Executive Summary



This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Summary
Title Microsoft Updates for Multiple Vulnerabilities
Informations
Name TA10-285A First vendor Publication 2010-10-12
Vendor US-CERT Last vendor Modification 2010-10-12
Severity (Vendor) N/A Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C)
Cvss Base Score 9.3 Attack Range Network
Cvss Impact Score 10 Attack Complexity Medium
Cvss Expoit Score 8.6 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

There are multiple vulnerabilities in Microsoft Windows, Microsoft Office, and Internet Explorer. Microsoft has released updates to address these vulnerabilities.

I. Description

The Microsoft Security Bulletin Summary for October 2010 describes multiple vulnerabilities in Microsoft Windows, Microsoft Office, and Internet Explorer. Microsoft has released updates to address the vulnerabilities.

II. Impact

A remote, unauthenticated attacker could execute arbitrary code or cause a vulnerable system or application to crash.

III. Solution

Apply updates

Microsoft has provided updates for these vulnerabilities in the Microsoft Security Bulletin Summary for October 2010. That bulletin describes any known issues related to the updates. Administrators are encouraged to note these issues and test for any potentially adverse effects. In addition, administrators should consider using an automated update distribution system such as Windows Server Update Services (WSUS).

Original Source

Url : http://www.us-cert.gov/cas/techalerts/TA10-285A.html

CWE : Common Weakness Enumeration

% Id Name
34 % CWE-94 Failure to Control Generation of Code ('Code Injection')
30 % CWE-20 Improper Input Validation
9 % CWE-399 Resource Management Errors
7 % CWE-264 Permissions, Privileges, and Access Controls
7 % CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
5 % CWE-200 Information Exposure
5 % CWE-189 Numeric Errors (CWE/SANS Top 25)
5 % CWE-79 Failure to Preserve Web Page Structure ('Cross-site Scripting') (CWE/SANS Top 25)

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:12085
 
Oval ID: oval:org.mitre.oval:def:12085
Title: Win32k Window Class Vulnerability
Description: The kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 do not properly manage a window class, which allows local users to gain privileges by creating a window, then using (1) the SetWindowLongPtr function to modify the popup menu structure, or (2) the SwitchWndProc function with a switch window information pointer, which is not re-initialized when a WM_NCCREATE message is processed, aka "Win32k Window Class Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2010-2744
Version: 10
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows 7
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:12215
 
Oval ID: oval:org.mitre.oval:def:12215
Title: Win32k Reference Count Vulnerability
Description: Use-after-free vulnerability in the kernel-mode drivers in Microsoft Windows Vista SP1 and SP2 and Server 2008 Gold and SP2 allows local users to gain privileges or cause a denial of service (system crash) by using a large number of calls to the NtUserCheckAccessForIntegrityLevel function to trigger a failure in the LockProcessByClientId function, leading to deletion of an in-use process object, aka "Win32k Reference Count Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2010-2549
Version: 7
Platform(s): Microsoft Windows Vista
Microsoft Windows Server 2008
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6653
 
Oval ID: oval:org.mitre.oval:def:6653
Title: Windows Media Player Memory Corruption Vulnerability
Description: Microsoft Windows Media Player (WMP) 9 through 12 does not properly deallocate objects during a browser reload action, which allows user-assisted remote attackers to execute arbitrary code via crafted media content referenced in an HTML document, aka "Windows Media Player Memory Corruption Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2010-2745
Version: 13
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows 7
Product(s): Windows Media Player
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6684
 
Oval ID: oval:org.mitre.oval:def:6684
Title: RTSP Use After Free Vulnerability
Description: Use-after-free vulnerability in the Media Player Network Sharing Service in Microsoft Windows Vista SP1 and SP2 and Windows 7 allows remote attackers to execute arbitrary code via a crafted Real Time Streaming Protocol (RTSP) packet, aka "RTSP Use After Free Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2010-3225
Version: 3
Platform(s): Microsoft Windows Vista
Microsoft Windows 7
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6695
 
Oval ID: oval:org.mitre.oval:def:6695
Title: Word Pointer Vulnerability
Description: Double free vulnerability in Microsoft Word 2002 SP3 allows remote attackers to execute arbitrary code via a Word document with crafted List Format Override (LFO) records, aka "Word Pointer Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2010-3217
Version: 7
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows Server 2008
Microsoft Windows 7
Product(s): Microsoft Word 2002
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6727
 
Oval ID: oval:org.mitre.oval:def:6727
Title: Merge Cell Record Pointer Vulnerability
Description: Microsoft Excel 2002 SP3 and Office 2004 for Mac do not properly validate record information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Merge Cell Record Pointer Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2010-3237
Version: 6
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows Server 2008
Microsoft Windows 7
Product(s): Microsoft Excel 2002
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6737
 
Oval ID: oval:org.mitre.oval:def:6737
Title: Lotus 1-2-3 Workbook Parsing Vulnerability
Description: Microsoft Excel 2002 SP3 and 2003 SP3 does not properly validate record information, which allows remote attackers to execute arbitrary code via a crafted .wk3 (aka Lotus 1-2-3 workbook) file, aka "Lotus 1-2-3 Workbook Parsing Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2010-3233
Version: 5
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows Server 2008
Microsoft Windows 7
Product(s): Microsoft Excel 2002
Microsoft Excel 2003
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6738
 
Oval ID: oval:org.mitre.oval:def:6738
Title: Out-of-Bounds Memory Write in Parsing Vulnerability
Description: Microsoft Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly validate binary file-format information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Out-of-Bounds Memory Write in Parsing Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2010-3241
Version: 6
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows Server 2008
Microsoft Windows 7
Product(s): Microsoft Excel 2002
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6742
 
Oval ID: oval:org.mitre.oval:def:6742
Title: OpenType Font Validation Vulnerability
Description: The OpenType Font (OTF) format driver in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 performs an incorrect integer calculation during font processing, which allows local users to gain privileges via a crafted application, aka "OpenType Font Validation Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2010-2741
Version: 3
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6792
 
Oval ID: oval:org.mitre.oval:def:6792
Title: Word Parsing Vulnerability
Description: Unspecified vulnerability in Microsoft Word 2002 SP3 and Office 2004 for Mac allows remote attackers to execute arbitrary code via a crafted Word document that triggers memory corruption, aka "Word Parsing Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2010-3220
Version: 6
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows Server 2008
Microsoft Windows 7
Product(s): Microsoft Word 2002
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6806
 
Oval ID: oval:org.mitre.oval:def:6806
Title: TLSv1 Denial of Service Vulnerability
Description: The Secure Channel (aka SChannel) security package in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7, when IIS 7.x is used, does not properly process client certificates during SSL and TLS handshakes, which allows remote attackers to cause a denial of service (LSASS outage and reboot) via a crafted packet, aka "TLSv1 Denial of Service Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2010-3229
Version: 5
Platform(s): Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Vista
Microsoft Windows 7
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6824
 
Oval ID: oval:org.mitre.oval:def:6824
Title: .NET Framework x64 JIT Compiler Vulnerability
Description: The JIT compiler in Microsoft .NET Framework 4.0 on 64-bit platforms does not properly perform optimizations, which allows remote attackers to execute arbitrary code via a crafted .NET application that triggers memory corruption, aka ".NET Framework x64 JIT Compiler Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2010-3228
Version: 10
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows 7
Product(s): Microsoft .NET Framework
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6832
 
Oval ID: oval:org.mitre.oval:def:6832
Title: Uninitialized Memory Corruption Vulnerability (CVE-2010-3331)
Description: Microsoft Internet Explorer 6 through 8 does not properly handle objects in memory in certain circumstances involving use of Microsoft Word to read Word documents, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2010-3331
Version: 9
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows 7
Product(s): Microsoft Internet Explorer 6
Microsoft Internet Explorer 7
Microsoft Internet Explorer 8
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6872
 
Oval ID: oval:org.mitre.oval:def:6872
Title: Negative Future Function Vulnerability
Description: Microsoft Excel 2002 SP3 and 2003 SP3, and Office 2004 for Mac, does not properly validate binary file-format information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Negative Future Function Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2010-3238
Version: 5
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows Server 2008
Microsoft Windows 7
Product(s): Microsoft Excel 2002
Microsoft Excel 2003
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6881
 
Oval ID: oval:org.mitre.oval:def:6881
Title: Embedded OpenType Font Integer Overflow Vulnerability
Description: Integer overflow in the Embedded OpenType (EOT) Font Engine in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows remote attackers to execute arbitrary code via a crafted table in an embedded font, aka "Embedded OpenType Font Integer Overflow Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2010-1883
Version: 5
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows 7
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6902
 
Oval ID: oval:org.mitre.oval:def:6902
Title: Ghost Record Type Parsing Vulnerability
Description: Microsoft Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly validate record information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Ghost Record Type Parsing Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2010-3242
Version: 6
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows Server 2008
Microsoft Windows 7
Product(s): Microsoft Excel 2002
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6928
 
Oval ID: oval:org.mitre.oval:def:6928
Title: Cross-Domain Information Disclosure Vulnerability
Description: Microsoft Internet Explorer 6 through 8 does not properly restrict script access to content from a different (1) domain or (2) zone, which allows remote attackers to obtain sensitive information via a crafted web site, aka "Cross-Domain Information Disclosure Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2010-3330
Version: 9
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows 7
Product(s): Microsoft Internet Explorer 6
Microsoft Internet Explorer 7
Microsoft Internet Explorer 8
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6974
 
Oval ID: oval:org.mitre.oval:def:6974
Title: Word Return Value Vulnerability
Description: Microsoft Word 2002 SP3 and Office 2004 for Mac do not properly handle unspecified return values during parsing of a Word document, which allows remote attackers to execute arbitrary code via a crafted document that triggers memory corruption, aka "Word Return Value Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2010-3215
Version: 6
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows Server 2008
Microsoft Windows 7
Product(s): Microsoft Word 2002
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:7010
 
Oval ID: oval:org.mitre.oval:def:7010
Title: Word Heap Overflow Vulnerability
Description: Heap-based buffer overflow in Microsoft Word 2002 SP3 allows remote attackers to execute arbitrary code via malformed records in a Word document, aka "Word Heap Overflow Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2010-3218
Version: 6
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows Server 2008
Microsoft Windows 7
Product(s): Microsoft Word 2002
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:7019
 
Oval ID: oval:org.mitre.oval:def:7019
Title: Word Index Parsing Vulnerability
Description: Array index vulnerability in Microsoft Word 2002 SP3 allows remote attackers to execute arbitrary code via a crafted Word document that triggers memory corruption, aka "Word Index Parsing Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2010-3219
Version: 6
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows Server 2008
Microsoft Windows 7
Product(s): Microsoft Word 2002
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:7028
 
Oval ID: oval:org.mitre.oval:def:7028
Title: Formula Biff Record Vulnerability
Description: Microsoft Excel 2002 SP3 does not properly validate formula information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Formula Biff Record Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2010-3235
Version: 6
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows Server 2008
Microsoft Windows 7
Product(s): Microsoft Excel 2002
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:7032
 
Oval ID: oval:org.mitre.oval:def:7032
Title: Word Parsing Vulnerability
Description: Microsoft Word 2002 SP3 and 2003 SP3, Office 2004 for Mac, and Word Viewer do not properly handle a malformed record during parsing of a Word document, which allows remote attackers to execute arbitrary code via a crafted document that triggers memory corruption, aka "Word Parsing Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2010-3221
Version: 9
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows Server 2008
Microsoft Windows 7
Product(s): Microsoft Word 2002
Microsoft Word 2003
Microsoft Office Word Viewer
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:7042
 
Oval ID: oval:org.mitre.oval:def:7042
Title: Excel Record Parsing Integer Overflow Vulnerability
Description: Integer overflow in Microsoft Excel 2002 SP3 allows remote attackers to execute arbitrary code via an Excel document with crafted record information, aka "Excel Record Parsing Integer Overflow Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2010-3230
Version: 6
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows Server 2008
Microsoft Windows 7
Product(s): Microsoft Excel 2002
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:7059
 
Oval ID: oval:org.mitre.oval:def:7059
Title: Uninitialized Memory Corruption Vulnerability (CVE-2010-3328)
Description: Use-after-free vulnerability in the CAttrArray::PrivateFind function in mshtml.dll in Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code by setting an unspecified property of a stylesheet object, aka "Uninitialized Memory Corruption Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2010-3328
Version: 9
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows 7
Product(s): Microsoft Internet Explorer 6
Microsoft Internet Explorer 7
Microsoft Internet Explorer 8
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:7121
 
Oval ID: oval:org.mitre.oval:def:7121
Title: Word Uninitialized Pointer Vulnerability
Description: Microsoft Word 2002 SP3 and Office 2004 for Mac do not properly handle an uninitialized pointer during parsing of a Word document, which allows remote attackers to execute arbitrary code via a crafted document that triggers memory corruption, aka "Word Uninitialized Pointer Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2010-2747
Version: 5
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows Server 2008
Microsoft Windows 7
Product(s): Microsoft Word 2002
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:7175
 
Oval ID: oval:org.mitre.oval:def:7175
Title: LPC Message Buffer Overrun Vulnerability
Description: Stack-based buffer overflow in the Remote Procedure Call Subsystem (RPCSS) in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows local users to gain privileges via a crafted LPC message that requests an LRPC connection from an LPC server to a client, aka "LPC Message Buffer Overrun Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2010-3222
Version: 3
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:7196
 
Oval ID: oval:org.mitre.oval:def:7196
Title: Real Time Data Array Record Vulnerability
Description: Microsoft Excel 2002 SP3 and 2007 SP2; Excel Viewer SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2 do not properly validate record information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Real Time Data Array Record Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2010-3240
Version: 12
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows Server 2008
Microsoft Windows 7
Product(s): Microsoft Excel 2002
Microsoft Excel 2007
Microsoft Office Excel Viewer
Microsoft Office Compatibility Pack
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:7207
 
Oval ID: oval:org.mitre.oval:def:7207
Title: Uninitialized Memory Corruption Vulnerability
Description: Microsoft Internet Explorer 6 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2010-3326
Version: 3
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Product(s): Microsoft Internet Explorer 6
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:7209
 
Oval ID: oval:org.mitre.oval:def:7209
Title: Out Of Bounds Array Vulnerability
Description: Microsoft Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly validate record information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Out Of Bounds Array Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2010-3236
Version: 5
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows Server 2008
Microsoft Windows 7
Product(s): Microsoft Excel 2002
Microsoft Excel 2003
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:7258
 
Oval ID: oval:org.mitre.oval:def:7258
Title: OpenType Font Parsing Vulnerability
Description: The OpenType Font (OTF) format driver in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly perform memory allocation during font parsing, which allows local users to gain privileges via a crafted application, aka "OpenType Font Parsing Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2010-2740
Version: 3
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:7272
 
Oval ID: oval:org.mitre.oval:def:7272
Title: Comctl32 Heap Overflow Vulnerability
Description: Heap-based buffer overflow in Comctl32.dll (aka the common control library) in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7, when a third-party SVG viewer is used, allows remote attackers to execute arbitrary code via a crafted HTML document that triggers unspecified messages from this viewer, aka "Comctl32 Heap Overflow Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2010-2746
Version: 7
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows 7
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:7275
 
Oval ID: oval:org.mitre.oval:def:7275
Title: HTML Sanitization Vulnerability
Description: Cross-site scripting (XSS) vulnerability in the toStaticHTML function in Microsoft Internet Explorer 8, and the SafeHTML function in Microsoft Windows SharePoint Services 3.0 SP2 and Office SharePoint Server 2007 SP2, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "HTML Sanitization Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2010-3243
Version: 3
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows Server 2008
Microsoft Windows 7
Product(s): Microsoft Office SharePoint Server 2007
Microsoft Windows SharePoint Services 3.0
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:7286
 
Oval ID: oval:org.mitre.oval:def:7286
Title: COM Validation Vulnerability
Description: Windows Shell and WordPad in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7; Microsoft Office XP SP3; Office 2003 SP3; and Office System 2007 SP1 and SP2 do not properly validate COM objects during instantiation, which allows remote attackers to execute arbitrary code via a crafted file, aka "COM Validation Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2010-1263
Version: 26
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows 7
Product(s): Microsoft Office XP
Microsoft Excel 2003
Microsoft PowerPoint 2003
Microsoft Publisher 2003
Microsoft Visio 2003
Microsoft Word 2003
Microsoft Excel 2007
Microsoft PowerPoint 2007
Microsoft Publisher 2007
Microsoft Visio 2007
Microsoft Word 2007
Microsoft Wordpad
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:7297
 
Oval ID: oval:org.mitre.oval:def:7297
Title: HTML Sanitization Vulnerability (CVE-2010-3324)
Description: The toStaticHTML function in Microsoft Internet Explorer 8, and the SafeHTML function in Microsoft Windows SharePoint Services 3.0 SP2, SharePoint Foundation 2010, Office SharePoint Server 2007 SP2, Groove Server 2010, and Office Web Apps, allows remote attackers to bypass the cross-site scripting (XSS) protection mechanism and conduct XSS attacks via a crafted use of the Cascading Style Sheets (CSS) @import rule, aka "HTML Sanitization Vulnerability," a different vulnerability than CVE-2010-1257.
Family: windows Class: vulnerability
Reference(s): CVE-2010-3324
Version: 13
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows 7
Product(s): Microsoft Internet Explorer 8
Microsoft Windows SharePoint Services 3.0
Microsoft Office SharePoint Server 2007
Microsoft Office SharePoint Foundation 2010
Microsoft Groove Server 2010
Microsoft Office Web Apps
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:7322
 
Oval ID: oval:org.mitre.oval:def:7322
Title: Word Stack Overflow Vulnerability
Description: Stack-based buffer overflow in Microsoft Word 2002 SP3, 2003 SP3, 2007 SP2, and 2010; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2; Word Viewer; Office Web Apps; and Word Web App allows remote attackers to execute arbitrary code via a crafted Word document, aka "Word Stack Overflow Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2010-3214
Version: 13
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows Server 2008
Microsoft Windows 7
Product(s): Microsoft Word 2002
Microsoft Word 2003
Microsoft Word 2007
Microsoft Word 2010
Microsoft Office Word Viewer
Microsoft Office Compatibility Pack
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:7375
 
Oval ID: oval:org.mitre.oval:def:7375
Title: Word Boundary Check Vulnerability
Description: Microsoft Word 2002 SP3 and Office 2004 for Mac do not properly check an unspecified boundary during parsing of a Word document, which allows remote attackers to execute arbitrary code via a crafted document that triggers memory corruption, aka "Word Boundary Check Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2010-2748
Version: 6
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows Server 2008
Microsoft Windows 7
Product(s): Microsoft Word 2002
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:7410
 
Oval ID: oval:org.mitre.oval:def:7410
Title: CSS Special Character Information Disclosure Vulnerability
Description: Microsoft Internet Explorer 6 through 8 does not properly handle unspecified special characters in Cascading Style Sheets (CSS) documents, which allows remote attackers to obtain sensitive information from a different (1) domain or (2) zone via a crafted web site, aka "CSS Special Character Information Disclosure Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2010-3325
Version: 9
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows 7
Product(s): Microsoft Internet Explorer 6
Microsoft Internet Explorer 7
Microsoft Internet Explorer 8
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:7475
 
Oval ID: oval:org.mitre.oval:def:7475
Title: Excel Record Parsing Memory Corruption Vulnerability
Description: Microsoft Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly validate record information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Excel Record Parsing Memory Corruption Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2010-3231
Version: 6
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows Server 2008
Microsoft Windows 7
Product(s): Microsoft Excel 2002
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:7482
 
Oval ID: oval:org.mitre.oval:def:7482
Title: Uninitialized Memory Corruption Vulnerability (CVE-2010-3329)
Description: mshtmled.dll in Microsoft Internet Explorer 7 and 8 allows remote attackers to execute arbitrary code via a crafted Microsoft Office document that causes the HtmlDlgHelper class destructor to access uninitialized memory, aka "Uninitialized Memory Corruption Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2010-3329
Version: 9
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows 7
Product(s): Microsoft Internet Explorer 7
Microsoft Internet Explorer 8
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:7514
 
Oval ID: oval:org.mitre.oval:def:7514
Title: Win32k Keyboard Layout Vulnerability
Description: The kernel-mode drivers in Microsoft Windows XP SP3 do not properly perform indexing of a function-pointer table during the loading of keyboard layouts from disk, which allows local users to gain privileges via a crafted application, as demonstrated in the wild in July 2010 by the Stuxnet worm, aka "Win32k Keyboard Layout Vulnerability." NOTE: this might be a duplicate of CVE-2010-3888 or CVE-2010-3889.
Family: windows Class: vulnerability
Reference(s): CVE-2010-2743
Version: 10
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows 7
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:7529
 
Oval ID: oval:org.mitre.oval:def:7529
Title: Word Bookmarks Vulnerability
Description: Microsoft Word 2002 SP3 and Office 2004 for Mac allow remote attackers to execute arbitrary code via a crafted Word document containing bookmarks that trigger use of an invalid pointer and memory corruption, aka "Word Bookmarks Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2010-3216
Version: 6
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows Server 2008
Microsoft Windows 7
Product(s): Microsoft Word 2002
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:7555
 
Oval ID: oval:org.mitre.oval:def:7555
Title: Formula Substream Memory Corruption Vulnerability
Description: Microsoft Excel 2002 SP3 does not properly validate formula information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Formula Substream Memory Corruption Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2010-3234
Version: 6
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows Server 2008
Microsoft Windows 7
Product(s): Microsoft Excel 2002
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:7575
 
Oval ID: oval:org.mitre.oval:def:7575
Title: Excel File Format Parsing Vulnerability
Description: Microsoft Excel 2003 SP3 and 2007 SP2; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Excel Viewer SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2 do not properly validate record information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Excel File Format Parsing Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2010-3232
Version: 12
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows Server 2008
Microsoft Windows 7
Product(s): Microsoft Excel 2003
Microsoft Excel 2007
Microsoft Office Excel Viewer
Microsoft Office Compatibility Pack
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:7582
 
Oval ID: oval:org.mitre.oval:def:7582
Title: Word Index Vulnerability
Description: Array index error in Microsoft Word 2002 SP3 and Office 2004 for Mac allows remote attackers to execute arbitrary code via a crafted Word document that triggers memory corruption, aka "Word Index Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2010-2750
Version: 6
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows Server 2008
Microsoft Windows 7
Product(s): Microsoft Word 2002
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:7616
 
Oval ID: oval:org.mitre.oval:def:7616
Title: Extra Out of Boundary Record Parsing Vulnerability
Description: Microsoft Excel 2002 SP3 does not properly validate record information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Extra Out of Boundary Record Parsing Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2010-3239
Version: 6
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows Server 2008
Microsoft Windows 7
Product(s): Microsoft Excel 2002
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:7637
 
Oval ID: oval:org.mitre.oval:def:7637
Title: HTML Sanitization Vulnerability (CVE-2010-3243)
Description: Cross-site scripting (XSS) vulnerability in the toStaticHTML function in Microsoft Internet Explorer 8, and the SafeHTML function in Microsoft Windows SharePoint Services 3.0 SP2 and Office SharePoint Server 2007 SP2, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "HTML Sanitization Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2010-3243
Version: 12
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows 7
Product(s): Microsoft Internet Explorer 8
Microsoft Office SharePoint Server 2007
Microsoft Windows SharePoint Services 3.0
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 1
Application 4
Application 1
Application 1
Application 3
Application 6
Application 1
Application 1
Application 1
Application 1
Application 3
Application 2
Application 1
Application 4
Application 5
Application 1
Application 1
Os 2
Os 2
Os 1
Os 11
Os 6
Os 2

ExploitDB Exploits

id Description
2011-01-13 MS10-073: Win32k Keyboard Layout Vulnerability
2010-10-16 Microsoft Office HtmlDlgHelper Class Memory Corruption

OpenVAS Exploits

Date Description
2011-09-22 Name : Microsoft SharePoint SafeHTML Information Disclosure Vulnerabilities (2412048)
File : nvt/secpod_ms10-072.nasl
2010-10-13 Name : Microsoft Internet Explorer Multiple Vulnerabilities (2360131)
File : nvt/secpod_ms10-071.nasl
2010-10-13 Name : Windows Kernel-Mode Drivers Privilege Elevation Vulnerabilities (981957)
File : nvt/secpod_ms10-073.nasl
2010-10-13 Name : Microsoft Windows Media Player Network Sharing Remote Code Execution Vulnerab...
File : nvt/secpod_ms10-075.nasl
2010-10-13 Name : Embedded OpenType Font Engine Remote Code Execution Vulnerability (982132)
File : nvt/secpod_ms10-076.nasl
2010-10-13 Name : OpenType Font (OTF) Format Driver Privilege Elevation Vulnerabilities (2279986)
File : nvt/secpod_ms10-078.nasl
2010-10-13 Name : Microsoft Office Word Remote Code Execution Vulnerabilities (2293194)
File : nvt/secpod_ms10-079.nasl
2010-10-13 Name : Microsoft Office Excel Remote Code Execution Vulnerabilities (2293211)
File : nvt/secpod_ms10-080.nasl
2010-10-13 Name : Windows Common Control Library Remote Code Execution Vulnerability (2296011)
File : nvt/secpod_ms10-081.nasl
2010-10-13 Name : Microsoft Windows Media Player Remote Code Execution Vulnerability (2378111))
File : nvt/secpod_ms10-082.nasl
2010-10-13 Name : Microsoft Windows Shell and WordPad COM Validation Vulnerability (2405882)
File : nvt/secpod_ms10-083.nasl
2010-10-13 Name : Windows Local Procedure Call Privilege Elevation Vulnerability (2360937)
File : nvt/secpod_ms10-084.nasl
2010-10-13 Name : Microsoft Windows SChannel Denial of Service Vulnerability (2207566)
File : nvt/secpod_ms10-085.nasl
2010-09-23 Name : Microsoft Internet Explorer 'toStaticHTML()' Cross Site Scripting Vulnerability
File : nvt/secpod_ms_ie_static_html_xss_vuln.nasl
2010-06-09 Name : Microsoft Office COM Validation Remote Code Execution Vulnerability (983235)
File : nvt/secpod_ms10-036.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
68586 Microsoft Windows LRPC Server LPC Message Handling Local Privilege Escalation

Microsoft Windows is prone to an overflow condition. The Remote Procedure Call Subsystem fails to properly sanitize user-supplied input resulting in a stack-based buffer overflow. With a specially crafted crafted LPC message, a local authenticated attacker can potentially gain elevated privileges.
68584 Microsoft Office Word Uninitialized Pointer Handling Remote Code Execution

A memory corruption flaw exists in Microsoft Word. The program fails to sanitize user-supplied input when handling an uninitialized pointer during parsing of a Word document, resulting in memory corruption. With a specially crafted Word document, a context-dependent attacker can execute arbitrary code.
68583 Microsoft Office Word Unspecified Boundary Check Remote Code Execution

A memory corruption flaw exists in Microsoft Word. The program fails to check an unspecified boundary while parsing Word documents, resulting in memory corruption. With a specially crafted Word document, a context-dependent attacker can execute arbitrary code.
68582 Microsoft Office Word Array Index Value Handling Unspecified Remote Code Exec...

A memory corruption flaw exists in Microsoft Word. The program suffers from an array indexing error when handling certain values in a Word document, resulting in memory corruption. With a specially crafted Word document, a context-dependent attacker can execute arbitrary code.
68581 Microsoft Office Word File Unspecified Structure Handling Stack Overflow

Microsoft Word is prone to an overflow condition. The program fails to properly sanitize user-supplied input resulting in a stack-based buffer overflow. With a specially crafted Word document, a context-dependent attacker can potentially execute arbitrary code.
68580 Microsoft Office Word Return Value Handling Unspecified Remote Code Execution

A memory corruption flaw exists in Microsoft Word. The program fails to sanitize user-supplied input when handling unspecified return values during parsing of a Word document, resulting in memory corruption. With a specially crafted Word document, a context-dependent attacker can execute arbitrary code.
68579 Microsoft Office Word Bookmark Handling Invalid Pointer Remote Code Execution

A memory corruption flaw exists in Microsoft Word. The program fails to sanitize user-supplied input when it encounters an invalid pointer when processing bookmarks in a Word document, resulting in memory corruption. With a specially crafted Word document, a context-dependent attacker can execute arbitrary code.
68578 Microsoft Office Word Pointer LFO Parsing Double-free Remote Code Execution

A memory corruption flaw exists in Microsoft Word. The program suffers from an error due to the use of an invalid pointer while processing certain structures in Word documents, resulting in memory corruption. With a specially crafted Word document with crafted List Format Override records, a context-dependent attacker can execute arbitrary code.
68577 Microsoft Office Word Malformed Record Handling Remote Heap Overflow

Microsoft Word is prone to an overflow condition. The program fails to properly sanitize user-supplied input resulting in a heap-based buffer overflow. With a specially crafted Word document containing malformed records, a context-dependent attacker can potentially execute arbitrary code.
68576 Microsoft Office Word BKF Object Parsing Array Indexing Remote Code Execution

A memory corruption flaw exists in Microsoft Word. The program suffers from an an array indexing error when processing BKF objects, resulting in memory corruption. With a specially crafted Word document, a context-dependent attacker can execute arbitrary code.
68575 Microsoft Office Word File LVL Structure Parsing Remote Code Execution

A memory corruption flaw exists in Microsoft Word. The program fails to sanitize user-supplied input when when processing LVL structures, resulting in memory corruption. With a specially crafted Word document, a context-dependent attacker can execute arbitrary code.
68574 Microsoft Office Word File Record Parsing Unspecified Memory Corruption

A memory corruption flaw exists in Microsoft Word. The program fails to sanitize user-supplied input when handling a malformed record while parsing a Word document, resulting in memory corruption. With a specially crafted Word document, a context-dependent attacker can execute arbitrary code.
68573 Microsoft Office Excel File Unspecified Record Parsing Remote Integer Overflow

Microsoft Office Excel is prone to an overflow condition. The program suffers from a sign-extension error and integer overflow error which may be further exploited to cause a heap-based buffer overflow. With a specially crafted Excel file with crafted record information, a context-dependent attacker can potentially execute arbitrary code.
68572 Microsoft Office Excel Formula Record Parsing Memory Corruption (2010-3231)

A memory corruption flaw exists in Microsoft Office Excel. The program fails to sanitize user-supplied input when parsing Formula records, which may be exploited to cause an out-of-bounds memory write, resulting in memory corruption. With a specially crafted Excel document, a context-dependent attacker can execute arbitrary code.
68571 Microsoft Office Excel File Format Parsing Remote Code Execution

A memory corruption flaw exists in Microsoft Office Excel. The program fails to sanitize user-supplied input when validating record information with certain format parsing, which may be exploited to cause an out-of-bounds memory write, resulting in memory corruption. With a specially crafted Excel document, a context-dependent attacker can execute arbitrary code.
68570 Microsoft Office Excel Lotus 1-2-3 Workbook Parsing Remote Overflow

Microsoft Office Excel is prone to an overflow condition. The program fails to properly sanitize user-supplied input resulting in a heap-based buffer overflow. With a specially crafted Lotus 1-2-3 (.wk3) file with an overly long crafted record, a context-dependent attacker can potentially execute arbitrary code.
68569 Microsoft Office Excel Formula Substream Record Parsing Memory Corruption

A memory corruption flaw exists in Microsoft Office Excel. The program fails to sanitize user-supplied input when parsing Formula Substream records, which may be exploited to cause an out-of-bounds memory write, resulting in memory corruption. With a specially crafted Excel document, a context-dependent attacker can execute arbitrary code.
68568 Microsoft Office Excel Formula Biff Record Parsing Remote Code Execution

A memory corruption flaw exists in Microsoft Office Excel. The program fails to sanitize user-supplied input when validating formula information with a dangling pointer, which may be exploited to cause an out-of-bounds memory write, resulting in memory corruption. With a specially crafted Excel document, a context-dependent attacker can execute arbitrary code.
68567 Microsoft Office Excel Out Of Bounds Array Handling Remote Code Execution

A memory corruption flaw exists in Microsoft Office Excel. The program fails to sanitize user-supplied input when validating record information, which may be exploited to cause an out-of-bounds memory write, resulting in memory corruption. With a specially crafted Excel document, a context-dependent attacker can execute arbitrary code.
68566 Microsoft Office Excel Merge Cell Record Pointer Handling Remote Code Execution

A memory corruption flaw exists in Microsoft Office Excel. The program fails to sanitize user-supplied input when validating record information, resulting in memory corruption. With a specially crafted Excel document, a context-dependent attacker can execute arbitrary code.
68565 Microsoft Office Excel Negative Future Function Parsing Remote Code Execution

A memory corruption flaw exists in Microsoft Office Excel. The program fails to sanitize user-supplied input when validating binary file-format information, resulting in memory corruption. With a specially crafted Excel document, a context-dependent attacker can execute arbitrary code.
68564 Microsoft Office Excel PtgExtraArray Structure Parsing Remote Code Execution

A memory corruption flaw exists in Microsoft Office Excel. The program fails to sanitize user-supplied input when processing Extra Out of Boundary records, resulting in memory corruption. With a specially crafted Excel document, a context-dependent attacker can execute arbitrary code.
68563 Microsoft Office Excel RealTimeData Record Array Parsing Remote Code Execution

A memory corruption flaw exists in Microsoft Office Excel. The program fails to sanitize user-supplied input when validating record information, resulting in memory corruption. With a specially crafted Excel document, a context-dependent attacker can execute arbitrary code.
68562 Microsoft Office Excel Out-of-Bounds Memory Write in Parsing Memory Corruption

A memory corruption flaw exists in Microsoft Office Excel. The program fails to sanitize user-supplied input when validating binary file-format information, resulting in memory corruption. With a specially crafted Excel document, a context-dependent attacker can execute arbitrary code.
68561 Microsoft Office Excel Ghost Record Type Parsing Remote Code Execution

Microsoft Office Excel contains a flaw that may allow a context-dependent attacker to execute arbitrary commands or code. The issue is due to missing input validation in a conversion routine when parsing a certain record type and can be exploited to corrupt memory outside the bounds of an allocated heap buffer via an overly large range specified by two record fields in a crafted Excel document, which may allow the attacker to execute arbitrary code.
68560 Microsoft Windows SChannel TLSv1 Crafted Client Certificate Request DoS

Microsoft Windows contains a flaw that may allow denial of service. The issue is caused due to the Secure Channel (SChannel) security package failing to check a logical condition when parsing client certificates. This can be exploited to cause the LSASS service to stop responding and restart the system via a specially crafted client certificate request to an affected IIS server hosting a SSL-enabled web site
68559 Microsoft Windows OpenType Font Parsing Unspecified Remote Code Execution

Microsoft Windows contains a flaw that may allow a remote attacker to execute arbitrary commands or code. An error in the parsing of OTF (OpenType Font) files can be exploited by loading a properly formatted font and then reload it with specially crafted offset and length fields for the head table of the font. This flaw may allow execution of arbitrary code with kernel privileges.
68558 Microsoft Windows OpenType Malformed Font Validation Remote Code Execution

Microsoft Windows contains a flaw that may allow an attacker to gain access to unauthorized privileges. The issue exists in the way that the Windows OpenType Font (OTF) format driver improperly parses specially crafted OpenType fonts, and can result in arbitrary code execution on kernel mode.
68557 Microsoft Windows Media Player Reload Operation Object Deallocation Memory Co...

A memory corruption flaw exists in Windows Media Player. The flaw is caused due to an error in wmp.dll when deallocating objects during a reload operation and can be exploited to corrupt memory by tricking a user into visiting a specially crafted web page. It allows execution of arbitrary code, but requires that a user clicks through one or more pop-up dialog boxes
68556 Microsoft .NET Framework x64 JIT Compiler Unprivileged Application Remote Cod...

Microsoft .NET Framework contains a flaw that may allow a remote attacker to execute arbitrary commands or code. The issue is due to an unspecified error in the JIT compiler while optimizing code, which can be exploited to corrupt memory when a user visits a web page hosting a specially crafted XBAP (XAML browser application).
68553 Microsoft Windows t2embed.dll Embedded OpenType Font Parsing hdmx Record Pars...

Microsoft Windows contains a flaw that may allow a remote attacker to execute arbitrary commands or code. The issue is caused due to an integer overflow error within t2embed.dll when parsing hdmx records in an Embedded OpenType (EOT) font file and can be exploited to corrupt memory by e.g. tricking a user into visiting a web site containing a specially crafted file.
68552 Microsoft Windows win32k.sys Driver Keyboard Layout Loading Local Privilege E...

Microsoft Windows contains a flaw that may allow an attacker to gain access to unauthorized privileges. The kernel-mode drivers fail to properly perform indexing of a function-pointer table when loading specific keyboard layouts, which may allow a local authenticated attacker to gain elevated privileges.
68551 Microsoft Windows win32k.sys Driver Window Class Data Validation Local Privil...

Microsoft Windows contains a flaw that may allow an attacker to gain access to unauthorized privileges. The issue is triggered when the kernel-mode drivers fail to properly manage a window class, allowing a local attacker to gain elevated privileges by creating a window and using 'SetWindowLongPtr' and 'SwitchWndProc' functions to manipulate certain data.
68550 Microsoft Windows Media Player Network Sharing Service RTSP Use-after-free Re...

Microsoft Windows Media Player contains a flaw that may allow a remote attacker to execute arbitrary commands or code. The issue is caused due to a use-after-free error in the Network Sharing Service (wmpnetwk.exe) and can be exploited via a specially crafted Real Time Streaming Protocol (RTSP) packet. It allows execution of arbitrary code, but requires the Network Sharing Service is enabled.
68549 Microsoft Windows Common Control Library (comctl32.dll) Third-party SVG Conte...

Microsoft Windows is prone to an overflow condition. The common control library, Comctl32.dll, fails to properly sanitize user-supplied input resulting in a heap-based buffer overflow. With a specially crafted HTML document, a context-dependent attacker can potentially execute arbitrary code.
68548 Microsoft IE / SharePoint Unspecified XSS

Microsoft SharePoint Server and Groove server contains a flaw that may lead to an unauthorized information disclosure.  The issue is triggered when the application does not properly sanitise HTML code using SafeHTML. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious data is being viewed
68547 Microsoft IE CSS Special Character Processing Unspecified Information Disclosure

Microsoft IE contains a flaw that may lead to an unauthorized information disclosure.  The issue is exists in the way that Internet Explorer processes CSS special characters. It can view content from another domain or Internet Explorer zone.
68546 Microsoft IE Object Handling Unspecified Memory Corruption (2010-3326)

Microsoft IE contains a flaw that may allow a remote attacker to execute arbitrary commands or code. The issue is due to the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted. It can take complete control of an affected system.
68543 Microsoft IE HtmlDlgHelper Class Object Handling Memory Corruption

Microsoft IE contains a flaw that may allow a remote attacker to execute arbitrary commands or code. The issue is due to Internet Explorer accesses an object that has not been correctly initialized or has been deleted when a document in an HTML format is opened in Microsoft Word. An attacker could exploit the vulnerability by convincing the user to open a malicious Word document. When a user closes the document, it could allow remote code execution.
68542 Microsoft IE CSS imports() Cross-domain Information Disclosure

Microsoft IE contains a flaw that may lead to an unauthorized information disclosure.  The issue could allow script to gain access to information in another domain or Internet Explorer zone. An attacker could exploit the vulnerability by constructing a specially crafted Web page that could allow information disclosure if a user viewed the Web page. An attacker who successfully exploited this vulnerability could view content from another domain or Internet Explorer zone.
68541 Microsoft IE mshtml.dll CAttrArray::PrivateFind Function Object Handling Memo...

Microsoft IE contains a flaw that may allow a remote attacker to execute arbitrary commands or code. The issue is due to the way Internet Explorer accesses an object that has not been correctly initialized or has been deleted. An attacker could exploit the vulnerability by constructing a specially crafted Web page. When a user views the Web page, it could allow remote code execution.
68540 Microsoft IE mshtml.dll Object Handling Uninitialized Memory Corruption (2010...

Microsoft IE contains a flaw that may allow a remote attacker to execute arbitrary commands or code. The issue is due to the way Internet Explorer accesses an object that has not been correctly initialized or has been deleted. An attacker could exploit the vulnerability by convincing a user to view a specially crafted Word document. When a user closes the Word document, it could allow remote code execution
68123 Microsoft IE / SharePoint toStaticHTML Function Crafted CSS @import Rule XSS ...

Microsoft SharePoint contains a flaw that may lead to an unauthorized information disclosure.  The issue is triggered when the application does not properly sanitise HTML code using SafeHTML. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious data is being viewed.
66003 Microsoft Windows win32k.sys NtUserCheckAccessForIntegrityLevel Use-After-Fre...

Microsoft Windows contains a use-after-freeflaw that may allow a local attacker to gain access to unauthorized privileges. The issue is triggered when an attacker uses call saturation to the 'NtUserCheckAccessForIntegrityLevel' function to cause a failure in the 'LockProcessByClientId' function, allowing a local attacker to gain elevated privileges.
65219 Microsoft Windows / Office COM Object Instantiation Validation Remote Code Ex...

Microsoft Windows and Office fail to properly validate COM objects during instantiation. This may allow a context-dependent attacker to use a crafted file to execute arbitrary code.

Information Assurance Vulnerability Management (IAVM)

Date Description
2010-10-14 IAVM : 2010-A-0145 - Multiple Vulnerabilities in Microsoft Office Word
Severity : Category II - VMSKEY : V0025510
2010-10-14 IAVM : 2010-A-0140 - Microsoft Windows Media Player Remote Code Execution Vulnerability
Severity : Category II - VMSKEY : V0025516
2010-10-14 IAVM : 2010-A-0141 - Microsoft Windows Media Player Network Sharing Service Remote Code Execution ...
Severity : Category II - VMSKEY : V0025520
2010-10-14 IAVM : 2010-A-0135 - Microsoft Windows Embedded OpenType Font Engine Vulnerability
Severity : Category I - VMSKEY : V0025528
2010-10-14 IAVM : 2010-A-0134 - Microsoft Windows COM Validation Remote Code Execution Vulnerability
Severity : Category II - VMSKEY : V0025530
2010-10-14 IAVM : 2010-B-0090 - Microsoft Windows Common Control Library Remote Code Execution Vulnerability
Severity : Category II - VMSKEY : V0025534

Snort® IPS/IDS

Date Description
2020-09-19 Microsoft Windows Media Player Firefox plugin memory corruption attempt
RuleID : 54833 - Revision : 1 - Type : FILE-MULTIMEDIA
2018-02-22 toStaticHTML CSS import XSS exploit attempt
RuleID : 45514 - Revision : 1 - Type : BROWSER-IE
2017-07-11 Microsoft Internet Explorer CStyleSheetRule array memory corruption attempt
RuleID : 43134 - Revision : 1 - Type : BROWSER-IE
2016-07-26 Microsoft Office Excel RealTimeData record exploit attempt
RuleID : 39347 - Revision : 2 - Type : FILE-OFFICE
2016-07-26 Microsoft Office Excel RealTimeData record exploit attempt
RuleID : 39346 - Revision : 2 - Type : FILE-OFFICE
2016-07-08 Microsoft Office Excel RealTimeData record exploit attempt
RuleID : 39158 - Revision : 1 - Type : FILE-OFFICE
2016-07-08 Microsoft Office Excel RealTimeData record exploit attempt
RuleID : 39157 - Revision : 3 - Type : FILE-OFFICE
2016-03-14 Microsoft Office Excel CrErr record integer overflow attempt
RuleID : 37246 - Revision : 1 - Type : FILE-OFFICE
2016-03-14 Microsoft Internet Explorer Scriptlet Component ActiveX clsid access
RuleID : 36772 - Revision : 2 - Type : BROWSER-PLUGINS
2015-03-17 Microsoft Windows Comctl32.dll third-party SVG viewer heap overflow attempt
RuleID : 33479 - Revision : 2 - Type : OS-WINDOWS
2014-11-16 Microsoft Office Excel PtgName invalid index exploit attempt
RuleID : 31476 - Revision : 3 - Type : FILE-OFFICE
2014-11-16 Microsoft Office Excel PtgName invalid index exploit attempt
RuleID : 31475 - Revision : 3 - Type : FILE-OFFICE
2014-11-16 Microsoft Office Excel PtgName invalid index exploit attempt
RuleID : 31474 - Revision : 3 - Type : FILE-OFFICE
2014-11-16 Microsoft Office Excel PtgName invalid index exploit attempt
RuleID : 31473 - Revision : 3 - Type : FILE-OFFICE
2014-01-10 Microsoft Office Word unchecked index value remote code execution attempt
RuleID : 25768 - Revision : 4 - Type : FILE-OFFICE
2014-01-10 Microsoft HtmlDlgHelper ActiveX clsid access
RuleID : 23555 - Revision : 7 - Type : FILE-OFFICE
2014-01-10 OpenType Font file integer overflow attempt
RuleID : 23155 - Revision : 5 - Type : FILE-OTHER
2014-01-10 OpenType Font file integer overflow attempt
RuleID : 23154 - Revision : 5 - Type : FILE-OTHER
2014-01-10 OpenType Font file integer overflow attempt
RuleID : 23153 - Revision : 5 - Type : FILE-OTHER
2014-01-10 OpenType Font file integer overflow attempt
RuleID : 23152 - Revision : 8 - Type : FILE-OTHER
2014-01-10 Microsoft Office Excel MergeCells record parsing code execution attempt
RuleID : 21415 - Revision : 10 - Type : FILE-OFFICE
2014-01-10 Microsoft Office Excel MergeCells record parsing code execution attempt
RuleID : 21414 - Revision : 7 - Type : FILE-OFFICE
2014-01-10 Microsoft Office Excel MergeCells record parsing code execution attempt
RuleID : 20130 - Revision : 6 - Type : SPECIFIC-THREATS
2014-01-10 Microsoft Internet Explorer CStyleSheetRule array memory corruption attempt
RuleID : 19436 - Revision : 14 - Type : BROWSER-IE
2014-01-10 Microsoft Internet Explorer Cross-Domain information disclosure attempt
RuleID : 19411 - Revision : 9 - Type : BROWSER-IE
2014-01-10 Microsoft Internet Explorer and SharePoint toStaticHTML information disclosur...
RuleID : 19322 - Revision : 10 - Type : BROWSER-IE
2014-01-10 Microsoft Office Word sprmTDiagLine80 record parsing stack buffer overflow at...
RuleID : 19317 - Revision : 12 - Type : FILE-OFFICE
2014-01-10 Microsoft Windows embedded OpenType EOT font integer overflow attempt
RuleID : 19308 - Revision : 16 - Type : FILE-OTHER
2014-01-10 Microsoft Office Excel PtgExtraArray parsing attempt
RuleID : 19154 - Revision : 13 - Type : FILE-OFFICE
2014-01-10 Microsoft Office Word malformed index code execution attempt
RuleID : 19153 - Revision : 14 - Type : FILE-OFFICE
2014-01-10 Microsoft Office Excel PtgExtraArray data parsing vulnerability exploit attempt
RuleID : 19134 - Revision : 15 - Type : FILE-OFFICE
2014-01-10 Microsoft Office Excel RealTimeData record exploit attempt
RuleID : 18806 - Revision : 20 - Type : FILE-OFFICE
2014-01-10 Microsoft Office Excel PtgName invalid index exploit attempt
RuleID : 18538 - Revision : 15 - Type : FILE-OFFICE
2014-01-10 Microsoft Windows Comctl32.dll third-party SVG viewer heap overflow attempt
RuleID : 18297 - Revision : 16 - Type : OS-WINDOWS
2014-01-10 Microsoft .NET framework EntityObject execution attempt
RuleID : 18064 - Revision : 8 - Type : BROWSER-PLUGINS
2014-01-10 Microsoft Internet Explorer 8 CSS XSRF exploit attempt
RuleID : 17774 - Revision : 8 - Type : BROWSER-IE
2014-01-10 Microsoft Windows Media Player Firefox plugin memory corruption attempt
RuleID : 17773 - Revision : 14 - Type : FILE-MULTIMEDIA
2014-01-10 Microsoft Internet Explorer Scriptlet Component ActiveX clsid access
RuleID : 17772 - Revision : 15 - Type : BROWSER-PLUGINS
2014-01-10 Microsoft Internet Explorer cross-domain information disclosure attempt
RuleID : 17771 - Revision : 12 - Type : BROWSER-IE
2014-01-10 Microsoft HtmlDlgHelper ActiveX clsid access
RuleID : 17770 - Revision : 18 - Type : FILE-OFFICE
2014-01-10 Microsoft Internet Explorer 8 CSS invalid mapping exploit attempt
RuleID : 17769 - Revision : 13 - Type : BROWSER-IE
2014-01-10 Microsoft Internet Explorer 8 object event handler use after free exploit att...
RuleID : 17768 - Revision : 15 - Type : BROWSER-IE
2014-01-10 Microsoft Internet Explorer 8 tostaticHTML CSS import vulnerability
RuleID : 17767 - Revision : 15 - Type : BROWSER-IE
2014-01-10 Microsoft Internet Explorer 8 XSS in toStaticHTML API attempt
RuleID : 17766 - Revision : 15 - Type : BROWSER-IE
2014-01-10 OpenType Font file parsing buffer overflow attempt
RuleID : 17765 - Revision : 6 - Type : OS-WINDOWS
2014-01-10 Microsoft Office Excel PtgName invalid index exploit attempt
RuleID : 17764 - Revision : 19 - Type : FILE-OFFICE
2014-01-10 Microsoft Office Excel GhostRw record exploit attempt
RuleID : 17763 - Revision : 12 - Type : FILE-OFFICE
2014-01-10 Microsoft Excel corrupted TABLE record clean up exploit attempt
RuleID : 17762 - Revision : 12 - Type : FILE-OFFICE
2014-01-10 Microsoft Office Excel RealTimeData record exploit attempt
RuleID : 17760 - Revision : 18 - Type : FILE-OFFICE
2014-01-10 Microsoft Office Excel invalid SerAr object exploit attempt
RuleID : 17759 - Revision : 19 - Type : FILE-OFFICE
2014-01-10 Microsoft Office Excel PtgExtraArray data parsing vulnerability exploit attempt
RuleID : 17758 - Revision : 18 - Type : FILE-OFFICE
2014-01-10 Microsoft Office Excel CrErr record integer overflow attempt
RuleID : 17757 - Revision : 16 - Type : FILE-OFFICE
2014-01-10 Microsoft Office Word XP PLFLSInTableStream heap overflow attempt
RuleID : 17756 - Revision : 16 - Type : FILE-OFFICE
2014-01-10 Microsoft Office Word unchecked index value remote code execution attempt
RuleID : 17755 - Revision : 14 - Type : FILE-OFFICE
2014-01-10 Microsoft Office Word bookmark bound check remote code execution attempt
RuleID : 17754 - Revision : 13 - Type : FILE-OFFICE
2014-01-10 Microsoft Windows Media Player network sharing service RTSP code execution at...
RuleID : 17753 - Revision : 15 - Type : FILE-MULTIMEDIA
2014-01-10 OpenType Font file parsing denial of service attempt
RuleID : 17752 - Revision : 11 - Type : FILE-OTHER
2014-01-10 Microsoft IIS 7.5 client verify null pointer attempt
RuleID : 17750 - Revision : 15 - Type : SERVER-IIS
2014-01-10 Microsoft Internet Explorer compressed HDMX font processing integer overflow ...
RuleID : 17747 - Revision : 16 - Type : BROWSER-IE

Nessus® Vulnerability Scanner

Date Description
2010-10-20 Name : An application installed on the remote Mac OS X host is affected by multiple ...
File : macosx_ms_office_oct2010.nasl - Type : ACT_GATHER_INFO
2010-10-18 Name : The remote host is affected by multiple cross-site scripting vulnerabilities.
File : safehtml_ms10_072.nasl - Type : ACT_GATHER_INFO
2010-10-13 Name : The remote Windows host has a denial of service vulnerability.
File : smb_nt_ms10-085.nasl - Type : ACT_GATHER_INFO
2010-10-13 Name : Arbitrary code can be executed on the remote host through its LRPC facility.
File : smb_nt_ms10-084.nasl - Type : ACT_GATHER_INFO
2010-10-13 Name : The remote windows host is affected by a remote code execution vulnerability.
File : smb_nt_ms10-083.nasl - Type : ACT_GATHER_INFO
2010-10-13 Name : The remote Windows host has a media player that is affected by a code executi...
File : smb_nt_ms10-082.nasl - Type : ACT_GATHER_INFO
2010-10-13 Name : A library on the remote Windows host has a buffer overflow vulnerability.
File : smb_nt_ms10-081.nasl - Type : ACT_GATHER_INFO
2010-10-13 Name : Arbitrary code can be executed on the remote host through Microsoft Office Ex...
File : smb_nt_ms10-080.nasl - Type : ACT_GATHER_INFO
2010-10-13 Name : Arbitrary code can be executed on the remote host through Microsoft Word.
File : smb_nt_ms10-079.nasl - Type : ACT_GATHER_INFO
2010-10-13 Name : The remote Windows host contains a font driver that allows privilege escalation.
File : smb_nt_ms10-078.nasl - Type : ACT_GATHER_INFO
2010-10-13 Name : The version of the .NET Framework installed on the remote host allows arbitra...
File : smb_nt_ms10-077.nasl - Type : ACT_GATHER_INFO
2010-10-13 Name : It is possible to execute arbitrary code on the remote Windows host using the...
File : smb_nt_ms10-076.nasl - Type : ACT_GATHER_INFO
2010-10-13 Name : It is possible to execute arbitrary code on the remote Windows host using the...
File : smb_nt_ms10-075.nasl - Type : ACT_GATHER_INFO
2010-10-13 Name : The Windows kernel is affected by multiple vulnerabilities that could allow e...
File : smb_nt_ms10-073.nasl - Type : ACT_GATHER_INFO
2010-10-13 Name : The remote host is affected by multiple cross-site scripting vulnerabilities.
File : smb_nt_ms10-072.nasl - Type : ACT_GATHER_INFO
2010-10-13 Name : Arbitrary code can be executed on the remote host through a web browser.
File : smb_nt_ms10-071.nasl - Type : ACT_GATHER_INFO
2010-06-09 Name : Arbitrary code can be executed on the remote host through opening a Microsoft...
File : smb_nt_ms10-036.nasl - Type : ACT_GATHER_INFO