| 9! | Microsoft Windows TCP/IP and TCP/IPv6 multiple security vulnerabilities
updated since 09.02.2010
|
 | | Multiple memory corruptions in ICMPv6, IPSec, TCP implementations. |
| 6! | Microsoft SMB client multiple security vulnerabilities
|
| | Memory corruptions, race conditions. |
| 6! | Microsoft DirectShow buffer overflow
|
| | Buffer overflow on AVI parsing. |
| | Microsoft Windows Kerberos DoS
|
| | NULL pointer dereference on TGT renewal request processing. |
| 7! | Microsoft Data Analyzer ActiveX Control memory corruption |
| | | |
| | Microsoft Hyper-V DoS
|
| | Insufficient instruction set validation in virtual machine. |
| 7! | Microsoft Windows SMB server multiple security vulnerabilities
|
| | Memory corruptions, buffer overflow, DoS conditions, cryptography weakness. |
| 6! | Microsoft Windows kernel privilege escalation
|
| | Double free() vulnerability, exception handler vulnerability. |
| 8! | Microsoft Internet Explorer information leak
|
| | It's possible to retrieve any file from client computer via URLMON and Dynamic OBJECT tag. |
| 9! | Internet Explorer memory corruption
updated since 22.11.2009
|
| | Memory corruption then setting outerHTML from body style. |
| 8! | Microsoft Internet Explorer Multiple security vulnerabilities
updated since 19.01.2010
|
| | 0-day use-after-free vulnerability on createEventObject processing: <body onload="for(var i=0; i!=10000; i++) ev.srcElement">
<img src=. onerror="ev=createEventObject(event); outerHTML++">,
Multiple memory corruptions.
|
| 8! | Microsoft Windows Embedded OpenType (EOT) Fonts multiple security vulnerabilities
updated since 14.07.2009
|
| | Integer overflows, heap buffer overflows. |
| 6! | Microsoft IIS protection bypass
|
| | It's possible to bypass 3rd party upload protection by file extension, because part of filename after semicolon is ingored then detecting file type. E.g. script.asp;.jpg is treated by web server as ASP file. |
| 9! | Microsoft Internet Explorer multiple security vulnerabilities
updated since 09.12.2009
|
| | Multiple memory corruptions, code execution. |
| 7! | Microsoft Windows Active Directory Federation Service multiple security vulnerabilities
|
| | Code execution, session hijack. |
| 7! | Microsoft Internet Authentication Service multiple security vulnerabilities
|
| | MS-CHAP authentication bypass, memory corruption. |
| 9! | Multiple TCP implementations different security vulnerabilities
updated since 09.09.2009
|
| | Multiple security vulnerabilities in different operation sustems caused by resource exhaustions on maintaining TCP states table. |
| 8! | Web Services on Devices Application Programming Interface API memory corruption
|
| | Memory corruption on WSD (TCP/5357, TCP/5358, UDP/3702) network packet parsing. |
| 8! | Microsoft Windows GDI code execution
|
| | Memory corruption on EOT (Embedded Open Type) font parsing, privilege escalation, DoS. |
| | Microsoft Active Directory DoS
|
| | LSASS stack overflow (stack memory exhaustion). |
| | Microsoft Internet Explorer DoS
|
| | Unremovable dialog with cycled setHomePage. |
| | Microsoft Windows Media Player information leak
|
| | Windows Media Player plugin allows to detect local file existance. |
| 6! | Microsoft Windows kernel multiple security vulnerabilities
updated since 13.10.2009
|
| | Integer overflow, NULL pointer dereference, exception handler vulnerability. |
| 7! | Microsoft Internet Explorer multiple security vulnerabilities
updated since 13.10.2009
|
| | Multiple memory corruptions. |
| 8! | Microsoft GDI+ multiple security vulnerabilities
|
| | Multiple vulnerabilities on WMF, PNG, TIFF, BMP parsing. |
| 6! | Microsoft Windows Media Runtime multiple security vulnerabilities
updated since 13.10.2009
|
| | Buffer overflows, memory corruptions. |
| 8! | Microsoft .Net multiple security vulnerabilities
|
| | Multiple vulnerabilities allow escape from sandbox environment. |
| 9! | Microsoft Windows (including Windows 7) SMB2 array index overflow
updated since 08.09.2009
|
| | Crash on SMB2 protocol NEGOTIATE PROTOCOL REQUEST SMB request parsing |
| 9! | Microsoft Active Template Library (ATL) multiple security vulnerabilities
updated since 29.07.2009
|
| | Memory corruptions, information leak, initialization problem, leading to killbit protection bypass. |
| 6! | Microsoft CryptoAPI certificate spoofing
|
| | Certificate name spoofing with NULL byte. |
| 6! | Microsoft Windows LSA DoS
|
| | Crash on NTLM authentication parsing. |
| 8! | Microsoft Windows IIS FTP server buffer overflow
updated since 31.08.2009
|
| | Buffer overflow in NLST command. Same vulnerability may be used for stack overflow (stack memory exhaustion) without need fo write access. |
| 8! | Microsoft Windows JavaScript engine memory corruption
|
| | Memory corruption on "arguments" keyword parsing. |
| 8! | Microsoft Windows Wireless LAN AutoConfig service buffer overflow
|
| | Buffer overflow on access point frame parsing. |
| 6! | Microsoft Windows Workstation service memory corruption
updated since 11.08.2009
|
| | Memory corruption on RPC message parsing. |
| 7! | Microsoft RDP client multiple security vulnerabilities
updated since 11.08.2009
|
| | Memory corruption in ActiveX control, memory corruption on server reply processing. |
| 6! | Microsoft ASP.NET DoS |
| | | |
| 8! | Microsoft Windows media files processing memory corruption
|
| | Memory corruptions and integer overflows on AVI processing. |
| | Microsoft telnet NTLM relaying
|
| | NTLM relaying attack against telnet client authentication is possible. |
| 8! | Microsoft Internet Explorer multiple security vulnerabilities
updated since 29.07.2009
|
| | Multiple memory corruptions, workaround for ATL vulnerability added. |
| | Multiple browsers DoS
updated since 16.07.2009
|
| | select() method doesn't limie the number of selected elements, leading to resources exhaustion. |
| | Multiple browsers DoS
|
| | Crash or resources exhaustion on oversized unicode string operations via Javascript. |
| | Mozilla Firefox / Microsoft Internet Explorer / Opera /Google Chrome DoS
updated since 26.05.2009
|
| | Hang on circle with large radius value in SVG tags. Hang and memory leak on reload with keygen tag. |
| 8! | Windows print spooler multiple security vulnerabilities
updated since 10.06.2009
|
| | Buffer overflow, unauthorized files access, privilege escalation with dynamic library loading. |
| 8! | Microsoft Internet Explorer multiple security vulnerabilities
updated since 09.06.2009
|
| | Crossite data access, multiple memory corruptions. |
| 6! | Microsoft Windows kernel multiple privilege escalation
|
| | Multiple vulnerabilities in different subsystems. |
| 8! | Microsoft Internet Explorer multiple security vulnerabilities
updated since 15.04.2009
|
| | Code exexuction, multiple memory corruptions, NTLM relaying. |
| 6! | Microsoft Windows privilege escalation
|
| | Privilege escalation with MSDTC, WMI, RPCSS, Windows Thread Pool services. |
| 6! | Microsoft Windows WinHTTP servive multiple security vulnerabilities
|
| | Integer overflow, certificate spoofing, NTLM relaying. |
| | Microsoft Internet Explorer DoS
|
| | Browser hangs while trying to determine charset of the text document with large number of random characters. |
| 10! | Microsoft Windows kernel multiple security vulnerabilities
|
| | Multiple security vulnerabilities allow code execution via EMF/WMF files. |
| | Microsoft Windows DNS and WINS special records spoofing
|
| | It's possible to spoof WPAD and ISATAP records. |
| | Google Chrome, Mozilla Firefox, Opera, Internet Explorer browsers DoS
updated since 30.09.2008
|
| | Calling window.print() function in loop causes browser to hang. Uncontrollable memory allocation. Script can close window without user approval. |
| 6! | Microsoft Internet Explorer multiple security vulnerabilities
|
| | Few memory corruptions. |
| | Microsoft SQL Server memory corruption
|
| | sp_replwritetovarbin stored procedure memory overwrite. |
| | Microsoft Windows fails to disable autorun
|
| | None of documented methods to disable autorun does it completely. This way of distribution is actively used by malware. CERT advises to add next record into registry (@ means default value for key).
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\Autorun.inf]
@="@SYS:DoesNotExist"
|
| 9! | Microsoft Windows SMB multiple security vulnerabilities
updated since 13.01.2009
|
| | Buffer overflows and DoS conditions. |
| | Microsoft Internet Explorer DoS
|
| | Crash on recursive script creation with createElement(). |
| 9! | Microsoft Internet Explorer multiple security vulnerabilities
updated since 10.12.2008
|
| | Multiple memory corruptions. |
| 9! | Microsoft Windows Media Player buffer overflow
|
| | Buffer overflow on WAV parsing |
| | Mozilla Firefox, Microsoft Internet Explorer, Opera and Google Chrome DoS
|
| | Printing <irame> in endless loop from javascript causes resources exhaustion and leads to browser hang. |
| 9! | Microsoft Windows Media Player integer overflow
|
| | Integer overflow on WAV parsing. |
| 10! | Microsoft Internet Explorer memory corruption
|
| | Memory corruption leads to code execution. Vulnerability is used in-the-wild for hidden malware installation. |
| | Microsoft Windows Media Player multiple security vulnerabilities
|
| | NTLM credentials leak and relaying. |
| 8! | Microsoft Windows GDI library multiple security vulnerabilities
|
| | Buffer overflow and integer overflow on WMF parsing. |
| | Internet Explorer, Opera, Google Chrome, Mozilla browsers DoS
updated since 03.10.2008
|
| | window.close() в цикле на событие OnLoad() приводит к зависанию браузера. Multiple resource exhaustion attacks with Javascript. |
| | Microsoft fixed SMB NTLM relay attacks
|
| | Microsoft fixed NTLM proxing vulnerability: credentials used for one services could be forwardedto different one. Attack is known for many years as NTLM weakness. |
| 7! | Microsoft XML multiple security vulnerabilities
|
| | Memory corruption, crossite scripting, information leak. |
| 10! | Microsoft Windows code execution
updated since 24.10.2008
|
| | It's possible toexecute code without authentication with RPC request UUID 4b324fc8-1670-01d3-1278-5a47bf6ee188 to browser service via SERVER (LanmanServer) service, TCP/139, TCP/445.
Reccomendation is to disable browser service. |
| 7! | Microsoft Internet Explorer multiple security vulnerabilities
updated since 14.10.2008
|
| | Memory corruptions, information hijack, crossite scripting. |
| 8! | Microsoft Windows SMB buffer overflow
|
| | Buffer overflow on SMB protocol parsing. |
| | Microsoft Windows kernel multiple security vulnerabilities
|
| | Double free() vulnerability and memory corruptions. |
| | Windows kernel integer overflow
|
| | Integer overflow in IopfCompleteRequest function. |
| | Internet Information Server and IAS ActiveX unauthorized access and DoS
|
| | ActiveX allows privileged actions to be silently executed. |
| | Microsoft Internet Explorer DoS
|
| | Browser hangs on malcrafted PNG image. |
| | Mozilla Firefox / Opera / Microsoft Internet Explorer browsers DoS
|
| | window.sidebar.addPanel() in the loop causes browser to hang. |
| 6! | Microsoft Windows Media Player memory corruption
|
| | Server-Side playlists parsing memory corruption. |
| 8! | Microsoft Windows GDI library multiple security vulnerabilities
|
| | Multiple vulnerabilities on different graphics format parsing. |
| 7! | Microsoft Windows Media Encoder ActiveX code execution
|
| | Control supports unsafe methods. |
| 8! | Microsoft Internet Explorer multiple security vulnerabilities
updated since 12.08.2008
|
| | Multiple memory corruptions, MHTML crossite scripting. |
| | Microsoft Windows IPSec policies vulnerability
|
| | Under certain conditions rules are not applied after Windows 2003 domain is migrated to Windows 2008. |
| 7! | Microsoft Windows Explorercode execution
|
| | Problem while parsing saved search files .search-ms. |
| | Microsoft Active Directory DoS
|
| | Uninitialized memory reference on LDAP processing. |
| 6! | Microsoft Windows PGM DoS
|
| | Infinite loop on PGM packet parsing. |
| 7! | Microsoft DirectX code execution
|
| | MJPEG format AVI and ASF files parsing vulnerability, SAMI files parsing vulnerability. |
| 6! | Microsoft Internet Explorer multiple security vulnerabilities
|
| | Crossite scripting, information leak. |
| 6! | Microsoft Windows Realtek HD Audio privilege escalation
|
| | Multiple security vulnerabilities on IOCTL processing. |
| 6! | Microsoft Internet Explorer memory corruption
updated since 08.04.2008
|
| | Memory corruption on datasream processing. |
| 9! | Microsoft Windows GDI multiple security vulnerabilities
updated since 08.04.2008
|
| | Multiple buffer overflows on EMF and WMF files parsing. |
| 8! | Microsoft Windows multiple ActiveX elements security update
updated since 08.04.2008
|
| | Code execution in hxvz.dll. |
| 6! | Microsoft Windows privilege escalation
|
| | Code execution in kernel context. |
| | Microsoft Internet Explorer / mozilla Firefox address spoofing |
| | | |
| 6! | Microsoft Internet Explorer 7 request modification
|
| | Headers manipulation and invalid chunked encoding processing allow response splitting. |
| | |
