| | Microsoft Internet Explorer saved pages crossite scripting updated since 21.08.2007
|
 | | Crossite scripting in context of local machine is possible on saving URL with address like
http://site/--><script>alert("XSS")</script> |
| | Internet Explorer, Opera, Google Chrome, Mozilla browsers DoS updated since 03.10.2008
|
 | | window.close() в цикле на событие OnLoad() приводит к зависанию браузера. Multiple resource exhaustion attacks with Javascript. |
| | Microsoft fixed SMB NTLM relay attacks
|
 | | Microsoft fixed NTLM proxing vulnerability: credentials used for one services could be forwardedto different one. Attack is known for many years as NTLM weakness. |
| 7! | Microsoft XML multiple security vulnerabilities
|
 | | Memory corruption, crossite scripting, information leak. |
| | Microsoft Windows Explorer buffer overflow updated since 01.06.2006
|
 | | Buffer overflow during right-click on .url file with oversized mhtml://mid: URL. Vulnerability can be used for hidden malware installation. |
| 10! | Microsoft Windows code execution updated since 24.10.2008
|
 | | It's possible toexecute code without authentication with RPC request UUID 4b324fc8-1670-01d3-1278-5a47bf6ee188 to browser service via SERVER (LanmanServer) service, TCP/139, TCP/445.
Reccomendation is to disable browser service. |
| | Google Chrome, Mozilla Firefox, Opera, Internet Explorer browsers DoS updated since 30.09.2008
|
 | | Calling window.print() function in loop causes browser to hang. Uncontrollable memory allocation. Script can close window without user approval. |
| | Microsoft Internet Explorer address bar spoofing
|
 | | There are few methods of address bar spoofing. |
| 7! | Microsoft Internet Explorer multiple security vulnerabilities updated since 14.10.2008
|
 | | Memory corruptions, information hijack, crossite scripting. |
| 7! | Microsoft Windows AFD driver privilege escalation updated since 15.10.2008
|
 | | Kernel memory access is possible. |
| | Microsoft Windows Internet Printing Service integer overflow
|
 | | Integer overflow after authentication. |
| 8! | Microsoft Windows SMB buffer overflow
|
 | | Buffer overflow on SMB protocol parsing. |
| 7! | Microsoft Windows Virtual Address Descriptor manipulation privilege escalation
|
 | | Integer overflow leads to memory corruption. |
| | Microsoft Windows kernel multiple security vulnerabilities
|
 | | Double free() vulnerability and memory corruptions. |
| | Windows kernel integer overflow
|
 | | Integer overflow in IopfCompleteRequest function. |
| | Mozilla Firefox / Opera / Microsoft Internet Explorer browsers DoS
|
 | | window.sidebar.addPanel() in the loop causes browser to hang. |
| | Microsoft Internet Explorer DoS
|
 | | Browser hangs on malcrafted PNG image. |
| 6! | Microsoft Outlook Express / Microsoft Outlook DoS
|
 | | Crash on
<style>*{position:relative}</style>
<table>DoS</table>
in HTML content. |
| | Microsoft Windows DoS
|
 | | Uninitialized memory reference on WRITE_ANDX SMB request handling. |
| 8! | Microsoft Windows GDI library multiple security vulnerabilities
|
 | | Multiple vulnerabilities on different graphics format parsing. |
| 6! | Microsoft Windows Media Player memory corruption
|
 | | Server-Side playlists parsing memory corruption. |
| 7! | Microsoft Windows Media Encoder ActiveX code execution
|
 | | Control supports unsafe methods. |
| 7! | Microsoft .Net framework multiple security vulnerabilities updated since 10.07.2007
|
 | | Buffer overflow on PE .Net format parsing, buffer overflow in KIT compiler, remote information leak in ASP.NET with poisoned NULL byte. |
| 8! | Microsoft Internet Explorer multiple security vulnerabilities updated since 12.08.2008
|
 | | Multiple memory corruptions, MHTML crossite scripting. |
| 7! | Microsoft Windows color management system memory corruption updated since 12.08.2008
|
 | | Memory corruption on ICCM management. |
| 6! | Microsoft Windows privilege escalation
|
 | | Invalid event handling allows code execution in system context. |
| 6! | Microsoft Windows DNS server and DNS client DNS reply spoofing updated since 14.11.2007
|
 | | Weak pseudo-random generator is used to generate DNS request ID. |
| 6! | Microsoft Windows PGM DoS
|
 | | Infinite loop on PGM packet parsing. |
| 6! | Microsoft Wndows Bluetooth stack code execution
|
 | | The Windows Bluetooth Stack does not correctly handle a large number of SDP requests. |
| 6! | Microsoft Internet Explorer multiple security vulnerabilities
|
 | | Crossite scripting, information leak. |
| 7! | Microsoft DirectX code execution
|
 | | MJPEG format AVI and ASF files parsing vulnerability, SAMI files parsing vulnerability. |
| | Microsoft Windows I2O driver privilege escalation
|
 | | \\.\I2OExc device weak permissions, IOCTL data insufficient validation. |
| 7! | Microsoft Jet engine buffer overflow
|
 | | Buffer overflow on MDB files request handling. |
| 6! | Microsoft Windows Realtek HD Audio privilege escalation
|
 | | Multiple security vulnerabilities on IOCTL processing. |
| | Microsoft Windows privilege escalation
|
 | | By using RPCSS service it's possible to elevate privileges from NetworkService to SYSTEM. |
| 6! | Microsoft Internet Explorer memory corruption updated since 08.04.2008
|
 | | Memory corruption on datasream processing. |
| 8! | Microsoft Windows multiple ActiveX elements security update updated since 08.04.2008
|
 | | Code execution in hxvz.dll. |
| 9! | Microsoft Windows GDI multiple security vulnerabilities updated since 08.04.2008
|
 | | Multiple buffer overflows on EMF and WMF files parsing. |
| 9! | Microsoft Windows VBScript / JScript buffer overflow
|
 | | Buffer overflow on scripts parsing. |
| 6! | Microsoft Windows privilege escalation
|
 | | Code execution in kernel context. |
| | Microsoft Internet Explorer / mozilla Firefox address spoofing |
| | | |
| 6! | Microsoft Internet Explorer 7 request modification
|
 | | Headers manipulation and invalid chunked encoding processing allow response splitting. |
| | Microsoft Internet Explorer 7.0 DoS
|
 | | Crash on createtextrange method. |
| 8! | Microsoft Internet Explorer multiple security vulnerabilities updated since 12.02.2008
|
 | | Multiple memory corruptions. |
| 6! | Microsoft Internet Information Services privilege escalation
|
 | | Privilege escalation through file change notification. ASP files processing privilege escalation. |
| 6! | Microsoft Windows Active Directory DoS
|
 | | Crash on LDAP request handling. |
| 7! | Microsoft Windows Web Client service buffer overflow
|
 | | Buffer overflow on WebDAV server response parsing. |
| 7! | Microsoft Windows OLE buffer overflow
|
 | | Heap buffer overflow |
| 10! | Microsoft Windows TCP/IP stack multiple security vulnerabilities
|
 | | Memory corruption on IGMP/MLD processing, DoS on fragmented ICMP router discovery. |
| 6! | Microsoft Windows LSASS LPC requests privilege escalation
|
 | | It's possible to execute code with LocalSystem privileges. |
| 6! | Microsoft Windows Vista / XP / 2000 audio drivers privilege escalation
|
 | | Ensoniq PCI 1371 WDM audio driver privilege escalation. |
| 7! | Microsoft Windows Message Queuing buffer overflow updated since 12.12.2007
|
 | | Buffer overflow in RPC interface (TCP/2103). |
| 8! | Microsoft Internet Explorer multiple security vulnerabilities updated since 12.12.2007
|
 | | Multiple memory corruptions. |
| 8! | Microsoft Windows DirectX multiple security vulnerabilities updated since 12.12.2007
|
 | | Synchronized Accessible Media Interchange (SAMI), WAV and AVI. |
| 7! | Microsoft Windows SafeDisk driver buffer overflow updated since 20.10.2007
|
 | | Buffer overflow in secdrv.sys driver allows code execution in syste, context. |
| 6! | 3ivx MP4 codec buffer overflow
|
 | | Buffer overflow on MP4 tags parsing. |
| | Microsoft Jet Engine MDB files parsing buffer overflow
|
 | | Buffer overflow on MDB file access. |
| 7! | Microsoft Windows URL code execution
|
 | | Invalid handling of %xx sequences on external URL handlers in Windows XP with Internet Explorer 7 installed allows to execute applications. |
| 6! | Microsoft Windows TCP/IP stack IGMP DoS updated since 15.02.2006
|
 | | System hangs on malformed IGMPv3 packet. |
| | Microsoft Internet Explorer executable files download filter protection bypass
|
 | | It's possible to upload file to temporary internet files folder by adding GET parameters to filename, e.g. http://example.com/program.exe?1.cda/ |
| 6! | Microsoft Windows RPC DoS updated since 10.10.2007
|
 | | Denial of Service during authentication in RPC-based services. |
| 8! | Microsoft Outlook Express / Windows Mail NNTP buffer overflow
|
 | | Heap memory overflow on NNTP server reply parsing. |
| 6! | Microsoft Internet Explorer multiple security vulnerabilities
|
 | | Memory corruption, address bar spoofing. |
| | Microsoft Windows Explorer PNG DoS
|
 | | Infinite loop on invalid PNG file parsing. |
| 9! | Microsoft Windows XML core services memory corruption updated since 14.08.2007
|
 | | Memory corruption on XML parsing. |
| 10! | Microsoft Internet Explorer multiple security vulnerabilities updated since 14.08.2007
|
 | | Memory corruption on ActiveX parsing, unsafe Visual Basic ActiveX execution, Visual Basic ActiveX memory corruption. |
| 6! | Microsoft Windows Media Player multiple security vulnerabilities
|
 | | Multiple vulnerabilities on skin files parsing. |
| 10! | Microsoft Windows VML parsing buffer overflow
|
 | | Heap buffer overflow on compressed VML content. |
| 6! | Microsoft Windows OLE Automation memory corruption updated since 14.08.2007
|
 | | Memory corruption on embedded objects processing. |
| 10! | Microsoft Windows GDI code execution updated since 14.08.2007
|
 | | Heap buffer overflow on Windows metafiles parsing. |
| | Microsoft Internet Explorer DoS
|
 | | Line <style>*{position:relative}</style><table><input></table> causes brower to crash. |
| | Microsoft Windows ARP DoS
|
 | | Flood with packets with different MACs causes CPU exaustion. |
| 6! | Microsoft Internet Explorer 0-day vulnerability updated since 10.07.2007
|
 | | Unfiltered shell characters on executed URL: protocol application handler. |
| | Microsoft DirectX buffer overflow
|
 | | Buffer overflow on compressed TGA images parsing. |
| | Microsoft Internet Explorer content spoofing
|
 | | It's possiblt to emulate navigation to different site by using document.open(), actually stayin in context of previous page. |
| 7! | Microsoft Internet Information Server DoS updated since 18.12.2005
|
 | | Request like http://www.example.com/_vti_bin/.dll/*\~0 for virtual folders with CGI execution enabled causes server to crash and potentially leads to code execution. |
| | Microsoft Internet Explorer DoS
|
 | | Browser DoS on the page in domain with special characters. |
| 8! | Microsoft Outlook Express / Windows Mail multiple security vulnerabilities updated since 12.06.2007
|
 | | Multiple vulnerabilities on MHTML parsing. Code execution with UNC URLs. |
| 9! | Microsoft Internet Explorer multiple security vulnerabilities updated since 12.06.2007
|
 | | Multiple memory corruptions, content spoofing. |
| | Microsoft Windows GDI+ library DoS updated since 11.06.2007
|
 | | Division by zero on .ICO files parsing. |
| 9! | Microsoft Windows APi code execution
|
 | | Insufficient validation of function arguments. |
| | Microsoft Html Popup / Outlook Express Address Book ActiveX DoS
|
 | | Crash on element displaying. |
| 7! | Microsoft Internet Explorer and Mozilla Firefox multiple security vulnerabilities
|
 | | Internet Explorer race conditions allow cross domain access. Mozilla Firefox IFRAME cross domain access. Mozilla file download dialogs delay protection bypass. MSIE address bar spoofing. |
| 9! | Microsoft Internet Explorer multiple security vulnerabilities updated since 08.05.2007
|
 | | Multiple memory corruption on COM objects and HTML parsing, files rewrite. |
| | Multiple browsers digest authentication request splitting
|
 | | It's possible to inject new line characters to HTTP request headers thorugh username. |
| 7! | Microsoft Windows memory corruption updated since 16.12.2006
|
 | | CSRSS memory corruption on MessageBox with MB_SERVICE_NOTIFICATION beginning with "\??\". |
| | Microsoft Windows Virtual DOS machine privilege escalation
|
 | | Race conditions allow to overwrite VDM memory zero page. |
| 6! | Microsoft Windows Universal PnP memory corruption
|
 | | Memory corruption during TCP/2869 and UDP/1900 request processing. |
| 7! | Microsoft Agent ActiveX memory corruption
|
 | | Buffer overflow on URL parsing. |
| | Microsoft Windows DoS with WMF files
|
 | | Uninitialized memory reference in system kernel. |
| 10! | Microsoft Windows animated cursors buffer overflow updated since 30.03.2007
|
 | | Stack buffer overflow (stack overrun) is actively used for hidden malware installation. |
| 9! | Microsoft Windows multiple GDI vulnerabilities |
| | | |
| 7! | Microsoft Data Access Components code execution updated since 13.02.2007
|
 | | ADODB.Connection NextRecordset() / Execute() double free() vulnerability. Can be used for hidden malware installation. |
| | Microsoft Internet Explorer DoS
|
 | | Memory exhaustion with appendChild method. |
| | Microsoft Windows NDISTAPI DoS
|
 | | During exceptions handling on \Device\NdisTapi device request handling URQL is not returned from DISPATCH level on switching to user mode, leading to crash (BSOD) with IRQL_LESS_THAN_NOT_EQUAL on accessing paged memory. |
| 7! | Microsoft MFC memory corruption updated since 13.02.2007
|
 | | Memory corruption on RTF files parsing. Can be used for hidden malware installation. |
| | Microsoft Internet Explorer page content spoofing
|
 | | Crossite scripting in res://ieframe.dll/navcancl.htm#http://www.site.com page allows to inject HTML code into page. |
| | Microsoft Windows mmioRead () multimedia function integer overflow
|
 | | Integer overflow on negative parameter values. |
| 6! | Microsoft Windows files and folders management problems updated since 07.03.2007
|
 | | During file operations conditions exist for attacker to gain access to content of protected or locked files. It's also possible to create unmanageble file. |
| | Microsoft Windows OLE files DoS
|
 | | Crash on OLE file (.DOC) preview. |
| | Multiple browsers information leaks
|
 | | Server can find pages visited by user by using, e.g., different background pages for "visited" elements. |
| 6! | Multiple browsers OnUnload event handler different vulnerabilities updated since 23.02.2007
|
 | | Different memory corruptions because of race conditions in OnUnload handler. In addition address bar spoofing and creation of pages can not be left is possible. |
| 6! | Mozilla libnss multiple security vulnerabilities updated since 25.02.2007
|
 | | Buffer overflows and integer overflows in SSL2 client and server code implementation. |
| | Microsoft Windows Explorer DoS updated since 25.02.2007
|
 | | Application (explorer.exe) crashes on browsing folder with corrupted WMF file (no need to click file itself). |
| 6! | Microsoft Windows ReadDirectoryChangesW information leak
|
 | | ReadDirectoryChangesW() API function doesn't check user's privileges for subtree folders, making it's possible for unprivileged user to gather information about sensitive files. |
| 7! | Microsoft Internet Explorer multiple security vulnerabilities
|
 | | Memory corruptions on COM objects instantiation and FTP server response parsing can be used for hidden malware installation. |
| | Microsoft Step-by-Step Interactive Training buffer overflow updated since 13.02.2007
|
 | | Buffer overflow on bokmarks files handling (.cbl, .cbm, .cbo). |
| 7! | Microsoft Windows RiсhEdit control memory corruption
|
 | | Memory corruption in RF-enbedded OLE object can be used for hidden malware installation. |
| 6! | Microsoft Windows Shell Hardware Detection privilege escalation
|
 | | Parameter of function executed during hardware detection is not validated. |
| 7! | Microsoft Windows OLE dialog memory corruption
|
 | | Memory corruption on RTF-embedded OLE object. Can be used for hideen malware installation. |
| 6! | Microsoft Windows Image Acquisition Service buffer overflow |
| | | |
| 7! | Microsoft Windows HTML Help ActiveX code execution
|
 | | It's possible to access unsafe functions from web page. Vulnerability can be used for hidden malware installation. |
| | Microsoft Internet Explorer / Mozilla Firefox user input hijacking
|
 | | It's possible to hijack input focus by using OnKeyDown / OnKeyPress events. |
| 6! | Microsoft Windows XMLHTTP proxy problem
|
 | | Because of insufficient request validation Msxml2.XMLHTTP ActiveX object can be used to proxy HTTML request via client browser. |
| | Microsoft Internet Explorer multiple ActiveX different paramters DoS
|
 | | NULL pointer dereference. |
| 7! | Microsoft Agent memory corruption updated since 14.11.2006
|
 | | Memory corruption on parsing .ACF files. |
| | Microsoft Windows WMF invalid pointer dereference
|
 | | Invalid pointer dereference in GDI on CreateBrushIndirect function. |
| 8! | Microsoft VML buffer overflow
|
 | | Buffer overflow and integer overflows on Vector Markup Language parsing. May be used for hidden malware installation. |
| 6! | Multiple browsers race conditions updated since 18.08.2006
|
 | | There are different race condition with threading synchronization on different concurrent events. |
| | Microsoft Windows Client for Microsoft Network DoS
|
 | | Argument of NetrWkstaUserEnum() memory is not checked and used to allocate memory, creating condition for memory exhaustion. |
| 6! | Multiple browsers DNS pinning protection bypass
|
 | | By emulatin Web server failure it's possible to bypass DNS pinning protection (protection against changing IP address resolution by DNS name for crossite access) |
| | Microsoft Windows quartz.dll DoS
|
 | | Division by zero on malformed MIDI file or WMV file. |
| 7! | Microsoft Internet Explorer / Outlook Express multiple security vulnerabilities updated since 12.12.2006
|
 | | Memory corruption on Javascript errors processing and Javascript normalize() function. Temporary Internet Files crossite access. Buffer overflow on Windows Address Book (WAB) parsing. |
| 7! | Microsoft Windows Media Format Runtime buffer overflow
|
 | | Buffer oveflows on parsing ASF (.ASF, .WMV, .WMA) and ASX files. |
| 6! | Microsoft Windows CSRSS privilege escalation
|
 | | It's possible to elevate privileges with manifest file. |
| 6! | Microsoft Windows SNMP service buffer overflow |
| | | |
| 7! | Microsoft Windows Workstation service buffer overflow updated since 14.11.2006
|
 | | Buffer overflow in RPC based service. |
| | Microsoft Windows Client Service for Netware multiple vulnerabilities updated since 14.11.2006
|
 | | Memory corruption, DoS. |
| 9! | Microsoft Windows daxctle.ocx and HTML parsing buffer overflows updated since 13.09.2006
|
 | | DirectAnimation.PathControl ActiveX control KeyFrame method heap overflow. Buffer overflow in CSS Floatproperty.
May be used for hidden malware installation. |
| 9! | Microsoft Windows XMLHTTP ActiveX code execution updated since 05.11.2006
|
 | | ActiveX vulenrability is used for silent malware installation. |
| 8! | Macromedia Flash Player buffer overflow updated since 13.09.2006
|
 | | Buffer overflow on .swf files playing. Vulnerability can be used for hidden malware installation through browser. |
| 6! | Windows kernel GDI structures privilege escalation
|
 | | It's possible to remap read-only share memory section in write mode. |
| | Microsoft Windows connection sharing DoS
|
 | | NULL-pointer dereference on DNS request proxying in Microsoft Windows NAT Helper. |
| 6! | Microsoft Windows Object Packager dialog spoofing updated since 11.10.2006
|
 | | Code execution with .RTF or .WRI file embedded object. |
| 10! | Microsoft Windows WebViewFolderIcon ActiveX (integer overflow) updated since 28.09.2006
|
 | | Integer overflow can be used for hidden malware installation. |
| | Multiple Microsoft Windows IPv6 security vulnerabilities
|
 | | TCP connection reset with ICMP or TCP packet, CPU exhaustion. |
| 7! | Microsoft Windows Server service multiple security vulnerabilities
|
 | | Denial of service and code execution vulnerabilities. |
| 7! | Multiple Microsoft XML service security vulnerabilities
|
 | | Crossdomain data access, buffer overflow. |
| 7! | Microsoft Windows drmstor.dll buffer overflow
|
 | | Buffer overflow in ActiveX element. |
| | Microsoft Indexing Service crossite scripting updated since 12.09.2006
|
 | | Crossite scripting with UTF-7 characters in URL is possible. |
| 10! | Microsoft Windows / Internet Explorer 0-day vulnerability updated since 20.09.2006
|
 | | Microsoft Vector Graphics Rendering Library vulnerability is used for hidden malware installation. |
| 8! | Multiple Windows kernel security vulnerabilities updated since 09.08.2006
|
 | | Buffer overflow vulnerability allows privilege escalation, WinLogon user profile DLL privilege escalation, unhandled exception code execution vulnerability. |
| 9! | Multiple Microsoft Internet Explorer security vulnerabilities updated since 08.08.2006
|
 | | Crossite scripting, crossite information access, FTP commands injection. Vulnerabilities can be used for hidden malware installation. |
| | Microsoft Windows XP Pragmatic General Multicast memory corruption
|
 | | Memory corruption on parsing multicast PGM message if Microsoft Message Queuing Services (MSMQ) service is installed. |
| | Windows ZIP folders buffer overflow updated since 13.10.2004
|
 | | Integer overflow in DynaZip (DUNZIP32.DLL) library on oversized filename in archive. |
| 7! | Microsoft Windows DHCP client buffer overflow updated since 11.07.2006
|
 | | Buffer overflow on DHCP server response parsing. |
| 8! | Multiple Microsoft Windows Server service security vulnerabilities updated since 11.07.2006
|
 | | Kernel mode heap overflow on mailslots processing. Information leak from SMB buffers. |
| 9! | Microsoft Windows DNS client buffer overflows updated since 08.08.2006
|
 | | Buffer overflows in Winsock API and DNS client code. |
| 7! | Microsoft Windows crossite MMC access updated since 08.08.2006
|
 | | Script from Internet/Intranet zone site can access any Microsoft Management Console's object. |
| 7! | Multiple Microsoft Internet Explorer and Windows security vulnerabilities updated since 28.06.2006
|
 | | Cross-domain page content access, MSHTA code execution. |
| 6! | Microsoft Windows GDI32 library integer overflow
|
 | | CreateBrushInderect integer overflow on WMF files parsing. |
| 6! | Microsoft Windows graphics subsystem DoS
|
 | | Gdiplus.dll division by zero on .ICO files parsing. |
| 6! | Microsoft Internet Information services buffer overflow updated since 11.07.2006
|
 | | Buffer overflow in ASP files processing leads to privilege escalation. |
| 9! | Microsoft Windows XP/2003 Picture and Fax Viewer / Wine / ME code execution updated since 28.12.2005
|
 | | Buffer overflow on parsing WMF metafiles. It may be used for silent Spyware/Trojan installation with Internet Explorer or another browser and also with Lotus Notes. There are vulnerabilities not covered by MS06-001. |
| 6! | ASP.NET source code disclosure
|
 | | It's possible to retrieve source codes for scripts and executable, except protected file extensions. |
| 6! | Microsoft Windows SMB/CIFS privilege escalation updated since 13.06.2006
|
 | | MRxSmbCscIoctlOpenForCopyChunk buffer overflow. In additions, there are DoS vulnerabilities not covered by MS06-30. |
| 9! | Microsoft Windows RRAS Service buffer overflow updated since 13.06.2006
|
 | | Buffer overflows in service RPC interface. May be used by network worm. |
| 7! | Windows Media Player PNG files buffer overflow updated since 13.06.2006
|
 | | Buffer overflow on PNG files processing. |
| 9! | Windows ICMP DoS (potential code execution) updated since 09.02.2006
|
 | | Buffer overflow on ICMP packets with Loose Source and Record Route IP options.
Short message translation:
There are DoS conditions in Windows 2000 built-in NAT server. Tested configuration: Windows 2000 English Standard/Advanced Service Pack 4 + Update Rollup 1 for Service Pack 4 with NAT server enabled. While routing packets with options "Loose Source and Record Route" defined by RFC 791 through server, Windows crashes to BSOD with error in tcpip.sys or ntoskrnl.exe, or system hangs or system began instable work. It doesn't metter if packets are from internal or external networks. Use attached script to test vulnerability. On Windows 2003 problem doesn't present. It's also likely same problem to present in Windows 2000 + ISA 2000. Code execution is potentially possible. |
| 8! | Microsoft JScript (Internet Explorer) memory corruption
|
 | | Memory corruption on objects release. May be used for hidden malware installation. |
| | Microsoft Windows software restriction policy protection bypass
|
 | | By using RunAs function it's possible to launch any application. |
| | Windows limited service account privilege escalation
|
 | | By using security tokens located in process memory it's possible to escalate privileges from limited service account, such as Network Service or Microsoft SQL Service account. |
| | Microsoft Distributed Transaction Coordinator DoS updated since 09.05.2006
|
 | | Two different buffer overflows causing service to crash. |
| 8! | Microsoft Windows MDAC code execution updated since 11.04.2006
|
 | | RDS.Dataspace ActiveX object is marked as safe. Can be used for hidden malware installation with Internet Explorer. |
| 6! | Microsoft Outlook Express buffer overflow updated since 11.04.2006
|
 | | Buffer overflow on parsing WAB address book. |
| 8! | Microsoft Windows shell code execution updated since 11.04.2006
|
 | | COM object can execute code. Can be used for hidden malware installation with Internet Explorer. |
| 8! | Microsoft Windows system services privilege escalation updated since 01.02.2006
|
 | | There are several local services SSDP Discovery service, Universal Plug and Play Host service) allow any authenticated user to configure service. It makes it possible to specify executable file and elevate privilege to Local System.
Also vulnerable:
HP Software: "Pml Driver HPZ12" (HP Printer Laserjet 4200L PCL 6)
Audodesk: "Autodesk Licensing Service"
Dell Power Managment Software for network cards: "NICCONFIGSVC"
Macromedia: "Macromedia Licensing Service"
Zonelabs.com TrueVector Device Driver: "vsdatant"
C-Dilla Software: "C-DillaCdaC11BA"
Macrovision SECURITY Driver (Security Windows NT): "CdaC15BA"
Macrovision SECURITY Driver (Security Windows NT): "SecDrv" |
| 8! | Multiple Microsoft Windows Media Player vulnerabilities updated since 15.02.2006
|
 | | Buffer overflow on BMP files playing. Buffer overflow on oversized SRC for HTML page with EMBED'ded WMP. May be used for client machine trojaning. |
| | Microsoft Windows Korean IME privilege escalation updated since 15.02.2006
|
 | | Help subsystem is executed with LocalSystem privileges. |
| 6! | Microsoft Windows WebClient service buffer overflow
|
 | | Buffer overflow on RPC based service allows code execution with LocalSystem privileges. |
| | Microsoft Windows MS-DOS applications uninitilized memory access information leak
|
 | | Memory is not initialized then allocated for MS-DOS virtual machine. It allows to read data from physical memory. |
| | Multiple Windows wireless adapters WEP protection bypass
|
 | | Atacker can force client to downgradte to unencrypted cleartext mode operations. |
| 8! | Microsoft Windows embedded web fonts memory corruption updated since 10.01.2006
|
 | | Memory corruption on parsing web fonts embedded to HTML page. May be used to install trojans, backdoors or another malware to client computer. |
| | Microsoft Windows RunAs GPO restrictions protection bypass
|
 | | It's possible to use RunAs with restricted application. |
| 7! | LAND attack DoS against Microsoft Windows 2003 and Microsoft Windows XP updated since 05.03.2005
|
 | | LAND attack (ICMP or TCP SYN packet with equal SRC and DST IPs and ports) causes target host to freeze. |
| 7! | Microsoft Windows Plug and Play Service UMPNPMGR buffer overflow updated since 12.10.2005
|
 | | Buffer overflow on PNP_GetDeviceList and PNP_GetDeviceListSize calls for anonymous user on Windows 2000 and authenticated user on Windows 2003 / XP. There is another one similar vulnerability, leading to memory leak with DoS conditions. |
| 8! | Microsoft Windows WMF / EMF buffer overflow
|
 | | Multiple buffer overflows in GDI on WMF and WMF windows metafile formats. |
| | Multiple firewalls protection bypass updated since 28.10.2004
|
 | | The number of different way to break protection against client application attacks is almost unlimited. |
| 7! | Microsoft Distributed Transaction Coordinator service memory corruption updated since 12.10.2005
|
 | | Memory corruption as a result of integer overflow with anonymous remote access (Windows 2000) and authenticated access under Windows XP/2003. |
| | Multiple Microsoft Distributed Transaction Controller DoS conditions updated since 12.10.2005
|
 | | Problems with TIP protocols handling, bounce attack is possible. |
| 7! | Microsoft Windows Microsoft Collaboration Data Objects buffer overflow updated since 12.10.2005
|
 | | Buffer overflow on parsing mail messages with Microsoft SMTP service. |
| 6! | Microsoft Windows Shell multiple vulnerabilities
|
 | | Problems with .lnk files processing, HTML files preview. |
| 6! | Microsoft FTP client directory traversal
|
 | | It's possible to place downloaded file in any directory from server side. |
| 6! | Microsoft Windows Network Connection Manager service buffer overflow
|
 | | Buffer overflow in RPC service. |
| 6! | Microsoft Windows Client Service for NetWare buffer overflow
|
 | | Buffer overflow in network file srevice. |
| | Windows XP Wireless Zero Configuration service information leak
|
 | | WPA PMKs and WEP keys are available with WZCQueryInterface() of Wzcsapi.dll. |
| | Microsoft Windows win32k.sys DoS
|
 | | WM_CLOSE event for active drop-down menu causes system to crash. |
| | Microsoft Windows keyboard events design flow
|
 | | Application with diferent user's credentials may send keyboard events to applications running in the same desktop emulating user input. |
| 6! | ICMP and TCP timestamp attacks to reset TCP connections updated since 13.04.2005
|
 | | By using different ICMP packet types and TCP timestamps values it's possible to cause TCP connection resets or performance decrease. |
| 6! | Microsoft Windows Plug and Play service buffer overflow updated since 09.08.2005
|
 | | Stack overflow on named pipes request processig. |
| 6! |