| | Microsoft Movie Maker buffer overflow
|
 | | Buffer overflow on .MSWMM files parsing. |
| 9! | Microsoft Windows TCP/IP and TCP/IPv6 multiple security vulnerabilities
updated since 09.02.2010
|
| | Multiple memory corruptions in ICMPv6, IPSec, TCP implementations. |
| 6! | Microsoft SMB client multiple security vulnerabilities
|
| | Memory corruptions, race conditions. |
| 7! | Microsoft Data Analyzer ActiveX Control memory corruption |
| | | |
| 7! | Microsoft Windows SMB server multiple security vulnerabilities
|
| | Memory corruptions, buffer overflow, DoS conditions, cryptography weakness. |
| 6! | Microsoft DirectShow buffer overflow
|
| | Buffer overflow on AVI parsing. |
| 6! | Microsoft Windows kernel privilege escalation
|
| | Double free() vulnerability, exception handler vulnerability. |
| 8! | Microsoft Internet Explorer information leak
|
| | It's possible to retrieve any file from client computer via URLMON and Dynamic OBJECT tag. |
| 9! | Internet Explorer memory corruption
updated since 22.11.2009
|
| | Memory corruption then setting outerHTML from body style. |
| 8! | Microsoft Internet Explorer Multiple security vulnerabilities
updated since 19.01.2010
|
| | 0-day use-after-free vulnerability on createEventObject processing: <body onload="for(var i=0; i!=10000; i++) ev.srcElement">
<img src=. onerror="ev=createEventObject(event); outerHTML++">,
Multiple memory corruptions.
|
| 8! | Microsoft Windows Embedded OpenType (EOT) Fonts multiple security vulnerabilities
updated since 14.07.2009
|
| | Integer overflows, heap buffer overflows. |
| 6! | Microsoft IIS protection bypass
|
| | It's possible to bypass 3rd party upload protection by file extension, because part of filename after semicolon is ingored then detecting file type. E.g. script.asp;.jpg is treated by web server as ASP file. |
| 9! | Microsoft Internet Explorer multiple security vulnerabilities
updated since 09.12.2009
|
| | Multiple memory corruptions, code execution. |
| 7! | Microsoft Internet Authentication Service multiple security vulnerabilities
|
| | MS-CHAP authentication bypass, memory corruption. |
| 9! | Multiple TCP implementations different security vulnerabilities
updated since 09.09.2009
|
| | Multiple security vulnerabilities in different operation sustems caused by resource exhaustions on maintaining TCP states table. |
| 8! | Web Services on Devices Application Programming Interface API memory corruption
|
| | Memory corruption on WSD (TCP/5357, TCP/5358, UDP/3702) network packet parsing. |
| 8! | Microsoft Windows GDI code execution
|
| | Memory corruption on EOT (Embedded Open Type) font parsing, privilege escalation, DoS. |
| | Microsoft Internet Explorer DoS
|
| | Unremovable dialog with cycled setHomePage. |
| | Microsoft Windows Media Player information leak
|
| | Windows Media Player plugin allows to detect local file existance. |
| 6! | Microsoft Windows kernel multiple security vulnerabilities
updated since 13.10.2009
|
| | Integer overflow, NULL pointer dereference, exception handler vulnerability. |
| 6! | Microsoft Windows Media Runtime multiple security vulnerabilities
updated since 13.10.2009
|
| | Buffer overflows, memory corruptions. |
| 7! | Microsoft Internet Explorer multiple security vulnerabilities
updated since 13.10.2009
|
| | Multiple memory corruptions. |
| 8! | Microsoft .Net multiple security vulnerabilities
|
| | Multiple vulnerabilities allow escape from sandbox environment. |
| 8! | Microsoft GDI+ multiple security vulnerabilities
|
| | Multiple vulnerabilities on WMF, PNG, TIFF, BMP parsing. |
| 9! | Microsoft Windows (including Windows 7) SMB2 array index overflow
updated since 08.09.2009
|
| | Crash on SMB2 protocol NEGOTIATE PROTOCOL REQUEST SMB request parsing |
| 6! | Microsoft CryptoAPI certificate spoofing
|
| | Certificate name spoofing with NULL byte. |
| 9! | Microsoft Active Template Library (ATL) multiple security vulnerabilities
updated since 29.07.2009
|
| | Memory corruptions, information leak, initialization problem, leading to killbit protection bypass. |
| 8! | Microsoft Windows IIS FTP server buffer overflow
updated since 31.08.2009
|
| | Buffer overflow in NLST command. Same vulnerability may be used for stack overflow (stack memory exhaustion) without need fo write access. |
| 6! | Microsoft Windows LSA DoS
|
| | Crash on NTLM authentication parsing. |
| 8! | Microsoft Windows Wireless LAN AutoConfig service buffer overflow
|
| | Buffer overflow on access point frame parsing. |
| 8! | Microsoft Windows JavaScript engine memory corruption
|
| | Memory corruption on "arguments" keyword parsing. |
| 6! | Microsoft Windows MSMQ (message queuing) privilege escalation
updated since 11.08.2009
|
| | DoS conditions in the service lead to named channel spoofing possibility. |
| 7! | Microsoft RDP client multiple security vulnerabilities
updated since 11.08.2009
|
| | Memory corruption in ActiveX control, memory corruption on server reply processing. |
| 6! | Microsoft Windows Workstation service memory corruption
updated since 11.08.2009
|
| | Memory corruption on RPC message parsing. |
| 6! | Microsoft ASP.NET DoS |
| | | |
| 8! | Microsoft Windows media files processing memory corruption
|
| | Memory corruptions and integer overflows on AVI processing. |
| | Microsoft telnet NTLM relaying
|
| | NTLM relaying attack against telnet client authentication is possible. |
| 8! | Microsoft Internet Explorer multiple security vulnerabilities
updated since 29.07.2009
|
| | Multiple memory corruptions, workaround for ATL vulnerability added. |
| | Multiple browsers DoS
updated since 16.07.2009
|
| | select() method doesn't limie the number of selected elements, leading to resources exhaustion. |
| | Multiple browsers DoS
|
| | Crash or resources exhaustion on oversized unicode string operations via Javascript. |
| | Mozilla Firefox / Microsoft Internet Explorer / Opera /Google Chrome DoS
updated since 26.05.2009
|
| | Hang on circle with large radius value in SVG tags. Hang and memory leak on reload with keygen tag. |
| 8! | Windows print spooler multiple security vulnerabilities
updated since 10.06.2009
|
| | Buffer overflow, unauthorized files access, privilege escalation with dynamic library loading. |
| 8! | Microsoft Internet Explorer multiple security vulnerabilities
updated since 09.06.2009
|
| | Crossite data access, multiple memory corruptions. |
| 6! | Microsoft Windows kernel multiple privilege escalation
|
| | Multiple vulnerabilities in different subsystems. |
| | Browsers and search systems URL spoofing
updated since 27.04.2009
|
| | By using %xx in host name it's possible to spoof URL origin. |
| 8! | Microsoft Internet Explorer multiple security vulnerabilities
updated since 15.04.2009
|
| | Code exexuction, multiple memory corruptions, NTLM relaying. |
| 6! | Microsoft Windows privilege escalation
|
| | Privilege escalation with MSDTC, WMI, RPCSS, Windows Thread Pool services. |
| 6! | Microsoft Windows WinHTTP servive multiple security vulnerabilities
|
| | Integer overflow, certificate spoofing, NTLM relaying. |
| | Microsoft Internet Explorer DoS
|
| | Browser hangs while trying to determine charset of the text document with large number of random characters. |
| 10! | Microsoft Windows kernel multiple security vulnerabilities
|
| | Multiple security vulnerabilities allow code execution via EMF/WMF files. |
| | libc fts_* functions vulnerabilities
|
| | Invalid exceptional conditions processing on long path. |
| | Multiple browsers inherited charset crossite scripting
updated since 25.02.2007
|
| | If [age with undefined charset is displayed in frame, codepage of parent page is used. It makes it possible to conduct crossite scripting attack with e.g. UTF-7, EUC-JP (SHIFT_JIS) charset. |
| | Google Chrome, Mozilla Firefox, Opera, Internet Explorer browsers DoS
updated since 30.09.2008
|
| | Calling window.print() function in loop causes browser to hang. Uncontrollable memory allocation. Script can close window without user approval. |
| 6! | Microsoft Internet Explorer multiple security vulnerabilities
|
| | Few memory corruptions. |
| | Microsoft Windows fails to disable autorun
|
| | None of documented methods to disable autorun does it completely. This way of distribution is actively used by malware. CERT advises to add next record into registry (@ means default value for key).
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\Autorun.inf]
@="@SYS:DoesNotExist"
|
| 9! | Microsoft Windows SMB multiple security vulnerabilities
updated since 13.01.2009
|
| | Buffer overflows and DoS conditions. |
| | Microsoft Internet Explorer DoS
|
| | Crash on recursive script creation with createElement(). |
| 9! | Microsoft Internet Explorer multiple security vulnerabilities
updated since 10.12.2008
|
| | Multiple memory corruptions. |
| 9! | Microsoft Windows Media Player buffer overflow
|
| | Buffer overflow on WAV parsing |
| | Mozilla Firefox, Microsoft Internet Explorer, Opera and Google Chrome DoS
|
| | Printing <irame> in endless loop from javascript causes resources exhaustion and leads to browser hang. |
| 9! | Microsoft Windows Media Player integer overflow
|
| | Integer overflow on WAV parsing. |
| 10! | Microsoft Internet Explorer memory corruption
|
| | Memory corruption leads to code execution. Vulnerability is used in-the-wild for hidden malware installation. |
| | Microsoft Windows Media Player multiple security vulnerabilities
|
| | NTLM credentials leak and relaying. |
| 8! | Microsoft Windows Search multiple security vulnerabilities
|
| | Code execution with saved search results and with search-ms: URI. |
| 8! | Microsoft Windows GDI library multiple security vulnerabilities
|
| | Buffer overflow and integer overflow on WMF parsing. |
| | Microsoft Windows Vista memory corruption
|
| | Kernel memory corruption on CreateIpForwardEntry2 call processing. |
| | Internet Explorer, Opera, Google Chrome, Mozilla browsers DoS
updated since 03.10.2008
|
| | window.close() в цикле на событие OnLoad() приводит к зависанию браузера. Multiple resource exhaustion attacks with Javascript. |
| | Microsoft fixed SMB NTLM relay attacks
|
| | Microsoft fixed NTLM proxing vulnerability: credentials used for one services could be forwardedto different one. Attack is known for many years as NTLM weakness. |
| 7! | Microsoft XML multiple security vulnerabilities
|
| | Memory corruption, crossite scripting, information leak. |
| | Microsoft Windows UnhookWindowsHookEx() DoS
|
| | Race conditions on UnhookWindowsHookEx() call during active desktop switichin cause system to hang or crash. |
| 10! | Microsoft Windows code execution
updated since 24.10.2008
|
| | It's possible toexecute code without authentication with RPC request UUID 4b324fc8-1670-01d3-1278-5a47bf6ee188 to browser service via SERVER (LanmanServer) service, TCP/139, TCP/445.
Reccomendation is to disable browser service. |
| 7! | Microsoft Internet Explorer multiple security vulnerabilities
updated since 14.10.2008
|
| | Memory corruptions, information hijack, crossite scripting. |
| | Microsoft Windows Internet Printing Service integer overflow
|
| | Integer overflow after authentication. |
| 8! | Microsoft Windows SMB buffer overflow
|
| | Buffer overflow on SMB protocol parsing. |
| 7! | Microsoft Windows Virtual Address Descriptor manipulation privilege escalation
|
| | Integer overflow leads to memory corruption. |
| | Microsoft Windows kernel multiple security vulnerabilities
|
| | Double free() vulnerability and memory corruptions. |
| | Windows kernel integer overflow
|
| | Integer overflow in IopfCompleteRequest function. |
| | Mozilla Firefox / Opera / Microsoft Internet Explorer browsers DoS
|
| | window.sidebar.addPanel() in the loop causes browser to hang. |
| | Microsoft Internet Explorer DoS
|
| | Browser hangs on malcrafted PNG image. |
| | Microsoft Windows DoS
|
| | Uninitialized memory reference on WRITE_ANDX SMB request handling. |
| 8! | Microsoft Windows GDI library multiple security vulnerabilities
|
| | Multiple vulnerabilities on different graphics format parsing. |
| 6! | Microsoft Windows Media Player memory corruption
|
| | Server-Side playlists parsing memory corruption. |
| 7! | Microsoft Windows Media Encoder ActiveX code execution
|
| | Control supports unsafe methods. |
| 7! | Microsoft .Net framework multiple security vulnerabilities
updated since 10.07.2007
|
| | Buffer overflow on PE .Net format parsing, buffer overflow in KIT compiler, remote information leak in ASP.NET with poisoned NULL byte. |
| 8! | Microsoft Internet Explorer multiple security vulnerabilities
updated since 12.08.2008
|
| | Multiple memory corruptions, MHTML crossite scripting. |
| | Microsoft Windows IPSec policies vulnerability
|
| | Under certain conditions rules are not applied after Windows 2003 domain is migrated to Windows 2008. |
| 6! | Microsoft Windows privilege escalation
|
| | Invalid event handling allows code execution in system context. |
| 7! | Microsoft Windows Explorercode execution
|
| | Problem while parsing saved search files .search-ms. |
| 6! | Microsoft Windows DNS server and DNS client DNS reply spoofing
updated since 14.11.2007
|
| | Weak pseudo-random generator is used to generate DNS request ID. |
| 6! | Microsoft Windows PGM DoS
|
| | Infinite loop on PGM packet parsing. |
| 6! | Microsoft Internet Explorer multiple security vulnerabilities
|
| | Crossite scripting, information leak. |
| 7! | Microsoft DirectX code execution
|
| | MJPEG format AVI and ASF files parsing vulnerability, SAMI files parsing vulnerability. |
| 6! | Microsoft Wndows Bluetooth stack code execution
|
| | The Windows Bluetooth Stack does not correctly handle a large number of SDP requests. |
| | Microsoft Vista speech recognition unauthorized access
updated since 03.02.2007
|
| | Speech recognition may be used as an attack vector against client computer with e.h. HTML page with embedded sound. |
| 6! | Microsoft Windows Realtek HD Audio privilege escalation
|
| | Multiple security vulnerabilities on IOCTL processing. |
| | Microsoft Windows privilege escalation
|
| | By using RPCSS service it's possible to elevate privileges from NetworkService to SYSTEM. |
| 6! | Microsoft Internet Explorer memory corruption
updated since 08.04.2008
|
| | Memory corruption on datasream processing. |
| 8! | Microsoft Windows multiple ActiveX elements security update
updated since 08.04.2008
|
| | Code execution in hxvz.dll. |
| 9! | Microsoft Windows GDI multiple security vulnerabilities
updated since 08.04.2008
|
| | Multiple buffer overflows on EMF and WMF files parsing. |
| 6! | Microsoft Windows privilege escalation
|
| | Code execution in kernel context. |
| | Microsoft Internet Explorer / mozilla Firefox address spoofing |
| | | |
| 6! | Microsoft Internet Explorer 7 request modification
|
| | Headers manipulation and invalid chunked encoding processing allow response splitting. |
| | Microsoft Internet Explorer 7.0 DoS
|
| | Crash on createtextrange method. |
| 8! | Microsoft Internet Explorer multiple security vulnerabilities
updated since 12.02.2008
|
| | Multiple memory corruptions. |
| 6! | Microsoft Internet Information Services privilege escalation
|
| | Privilege escalation through file change notification. ASP files processing privilege escalation. |
| | Microsoft Windows Vista DoS
|
| | Crash on DHCP server response parsing. |
| 7! | Microsoft Windows Web Client service buffer overflow
|
| | Buffer overflow on WebDAV server response parsing. |
| 7! | Microsoft Windows OLE buffer overflow
|
| | Heap buffer overflow |
| 6! | Microsoft Windows Vista / XP / 2000 audio drivers privilege escalation
|
| | Ensoniq PCI 1371 WDM audio driver privilege escalation. |
| 8! | Microsoft Internet Explorer multiple security vulnerabilities
updated since 12.12.2007
|
| | Multiple memory corruptions. |
| 8! | Microsoft Windows DirectX multiple security vulnerabilities
updated since 12.12.2007
|
| | Synchronized Accessible Media Interchange (SAMI), WAV and AVI. |
| 6! | Microsoft Windows Vista SMBv2 packets signature bypass
|
| | Invalid implementation of digital signing. |
| 6! | 3ivx MP4 codec buffer overflow
|
| | Buffer overflow on MP4 tags parsing. |
| | Microsoft Jet Engine MDB files parsing buffer overflow
|
| | Buffer overflow on MDB file access. |
| 7! | Microsoft Windows URL code execution
|
| | Invalid handling of %xx sequences on external URL handlers in Windows XP with Internet Explorer 7 installed allows to execute applications. |
| 6! | Microsoft Windows RPC DoS
updated since 10.10.2007
|
| | Denial of Service during authentication in RPC-based services. |
| 8! | Microsoft Outlook Express / Windows Mail NNTP buffer overflow
|
| | Heap memory overflow on NNTP server reply parsing. |
| 6! | Microsoft Internet Explorer multiple security vulnerabilities
|
| | Memory corruption, address bar spoofing. |
| | Microsoft Windows Explorer PNG DoS
|
| | Infinite loop on invalid PNG file parsing. |
| | Microsoft Windows Services for UNIX privilege escalation
|
| | Invalid suid files handling. |
| 9! | Microsoft Windows XML core services memory corruption
updated since 14.08.2007
|
| | Memory corruption on XML parsing. |
| 10! | Microsoft Internet Explorer multiple security vulnerabilities
updated since 14.08.2007
|
| | Memory corruption on ActiveX parsing, unsafe Visual Basic ActiveX execution, Visual Basic ActiveX memory corruption. |
| 6! | Microsoft Windows Media Player multiple security vulnerabilities
|
| | Multiple vulnerabilities on skin files parsing. |
| 10! | Microsoft Windows VML parsing buffer overflow
|
| | Heap buffer overflow on compressed VML content. |
| 7! | Microsoft Windows Vista gadgets code execution
|
| | Code eexcution with "Contacts" and "Weather" gadgets. |
| | Microsoft Internet Explorer DoS
|
| | Line <style>*{position:relative}</style><table><input></table> causes brower to crash. |
| | Microsoft Windows ARP DoS
|
| | Flood with packets with different MACs causes CPU exaustion. |
| | Microsoft DirectX buffer overflow
|
| | Buffer overflow on compressed TGA images parsing. |
| 6! | Microsoft Internet Explorer 0-day vulnerability
updated since 10.07.2007
|
| | Unfiltered shell characters on executed URL: protocol application handler. |
| | Microsoft Internet Explorer content spoofing
|
| | It's possiblt to emulate navigation to different site by using document.open(), actually stayin in context of previous page. |
| 6! | Microsoft Windows Vista firewall filtering bypass with Toredo
|
| | Filtering tules are not applied to certein traffic types. |
| | Microsoft Internet Explorer DoS
|
| | Browser DoS on the page in domain with special characters. |
| 8! | Microsoft Outlook Express / Windows Mail multiple security vulnerabilities
updated since 12.06.2007
|
| | Multiple vulnerabilities on MHTML parsing. Code execution with UNC URLs. |
| 9! | Microsoft Internet Explorer multiple security vulnerabilities
updated since 12.06.2007
|
| | Multiple memory corruptions, content spoofing. |
| 6! | Microsoft Windows Vista weak security permissions
|
| | Weak permissions for files and registry entries. |
| | Microsoft Windows GDI+ library DoS
updated since 11.06.2007
|
| | Division by zero on .ICO files parsing. |
| | Microsoft Windows Vista application spoofing through links
|
| | It's possible to bypass privileged application execution by spoofing start menu shortcuts. |
| 9! | Microsoft Internet Explorer multiple security vulnerabilities
updated since 08.05.2007
|
| | Multiple memory corruption on COM objects and HTML parsing, files rewrite. |
| | Multiple browsers digest authentication request splitting
|
| | It's possible to inject new line characters to HTTP request headers thorugh username. |
| 7! | Microsoft Windows memory corruption
updated since 16.12.2006
|
| | CSRSS memory corruption on MessageBox with MB_SERVICE_NOTIFICATION beginning with "\??\". |
| 6! | Microsoft Windows Vista protected process protection bypass
|
| | It's possible to set or remove process protection. |
| 10! | Microsoft Windows animated cursors buffer overflow
updated since 30.03.2007
|
| | Stack buffer overflow (stack overrun) is actively used for hidden malware installation. |
| 9! | Microsoft Windows multiple GDI vulnerabilities |
| | | |
| 6! | Microsoft Vista IPv6 multiple security vulnerability
updated since 29.03.2007
|
| | Multiple DoS conditions and spoof possibilities. |
| 6! | Microsoft Vista ATI drivers vulnerability
|
| | Blue Screen of Death whiel displaying images. |
| | Microsoft Windows Vista Internet Explorer applications execution
|
| | By clicking the link to the local file with the same name as local folder, file is executed. |
| | Microsoft Internet Explorer page content spoofing
|
| | Crossite scripting in res://ieframe.dll/navcancl.htm#http://www.site.com page allows to inject HTML code into page. |
| | Microsoft Windows mmioRead () multimedia function integer overflow
|
| | Integer overflow on negative parameter values. |
| 6! | Microsoft Windows files and folders management problems
updated since 07.03.2007
|
| | During file operations conditions exist for attacker to gain access to content of protected or locked files. It's also possible to create unmanageble file. |
| | Multiple browsers information leaks
|
| | Server can find pages visited by user by using, e.g., different background pages for "visited" elements. |
| 6! | Multiple browsers OnUnload event handler different vulnerabilities
updated since 23.02.2007
|
| | Different memory corruptions because of race conditions in OnUnload handler. In addition address bar spoofing and creation of pages can not be left is possible. |
| 6! | Mozilla libnss multiple security vulnerabilities
updated since 25.02.2007
|
| | Buffer overflows and integer overflows in SSL2 client and server code implementation. |
| 6! | Microsoft Windows ReadDirectoryChangesW information leak
|
| | ReadDirectoryChangesW() API function doesn't check user's privileges for subtree folders, making it's possible for unprivileged user to gather information about sensitive files. |
| 7! | Microsoft Internet Explorer multiple security vulnerabilities
|
| | Memory corruptions on COM objects instantiation and FTP server response parsing can be used for hidden malware installation. |
| | Microsoft Internet Explorer / Mozilla Firefox user input hijacking
|
| | It's possible to hijack input focus by using OnKeyDown / OnKeyPress events. |
| 6! | Microsoft Windows XMLHTTP proxy problem
|
| | Because of insufficient request validation Msxml2.XMLHTTP ActiveX object can be used to proxy HTTML request via client browser. |
| | Microsoft Internet Explorer multiple ActiveX different paramters DoS
|
| | NULL pointer dereference. |
| 6! | Multiple browsers race conditions
updated since 18.08.2006
|
| | There are different race condition with threading synchronization on different concurrent events. |
| 6! | Multiple browsers DNS pinning protection bypass
|
| | By emulatin Web server failure it's possible to bypass DNS pinning protection (protection against changing IP address resolution by DNS name for crossite access) |
| | |
