9.3 - SUN-266108

Executive Summary

This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.

Summary
Title	Sun Alert 266108 Multiple Security Vulnerabilities in the Flash Player for Solaris 10 (Adobe Security Bulletin APSB09-10)

Informations
Name	SUN-266108	First vendor Publication	2009-08-21
Vendor	Sun	Last vendor Modification	2009-08-31
Severity (Vendor)	N/A	Revision	N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score	NA
Base Score	NA	Environmental Score	NA
impact SubScore	NA	Temporal Score	NA
Exploitabality Sub Score	NA

Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C)
Cvss Base Score	9.3	Attack Range	Network
Cvss Impact Score	10	Attack Complexity	Medium
Cvss Expoit Score	8.6	Authentication	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Product: Solaris 10 Operating System OpenSolaris

Multiple security vulnerabilities in Adobe Flash Player 9.0.159.0 and earlier 9.x versions and 10.0.22.87 and earlier 10.x versions may allow remote unprivileged users to execute arbitrary code with the privileges of a local user on the system or to cause Adobe Flash Player to crash which is a type of Denial of Service (DoS).

Also a clickjacking vulnerability in the Adobe Flash Player may allow a remote user to trick a user into selecting a link or completing a dialog.

In addition, a local sandbox vulnerability in the Adobe Flash Player may allow a remote user to obtain sensitive information via vectors involving saving a malicious SWF file to a hard drive.

These issues are also described in the following documents:
APSA09-03 at: http://www.adobe.com/support/security/advisories/apsa09-03.html
APSB09-10 at: http://www.adobe.com/support/security/bulletins/apsb09-10.html
CVE-2009-1862 at: http://www.security-database.com/detail.php?cve=CVE-2009-1862
CVE-2009-1864 at: http://www.security-database.com/detail.php?cve=CVE-2009-1864
CVE-2009-1865 at: http://www.security-database.com/detail.php?cve=CVE-2009-1865
CVE-2009-1866 at: http://www.security-database.com/detail.php?cve=CVE-2009-1866
CVE-2009-1867 at: http://www.security-database.com/detail.php?cve=CVE-2009-1867
CVE-2009-1868 at: http://www.security-database.com/detail.php?cve=CVE-2009-1868
CVE-2009-1869 at: http://www.security-database.com/detail.php?cve=CVE-2009-1869
CVE-2009-1870 at: http://www.security-database.com/detail.php?cve=CVE-2009-1870

State: Resolved

First released: 21-Aug-2009

Sun Alert Link:http://sunsolve.sun.com/search/document.do?assetkey=1-66-266108-1

Original Source

Url : http://blogs.sun.com/security/entry/sun_alert_266108_multiple_security

CWE : Common Weakness Enumeration

%	Id	Name
27 %	CWE-119	Failure to Constrain Operations within the Bounds of a Memory Buffer
18 %	CWE-264	Permissions, Privileges, and Access Controls
18 %	CWE-200	Information Exposure
9 %	CWE-787	Out-of-bounds Write (CWE/SANS Top 25)
9 %	CWE-189	Numeric Errors (CWE/SANS Top 25)
9 %	CWE-94	Failure to Control Generation of Code ('Code Injection')
9 %	CWE-59	Improper Link Resolution Before File Access ('Link Following')

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:15430

Oval ID:	oval:org.mitre.oval:def:15430
Title:	Adobe Flash Player and AIR Unspecified Clickjacking Vulnerability
Description:	Adobe Flash Player before 9.0.246.0 and 10.x before 10.0.32.18, and Adobe AIR before 1.5.2, allows attackers to trick a user into (1) selecting a link or (2) completing a dialog, related to a "clickjacking vulnerability."
Family:	macos	Class:	vulnerability
Reference(s):	CVE-2009-1867	Version:	3
Platform(s):	Apple Mac OS X	Product(s):	Adobe Flash Player Adobe AIR
Definition Synopsis:
Adobe Flash Player before 9.0.246.0 and 10.x before 10.0.32.18 installed Adobe Flash Player is Installed AND Flash version is before 9.0.246.0 or 10.x before 10.0.32.18 Version of Adobe Flash Player is less than 9.0.246.0 OR Adobe Flash Player 10.x before 10.0.32.18 installed Adobe Flash Player 10 is Installed AND Version of Adobe Flash Player is less than 10.0.32.18 OR Adobe AIR before 1.5.2 is installed Adobe AIR is installed AND Version of Adobe AIR is less than 1.5.2

Definition Id: oval:org.mitre.oval:def:15887

Oval ID:	oval:org.mitre.oval:def:15887
Title:	Adobe Flash Player and AIR Sandbox Bypass Information Disclosure Vulnerability
Description:	Adobe Flash Player before 9.0.246.0 and 10.x before 10.0.32.18, and Adobe AIR before 1.5.2, allows attackers to obtain sensitive information via vectors involving saving an SWF file to a hard drive, related to a "local sandbox vulnerability."
Family:	macos	Class:	vulnerability
Reference(s):	CVE-2009-1870	Version:	3
Platform(s):	Apple Mac OS X	Product(s):	Adobe Flash Player Adobe AIR
Definition Synopsis:
Adobe Flash Player before 9.0.246.0 and 10.x before 10.0.32.18 installed Adobe Flash Player is Installed AND Flash version is before 9.0.246.0 or 10.x before 10.0.32.18 Version of Adobe Flash Player is less than 9.0.246.0 OR Adobe Flash Player 10.x before 10.0.32.18 installed Adobe Flash Player 10 is Installed AND Version of Adobe Flash Player is less than 10.0.32.18 OR Adobe AIR before 1.5.2 is installed Adobe AIR is installed AND Version of Adobe AIR is less than 1.5.2

Definition Id: oval:org.mitre.oval:def:15955

Oval ID:	oval:org.mitre.oval:def:15955
Title:	Adobe Flash Player and AIR URI Parsing Heap Buffer Overflow Vulnerability
Description:	Heap-based buffer overflow in Adobe Flash Player before 9.0.246.0 and 10.x before 10.0.32.18, and Adobe AIR before 1.5.2, allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unspecified vectors involving URL parsing.
Family:	macos	Class:	vulnerability
Reference(s):	CVE-2009-1868	Version:	3
Platform(s):	Apple Mac OS X	Product(s):	Adobe Flash Player Adobe AIR
Definition Synopsis:
Adobe Flash Player before 9.0.246.0 and 10.x before 10.0.32.18 installed Adobe Flash Player is Installed AND Flash version is before 9.0.246.0 or 10.x before 10.0.32.18 Version of Adobe Flash Player is less than 9.0.246.0 OR Adobe Flash Player 10.x before 10.0.32.18 installed Adobe Flash Player 10 is Installed AND Version of Adobe Flash Player is less than 10.0.32.18 OR Adobe AIR before 1.5.2 is installed Adobe AIR is installed AND Version of Adobe AIR is less than 1.5.2

Definition Id: oval:org.mitre.oval:def:15994

Oval ID:	oval:org.mitre.oval:def:15994
Title:	Adobe Flash Player and AIR 'intf_count' Integer Overflow Vulnerability
Description:	Integer overflow in the ActionScript Virtual Machine 2 (AVM2) abcFile parser in Adobe Flash Player before 9.0.246.0 and 10.x before 10.0.32.18, and Adobe AIR before 1.5.2, allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an AVM2 file with a large intrf_count value that triggers a dereference of an out-of-bounds pointer.
Family:	macos	Class:	vulnerability
Reference(s):	CVE-2009-1869	Version:	3
Platform(s):	Apple Mac OS X	Product(s):	Adobe Flash Player Adobe AIR
Definition Synopsis:
Adobe Flash Player before 9.0.246.0 and 10.x before 10.0.32.18 installed Adobe Flash Player is Installed AND Flash version is before 9.0.246.0 or 10.x before 10.0.32.18 Version of Adobe Flash Player is less than 9.0.246.0 OR Adobe Flash Player 10.x before 10.0.32.18 installed Adobe Flash Player 10 is Installed AND Version of Adobe Flash Player is less than 10.0.32.18 OR Adobe AIR before 1.5.2 is installed Adobe AIR is installed AND Version of Adobe AIR is less than 1.5.2

Definition Id: oval:org.mitre.oval:def:16133

Oval ID:	oval:org.mitre.oval:def:16133
Title:	Adobe Flash Player and AIR Loader Object Heap Memory Corruption Vulnerability
Description:	Heap-based buffer overflow in Adobe Flash Player before 9.0.246.0 and 10.x before 10.0.32.18, and Adobe AIR before 1.5.2, allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unspecified vectors.
Family:	macos	Class:	vulnerability
Reference(s):	CVE-2009-1864	Version:	3
Platform(s):	Apple Mac OS X	Product(s):	Adobe Flash Player Adobe AIR
Definition Synopsis:
Adobe Flash Player before 9.0.246.0 and 10.x before 10.0.32.18 installed Adobe Flash Player is Installed AND Flash version is before 9.0.246.0 or 10.x before 10.0.32.18 Version of Adobe Flash Player is less than 9.0.246.0 OR Adobe Flash Player 10.x before 10.0.32.18 installed Adobe Flash Player 10 is Installed AND Version of Adobe Flash Player is less than 10.0.32.18 OR Adobe AIR before 1.5.2 is installed Adobe AIR is installed AND Version of Adobe AIR is less than 1.5.2

Definition Id: oval:org.mitre.oval:def:16198

Oval ID:	oval:org.mitre.oval:def:16198
Title:	Adobe Flash Player and AIR Stack Buffer Overflow Vulnerability
Description:	Stack-based buffer overflow in Adobe Flash Player before 9.0.246.0 and 10.x before 10.0.32.18, and Adobe AIR before 1.5.2, allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unspecified vectors.
Family:	macos	Class:	vulnerability
Reference(s):	CVE-2009-1866	Version:	3
Platform(s):	Apple Mac OS X	Product(s):	Adobe Flash Player Adobe AIR
Definition Synopsis:
Adobe Flash Player before 9.0.246.0 and 10.x before 10.0.32.18 installed Adobe Flash Player is Installed AND Flash version is before 9.0.246.0 or 10.x before 10.0.32.18 Version of Adobe Flash Player is less than 9.0.246.0 OR Adobe Flash Player 10.x before 10.0.32.18 installed Adobe Flash Player 10 is Installed AND Version of Adobe Flash Player is less than 10.0.32.18 OR Adobe AIR before 1.5.2 is installed Adobe AIR is installed AND Version of Adobe AIR is less than 1.5.2

Definition Id: oval:org.mitre.oval:def:16338

Oval ID:	oval:org.mitre.oval:def:16338
Title:	Adobe Flash Player and AIR NULL Pointer Exception Remote Code Execution Vulnerability
Description:	Adobe Flash Player before 9.0.246.0 and 10.x before 10.0.32.18, and Adobe AIR before 1.5.2, allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unspecified vectors, related to a "null pointer vulnerability."
Family:	macos	Class:	vulnerability
Reference(s):	CVE-2009-1865	Version:	3
Platform(s):	Apple Mac OS X	Product(s):	Adobe Flash Player Adobe AIR
Definition Synopsis:
Adobe Flash Player before 9.0.246.0 and 10.x before 10.0.32.18 installed Adobe Flash Player is Installed AND Flash version is before 9.0.246.0 or 10.x before 10.0.32.18 Version of Adobe Flash Player is less than 9.0.246.0 OR Adobe Flash Player 10.x before 10.0.32.18 installed Adobe Flash Player 10 is Installed AND Version of Adobe Flash Player is less than 10.0.32.18 OR Adobe AIR before 1.5.2 is installed Adobe AIR is installed AND Version of Adobe AIR is less than 1.5.2

Definition Id: oval:org.mitre.oval:def:16391

Oval ID:	oval:org.mitre.oval:def:16391
Title:	Adobe Flash Player and AIR Unspecified Privilege Escalation Vulnerability
Description:	Unspecified vulnerability in Adobe Flash Player before 9.0.246.0 and 10.x before 10.0.32.18, and Adobe AIR before 1.5.2, allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unknown vectors, related to a "privilege escalation vulnerability."
Family:	macos	Class:	vulnerability
Reference(s):	CVE-2009-1863	Version:	3
Platform(s):	Apple Mac OS X	Product(s):	Adobe Flash Player Adobe AIR
Definition Synopsis:
Adobe Flash Player before 9.0.246.0 and 10.x before 10.0.32.18 installed Adobe Flash Player is Installed AND Flash version is before 9.0.246.0 or 10.x before 10.0.32.18 Version of Adobe Flash Player is less than 9.0.246.0 OR Adobe Flash Player 10.x before 10.0.32.18 installed Adobe Flash Player 10 is Installed AND Version of Adobe Flash Player is less than 10.0.32.18 OR Adobe AIR before 1.5.2 is installed Adobe AIR is installed AND Version of Adobe AIR is less than 1.5.2

Definition Id: oval:org.mitre.oval:def:22658

Oval ID:	oval:org.mitre.oval:def:22658
Title:	ELSA-2009:1188: flash-plugin security update (Critical)
Description:	Adobe Flash Player before 9.0.246.0 and 10.x before 10.0.32.18, and Adobe AIR before 1.5.2, allows attackers to obtain sensitive information via vectors involving saving an SWF file to a hard drive, related to a "local sandbox vulnerability."
Family:	unix	Class:	patch
Reference(s):	ELSA-2009:1188-01 CVE-2009-1862 CVE-2009-1863 CVE-2009-1864 CVE-2009-1865 CVE-2009-1866 CVE-2009-1867 CVE-2009-1868 CVE-2009-1869 CVE-2009-1870	Version:	41
Platform(s):	Oracle Linux 5	Product(s):	flash-plugin
Definition Synopsis:
Oracle Linux 5.x AND flash-plugin is earlier than 0:10.0.32.18-2.el5

Definition Id: oval:org.mitre.oval:def:6245

Oval ID:	oval:org.mitre.oval:def:6245
Title:	ATL COM Initialization Vulnerability
Description:	The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold and SP1, and Visual C++ 2005 SP1 and 2008 Gold and SP1; and Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2; does not properly restrict use of OleLoadFromStream in instantiating objects from data streams, which allows remote attackers to execute arbitrary code via a crafted HTML document with an ATL (1) component or (2) control, related to ATL headers and bypassing security policies, aka "ATL COM Initialization Vulnerability."
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2009-2493	Version:	8
Platform(s):	Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008	Product(s):	Microsoft Outlook Express Windows Media Player Windows ATL Component DHTML Editing Component ActiveX Control
Definition Synopsis:
Microsoft Outlook Express 5.5 SP2 on Windows 2000 SP4 Microsoft Windows 2000 SP4 or later is installed AND Microsoft Outlook Express 5.5 SP2 is installed. AND the version of Msoe.dll is less than 5.50.5003.1000 OR Microsoft Outlook Express 6 SP1 on Windows 2000 SP4 Microsoft Windows 2000 SP4 or later is installed AND Microsoft Outlook Express 6 SP1 is installed. AND the version of Msoe.dll is less than 6.0.2800.1983 OR Microsoft Outlook Express 6 on Windows XP SP2 x86 Microsoft Windows XP (x86) SP2 is installed AND Microsoft Outlook Express 6.0 for Windows XP/2003 is installed AND the version of Msoe.dll is less than 6.0.2900.3598 OR Microsoft Outlook Express 6 on Windows XP SP3 x86 Microsoft Windows XP (x86) SP3 is installed AND Microsoft Outlook Express 6.0 for Windows XP/2003 is installed AND the version of Msoe.dll is less than 6.0.2900.5843 OR Microsoft Outlook Express 6 on Windows XP SP2 (64-bit) Microsoft Outlook Express 6.0 for Windows XP/2003 is installed AND the version of Msoe.dll is less than 6.0.3790.4548 AND Microsoft Windows XP x64 Edition SP2 is installed OR Microsoft Outlook Express 6 on Windows Server 2003 SP2 x86 Microsoft Windows Server 2003 SP2 (x86) is installed AND Microsoft Outlook Express 6.0 for Windows XP/2003 is installed AND the version of Msoe.dll is less than 6.0.3790.4548 OR Microsoft Outlook Express 6 on Windows Server 2003 SP2 (x64-bit) Microsoft Windows Server 2003 SP2 (x64) is installed AND Microsoft Outlook Express 6.0 for Windows XP/2003 is installed AND the version of Msoe.dll is less than 6.0.3790.4548 OR Microsoft Outlook Express 6 on Windows Server 2003 SP2 (ia64) Microsoft Windows Server 2003 (ia64) SP2 is installed AND Microsoft Outlook Express 6.0 for Windows XP/2003 is installed AND the version of Msoe.dll is less than 6.0.3790.4548 OR Windows Media Player 9 on Windows 2000 SP4 Microsoft Windows 2000 SP4 or later is installed AND Windows Media Player v9 is installed. AND the version of Wmp.dll is less than 9.0.0.3364 OR Windows Media Player 9 on Windows XP SP2 x86 Microsoft Windows XP (x86) SP2 is installed AND Windows Media Player v9 is installed. AND the version of Wmp.dll is less than 9.0.0.3271 OR Windows Media Player 9 on Windows XP SP3 x86 Microsoft Windows XP (x86) SP3 is installed AND Windows Media Player v9 is installed. AND the version of Wmp.dll is less than 9.0.0.4507 OR Windows Media Player 10 on Windows XP SP2/SP3 x86 IF Microsoft Windows XP (x86) SP2 is installed AND Microsoft Windows XP (x86) SP3 is installed AND Windows Media Player v10 is installed. AND the version of Wmp.dll is less than 10.0.0.4074 OR Windows Media Player 10 on Windows XP SP2 (x64-bit) Windows Media Player v10 is installed. AND the version of Wmp.dll is less than 10.0.0.4006 AND Microsoft Windows XP x64 Edition SP2 is installed OR Windows Media Player 10 on Windows Server 2003 SP2 x86 Microsoft Windows Server 2003 SP2 (x86) is installed AND Windows Media Player v10 is installed. AND the version of Wmp.dll is less than 10.0.0.4006 OR Windows Media Player 10 on Windows Server 2003 SP2 (x64-bit) Microsoft Windows Server 2003 SP2 (x64) is installed AND Windows Media Player v10 is installed. AND the version of Wmp.dll is less than 10.0.0.4006 OR Windows Media Player 11 on Windows XP SP2/SP3 x86 IF Microsoft Windows XP (x86) SP2 is installed AND Microsoft Windows XP (x86) SP3 is installed AND Windows Media Player v11 is installed. AND the version of Wmp.dll is less than 11.0.5721.5268 OR Windows Media Player 11 on Windows XP SP2 (x64-bit) Windows Media Player v11 is installed. AND the version of Wmp.dll is less than 11.0.5721.5268 AND Microsoft Windows XP x64 Edition SP2 is installed OR Windows Media Player 11 on Windows Vista (32-bit)/(64-bit) IF Microsoft Windows Vista (32-bit) is installed AND Microsoft Windows Vista x64 Edition is installed AND the version of Spwmp.dll is greater than or equal 6.0.6000.16000 AND the version of Wmp.dll is less than 11.0.6000.6352 OR Windows Media Player 11 on Windows Vista SP1/Server 2008 (32-bit)/(64-bit)/ia64 IF Microsoft Windows Vista (32-bit) Service Pack 1 is installed AND Microsoft Windows Vista x64 Edition Service Pack 1 is installed AND Microsoft Windows Server 2008 (32-bit) is installed AND Microsoft Windows Server 2008 (64-bit) is installed AND Microsoft Windows Server 2008 (ia-64) is installed AND the version of Spwmp.dll is greater than or equal 6.0.6001.18000 AND the version of Wmp.dll is less than 11.0.6001.7007 OR Windows Media Player 11 on Windows Vista SP2/Server 2008 SP2 (32-bit)/(64-bit)/ia64 IF Microsoft Windows Vista (32-bit) Service Pack 2 is installed AND Microsoft Windows Vista x64 Edition Service Pack 2 is installed AND Microsoft Windows Server 2008 (32-bit) Service Pack 2 is installed AND Microsoft Windows Server 2008 x64 Edition Service Pack 2 is installed AND Microsoft Windows Server 2008 Itanium-Based Edition Service Pack 2 is installed AND the version of Spwmp.dll is greater than or equal 6.0.6002.18000 AND the version of Wmp.dll is less than 11.0.6002.18065 OR Windows Media Player 11 on Windows Vista (32-bit)/(64-bit) IF Microsoft Windows Vista (32-bit) is installed AND Microsoft Windows Vista x64 Edition is installed AND the version of Spwmp.dll is greater than or equal 6.0.6000.20000 AND the version of Wmp.dll is less than 11.0.6000.6511 OR Windows Media Player 11 on Windows Vista SP1/Server 2008 (32-bit)/(64-bit)/ia64 IF Microsoft Windows Vista (32-bit) Service Pack 1 is installed AND Microsoft Windows Vista x64 Edition Service Pack 1 is installed AND Microsoft Windows Server 2008 (32-bit) is installed AND Microsoft Windows Server 2008 (64-bit) is installed AND Microsoft Windows Server 2008 (ia-64) is installed AND the version of Spwmp.dll is greater than or equal 6.0.6001.22000 AND the version of Wmp.dll is less than 11.0.6001.7114 OR Windows Media Player 11 on Windows Vista SP2/Server 2008 SP2 (32-bit)/(64-bit)/ia64 IF Microsoft Windows Vista (32-bit) Service Pack 2 is installed AND Microsoft Windows Vista x64 Edition Service Pack 2 is installed AND Microsoft Windows Server 2008 (32-bit) Service Pack 2 is installed AND Microsoft Windows Server 2008 x64 Edition Service Pack 2 is installed AND Microsoft Windows Server 2008 Itanium-Based Edition Service Pack 2 is installed AND the version of Spwmp.dll is greater than or equal 6.0.6002.22000 AND the version of Wmp.dll is less than 11.0.6002.22172 OR Windows ATL Component on Windows 2000 SP4 Microsoft Windows 2000 SP4 or later is installed AND the version of atl.dll is less than 3.0.9794.0 OR Windows ATL Component on Windows XP, Server 2003, Vista, Server 2008 IF Microsoft Windows XP (x86) SP2 is installed AND Microsoft Windows XP (x86) SP3 is installed AND Microsoft Windows Server 2003 SP2 (x86) is installed AND Microsoft Windows Server 2003 SP2 (x64) is installed AND Microsoft Windows Server 2003 (ia64) SP2 is installed AND Microsoft Windows Vista (32-bit) is installed AND Microsoft Windows Vista x64 Edition is installed AND Microsoft Windows Vista (32-bit) Service Pack 1 is installed AND Microsoft Windows Vista x64 Edition Service Pack 1 is installed AND Microsoft Windows Server 2008 (32-bit) is installed AND Microsoft Windows Server 2008 (64-bit) is installed AND Microsoft Windows Server 2008 (ia-64) is installed AND Microsoft Windows Vista (32-bit) Service Pack 2 is installed AND Microsoft Windows Vista x64 Edition Service Pack 2 is installed AND Microsoft Windows Server 2008 (32-bit) Service Pack 2 is installed AND Microsoft Windows Server 2008 x64 Edition Service Pack 2 is installed AND Microsoft Windows Server 2008 Itanium-Based Edition Service Pack 2 is installed AND Microsoft Windows XP x64 Edition SP2 is installed AND the version of atl.dll is less than 3.5.2284.2 OR DHTML Editing Component ActiveX Control on Windows 2000 SP4 Microsoft Windows 2000 SP4 or later is installed AND the version of dhtmled.ocx is less than 6.1.0.9234 OR DHTML Editing Component ActiveX Control on Windows XP or Server 2003 x86 IF Microsoft Windows XP (x86) SP2 is installed AND Microsoft Windows XP (x86) SP3 is installed AND Microsoft Windows Server 2003 SP2 (x86) is installed AND the version of dhtmled.ocx is less than 6.1.0.9247 OR DHTML Editing Component ActiveX Control on Windows XP or Server 2003 64-bit IF Microsoft Windows Server 2003 SP2 (x64) is installed AND Microsoft Windows Server 2003 (ia64) SP2 is installed AND Microsoft Windows XP x64 Edition SP2 is installed AND the version of wdhtmled.ocx is less than 6.1.0.9247 OR Microsoft MSWebDVD ActiveX Control on Windows XP SP2 x86 Microsoft Windows XP (x86) SP2 is installed AND the version of Mswebdvd.dll is less than 6.5.2600.3610 OR Microsoft MSWebDVD ActiveX Control on Windows XP SP3 x86 Microsoft Windows XP (x86) SP3 is installed AND the version of Mswebdvd.dll is less than 6.5.2600.5857 OR Microsoft MSWebDVD ActiveX Control on Windows XP SP2 x64, Server 2003 x86/x64 IF Microsoft Windows Server 2003 SP2 (x86) is installed AND Microsoft Windows Server 2003 SP2 (x64) is installed AND Microsoft Windows XP x64 Edition SP2 is installed AND the version of Mswebdvd.dll is less than 6.5.3790.4565 OR Microsoft MSWebDVD ActiveX Control on Server 2003 ia64 Microsoft Windows Server 2003 (ia64) SP2 is installed AND the version of Mswebdvd.dll is less than 6.5.3790.3386

Definition Id: oval:org.mitre.oval:def:6289

Oval ID:	oval:org.mitre.oval:def:6289
Title:	ATL Uninitialized Object Vulnerability
Description:	The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold, and Visual C++ 2005 SP1 and 2008 Gold and SP1; and Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2; does not prevent VariantClear calls on an uninitialized VARIANT, which allows remote attackers to execute arbitrary code via a malformed stream to an ATL (1) component or (2) control, related to ATL headers and error handling, aka "ATL Uninitialized Object Vulnerability."
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2009-0901	Version:	8
Platform(s):	Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008	Product(s):	Microsoft Outlook Express Windows Media Player Windows ATL Component DHTML Editing Component ActiveX Control
Definition Synopsis:
Microsoft Outlook Express 5.5 SP2 on Windows 2000 SP4 Microsoft Windows 2000 SP4 or later is installed AND Microsoft Outlook Express 5.5 SP2 is installed. AND the version of Msoe.dll is less than 5.50.5003.1000 OR Microsoft Outlook Express 6 SP1 on Windows 2000 SP4 Microsoft Windows 2000 SP4 or later is installed AND Microsoft Outlook Express 6 SP1 is installed. AND the version of Msoe.dll is less than 6.0.2800.1983 OR Microsoft Outlook Express 6 on Windows XP SP2 x86 Microsoft Windows XP (x86) SP2 is installed AND Microsoft Outlook Express 6.0 for Windows XP/2003 is installed AND the version of Msoe.dll is less than 6.0.2900.3598 OR Microsoft Outlook Express 6 on Windows XP SP3 x86 Microsoft Windows XP (x86) SP3 is installed AND Microsoft Outlook Express 6.0 for Windows XP/2003 is installed AND the version of Msoe.dll is less than 6.0.2900.5843 OR Microsoft Outlook Express 6 on Windows XP SP2 (64-bit) Microsoft Outlook Express 6.0 for Windows XP/2003 is installed AND the version of Msoe.dll is less than 6.0.3790.4548 AND Microsoft Windows XP x64 Edition SP2 is installed OR Microsoft Outlook Express 6 on Windows Server 2003 SP2 x86 Microsoft Windows Server 2003 SP2 (x86) is installed AND Microsoft Outlook Express 6.0 for Windows XP/2003 is installed AND the version of Msoe.dll is less than 6.0.3790.4548 OR Microsoft Outlook Express 6 on Windows Server 2003 SP2 (x64-bit) Microsoft Windows Server 2003 SP2 (x64) is installed AND Microsoft Outlook Express 6.0 for Windows XP/2003 is installed AND the version of Msoe.dll is less than 6.0.3790.4548 OR Microsoft Outlook Express 6 on Windows Server 2003 SP2 (ia64) Microsoft Windows Server 2003 (ia64) SP2 is installed AND Microsoft Outlook Express 6.0 for Windows XP/2003 is installed AND the version of Msoe.dll is less than 6.0.3790.4548 OR Windows Media Player 9 on Windows 2000 SP4 Microsoft Windows 2000 SP4 or later is installed AND Windows Media Player v9 is installed. AND the version of Wmp.dll is less than 9.0.0.3364 OR Windows Media Player 9 on Windows XP SP2 x86 Microsoft Windows XP (x86) SP2 is installed AND Windows Media Player v9 is installed. AND the version of Wmp.dll is less than 9.0.0.3271 OR Windows Media Player 9 on Windows XP SP3 x86 Microsoft Windows XP (x86) SP3 is installed AND Windows Media Player v9 is installed. AND the version of Wmp.dll is less than 9.0.0.4507 OR Windows Media Player 10 on Windows XP SP2/SP3 x86 IF Microsoft Windows XP (x86) SP2 is installed AND Microsoft Windows XP (x86) SP3 is installed AND Windows Media Player v10 is installed. AND the version of Wmp.dll is less than 10.0.0.4074 OR Windows Media Player 10 on Windows XP SP2 (x64-bit) Windows Media Player v10 is installed. AND the version of Wmp.dll is less than 10.0.0.4006 AND Microsoft Windows XP x64 Edition SP2 is installed OR Windows Media Player 10 on Windows Server 2003 SP2 x86 Microsoft Windows Server 2003 SP2 (x86) is installed AND Windows Media Player v10 is installed. AND the version of Wmp.dll is less than 10.0.0.4006 OR Windows Media Player 10 on Windows Server 2003 SP2 (x64-bit) Microsoft Windows Server 2003 SP2 (x64) is installed AND Windows Media Player v10 is installed. AND the version of Wmp.dll is less than 10.0.0.4006 OR Windows Media Player 11 on Windows XP SP2/SP3 x86 IF Microsoft Windows XP (x86) SP2 is installed AND Microsoft Windows XP (x86) SP3 is installed AND Windows Media Player v11 is installed. AND the version of Wmp.dll is less than 11.0.5721.5268 OR Windows Media Player 11 on Windows XP SP2 (x64-bit) Windows Media Player v11 is installed. AND the version of Wmp.dll is less than 11.0.5721.5268 AND Microsoft Windows XP x64 Edition SP2 is installed OR Windows Media Player 11 on Windows Vista (32-bit)/(64-bit) IF Microsoft Windows Vista (32-bit) is installed AND Microsoft Windows Vista x64 Edition is installed AND the version of Spwmp.dll is greater than or equal 6.0.6000.16000 AND the version of Wmp.dll is less than 11.0.6000.6352 OR Windows Media Player 11 on Windows Vista SP1/Server 2008 (32-bit)/(64-bit)/ia64 IF Microsoft Windows Vista (32-bit) Service Pack 1 is installed AND Microsoft Windows Vista x64 Edition Service Pack 1 is installed AND Microsoft Windows Server 2008 (32-bit) is installed AND Microsoft Windows Server 2008 (64-bit) is installed AND Microsoft Windows Server 2008 (ia-64) is installed AND the version of Spwmp.dll is greater than or equal 6.0.6001.18000 AND the version of Wmp.dll is less than 11.0.6001.7007 OR Windows Media Player 11 on Windows Vista SP2/Server 2008 SP2 (32-bit)/(64-bit)/ia64 IF Microsoft Windows Vista (32-bit) Service Pack 2 is installed AND Microsoft Windows Vista x64 Edition Service Pack 2 is installed AND Microsoft Windows Server 2008 (32-bit) Service Pack 2 is installed AND Microsoft Windows Server 2008 x64 Edition Service Pack 2 is installed AND Microsoft Windows Server 2008 Itanium-Based Edition Service Pack 2 is installed AND the version of Spwmp.dll is greater than or equal 6.0.6002.18000 AND the version of Wmp.dll is less than 11.0.6002.18065 OR Windows Media Player 11 on Windows Vista (32-bit)/(64-bit) IF Microsoft Windows Vista (32-bit) is installed AND Microsoft Windows Vista x64 Edition is installed AND the version of Spwmp.dll is greater than or equal 6.0.6000.20000 AND the version of Wmp.dll is less than 11.0.6000.6511 OR Windows Media Player 11 on Windows Vista SP1/Server 2008 (32-bit)/(64-bit)/ia64 IF Microsoft Windows Vista (32-bit) Service Pack 1 is installed AND Microsoft Windows Vista x64 Edition Service Pack 1 is installed AND Microsoft Windows Server 2008 (32-bit) is installed AND Microsoft Windows Server 2008 (64-bit) is installed AND Microsoft Windows Server 2008 (ia-64) is installed AND the version of Spwmp.dll is greater than or equal 6.0.6001.22000 AND the version of Wmp.dll is less than 11.0.6001.7114 OR Windows Media Player 11 on Windows Vista SP2/Server 2008 SP2 (32-bit)/(64-bit)/ia64 IF Microsoft Windows Vista (32-bit) Service Pack 2 is installed AND Microsoft Windows Vista x64 Edition Service Pack 2 is installed AND Microsoft Windows Server 2008 (32-bit) Service Pack 2 is installed AND Microsoft Windows Server 2008 x64 Edition Service Pack 2 is installed AND Microsoft Windows Server 2008 Itanium-Based Edition Service Pack 2 is installed AND the version of Spwmp.dll is greater than or equal 6.0.6002.22000 AND the version of Wmp.dll is less than 11.0.6002.22172 OR Windows ATL Component on Windows 2000 SP4 Microsoft Windows 2000 SP4 or later is installed AND the version of atl.dll is less than 3.0.9794.0 OR Windows ATL Component on Windows XP, Server 2003, Vista, Server 2008 IF Microsoft Windows XP (x86) SP2 is installed AND Microsoft Windows XP (x86) SP3 is installed AND Microsoft Windows Server 2003 SP2 (x86) is installed AND Microsoft Windows Server 2003 SP2 (x64) is installed AND Microsoft Windows Server 2003 (ia64) SP2 is installed AND Microsoft Windows Vista (32-bit) is installed AND Microsoft Windows Vista x64 Edition is installed AND Microsoft Windows Vista (32-bit) Service Pack 1 is installed AND Microsoft Windows Vista x64 Edition Service Pack 1 is installed AND Microsoft Windows Server 2008 (32-bit) is installed AND Microsoft Windows Server 2008 (64-bit) is installed AND Microsoft Windows Server 2008 (ia-64) is installed AND Microsoft Windows Vista (32-bit) Service Pack 2 is installed AND Microsoft Windows Vista x64 Edition Service Pack 2 is installed AND Microsoft Windows Server 2008 (32-bit) Service Pack 2 is installed AND Microsoft Windows Server 2008 x64 Edition Service Pack 2 is installed AND Microsoft Windows Server 2008 Itanium-Based Edition Service Pack 2 is installed AND Microsoft Windows XP x64 Edition SP2 is installed AND the version of atl.dll is less than 3.5.2284.2 OR DHTML Editing Component ActiveX Control on Windows 2000 SP4 Microsoft Windows 2000 SP4 or later is installed AND the version of dhtmled.ocx is less than 6.1.0.9234 OR DHTML Editing Component ActiveX Control on Windows XP or Server 2003 x86 IF Microsoft Windows XP (x86) SP2 is installed AND Microsoft Windows XP (x86) SP3 is installed AND Microsoft Windows Server 2003 SP2 (x86) is installed AND the version of dhtmled.ocx is less than 6.1.0.9247 OR DHTML Editing Component ActiveX Control on Windows XP or Server 2003 64-bit IF Microsoft Windows Server 2003 SP2 (x64) is installed AND Microsoft Windows Server 2003 (ia64) SP2 is installed AND Microsoft Windows XP x64 Edition SP2 is installed AND the version of wdhtmled.ocx is less than 6.1.0.9247 OR Microsoft MSWebDVD ActiveX Control on Windows XP SP2 x86 Microsoft Windows XP (x86) SP2 is installed AND the version of Mswebdvd.dll is less than 6.5.2600.3610 OR Microsoft MSWebDVD ActiveX Control on Windows XP SP3 x86 Microsoft Windows XP (x86) SP3 is installed AND the version of Mswebdvd.dll is less than 6.5.2600.5857 OR Microsoft MSWebDVD ActiveX Control on Windows XP SP2 x64, Server 2003 x86/x64 IF Microsoft Windows Server 2003 SP2 (x86) is installed AND Microsoft Windows Server 2003 SP2 (x64) is installed AND Microsoft Windows XP x64 Edition SP2 is installed AND the version of Mswebdvd.dll is less than 6.5.3790.4565 OR Microsoft MSWebDVD ActiveX Control on Server 2003 ia64 Microsoft Windows Server 2003 (ia64) SP2 is installed AND the version of Mswebdvd.dll is less than 6.5.3790.3386

Definition Id: oval:org.mitre.oval:def:6304

Oval ID:	oval:org.mitre.oval:def:6304
Title:	ATL COM Initialization Vulnerability
Description:	The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold and SP1, and Visual C++ 2005 SP1 and 2008 Gold and SP1; and Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2; does not properly restrict use of OleLoadFromStream in instantiating objects from data streams, which allows remote attackers to execute arbitrary code via a crafted HTML document with an ATL (1) component or (2) control, related to ATL headers and bypassing security policies, aka "ATL COM Initialization Vulnerability."
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2009-2493	Version:	13
Platform(s):	Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008	Product(s):	Microsoft Visual Studio .NET 2003 Microsoft Visual Studio 2005 Microsoft Visual Studio 2008 Microsoft Visual C++ 2005 Redistributable Package Microsoft Visual C++ 2008 Redistributable Package
Definition Synopsis:
Microsoft Visual Studio .NET 2003 SP1 Microsoft Visual Studio .NET 2003 SP1 is installed AND the version of Mfc71.dll is less than 7.10.6101.0 OR Microsoft Visual Studio 2005 Service Pack 1 Microsoft Visual Studio 2005 Service Pack 1 is installed AND the version of ATL80.dll is less than 8.0.50727.4053 OR Microsoft Visual Studio 2008 Microsoft Visual Studio 2008 is installed AND the version of ATL90.dll is less than 9.0.21022.218 OR Microsoft Visual Studio 2008 Service Pack 1 Microsoft Visual Studio 2008 Service Pack 1 is installed AND the version of ATL90.dll is less than 9.0.30729.4148 OR Microsoft Visual C++ 2005 Redistributable Package Microsoft Visual C++ 2005 Redistributable Package is installed AND NOT the version of %SystemRoot%\WinSxS\(x86\|amd64)_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.[0-9]{1,4}.\atl80.dll is greater than or equal 8.0.50727.4053 AND NOT the version of %SystemRoot%\winsxs\(x86\|amd64)_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.[0-9]{1,4}.\atl80.dll is greater than or equal 8.0.50727.4053 OR Microsoft Visual C++ 2008 Redistributable Package Microsoft Visual C++ 2008 Redistributable Package is installed AND NOT the version of %SystemRoot%\WinSxS\(x86\|amd64)_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.[0-9]{1,4}.\atl90.dll is greater than or equal 9.0.30729.4148 AND NOT the version of %SystemRoot%\winsxs\(x86\|amd64)_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.[0-9]{1,4}.\atl90.dll is greater than or equal 9.0.30729.4148

Definition Id: oval:org.mitre.oval:def:6305

Oval ID:	oval:org.mitre.oval:def:6305
Title:	ATL Null String Vulnerability
Description:	The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold and SP1, and Visual C++ 2005 SP1 and 2008 Gold and SP1 does not properly enforce string termination, which allows remote attackers to obtain sensitive information via a crafted HTML document with an ATL (1) component or (2) control that triggers a buffer over-read, related to ATL headers and buffer allocation, aka "ATL Null String Vulnerability."
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2009-2495	Version:	15
Platform(s):	Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008	Product(s):	Microsoft Visual Studio .NET 2003 Microsoft Visual Studio 2005 Microsoft Visual Studio 2008 Microsoft Visual C++ 2005 Redistributable Package Microsoft Visual C++ 2008 Redistributable Package
Definition Synopsis:
Microsoft Visual Studio .NET 2003 SP1 Microsoft Visual Studio .NET 2003 SP1 is installed AND the version of Mfc71.dll is less than 7.10.6101.0 OR Microsoft Visual Studio 2005 Service Pack 1 Microsoft Visual Studio 2005 Service Pack 1 is installed AND the version of ATL80.dll is less than 8.0.50727.4053 OR Microsoft Visual Studio 2008 Microsoft Visual Studio 2008 is installed AND the version of ATL90.dll is less than 9.0.21022.218 OR Microsoft Visual Studio 2008 Service Pack 1 Microsoft Visual Studio 2008 Service Pack 1 is installed AND the version of ATL90.dll is less than 9.0.30729.4148 OR Microsoft Visual C++ 2005 Redistributable Package Microsoft Visual C++ 2005 Redistributable Package is installed AND NOT the version of %SystemRoot%\WinSxS\(x86\|amd64)_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.[0-9]{1,4}.\atl80.dll is greater than or equal 8.0.50727.4053 AND NOT the version of %SystemRoot%\winsxs\(x86\|amd64)_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.[0-9]{1,4}.\atl80.dll is greater than or equal 8.0.50727.4053 OR Microsoft Visual C++ 2008 Redistributable Package Microsoft Visual C++ 2008 Redistributable Package is installed AND NOT the version of %SystemRoot%\WinSxS\(x86\|amd64)_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.[0-9]{1,4}.\atl90.dll is greater than or equal 9.0.30729.4148 AND NOT the version of %SystemRoot%\winsxs\(x86\|amd64)_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.[0-9]{1,4}.\atl90.dll is greater than or equal 9.0.30729.4148

Definition Id: oval:org.mitre.oval:def:6311

Oval ID:	oval:org.mitre.oval:def:6311
Title:	ATL Uninitialized Object Vulnerability
Description:	The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold, and Visual C++ 2005 SP1 and 2008 Gold and SP1; and Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2; does not prevent VariantClear calls on an uninitialized VARIANT, which allows remote attackers to execute arbitrary code via a malformed stream to an ATL (1) component or (2) control, related to ATL headers and error handling, aka "ATL Uninitialized Object Vulnerability."
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2009-0901	Version:	13
Platform(s):	Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008	Product(s):	Microsoft Visual Studio .NET 2003 Microsoft Visual Studio 2005 Microsoft Visual Studio 2008 Microsoft Visual C++ 2005 Redistributable Package Microsoft Visual C++ 2008 Redistributable Package
Definition Synopsis:
Microsoft Visual Studio .NET 2003 SP1 Microsoft Visual Studio .NET 2003 SP1 is installed AND the version of Mfc71.dll is less than 7.10.6101.0 OR Microsoft Visual Studio 2005 Service Pack 1 Microsoft Visual Studio 2005 Service Pack 1 is installed AND the version of ATL80.dll is less than 8.0.50727.4053 OR Microsoft Visual Studio 2008 Microsoft Visual Studio 2008 is installed AND the version of ATL90.dll is less than 9.0.21022.218 OR Microsoft Visual Studio 2008 Service Pack 1 Microsoft Visual Studio 2008 Service Pack 1 is installed AND the version of ATL90.dll is less than 9.0.30729.4148 OR Microsoft Visual C++ 2005 Redistributable Package Microsoft Visual C++ 2005 Redistributable Package is installed AND NOT the version of %SystemRoot%\WinSxS\(x86\|amd64)_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.[0-9]{1,4}.\atl80.dll is greater than or equal 8.0.50727.4053 AND NOT the version of %SystemRoot%\winsxs\(x86\|amd64)_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.[0-9]{1,4}.\atl80.dll is greater than or equal 8.0.50727.4053 OR Microsoft Visual C++ 2008 Redistributable Package Microsoft Visual C++ 2008 Redistributable Package is installed AND NOT the version of %SystemRoot%\WinSxS\(x86\|amd64)_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.[0-9]{1,4}.\atl90.dll is greater than or equal 9.0.30729.4148 AND NOT the version of %SystemRoot%\winsxs\(x86\|amd64)_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.[0-9]{1,4}.\atl90.dll is greater than or equal 9.0.30729.4148

Definition Id: oval:org.mitre.oval:def:6373

Oval ID:	oval:org.mitre.oval:def:6373
Title:	ATL Uninitialized Object Vulnerability
Description:	The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold, and Visual C++ 2005 SP1 and 2008 Gold and SP1; and Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2; does not prevent VariantClear calls on an uninitialized VARIANT, which allows remote attackers to execute arbitrary code via a malformed stream to an ATL (1) component or (2) control, related to ATL headers and error handling, aka "ATL Uninitialized Object Vulnerability."
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2009-0901	Version:	2
Platform(s):	Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003	Product(s):	Microsoft Outlook 2002 Microsoft Outlook 2003 Microsoft Outlook 2007 Microsoft Visio Viewer 2002 Microsoft Office Visio Viewer 2003 Microsoft Office Visio Viewer 2007
Definition Synopsis:
Outlook 2002 Microsoft Outlook 2002 is installed AND the version of Outllib.dll is less than 10.0.6856.0 OR Outlook 2003 Microsoft Outlook 2003 is installed AND the version of Outllib.dll is less than 11.0.8313.0 OR Outlook 2007 Microsoft Outlook 2007 is installed AND the version of Outlook.exe is less than 12.0.6514.5000 OR Microsoft Visio Viewer 2002 Microsoft Visio Viewer 2002 is installed OR Microsoft Office Visio Viewer 2003 Microsoft Office Visio Viewer 2003 is installed OR Microsoft Office Visio Viewer 2007 Microsoft Office Visio Viewer 2007 is installed AND the version of Vviewer.dll is less than 12.0.6513.5000

Definition Id: oval:org.mitre.oval:def:6421

Oval ID:	oval:org.mitre.oval:def:6421
Title:	ATL COM Initialization Vulnerability
Description:	The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold and SP1, and Visual C++ 2005 SP1 and 2008 Gold and SP1; and Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2; does not properly restrict use of OleLoadFromStream in instantiating objects from data streams, which allows remote attackers to execute arbitrary code via a crafted HTML document with an ATL (1) component or (2) control, related to ATL headers and bypassing security policies, aka "ATL COM Initialization Vulnerability."
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2009-2493	Version:	3
Platform(s):	Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2	Product(s):
Definition Synopsis:
IF Microsoft Windows 2000 SP4 or later is installed AND Microsoft Windows XP (x86) SP2 is installed AND Microsoft Windows XP (x86) SP3 is installed AND Microsoft Windows XP x64 Edition SP2 is installed AND Microsoft Windows Server 2003 SP2 (x64) is installed AND Microsoft Windows Server 2003 SP2 (x86) is installed AND Microsoft Windows Server 2003 (ia64) SP2 is installed AND Microsoft Windows Vista (32-bit) is installed AND Microsoft Windows Vista x64 Edition is installed AND Microsoft Windows Vista (32-bit) Service Pack 1 is installed AND Microsoft Windows Vista x64 Edition Service Pack 1 is installed AND Microsoft Windows Server 2008 (32-bit) is installed AND Microsoft Windows Server 2008 (64-bit) is installed AND Microsoft Windows Server 2008 (ia-64) is installed AND Microsoft Windows Vista (32-bit) Service Pack 2 is installed AND Microsoft Windows Vista x64 Edition Service Pack 2 is installed AND Microsoft Windows Server 2008 (32-bit) Service Pack 2 is installed AND Microsoft Windows Server 2008 x64 Edition Service Pack 2 is installed AND Microsoft Windows Server 2008 Itanium-Based Edition Service Pack 2 is installed AND Microsoft Windows 7 (32-bit) is installed AND Microsoft Windows 7 x64 Edition is installed AND Microsoft Windows Server 2008 R2 x64 Edition is installed AND Microsoft Windows Server 2008 R2 Itanium-Based Edition is installed AND HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{0002E531-0000-0000-C000-000000000046}!Compatibility Flags does not exist AND HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{0002E531-0000-0000-C000-000000000046}!Compatibility Flags is not equal to 0x00000400 AND HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{4C85388F-1500-11D1-A0DF-00C04FC9E20F}!Compatibility Flags does not exist AND HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{4C85388F-1500-11D1-A0DF-00C04FC9E20F}!Compatibility Flags is not equal to 0x00000400 AND HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{0002E532-0000-0000-C000-000000000046}!Compatibility Flags does not exist AND HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{0002E532-0000-0000-C000-000000000046}!Compatibility Flags is not equal to 0x00000400 AND HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{0002E554-0000-0000-C000-000000000046}!Compatibility Flags does not exist AND HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{0002E554-0000-0000-C000-000000000046}!Compatibility Flags is not equal to 0x00000400 AND HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{0002E55C-0000-0000-C000-000000000046}!Compatibility Flags does not exist AND HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{0002E55C-0000-0000-C000-000000000046}!Compatibility Flags is not equal to 0x00000400 AND HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{279D6C9A-652E-4833-BEFC-312CA8887857}!Compatibility Flags does not exist AND HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{279D6C9A-652E-4833-BEFC-312CA8887857}!Compatibility Flags is not equal to 0x00000400 AND HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{B1F78FEF-3DB7-4C56-AF2B-5DCCC7C42331}!Compatibility Flags does not exist AND HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{B1F78FEF-3DB7-4C56-AF2B-5DCCC7C42331}!Compatibility Flags is not equal to 0x00000400 AND HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{C832BE8F-4B89-4579-A217-DB92E7A27915}!Compatibility Flags does not exist AND HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{C832BE8F-4B89-4579-A217-DB92E7A27915}!Compatibility Flags is not equal to 0x00000400 AND HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{A9A7297E-969C-43F1-A1EF-51EBEA36F850}!Compatibility Flags does not exist AND HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{A9A7297E-969C-43F1-A1EF-51EBEA36F850}!Compatibility Flags is not equal to 0x00000400 AND HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{DD8C2179-1B4A-4951-B432-5DE3D1507142}!Compatibility Flags does not exist AND HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{DD8C2179-1B4A-4951-B432-5DE3D1507142}!Compatibility Flags is not equal to 0x00000400 AND HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{4F1E5B1A-2A80-42ca-8532-2D05CB959537}!Compatibility Flags does not exist AND HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{4F1E5B1A-2A80-42ca-8532-2D05CB959537}!Compatibility Flags is not equal to 0x00000400 AND HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{27A3D328-D206-4106-8D33-1AA39B13394B}!Compatibility Flags does not exist AND HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{27A3D328-D206-4106-8D33-1AA39B13394B}!Compatibility Flags is not equal to 0x00000400 AND HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{DB640C86-731C-484A-AAAF-750656C9187D}!Compatibility Flags does not exist AND HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{DB640C86-731C-484A-AAAF-750656C9187D}!Compatibility Flags is not equal to 0x00000400 AND HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{15721a53-8448-4731-8bfc-ed11e128e444}!Compatibility Flags does not exist AND HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{15721a53-8448-4731-8bfc-ed11e128e444}!Compatibility Flags is not equal to 0x00000400 AND HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{3267123E-530D-4E73-9DA7-79F01D86A89F}!Compatibility Flags does not exist AND HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{3267123E-530D-4E73-9DA7-79F01D86A89F}!Compatibility Flags is not equal to 0x00000400

Definition Id: oval:org.mitre.oval:def:6473

Oval ID:	oval:org.mitre.oval:def:6473
Title:	ATL COM Initialization Vulnerability
Description:	The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold and SP1, and Visual C++ 2005 SP1 and 2008 Gold and SP1; and Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2; does not properly restrict use of OleLoadFromStream in instantiating objects from data streams, which allows remote attackers to execute arbitrary code via a crafted HTML document with an ATL (1) component or (2) control, related to ATL headers and bypassing security policies, aka "ATL COM Initialization Vulnerability."
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2009-2493	Version:	2
Platform(s):	Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003	Product(s):	Microsoft Outlook 2002 Microsoft Outlook 2003 Microsoft Outlook 2007 Microsoft Visio Viewer 2002 Microsoft Office Visio Viewer 2003 Microsoft Office Visio Viewer 2007
Definition Synopsis:
Outlook 2002 Microsoft Outlook 2002 is installed AND the version of Outllib.dll is less than 10.0.6856.0 OR Outlook 2003 Microsoft Outlook 2003 is installed AND the version of Outllib.dll is less than 11.0.8313.0 OR Outlook 2007 Microsoft Outlook 2007 is installed AND the version of Outlook.exe is less than 12.0.6514.5000 OR Microsoft Visio Viewer 2002 Microsoft Visio Viewer 2002 is installed OR Microsoft Office Visio Viewer 2003 Microsoft Office Visio Viewer 2003 is installed OR Microsoft Office Visio Viewer 2007 Microsoft Office Visio Viewer 2007 is installed AND the version of Vviewer.dll is less than 12.0.6513.5000

Definition Id: oval:org.mitre.oval:def:6478

Oval ID:	oval:org.mitre.oval:def:6478
Title:	ATL Null String Vulnerability
Description:	The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold and SP1, and Visual C++ 2005 SP1 and 2008 Gold and SP1 does not properly enforce string termination, which allows remote attackers to obtain sensitive information via a crafted HTML document with an ATL (1) component or (2) control that triggers a buffer over-read, related to ATL headers and buffer allocation, aka "ATL Null String Vulnerability."
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2009-2495	Version:	3
Platform(s):	Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003	Product(s):	Microsoft Outlook 2002 Microsoft Outlook 2003 Microsoft Outlook 2007 Microsoft Visio Viewer 2002 Microsoft Office Visio Viewer 2003 Microsoft Office Visio Viewer 2007
Definition Synopsis:
Outlook 2002 Microsoft Outlook 2002 is installed AND the version of Outllib.dll is less than 10.0.6856.0 OR Outlook 2003 Microsoft Outlook 2003 is installed AND the version of Outllib.dll is less than 11.0.8313.0 OR Outlook 2007 Microsoft Outlook 2007 is installed AND the version of Outlook.exe is less than 12.0.6514.5000 OR Microsoft Visio Viewer 2002 Microsoft Visio Viewer 2002 is installed OR Microsoft Office Visio Viewer 2003 Microsoft Office Visio Viewer 2003 is installed OR Microsoft Office Visio Viewer 2007 Microsoft Office Visio Viewer 2007 is installed AND the version of Vviewer.dll is less than 12.0.6513.5000

Definition Id: oval:org.mitre.oval:def:6621

Oval ID:	oval:org.mitre.oval:def:6621
Title:	ATL COM Initialization Vulnerability (CVE-2009-2493)
Description:	The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold and SP1, and Visual C++ 2005 SP1 and 2008 Gold and SP1; and Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2; does not properly restrict use of OleLoadFromStream in instantiating objects from data streams, which allows remote attackers to execute arbitrary code via a crafted HTML document with an ATL (1) component or (2) control, related to ATL headers and bypassing security policies, aka "ATL COM Initialization Vulnerability."
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2009-2493	Version:	1
Platform(s):	Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003	Product(s):	Microsoft Internet Explorer
Definition Synopsis:
IF Microsoft Windows 2000 SP4 or later is installed AND Microsoft Internet Explorer 5.01 SP4 is installed AND Mshtml.dll version is less than 5.0.3882.2700 OR Microsoft Windows 2000 SP4 or later is installed AND Microsoft Internet Explorer 6 is installed AND Mshtml.dll version is less than 6.0.2800.1642 OR Microsoft Windows XP (x86) SP2 is installed AND Microsoft Internet Explorer 6 is installed AND Mshtml.dll version is less than 6.0.2900.3640 OR Microsoft Windows XP (x86) SP3 is installed AND Microsoft Internet Explorer 6 is installed AND Mshtml.dll version is less than 6.0.2900.5897 OR IF Microsoft Windows XP x64 Edition SP2 is installed AND Microsoft Windows Server 2003 SP2 (x86) is installed AND Microsoft Windows Server 2003 SP2 (x64) is installed AND Microsoft Windows Server 2003 (ia64) SP2 is installed AND Microsoft Internet Explorer 6 is installed AND Mshtml.dll version is less than 6.0.3790.4611

Definition Id: oval:org.mitre.oval:def:6648

Oval ID:	oval:org.mitre.oval:def:6648
Title:	Adobe Flash Player and AIR Sandbox Bypass Information Disclosure Vulnerability
Description:	Adobe Flash Player before 9.0.246.0 and 10.x before 10.0.32.18, and Adobe AIR before 1.5.2, allows attackers to obtain sensitive information via vectors involving saving an SWF file to a hard drive, related to a "local sandbox vulnerability."
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2009-1870	Version:	12
Platform(s):	Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7 Microsoft Windows Server 2008 R2 Microsoft Windows 8 Microsoft Windows Server 2012 Microsoft Windows 8.1 Microsoft Windows Server 2012 R2	Product(s):	Adobe Flash Player Adobe AIR
Definition Synopsis:
Vulnerable version of Adobe AIR Adobe AIR is installed AND Adobe AIR version is less than 1.5.2 OR Vulnerable version of Adobe Flash Player 10 Adobe Flash Player 10 is installed AND Adobe Flash Player version is less than 10.0.32.18 OR Vulnerable version of Adobe Flash Player 9 Adobe Flash Player 9 is installed AND Adobe Flash Player version is less than 9.0.246.0 OR Flash.ocx section ActiveX Control is installed AND Flash.ocx versions section Determine if the version of Flash.ocx is less than 10.0.32.18 AND Determine if the version of Flash.ocx is less than 9.0.246.0

Definition Id: oval:org.mitre.oval:def:6660

Oval ID:	oval:org.mitre.oval:def:6660
Title:	Adobe Flash Player and AIR Loader Object Heap Memory Corruption Vulnerability
Description:	Heap-based buffer overflow in Adobe Flash Player before 9.0.246.0 and 10.x before 10.0.32.18, and Adobe AIR before 1.5.2, allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unspecified vectors.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2009-1864	Version:	12
Platform(s):	Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7 Microsoft Windows Server 2008 R2 Microsoft Windows 8 Microsoft Windows Server 2012 Microsoft Windows 8.1 Microsoft Windows Server 2012 R2	Product(s):	Adobe Flash Player Adobe AIR
Definition Synopsis:
Vulnerable version of Adobe AIR Adobe AIR is installed AND Adobe AIR version is less than 1.5.2 OR Vulnerable version of Adobe Flash Player 10 Adobe Flash Player 10 is installed AND Adobe Flash Player version is less than 10.0.32.18 OR Vulnerable version of Adobe Flash Player 9 Adobe Flash Player 9 is installed AND Adobe Flash Player version is less than 9.0.246.0 OR Flash.ocx section ActiveX Control is installed AND Flash.ocx versions section Determine if the version of Flash.ocx is less than 10.0.32.18 AND Determine if the version of Flash.ocx is less than 9.0.246.0

Definition Id: oval:org.mitre.oval:def:6694

Oval ID:	oval:org.mitre.oval:def:6694
Title:	Adobe Flash Player and AIR Unspecified Clickjacking Vulnerability
Description:	Adobe Flash Player before 9.0.246.0 and 10.x before 10.0.32.18, and Adobe AIR before 1.5.2, allows attackers to trick a user into (1) selecting a link or (2) completing a dialog, related to a "clickjacking vulnerability."
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2009-1867	Version:	12
Platform(s):	Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7 Microsoft Windows Server 2008 R2 Microsoft Windows 8 Microsoft Windows Server 2012 Microsoft Windows 8.1 Microsoft Windows Server 2012 R2	Product(s):	Adobe Flash Player Adobe AIR
Definition Synopsis:
Vulnerable version of Adobe AIR Adobe AIR is installed AND Adobe AIR version is less than 1.5.2 OR Vulnerable version of Adobe Flash Player 10 Adobe Flash Player 10 is installed AND Adobe Flash Player version is less than 10.0.32.18 OR Vulnerable version of Adobe Flash Player 9 Adobe Flash Player 9 is installed AND Adobe Flash Player version is less than 9.0.246.0 OR Flash.ocx section ActiveX Control is installed AND Flash.ocx versions section Determine if the version of Flash.ocx is less than 10.0.32.18 AND Determine if the version of Flash.ocx is less than 9.0.246.0

Definition Id: oval:org.mitre.oval:def:6716

Oval ID:	oval:org.mitre.oval:def:6716
Title:	ATL COM Initialization Vulnerability
Description:	The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold and SP1, and Visual C++ 2005 SP1 and 2008 Gold and SP1; and Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2; does not properly restrict use of OleLoadFromStream in instantiating objects from data streams, which allows remote attackers to execute arbitrary code via a crafted HTML document with an ATL (1) component or (2) control, related to ATL headers and bypassing security policies, aka "ATL COM Initialization Vulnerability."
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2009-2493	Version:	37
Platform(s):	Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2	Product(s):	Microsoft Outlook 2002 Microsoft Outlook 2003 Microsoft Outlook 2007 Microsoft Visio Viewer 2002 Microsoft Office Visio Viewer 2003 Microsoft Office Visio Viewer 2007 Microsoft Internet Explorer 5 Microsoft Internet Explorer 6 Microsoft Visual Studio .NET 2003 Microsoft Visual Studio 2005 Microsoft Visual Studio 2008 Microsoft Visual C++ 2005 Redistributable Package Microsoft Visual C++ 2008 Redistributable Package Microsoft Outlook Express 5.5 Microsoft Outlook Express 6.0 Windows Media Player 9 Windows Media Player 10 Windows Media Player 11
Definition Synopsis:
Internet Explorer 5.01 on Windows 2000 Microsoft Windows 2000 is installed AND Microsoft Internet Explorer 5.01 SP4 is installed AND Mshtml.dll version is less than 5.0.3882.2700 OR Check for vulnerable Internet Explorer 6 Microsoft Internet Explorer 6 is installed AND Check for vulnerable OS Check for vulnerable Windows 2000 Microsoft Windows 2000 is installed AND Mshtml.dll version is less than 6.0.2800.1642 OR Check for vulnerable Windows XP (x86) Microsoft Windows XP (32-bit) is installed AND Mshtml.dll version is less than 6.0.2900.3640 OR Check for vulnerable Windows XP (x86) Microsoft Windows XP (32-bit) is installed AND Mshtml.dll version is less than 6.0.2900.5897 OR Check for vulnerable OS Check for vulnerable Windows XP x64/Windows Server 2003 (x86)/(x64)/(ia64) Microsoft Windows XP x64 is installed AND Microsoft Windows Server 2003 (32-bit) is installed AND Microsoft Windows Server 2003 (x64) is installed AND Microsoft Windows Server 2003 (ia64) Gold is installed AND Mshtml.dll version is less than 6.0.3790.4611 OR Outlook 2002 Microsoft Outlook 2002 is installed AND the version of Outllib.dll is less than 10.0.6856.0 OR Outlook 2003 Microsoft Outlook 2003 is installed AND the version of Outllib.dll is less than 11.0.8313.0 OR Outlook 2007 Microsoft Outlook 2007 Microsoft Outlook 2007 SP1 is installed AND Microsoft Outlook 2007 SP2 is installed AND the version of Outlook.exe is less than 12.0.6514.5000 AND Microsoft Visio Viewer 2002 is installed AND Microsoft Office Visio Viewer 2003 is installed OR Microsoft Office Visio Viewer 2007 Microsoft Office Visio Viewer 2007 is installed AND the version of Vviewer.dll is less than 12.0.6513.5000 OR Microsoft Windows OS and Vulnerable ActiveX OS Check Microsoft Windows 2000 is installed AND Microsoft Windows XP (32-bit) is installed AND Microsoft Windows XP x64 is installed AND Microsoft Windows Server 2003 (x64) is installed AND Microsoft Windows Server 2003 (32-bit) is installed AND Microsoft Windows Server 2003 (ia64) Gold is installed AND Microsoft Windows Vista (32-bit) is installed AND Microsoft Windows Vista x64 Edition is installed AND Microsoft Windows Server 2008 (32-bit) is installed AND Microsoft Windows Server 2008 (64-bit) is installed AND Microsoft Windows Server 2008 (ia-64) is installed AND Microsoft Windows 7 (32-bit) is installed AND Microsoft Windows 7 x64 Edition is installed AND Microsoft Windows Server 2008 R2 x64 Edition is installed AND Microsoft Windows Server 2008 R2 Itanium-Based Edition is installed AND Vulnerable ActiveX HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{0002E531-0000-0000-C000-000000000046}!Compatibility Flags does not exist AND HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{0002E531-0000-0000-C000-000000000046}!Compatibility Flags is not equal to 0x00000400 AND HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{4C85388F-1500-11D1-A0DF-00C04FC9E20F}!Compatibility Flags does not exist AND HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{4C85388F-1500-11D1-A0DF-00C04FC9E20F}!Compatibility Flags is not equal to 0x00000400 AND HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{0002E532-0000-0000-C000-000000000046}!Compatibility Flags does not exist AND HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{0002E532-0000-0000-C000-000000000046}!Compatibility Flags is not equal to 0x00000400 AND HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{0002E554-0000-0000-C000-000000000046}!Compatibility Flags does not exist AND HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{0002E554-0000-0000-C000-000000000046}!Compatibility Flags is not equal to 0x00000400 AND HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{0002E55C-0000-0000-C000-000000000046}!Compatibility Flags does not exist AND HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{0002E55C-0000-0000-C000-000000000046}!Compatibility Flags is not equal to 0x00000400 AND HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{279D6C9A-652E-4833-BEFC-312CA8887857}!Compatibility Flags does not exist AND HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{279D6C9A-652E-4833-BEFC-312CA8887857}!Compatibility Flags is not equal to 0x00000400 AND HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{B1F78FEF-3DB7-4C56-AF2B-5DCCC7C42331}!Compatibility Flags does not exist AND HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{B1F78FEF-3DB7-4C56-AF2B-5DCCC7C42331}!Compatibility Flags is not equal to 0x00000400 AND HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{C832BE8F-4B89-4579-A217-DB92E7A27915}!Compatibility Flags does not exist AND HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{C832BE8F-4B89-4579-A217-DB92E7A27915}!Compatibility Flags is not equal to 0x00000400 AND HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{A9A7297E-969C-43F1-A1EF-51EBEA36F850}!Compatibility Flags does not exist AND HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{A9A7297E-969C-43F1-A1EF-51EBEA36F850}!Compatibility Flags is not equal to 0x00000400 AND HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{DD8C2179-1B4A-4951-B432-5DE3D1507142}!Compatibility Flags does not exist AND HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{DD8C2179-1B4A-4951-B432-5DE3D1507142}!Compatibility Flags is not equal to 0x00000400 AND HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{4F1E5B1A-2A80-42ca-8532-2D05CB959537}!Compatibility Flags does not exist AND HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{4F1E5B1A-2A80-42ca-8532-2D05CB959537}!Compatibility Flags is not equal to 0x00000400 AND HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{27A3D328-D206-4106-8D33-1AA39B13394B}!Compatibility Flags does not exist AND HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{27A3D328-D206-4106-8D33-1AA39B13394B}!Compatibility Flags is not equal to 0x00000400 AND HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{DB640C86-731C-484A-AAAF-750656C9187D}!Compatibility Flags does not exist AND HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{DB640C86-731C-484A-AAAF-750656C9187D}!Compatibility Flags is not equal to 0x00000400 AND HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{15721a53-8448-4731-8bfc-ed11e128e444}!Compatibility Flags does not exist AND HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{15721a53-8448-4731-8bfc-ed11e128e444}!Compatibility Flags is not equal to 0x00000400 AND HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{3267123E-530D-4E73-9DA7-79F01D86A89F}!Compatibility Flags does not exist AND HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{3267123E-530D-4E73-9DA7-79F01D86A89F}!Compatibility Flags is not equal to 0x00000400 OR Microsoft Visual Studio .NET 2003 SP1 Microsoft Visual Studio .NET 2003 SP1 is installed AND the version of Mfc71.dll is less than 7.10.6101.0 OR Microsoft Visual Studio 2005 SP1 Microsoft Visual Studio 2005 Service Pack 1 is installed AND the version of ATL80.dll is less than 8.0.50727.4053 AND ATL80.dll exists OR Microsoft Visual Studio 2008 Microsoft Visual Studio 2008 is installed AND the version of ATL90.dll is less than 9.0.21022.218 AND ATL90.dll exists OR Microsoft Visual Studio 2008 SP1 Microsoft Visual Studio 2008 Service Pack 1 is installed AND the version of ATL90.dll is less than 9.0.30729.4148 AND ATL90.dll exists OR Microsoft Visual C++ 2005 Redistributable Package Microsoft Visual C++ 2005 Redistributable Package is installed AND atl80.dll version the version of %SystemRoot%\WinSxS\(x86\|amd64)_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.[0-9]{1,4}.\atl80.dll is less than 8.0.50727.4053 AND the version of %SystemRoot%\winsxs\(x86\|amd64)_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.[0-9]{1,4}.\atl80.dll is less than 8.0.50727.4053 OR Microsoft Visual C++ 2008 Redistributable Package Microsoft Visual C++ 2008 Redistributable Package is installed AND atl90.dll version the version of %SystemRoot%\WinSxS\(x86\|amd64)_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.[0-9]{1,4}.\atl90.dll is less than 9.0.30729.4148 AND the version of %SystemRoot%\winsxs\(x86\|amd64)_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.[0-9]{1,4}.\atl90.dll is less than 9.0.30729.4148 OR Microsoft Outlook Express 5.5 SP2 on Windows 2000 Microsoft Windows 2000 is installed AND Microsoft Outlook Express 5.5 SP2 is installed. AND the version of Msoe.dll is less than 5.50.5003.1000 OR Microsoft Outlook Express 6 SP1 on Windows 2000 Microsoft Windows 2000 is installed AND Microsoft Outlook Express 6 SP1 is installed. AND the version of Msoe.dll is less than 6.0.2800.1983 OR Microsoft Outlook Express 6 on Windows XP x86 Microsoft Outlook Express 6.0 for Windows XP/2003 is installed AND Check for affected platforms with vulnerable file Check for Windows XP x86 Microsoft Windows XP (32-bit) is installed AND the version of Msoe.dll is less than 6.0.2900.3598 OR Check for Windows XP x86 Microsoft Windows XP (32-bit) is installed AND the version of Msoe.dll is less than 6.0.2900.5843 OR Check for Windows XP (64-bit) and 2003 x86/x64/ia64 OS Check Microsoft Windows Server 2003 (32-bit) is installed AND Microsoft Windows Server 2003 (x64) is installed AND Microsoft Windows Server 2003 (ia64) Gold is installed AND Microsoft Windows XP x64 is installed AND the version of Msoe.dll is less than 6.0.3790.4548 OR Windows Media Player 9 on Windows 2000 (KB973540) Microsoft Windows 2000 is installed AND Windows Media Player v9 is installed. AND file checks the version of Wmp.dll is less than 9.0.0.3364 AND Wmpdxm.dll version is less than 9.0.0.3364 OR Windows Media Player 9 on Windows XP x86 (KB973540) Microsoft Windows XP (32-bit) is installed AND Windows Media Player v9 is installed. AND file checks the version of Wmp.dll is less than 9.0.0.3364 AND Wmpdxm.dll version is less than 9.0.0.3364 OR Windows Media Player 9 on Windows XP x86 (KB973540) Microsoft Windows XP (32-bit) is installed AND Windows Media Player v9 is installed. AND file checks Wmp.dll version is less than 9.0.0.4507 AND Wmpdxm.dll version is less than 9.0.0.4507 OR Windows Media Player 10 on Windows XP x86/x64, Server 2003 x86/x64 (KB973540) Windows Media Player v10 is installed. AND Check for affected platforms with vulnerable file Check for Windows XP Microsoft Windows XP (32-bit) is installed AND file checks Wmp.dll version is less than 10.0.0.4074 AND Wmpdxm.dll version is less than 10.0.0.4074 OR Check for Windows XP x64, Windows Server 2003 x64 OS Check Microsoft Windows Server 2003 (x64) is installed AND Microsoft Windows XP x64 is installed AND file checks the version of Wwmp.dll is less than 10.0.0.4006 AND Wwmpdxm.dll version is less than 10.0.0.4006 OR Check for Windows Server 2003 x86 Microsoft Windows Server 2003 (32-bit) is installed AND file checks the version of Wmp.dll is less than 10.0.0.4006 AND Wmpdxm.dll version is less than 10.0.0.4006 OR Windows Media Player 11 on Windows XP x86/x64 (KB973540) OS Check Microsoft Windows XP (32-bit) is installed AND Microsoft Windows XP x64 is installed AND Windows Media Player v11 is installed. AND file checks Wmp.dll version is less than 11.0.5721.5268 AND Wmpdxm.dll version is less than 11.0.5721.5268 OR Windows Media Player 11 on Windows Vista 32-bit/64-bit RTM (KB973540) OS Check Microsoft Windows Vista (32-bit) is installed AND Microsoft Windows Vista x64 Edition is installed AND Windows Media Player v11 is installed. AND GDR/LDR version check the version of Wmp.dll is less than 11.0.6000.6352 AND Wmpdxm.dll version is less than 11.0.6000.6352 OR LDR version check the version of Spwmp.dll is greater than or equal 6.0.6000.20000 AND file checks the version of Wmp.dll is less than 11.0.6000.6511 AND Wmpdxm.dll version is less than 11.0.6000.6511 OR Windows Media Player 11 on Windows Vista 32/64-bit, Server 2008 32/64-bit (KB973540) OS Check Microsoft Windows Vista (32-bit) is installed AND Microsoft Windows Vista x64 Edition is installed AND Microsoft Windows Server 2008 (32-bit) is installed AND Microsoft Windows Server 2008 (64-bit) is installed AND Windows Media Player v11 is installed. AND GDR/LDR version check Wmp.dll version is less than 11.0.6001.7007 AND Wmpdxm.dll version is less than 11.0.6001.7007 OR LDR version check Spwmp.dll version is greater than or equal to 6.0.6001.22000 AND file checks Wmp.dll version is less than 11.0.6001.7114 AND Wmpdxm.dll version is less than 11.0.6001.7114 OR Windows Media Player 11 on Windows Vista 32/64-bit, Server 2008 32/64-bit (KB973540) OS Check Microsoft Windows Vista (32-bit) is installed AND Microsoft Windows Vista x64 Edition is installed AND Microsoft Windows Server 2008 (32-bit) is installed AND Microsoft Windows Server 2008 (64-bit) is installed AND Windows Media Player v11 is installed. AND GDR/LDR version check Wmp.dll version is less than 11.0.6002.18065 AND Wmpdxm.dll version is less than 11.0.6002.18065 OR LDR version check Spwmp.dll version is greater than or equal 6.0.6002.22000 AND file checks Wmp.dll version is less than 11.0.6002.22172 AND Wmpdxm.dll version is less than 11.0.6002.22172 OR Windows ATL Component on Windows 2000 Microsoft Windows 2000 is installed AND the version of atl.dll is less than 3.0.9794.0 OR Windows ATL Component on Windows XP, Server 2003, Vista, Server 2008 OS Check Microsoft Windows XP (32-bit) is installed AND Microsoft Windows XP x64 is installed AND Microsoft Windows Server 2003 (32-bit) is installed AND Microsoft Windows Server 2003 (x64) is installed AND Microsoft Windows Server 2003 (ia64) Gold is installed AND Microsoft Windows Vista (32-bit) is installed AND Microsoft Windows Vista x64 Edition is installed AND Microsoft Windows Server 2008 (32-bit) is installed AND Microsoft Windows Server 2008 (64-bit) is installed AND Microsoft Windows Server 2008 (ia-64) is installed AND the version of atl.dll is less than 3.5.2284.2 OR DHTML Editing Component ActiveX Control on Windows 2000 Microsoft Windows 2000 is installed AND the version of dhtmled.ocx is less than 6.1.0.9234 OR DHTML Editing Component ActiveX Control on Windows XP or Server 2003 x86 OS Check Microsoft Windows XP (32-bit) is installed AND Microsoft Windows Server 2003 (32-bit) is installed AND the version of dhtmled.ocx is less than 6.1.0.9247 OR DHTML Editing Component ActiveX Control on Windows XP or Server 2003 64-bit OS Check Microsoft Windows Server 2003 (x64) is installed AND Microsoft Windows Server 2003 (ia64) Gold is installed AND Microsoft Windows XP x64 is installed AND the version of wdhtmled.ocx is less than 6.1.0.9247 OR Microsoft MSWebDVD ActiveX Control on Windows XP x86 Microsoft Windows XP (32-bit) is installed AND Mswebdvd.dll version is less than 6.5.2600.3610 OR Microsoft MSWebDVD ActiveX Control on Windows XP x86 Microsoft Windows XP (32-bit) is installed AND Mswebdvd.dll version is less than 6.5.2600.5857 OR Microsoft MSWebDVD ActiveX Control on Windows XP x64, Server 2003 x86/x64 OS Check Microsoft Windows Server 2003 (32-bit) is installed AND Microsoft Windows Server 2003 (x64) is installed AND Microsoft Windows XP x64 is installed AND the version of Mswebdvd.dll is less than 6.5.3790.4565 OR Microsoft MSWebDVD ActiveX Control on Server 2003 ia64 Microsoft Windows Server 2003 (ia64) Gold is installed AND the version of Mswebdvd.dll is less than 6.5.3790.3386 OR Microsoft HtmlInput Object ActiveX Control in Windows Vista OS Check for windows Vista X86/x64 Microsoft Windows Vista (32-bit) is installed AND Microsoft Windows Vista x64 Edition is installed AND GRD/LDR version Check the version of Ehkeyctl.dll is less than 6.0.6000.16891 OR LDR version check the version of Ehkeyctl.dll is greater than or equal 6.0.6000.20000 AND the version of Ehkeyctl.dll is less than 6.0.6000.21090 OR Microsoft HtmlInput Object ActiveX Control in Windows Vista OS Check Microsoft Windows Vista (32-bit) is installed AND Microsoft Windows Vista x64 Edition is installed AND GDR/LDR version Check the version of Ehkeyctl.dll is less than 6.0.6001.18295 OR LDR version check the version of Ehkeyctl.dll is greater than or equal 6.0.6001.22000 AND the version of Ehkeyctl.dll is less than 6.0.6001.22476 OR Microsoft HtmlInput Object ActiveX Control in Windows Vista OS check Microsoft Windows Vista (32-bit) is installed AND Microsoft Windows Vista x64 Edition is installed AND GDR/LDR version check the version of Ehkeyctl.dll is less than 6.0.6002.18072 OR LDR version check the version of Ehkeyctl.dll is greater than or equal 6.0.6002.22000 AND the version of Ehkeyctl.dll is less than 6.0.6002.22181

Definition Id: oval:org.mitre.oval:def:6865

Oval ID:	oval:org.mitre.oval:def:6865
Title:	Adobe Flash Player and AIR URI Parsing Heap Buffer Overflow Vulnerability
Description:	Heap-based buffer overflow in Adobe Flash Player before 9.0.246.0 and 10.x before 10.0.32.18, and Adobe AIR before 1.5.2, allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unspecified vectors involving URL parsing.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2009-1868	Version:	12
Platform(s):	Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7 Microsoft Windows Server 2008 R2 Microsoft Windows 8 Microsoft Windows Server 2012 Microsoft Windows 8.1 Microsoft Windows Server 2012 R2	Product(s):	Adobe Flash Player Adobe AIR
Definition Synopsis:
Vulnerable version of Adobe AIR Adobe AIR is installed AND Adobe AIR version is less than 1.5.2 OR Vulnerable version of Adobe Flash Player 10 Adobe Flash Player 10 is installed AND Adobe Flash Player version is less than 10.0.32.18 OR Vulnerable version of Adobe Flash Player 9 Adobe Flash Player 9 is installed AND Adobe Flash Player version is less than 9.0.246.0 OR Flash.ocx section ActiveX Control is installed AND Flash.ocx versions section Determine if the version of Flash.ocx is less than 10.0.32.18 AND Determine if the version of Flash.ocx is less than 9.0.246.0

Definition Id: oval:org.mitre.oval:def:6961

Oval ID:	oval:org.mitre.oval:def:6961
Title:	Adobe Flash Player and AIR Unspecified Privilege Escalation Vulnerability
Description:	Unspecified vulnerability in Adobe Flash Player before 9.0.246.0 and 10.x before 10.0.32.18, and Adobe AIR before 1.5.2, allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unknown vectors, related to a "privilege escalation vulnerability."
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2009-1863	Version:	12
Platform(s):	Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7 Microsoft Windows Server 2008 R2 Microsoft Windows 8 Microsoft Windows Server 2012 Microsoft Windows 8.1 Microsoft Windows Server 2012 R2	Product(s):	Adobe Flash Player Adobe AIR
Definition Synopsis:
Vulnerable version of Adobe AIR Adobe AIR is installed AND Adobe AIR version is less than 1.5.2 OR Vulnerable version of Adobe Flash Player 10 Adobe Flash Player 10 is installed AND Adobe Flash Player version is less than 10.0.32.18 OR Vulnerable version of Adobe Flash Player 9 Adobe Flash Player 9 is installed AND Adobe Flash Player version is less than 9.0.246.0 OR Flash.ocx section ActiveX Control is installed AND Flash.ocx versions section Determine if the version of Flash.ocx is less than 10.0.32.18 AND Determine if the version of Flash.ocx is less than 9.0.246.0

Definition Id: oval:org.mitre.oval:def:6998

Oval ID:	oval:org.mitre.oval:def:6998
Title:	Adobe Flash Player and AIR 'intf_count' Integer Overflow Vulnerability
Description:	Integer overflow in the ActionScript Virtual Machine 2 (AVM2) abcFile parser in Adobe Flash Player before 9.0.246.0 and 10.x before 10.0.32.18, and Adobe AIR before 1.5.2, allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an AVM2 file with a large intrf_count value that triggers a dereference of an out-of-bounds pointer.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2009-1869	Version:	12
Platform(s):	Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7 Microsoft Windows Server 2008 R2 Microsoft Windows 8 Microsoft Windows Server 2012 Microsoft Windows 8.1 Microsoft Windows Server 2012 R2	Product(s):	Adobe Flash Player Adobe AIR
Definition Synopsis:
Vulnerable version of Adobe AIR Adobe AIR is installed AND Adobe AIR version is less than 1.5.2 OR Vulnerable version of Adobe Flash Player 10 Adobe Flash Player 10 is installed AND Adobe Flash Player version is less than 10.0.32.18 OR Vulnerable version of Adobe Flash Player 9 Adobe Flash Player 9 is installed AND Adobe Flash Player version is less than 9.0.246.0 OR Flash.ocx section ActiveX Control is installed AND Flash.ocx versions section Determine if the version of Flash.ocx is less than 10.0.32.18 AND Determine if the version of Flash.ocx is less than 9.0.246.0

Definition Id: oval:org.mitre.oval:def:7011

Oval ID:	oval:org.mitre.oval:def:7011
Title:	Adobe Flash Player and AIR NULL Pointer Exception Remote Code Execution Vulnerability
Description:	Adobe Flash Player before 9.0.246.0 and 10.x before 10.0.32.18, and Adobe AIR before 1.5.2, allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unspecified vectors, related to a "null pointer vulnerability."
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2009-1865	Version:	12
Platform(s):	Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7 Microsoft Windows Server 2008 R2 Microsoft Windows 8 Microsoft Windows Server 2012 Microsoft Windows 8.1 Microsoft Windows Server 2012 R2	Product(s):	Adobe Flash Player Adobe AIR
Definition Synopsis:
Vulnerable version of Adobe AIR Adobe AIR is installed AND Adobe AIR version is less than 1.5.2 OR Vulnerable version of Adobe Flash Player 10 Adobe Flash Player 10 is installed AND Adobe Flash Player version is less than 10.0.32.18 OR Vulnerable version of Adobe Flash Player 9 Adobe Flash Player 9 is installed AND Adobe Flash Player version is less than 9.0.246.0 OR Flash.ocx section ActiveX Control is installed AND Flash.ocx versions section Determine if the version of Flash.ocx is less than 10.0.32.18 AND Determine if the version of Flash.ocx is less than 9.0.246.0

Definition Id: oval:org.mitre.oval:def:7271

Oval ID:	oval:org.mitre.oval:def:7271
Title:	Adobe Flash Player and AIR Stack Buffer Overflow Vulnerability
Description:	Stack-based buffer overflow in Adobe Flash Player before 9.0.246.0 and 10.x before 10.0.32.18, and Adobe AIR before 1.5.2, allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unspecified vectors.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2009-1866	Version:	12
Platform(s):	Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7 Microsoft Windows Server 2008 R2 Microsoft Windows 8 Microsoft Windows Server 2012 Microsoft Windows 8.1 Microsoft Windows Server 2012 R2	Product(s):	Adobe Flash Player Adobe AIR
Definition Synopsis:
Vulnerable version of Adobe AIR Adobe AIR is installed AND Adobe AIR version is less than 1.5.2 OR Vulnerable version of Adobe Flash Player 10 Adobe Flash Player 10 is installed AND Adobe Flash Player version is less than 10.0.32.18 OR Vulnerable version of Adobe Flash Player 9 Adobe Flash Player 9 is installed AND Adobe Flash Player version is less than 9.0.246.0 OR Flash.ocx section ActiveX Control is installed AND Flash.ocx versions section Determine if the version of Flash.ocx is less than 10.0.32.18 AND Determine if the version of Flash.ocx is less than 9.0.246.0

Definition Id: oval:org.mitre.oval:def:7573

Oval ID:	oval:org.mitre.oval:def:7573
Title:	ATL Null String Vulnerability
Description:	The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold and SP1, and Visual C++ 2005 SP1 and 2008 Gold and SP1 does not properly enforce string termination, which allows remote attackers to obtain sensitive information via a crafted HTML document with an ATL (1) component or (2) control that triggers a buffer over-read, related to ATL headers and buffer allocation, aka "ATL Null String Vulnerability."
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2009-2495	Version:	24
Platform(s):	Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008	Product(s):	Microsoft Outlook 2002 Microsoft Outlook 2003 Microsoft Outlook 2007 Microsoft Visio Viewer 2002 Microsoft Office Visio Viewer 2003 Microsoft Office Visio Viewer 2007 Microsoft Visual Studio .NET 2003 Microsoft Visual Studio 2005 Microsoft Visual Studio 2008 Microsoft Visual C++ 2005 Redistributable Package Microsoft Visual C++ 2008 Redistributable Package
Definition Synopsis:
Outlook 2002 Microsoft Outlook 2002 is installed AND the version of Outllib.dll is less than 10.0.6856.0 OR Outlook 2003 Microsoft Outlook 2003 is installed AND the version of Outllib.dll is less than 11.0.8313.0 OR Outlook 2007 Microsoft Outlook 2007 is installed AND the version of Outlook.exe is less than 12.0.6514.5000 OR Microsoft Visio Viewer 2002 Microsoft Visio Viewer 2002 is installed OR Microsoft Office Visio Viewer 2003 Microsoft Office Visio Viewer 2003 is installed OR Microsoft Office Visio Viewer 2007 Microsoft Office Visio Viewer 2007 is installed AND the version of Vviewer.dll is less than 12.0.6513.5000 OR Microsoft Visual Studio .NET 2003 SP1 Microsoft Visual Studio .NET 2003 SP1 is installed AND the version of Mfc71.dll is less than 7.10.6101.0 OR Microsoft Visual Studio 2005 Service Pack 1 Microsoft Visual Studio 2005 Service Pack 1 is installed AND the version of ATL80.dll is less than 8.0.50727.4053 OR Microsoft Visual Studio 2008 Microsoft Visual Studio 2008 is installed AND the version of ATL90.dll is less than 9.0.21022.218 OR Microsoft Visual Studio 2008 Service Pack 1 Microsoft Visual Studio 2008 Service Pack 1 is installed AND the version of ATL90.dll is less than 9.0.30729.4148 OR Microsoft Visual C++ 2005 Redistributable Package Microsoft Visual C++ 2005 Redistributable Package is installed AND the version of %SystemRoot%\WinSxS\(x86\|amd64)_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.[0-9]{1,4}.\atl80.dll is less than 8.0.50727.4053 AND the version of %SystemRoot%\winsxs\(x86\|amd64)_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.[0-9]{1,4}.\atl80.dll is less than 8.0.50727.4053 OR Microsoft Visual C++ 2008 Redistributable Package Microsoft Visual C++ 2008 Redistributable Package is installed AND the version of %SystemRoot%\WinSxS\(x86\|amd64)_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.[0-9]{1,4}.\atl90.dll is less than 9.0.30729.4148 AND the version of %SystemRoot%\winsxs\(x86\|amd64)_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.[0-9]{1,4}.\atl90.dll is less than 9.0.30729.4148

Definition Id: oval:org.mitre.oval:def:7581

Oval ID:	oval:org.mitre.oval:def:7581
Title:	ATL Uninitialized Object Vulnerability
Description:	The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold, and Visual C++ 2005 SP1 and 2008 Gold and SP1; and Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2; does not prevent VariantClear calls on an uninitialized VARIANT, which allows remote attackers to execute arbitrary code via a malformed stream to an ATL (1) component or (2) control, related to ATL headers and error handling, aka "ATL Uninitialized Object Vulnerability."
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2009-0901	Version:	35
Platform(s):	Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008	Product(s):	Microsoft Outlook 2002 Microsoft Outlook 2003 Microsoft Outlook 2007 Microsoft Visio Viewer 2002 Microsoft Office Visio Viewer 2003 Microsoft Office Visio Viewer 2007 Microsoft Visual Studio .NET 2003 Microsoft Visual Studio 2005 Microsoft Visual Studio 2008 Microsoft Visual C++ 2005 Redistributable Package Microsoft Visual C++ 2008 Redistributable Package Microsoft Outlook Express 5.5 Microsoft Outlook Express 6.0 Windows Media Player 9 Windows Media Player 10 Windows Media Player 11
Definition Synopsis:
Outlook 2002 Microsoft Outlook 2002 is installed AND the version of Outllib.dll is less than 10.0.6856.0 OR Outlook 2003 Microsoft Outlook 2003 is installed AND the version of Outllib.dll is less than 11.0.8313.0 OR Outlook 2007 Microsoft Outlook 2007 Microsoft Outlook 2007 SP1 is installed AND Microsoft Outlook 2007 SP2 is installed AND the version of Outlook.exe is less than 12.0.6514.5000 AND Microsoft Visio Viewer 2002 is installed AND Microsoft Office Visio Viewer 2003 is installed OR Microsoft Office Visio Viewer 2007 Microsoft Office Visio Viewer 2007 is installed AND the version of Vviewer.dll is less than 12.0.6513.5000 OR Microsoft Visual Studio .NET 2003 SP1 Microsoft Visual Studio .NET 2003 SP1 is installed AND the version of Mfc71.dll is less than 7.10.6101.0 OR Microsoft Visual Studio 2005 SP1 Microsoft Visual Studio 2005 Service Pack 1 is installed AND the version of ATL80.dll is less than 8.0.50727.4053 AND ATL80.dll exists OR Microsoft Visual Studio 2008 Microsoft Visual Studio 2008 is installed AND the version of ATL90.dll is less than 9.0.21022.218 AND ATL90.dll exists OR Microsoft Visual Studio 2008 SP1 Microsoft Visual Studio 2008 Service Pack 1 is installed AND the version of ATL90.dll is less than 9.0.30729.4148 AND ATL90.dll exists OR Microsoft Visual C++ 2005 Redistributable Package Microsoft Visual C++ 2005 Redistributable Package is installed AND the version of %SystemRoot%\WinSxS\(x86\|amd64)_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.[0-9]{1,4}.\atl80.dll is less than 8.0.50727.4053 AND the version of %SystemRoot%\winsxs\(x86\|amd64)_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.[0-9]{1,4}.\atl80.dll is less than 8.0.50727.4053 OR Microsoft Visual C++ 2008 Redistributable Package Microsoft Visual C++ 2008 Redistributable Package is installed AND the version of %SystemRoot%\WinSxS\(x86\|amd64)_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.[0-9]{1,4}.\atl90.dll is less than 9.0.30729.4148 AND the version of %SystemRoot%\winsxs\(x86\|amd64)_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.[0-9]{1,4}.\atl90.dll is less than 9.0.30729.4148 OR Microsoft Outlook Express 5.5 SP2 on Windows 2000 Microsoft Windows 2000 is installed AND Microsoft Outlook Express 5.5 SP2 is installed. AND the version of Msoe.dll is less than 5.50.5003.1000 OR Microsoft Outlook Express 6 SP1 on Windows 2000 Microsoft Windows 2000 is installed AND Microsoft Outlook Express 6 SP1 is installed. AND the version of Msoe.dll is less than 6.0.2800.1983 OR Microsoft Outlook Express 6 on Windows XP x86 Microsoft Outlook Express 6.0 for Windows XP/2003 is installed AND Check for affected platforms with vulnerable file Check for Windows XP x86 Microsoft Windows XP (32-bit) is installed AND the version of Msoe.dll is less than 6.0.2900.3598 OR Check for Windows XP x86 Microsoft Windows XP (32-bit) is installed AND the version of Msoe.dll is less than 6.0.2900.5843 OR Check for Windows XP (64-bit) and 2003 x86/x64/ia64 OS Check Microsoft Windows Server 2003 (32-bit) is installed AND Microsoft Windows Server 2003 (x64) is installed AND Microsoft Windows Server 2003 (ia64) Gold is installed AND Microsoft Windows XP x64 is installed AND the version of Msoe.dll is less than 6.0.3790.4548 OR Windows Media Player 9 on Windows 2000 (KB973540) Microsoft Windows 2000 is installed AND Windows Media Player v9 is installed. AND file checks the version of Wmp.dll is less than 9.0.0.3364 AND Wmpdxm.dll version is less than 9.0.0.3364 OR Windows Media Player 9 on Windows XP x86 (KB973540) Microsoft Windows XP (32-bit) is installed AND Windows Media Player v9 is installed. AND file checks the version of Wmp.dll is less than 9.0.0.3364 AND Wmpdxm.dll version is less than 9.0.0.3364 OR Windows Media Player 9 on Windows XP x86 (KB973540) Microsoft Windows XP (32-bit) is installed AND Windows Media Player v9 is installed. AND file checks Wmp.dll version is less than 9.0.0.4507 AND Wmpdxm.dll version is less than 9.0.0.4507 OR Windows Media Player 10 on Windows XP x86/x64, Server 2003 x86/x64 (KB973540) Windows Media Player v10 is installed. AND Check for affected platforms with vulnerable file Check for Windows XP Microsoft Windows XP (32-bit) is installed AND file checks Wmp.dll version is less than 10.0.0.4074 AND Wmpdxm.dll version is less than 10.0.0.4074 OR Check for Windows XP x64, Windows Server 2003 x64 OS Check Microsoft Windows Server 2003 (x64) is installed AND Microsoft Windows XP x64 is installed AND file checks the version of Wwmp.dll is less than 10.0.0.4006 AND Wwmpdxm.dll version is less than 10.0.0.4006 OR Check for Windows Server 2003 x86 Microsoft Windows Server 2003 (32-bit) is installed AND file checks the version of Wmp.dll is less than 10.0.0.4006 AND Wmpdxm.dll version is less than 10.0.0.4006 OR Windows Media Player 11 on Windows XP x86/x64 (KB973540) OS Check Microsoft Windows XP (32-bit) is installed AND Microsoft Windows XP x64 is installed AND Windows Media Player v11 is installed. AND file checks Wmp.dll version is less than 11.0.5721.5268 AND Wmpdxm.dll version is less than 11.0.5721.5268 OR Windows Media Player 11 on Windows Vista 32-bit/64-bit RTM (KB973540) OS Check Microsoft Windows Vista (32-bit) is installed AND Microsoft Windows Vista x64 Edition is installed AND Windows Media Player v11 is installed. AND GDR/LDR version check the version of Wmp.dll is less than 11.0.6000.6352 AND Wmpdxm.dll version is less than 11.0.6000.6352 OR LDR version check the version of Spwmp.dll is greater than or equal 6.0.6000.20000 AND file checks the version of Wmp.dll is less than 11.0.6000.6511 AND Wmpdxm.dll version is less than 11.0.6000.6511 OR Windows Media Player 11 on Windows Vista 32/64-bit, Server 2008 32/64-bit (KB973540) OS Check Microsoft Windows Vista (32-bit) is installed AND Microsoft Windows Vista x64 Edition is installed AND Microsoft Windows Server 2008 (32-bit) is installed AND Microsoft Windows Server 2008 (64-bit) is installed AND Windows Media Player v11 is installed. AND GDR/LDR version check Wmp.dll version is less than 11.0.6001.7007 AND Wmpdxm.dll version is less than 11.0.6001.7007 OR LDR version check Spwmp.dll version is greater than or equal to 6.0.6001.22000 AND file checks Wmp.dll version is less than 11.0.6001.7114 AND Wmpdxm.dll version is less than 11.0.6001.7114 OR Windows Media Player 11 on Windows Vista 32/64-bit, Server 2008 32/64-bit (KB973540) OS Check Microsoft Windows Vista (32-bit) is installed AND Microsoft Windows Vista x64 Edition is installed AND Microsoft Windows Server 2008 (32-bit) is installed AND Microsoft Windows Server 2008 (64-bit) is installed AND Windows Media Player v11 is installed. AND GDR/LDR version check Wmp.dll version is less than 11.0.6002.18065 AND Wmpdxm.dll version is less than 11.0.6002.18065 OR LDR version check Spwmp.dll version is greater than or equal 6.0.6002.22000 AND file checks Wmp.dll version is less than 11.0.6002.22172 AND Wmpdxm.dll version is less than 11.0.6002.22172 OR Windows ATL Component on Windows 2000 Microsoft Windows 2000 is installed AND the version of atl.dll is less than 3.0.9794.0 OR Windows ATL Component on Windows XP, Server 2003, Vista, Server 2008 OS Check Microsoft Windows XP (32-bit) is installed AND Microsoft Windows Server 2003 (32-bit) is installed AND Microsoft Windows Server 2003 (x64) is installed AND Microsoft Windows Server 2003 (ia64) Gold is installed AND Microsoft Windows Vista (32-bit) is installed AND Microsoft Windows Vista x64 Edition is installed AND Microsoft Windows Server 2008 (32-bit) is installed AND Microsoft Windows Server 2008 (64-bit) is installed AND Microsoft Windows Server 2008 (ia-64) is installed AND Microsoft Windows XP x64 is installed AND the version of atl.dll is less than 3.5.2284.2 OR DHTML Editing Component ActiveX Control on Windows 2000 Microsoft Windows 2000 is installed AND the version of dhtmled.ocx is less than 6.1.0.9234 OR DHTML Editing Component ActiveX Control on Windows XP or Server 2003 x86 OS Check Microsoft Windows XP (32-bit) is installed AND Microsoft Windows Server 2003 (32-bit) is installed AND the version of dhtmled.ocx is less than 6.1.0.9247 OR DHTML Editing Component ActiveX Control on Windows XP or Server 2003 64-bit OS Check Microsoft Windows Server 2003 (x64) is installed AND Microsoft Windows Server 2003 (ia64) Gold is installed AND Microsoft Windows XP x64 is installed AND the version of wdhtmled.ocx is less than 6.1.0.9247 OR Microsoft MSWebDVD ActiveX Control on Windows XP x86 Microsoft Windows XP (32-bit) is installed AND Mswebdvd.dll version is less than 6.5.2600.3610 OR Microsoft MSWebDVD ActiveX Control on Windows XP x86 Microsoft Windows XP (32-bit) is installed AND Mswebdvd.dll version is less than 6.5.2600.5857 OR Microsoft MSWebDVD ActiveX Control on Windows XP x64, Server 2003 x86/x64 OS Check Microsoft Windows Server 2003 (32-bit) is installed AND Microsoft Windows Server 2003 (x64) is installed AND Microsoft Windows XP x64 is installed AND the version of Mswebdvd.dll is less than 6.5.3790.4565 OR Microsoft MSWebDVD ActiveX Control on Server 2003 ia64 Microsoft Windows Server 2003 (ia64) Gold is installed AND the version of Mswebdvd.dll is less than 6.5.3790.3386 OR Microsoft HtmlInput Object ActiveX Control in Windows Vista OS Check for windows Vista X86/x64 Microsoft Windows Vista (32-bit) is installed AND Microsoft Windows Vista x64 Edition is installed AND GRD/LDR version Check the version of Ehkeyctl.dll is less than 6.0.6000.16891 OR LDR version check the version of Ehkeyctl.dll is greater than or equal 6.0.6000.20000 AND the version of Ehkeyctl.dll is less than 6.0.6000.21090 OR Microsoft HtmlInput Object ActiveX Control in Windows Vista OS Check Microsoft Windows Vista (32-bit) is installed AND Microsoft Windows Vista x64 Edition is installed AND GDR/LDR version Check the version of Ehkeyctl.dll is less than 6.0.6001.18295 OR LDR version check the version of Ehkeyctl.dll is greater than or equal 6.0.6001.22000 AND the version of Ehkeyctl.dll is less than 6.0.6001.22476 OR Microsoft HtmlInput Object ActiveX Control in Windows Vista OS check Microsoft Windows Vista (32-bit) is installed AND Microsoft Windows Vista x64 Edition is installed AND GDR/LDR version check the version of Ehkeyctl.dll is less than 6.0.6002.18072 OR LDR version check the version of Ehkeyctl.dll is greater than or equal 6.0.6002.22000 AND the version of Ehkeyctl.dll is less than 6.0.6002.22181

CPE : Common Platform Enumeration

Type	Description	Count
Application	Adobe Acrobat cpe:2.3:a:adobe:acrobat:9.1.2:::::::* cpe:2.3:a:adobe:acrobat:9.1.1:::::::* cpe:2.3:a:adobe:acrobat:9.1.1:-:::::: cpe:2.3:a:adobe:acrobat:9.1:::::::* cpe:2.3:a:adobe:acrobat:9.1::standard::::: cpe:2.3:a:adobe:acrobat:9.1:-:pro:::::* cpe:2.3:a:adobe:acrobat:9.0.0:::::::* cpe:2.3:a:adobe:acrobat:9.0:::::::* cpe:2.3:a:adobe:acrobat:9.0::standard::::: cpe:2.3:a:adobe:acrobat:9.0::professional::::: cpe:2.3:a:adobe:acrobat:9.0:-:pro:::::* cpe:2.3:a:adobe:acrobat:9:::::::* cpe:2.3:a:adobe:acrobat:8.2.6:::::::* cpe:2.3:a:adobe:acrobat:8.2.5:::::::* cpe:2.3:a:adobe:acrobat:8.2.4:::::::* cpe:2.3:a:adobe:acrobat:8.2.3:::::::* cpe:2.3:a:adobe:acrobat:8.2.2:::::::* cpe:2.3:a:adobe:acrobat:8.2.1:::::::* cpe:2.3:a:adobe:acrobat:8.2:::::::* cpe:2.3:a:adobe:acrobat:8.1.7:::::::* cpe:2.3:a:adobe:acrobat:8.1.6:::::::* cpe:2.3:a:adobe:acrobat:8.1.5:::::::* cpe:2.3:a:adobe:acrobat:8.1.4:::::::* cpe:2.3:a:adobe:acrobat:8.1.4::standard::::: cpe:2.3:a:adobe:acrobat:8.1.4::professional::::: cpe:2.3:a:adobe:acrobat:8.1.3:::::::* cpe:2.3:a:adobe:acrobat:8.1.3::standard::::: cpe:2.3:a:adobe:acrobat:8.1.3::professional::::: cpe:2.3:a:adobe:acrobat:8.1.3:-:pro:::::* cpe:2.3:a:adobe:acrobat:8.1.2:::::::* cpe:2.3:a:adobe:acrobat:8.1.2::standard::::: cpe:2.3:a:adobe:acrobat:8.1.2::professional::::: cpe:2.3:a:adobe:acrobat:8.1.2:security_update:professional:::::* cpe:2.3:a:adobe:acrobat:8.1.2:unknown:3d:::::* cpe:2.3:a:adobe:acrobat:8.1.2:unknown:professional:::::* cpe:2.3:a:adobe:acrobat:8.1.2:unknown:standard:::::* cpe:2.3:a:adobe:acrobat:8.1.2:-:pro:::::* cpe:2.3:a:adobe:acrobat:8.1.1:::::::* cpe:2.3:a:adobe:acrobat:8.1.1::standard::::: cpe:2.3:a:adobe:acrobat:8.1.1::professional::::: cpe:2.3:a:adobe:acrobat:8.1.1:unknown:professional:::::* cpe:2.3:a:adobe:acrobat:8.1.1:unknown:standard:::::* cpe:2.3:a:adobe:acrobat:8.1.1:unknown:3d:::::* cpe:2.3:a:adobe:acrobat:8.1:::::::* cpe:2.3:a:adobe:acrobat:8.1::standard::::: cpe:2.3:a:adobe:acrobat:8.1::windows::::: cpe:2.3:a:adobe:acrobat:8.0:::::::* cpe:2.3:a:adobe:acrobat:8.0::professional::::: cpe:2.3:a:adobe:acrobat:8.0::standard::::: cpe:2.3:a:adobe:acrobat:8.0:-:pro:::::* cpe:2.3:a:adobe:acrobat:8:::::::* cpe:2.3:a:adobe:acrobat:7.1.4:::::::* cpe:2.3:a:adobe:acrobat:7.1.3:::::::* cpe:2.3:a:adobe:acrobat:7.1.2:::::::* cpe:2.3:a:adobe:acrobat:7.1.1:::::::* cpe:2.3:a:adobe:acrobat:7.1.1::standard::::: cpe:2.3:a:adobe:acrobat:7.1.0:::::::* cpe:2.3:a:adobe:acrobat:7.1::standard::::: cpe:2.3:a:adobe:acrobat:7.1:::::::* cpe:2.3:a:adobe:acrobat:7.1::professional::::: cpe:2.3:a:adobe:acrobat:7.0.9:::::::* cpe:2.3:a:adobe:acrobat:7.0.9::professional::::: cpe:2.3:a:adobe:acrobat:7.0.8:::::::* cpe:2.3:a:adobe:acrobat:7.0.8::elements::::: cpe:2.3:a:adobe:acrobat:7.0.8::standard::::: cpe:2.3:a:adobe:acrobat:7.0.8::professional::::: cpe:2.3:a:adobe:acrobat:7.0.7:::::::* cpe:2.3:a:adobe:acrobat:7.0.7::professional::::: cpe:2.3:a:adobe:acrobat:7.0.7::standard::::: cpe:2.3:a:adobe:acrobat:7.0.6:::::::* cpe:2.3:a:adobe:acrobat:7.0.6::professional::::: cpe:2.3:a:adobe:acrobat:7.0.6::standard::::: cpe:2.3:a:adobe:acrobat:7.0.5:::::::* cpe:2.3:a:adobe:acrobat:7.0.5::professional::::: cpe:2.3:a:adobe:acrobat:7.0.5::standard::::: cpe:2.3:a:adobe:acrobat:7.0.4:::::::* cpe:2.3:a:adobe:acrobat:7.0.4::professional::::: cpe:2.3:a:adobe:acrobat:7.0.4::standard::::: cpe:2.3:a:adobe:acrobat:7.0.3:::::::* cpe:2.3:a:adobe:acrobat:7.0.3::professional::::: cpe:2.3:a:adobe:acrobat:7.0.3::standard::::: cpe:2.3:a:adobe:acrobat:7.0.2:::::::* cpe:2.3:a:adobe:acrobat:7.0.2::professional::::: cpe:2.3:a:adobe:acrobat:7.0.2::standard::::: cpe:2.3:a:adobe:acrobat:7.0.1:::::::* cpe:2.3:a:adobe:acrobat:7.0.1::professional::::: cpe:2.3:a:adobe:acrobat:7.0.1::standard::::: cpe:2.3:a:adobe:acrobat:7.0:::::::* cpe:2.3:a:adobe:acrobat:7.0::standard::::: cpe:2.3:a:adobe:acrobat:7.0::professional::::: cpe:2.3:a:adobe:acrobat:7.0:-:pro:::::* cpe:2.3:a:adobe:acrobat:7:::::::* cpe:2.3:a:adobe:acrobat:6.0.6:::::::* cpe:2.3:a:adobe:acrobat:6.0.5:::::::* cpe:2.3:a:adobe:acrobat:6.0.4:::::::* cpe:2.3:a:adobe:acrobat:6.0.4::mac_os_x::::: cpe:2.3:a:adobe:acrobat:6.0.3:::::::* cpe:2.3:a:adobe:acrobat:6.0.3::mac_os_x::::: cpe:2.3:a:adobe:acrobat:6.0.2:::::::* cpe:2.3:a:adobe:acrobat:6.0.2::mac_os_x::::: cpe:2.3:a:adobe:acrobat:6.0.1:::::::* cpe:2.3:a:adobe:acrobat:6.0.1::mac_os_x::::: cpe:2.3:a:adobe:acrobat:6.0:::::::* cpe:2.3:a:adobe:acrobat:6.0::mac_os_x::::: cpe:2.3:a:adobe:acrobat:5.0.6:::::::* cpe:2.3:a:adobe:acrobat:5.0.5:::::::* cpe:2.3:a:adobe:acrobat:5.0.5::mac_os_x::::: cpe:2.3:a:adobe:acrobat:5.0.10:::::::* cpe:2.3:a:adobe:acrobat:5.0.10::mac_os_x::::: cpe:2.3:a:adobe:acrobat:5.0:::::::* cpe:2.3:a:adobe:acrobat:5.0::mac_os_x::::: cpe:2.3:a:adobe:acrobat:4.0.5c:::::::* cpe:2.3:a:adobe:acrobat:4.0.5c::mac_os_x::::: cpe:2.3:a:adobe:acrobat:4.0.5a:::::::* cpe:2.3:a:adobe:acrobat:4.0.5a::mac_os_x::::: cpe:2.3:a:adobe:acrobat:4.0.5:::::::* cpe:2.3:a:adobe:acrobat:4.0.5::mac_os_x::::: cpe:2.3:a:adobe:acrobat:4.0:::::::* cpe:2.3:a:adobe:acrobat:4.0::mac_os_x::::: cpe:2.3:a:adobe:acrobat:3.1:::::::* cpe:2.3:a:adobe:acrobat:3.1::mac_os_x::::: cpe:2.3:a:adobe:acrobat:3.0:::::::* cpe:2.3:a:adobe:acrobat:3.0::mac_os_x::::: cpe:2.3:a:adobe:acrobat:::::::: cpe:2.3:a:adobe:acrobat:::::classic:::* cpe:2.3:a:adobe:acrobat:-:::::edge::	126
Application	Adobe Acrobat Reader cpe:2.3:a:adobe:acrobat_reader:9.1.2:::::::* cpe:2.3:a:adobe:acrobat_reader:9.1.1:::::::* cpe:2.3:a:adobe:acrobat_reader:9.1:::::::* cpe:2.3:a:adobe:acrobat_reader:9.0:::::::* cpe:2.3:a:adobe:acrobat_reader:9:::::::* cpe:2.3:a:adobe:acrobat_reader:8.3:::::::* cpe:2.3:a:adobe:acrobat_reader:8.2.6:::::::* cpe:2.3:a:adobe:acrobat_reader:8.2.4:::::::* cpe:2.3:a:adobe:acrobat_reader:8.2.3:::::::* cpe:2.3:a:adobe:acrobat_reader:8.2.2:::::::* cpe:2.3:a:adobe:acrobat_reader:8.2.1:::::::* cpe:2.3:a:adobe:acrobat_reader:8.2:::::::* cpe:2.3:a:adobe:acrobat_reader:8.1.7:::::::* cpe:2.3:a:adobe:acrobat_reader:8.1.6:::::::* cpe:2.3:a:adobe:acrobat_reader:8.1.5:::::::* cpe:2.3:a:adobe:acrobat_reader:8.1.4:::::::* cpe:2.3:a:adobe:acrobat_reader:8.1.3:::::::* cpe:2.3:a:adobe:acrobat_reader:8.1.2:::::::* cpe:2.3:a:adobe:acrobat_reader:8.1.2:security_update:::::: cpe:2.3:a:adobe:acrobat_reader:8.1.1:::::::* cpe:2.3:a:adobe:acrobat_reader:8.1:::::::* cpe:2.3:a:adobe:acrobat_reader:8.1::windows::::: cpe:2.3:a:adobe:acrobat_reader:8.0:::::::* cpe:2.3:a:adobe:acrobat_reader:7.1.4:::::::* cpe:2.3:a:adobe:acrobat_reader:7.1.3:::::::* cpe:2.3:a:adobe:acrobat_reader:7.1.2:::::::* cpe:2.3:a:adobe:acrobat_reader:7.1.1:::::::* cpe:2.3:a:adobe:acrobat_reader:7.1.0:::::::* cpe:2.3:a:adobe:acrobat_reader:7.1:::::::* cpe:2.3:a:adobe:acrobat_reader:7.0.9:::::::* cpe:2.3:a:adobe:acrobat_reader:7.0.8:::::::* cpe:2.3:a:adobe:acrobat_reader:7.0.7:::::::* cpe:2.3:a:adobe:acrobat_reader:7.0.6:::::::* cpe:2.3:a:adobe:acrobat_reader:7.0.5:::::::* cpe:2.3:a:adobe:acrobat_reader:7.0.4:::::::* cpe:2.3:a:adobe:acrobat_reader:7.0.3:::::::* cpe:2.3:a:adobe:acrobat_reader:7.0.2:::::::* cpe:2.3:a:adobe:acrobat_reader:7.0.1:::::::* cpe:2.3:a:adobe:acrobat_reader:7.0:::::::* cpe:2.3:a:adobe:acrobat_reader:6.0.6:::::::* cpe:2.3:a:adobe:acrobat_reader:6.0.5:::::::* cpe:2.3:a:adobe:acrobat_reader:6.0.4:::::::* cpe:2.3:a:adobe:acrobat_reader:6.0.4::for_mac_os_x::::: cpe:2.3:a:adobe:acrobat_reader:6.0.3:::::::* cpe:2.3:a:adobe:acrobat_reader:6.0.3::for_mac_os_x::::: cpe:2.3:a:adobe:acrobat_reader:6.0.2:::::::* cpe:2.3:a:adobe:acrobat_reader:6.0.2::for_mac_os_x::::: cpe:2.3:a:adobe:acrobat_reader:6.0.1:::::::* cpe:2.3:a:adobe:acrobat_reader:6.0.1::for_mac_os_x::::: cpe:2.3:a:adobe:acrobat_reader:6.0:::::::* cpe:2.3:a:adobe:acrobat_reader:6.0::reader_extensions::::: cpe:2.3:a:adobe:acrobat_reader:6.0::for_mac_os_x::::: cpe:2.3:a:adobe:acrobat_reader:5.1:::::::* cpe:2.3:a:adobe:acrobat_reader:5.1::for_mac_os_x::::: cpe:2.3:a:adobe:acrobat_reader:5.0.9:::::::* cpe:2.3:a:adobe:acrobat_reader:5.0.9::unix::::: cpe:2.3:a:adobe:acrobat_reader:5.0.7:::::::* cpe:2.3:a:adobe:acrobat_reader:5.0.6:::::::* cpe:2.3:a:adobe:acrobat_reader:5.0.5:::::::* cpe:2.3:a:adobe:acrobat_reader:5.0.5::for_mac_os_x::::: cpe:2.3:a:adobe:acrobat_reader:5.0.11:::::::* cpe:2.3:a:adobe:acrobat_reader:5.0.10:::::::* cpe:2.3:a:adobe:acrobat_reader:5.0.10::mac_os_x::::: cpe:2.3:a:adobe:acrobat_reader:5.0:::::::* cpe:2.3:a:adobe:acrobat_reader:5.0::for_mac_os_x::::: cpe:2.3:a:adobe:acrobat_reader:4.5:::::::* cpe:2.3:a:adobe:acrobat_reader:4.0.5c:::::::* cpe:2.3:a:adobe:acrobat_reader:4.0.5c::mac_os_x::::: cpe:2.3:a:adobe:acrobat_reader:4.0.5a:::::::* cpe:2.3:a:adobe:acrobat_reader:4.0.5a::mac_os_x::::: cpe:2.3:a:adobe:acrobat_reader:4.0.5:::::::* cpe:2.3:a:adobe:acrobat_reader:4.0.5::mac_os_x::::: cpe:2.3:a:adobe:acrobat_reader:4.0:::::::* cpe:2.3:a:adobe:acrobat_reader:4.0::for_mac_os_x::::: cpe:2.3:a:adobe:acrobat_reader:3.02:::::::* cpe:2.3:a:adobe:acrobat_reader:3.01:::::::* cpe:2.3:a:adobe:acrobat_reader:3.0:::::::* cpe:2.3:a:adobe:acrobat_reader:3.0::mac_os_x::::: cpe:2.3:a:adobe:acrobat_reader:::::::: cpe:2.3:a:adobe:acrobat_reader:::::classic:::* cpe:2.3:a:adobe:acrobat_reader::::::android::* cpe:2.3:a:adobe:acrobat_reader:-:::::::*	82
Application	Adobe Air cpe:2.3:a:adobe:air:1.5.1:::::::* cpe:2.3:a:adobe:air:1.5:::::::* cpe:2.3:a:adobe:air:1.1:::::::* cpe:2.3:a:adobe:air:1.01:::::::* cpe:2.3:a:adobe:air:1.0:::::::* cpe:2.3:a:adobe:air::::::::	6
Application	Adobe Flash Player cpe:2.3:a:adobe:flash_player:10.0.22.87:::::::* cpe:2.3:a:adobe:flash_player:10.0.2.54:::::::* cpe:2.3:a:adobe:flash_player:10.0.15.3:::::::* cpe:2.3:a:adobe:flash_player:10.0.12.36:::::::* cpe:2.3:a:adobe:flash_player:10.0.12.10:::::::* cpe:2.3:a:adobe:flash_player:10.0.0.584:::::::* cpe:2.3:a:adobe:flash_player:10:::::::* cpe:2.3:a:adobe:flash_player:9.125.0:::::::* cpe:2.3:a:adobe:flash_player:9.0.9.0:::::::* cpe:2.3:a:adobe:flash_player:9.0.8.0:::::::* cpe:2.3:a:adobe:flash_player:9.0.48.0:::::::* cpe:2.3:a:adobe:flash_player:9.0.47.0:::::::* cpe:2.3:a:adobe:flash_player:9.0.45.0:::::::* cpe:2.3:a:adobe:flash_player:9.0.31.0:::::::* cpe:2.3:a:adobe:flash_player:9.0.31:::::::* cpe:2.3:a:adobe:flash_player:9.0.283.0:::::::* cpe:2.3:a:adobe:flash_player:9.0.280:::::::* cpe:2.3:a:adobe:flash_player:9.0.28.0:::::::* cpe:2.3:a:adobe:flash_player:9.0.28.0::mac_os_x::::: cpe:2.3:a:adobe:flash_player:9.0.28:::::::* cpe:2.3:a:adobe:flash_player:9.0.277.0:::::::* cpe:2.3:a:adobe:flash_player:9.0.262.0:::::::* cpe:2.3:a:adobe:flash_player:9.0.260.0:::::::* cpe:2.3:a:adobe:flash_player:9.0.246.0:::::::* cpe:2.3:a:adobe:flash_player:9.0.20.0:::::::* cpe:2.3:a:adobe:flash_player:9.0.20:::::::* cpe:2.3:a:adobe:flash_player:9.0.18d60:::::::* cpe:2.3:a:adobe:flash_player:9.0.16.0:::::::* cpe:2.3:a:adobe:flash_player:9.0.16:::::::* cpe:2.3:a:adobe:flash_player:9.0.16::windows::::: cpe:2.3:a:adobe:flash_player:9.0.159.0:::::::* cpe:2.3:a:adobe:flash_player:9.0.155.0:::::::* cpe:2.3:a:adobe:flash_player:9.0.152.0:::::::* cpe:2.3:a:adobe:flash_player:9.0.151.0:::::::* cpe:2.3:a:adobe:flash_player:9.0.125.0:::::::* cpe:2.3:a:adobe:flash_player:9.0.124.0:::::::* cpe:2.3:a:adobe:flash_player:9.0.115.0:::::::* cpe:2.3:a:adobe:flash_player:9.0.114.0:::::::* cpe:2.3:a:adobe:flash_player:9.0.112.0:::::::* cpe:2.3:a:adobe:flash_player:9.0:::::::* cpe:2.3:a:adobe:flash_player:8.0.42.0:::::::* cpe:2.3:a:adobe:flash_player:8.0.39.0:::::::* cpe:2.3:a:adobe:flash_player:8.0.35.0:::::::* cpe:2.3:a:adobe:flash_player:8.0.34.0:::::::* cpe:2.3:a:adobe:flash_player:8.0.33.0:::::::* cpe:2.3:a:adobe:flash_player:8.0.24.0:::::::* cpe:2.3:a:adobe:flash_player:8.0.22.0:::::::* cpe:2.3:a:adobe:flash_player:8.0:::::::* cpe:2.3:a:adobe:flash_player:8.0::pro::::: cpe:2.3:a:adobe:flash_player:8.0::basic::::: cpe:2.3:a:adobe:flash_player:8::professional::::: cpe:2.3:a:adobe:flash_player:8::pro::::: cpe:2.3:a:adobe:flash_player:7.2:::::::* cpe:2.3:a:adobe:flash_player:7.1.1:::::::* cpe:2.3:a:adobe:flash_player:7.1:::::::* cpe:2.3:a:adobe:flash_player:7.0.73.0:::::::* cpe:2.3:a:adobe:flash_player:7.0.70.0:::::::* cpe:2.3:a:adobe:flash_player:7.0.69.0:::::::* cpe:2.3:a:adobe:flash_player:7.0.68.0:::::::* cpe:2.3:a:adobe:flash_player:7.0.67.0:::::::* cpe:2.3:a:adobe:flash_player:7.0.66.0:::::::* cpe:2.3:a:adobe:flash_player:7.0.63:::::::* cpe:2.3:a:adobe:flash_player:7.0.63::linux::::: cpe:2.3:a:adobe:flash_player:7.0.61.0:::::::* cpe:2.3:a:adobe:flash_player:7.0.60.0:::::::* cpe:2.3:a:adobe:flash_player:7.0.53.0:::::::* cpe:2.3:a:adobe:flash_player:7.0.25:::::::* cpe:2.3:a:adobe:flash_player:7.0.24.0:::::::* cpe:2.3:a:adobe:flash_player:7.0.19.0:::::::* cpe:2.3:a:adobe:flash_player:7.0.14.0:::::::* cpe:2.3:a:adobe:flash_player:7.0.1:::::::* cpe:2.3:a:adobe:flash_player:7.0_r67::solaris::::: cpe:2.3:a:adobe:flash_player:7.0_r67:::::::* cpe:2.3:a:adobe:flash_player:7.0:::::::* cpe:2.3:a:adobe:flash_player:6.0.79:::::::* cpe:2.3:a:adobe:flash_player:6.0.21.0:::::::* cpe:2.3:a:adobe:flash_player:6:::::::* cpe:2.3:a:adobe:flash_player:5:::::::* cpe:2.3:a:adobe:flash_player:4:::::::* cpe:2.3:a:adobe:flash_player:3:::::::* cpe:2.3:a:adobe:flash_player:2:::::::* cpe:2.3:a:adobe:flash_player:mx_2004:::::::* cpe:2.3:a:adobe:flash_player:cs4::pro::::: cpe:2.3:a:adobe:flash_player:cs3::pro::::: cpe:2.3:a:adobe:flash_player:cs3::professional::::: cpe:2.3:a:adobe:flash_player:::::::: cpe:2.3:a:adobe:flash_player:::basic:::::* cpe:2.3:a:adobe:flash_player:::pro:::::* cpe:2.3:a:adobe:flash_player::::::edge::* cpe:2.3:a:adobe:flash_player::::::internet_explorer_11::* cpe:2.3:a:adobe:flash_player::::::chrome::* cpe:2.3:a:adobe:flash_player:-:::::::*	92
Application	Adobe Flex cpe:2.3:a:adobe:flex:3.0:::::::*	1
Application	Microsoft Visual C++ cpe:2.3:a:microsoft:visual_c++:2008:redistribution_pkg:::::: cpe:2.3:a:microsoft:visual_c++:2008:sp1_redistribution_pkg:::::: cpe:2.3:a:microsoft:visual_c++:2008:::::::* cpe:2.3:a:microsoft:visual_c++:2008:sp1:::::: cpe:2.3:a:microsoft:visual_c++:2005:sp1_redistribution_pkg:::::: cpe:2.3:a:microsoft:visual_c++:2005:sp1::::::	6
Application	Microsoft Visual Studio cpe:2.3:a:microsoft:visual_studio:2008:sp1:::::: cpe:2.3:a:microsoft:visual_studio:2008:::::::* cpe:2.3:a:microsoft:visual_studio:2005:sp1:64_bit_hosted_visual_c++_tools:::::* cpe:2.3:a:microsoft:visual_studio:2005:sp1:::::: cpe:2.3:a:microsoft:visual_studio:2003:sp1::::::	5
Application	Microsoft Visual Studio .Net cpe:2.3:a:microsoft:visual_studio_.net:2003:sp1::::::	1
Os	Microsoft Windows 2000 cpe:2.3:o:microsoft:windows_2000::sp4::::::*	1
Os	Microsoft Windows 2003 Server cpe:2.3:o:microsoft:windows_2003_server::sp2::::::*	1
Os	Microsoft Windows Server 2008 cpe:2.3:o:microsoft:windows_server_2008::sp2::::::* cpe:2.3:o:microsoft:windows_server_2008:-:::::::*	2
Os	Microsoft Windows Vista cpe:2.3:o:microsoft:windows_vista::sp1::::::* cpe:2.3:o:microsoft:windows_vista::sp2::::::* cpe:2.3:o:microsoft:windows_vista:-:::::::*	3
Os	Microsoft Windows Xp cpe:2.3:o:microsoft:windows_xp::sp3::::::* cpe:2.3:o:microsoft:windows_xp::sp2::::::*	2

SAINT Exploits

Description	Link
Adobe Flash Player authplay.dll vulnerability	More info here
Visual Studio Active Template Library uninitialized object	More info here

OpenVAS Exploits

Date	Description
2010-05-12	Name : Mac OS X Security Update 2009-005 File : nvt/macosx_secupd_2009-005.nasl
2010-05-12	Name : Mac OS X 10.6.1 Update File : nvt/macosx_upd_10_6_1.nasl
2010-03-16	Name : FreeBSD Ports: openoffice.org File : nvt/freebsd_openoffice.org.nasl
2009-12-04	Name : MS Internet Explorer 'Style' Object Remote Code Execution Vulnerability File : nvt/gb_ms_ie_style_object_remote_code_exec_vuln.nasl
2009-11-11	Name : SLES11: Security update for IBM Java 1.6.0 File : nvt/sles11_java-1_6_0-ibm1.nasl
2009-10-14	Name : Microsoft Windows ATL COM Initialization Code Execution Vulnerability (973525) File : nvt/secpod_ms09-055.nasl
2009-10-14	Name : MS ATL ActiveX Controls for MS Office Could Allow Remote Code Execution (973965) File : nvt/secpod_ms09-060.nasl
2009-08-17	Name : RedHat Security Advisory RHSA-2009:1188 File : nvt/RHSA_2009_1188.nasl
2009-08-17	Name : RedHat Security Advisory RHSA-2009:1189 File : nvt/RHSA_2009_1189.nasl
2009-08-17	Name : Gentoo Security Advisory GLSA 200908-04 (adobe-flash acroread) File : nvt/glsa_200908_04.nasl
2009-08-14	Name : Vulnerabilities in Microsoft ATL Could Allow Remote Code Execution (973908) File : nvt/secpod_ms09-037.nasl
2009-08-06	Name : Adobe Flash Player/Air Multiple DoS Vulnerabilities - Aug09 (Linux) File : nvt/gb_adobe_prdts_mult_dos_vuln_aug09_lin.nasl
2009-08-06	Name : Adobe Flash Player/Air Multiple DoS Vulnerabilities - Aug09 (Win) File : nvt/gb_adobe_prdts_mult_dos_vuln_aug09_win.nasl
2009-08-03	Name : Microsoft Visual Studio ATL Remote Code Execution Vulnerability (969706) File : nvt/secpod_ms09-035.nasl
2009-07-29	Name : Adobe Products '.pdf' and '.swf' Code Execution Vulnerability - July09 (Linux) File : nvt/secpod_adobe_prdts_code_exec_vuln_jul09_lin.nasl
2009-07-29	Name : Adobe Products '.pdf' and '.swf' Code Execution Vulnerability - July09 (Win) File : nvt/secpod_adobe_prdts_code_exec_vuln_jul09_win.nasl

Open Source Vulnerability Database (OSVDB)

Id	Description
56778	Adobe Multiple Products SWF File Saving Unspecified Information Disclosure
56777	Adobe Multiple Products AVM2 intf_count Integer Overflow
56776	Adobe Multiple Products URL Parsing Heap-based Overflow
56775	Adobe Multiple Products Unspecified Clickjacking
56774	Adobe Multiple Products Unspecified Stack-based Overflow
56773	Adobe Multiple Products Unspecified Null Pointer Arbitrary Code Execution
56772	Adobe Multiple Products Shockwave Flash Processing Object Re-use Arbitrary Co...
56771	Adobe Flash Player on Mac OS X Unspecified Local Privilege Escalation
56699	Microsoft Visual Studio Active Template Library (ATL) String Manipulation Arb...
56698	Microsoft Visual Studio Active Template Library (ATL) Data Stream Object Inst...
56696	Microsoft Visual Studio Active Template Library (ATL) Headers VariantClear Co...
56282	Adobe Multiple Products Flash Handling Unspecified Arbitrary Code Execution

Information Assurance Vulnerability Management (IAVM)

Date	Description
2009-10-15	IAVM : 2009-A-0097 - Multiple Vulnerabilities in Microsoft Active Template Library Severity : Category II - VMSKEY : V0021756
2009-08-13	IAVM : 2009-A-0067 - Multiple Vulnerabilities in Microsoft Active Template Library Severity : Category II - VMSKEY : V0019882
2009-07-30	IAVM : 2009-B-0033 - Multiple Vulnerabilities in Visual Studio Active Template Library Severity : Category II - VMSKEY : V0019798

Snort® IPS/IDS

Date	Description
2014-01-10	Adobe Flash Player remote code execution attempt RuleID : 28661 - Revision : 5 - Type : FILE-FLASH
2014-01-10	Adobe Flash Player remote code execution attempt RuleID : 28660 - Revision : 5 - Type : FILE-FLASH
2014-01-10	attempted download of a PDF with embedded Flash over pop3 RuleID : 19280 - Revision : 4 - Type : FILE-PDF
2014-01-10	attempted download of a PDF with embedded Flash over pop3 RuleID : 19279 - Revision : 4 - Type : FILE-PDF
2014-01-10	attempted download of a PDF with embedded Flash over pop3 RuleID : 19278 - Revision : 4 - Type : FILE-PDF
2014-01-10	attempted download of a PDF with embedded Flash over pop3 RuleID : 19277 - Revision : 4 - Type : FILE-PDF
2014-01-10	attempted download of a PDF with embedded Flash over pop3 RuleID : 19276 - Revision : 4 - Type : FILE-PDF
2014-01-10	attempted download of a PDF with embedded Flash over pop3 RuleID : 19275 - Revision : 4 - Type : FILE-PDF
2014-01-10	attempted download of a PDF with embedded Flash over smtp RuleID : 19274 - Revision : 4 - Type : FILE-PDF
2014-01-10	attempted download of a PDF with embedded Flash over smtp RuleID : 19273 - Revision : 4 - Type : FILE-PDF
2014-01-10	attempted download of a PDF with embedded Flash over smtp RuleID : 19272 - Revision : 4 - Type : FILE-PDF
2014-01-10	attempted download of a PDF with embedded Flash over smtp RuleID : 19271 - Revision : 4 - Type : FILE-PDF
2014-01-10	attempted download of a PDF with embedded Flash over smtp RuleID : 19270 - Revision : 4 - Type : FILE-PDF
2014-01-10	attempted download of a PDF with embedded Flash RuleID : 19269 - Revision : 14 - Type : FILE-PDF
2014-01-10	attempted download of a PDF with embedded Flash RuleID : 19268 - Revision : 14 - Type : FILE-PDF
2014-01-10	Microsoft Excel Add-in for SQL Analysis Services 4 ActiveX clsid unicode access RuleID : 16166 - Revision : 6 - Type : WEB-ACTIVEX
2014-01-10	Microsoft Office Excel Add-in for SQL Analysis Services 4 ActiveX clsid access RuleID : 16165 - Revision : 13 - Type : BROWSER-PLUGINS
2014-01-10	Microsoft Excel Add-in for SQL Analysis Services 3 ActiveX clsid unicode access RuleID : 16164 - Revision : 6 - Type : WEB-ACTIVEX
2014-01-10	Microsoft Office Excel Add-in for SQL Analysis Services 3 ActiveX clsid access RuleID : 16163 - Revision : 13 - Type : BROWSER-PLUGINS
2014-01-10	Microsoft Excel Add-in for SQL Analysis Services 2 ActiveX clsid unicode access RuleID : 16162 - Revision : 6 - Type : WEB-ACTIVEX
2014-01-10	Microsoft Office Excel Add-in for SQL Analysis Services 2 ActiveX clsid access RuleID : 16161 - Revision : 13 - Type : BROWSER-PLUGINS
2014-01-10	Microsoft Excel Add-in for SQL Analysis Services 1 ActiveX clsid unicode access RuleID : 16160 - Revision : 6 - Type : WEB-ACTIVEX
2014-01-10	Microsoft Office Excel Add-in for SQL Analysis Services 1 ActiveX clsid access RuleID : 16159 - Revision : 13 - Type : BROWSER-PLUGINS
2014-01-10	Adobe Flash Player ActionScript intrf_count integer overflow attempt RuleID : 15993 - Revision : 16 - Type : FILE-FLASH
2014-01-10	Microsoft Video 6 ActiveX function call unicode access RuleID : 15905 - Revision : 6 - Type : WEB-ACTIVEX
2014-01-10	Microsoft Video 6 ActiveX function call access RuleID : 15904 - Revision : 6 - Type : WEB-ACTIVEX
2014-01-10	Possible Adobe Flash Player ActionScript byte_array heap spray attempt RuleID : 15729 - Revision : 14 - Type : FILE-FLASH
2014-01-10	Possible Adobe Acrobat Reader ActionScript byte_array heap spray attempt RuleID : 15728 - Revision : 15 - Type : FILE-PDF
2014-01-10	attempted download of a PDF with embedded Flash RuleID : 15727 - Revision : 27 - Type : FILE-PDF
2014-01-10	Microsoft Video 6 ActiveX function call RuleID : 15671 - Revision : 15 - Type : BROWSER-PLUGINS
2014-01-10	Microsoft Video 6 ActiveX clsid access RuleID : 15670 - Revision : 18 - Type : BROWSER-PLUGINS
2014-01-10	Microsoft Video 32 ActiveX clsid unicode access RuleID : 15639 - Revision : 10 - Type : WEB-ACTIVEX
2014-01-10	Microsoft Video 32 ActiveX clsid access RuleID : 15638 - Revision : 18 - Type : BROWSER-PLUGINS

Nessus® Vulnerability Scanner

Date	Description
2013-01-24	Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2009-1189.nasl - Type : ACT_GATHER_INFO
2013-01-24	Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2009-1188.nasl - Type : ACT_GATHER_INFO
2011-01-27	Name : The remote SuSE 10 host is missing a security-related patch. File : suse_flash-player-6386.nasl - Type : ACT_GATHER_INFO
2010-10-11	Name : The remote SuSE 10 host is missing a security-related patch. File : suse_java-1_5_0-ibm-6741.nasl - Type : ACT_GATHER_INFO
2010-03-01	Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_c97d7a37223311df96dd001b2134ef46.nasl - Type : ACT_GATHER_INFO
2010-02-12	Name : The remote Windows host has a program affected by multiple buffer overflows. File : openoffice_32.nasl - Type : ACT_GATHER_INFO
2010-01-08	Name : The remote SuSE 10 host is missing a security-related patch. File : suse_java-1_5_0-ibm-6740.nasl - Type : ACT_GATHER_INFO
2009-12-27	Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12564.nasl - Type : ACT_GATHER_INFO
2009-12-08	Name : Arbitrary code can be executed on the remote host through a web browser. File : smb_nt_ms09-072.nasl - Type : ACT_GATHER_INFO
2009-11-05	Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_java-1_6_0-ibm-091102.nasl - Type : ACT_GATHER_INFO
2009-10-14	Name : Arbitrary code can be executed on the remote host through Microsoft Office Ac... File : smb_nt_ms09-060.nasl - Type : ACT_GATHER_INFO
2009-10-13	Name : The remote Windows host has multiple ActiveX controls that are affected by mu... File : smb_nt_ms09-055.nasl - Type : ACT_GATHER_INFO
2009-10-06	Name : The remote openSUSE host is missing a security update. File : suse_flash-player-6387.nasl - Type : ACT_GATHER_INFO
2009-09-24	Name : The remote SuSE 11 host is missing a security update. File : suse_11_flash-player-090731.nasl - Type : ACT_GATHER_INFO
2009-09-11	Name : The remote host is missing a Mac OS X update that fixes various security issues. File : macosx_10_6_1.nasl - Type : ACT_GATHER_INFO
2009-09-11	Name : The remote host is missing a Mac OS X update that fixes various security issues. File : macosx_SecUpd2009-005.nasl - Type : ACT_GATHER_INFO
2009-08-28	Name : The version of Adobe Acrobat on the remote Windows host is affected by a memo... File : adobe_acrobat_913.nasl - Type : ACT_GATHER_INFO
2009-08-11	Name : Arbitrary code can be executed on the remote host through Microsoft Active Te... File : smb_nt_ms09-037.nasl - Type : ACT_GATHER_INFO
2009-08-10	Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200908-04.nasl - Type : ACT_GATHER_INFO
2009-08-05	Name : The remote openSUSE host is missing a security update. File : suse_11_0_flash-player-090731.nasl - Type : ACT_GATHER_INFO
2009-08-05	Name : The remote openSUSE host is missing a security update. File : suse_11_1_flash-player-090731.nasl - Type : ACT_GATHER_INFO
2009-08-05	Name : The PDF file viewer on the remote Windows host is affected by a memory corrup... File : adobe_reader_913.nasl - Type : ACT_GATHER_INFO
2009-07-31	Name : The remote Windows host contains a version of Adobe AIR that is affected by m... File : adobe_air_apsb09-10.nasl - Type : ACT_GATHER_INFO
2009-07-30	Name : Arbitrary code can be executed on the remote host through Microsoft Active Te... File : smb_nt_ms09-035.nasl - Type : ACT_GATHER_INFO
2009-07-30	Name : The remote Windows host contains a browser plugin that is affected by multipl... File : flash_player_apsb09_10.nasl - Type : ACT_GATHER_INFO
2009-07-29	Name : The remote Windows host contains an Internet Explorer plugin which uses a vul... File : shockwave_player_apsb09_11.nasl - Type : ACT_GATHER_INFO

Global Informations

Type	Count
CWE ID(s)	11
Oval ID(s)	30
CPE ID(s)	328
Saint Exploit(s)	2
osvdb(s)	12
Openvas Exploit(s)	16
IAVM(s)	3
Snort® Rule(s)	33
Nessus® Exploit(s)	26

	Related
9.3	CVE-2009-2493
9.3	CVE-2009-1869
9.3	CVE-2009-1868
9.3	CVE-2009-1866
9.3	CVE-2009-1865
9.3	CVE-2009-1864
9.3	CVE-2009-1863
9.3	CVE-2009-0901
7.8	CVE-2009-2495
7.8	CVE-2009-1862
4.9	CVE-2009-1870
4.3	CVE-2009-1867
Info : listing not affected by your CVSS Env Score

Same Subject	Severity
Login to view 12 more Alert(s)