http://oval.mitre.org/repository This feed provides information about the latest updates to the OVAL Repository, including new OVAL definitions; definitions that have changed status (e.g., from Draft to Interim or Interim to Accepted); and definitions that have been modified is posted here. Each update to the OVAL Repository will also update this feed. The OVAL Repository is updated as edits and additions are completed. It is possible for this feed to be updated several times per day, but updates rarely occure more often than once per day. en-us oval@mitre.org Tue, 06 Jan 2009 05:43:58 EST http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:6110 The search-ms protocol handler in Windows Explorer in Microsoft Windows Vista Gold and SP1 and Server 2008 uses untrusted parameter data obtained from incorrect parsing, which allows remote attackers to execute arbitrary code via a crafted HTML document, aka "Windows Search Parsing Vulnerability." New http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:6110 Mon, 05 Jan 2009 04:00:23 EST http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:6098 Double free vulnerability in Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1; Outlook 2007 Gold and SP1; Word Viewer 2003 Gold and SP3; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1; and Office 2004 for Mac allow remote attackers to execute arbitrary code via a crafted (1) RTF file or (2) rich text e-mail message with multiple consecutive Drawing Object ("\do") tags, which triggers a "memory calculation error" and memory corruption, aka "Word RTF Object Parsing Vulnerability." New http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:6098 Mon, 05 Jan 2009 04:00:22 EST http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:6096 Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1; Outlook 2007 Gold and SP1; Word Viewer 2003 Gold and SP3; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1; Office 2004 and 2008 for Mac; and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via crafted control words related to multiple Drawing Object tags in (1) an RTF file or (2) a rich text e-mail message, which triggers incorrect memory allocation and a heap-based buffer overflow, aka "Word RTF Object Parsing Vulnerability," a different vulnerability than CVE-2008-4030. New http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:6096 Mon, 05 Jan 2009 04:00:21 EST http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:5982 Stack-based buffer overflow in Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1; Word Viewer 2003 Gold and SP3; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1; and Microsoft Works 8 allow remote attackers to execute arbitrary code via a crafted Word document that contains a malformed table property, which triggers memory corruption, aka "Word Memory Corruption Vulnerability." New http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:5982 Mon, 05 Jan 2009 04:00:21 EST http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:5952 Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1; Outlook 2007 Gold and SP1; Word Viewer 2003 Gold and SP3; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1; Office 2004 and 2008 for Mac; and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via a malformed string in (1) an RTF file or (2) a rich text e-mail message, which triggers incorrect memory allocation and memory corruption, aka "Word RTF Object Parsing Vulnerability." New http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:5952 Mon, 05 Jan 2009 04:00:20 EST http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:5934 Microsoft Office Word 2000 SP3 and 2002 SP3 and Office 2004 for Mac allow remote attackers to execute arbitrary code via a Word document with a crafted lcbPlcfBkfSdt field in the File Information Block (FIB), which bypasses an initialization step and triggers an "arbitrary free," aka "Word Memory Corruption Vulnerability." New http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:5934 Mon, 05 Jan 2009 04:00:20 EST http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:5853 The Windows Search component in Microsoft Windows Vista Gold and SP1 and Server 2008 does not properly free memory during a save operation for a Windows Search file, which allows remote attackers to execute arbitrary code via a crafted saved-search file, aka "Windows Saved Search Vulnerability." New http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:5853 Mon, 05 Jan 2009 04:00:19 EST http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:5808 Arracy index vulnerability in Microsoft Office Excel 2000 SP3, 2002 SP3, and 2003 SP3; Excel Viewer 2003 Gold and SP3; Office 2004 and 2008 for Mac; and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via an Excel spreadsheet with a NAME record that contains an invalid index value, which triggers stack corruption, aka "Excel Global Array Memory Corruption Vulnerability." New http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:5808 Mon, 05 Jan 2009 04:00:19 EST http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:5807 Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1; Word Viewer 2003 Gold and SP3; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1; Office 2004 and 2008 for Mac; and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via a crafted Word document that contains a malformed value, which triggers memory corruption, aka "Word Memory Corruption Vulnerability." New http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:5807 Mon, 05 Jan 2009 04:00:18 EST http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:5737 Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1; Outlook 2007 Gold and SP1; Word Viewer 2003 Gold and SP3; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1 allow remote attackers to execute arbitrary code via crafted control words in (1) an RTF file or (2) a rich text e-mail message, which triggers incorrect memory allocation and memory corruption, aka "Word RTF Object Parsing Vulnerability," a different vulnerability than CVE-2008-4028. New http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:5737 Mon, 05 Jan 2009 04:00:17 EST http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:5682 Integer overflow in Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1; Outlook 2007 Gold and SP1; Word Viewer 2003 Gold and SP3; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1; Office 2004 and 2008 for Mac; and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via (1) an RTF file or (2) a rich text e-mail message containing an invalid number of points for a polyline or polygon, which triggers a heap-based buffer overflow, aka "Word RTF Object Parsing Vulnerability." New http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:5682 Mon, 05 Jan 2009 04:00:16 EST http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:5614 Microsoft Office Excel 2000 SP3 allows remote attackers to execute arbitrary code via a crafted Excel spreadsheet that contains a malformed object, which triggers memory corruption during the loading of records from this spreadsheet, aka "File Format Parsing Vulnerability." New http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:5614 Mon, 05 Jan 2009 04:00:14 EST http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:5556 Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1; Excel Viewer 2003 Gold and SP3; Excel Viewer; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1; Office 2004 and 2008 for Mac; and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via a crafted Excel spreadsheet that contains a malformed formula, which triggers "pointer corruption" during the loading of formulas from this spreadsheet, aka "File Format Parsing Vulnerability." New http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:5556 Mon, 05 Jan 2009 04:00:13 EST http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:6093 The Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, and 7 Pre-Beta allows remote attackers to execute arbitrary code via a crafted RPC request that triggers the overflow during path canonicalization, as exploited in the wild by Gimmiv.A in October 2008, aka "Server Service Vulnerability." New http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:6093 Mon, 29 Dec 2008 04:00:38 EST http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:6077 Unspecified vulnerability in the kernel in HP HP-UX B.11.31 allows local users to cause a denial of service via unknown vectors. New http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:6077 Mon, 29 Dec 2008 04:00:38 EST http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:6062 Heap-based buffer overflow in an API in GDI in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows context-dependent attackers to cause a denial of service or execute arbitrary code via a WMF file with a malformed file-size parameter, which would not be properly handled by a third-party application that uses this API for a copy operation, aka "GDI Heap Overflow Vulnerability." New http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:6062 Mon, 29 Dec 2008 04:00:37 EST http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:6032 Heap-based buffer overflow in mscomct2.ocx (aka Windows Common ActiveX control or Microsoft Animation ActiveX control) in Microsoft Visual Basic 6.0, Visual Studio .NET 2002 SP1 and 2003 SP1, Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2, and Office Project 2003 SP3 and 2007 Gold and SP1 allows remote attackers to execute arbitrary code via an AVI file with a crafted stream length, which triggers an "allocation error" and memory corruption, aka "Windows Common AVI Parsing Overflow Vulnerability." New http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:6032 Mon, 29 Dec 2008 04:00:37 EST http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:6018 Stack-based buffer overflow in the WMEncProfileManager ActiveX control in wmex.dll in Microsoft Windows Media Encoder 9 Series allows remote attackers to execute arbitrary code via a long first argument to the GetDetailsString method, aka "Windows Media Encoder Buffer Overrun Vulnerability." New http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:6018 Mon, 29 Dec 2008 04:00:36 EST http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:6012 Microsoft Windows 2000 Gold through SP4, XP Gold through SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote SMB servers to execute arbitrary code on a client machine by replaying the NTLM credentials of a client user, as demonstrated by backrush, aka "SMB Credential Reflection Vulnerability." NOTE: some reliable sources report that this vulnerability exists because of an insufficient fix for CVE-2000-0834. New http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:6012 Mon, 29 Dec 2008 04:00:35 EST http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:5999 Cross-domain vulnerability in Microsoft XML Core Services 3.0 and 4.0, as used in Internet Explorer, allows remote attackers to obtain sensitive information from another domain via a crafted XML document, related to improper error checks for external DTDs, aka "MSXML DTD Cross-Domain Scripting Vulnerability." New http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:5999 Mon, 29 Dec 2008 04:00:34 EST http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:5994 The FlexGrid ActiveX control in Microsoft Visual Basic 6.0, Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2, Office FrontPage 2002 SP3, and Office Project 2003 SP3 does not properly handle errors during access to incorrectly initialized objects, which allows remote attackers to execute arbitrary code via a crafted HTML document, related to corruption of the "system state," aka "FlexGrid Control Memory Corruption Vulnerability." New http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:5994 Mon, 29 Dec 2008 04:00:34 EST http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:5984 Integer overflow in GDI in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to execute arbitrary code via a malformed header in a crafted WMF file, which triggers a buffer overflow, aka "GDI Integer Overflow Vulnerability." New http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:5984 Mon, 29 Dec 2008 04:00:33 EST http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:5953 The application Microsoft Project 20007 is installed. New http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:5953 Mon, 29 Dec 2008 04:00:33 EST http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:5942 Microsoft Windows Media Player 6.4, Windows Media Format Runtime 7.1 through 11, and Windows Media Services 4.1, 9, and 2008 do not properly use the Service Principal Name (SPN) identifier when validating replies to authentication requests, which allows remote servers to execute arbitrary code via vectors that employ NTLM credential reflection, aka "SPN Vulnerability." New http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:5942 Mon, 29 Dec 2008 04:00:32 EST http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:5903 Microsoft Internet Explorer 7 sometimes attempts to access a deleted object, which allows remote attackers to execute arbitrary code via a crafted HTML document that triggers memory corruption, aka "Uninitialized Memory Corruption Vulnerability." New http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:5903 Mon, 29 Dec 2008 04:00:31 EST http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:5901 Cross-domain vulnerability in Microsoft Internet Explorer 5.01 SP4, 6, and 7 allows remote attackers to access restricted information from other domains via JavaScript that uses the Object data type for the value of a (1) location or (2) location.href property, related to incorrect determination of the origin of web script, aka "Window Location Property Cross-Domain Vulnerability." NOTE: according to Microsoft, CVE-2008-2948 and CVE-2008-2949 are duplicates of this issue, probably different attack vectors. New http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:5901 Mon, 29 Dec 2008 04:00:30 EST http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:5894 The DataGrid ActiveX control in Microsoft Visual Basic 6.0 and Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2 does not properly handle errors during access to incorrectly initialized objects, which allows remote attackers to execute arbitrary code via a crafted HTML document, related to corruption of the "system state," aka "DataGrid Control Memory Corruption Vulnerability." New http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:5894 Mon, 29 Dec 2008 04:00:29 EST http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:5847 Cross-domain vulnerability in Microsoft XML Core Services 3.0 through 6.0, as used in Microsoft Expression Web, Office, Internet Explorer, and other products, allows remote attackers to obtain sensitive information from another domain and corrupt the session state via HTTP request header fields, as demonstrated by the Transfer-Encoding field, aka "MSXML Header Request Vulnerability." New http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:5847 Mon, 29 Dec 2008 04:00:28 EST http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:5844 The application Microsoft Media Services 9 is installed. New http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:5844 Mon, 29 Dec 2008 04:00:28 EST http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:5829 Stack-based buffer overflow in Microsoft Internet Explorer 5.01 SP4, 6 SP1 on Windows 2000, and 6 on Windows XP and Server 2003 does not properly handle extraneous data associated with an object embedded in a web page, which allows remote attackers to execute arbitrary code via crafted HTML tags that trigger memory corruption, aka "HTML Rendering Memory Corruption Vulnerability." New http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:5829 Mon, 29 Dec 2008 04:00:27 EST http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:5805 Multiple integer overflows in the Hierarchical FlexGrid ActiveX control (mshflxgd.ocx) in Microsoft Visual Basic 6.0 and Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2 allow remote attackers to execute arbitrary code via crafted (1) Rows and (2) Cols properties to the (a) ExpandAll and (b) CollapseAll methods, related to access of incorrectly initialized objects and corruption of the "system state," aka "Hierarchical FlexGrid Control Memory Corruption Vulnerability." New http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:5805 Mon, 29 Dec 2008 04:00:26 EST http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:5794 Heap-based buffer overflow in the MaskedEdit ActiveX control in Msmask32.ocx 6.0.81.69, and possibly other versions before 6.0.84.18, in Microsoft Visual Studio 6.0, Visual Basic 6.0, Visual Studio .NET 2002 SP1 and 2003 SP1, and Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2 allows remote attackers to execute arbitrary code via a long Mask parameter, related to not "validating property values with boundary checks," as exploited in the wild in August 2008, aka "Masked Edit Control Memory Corruption Vulnerability." New http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:5794 Mon, 29 Dec 2008 04:00:25 EST http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:5793 Race condition in the msxml3 module in Microsoft XML Core Services 3.0, as used in Internet Explorer 6 and other applications, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via many nested tags in an XML document in an IFRAME, when synchronous document rendering is frequently disrupted with asynchronous events, as demonstrated using a JavaScript timer, which can trigger NULL pointer dereferences or memory corruption, aka "MSXML Memory Corruption Vulnerability." New http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:5793 Mon, 29 Dec 2008 04:00:25 EST http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:5774 Microsoft Office SharePoint Server 2007 Gold and SP1 and Microsoft Search Server 2008 do not properly perform authentication and authorization for administrative functions, which allows remote attackers to cause a denial of service (server load), obtain sensitive information, and "create scripts that would run in the context of the site" via requests to administrative URIs, aka "Access Control Vulnerability." New http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:5774 Mon, 29 Dec 2008 04:00:24 EST http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:5755 The application Microsoft Project 20003 SP3 is installed. New http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:5755 Mon, 29 Dec 2008 04:00:23 EST http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:5706 Microsoft Internet Explorer 7 sometimes attempts to access uninitialized memory locations, which allows remote attackers to execute arbitrary code via a crafted HTML document that triggers memory corruption, related to a WebDAV request for a file with a long name, aka "HTML Objects Memory Corruption Vulnerability." New http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:5706 Mon, 29 Dec 2008 04:00:22 EST http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:5705 The application Microsoft Media Services 4.1 is installed. New http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:5705 Mon, 29 Dec 2008 04:00:21 EST http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:5689 Microsoft Windows Media Player 6.4, Windows Media Format Runtime 7.1 through 11, and Windows Media Services 4.1 and 9 incorrectly associate ISATAP addresses with the Local Intranet zone, which allows remote servers to capture NTLM credentials, and execute arbitrary code through credential-reflection attacks, by sending an authentication request, aka "ISATAP Vulnerability." New http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:5689 Mon, 29 Dec 2008 04:00:20 EST http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:5668 in.dhcpd in the DHCP implementation in Sun Solaris 8 through 10, and OpenSolaris before snv_103, allows remote attackers to cause a denial of service (assertion failure and daemon exit) via unknown DHCP requests related to the "number of offers," aka Bug ID 6713805. New http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:5668 Mon, 29 Dec 2008 04:00:19 EST http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:5651 The Charts ActiveX control in Microsoft Visual Basic 6.0, Visual Studio .NET 2002 SP1 and 2003 SP1, and Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2 does not properly handle errors during access to incorrectly initialized objects, which allows remote attackers to execute arbitrary code via a crafted HTML document, related to corruption of the "system state," aka "Charts Control Memory Corruption Vulnerability." New http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:5651 Mon, 29 Dec 2008 04:00:19 EST http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:5231 Microsoft Internet Explorer 5.01 SP4 and 6 SP1 does not properly validate parameters during calls to navigation methods, which allows remote attackers to execute arbitrary code via a crafted HTML document that triggers memory corruption, aka "Parameter Validation Memory Corruption Vulnerability." New http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:5231 Mon, 29 Dec 2008 04:00:18 EST http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:2592 Directory traversal vulnerability in Sun Kodak Color Management System (KCMS) library service daemon (kcms_server) allows remote attackers to read arbitrary files via the KCS_OPEN_PROFILE procedure. New http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:2592 Mon, 29 Dec 2008 04:00:14 EST http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:5870 Microsoft Excel 2000 SP3, 2002 SP3, and 2003 SP2 and SP3 does not properly validate data in the VBA Performance Cache when processing an Office document with an embedded object, which allows remote attackers to execute arbitrary code via an Excel file containing a crafted value, leading to heap-based buffer overflows, integer overflows, array index errors, and memory corruption, aka "Calendar Object Validation Vulnerability." New http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:5870 Mon, 29 Dec 2008 03:13:29 EST http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:6075 Microsoft Host Integration Server (HIS) 2000, 2004, and 2006 does not limit RPC access to administrative functions, which allows remote attackers to bypass authentication and execute arbitrary programs via a crafted SNA RPC message using opcode 1 or 6 to call the CreateProcess function, aka "HIS Command Execution Vulnerability." New http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:6075 Mon, 29 Dec 2008 03:13:28 EST http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:6112 Cisco IOS 12.2 and 12.4, when NAT Skinny Call Control Protocol (SCCP) Fragmentation Support is enabled, allows remote attackers to cause a denial of service (device reload) via segmented SCCP messages, aka CSCsg22426, a different vulnerability than CVE-2008-3811. New http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:6112 Mon, 22 Dec 2008 04:00:11 EST http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:6087 Cisco IOS 12.4 allows remote attackers to cause a denial of service (device crash) via a normal, properly formed SSL packet that occurs during termination of an SSL session. New http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:6087 Mon, 22 Dec 2008 04:00:11 EST http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:6086 Unspecified vulnerability in the Session Initiation Protocol (SIP) implementation in Cisco IOS 12.2 through 12.4 and Unified Communications Manager 4.1 through 6.1, when VoIP is configured, allows remote attackers to cause a denial of service (device or process reload) via unspecified valid SIP messages, aka Cisco Bug ID CSCsu38644, a different vulnerability than CVE-2008-3801 and CVE-2008-3802. New http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:6086 Mon, 22 Dec 2008 04:00:10 EST http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:6058 The SERVICE.DNS signature engine in the Intrusion Prevention System (IPS) in Cisco IOS 12.3 and 12.4 allows remote attackers to cause a denial of service (device crash or hang) via network traffic that triggers unspecified IPS signatures, a different vulnerability than CVE-2008-1447. New http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:6058 Mon, 22 Dec 2008 04:00:10 EST http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:6047 Unspecified vulnerability in the Session Initiation Protocol (SIP) implementation in Cisco IOS 12.2 through 12.4 and Unified Communications Manager 4.1 through 6.1, when VoIP is configured, allows remote attackers to cause a denial of service (device or process reload) via unspecified valid SIP messages, aka Cisco Bug ID CSCsm46064, a different vulnerability than CVE-2008-3800 and CVE-2008-3802. New http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:6047 Mon, 22 Dec 2008 04:00:10 EST http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:5927 Memory leak in the Session Initiation Protocol (SIP) implementation in Cisco IOS 12.2 through 12.4, when VoIP is configured, allows remote attackers to cause a denial of service (memory consumption and voice-service outage) via unspecified valid SIP messages. New http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:5927 Mon, 22 Dec 2008 04:00:10 EST