| 7! | Microsoft Internet Explorer multiple security vulnerabilities
updated since 12.04.2013
|
 | | Use-after-free vulnerabilities. |
| | Microsoft Internet Explorer DoS
|
| | Crash on recursive CSS inclusion. |
| | Microsoft Active Directory DoS
|
| | Memory exhaustion. |
| 7! | Microsoft Windows multiple security vulnerabilities
|
| | Multiple privilege escalations in kernel, CSRSS and drivers. |
| 7! | Microsoft Remote Desktop Connection Client ActiveX code execution
|
| | Use-after-free in ActiveX |
| 7! | Microsoft Internet Explorer multiple security vulnerabilities
updated since 13.03.2013
|
| | Multiple use-after-free vulnerabilities. |
| | Microsoft Windows USB devices privilege escalation
updated since 13.03.2013
|
| | Few different vulnerabilities on USB device plugging with ability of code execution. |
| 8! | Microsoft Windows multiple security vulnerabilities
updated since 14.02.2013
|
| | Quartz.dll memory corruption, .Net privilege escalation, multiple kernel race conditions, CSRSS privilege escalation, TCP/IP DoS. |
| 8! | Microsoft Internet Explorer multiple security vulnerabilities
|
| | Information leakage, multiple use-after-free vulnerabilities, VML memory corruption. |
| 8! | Microsoft Internet Explorer use-after-free vulnerabilities
|
| | Use-after-free vulnerability in CButton is actively used in-the-wild. |
| 8! | Microsoft Windows multiple security vulnerabilities
|
| | Print spooler service code execution, XML library integer overflow and memory corruption, multiple .Net vulnerabilities, Win32K privilege escalation SSL/TLS library protection bypass, Open Data Protocol DoS. |
| | Microsoft Internet Explorer stack overflow
|
| | Stack overrun on malformed tags sequence. |
| 9! | Microsoft Windows multiple security vulnerabilities
|
| | Buffer overflow on OpenType and TrueType fonts parsing, memory corruption on filname handling, DirectPlay buffer overflow, DirectAccess IP-HTTPS insufficient certificate check. |
| 7! | Microsoft Internet Explorer multiple security vulnerabilities
|
| | Few use-after-free vulnerabilities. |
| | Internet Explorer information leakage
|
| | Page can track any mouse movements, even behind the page. |
| 6! | Microsoft Internet Explorer 7 memory corruption
|
| | Memory corruption on redirection to data: uri containing some tags. |
| | Microsoft Internet Information Services security vulnerabilities
|
| | log files information leakage, FTP STARTTLS session command injection. |
| 8! | Microsoft Windows security vulnerabilities
|
| | Windows Briefacese integer overflows, .Net protection bypass, information leakage and code execution, kernel drivers privilege escalations. |
| 7! | Microsoft Internet Explorer multiple security vulnerabilities
|
| | Few different use-after-free vulnerabilities. |
| 9! | Microsoft Internet Explorer memory corruption
updated since 19.09.2012
|
| | Use-after-free vulnereability is actively used in-the-wild to install malware. |
| 7! | Microsoft Windows kernel integer overflow
|
| | Kernel integer overflow leads to privilege escalation. |
| 9! | Microsoft Windows multiple security vulnerabilities
updated since 11.07.2012
|
| | Microsoft XML Services memory corruption, ADO memory corruption, kernel drivers vulnerabilities, Window Shell command injection, TLS vulnerabilities |
| 8! | Microsoft Internet Explorer multiple security vulnerabilities
|
| | Memory corruptions, integer overflow, function pointer corruption. |
| 9! | Microsoft Windows multiple security vulnerabilities
updated since 09.05.2012
|
| | TCP/IP privilege escalation, partition manager privilege escalation, multiple security vulnerabililities in .Net, Silverlight, font management, GDI+, window components, etc. |
| 9! | Microsoft Internet Explorer multiple security vulnerabilities
updated since 13.06.2012
|
| | Multiple memory corruptions, code executions, information leakage. |
| 6! | Microsoft IIS protection bypass
|
| | Password protection bypass, script files content access. |
| 8! | Microsoft Remote Desktop memory corruption
|
| | Memory corruption on RDP packets processing. |
| | Opera / Mozilla / Internet Explorer DoS
updated since 12.02.2010
|
| | Large number of nested tags leads to buffer overflow. |
| 7! | Microsoft Windows multiple security vulnerabilities
updated since 11.04.2012
|
| | MSCOMCTL.ocx code execution, .Net code execution, WinVerifyTrust digital signature validation vulnerability |
| 8! | Microsoft Internet Explorer multiple security vulnerabilities
updated since 11.04.2012
|
| | Multple vulnerabilities allow remote code execution. |
| 9! | Microsoft .Net multiple security vulnerabilities
updated since 02.01.2012
|
| | DoS, multiple vulnerabilities in forms authentication. |
| 8! | Microsoft Windows multiple security vulnerabilities
|
| | Kernel drivers privileges escalation, DirectWrite API DoS, RDP memory corruption and DoS. |
| 9! | Microsoft Windows multiple security vulnerabilities
updated since 15.02.2012
|
| | GDI code execution, drivers privilege escalation, unsafe DLL loading, C Runtime code execution, .Net framework and Silverlight vulnerabilities. |
| 8! | Microsoft Internet Explorer multiple security vulnerabilities
updated since 15.02.2012
|
| | Code execution, information leakage. |
| 7! | Microsoft Windows multiple security vulnerabilities
updated since 11.01.2012
|
| | SafeSEH protection bypass, Windows Object Packager code execution, CSRSS privilege escalation, DirectShow / Windows Media memory corruption, Windows Packager code execution, SSL/TLS information leakage. |
| 6! | Microsoft Internet Explorer multiple security vulnerabilities
updated since 15.12.2011
|
| | Information leakage, insecure library loading. |
| 9! | Microsoft Windows multiple security vulnerabilities
updated since 15.12.2011
|
| | Buffer overflow on TTF fonts parsing, OLE objects memory corruption, CSRSS and kernel privilege escalations, ActiveX code execution. |
| 6! | Microsoft Windows multiple applications DLL hijacking
updated since 26.08.2010
|
| | If application is launched via file type association, current path is set to the path file is located, making it's possible to place DLLs application tries to load dynamically into same directory. |
| | Microsoft Windows Media memory corruption
|
| | Memory corruption on .dvr-ms files parsing. |
| 10! | Microsoft Windows kernel UDP processing integer overflow
|
| | Integer overflow leads to code execution via the flow of UDP packets to closed port. |
| 8! | Microsoft Internet Explorer multiple security vulnerabilities
updated since 12.10.2011
|
| | Multiple memory corruptions with code execution. |
| 6! | Microsoft .Net / Silverlight code execution
|
| | It's possible to escape from sandbox. |
| 7! | Microsoft Windows multiple security vulnerabilities
|
| | Active Accessibility and Media Center insecure DLL loading |
| 6! | DigiNotar fraudulent certificates
updated since 01.09.2011
|
| | Well known domain names certificates were issued to untrusted party. |
| 8! | Microsoft Windows multiple security vulnerabilities
|
| | NDISTAPI service and CSRSS privilege escalations, kernel DoS, TCP/IP DoS, RDP DoS, .Net information disclosure. |
| 9! | Microsoft Internet Explorer multiple security vulnerabilities
|
| | Multiple memory corruptions, crossite data access, code execution. |
| 9! | Microsoft Internet Explorer multiple security vulnerabilities
updated since 15.06.2011
|
| | mhtml handler cross application scripting, VML processor memory corruption, multiple internet explorer memory corruptions, information leakage. |
| 7! | Microsoft Windows multiple security vulnerabilities
|
| | Uninitialized memory reference in Bluetooth stack, multiple memory handling vulnerabilities in Windows kernel, multiple privilege escalations in CSRSS. |
| 8! | Microsoft Windows multiple security vulnerabilities
updated since 15.06.2011
|
| | Buffer overflow on WMF files parsing. Uninitialized pointers on OTF parsing. DFS memory corruptions. SMB client and server memory corruptions. afd.sys privilege escalation. |
| 8! | Microsoft .Net Framework multiple security vulnerabilities
|
| | Array index overflow, JIT compiler code execution. |
| | Microsoft fixed SMB NTLM relay attacks
updated since 12.11.2008
|
| | Microsoft fixed NTLM proxing vulnerability: credentials used for one services could be forwardedto different one. Attack is known for many years as NTLM weakness. |
| 9! | Microsoft Windows multiple security vulnerabilities
updated since 13.04.2011
|
| | SMB client and server memory corruption, Fax Cover Page Editor memory corruption, MFC library unsafe DLL loading, MHTML library information leak, GDI+ library integer overflow, DNS client memory corruption, memory corruption in .Net Framework, memory corruption in JScript / VBScript engines, stack overflow in OpenType fonts parsing, multiple drivers vulnerabilities. |
| 8! | Microsoft Internet Explorer multiple security vulnerabilities
updated since 13.04.2011
|
| | Multiple memory corruptions and information leaks. |
| | Multiple systems ICMPv6 flood DoS
|
| | router announcement packets flood resourceds exhaustion |
| | Windows help system buffer overflow
|
| | Buffer overflow on CHM files parsing. |
| 6! | Multiple ActiveX components security vulnerabilities
|
| | kill bit update for multiple components of different vendors. |
| 6! | Microsoft Windows multiple security vulnerabilities
|
| | Unsafe library loading, code execution with .dvr-ms files. |
| 6! | Microsoft Windows application policy bypass
|
| | It's possible to bypass application restriction policy by directly loading code into suspended process' memory via e.g. Microsoft Word macro. |
| 8! | Microsoft Windows multiple security vulnerabilities
updated since 08.02.2011
|
| | Buffer overflow in shell on thumbnail parsing, memory corruption on OpenType Compact Font Format parsing, privilege escalation via CSRSS, LSA, kernel and different drivers, Kerberos server spoofing, JScript/VBScript memory content leak. |
| 8! | Microsoft Internet Explorer multiple security vulnerabilities
updated since 08.02.2011
|
| | Multiple memory corruptions, unsafe DLL loading. |
| 9! | Microsoft IIS FTP Server buffer overflow
|
| | Heap buffer overflow. |
| | Microsoft Fax Cover Page Editor double free vulnerability
|
| | Double free vulnerability on .cov files parsing. |
| | Microsoft Windows backup manager insecure DLL loading
|
| | insecure DLL loading on .wbcat file opening. |
| | Microsoft ADO security vulnerabilities
|
| | Buffer overflow, memory corruption. |
| 9! | Microsoft Internet Explorer multiple security vulnerabilities
updated since 15.12.2010
|
| | Crossite data access, multiple memory corruptions. |
| 9! | Microsoft Windows multiple security vulnerabilities
|
| | OpenType Font parsing memory corruption, task scheduler privilege escalation, usafe DLL loading, multiple kernel vulnerabilities, Consent User Interface privilege escalation, Netlogon DoS. |
| | Microsoft Windows hidden administrative group membership
|
| | It's possible to include user's account into administrative group without direct group membership. |
| 6! | Microsoft Windows Wordpad / Windows Shell code execution
|
| | Code execution via embedded COM object. |
| | Windows Media Player memory corruption
|
| | Memory corruption if page with WMP ActiveX is reloaded. |
| 6! | Media Player Network Sharing memory corruption
|
| | Use-after-free vulneraebility on RTSP request parsing. |
| 6! | Microsoft Sharepoint SafeHTML crossite scripting
|
| | Few crossite scripting possibilities. |
| 9! | Microsoft Internet Explorer multiple security vulnerabilities
|
| | Multiple memory corruptions, cross domain information disclosure. |
| 9! | Microsoft Windows multiple security vulnerabilities
|
| | Multiple privilege escalation with different drivers. MFC buffer overflow. EOT and OTF fonts memory corruptions and integer overflow. comctl32 buffer overflow. LPC buffer overflow. SChannel DoS. |
| 9! | Microsoft Internet Information Services multiple security vulnerabilities
|
| | Authentication bypass, buffer overflow, DoS. |
| 9! | Microsoft Windows multiple security vulnerabilities
updated since 15.09.2010
|
| | Privilege escalation and code execution in spooler services,memory corruption in MPEG-4 codec, memroy corruption in RPC, privilege escalation in LSA, privilege escalation in CSRSS subsystem, WordPad memory corruption. |
| | Multiple browsers certificates validation weakness
|
| | Wildmasks in certificates issued to IP address are enabled. |
| 6! | Microsoft Windows Kerberos tickets spoofing
|
| | It's possible to logon with any account by manipulating network traffic. |
| 7! | Microsoft .Net and Silverlight security vulnerabilities
|
| | Memory corruption, code execution. |
| | Microsoft Windows Tracing Feature for Services security vulnerabilities
|
| | Weak permissions on registry keys, buffer overflow on registry keys reading. |
| 6! | Microsoft Windows TCP/IP stack security vulnerabilities
|
| | DoS, privilege escalation. |
| | Microsoft Windows Cinepak codec memory corruption
|
| | Memory corruption on data decompression. |
| 7! | Microsoft Windows SMB/CIFS service multiple security vulnerabilities
|
| | Buffer overflow, privilege escalation, DoS. |
| 9! | Microsoft Internet Explorer multiple security vulnerabilities
|
| | Multiple memory corruptions, crossite access. |
| 8! | Microsoft XML Core Services memory corruption
|
| | Memory corruption on server's response pasrsing in XMLHTTP. |
| | Microsoft Windows MovieMaker memory corruption
|
| | Memory corruption on project file parsing. |
| 6! | Microsoft Windows kernel multiple security vulnerabilities
updated since 10.08.2010
|
| | Memory corruptions, privilege escalations, DoS. |
| 6! | Microsoft Windows shortcuts code execution
|
| | Code execution on shortcut icon displaying. |
| | Microsoft ClickOnce technology insufficient security
|
| | Installation of unsigned elements is allowed. |
| | Microsoft Windows CHM files protection bypass
|
| | It's possible to bypass CHM file locking protection for file downloaded from Internet. |
| 6! | Microsoft Windows win32k privilege escalation
updated since 08.06.2010
|
| | Multiple memory corruptions. |
| 6! | Microsoft .Net XML signing protection bypass
|
| | Only part of signature is compared in case of incomplete HMAC. |
| 6! | Microsoft Windows OpenType Compact Font Format driver memory corruption
|
| | Memory corruption on IOCTL processing. |
| | Microsoft IIS memory corruption
|
| | Memory corruption if Extended Protection for Authentication is enabled. |
| 7! | Code execution with multiple ActiveX components in Microsoft Windows
updated since 08.06.2010 |
| | | |
| 7! | Microsoft Windows media files parsing memroy corruption
|
| | Memory corruption on JPEG / MJPEG parsing. |
| 8! | Microsoft Internet Explorer multiple security vulnerabilities
|
| | Crossite scripting, information leakage, multiple memory corruptions. |
| | Multiple browsers DoS
updated since 20.05.2010
|
| | Mail program compose message window is created for avery frame with mailto:, news:, nntp:, etc URI. |
| | Microsoft Internet Explorer information leak
|
| | It's possible to access external UNC location via ICMFilter option, leaking authentication information. |
| | Microsoft Windows Mail / Outlook Express integer overflow
|
| | Integer overflow on POP3 or IMAP server reply parsing. |
| | Microsoft Internet Explorer, Google Chrome, Opera and Mozilla Firefox DoS
|
| | Large buffer within <marquee> tag causes browser to crash. |
| | Microsoft Windows ISATAP IPv6 address spoofing
|
| | Insufficient check for tunneling address. |
| 7! | Microsoft Windows MP3 codec buffer overflow
|
| | Buffer overflow on AVI files with MP3 audio stream. |
| 7! | Microsoft SMB client multiple security vulnerabilities
updated since 10.02.2010
|
| | Memory corruptions, race conditions. |
| 6! | Microsoft Windows kernel multiple privilege escalations
|
| | Multiple DoS conditions, race conditions, memory corruptions. |
| 8! | Microsoft Windows file signature spoofing
|
| | Signature spoofing in PE and CAB files. |
| 9! | Microsoft Internet Explorer multiple security vulnerabilities
updated since 31.03.2010
|
| | Multiple security vulnerability are used in-the-wild for hiddden malware installation. |
| 8! | Microsoft Internet Explorer memory corruption
|
| | Memory corruption on XML/HTML processing. |
| | Microsoft Movie Maker buffer overflow
|
| | Buffer overflow on .MSWMM files parsing. |
| 6! | Microsoft Windows kernel privilege escalation
|
| | Double free() vulnerability, exception handler vulnerability. |
| 6! | Microsoft DirectShow buffer overflow
|
| | Buffer overflow on AVI parsing. |
| 7! | Microsoft Windows SMB server multiple security vulnerabilities
|
| | Memory corruptions, buffer overflow, DoS conditions, cryptography weakness. |
| 7! | Microsoft Data Analyzer ActiveX Control memory corruption |
| | | |
| 9! | Microsoft Windows TCP/IP and TCP/IPv6 multiple security vulnerabilities
updated since 09.02.2010
|
| | Multiple memory corruptions in ICMPv6, IPSec, TCP implementations. |
| 8! | Microsoft Internet Explorer information leak
|
| | It's possible to retrieve any file from client computer via URLMON and Dynamic OBJECT tag. |
| 9! | Internet Explorer memory corruption
updated since 22.11.2009
|
| | Memory corruption then setting outerHTML from body style. |
| 8! | Microsoft Internet Explorer Multiple security vulnerabilities
updated since 19.01.2010
|
| | 0-day use-after-free vulnerability on createEventObject processing: <body onload="for(var i=0; i!=10000; i++) ev.srcElement">
<img src=. onerror="ev=createEventObject(event); outerHTML++">,
Multiple memory corruptions.
|
| 8! | Microsoft Windows Embedded OpenType (EOT) Fonts multiple security vulnerabilities
updated since 14.07.2009
|
| | Integer overflows, heap buffer overflows. |
| 6! | Microsoft IIS protection bypass
|
| | It's possible to bypass 3rd party upload protection by file extension, because part of filename after semicolon is ingored then detecting file type. E.g. script.asp;.jpg is treated by web server as ASP file. |
| 9! | Microsoft Internet Explorer multiple security vulnerabilities
updated since 09.12.2009
|
| | Multiple memory corruptions, code execution. |
| 7! | Microsoft Internet Authentication Service multiple security vulnerabilities
|
| | MS-CHAP authentication bypass, memory corruption. |
| 9! | Multiple TCP implementations different security vulnerabilities
updated since 09.09.2009
|
| | Multiple security vulnerabilities in different operation sustems caused by resource exhaustions on maintaining TCP states table. |
| 8! | Microsoft Windows GDI code execution
|
| | Memory corruption on EOT (Embedded Open Type) font parsing, privilege escalation, DoS. |
| 8! | Web Services on Devices Application Programming Interface API memory corruption
|
| | Memory corruption on WSD (TCP/5357, TCP/5358, UDP/3702) network packet parsing. |
| | Microsoft Internet Explorer DoS
|
| | Unremovable dialog with cycled setHomePage. |
| | Microsoft Windows Media Player information leak
|
| | Windows Media Player plugin allows to detect local file existance. |
| 6! | Microsoft Windows kernel multiple security vulnerabilities
updated since 13.10.2009
|
| | Integer overflow, NULL pointer dereference, exception handler vulnerability. |
| 7! | Microsoft Internet Explorer multiple security vulnerabilities
updated since 13.10.2009
|
| | Multiple memory corruptions. |
| 6! | Microsoft Windows Media Runtime multiple security vulnerabilities
updated since 13.10.2009
|
| | Buffer overflows, memory corruptions. |
| 8! | Microsoft .Net multiple security vulnerabilities
|
| | Multiple vulnerabilities allow escape from sandbox environment. |
| 8! | Microsoft GDI+ multiple security vulnerabilities
|
| | Multiple vulnerabilities on WMF, PNG, TIFF, BMP parsing. |
| 9! | Microsoft Active Template Library (ATL) multiple security vulnerabilities
updated since 29.07.2009
|
| | Memory corruptions, information leak, initialization problem, leading to killbit protection bypass. |
| 8! | Microsoft Windows IIS FTP server buffer overflow
updated since 31.08.2009
|
| | Buffer overflow in NLST command. Same vulnerability may be used for stack overflow (stack memory exhaustion) without need fo write access. |
| 6! | Microsoft CryptoAPI certificate spoofing
|
| | Certificate name spoofing with NULL byte. |
| 9! | Microsoft Windows (including Windows 7) SMB2 array index overflow
updated since 08.09.2009
|
| | Crash on SMB2 protocol NEGOTIATE PROTOCOL REQUEST SMB request parsing |
| 6! | Microsoft Windows LSA DoS
|
| | Crash on NTLM authentication parsing. |
| 8! | Microsoft Windows Wireless LAN AutoConfig service buffer overflow
|
| | Buffer overflow on access point frame parsing. |
| 8! | Microsoft Windows JavaScript engine memory corruption
|
| | Memory corruption on "arguments" keyword parsing. |
| 6! | Microsoft Windows MSMQ (message queuing) privilege escalation
updated since 11.08.2009
|
| | DoS conditions in the service lead to named channel spoofing possibility. |
| 7! | Microsoft RDP client multiple security vulnerabilities
updated since 11.08.2009
|
| | Memory corruption in ActiveX control, memory corruption on server reply processing. |
| 6! | Microsoft Windows Workstation service memory corruption
updated since 11.08.2009
|
| | Memory corruption on RPC message parsing. |
| 8! | Microsoft Windows media files processing memory corruption
|
| | Memory corruptions and integer overflows on AVI processing. |
| 6! | Microsoft ASP.NET DoS |
| | | |
| | Microsoft telnet NTLM relaying
|
| | NTLM relaying attack against telnet client authentication is possible. |
| 8! | Microsoft Internet Explorer multiple security vulnerabilities
updated since 29.07.2009
|
| | Multiple memory corruptions, workaround for ATL vulnerability added. |
| | Multiple browsers DoS
updated since 16.07.2009
|
| | select() method doesn't limie the number of selected elements, leading to resources exhaustion. |
| | Multiple browsers DoS
|
| | Crash or resources exhaustion on oversized unicode string operations via Javascript. |
| | Mozilla Firefox / Microsoft Internet Explorer / Opera /Google Chrome DoS
updated since 26.05.2009
|
| | Hang on circle with large radius value in SVG tags. Hang and memory leak on reload with keygen tag. |
| 8! | Windows print spooler multiple security vulnerabilities
updated since 10.06.2009
|
| | Buffer overflow, unauthorized files access, privilege escalation with dynamic library loading. |
| 8! | Microsoft Internet Explorer multiple security vulnerabilities
updated since 09.06.2009
|
| | Crossite data access, multiple memory corruptions. |
| 6! | Microsoft Windows kernel multiple privilege escalation
|
| | Multiple vulnerabilities in different subsystems. |
| | Browsers and search systems URL spoofing
updated since 27.04.2009
|
| | By using %xx in host name it's possible to spoof URL origin. |
| 8! | Microsoft Internet Explorer multiple security vulnerabilities
updated since 15.04.2009
|
| | Code exexuction, multiple memory corruptions, NTLM relaying. |
| 6! | Microsoft Windows WinHTTP servive multiple security vulnerabilities
|
| | Integer overflow, certificate spoofing, NTLM relaying. |
| 6! | Microsoft Windows privilege escalation
|
| | Privilege escalation with MSDTC, WMI, RPCSS, Windows Thread Pool services. |
| | Microsoft Internet Explorer DoS
|
| | Browser hangs while trying to determine charset of the text document with large number of random characters. |
| 10! | Microsoft Windows kernel multiple security vulnerabilities
|
| | Multiple security vulnerabilities allow code execution via EMF/WMF files. |
| | libc fts_* functions vulnerabilities
|
| | Invalid exceptional conditions processing on long path. |
| | Multiple browsers inherited charset crossite scripting
updated since 25.02.2007
|
| | If [age with undefined charset is displayed in frame, codepage of parent page is used. It makes it possible to conduct crossite scripting attack with e.g. UTF-7, EUC-JP (SHIFT_JIS) charset. |
| | Google Chrome, Mozilla Firefox, Opera, Internet Explorer browsers DoS
updated since 30.09.2008
|
| | Calling window.print() function in loop causes browser to hang. Uncontrollable memory allocation. Script can close window without user approval. |
| 6! | Microsoft Internet Explorer multiple security vulnerabilities
|
| | Few memory corruptions. |
| | Microsoft Windows fails to disable autorun
|
| | None of documented methods to disable autorun does it completely. This way of distribution is actively used by malware. CERT advises to add next record into registry (@ means default value for key).
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\Autorun.inf]
@="@SYS:DoesNotExist"
|
| 9! | Microsoft Windows SMB multiple security vulnerabilities
updated since 13.01.2009
|
| | Buffer overflows and DoS conditions. |
| | Microsoft Internet Explorer DoS
|
| | Crash on recursive script creation with createElement(). |
| 9! | Microsoft Internet Explorer multiple security vulnerabilities
updated since 10.12.2008
|
| | Multiple memory corruptions. |
| 9! | Microsoft Windows Media Player buffer overflow
|
| | Buffer overflow on WAV parsing |
| | Mozilla Firefox, Microsoft Internet Explorer, Opera and Google Chrome DoS
|
| | Printing <irame> in endless loop from javascript causes resources exhaustion and leads to browser hang. |
| 9! | Microsoft Windows Media Player integer overflow
|
| | Integer overflow on WAV parsing. |
| 10! | Microsoft Internet Explorer memory corruption
|
| | Memory corruption leads to code execution. Vulnerability is used in-the-wild for hidden malware installation. |
| | Microsoft Windows Media Player multiple security vulnerabilities
|
| | NTLM credentials leak and relaying. |
| 8! | Microsoft Windows GDI library multiple security vulnerabilities
|
| | Buffer overflow and integer overflow on WMF parsing. |
| 8! | Microsoft Windows Search multiple security vulnerabilities
|
| | Code execution with saved search results and with search-ms: URI. |
| | Microsoft Windows Vista memory corruption
|
| | Kernel memory corruption on CreateIpForwardEntry2 call processing. |
| | Internet Explorer, Opera, Google Chrome, Mozilla browsers DoS
updated since 03.10.2008
|
| | window.close() в цикле на событие OnLoad() приводит к зависанию браузера. Multiple resource exhaustion attacks with Javascript. |
| 7! | Microsoft XML multiple security vulnerabilities
|
| | Memory corruption, crossite scripting, information leak. |
| | Microsoft Windows UnhookWindowsHookEx() DoS
|
| | Race conditions on UnhookWindowsHookEx() call during active desktop switichin cause system to hang or crash. |
| 10! | Microsoft Windows code execution
updated since 24.10.2008
|
| | It's possible toexecute code without authentication with RPC request UUID 4b324fc8-1670-01d3-1278-5a47bf6ee188 to browser service via SERVER (LanmanServer) service, TCP/139, TCP/445.
Reccomendation is to disable browser service. |
| 7! | Microsoft Internet Explorer multiple security vulnerabilities
updated since 14.10.2008
|
| | Memory corruptions, information hijack, crossite scripting. |
| 7! | Microsoft Windows Virtual Address Descriptor manipulation privilege escalation
|
| | Integer overflow leads to memory corruption. |
| 8! | Microsoft Windows SMB buffer overflow
|
| | Buffer overflow on SMB protocol parsing. |
| | Microsoft Windows Internet Printing Service integer overflow
|
| | Integer overflow after authentication. |
| | Microsoft Windows kernel multiple security vulnerabilities
|
| | Double free() vulnerability and memory corruptions. |
| | Windows kernel integer overflow
|
| | Integer overflow in IopfCompleteRequest function. |
| | Microsoft Internet Explorer DoS
|
| | Browser hangs on malcrafted PNG image. |
| | Mozilla Firefox / Opera / Microsoft Internet Explorer browsers DoS
|
| | window.sidebar.addPanel() in the loop causes browser to hang. |
| | Microsoft Windows DoS
|
| | Uninitialized memory reference on WRITE_ANDX SMB request handling. |
| 7! | Microsoft Windows Media Encoder ActiveX code execution
|
| | Control supports unsafe methods. |
| 6! | Microsoft Windows Media Player memory corruption
|
| | Server-Side playlists parsing memory corruption. |
| 8! | Microsoft Windows GDI library multiple security vulnerabilities
|
| | Multiple vulnerabilities on different graphics format parsing. |
| 7! | Microsoft .Net framework multiple security vulnerabilities
updated since 10.07.2007
|
| | Buffer overflow on PE .Net format parsing, buffer overflow in KIT compiler, remote information leak in ASP.NET with poisoned NULL byte. |
| 8! | Microsoft Internet Explorer multiple security vulnerabilities
updated since 12.08.2008
|
| | Multiple memory corruptions, MHTML crossite scripting. |
| 6! | Microsoft Windows privilege escalation
|
| | Invalid event handling allows code execution in system context. |
| | Microsoft Windows IPSec policies vulnerability
|
| | Under certain conditions rules are not applied after Windows 2003 domain is migrated to Windows 2008. |
| 6! | Microsoft Windows DNS server and DNS client DNS reply spoofing
updated since 14.11.2007
|
| | Weak pseudo-random generator is used to generate DNS request ID. |
| 7! | Microsoft Windows Explorercode execution
|
| | Problem while parsing saved search files .search-ms. |
| 6! | Microsoft Windows PGM DoS
|
| | Infinite loop on PGM packet parsing. |
| | Microsoft Vista speech recognition unauthorized access
updated since 03.02.2007
|
| | Speech recognition may be used as an attack vector against client computer with e.h. HTML page with embedded sound. |
| 6! | Microsoft Wndows Bluetooth stack code execution
|
| | The Windows Bluetooth Stack does not correctly handle a large number of SDP requests. |
| 7! | Microsoft DirectX code execution
|
| | MJPEG format AVI and ASF files parsing vulnerability, SAMI files parsing vulnerability. |
| 6! | Microsoft Internet Explorer multiple security vulnerabilities
|
| | Crossite scripting, information leak. |
| 6! | Microsoft Windows Realtek HD Audio privilege escalation
|
| | Multiple security vulnerabilities on IOCTL processing. |
| | Microsoft Windows privilege escalation
|
| | By using RPCSS service it's possible to elevate privileges from NetworkService to SYSTEM. |
| 6! | Microsoft Internet Explorer memory corruption
updated since 08.04.2008
|
| | Memory corruption on datasream processing. |
| 8! | Microsoft Windows multiple ActiveX elements security update
updated since 08.04.2008
|
| | Code execution in hxvz.dll. |
| 9! | Microsoft Windows GDI multiple security vulnerabilities
updated since 08.04.2008
|
| | Multiple buffer overflows on EMF and WMF files parsing. |
| 6! | Microsoft Windows privilege escalation
|
| | Code execution in kernel context. |
| | Microsoft Internet Explorer / mozilla Firefox address spoofing |
| | | |
| 6! | Microsoft Internet Explorer 7 request modification
|
| | Headers manipulation and invalid chunked encoding processing allow response splitting. |
| | Microsoft Internet Explorer 7.0 DoS
|
| | Crash on createtextrange method. |
| 8! | Microsoft Internet Explorer multiple security vulnerabilities
updated since 12.02.2008
|
| | Multiple memory corruptions. |
| 7! | Microsoft Windows OLE buffer overflow
|
| | Heap buffer overflow |
| 6! | Microsoft Internet Information Services privilege escalation
|
| | Privilege escalation through file change notification. ASP files processing privilege escalation. |
| 7! | Microsoft Windows Web Client service buffer overflow
|
| | Buffer overflow on WebDAV server response parsing. |
| | Microsoft Windows Vista DoS
|
| | Crash on DHCP server response parsing. |
| 6! | Microsoft Windows Vista / XP / 2000 audio drivers privilege escalation
|
| | Ensoniq PCI 1371 WDM audio driver privilege escalation. |
| 8! | Microsoft Internet Explorer multiple security vulnerabilities
updated since 12.12.2007
|
| | Multiple memory corruptions. |
| 8! | Microsoft Windows DirectX multiple security vulnerabilities
updated since 12.12.2007
|
| | Synchronized Accessible Media Interchange (SAMI), WAV and AVI. |
| 6! | Microsoft Windows Vista SMBv2 packets signature bypass
|
| | Invalid implementation of digital signing. |
| 6! | 3ivx MP4 codec buffer overflow
|
| | Buffer overflow on MP4 tags parsing. |
| | Microsoft Jet Engine MDB files parsing buffer overflow
|
| | Buffer overflow on MDB file access. |
| 7! | Microsoft Windows URL code execution
|
| | Invalid handling of %xx sequences on external URL handlers in Windows XP with Internet Explorer 7 installed allows to execute applications. |
| 6! | Microsoft Windows RPC DoS
updated since 10.10.2007
|
| | Denial of Service during authentication in RPC-based services. |
| 6! | Microsoft Internet Explorer multiple security vulnerabilities
|
| | Memory corruption, address bar spoofing. |
| 8! | Microsoft Outlook Express / Windows Mail NNTP buffer overflow
|
| | Heap memory overflow on NNTP server reply parsing. |
| | Microsoft Windows Explorer PNG DoS
|
| | Infinite loop on invalid PNG file parsing. |
| | Microsoft Windows Services for UNIX privilege escalation
|
| | Invalid suid files handling. |
| 9! | Microsoft Windows XML core services memory corruption
updated since 14.08.2007
|
| | Memory corruption on XML parsing. |
| 10! | Microsoft Internet Explorer multiple security vulnerabilities
updated since 14.08.2007
|
| | Memory corruption on ActiveX parsing, unsafe Visual Basic ActiveX execution, Visual Basic ActiveX memory corruption. |
| 10! | Microsoft Windows VML parsing buffer overflow
|
| | Heap buffer overflow on compressed VML content. |
| 6! | Microsoft Windows Media Player multiple security vulnerabilities
|
| | Multiple vulnerabilities on skin files parsing. |
| 7! | Microsoft Windows Vista gadgets code execution
|
| | Code eexcution with "Contacts" and "Weather" gadgets. |
| | Microsoft Internet Explorer DoS
|
| | Line <style>*{position:relative}</style><table><input></table> causes brower to crash. |
| | Microsoft Windows ARP DoS
|
| | Flood with packets with different MACs causes CPU exaustion. |
| | Microsoft DirectX buffer overflow
|
| | Buffer overflow on compressed TGA images parsing. |
| 6! | Microsoft Internet Explorer 0-day vulnerability
updated since 10.07.2007
|
| | Unfiltered shell characters on executed URL: protocol application handler. |
| | Microsoft Internet Explorer content spoofing
|
| | It's possiblt to emulate navigation to different site by using document.open(), actually stayin in context of previous page. |
| 6! | Microsoft Windows Vista firewall filtering bypass with Toredo
|
| | Filtering tules are not applied to certein traffic types. |
| | Microsoft Internet Explorer DoS
|
| | Browser DoS on the page in domain with special characters. |
| 8! | Microsoft Outlook Express / Windows Mail multiple security vulnerabilities
updated since 12.06.2007
|
| | Multiple vulnerabilities on MHTML parsing. Code execution with UNC URLs. |
| 9! | Microsoft Internet Explorer multiple security vulnerabilities
updated since 12.06.2007
|
| | Multiple memory corruptions, content spoofing. |
| 6! | Microsoft Windows Vista weak security permissions
|
| | Weak permissions for files and registry entries. |
| | Microsoft Windows GDI+ library DoS
updated since 11.06.2007
|
| | Division by zero on .ICO files parsing. |
| | Microsoft Windows Vista application spoofing through links
|
| | It's possible to bypass privileged application execution by spoofing start menu shortcuts. |
| 9! | Microsoft Internet Explorer multiple security vulnerabilities
updated since 08.05.2007
|
| | Multiple memory corruption on COM objects and HTML parsing, files rewrite. |
| | Multiple browsers digest authentication request splitting
|
| | It's possible to inject new line characters to HTTP request headers thorugh username. |
| 7! | Microsoft Windows memory corruption
updated since 16.12.2006
|
| | CSRSS memory corruption on MessageBox with MB_SERVICE_NOTIFICATION beginning with "\??\". |
| 6! | Microsoft Windows Vista protected process protection bypass
|
| | It's possible to set or remove process protection. |
| 6! | Microsoft Vista IPv6 multiple security vulnerability
updated since 29.03.2007
|
| | Multiple DoS conditions and spoof possibilities. |
| 10! | Microsoft Windows animated cursors buffer overflow
updated since 30.03.2007
|
| | Stack buffer overflow (stack overrun) is actively used for hidden malware installation. |
| 9! | Microsoft Windows multiple GDI vulnerabilities |
| | | |
| 6! | Microsoft Vista ATI drivers vulnerability
|
| | Blue Screen of Death whiel displaying images. |
| | Microsoft Windows Vista Internet Explorer applications execution
|
| | By clicking the link to the local file with the same name as local folder, file is executed. |
| | Microsoft Windows mmioRead () multimedia function integer overflow
|
| | Integer overflow on negative parameter values. |
| | Microsoft Internet Explorer page content spoofing
|
| | Crossite scripting in res://ieframe.dll/navcancl.htm#http://www.site.com page allows to inject HTML code into page. |
| 6! | Microsoft Windows files and folders management problems
updated since 07.03.2007
|
| | During file operations conditions exist for attacker to gain access to content of protected or locked files. It's also possible to create unmanageble file. |
| | Multiple browsers information leaks
|
| | Server can find pages visited by user by using, e.g., different background pages for "visited" elements. |
| 6! | Multiple browsers OnUnload event handler different vulnerabilities
updated since 23.02.2007
|
| | Different memory corruptions because of race conditions in OnUnload handler. In addition address bar spoofing and creation of pages can not be left is possible. |
| 6! | Mozilla libnss multiple security vulnerabilities
updated since 25.02.2007
|
| | Buffer overflows and integer overflows in SSL2 client and server code implementation. |
| 6! | Microsoft Windows ReadDirectoryChangesW information leak
|
| | ReadDirectoryChangesW() API function doesn't check user's privileges for subtree folders, making it's possible for unprivileged user to gather information about sensitive files. |
| 7! | Microsoft Internet Explorer multiple security vulnerabilities
|
| | Memory corruptions on COM objects instantiation and FTP server response parsing can be used for hidden malware installation. |
| | Microsoft Internet Explorer / Mozilla Firefox user input hijacking
|
| | It's possible to hijack input focus by using OnKeyDown / OnKeyPress events. |
| 6! | Microsoft Windows XMLHTTP proxy problem
|
| | Because of insufficient request validation Msxml2.XMLHTTP ActiveX object can be used to proxy HTTML request via client browser. |
| | Microsoft Internet Explorer multiple ActiveX different paramters DoS
|
| | NULL pointer dereference. |
| 6! | Multiple browsers race conditions
updated since 18.08.2006
|
| | There are different race condition with threading synchronization on different concurrent events. |
| 6! | Multiple browsers DNS pinning protection bypass
|
| | By emulatin Web server failure it's possible to bypass DNS pinning protection (protection against changing IP address resolution by DNS name for crossite access) |
| | |
