'Mrxsmb.sys' or 'bowser.sys' in Active Directory fails to properly sanitize user-supplied input resulting in a heap-based buffer overflow. With a specially crafted BROWSER ELECTION message, a remote attacker can potentially execute arbitrary code.
71772 Microsoft Windows SMB Client Response Parsing Unspecified Remote Code Execution

Microsoft Windows contains a flaw related to the Microsoft Server Message Block's validation of SMB responses. This may allow a remote attacker to use a crafted SBM response to execute arbitrary code.
71771 Microsoft Office PowerPoint TimeColorBehaviorContainer (Techno-color Time Ban...

Multiple Microsoft products contain a flaw related to the failure to properly validate TimeColorBehaviorContainer Floating Point records and structures in PowerPoint documents. This may allow a context-dependent attacker using a crafted PowerPoint document to execute arbitrary code.
71770 Microsoft Office PowerPoint PersistDirectoryEntry Processing Remote Code Exec...

Multiple Microsoft products contain a flaw related to the handling of PersistDirectoryEntry record exceptions. The issue is triggered when the program uses a method derived from a malformed object created by this flaw. This may allow a context-dependent attacker to use a crafted document containing an invalid record to execute arbitrary code.
71769 Microsoft Office PowerPoint OfficeArt Atom Parsing Remote Code Execution

Microsoft PowerPoint, Office for Mac, PowerPoint Viewer, Open XML File Format Converter for Mac and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 contain a flaw related to the parsing of external objects within Office Art containers. The issue is triggered when program accesses nonexistent methods when destroying the object while closing documents. This may allow a context-dependent attacker using a crafted PowerPoint document to execute arbitrary code.
71768 Microsoft Office Graphic Object Parsing Remote Code Execution

Microsoft Office and Open XML File Format Converter for Mac contain a flaw related to the office drawing file format. The issue is triggered when an error occurs during parsing of shape data and freeing used elements without removing references to them. This may allow a context-dependent attacker using a crafted shape data in the Office drawing file format to execute arbitrary code.
71767 Microsoft Office Path Subversion Arbitrary DLL Injection Code Execution

Microsoft Office is prone to a flaw in the way it loads dynamic-link libraries (DLL). The program uses a fixed path to look for specific files or libraries. This path includes directories that may not be trusted or under user control. By placing a custom version of the file or library in the path, the program will load it before the legitimate version. This allows an attacker to inject custom code that will be run with the privilege of the program or user executing the program. This can be done by tricking a user into opening a .docx file from the local file system or a USB drive in some cases. This attack can be leveraged remotely in some cases by placing the malicious file or library on a network share or extracted archive downloaded from a remote source.
71766 Microsoft Office Excel RealTimeData Record Parsing WriteAV Remote Code Execution

Microsoft Excel contains a flaw related to RealTimeData Record Parsing methods. The issue is triggered when a the program uses an improperly calculated pointer in a memcpy operation with a user supplied data source. This may allow a context-dependent attacker to use a crafted Excel file to execute arbitrary code.
71765 Microsoft Office Excel File Validation Record Handling Overflow

Microsoft Excel, Office for Mac, and Open XML File Format Converter for Mac are prone to an overflow condition. The programs fail to properly sanitize user-supplied input resulting in a buffer overflow. With a specially crafted record within a Microsoft Excel Compound document, a context-dependent attacker can potentially execute arbitrary code.
71764 Microsoft Office Excel File Handling Dangling Pointer Remote Code Execution

Microsoft Excel, Office for Mac, and Open XML File Format Converter for Mac contain a flaw related to improper parsing of office art object. The issue is triggered when the program adds the object to a linked list and trusts a function pointer of the object. This may allow a context-dependent attacker using a crafted Excel document to replace this pointer to execute arbitrary code.
71763 Microsoft Office Excel File Handling Linked List Corruption Remote Code Execu...

Multiple Microsoft products contain a flaw related to improper error handling in office art object records. The issue is triggered when the program receives a window message and navigates to a linked list which accesses a malformed object. This may allow a context-dependent attacker to execute arbitrary code.
71762 Microsoft Excel Axis Properties Record Parsing Overflow

Microsoft Excel is prone to an overflow condition. The program fails to properly sanitize user-supplied input, specifically a specific field used in array index incrementing, resulting in a stack-based buffer overflow. With a specially crafted axis properties record in an Excel file, a context-dependent attacker can potentially execute arbitrary code.
71761 Microsoft Office Excel File Handling Memory Corruption

A memory corruption flaw exists in Microsoft Excel, Office for Mac, and Open XML File Format Converter for Mac. The programs fail to sanitize user-supplied input while validating record information during parsing of Excel files, resulting in memory corruption. With a specially crafted Excel file, a context-dependent attacker can execute arbitrary code.
71760 Microsoft Office Excel File Handling Unspecified Memory Corruption

A memory corruption flaw exists in Microsoft Excel, Office for Mac, and Open XML File Format Converter for Mac. The programs fail to sanitize user-supplied input while parsing an Excel file containing certain unspecified specific values, resulting in memory corruption. With a specially crafted Excel file, a context-dependent attacker can execute arbitrary code.
71759 Microsoft Excel External Record Parsing Signedness Overflow

Multiple Microsoft products are prone to an overflow condition. The programs fails to properly sanitize user-supplied input and encounter a signedness error, resulting in a heap-based buffer overflow. With specially crafted record information in an Excel file, a context-dependent attacker can potentially execute arbitrary code.
71758 Microsoft Excel Substream Parsing Integer Underflow

Multiple Microsoft products are prone to an overflow condition. The programs encounter an integer underflow error when parsing data included in a 400h substream, resulting in a stack-based buffer overflow. With specially crafted crafted record information in an Excel file, a context-dependent attacker can potentially execute arbitrary code/
71757 Microsoft Windows win32k.sys Driver Use After Free Unspecified Local Privileg...

Microsoft Windows contains a flaw that may allow an attacker to gain access to unauthorized privileges. The issue is triggered when a local, context-dependent attacker uses a crafted application which leverages incorrect driver object management, allowing them to gain elevated privileges.
71756 Microsoft Windows win32k.sys Driver Use After Free Unspecified Local Privileg...

Microsoft Windows contains a flaw that may allow an attacker to gain access to unauthorized privileges. The issue is triggered when a local, context-dependent attacker uses a crafted application which leverages incorrect driver object management, allowing them to gain elevated privileges.
71755 Microsoft Windows win32k.sys Driver Use After Free Unspecified Local Privileg...

Microsoft Windows contains a flaw that may allow an attacker to gain access to unauthorized privileges. The issue is triggered when a local, context-dependent attacker uses a crafted application which leverages incorrect driver object management, allowing them to gain elevated privileges.
71754 Microsoft Windows win32k.sys Driver Use After Free Unspecified Local Privileg...

Microsoft Windows contains a flaw that may allow an attacker to gain access to unauthorized privileges. The issue is triggered when a local, context-dependent attacker uses a crafted application which leverages incorrect driver object management, allowing them to gain elevated privileges.
71753 Microsoft Windows win32k.sys Driver Use After Free Unspecified Local Privileg...

Microsoft Windows contains a flaw that may allow an attacker to gain access to unauthorized privileges. The issue is triggered when a local, context-dependent attacker uses a crafted application which leverages incorrect driver object management, allowing them to gain elevated privileges.
71752 Microsoft Windows win32k.sys Driver Use After Free Unspecified Local Privileg...

Microsoft Windows contains a flaw that may allow an attacker to gain access to unauthorized privileges. The issue is triggered when a local, context-dependent attacker uses a crafted application which leverages incorrect driver object management, allowing them to gain elevated privileges.
71751 Microsoft Windows win32k.sys Driver Use After Free Unspecified Local Privileg...

Microsoft Windows contains a flaw that may allow an attacker to gain access to unauthorized privileges. The issue is triggered when a local, context-dependent attacker uses a crafted application which leverages incorrect driver object management, allowing them to gain elevated privileges.
71750 Microsoft Windows win32k.sys Driver Use After Free Unspecified Local Privileg...

Microsoft Windows contains a flaw that may allow an attacker to gain access to unauthorized privileges. The issue is triggered when a local, context-dependent attacker uses a crafted application which leverages incorrect driver object management, allowing them to gain elevated privileges.
71749 Microsoft Windows win32k.sys Driver Use After Free Unspecified Local Privileg...

Microsoft Windows contains a flaw that may allow an attacker to gain access to unauthorized privileges. The issue is triggered when a local, context-dependent attacker uses a crafted application which leverages incorrect driver object management, allowing them to gain elevated privileges.
71748 Microsoft Windows win32k.sys Driver Use After Free Unspecified Local Privileg...

Microsoft Windows contains a flaw that may allow an attacker to gain access to unauthorized privileges. The issue is triggered when a local, context-dependent attacker uses a crafted application which leverages incorrect driver object management, allowing them to gain elevated privileges.
71747 Microsoft Windows win32k.sys Driver Use After Free Unspecified Local Privileg...

Microsoft Windows contains a flaw that may allow an attacker to gain access to unauthorized privileges. The issue is triggered when a local, context-dependent attacker uses a crafted application which leverages incorrect driver object management, allowing them to gain elevated privileges.
71746 Microsoft Windows win32k.sys Driver Use After Free Unspecified Local Privileg...

Microsoft Windows contains a flaw that may allow an attacker to gain access to unauthorized privileges. The issue is triggered when a local, context-dependent attacker uses a crafted application which leverages incorrect driver object management, allowing them to gain elevated privileges.
71745 Microsoft Windows win32k.sys Driver Use After Free Unspecified Local Privileg...

Microsoft Windows contains a flaw that may allow an attacker to gain access to unauthorized privileges. The issue is triggered when a local, context-dependent attacker uses a crafted application which leverages incorrect driver object management, allowing them to gain elevated privileges.
71744 Microsoft Windows win32k.sys Driver Use After Free Unspecified Local Privileg...

Microsoft Windows contains a flaw that may allow an attacker to gain access to unauthorized privileges. The issue is triggered when a local, context-dependent attacker uses a crafted application which leverages incorrect driver object management, allowing them to gain elevated privileges.
71743 Microsoft Windows win32k.sys Driver Use After Free Unspecified Local Privileg...

Microsoft Windows contains a flaw that may allow an attacker to gain access to unauthorized privileges. The issue is triggered when a local, context-dependent attacker uses a crafted application which leverages incorrect driver object management, allowing them to gain elevated privileges.
71742 Microsoft Windows win32k.sys Driver Use After Free Unspecified Local Privileg...

Microsoft Windows contains a flaw that may allow an attacker to gain access to unauthorized privileges. The issue is triggered when a local, context-dependent attacker uses a crafted application which leverages incorrect driver object management, allowing them to gain elevated privileges.
71741 Microsoft Windows win32k.sys Driver Use After Free Unspecified Local Privileg...

Microsoft Windows contains a flaw that may allow an attacker to gain access to unauthorized privileges. The issue is triggered when a local, context-dependent attacker uses a crafted application which leverages incorrect driver object management, allowing them to gain elevated privileges.
71740 Microsoft Windows win32k.sys Driver Use After Free Unspecified Local Privileg...

Microsoft Windows contains a flaw that may allow an attacker to gain access to unauthorized privileges. The issue is triggered when a local, context-dependent attacker uses a crafted application which leverages incorrect driver object management, allowing them to gain elevated privileges.
71739 Microsoft Windows win32k.sys Driver NULL Pointer De-reference Unspecified Loc...

Microsoft Windows contains a flaw that may allow an attacker to gain access to unauthorized privileges. The issue is triggered when a local, context-dependent attacker uses a crafted application to trigger a null pointer dereference, allowing them to gain elevated privileges.
71738 Microsoft Windows win32k.sys Driver NULL Pointer De-reference Unspecified Loc...

Microsoft Windows contains a flaw that may allow an attacker to gain access to unauthorized privileges. The issue is triggered when a local, context-dependent attacker uses a crafted application to trigger a null pointer dereference, allowing them to gain elevated privileges.
71737 Microsoft Windows win32k.sys Driver NULL Pointer De-reference Unspecified Loc...

Microsoft Windows contains a flaw that may allow an attacker to gain access to unauthorized privileges. The issue is triggered when a local, context-dependent attacker uses a crafted application to trigger a null pointer dereference, allowing them to gain elevated privileges.
71736 Microsoft Windows win32k.sys Driver NULL Pointer De-reference Unspecified Loc...

Microsoft Windows contains a flaw that may allow an attacker to gain access to unauthorized privileges. The issue is triggered when a local, context-dependent attacker uses a crafted application to trigger a null pointer dereference, allowing them to gain elevated privileges.
71735 Microsoft Windows win32k.sys Driver NULL Pointer De-reference Unspecified Loc...

Microsoft Windows contains a flaw that may allow an attacker to gain access to unauthorized privileges. The issue is triggered when a local, context-dependent attacker uses a crafted application to trigger a null pointer dereference, allowing them to gain elevated privileges.
71734 Microsoft Windows win32k.sys Driver NULL Pointer De-reference Unspecified Loc...

Microsoft Windows contains a flaw that may allow an attacker to gain access to unauthorized privileges. The issue is triggered when a local, context-dependent attacker uses a crafted application to trigger a null pointer dereference, allowing them to gain elevated privileges.
71732 Microsoft Windows win32k.sys Driver NULL Pointer De-reference Unspecified Loc...

Microsoft Windows contains a flaw that may allow an attacker to gain access to unauthorized privileges. The issue is triggered when a local, context-dependent attacker uses a crafted application to trigger a null pointer dereference, allowing them to gain elevated privileges.
71731 Microsoft Windows win32k.sys Driver NULL Pointer De-reference Unspecified Loc...

Microsoft Windows contains a flaw that may allow an attacker to gain access to unauthorized privileges. The issue is triggered when a local, context-dependent attacker uses a crafted application to trigger a null pointer dereference, allowing them to gain elevated privileges.
71730 Microsoft Windows win32k.sys Driver NULL Pointer De-reference Unspecified Loc...

Microsoft Windows contains a flaw that may allow an attacker to gain access to unauthorized privileges. The issue is triggered when a local, context-dependent attacker uses a crafted application to trigger a null pointer dereference, allowing them to gain elevated privileges.
71729 Microsoft Windows win32k.sys Driver NULL Pointer De-reference Unspecified Loc...

Microsoft Windows contains a flaw that may allow an attacker to gain access to unauthorized privileges. The issue is triggered when a local, context-dependent attacker uses a crafted application to trigger a null pointer dereference, allowing them to gain elevated privileges.
71728 Microsoft Windows win32k.sys Driver NULL Pointer De-reference Unspecified Loc...

Microsoft Windows contains a flaw that may allow an attacker to gain access to unauthorized privileges. The issue is triggered when a local, context-dependent attacker uses a crafted application to trigger a null pointer dereference, allowing them to gain elevated privileges.
71727 Microsoft Windows win32k.sys Driver NULL Pointer De-reference Unspecified Loc...

Microsoft Windows contains a flaw that may allow an attacker to gain access to unauthorized privileges. The issue is triggered when a local, context-dependent attacker uses a crafted application to trigger a null pointer dereference, allowing them to gain elevated privileges.
71726 Microsoft IE JavaScript Unspecified Cross-domain Information Disclosure

Microsoft IE contains a flaw that may lead to an unauthorized information disclosure.  The issue is triggered when the program fails to restrict scripts from accessing cross-domain or zone content, which will disclose sensitive information to a context-dependent attacker using a crafted web page.
71725 Microsoft IE Object Management onPropertyManagement Processing Memory Corruption

A memory corruption flaw exists in Microsoft IE. The program fails to sanitize user-supplied input during onPropertyChange function calls, resulting in memory corruption. With a specially crafted web page, a context-dependent attacker can execute arbitrary code.
71724 Microsoft IE Layouts Handling Memory Corruption

A memory corruption flaw exists in Microsoft IE. The program fails to sanitize user-supplied input when handling objects in memory which were not previously initialized or have been deleted, resulting in memory corruption. With a specially crafted web page, a context-dependent attacker can execute arbitrary code.
70904 Microsoft Office Excel OfficeArt Container Parsing Memory Corruption

A memory corruption flaw exists in Microsoft Office Excel. The program fails to properly handle errors during Office Art record parsing, resulting in memory corruption. With a specially crafted Excel document, a context-dependent attacker can execute arbitrary code.
70693 Microsoft Windows MHTML Protocol Handler MIME Formatted Request XSS

Microsoft Windows contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the MHTML protocol handler does not properly interpret MIME-formatted requests for content blocks. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.
70391 Microsoft IE MSHTML.DLL ReleaseInterface Function Use-after-free Arbitrary Co...

Microsoft IE contains a user-after-free vulnerability related to the ReleaseInterface function in MSHTML.DLL. This may allow a context-dependent attacker to use a crafted web page to execute arbitrary code via vectors related to DOM implementation and the BreakAASpecial and BreakCircularMemoryReferences functions.
70126 Microsoft Windows Fax Cover Page Editor CDrawPoly::Serialize() Function Overflow

Microsoft Windows is prone to an overflow condition. The Windows Fax Cover Page Editor component (fxscover.exe) fails to properly sanitize user-supplied input when the 'CDrawPoly::Serialize()' function reads in data, resulting in a heap-based buffer overflow. With a specially crafted Fax Cover Page file (.cov), a context-dependent attacker can potentially execute arbitrary code.
67674 Microsft Visual Studio Path Subversion Arbitrary DLL Injection Code Execution

Microsoft Visual Studio ATL MFC Trace Tool (AtlTraceTool8.exe) is prone to a flaw in the way it loads dynamic-link libraries (e.g. dwmapi.dll). The program uses a fixed path to look for specific files or libraries. This path includes directories that may not be trusted or under user control. By placing a custom version of the file or library in the path, the program will load it before the legitimate version. This allows an attacker to inject custom code that will be run with the privilege of the program or user executing the program. This can be done by tricking a user into opening a TRC file from the local file system or a USB drive in some cases. This attack can be leveraged remotely in some cases by placing the malicious file or library on a network share or extracted archive downloaded from a remote source.

Information Assurance Vulnerability Management (IAVM)

Date Description
2011-04-14 IAVM : 2011-B-0045 - Microsoft Windows Fax Cover Page Editor Vulnerability
Severity : Category II - VMSKEY : V0026509
2011-04-14 IAVM : 2011-B-0046 - Remote Code Execution Vulnerability in Microsoft Foundation Class (MFC) Library
Severity : Category II - VMSKEY : V0026512
2011-04-14 IAVM : 2011-A-0039 - Microsoft DNS Resolution Remote Code Execution Vulnerability
Severity : Category I - VMSKEY : V0026514
2011-04-14 IAVM : 2011-B-0048 - Microsoft WordPad Text Converters Remote Code Execution Vulnerability
Severity : Category II - VMSKEY : V0026517
2011-04-14 IAVM : 2011-A-0050 - Microsoft SMB Server Remote Code Execution Vulnerability
Severity : Category I - VMSKEY : V0026521
2011-04-14 IAVM : 2011-A-0047 - Multiple Vulnerabilities in Microsoft Office PowerPoint
Severity : Category II - VMSKEY : V0026525
2011-04-14 IAVM : 2011-A-0048 - Microsoft Windows Scripting Memory Reallocation Vulnerability
Severity : Category II - VMSKEY : V0026526
2011-04-14 IAVM : 2011-A-0045 - Multiple Vulnerabilities in Microsoft Office
Severity : Category II - VMSKEY : V0026527

Snort® IPS/IDS

Date Description
2014-01-10 Microsoft Office Excel url unicode overflow attempt
RuleID : 7002 - Revision : 20 - Type : FILE-OFFICE
2020-01-14 Microsoft Windows Wordpad Converter sprmT record heap overflow attempt
RuleID : 52422 - Revision : 1 - Type : FILE-OFFICE
2020-01-14 Microsoft Windows Wordpad Converter sprmT record heap overflow attempt
RuleID : 52421 - Revision : 1 - Type : FILE-OFFICE
2020-01-03 Microsoft Windows MHTML XSS attempt
RuleID : 52335 - Revision : 1 - Type : OS-WINDOWS
2019-09-12 Microsoft Office PowerPoint OfficeArt atom memory corruption attempt
RuleID : 50962 - Revision : 1 - Type : FILE-OFFICE
2019-09-05 Microsoft Fax Cover Page Editor heap corruption attempt
RuleID : 50873 - Revision : 1 - Type : OS-WINDOWS
2019-09-05 Microsoft Fax Cover Page Editor heap corruption attempt
RuleID : 50872 - Revision : 1 - Type : OS-WINDOWS
2016-09-13 Microsoft Windows win32k.sys escalation of privilege attempt
RuleID : 39863 - Revision : 2 - Type : OS-WINDOWS
2016-04-05 Microsoft Internet Explorer DOM mergeAttributes memory corruption attempt
RuleID : 37881 - Revision : 2 - Type : BROWSER-IE
2016-03-14 Microsoft Office Word request for rpawinet.dll over SMB attempt
RuleID : 37319 - Revision : 5 - Type : FILE-OFFICE
2016-03-14 Microsoft Office Word rpawinet.dll dll-load exploit attempt
RuleID : 37318 - Revision : 5 - Type : FILE-OFFICE
2016-03-14 Microsoft Office PowerPoint malformed record call to freed object attempt
RuleID : 37035 - Revision : 2 - Type : FILE-OFFICE
2016-03-14 Microsoft Office PowerPoint malformed record call to freed object attempt
RuleID : 37034 - Revision : 2 - Type : FILE-OFFICE
2016-03-14 Microsoft Office PowerPoint malformed record call to freed object attempt
RuleID : 37033 - Revision : 2 - Type : FILE-OFFICE
2016-03-14 Microsoft Office PowerPoint malformed record call to freed object attempt
RuleID : 37032 - Revision : 2 - Type : FILE-OFFICE
2016-03-14 Microsoft Office PowerPoint malformed record call to freed object attempt
RuleID : 37031 - Revision : 2 - Type : FILE-OFFICE
2016-03-14 Microsoft Office PowerPoint malformed record call to freed object attempt
RuleID : 37030 - Revision : 2 - Type : FILE-OFFICE
2016-03-14 Microsoft Office PowerPoint malformed record call to freed object attempt
RuleID : 37029 - Revision : 2 - Type : FILE-OFFICE
2015-03-31 Microsoft Windows Fax Services Cover Page Editor Double Free Memory Corruptio...
RuleID : 33604 - Revision : 2 - Type : FILE-OTHER
2015-03-31 Microsoft Windows Fax Services Cover Page Editor Double Free Memory Corruptio...
RuleID : 33603 - Revision : 2 - Type : FILE-OTHER
2015-01-31 Microsoft Office Excel malformed Label record exploit attempt
RuleID : 32940 - Revision : 4 - Type : FILE-OFFICE
2015-01-06 Microsoft Office Excel DV record buffer overflow attempt
RuleID : 32625 - Revision : 3 - Type : FILE-OFFICE
2014-11-16 Microsoft Office Word Converter sprmTTextFflow overflow attempt
RuleID : 31379 - Revision : 4 - Type : FILE-OFFICE
2014-11-16 Microsoft Office Word Converter sprmTSplit overflow attempt
RuleID : 31378 - Revision : 4 - Type : FILE-OFFICE
2014-07-03 Microsoft Office Excel rtToolbarDef record integer overflow attempt
RuleID : 31127 - Revision : 3 - Type : FILE-OFFICE
2014-07-03 Microsoft Office Excel rtToolbarDef record integer overflow attempt
RuleID : 31126 - Revision : 3 - Type : FILE-OFFICE
2014-07-03 Microsoft Office Excel rtToolbarDef record integer overflow attempt
RuleID : 31125 - Revision : 3 - Type : FILE-OFFICE
2014-01-10 Microsoft Office Excel rtToolbarDef record integer overflow attempt
RuleID : 28550 - Revision : 4 - Type : FILE-OFFICE
2014-01-10 Microsoft Office Excel rtToolbarDef record integer overflow attempt
RuleID : 28549 - Revision : 4 - Type : FILE-OFFICE
2014-01-10 Microsoft Office Excel RealTimeData record memory corruption attempt
RuleID : 28546 - Revision : 4 - Type : FILE-OFFICE
2014-01-10 Microsoft Office Excel RealTimeData record memory corruption attempt
RuleID : 28545 - Revision : 3 - Type : FILE-OFFICE
2014-01-10 Microsoft Office Excel RealTimeData record memory corruption attempt
RuleID : 28544 - Revision : 3 - Type : FILE-OFFICE
2014-01-10 Microsoft Internet Explorer object management memory corruption attempt
RuleID : 28259 - Revision : 7 - Type : BROWSER-IE
2014-01-10 Microsoft Internet Explorer object management memory corruption attempt
RuleID : 28258 - Revision : 7 - Type : BROWSER-IE
2014-01-10 Microsoft Office Excel Workspace file FontCount record memory corruption attempt
RuleID : 28103 - Revision : 4 - Type : FILE-OFFICE
2014-01-10 Microsoft Office Excel IPMT record buffer overflow attempt
RuleID : 25296 - Revision : 4 - Type : FILE-OFFICE
2014-01-10 Microsoft Office Excel IPMT record buffer overflow attempt
RuleID : 25295 - Revision : 3 - Type : FILE-OFFICE
2014-01-10 Microsoft Office Excel IPMT record buffer overflow attempt
RuleID : 25294 - Revision : 4 - Type : FILE-OFFICE
2014-01-10 Microsoft Office Excel IPMT record buffer overflow attempt
RuleID : 25293 - Revision : 6 - Type : FILE-OFFICE
2014-01-10 Microsoft Internet Explorer DOM mergeAttributes memory corruption attempt
RuleID : 24872 - Revision : 8 - Type : BROWSER-IE
2014-01-10 Microsoft Internet Explorer DOM mergeAttributes memory corruption attempt
RuleID : 24871 - Revision : 8 - Type : BROWSER-IE
2014-01-10 Microsoft Internet Explorer DOM mergeAttributes memory corruption attempt
RuleID : 24870 - Revision : 6 - Type : BROWSER-IE
2014-01-10 Microsoft Internet Explorer DOM mergeAttributes memory corruption attempt
RuleID : 24869 - Revision : 6 - Type : BROWSER-IE
2014-01-10 Microsoft Office Excel drawing layer use after free attempt
RuleID : 24242 - Revision : 7 - Type : FILE-OFFICE
2014-01-10 Microsoft Office Excel drawing layer use after free attempt
RuleID : 24241 - Revision : 7 - Type : FILE-OFFICE
2014-01-10 Microsoft Office Excel drawing layer use after free attempt
RuleID : 24240 - Revision : 7 - Type : FILE-OFFICE
2014-01-10 Microsoft Office Excel catLabel pointer manipulation attempt
RuleID : 24130 - Revision : 5 - Type : FILE-OFFICE
2014-01-10 Microsoft Office Excel catLabel pointer manipulation attempt
RuleID : 24129 - Revision : 6 - Type : FILE-OFFICE
2014-01-10 Microsoft Windows MHTML XSS attempt
RuleID : 23563 - Revision : 4 - Type : FILE-OTHER
2014-01-10 Microsoft MHTML XSS attempt
RuleID : 23562 - Revision : 3 - Type : FILE-OTHER
2014-01-10 Microsoft Office PowerPoint malformed record call to freed object attempt
RuleID : 21647 - Revision : 7 - Type : FILE-OFFICE
2014-01-10 Microsoft Windows GDI+ arbitrary code execution attempt
RuleID : 21439 - Revision : 7 - Type : FILE-IMAGE
2014-01-10 Microsoft Fax Cover Page Editor heap corruption attempt
RuleID : 21352 - Revision : 5 - Type : OS-WINDOWS
2014-01-10 Microsoft product fputlsat.dll dll-load exploit attempt
RuleID : 21310 - Revision : 7 - Type : OS-WINDOWS
2014-01-10 Microsoft product request for fputlsat.dll over SMB attempt
RuleID : 21309 - Revision : 7 - Type : OS-WINDOWS
2014-01-10 Microsoft Windows OpenType font parsing stack overflow attempt
RuleID : 20904 - Revision : 10 - Type : FILE-OTHER
2014-01-10 Microsoft Windows OpenType font parsing stack overflow attempt
RuleID : 20903 - Revision : 13 - Type : FILE-OTHER
2014-01-10 Microsoft Windows OpenType font parsing stack overflow attempt
RuleID : 20902 - Revision : 10 - Type : FILE-OTHER
2014-01-10 Microsoft Office Excel rtToolbarDef record integer overflow attempt
RuleID : 20534 - Revision : 12 - Type : FILE-OFFICE
2014-01-10 MHTML XSS attempt
RuleID : 20133 - Revision : 10 - Type : FILE-OTHER
2014-01-10 Microsoft Office PowerPoint malformed record call to freed object attempt
RuleID : 19811 - Revision : 13 - Type : FILE-OFFICE
2014-01-10 Microsoft Office Word Converter sprmTSplit overflow attempt
RuleID : 19707 - Revision : 13 - Type : FILE-OFFICE
2014-01-10 Microsoft Windows .NET Framework XAML browser applications stack corruption
RuleID : 19170 - Revision : 12 - Type : FILE-OTHER
2014-01-10 Microsoft Windows 2003 browser election remote heap overflow attempt
RuleID : 18994 - Revision : 8 - Type : OS-WINDOWS
2015-05-28 Microsoft SMB CIFS split response message overflow attempt
RuleID : 18677 - Revision : 3 - Type : SPECIFIC-THREATS
2014-01-10 Microsoft Office Excel DV record buffer overflow attempt
RuleID : 18676 - Revision : 11 - Type : FILE-OFFICE
2014-01-10 Microsoft Fax Cover Page Editor heap corruption attempt
RuleID : 18673 - Revision : 7 - Type : OS-WINDOWS
2014-01-10 Microsoft Internet Explorer object management memory corruption attempt
RuleID : 18671 - Revision : 17 - Type : BROWSER-IE
2014-01-10 Microsoft Internet Explorer object management memory corruption attempt
RuleID : 18670 - Revision : 17 - Type : BROWSER-IE
2014-01-10 Microsoft Internet Explorer cross-domain object manipulation attempt
RuleID : 18669 - Revision : 7 - Type : BROWSER-IE
2014-01-10 Microsoft Windows win32k.sys escalation of privilege attempt
RuleID : 18667 - Revision : 8 - Type : OS-WINDOWS
2014-01-10 Microsoft Windows win32k.sys escalation of privilege attempt
RuleID : 18666 - Revision : 8 - Type : OS-WINDOWS
2014-01-10 Microsoft Windows win32k.sys escalation of privilege attempt
RuleID : 18665 - Revision : 8 - Type : OS-WINDOWS
2014-01-10 Microsoft Windows win32k.sys escalation of privilege attempt
RuleID : 18664 - Revision : 8 - Type : OS-WINDOWS
2014-01-10 Microsoft Windows win32k.sys escalation of privilege attempt
RuleID : 18663 - Revision : 8 - Type : OS-WINDOWS
2014-01-10 Microsoft Windows win32k.sys escalation of privilege attempt
RuleID : 18662 - Revision : 9 - Type : OS-WINDOWS
2014-01-10 Microsoft Windows win32k.sys escalation of privilege attempt
RuleID : 18661 - Revision : 8 - Type : OS-WINDOWS
2014-01-10 Microsoft Windows SMB2 write packet buffer overflow attempt
RuleID : 18660 - Revision : 7 - Type : OS-WINDOWS
2014-01-10 Microsoft Windows LLMNR invalid reverse name lookup stack corruption attempt
RuleID : 18655 - Revision : 12 - Type : OS-WINDOWS
2015-05-28 Common Internet File System Browser Protocol BowserWriteErrorLogEntry
RuleID : 18653 - Revision : 4 - Type : NETBIOS
2015-05-28 Microsoft Word .dll dll-load exploit attempt
RuleID : 18650 - Revision : 4 - Type : NETBIOS
2015-05-28 Microsoft Word .dll dll-load exploit attempt
RuleID : 18647 - Revision : 3 - Type : WEB-CLIENT
2014-01-10 Microsoft Internet Explorer 6/7 CSS swapNode memory corruption attempt
RuleID : 18646 - Revision : 6 - Type : SPECIFIC-THREATS
2014-01-10 Microsoft Windows GDI+ arbitrary code execution attempt
RuleID : 18645 - Revision : 16 - Type : FILE-IMAGE
2014-01-10 Microsoft Windows OpenType Fonts CompactFontFormat FontMatrix tranform memory...
RuleID : 18644 - Revision : 11 - Type : FILE-OTHER
2014-01-10 Microsoft Office Word Converter sprmTTextFflow overflow attempt
RuleID : 18643 - Revision : 17 - Type : FILE-OFFICE
2014-01-10 Microsoft Office Word Converter sprmTSplit overflow attempt
RuleID : 18642 - Revision : 14 - Type : FILE-OFFICE
2014-01-10 Microsoft Office Excel OBJ record invalid cmo.ot exploit attempt
RuleID : 18641 - Revision : 7 - Type : FILE-OFFICE
2014-01-10 Microsoft Office Excel malformed SupBook record attempt
RuleID : 18640 - Revision : 8 - Type : FILE-OFFICE
2014-01-10 Microsoft Office Excel CatSerRange record exploit attempt
RuleID : 18639 - Revision : 12 - Type : FILE-OFFICE
2014-01-10 Microsoft Office Excel drawing layer use after free attempt
RuleID : 18638 - Revision : 20 - Type : FILE-OFFICE
2014-01-10 Microsoft Office PowerPoint OfficeArt atom memory corruption attempt
RuleID : 18637 - Revision : 16 - Type : FILE-OFFICE
2014-01-10 Microsoft Office PowerPoint SlideAtom record exploit attempt
RuleID : 18636 - Revision : 14 - Type : FILE-OFFICE
2014-01-10 Microsoft Office PowerPoint malformed record call to freed object attempt
RuleID : 18635 - Revision : 17 - Type : FILE-OFFICE
2014-01-10 Microsoft Office Excel Workspace file FontCount record memory corruption attempt
RuleID : 18634 - Revision : 15 - Type : FILE-OFFICE
2014-01-10 Microsoft Office Excel RealTimeData record memory corruption attempt
RuleID : 18633 - Revision : 14 - Type : FILE-OFFICE
2014-01-10 Microsoft Office Excel malformed Label record exploit attempt
RuleID : 18632 - Revision : 19 - Type : FILE-OFFICE
2014-01-10 Microsoft Office Excel rtToolbarDef record integer overflow attempt
RuleID : 18631 - Revision : 11 - Type : FILE-OFFICE
2014-01-10 Microsoft Office Excel rtToolbarDef record integer overflow attempt
RuleID : 18630 - Revision : 11 - Type : FILE-OFFICE
2014-01-10 Microsoft Foundation Class applications mfc100.dll dll-load exploit attempt
RuleID : 18629 - Revision : 13 - Type : OS-WINDOWS
2014-01-10 Microsoft Foundation Class applications mfc90.dll dll-load exploit attempt
RuleID : 18628 - Revision : 13 - Type : OS-WINDOWS
2014-01-10 Microsoft Foundation Class applications mfc80.dll dll-load exploit attempt
RuleID : 18627 - Revision : 13 - Type : OS-WINDOWS
2014-01-10 Microsoft Foundation Class applications mfc42.dll dll-load exploit attempt
RuleID : 18626 - Revision : 13 - Type : OS-WINDOWS
2014-01-10 Microsoft Foundation Class applications mfc40.dll dll-load exploit attempt
RuleID : 18625 - Revision : 13 - Type : OS-WINDOWS
2014-01-10 Microsoft Windows .NET framework optimizer escalation attempt
RuleID : 18624 - Revision : 8 - Type : OS-WINDOWS
2014-01-10 Microsoft Visual Studio MFC applications mfc100.dll dll-load exploit attempt
RuleID : 18623 - Revision : 11 - Type : OS-WINDOWS
2014-01-10 Microsoft Visual Studio MFC applications mfc90.dll dll-load exploit attempt
RuleID : 18622 - Revision : 11 - Type : OS-WINDOWS
2014-01-10 Microsoft Visual Studio MFC applications mfc80.dll dll-load exploit attempt
RuleID : 18621 - Revision : 11 - Type : OS-WINDOWS
2014-01-10 Microsoft Visual Studio MFC applications mfc42.dll dll-load exploit attempt
RuleID : 18620 - Revision : 11 - Type : OS-WINDOWS
2014-01-10 Microsoft Visual Studio MFC applications mfc40.dll dll-load exploit attempt
RuleID : 18619 - Revision : 11 - Type : OS-WINDOWS
2014-01-10 Microsoft product .dll dll-load exploit attempt
RuleID : 18495 - Revision : 21 - Type : OS-WINDOWS
2014-01-10 Microsoft product .dll dll-load exploit attempt
RuleID : 18494 - Revision : 25 - Type : OS-WINDOWS
2014-01-10 Microsoft Windows 2003 browser election remote heap overflow attempt
RuleID : 18462 - Revision : 10 - Type : OS-WINDOWS
2014-01-10 Microsoft Windows MHTML XSS attempt
RuleID : 18335 - Revision : 21 - Type : OS-WINDOWS
2014-01-10 SMB client TRANS response ring0 remote code execution attempt
RuleID : 16531 - Revision : 11 - Type : NETBIOS
2014-01-10 Microsoft Internet Explorer DOM mergeAttributes memory corruption attempt
RuleID : 16377 - Revision : 18 - Type : BROWSER-IE

Nessus® Vulnerability Scanner

Date Description
2015-10-26 Name : The remote host contains an application that is affected by multiple vulnerab...
File : itunes_12_3_0_banner.nasl - Type : ACT_GATHER_INFO
2015-09-18 Name : The remote host contains an application that is affected by multiple vulnerab...
File : itunes_12_3_0.nasl - Type : ACT_GATHER_INFO
2011-04-21 Name : Arbitrary code can be executed on the remote host through the installed Windo...
File : llmnr-ms11-030.nasl - Type : ACT_GATHER_INFO
2011-04-20 Name : It is possible to execute arbitrary code on the remote Windows host due to fl...
File : smb_kb2508429.nasl - Type : ACT_GATHER_INFO
2011-04-13 Name : Arbitrary code can be executed on the remote host through the Microsoft Found...
File : smb_nt_ms11-025.nasl - Type : ACT_GATHER_INFO
2011-04-13 Name : The remote Windows kernel is affected by multiple vulnerabilities.
File : smb_nt_ms11-034.nasl - Type : ACT_GATHER_INFO
2011-04-13 Name : Arbitrary code can be executed on the remote host through the installed versi...
File : smb_nt_ms11-033.nasl - Type : ACT_GATHER_INFO
2011-04-13 Name : The remote Windows host contains a font driver that is affected by a privileg...
File : smb_nt_ms11-032.nasl - Type : ACT_GATHER_INFO
2011-04-13 Name : Arbitrary code can be executed on the remote host through the installed JScri...
File : smb_nt_ms11-031.nasl - Type : ACT_GATHER_INFO
2011-04-13 Name : Arbitrary code can be executed on the remote host through the installed Windo...
File : smb_nt_ms11-030.nasl - Type : ACT_GATHER_INFO
2011-04-13 Name : Arbitrary code can be executed on the remote Windows host through Microsoft's...
File : smb_nt_ms11-029.nasl - Type : ACT_GATHER_INFO
2011-04-13 Name : The version of the .NET Framework installed on the remote host allows arbitra...
File : smb_nt_ms11-028.nasl - Type : ACT_GATHER_INFO
2011-04-13 Name : The remote Windows host is affected by an information disclosure vulnerability.
File : smb_nt_ms11-026.nasl - Type : ACT_GATHER_INFO
2011-04-13 Name : A fax cover page editor on the remote host has a memory corruption vulnerabil...
File : smb_nt_ms11-024.nasl - Type : ACT_GATHER_INFO
2011-04-13 Name : Arbitrary code can be executed on the remote host through Microsoft Office.
File : smb_nt_ms11-023.nasl - Type : ACT_GATHER_INFO
2011-04-13 Name : Arbitrary code can be executed on the remote host through Microsoft PowerPoint.
File : smb_nt_ms11-022.nasl - Type : ACT_GATHER_INFO
2011-04-13 Name : Arbitrary code can be executed on the remote host through Microsoft Excel.
File : smb_nt_ms11-021.nasl - Type : ACT_GATHER_INFO
2011-04-13 Name : It is possible to execute arbitrary code on the remote Windows host due to fl...
File : smb_nt_ms11-020.nasl - Type : ACT_GATHER_INFO
2011-04-13 Name : Arbitrary code can be executed on the remote host through the installed SMB c...
File : smb_nt_ms11-019.nasl - Type : ACT_GATHER_INFO
2011-04-13 Name : Arbitrary code can be executed on the remote host through a web browser.
File : smb_nt_ms11-018.nasl - Type : ACT_GATHER_INFO
2011-04-13 Name : An application installed on the remote Mac OS X host is affected by multiple ...
File : macosx_ms_office_apr2011.nasl - Type : ACT_GATHER_INFO