Name: MICROSOFT : Windows 2000 Server

	Microsoft Internet Explorer saved pages crossite scripting updated since 21.08.2007
		Crossite scripting in context of local machine is possible on saving URL with address like http://site/--><script>alert("XSS")</script>
	Microsoft Windows LDAP users enumeration
		Different serverreply on invalid username and invalid password.
	Internet Explorer, Opera, Google Chrome, Mozilla browsers DoS updated since 03.10.2008
		window.close() в цикле на событие OnLoad() приводит к зависанию браузера. Multiple resource exhaustion attacks with Javascript.
	Microsoft fixed SMB NTLM relay attacks
		Microsoft fixed NTLM proxing vulnerability: credentials used for one services could be forwardedto different one. Attack is known for many years as NTLM weakness.
7!	Microsoft XML multiple security vulnerabilities
		Memory corruption, crossite scripting, information leak.
10!	Microsoft Windows code execution updated since 24.10.2008
		It's possible toexecute code without authentication with RPC request UUID 4b324fc8-1670-01d3-1278-5a47bf6ee188 to browser service via SERVER (LanmanServer) service, TCP/139, TCP/445. Reccomendation is to disable browser service.
	Google Chrome, Mozilla Firefox, Opera, Internet Explorer browsers DoS updated since 30.09.2008
		Calling window.print() function in loop causes browser to hang. Uncontrollable memory allocation. Script can close window without user approval.
	Microsoft Internet Explorer address bar spoofing
		There are few methods of address bar spoofing.
7!	Microsoft Internet Explorer multiple security vulnerabilities updated since 14.10.2008
		Memory corruptions, information hijack, crossite scripting.
	Microsoft Windows Internet Printing Service integer overflow
		Integer overflow after authentication.
	Microsoft Windows 2000 Message Queuing code execution
		Code execution via RPC-based service.
8!	Microsoft Windows SMB buffer overflow
		Buffer overflow on SMB protocol parsing.
6!	Microsoft Windows 2000 Active Directory buffer overflow
		Buffer overflow on LDAP request processing.
	Microsoft Windows kernel multiple security vulnerabilities
		Double free() vulnerability and memory corruptions.
	Windows kernel integer overflow
		Integer overflow in IopfCompleteRequest function.
	Internet Information Server and IAS ActiveX unauthorized access and DoS
		ActiveX allows privileged actions to be silently executed.
	Mozilla Firefox / Opera / Microsoft Internet Explorer browsers DoS
		window.sidebar.addPanel() in the loop causes browser to hang.
	Microsoft Internet Explorer DoS
		Browser hangs on malcrafted PNG image.
6!	Microsoft Outlook Express / Microsoft Outlook DoS
		Crash on <style>*{position:relative}</style> <table>DoS</table> in HTML content.
	Microsoft Windows DoS
		Uninitialized memory reference on WRITE_ANDX SMB request handling.
8!	Microsoft Windows GDI library multiple security vulnerabilities
		Multiple vulnerabilities on different graphics format parsing.
7!	Microsoft Windows Media Encoder ActiveX code execution
		Control supports unsafe methods.
7!	Microsoft .Net framework multiple security vulnerabilities updated since 10.07.2007
		Buffer overflow on PE .Net format parsing, buffer overflow in KIT compiler, remote information leak in ASP.NET with poisoned NULL byte.
8!	Microsoft Internet Explorer multiple security vulnerabilities updated since 12.08.2008
		Multiple memory corruptions, MHTML crossite scripting.
7!	Microsoft Windows color management system memory corruption updated since 12.08.2008
		Memory corruption on ICCM management.
6!	Microsoft Windows privilege escalation
		Invalid event handling allows code execution in system context.
6!	Microsoft Windows DNS server and DNS client DNS reply spoofing updated since 14.11.2007
		Weak pseudo-random generator is used to generate DNS request ID.
	Microsoft Active Directory DoS
		Uninitialized memory reference on LDAP processing.
	Microsoft Windows WINS privilege escalation
		Memory corruption on packet parsing.
6!	Microsoft Internet Explorer multiple security vulnerabilities
		Crossite scripting, information leak.
7!	Microsoft DirectX code execution
		MJPEG format AVI and ASF files parsing vulnerability, SAMI files parsing vulnerability.
7!	Microsoft Jet engine buffer overflow
		Buffer overflow on MDB files request handling.
6!	Microsoft Internet Explorer memory corruption updated since 08.04.2008
		Memory corruption on datasream processing.
8!	Microsoft Windows multiple ActiveX elements security update updated since 08.04.2008
		Code execution in hxvz.dll.
9!	Microsoft Windows GDI multiple security vulnerabilities updated since 08.04.2008
		Multiple buffer overflows on EMF and WMF files parsing.
9!	Microsoft Windows VBScript / JScript buffer overflow
		Buffer overflow on scripts parsing.
6!	Microsoft Windows privilege escalation
		Code execution in kernel context.
8!	Microsoft Internet Explorer multiple security vulnerabilities updated since 12.02.2008
		Multiple memory corruptions.
6!	Microsoft Internet Information Services privilege escalation
		Privilege escalation through file change notification. ASP files processing privilege escalation.
6!	Microsoft Windows Active Directory DoS
		Crash on LDAP request handling.
7!	Microsoft Windows OLE buffer overflow
		Heap buffer overflow
10!	Microsoft Windows TCP/IP stack multiple security vulnerabilities
		Memory corruption on IGMP/MLD processing, DoS on fragmented ICMP router discovery.
6!	Microsoft Windows LSASS LPC requests privilege escalation
		It's possible to execute code with LocalSystem privileges.
6!	Microsoft Windows Vista / XP / 2000 audio drivers privilege escalation
		Ensoniq PCI 1371 WDM audio driver privilege escalation.
7!	Microsoft Windows Message Queuing buffer overflow updated since 12.12.2007
		Buffer overflow in RPC interface (TCP/2103).
8!	Microsoft Internet Explorer multiple security vulnerabilities updated since 12.12.2007
		Multiple memory corruptions.
8!	Microsoft Windows DirectX multiple security vulnerabilities updated since 12.12.2007
		Synchronized Accessible Media Interchange (SAMI), WAV and AVI.
6!	3ivx MP4 codec buffer overflow
		Buffer overflow on MP4 tags parsing.
	Microsoft Jet Engine MDB files parsing buffer overflow
		Buffer overflow on MDB file access.
	Microsoft Internet Explorer executable files download filter protection bypass
		It's possible to upload file to temporary internet files folder by adding GET parameters to filename, e.g. http://example.com/program.exe?1.cda/
6!	Microsoft Windows RPC DoS updated since 10.10.2007
		Denial of Service during authentication in RPC-based services.
8!	Microsoft Outlook Express / Windows Mail NNTP buffer overflow
		Heap memory overflow on NNTP server reply parsing.
	Kodak Image Viewer memory corruption
		Memory corruption on image files parsing.
6!	Microsoft Internet Explorer multiple security vulnerabilities
		Memory corruption, address bar spoofing.
6!	Microsoft Agent ActiveX buffer overflow updated since 11.09.2007
		Buffer overflow on oversized URL.
9!	Microsoft Windows XML core services memory corruption updated since 14.08.2007
		Memory corruption on XML parsing.
10!	Microsoft Internet Explorer multiple security vulnerabilities updated since 14.08.2007
		Memory corruption on ActiveX parsing, unsafe Visual Basic ActiveX execution, Visual Basic ActiveX memory corruption.
6!	Microsoft Windows Media Player multiple security vulnerabilities
		Multiple vulnerabilities on skin files parsing.
10!	Microsoft Windows VML parsing buffer overflow
		Heap buffer overflow on compressed VML content.
6!	Microsoft Windows OLE Automation memory corruption updated since 14.08.2007
		Memory corruption on embedded objects processing.
10!	Microsoft Windows GDI code execution updated since 14.08.2007
		Heap buffer overflow on Windows metafiles parsing.
	Microsoft DirectX buffer overflow
		Buffer overflow on compressed TGA images parsing.
6!	Microsoft Internet Explorer 0-day vulnerability updated since 10.07.2007
		Unfiltered shell characters on executed URL: protocol application handler.
7!	Microsoft Windows Active Directory array overflow updated since 10.07.2007
		Array index overflow on LDAP request parsing.
	Microsoft Internet Explorer DoS
		Browser DoS on the page in domain with special characters.
6!	Microsoft Windows Secure Channle DoS updated since 12.06.2007
		Service hangs on SSL/TLS handshake parsing.
9!	Microsoft Internet Explorer multiple security vulnerabilities updated since 12.06.2007
		Multiple memory corruptions, content spoofing.
	Microsoft Windows GDI+ library DoS updated since 11.06.2007
		Division by zero on .ICO files parsing.
9!	Microsoft Windows APi code execution
		Insufficient validation of function arguments.
	Microsoft Html Popup / Outlook Express Address Book ActiveX DoS
		Crash on element displaying.
7!	Microsoft Internet Explorer and Mozilla Firefox multiple security vulnerabilities
		Internet Explorer race conditions allow cross domain access. Mozilla Firefox IFRAME cross domain access. Mozilla file download dialogs delay protection bypass. MSIE address bar spoofing.
	Microsoft Windows Active Directory users account enumeration
		It's possible to enumerate accounts with Logon Hours limitation set.
	Microsoft IIS unauthorized files access
		It's possible to bypass authentication with null.htw template.
9!	Microsoft Internet Explorer multiple security vulnerabilities updated since 08.05.2007
		Multiple memory corruption on COM objects and HTML parsing, files rewrite.
8!	Microsoft Windows DNS Server 0-day buffer overflow updated since 13.04.2007
		Buffer overflow in RPC-based interface is used for remote system compromisation.
7!	Microsoft Windows memory corruption updated since 16.12.2006
		CSRSS memory corruption on MessageBox with MB_SERVICE_NOTIFICATION beginning with "\??\".
	Microsoft Windows Virtual DOS machine privilege escalation
		Race conditions allow to overwrite VDM memory zero page.
7!	Microsoft Agent ActiveX memory corruption
		Buffer overflow on URL parsing.
10!	Microsoft Windows animated cursors buffer overflow updated since 30.03.2007
		Stack buffer overflow (stack overrun) is actively used for hidden malware installation.
9!	Microsoft Windows multiple GDI vulnerabilities
7!	Microsoft Data Access Components code execution updated since 13.02.2007
		ADODB.Connection NextRecordset() / Execute() double free() vulnerability. Can be used for hidden malware installation.
	Microsoft Internet Explorer DoS
		Memory exhaustion with appendChild method.
7!	Microsoft MFC memory corruption updated since 13.02.2007
		Memory corruption on RTF files parsing. Can be used for hidden malware installation.
	Microsoft Windows mmioRead () multimedia function integer overflow
		Integer overflow on negative parameter values.
6!	Microsoft Windows files and folders management problems updated since 07.03.2007
		During file operations conditions exist for attacker to gain access to content of protected or locked files. It's also possible to create unmanageble file.
	Microsoft Windows OLE files DoS
		Crash on OLE file (.DOC) preview.
	Multiple browsers information leaks
		Server can find pages visited by user by using, e.g., different background pages for "visited" elements.
6!	Multiple browsers OnUnload event handler different vulnerabilities updated since 23.02.2007
		Different memory corruptions because of race conditions in OnUnload handler. In addition address bar spoofing and creation of pages can not be left is possible.
6!	Mozilla libnss multiple security vulnerabilities updated since 25.02.2007
		Buffer overflows and integer overflows in SSL2 client and server code implementation.
6!	Microsoft Windows ReadDirectoryChangesW information leak
		ReadDirectoryChangesW() API function doesn't check user's privileges for subtree folders, making it's possible for unprivileged user to gather information about sensitive files.
	Microsoft Step-by-Step Interactive Training buffer overflow updated since 13.02.2007
		Buffer overflow on bokmarks files handling (.cbl, .cbm, .cbo).
7!	Microsoft Internet Explorer multiple security vulnerabilities
		Memory corruptions on COM objects instantiation and FTP server response parsing can be used for hidden malware installation.
7!	Microsoft Windows RiсhEdit control memory corruption
		Memory corruption in RF-enbedded OLE object can be used for hidden malware installation.
7!	Microsoft Windows OLE dialog memory corruption
		Memory corruption on RTF-embedded OLE object. Can be used for hideen malware installation.
6!	Microsoft Windows Image Acquisition Service buffer overflow
7!	Microsoft Windows HTML Help ActiveX code execution
		It's possible to access unsafe functions from web page. Vulnerability can be used for hidden malware installation.
	Microsoft Internet Explorer / Mozilla Firefox user input hijacking
		It's possible to hijack input focus by using OnKeyDown / OnKeyPress events.
	Microsoft Internet Explorer multiple ActiveX different paramters DoS
		NULL pointer dereference.
7!	Microsoft Agent memory corruption updated since 14.11.2006
		Memory corruption on parsing .ACF files.
	Microsoft Windows WMF invalid pointer dereference
		Invalid pointer dereference in GDI on CreateBrushIndirect function.
8!	Microsoft VML buffer overflow
		Buffer overflow and integer overflows on Vector Markup Language parsing. May be used for hidden malware installation.
6!	Multiple browsers race conditions updated since 18.08.2006
		There are different race condition with threading synchronization on different concurrent events.
	Microsoft Windows Client for Microsoft Network DoS
		Argument of NetrWkstaUserEnum() memory is not checked and used to allocate memory, creating condition for memory exhaustion.
6!	Multiple browsers DNS pinning protection bypass
		By emulatin Web server failure it's possible to bypass DNS pinning protection (protection against changing IP address resolution by DNS name for crossite access)
7!	Microsoft Internet Explorer / Outlook Express multiple security vulnerabilities updated since 12.12.2006
		Memory corruption on Javascript errors processing and Javascript normalize() function. Temporary Internet Files crossite access. Buffer overflow on Windows Address Book (WAB) parsing.
6!	Microsoft RIS Server weak permissions
		It's possible to write files via TFTP.
7!	Microsoft Windows Media Format Runtime buffer overflow
		Buffer oveflows on parsing ASF (.ASF, .WMV, .WMA) and ASX files.
6!	Microsoft Windows SNMP service buffer overflow
	Microsoft Windows spoolss DoS
		Memory exhaustion in GetPrinterData() function.
7!	Microsoft Windows Workstation service buffer overflow updated since 14.11.2006
		Buffer overflow in RPC based service.
	Microsoft Windows Client Service for Netware multiple vulnerabilities updated since 14.11.2006
		Memory corruption, DoS.
9!	Microsoft Windows daxctle.ocx and HTML parsing buffer overflows updated since 13.09.2006
		DirectAnimation.PathControl ActiveX control KeyFrame method heap overflow. Buffer overflow in CSS Floatproperty. May be used for hidden malware installation.
9!	Microsoft Windows XMLHTTP ActiveX code execution updated since 05.11.2006
		ActiveX vulenrability is used for silent malware installation.
6!	Windows kernel GDI structures privilege escalation
		It's possible to remap read-only share memory section in write mode.
6!	Microsoft Windows Object Packager dialog spoofing updated since 11.10.2006
		Code execution with .RTF or .WRI file embedded object.
7!	Microsoft Windows Server service multiple security vulnerabilities
		Denial of service and code execution vulnerabilities.
7!	Multiple Microsoft XML service security vulnerabilities
		Crossdomain data access, buffer overflow.
7!	Microsoft Windows drmstor.dll buffer overflow
		Buffer overflow in ActiveX element.
	Microsoft Indexing Service crossite scripting updated since 12.09.2006
		Crossite scripting with UTF-7 characters in URL is possible.
10!	Microsoft Windows / Internet Explorer 0-day vulnerability updated since 20.09.2006
		Microsoft Vector Graphics Rendering Library vulnerability is used for hidden malware installation.
8!	Multiple Windows kernel security vulnerabilities updated since 09.08.2006
		Buffer overflow vulnerability allows privilege escalation, WinLogon user profile DLL privilege escalation, unhandled exception code execution vulnerability.
9!	Multiple Microsoft Internet Explorer security vulnerabilities updated since 08.08.2006
		Crossite scripting, crossite information access, FTP commands injection. Vulnerabilities can be used for hidden malware installation.
7!	Microsoft Windows DHCP client buffer overflow updated since 11.07.2006
		Buffer overflow on DHCP server response parsing.
8!	Multiple Microsoft Windows Server service security vulnerabilities updated since 11.07.2006
		Kernel mode heap overflow on mailslots processing. Information leak from SMB buffers.
7!	Multiple Microsoft Internet Explorer and Windows security vulnerabilities updated since 28.06.2006
		Cross-domain page content access, MSHTA code execution.
9!	Microsoft Windows DNS client buffer overflows updated since 08.08.2006
		Buffer overflows in Winsock API and DNS client code.
7!	Microsoft Windows crossite MMC access updated since 08.08.2006
		Script from Internet/Intranet zone site can access any Microsoft Management Console's object.
6!	Microsoft Windows GDI32 library integer overflow
		CreateBrushInderect integer overflow on WMF files parsing.
6!	Microsoft Internet Information services buffer overflow updated since 11.07.2006
		Buffer overflow in ASP files processing leads to privilege escalation.
6!	Microsoft Windows SMB/CIFS privilege escalation updated since 13.06.2006
		MRxSmbCscIoctlOpenForCopyChunk buffer overflow. In additions, there are DoS vulnerabilities not covered by MS06-30.
	Microsoft Windows 2000 RPC spoofed server attack
		Mutual authentication is not actually performed.
9!	Microsoft Windows RRAS Service buffer overflow updated since 13.06.2006
		Buffer overflows in service RPC interface. May be used by network worm.
9!	Windows ICMP DoS (potential code execution) updated since 09.02.2006
		Buffer overflow on ICMP packets with Loose Source and Record Route IP options. Short message translation: There are DoS conditions in Windows 2000 built-in NAT server. Tested configuration: Windows 2000 English Standard/Advanced Service Pack 4 + Update Rollup 1 for Service Pack 4 with NAT server enabled. While routing packets with options "Loose Source and Record Route" defined by RFC 791 through server, Windows crashes to BSOD with error in tcpip.sys or ntoskrnl.exe, or system hangs or system began instable work. It doesn't metter if packets are from internal or external networks. Use attached script to test vulnerability. On Windows 2003 problem doesn't present. It's also likely same problem to present in Windows 2000 + ISA 2000. Code execution is potentially possible.
8!	Microsoft JScript (Internet Explorer) memory corruption
		Memory corruption on objects release. May be used for hidden malware installation.
	Windows limited service account privilege escalation
		By using security tokens located in process memory it's possible to escalate privileges from limited service account, such as Network Service or Microsoft SQL Service account.
	Microsoft Distributed Transaction Coordinator DoS updated since 09.05.2006
		Two different buffer overflows causing service to crash.
8!	Microsoft Windows shell code execution updated since 11.04.2006
		COM object can execute code. Can be used for hidden malware installation with Internet Explorer.
8!	Microsoft Windows MDAC code execution updated since 11.04.2006
		RDS.Dataspace ActiveX object is marked as safe. Can be used for hidden malware installation with Internet Explorer.
6!	Microsoft Outlook Express buffer overflow updated since 11.04.2006
		Buffer overflow on parsing WAB address book.
8!	Multiple Microsoft Windows Media Player vulnerabilities updated since 15.02.2006
		Buffer overflow on BMP files playing. Buffer overflow on oversized SRC for HTML page with EMBED'ded WMP. May be used for client machine trojaning.
6!	Internet Explorer for Windows 2000 WMF files memory corruption
		Memory corruption on Windows MetaFiles parsing.
	Microsoft Windows MS-DOS applications uninitilized memory access information leak
		Memory is not initialized then allocated for MS-DOS virtual machine. It allows to read data from physical memory.
8!	Microsoft Windows embedded web fonts memory corruption updated since 10.01.2006
		Memory corruption on parsing web fonts embedded to HTML page. May be used to install trojans, backdoors or another malware to client computer.
	Microsoft Windows RunAs GPO restrictions protection bypass
		It's possible to use RunAs with restricted application.
7!	Microsoft Windows 2000 kernel Asynchronous Procedure Call privilege escalation
		Double removal of structure from linked list allows memory manipulation.
7!	Microsoft Windows Plug and Play Service UMPNPMGR buffer overflow updated since 12.10.2005
		Buffer overflow on PNP_GetDeviceList and PNP_GetDeviceListSize calls for anonymous user on Windows 2000 and authenticated user on Windows 2003 / XP. There is another one similar vulnerability, leading to memory leak with DoS conditions.
8!	Microsoft Windows WMF / EMF buffer overflow
		Multiple buffer overflows in GDI on WMF and WMF windows metafile formats.
7!	Microsoft Distributed Transaction Coordinator service memory corruption updated since 12.10.2005
		Memory corruption as a result of integer overflow with anonymous remote access (Windows 2000) and authenticated access under Windows XP/2003.
	Multiple Microsoft Distributed Transaction Controller DoS conditions updated since 12.10.2005
		Problems with TIP protocols handling, bounce attack is possible.
7!	Microsoft Windows Microsoft Collaboration Data Objects buffer overflow updated since 12.10.2005
		Buffer overflow on parsing mail messages with Microsoft SMTP service.
6!	Microsoft Windows Client Service for NetWare buffer overflow
		Buffer overflow in network file srevice.
6!	Microsoft Windows Shell multiple vulnerabilities
		Problems with .lnk files processing, HTML files preview.
6!	Microsoft Windows Network Connection Manager service buffer overflow
		Buffer overflow in RPC service.
	Microsoft Windows keyboard events design flow
		Application with diferent user's credentials may send keyboard events to applications running in the same desktop emulating user input.
6!	ICMP and TCP timestamp attacks to reset TCP connections updated since 13.04.2005
		By using different ICMP packet types and TCP timestamps values it's possible to cause TCP connection resets or performance decrease.
6!	Microsoft Windows Plug and Play service buffer overflow updated since 09.08.2005
		Stack overflow on named pipes request processig.
6!	Microsoft Windows RDP protocol DoS updated since 09.08.2005
		Bug in RDP protocol parsing causes system to crash and restart.
6!	Multiple Microsoft Windows Kerberos service vulnerabilities
		DoS on protocol parsing. Ability so spoof server on smart card authentication.
6!	Microsoft Windows print Spooler service buffer overflow
		Buffer overflow on named pipes request processing.
6!	Microsoft Windows Telephony service privilege escalation
	Microsoft Windows USB drivers buffer overflow
		Buffer overflow on USB device response parsing.
9!	Microsoft Windows Color Management module buffer overflow updated since 13.07.2005
		Buffer overflow during ICC tags processing in different graphics formats, including JPEG.
	Windows XP / 2000 / 2003 / NT named pipes usernames information leak updated since 09.02.2005
		It's possible to retrieve usernames of the users accessing network resources.
7!	Microsoft Message Queuing buffer overflow updated since 13.04.2005
		Buffer overflow in RPC-based protocol.
8!	Microsoft Windows SMB file system client buffer overflow updated since 09.02.2005
		Buffer overflow on nework protocol parsing.
	Microsoft Agent content spoofing
		Microsoft Agent ActiveX allows to spoof trusted site content.
8!	Microsoft Windows HTML Help files parsing buffer overflow
		Heap overflow on HTML help (.chm) files structure parsing.
8!	Microsoft Internet Explorer PNG images buffer overflow
		Heap overflow on large specific PNG chunk.
	Microsoft Windows Explorer code execution
		It's possible to execute script automatically on file selection.
7!	Windows 2000/XP/2003 kernel multiple vulnerabilities
		Buffer overflow during font files parsing, buffer overflow in CSRSS (Win32 execution subsystem), privilege escalation.
9!	Microsoft Windows TCP/IP stack multiple vulnerabilities
		Memory corruption on IP packets handling, TCP connection reset with spoofed TCP and ICMP packets, a varinat of LAND attack.
6!	Microsoft Windows MSHTA code execution
		Content type of the file is determined based on CLSID in file content, not by it's extention.
	Microsoft Windows msjet database multipl vulnerabilities
		Microsoft Windows msjet databases multiple vulnerabilities.
10!	Windows multiple bugs updated since 14.04.2004
		LSASSS buffer overflow, LDAP DoS, PCT buffer overflow, WinLogon buffer overflow, WMF/EMF parsing buffer overflow, HCP:// code execution, Utility Manager privilege escalation, WMI privilege escalation, LDT privilege escalation, H.323 buffer overflow, NTVDM privilege escalation, ASM.1 double free memory coruuption.
	Windows 2000 GetEnhMetaFilePaletteEntries() API DoS
		Application may crash on malcrafted EMF file processing.
7!	Windows License Logging Service buffer overflow updated since 09.02.2005
		Buffer overflow during request parsing.
7!	Microsoft Windows Hyperlink Object Library buffer overflow
7!	Microsoft Windows Drag-and-Drop vulnerability
		It's possible to trick user to drag-n-drop malicious file into special (for example autostart) folder.
7!	Microsoft Windows COM/OLE multiple bugs
		Privilege escalation during parsing files with COM structure (e.g. MS Office), buffer overflow on OLE objects, including MS Exchange MS-TNEF data format.
7!	Microsoft Windows NetDDE buffer overflow updated since 13.10.2004
8!	Microsoft Windows .ANI (animated cursor) files buffer overflow
		USER32.DLL buffer overflow allows code to be executed. This vulnerability can potentially be used for silent spyware/adware installation.
8!	Multiple Microsoft Windows bugs updated since 15.12.2004
		Kernel buffer overflow LSASS privilege escalation.
	Microsoft HTML parser DoS
		Invalid javascript handling causes application compiled with libarary fails.
	Windows ANI files DoS
		Installing ANI file with incorrect parameters causes syste, to freeze or crash.
6!	Windows LoadImage integer overflow
		Integer overflow on bitmap size calculation.
6!	Microsoft WordPad buffer overflow
		Buffer overflow during Word 95/6.0 documents conversion.
	HyperTerminal buffer overflow
		Buffer overflow on .ht files parsing.
6!	Microsoft WINS server memory corruption updated since 29.11.2004
		Bug in replication protocol handling allows code execution.
8!	Microsoft Windows multiple bugs updated since 13.10.2004
		Windows management API privilege escalation with SetWindowLong()/SetWindowLongPtr() shatter attack, Virtual DOS Machine privilege escalation, EMF/WMF files code execution, DoS.
8!	Microsoft NNTP code execution
		Multiple bugs during XPAT command parsing.
6!	Windows Shell buffer overflow
8!	Microsoft HTML Help buffer overflow
		Buffer overflow on CHM format parsing.
6!	Microsoft Windows Task Scheduler buffer overflow
		Buffer overflow during .job files parsing.
	Windows POSIX subsystem buffer overflow
		POSIX subsystem overflow allows privilege escalation.