[CLOSE] OSVDB ID : 76899 - Disclosed: 2011-11-08

Description:

(Description Provided by CVE) : Integer overflow in the TCP/IP implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code by sending a sequence of crafted UDP packets to a closed port, aka "Reference Counter Overflow Vulnerability."

[CLOSE] OSVDB ID : 76902 - Disclosed: 2011-11-08

Description:

(Description Provided by CVE) : The LDAP over SSL (aka LDAPS) implementation in Active Directory, Active Directory Application Mode (ADAM), and Active Directory Lightweight Directory Service (AD LDS) in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not examine Certificate Revocation Lists (CRLs), which allows remote authenticated users to bypass intended certificate restrictions and access Active Directory resources by leveraging a revoked X.509 certificate for a domain account, aka "LDAPS Authentication Bypass Vulnerability."

[CLOSE] OSVDB ID : 76901 - Disclosed: 2011-11-08

Description:

(Description Provided by CVE) : Untrusted search path vulnerability in Windows Mail and Windows Meeting Space in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .eml or .wcinv file, aka "Windows Mail Insecure Library Loading Vulnerability."

[CLOSE] OSVDB ID : 76900 - Disclosed: 2011-11-08

Description:

(Description Provided by CVE) : Array index error in win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 allows remote attackers to cause a denial of service (reboot) via a crafted TrueType font file, aka "TrueType Font Parsing Vulnerability," a different vulnerability than CVE-2011-3402.

[CLOSE] OSVDB ID : 75383 - Disclosed: 2011-09-13

Description:

(Description Provided by CVE) : Use-after-free vulnerability in Microsoft Excel 2003 SP3 allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel Use after Free WriteAV Vulnerability."

[CLOSE] OSVDB ID : 75384 - Disclosed: 2011-09-13

Description:

(Description Provided by CVE) : Array index error in Microsoft Excel 2003 SP3 and 2007 SP2; Excel in Office 2007 SP2; Excel 2010 Gold and SP1; Excel in Office 2010 Gold and SP1; Office 2004, 2008, and 2011 for Mac; Open XML File Format Converter for Mac; Excel Viewer SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2 allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel Out of Bounds Array Indexing Vulnerability."

[CLOSE] OSVDB ID : 75385 - Disclosed: 2011-09-13

Description:

(Description Provided by CVE) : Microsoft Excel 2003 SP3 and 2007 SP2; Excel in Office 2007 SP2; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Excel Viewer SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2 do not properly parse records in Excel spreadsheets, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel Heap Corruption Vulnerability."

[CLOSE] OSVDB ID : 75386 - Disclosed: 2011-09-13

Description:

(Description Provided by CVE) : Microsoft Excel 2003 SP3 and 2007 SP2; Excel in Office 2007 SP2; Excel 2010 Gold and SP1; Excel in Office 2010 Gold and SP1; Office 2004, 2008, and 2011 for Mac; Open XML File Format Converter for Mac; Excel Viewer SP2; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2; Excel Services on Office SharePoint Server 2007 SP2; Excel Services on Office SharePoint Server 2010 Gold and SP1; and Excel Web App 2010 Gold and SP1 do not properly parse conditional expressions associated with formatting requirements, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel Conditional Expression Parsing Vulnerability."

[CLOSE] OSVDB ID : 75387 - Disclosed: 2011-09-13

Description:

(Description Provided by CVE) : Microsoft Excel 2007 SP2; Excel in Office 2007 SP2; Excel Viewer SP2; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2; and Excel Services on Office SharePoint Server 2007 SP2 do not properly validate the sign of an unspecified array index, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel Out of Bounds Array Indexing Vulnerability."

[CLOSE] OSVDB ID : 75389 - Disclosed: 2011-09-13

Description:

(Description Provided by CVE) : Cross-site scripting (XSS) vulnerability in Microsoft Office SharePoint Server 2010 Gold and SP1, and SharePoint Foundation 2010, allows remote attackers to inject arbitrary web script or HTML via the URI, aka "XSS in SharePoint Calendar Vulnerability."

[CLOSE] OSVDB ID : 75390 - Disclosed: 2011-09-13

Description:

(Description Provided by CVE) : Cross-site scripting (XSS) vulnerability in EditForm.aspx in Microsoft Office SharePoint Server 2010 and SharePoint Foundation 2010 allows remote attackers to inject arbitrary web script or HTML via a post, aka "Editform Script Injection Vulnerability."

[CLOSE] OSVDB ID : 75391 - Disclosed: 2011-09-13

Description:

(Description Provided by CVE) : Cross-site scripting (XSS) vulnerability in Microsoft Windows SharePoint Services 3.0 SP2, and SharePoint Foundation 2010 Gold and SP1, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters in a request to a script, aka "Contact Details Reflected XSS Vulnerability."

[CLOSE] OSVDB ID : 75392 - Disclosed: 2011-09-13

Description:

(Description Provided by CVE) : Microsoft Office Groove 2007 SP2, SharePoint Workspace 2010 Gold and SP1, Office Forms Server 2007 SP2, Office SharePoint Server 2007 SP2, Office SharePoint Server 2010 Gold and SP1, Office Groove Data Bridge Server 2007 SP2, Office Groove Management Server 2007 SP2, Groove Server 2010 Gold and SP1, Windows SharePoint Services 3.0 SP2, SharePoint Foundation 2010, and Office Web Apps 2010 Gold and SP1 do not properly handle Web Parts containing XML classes referencing external entities, which allows remote authenticated users to read arbitrary files via a crafted XML and XSL file, aka "SharePoint Remote File Disclosure Vulnerability."

[CLOSE] OSVDB ID : 75393 - Disclosed: 2011-09-13

Description:

(Description Provided by CVE) : Cross-site scripting (XSS) vulnerability in Microsoft Office SharePoint Server 2010, Windows SharePoint Services 2.0 and 3.0 SP2, and SharePoint Foundation 2010 allows remote attackers to inject arbitrary web script or HTML via the URI, aka "SharePoint XSS Vulnerability."

[CLOSE] OSVDB ID : 75394 - Disclosed: 2011-09-13

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 75382 - Disclosed: 2011-09-13

Description:

Microsoft Windows is prone to a flaw in the way it loads dynamic-link libraries (DLL). The program uses a fixed path to look for specific files or libraries. This path includes directories that may not be trusted or under user control. By placing a custom version of the file or library in the path, the program will load it before the legitimate version. This allows an attacker to inject custom code that will be run with the privilege of the program or user executing the program. This can be done by tricking a user into opening a .txt, .rtf or .doc file from the local file system or a USB drive in some cases. This attack can be leveraged remotely in some cases by placing the malicious file or library on a network share or extracted archive downloaded from a remote source.

[CLOSE] OSVDB ID : 75381 - Disclosed: 2011-09-13

Description:

(Description Provided by CVE) : Microsoft Office Groove 2007 SP2, SharePoint Workspace 2010 Gold and SP1, Office Forms Server 2007 SP2, Office SharePoint Server 2007 SP2, Office SharePoint Server 2010 Gold and SP1, Office Groove Data Bridge Server 2007 SP2, Office Groove Management Server 2007 SP2, Groove Server 2010 Gold and SP1, Windows SharePoint Services 3.0 SP2, SharePoint Foundation 2010, and Office Web Apps 2010 Gold and SP1 do not properly handle Web Parts containing XML classes referencing external entities, which allows remote authenticated users to read arbitrary files via a crafted XML and XSL file, aka "SharePoint Remote File Disclosure Vulnerability."

[CLOSE] OSVDB ID : 75379 - Disclosed: 2011-09-13

Description:

Microsoft Office is prone to a flaw in the way it loads dynamic-link libraries (DLL). The program uses a fixed path to look for specific files or libraries. This path includes directories that may not be trusted or under user control. By placing a custom version of the file or library in the path, the program will load it before the legitimate version. This allows an attacker to inject custom code that will be run with the privilege of the program or user executing the program. This can be done by tricking a user into opening a .PPT file from the local file system or a USB drive in some cases. This attack can be leveraged remotely in some cases by placing the malicious file or library on a network share or extracted archive downloaded from a remote source.

[CLOSE] OSVDB ID : 75380 - Disclosed: 2011-09-13

Description:

(Description Provided by CVE) : Microsoft Office 2007 SP2, and 2010 Gold and SP1, does not initialize an unspecified object pointer during the opening of Word documents, which allows remote attackers to execute arbitrary code via a crafted document, aka "Office Uninitialized Object Pointer Vulnerability."

[CLOSE] OSVDB ID : 75444 - Disclosed: 2011-09-13

Description:

(Description Provided by CVE) : WINS in Microsoft Windows Server 2003 SP2 and Server 2008 SP2, R2, and R2 SP1 allows local users to gain privileges by sending crafted packets over the loopback interface, aka "WINS Local Elevation of Privilege Vulnerability."

[CLOSE] OSVDB ID : 74408 - Disclosed: 2011-08-09

Description:

Windows Data Access Tracing Component is prone to a flaw in the way it loads dynamic-link libraries (DLL). The program uses a fixed path to look for specific files or libraries. This path includes directories that may not be trusted or under user control. By placing a custom version of the file or library in the path, the program will load it before the legitimate version. This allows an attacker to inject custom code that will be run with the privilege of the program or user executing the program. This can be done by tricking a user into opening a Excel file from the local file system or a USB drive in some cases. This attack can be leveraged remotely in some cases by placing the malicious file or library on a network share or extracted archive downloaded from a remote source.

[CLOSE] OSVDB ID : 74407 - Disclosed: 2011-08-09

Description:

(Description Provided by CVE) : The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly parse file metadata, which allows local users to cause a denial of service (reboot) via a crafted file, aka "Windows Kernel Metadata Parsing DOS Vulnerability."

[CLOSE] OSVDB ID : 74406 - Disclosed: 2011-08-09

Description:

Microsoft Windows Remote Desktop Web Access contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate certain unspecified input to the Logon page before returning it to the user. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 74405 - Disclosed: 2011-08-09

Description:

Microsoft Windows contains a flaw that may allow a remote denial of service. The issue is triggered when the Remote Desktop Protocol fails to properly parse RDP packets, and will result in loss of availability for the platform.

[CLOSE] OSVDB ID : 74404 - Disclosed: 2011-08-09

Description:

(Description Provided by CVE) : Microsoft .NET Framework 2.0 SP2, 3.5.1, and 4 does not properly validate the System.Net.Sockets trust level, which allows remote attackers to obtain sensitive information or trigger arbitrary outbound network traffic via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka "Socket Restriction Bypass Vulnerability."

[CLOSE] OSVDB ID : 74399 - Disclosed: 2011-08-09

Description:

(Description Provided by CVE) : The DNS server in Microsoft Windows Server 2008 SP2, R2, and R2 SP1 does not properly handle NAPTR queries that trigger recursive processing, which allows remote attackers to execute arbitrary code via a crafted query, aka "DNS NAPTR Query Vulnerability."

[CLOSE] OSVDB ID : 74400 - Disclosed: 2011-08-09

Description:

(Description Provided by CVE) : The DNS server in Microsoft Windows Server 2003 SP2 and Windows Server 2008 SP2, R2, and R2 SP1 does not properly initialize memory, which allows remote attackers to cause a denial of service (service outage) via a query for a nonexistent domain, aka "DNS Uninitialized Memory Corruption Vulnerability."

[CLOSE] OSVDB ID : 74403 - Disclosed: 2011-08-09

Description:

(Description Provided by CVE) : The ASP.NET Chart controls in Microsoft .NET Framework 4, and Chart Control for Microsoft .NET Framework 3.5 SP1, do not properly verify functions in URIs, which allows remote attackers to read arbitrary files via special characters in a URI in an HTTP request, aka "Chart Control Information Disclosure Vulnerability."

[CLOSE] OSVDB ID : 74402 - Disclosed: 2011-08-09

Description:

(Description Provided by CVE) : NDISTAPI.sys in the NDISTAPI driver in Remote Access Service (RAS) in Microsoft Windows XP SP2 and SP3 and Windows Server 2003 SP2 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "NDISTAPI Elevation of Privilege Vulnerability."

[CLOSE] OSVDB ID : 74401 - Disclosed: 2011-08-09

Description:

(Description Provided by CVE) : Winsrv.dll in the Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly check permissions for sending inter-process device-event messages from low-integrity processes to high-integrity processes, which allows local users to gain privileges via a crafted application, aka "CSRSS Vulnerability."

[CLOSE] OSVDB ID : 74397 - Disclosed: 2011-08-09

Description:

Microsoft Visio contains a flaw related to the parsing of certain objects in memory when handling Visio files that may allow a context-dependent attacker to execute arbitrary code.

[CLOSE] OSVDB ID : 74398 - Disclosed: 2011-08-09

Description:

Microsoft Visio contains a flaw related to the parsing of certain objects in memory when handling Visio files that may allow a context-dependent attacker to execute arbitrary code.

[CLOSE] OSVDB ID : 74396 - Disclosed: 2011-08-09

Description:

Microsoft Report Viewer contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate certain unspecified input passed to the Microsoft Report Viewer control before returning it to the user. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 74482 - Disclosed: 2011-08-09

Description:

Microsoft Windows contains a flaw that may allow a remote denial of service. The issue is triggered when Tcpip.sys fails to properly parse ICMP messages, and will result in loss of availability for the platform.

[CLOSE] OSVDB ID : 74483 - Disclosed: 2011-08-09

Description:

Microsoft Windows contains a flaw that may allow a remote denial of service. The issue is triggered when Tcpip.sys fails to properly parse URL requests when URL-based Quality of Service (QoS) is enabled, and will result in loss of availability for the platform.

[CLOSE] OSVDB ID : 74495 - Disclosed: 2011-08-09

Description:

A memory corruption flaw exists in Microsoft Internet Explorer. The window.open() function fails to sanitize user-supplied input when the user performs specific sequences of clicks in different IE windows, resulting in memory corruption. With a specially crafted web page or ActiveX control, a context-dependent attacker can execute arbitrary code.

[CLOSE] OSVDB ID : 74496 - Disclosed: 2011-08-09

Description:

(Description Provided by CVE) : Unspecified vulnerability in Microsoft Internet Explorer 8 on Windows 7 allows remote attackers to bypass Protected Mode and create arbitrary files by leveraging access to a Low integrity process, as demonstrated by Stephen Fewer as the third of three chained vulnerabilities during a Pwn2Own competition at CanSecWest 2011.

[CLOSE] OSVDB ID : 74497 - Disclosed: 2011-08-09

Description:

(Description Provided by CVE) : Microsoft Internet Explorer 6 through 9 does not properly implement JavaScript event handlers, which allows remote attackers to access content from a different (1) domain or (2) zone via unspecified script code, aka "Event Handlers Information Disclosure Vulnerability."

[CLOSE] OSVDB ID : 74494 - Disclosed: 2011-08-09

Description:

(Description Provided by CVE) : The telnet URI handler in Microsoft Internet Explorer 6 through 9 does not properly launch the handler application, which allows remote attackers to execute arbitrary programs via a crafted web site, aka "Telnet Handler Remote Code Execution Vulnerability."

[CLOSE] OSVDB ID : 74498 - Disclosed: 2011-08-09

Description:

(Description Provided by CVE) : Microsoft Internet Explorer 6 through 9 does not properly handle unspecified character sequences, which allows remote attackers to read content from a different (1) domain or (2) zone via a crafted web site that triggers "inactive filtering," aka "Shift JIS Character Encoding Vulnerability."