* DragonSoft Attend CeBIT 2005 in Hannover(2005/03/10 - 03/16):
http://www.dragonsoft.com.tw/events/CeBIT_Hannover_2005.php
TO SUBSCRIBE, UNSUBSCRIBE, OR CHANGE YOUR SUBSCRIPTION, go to:
http://www.dragonsoft.com.tw/epaper/
DragonSoft (Chinese/English) Vulnerability and Threat Knowledge Base:
. Chinese Version: http://vdb.dragonsoft.com.tw/
. English Version: http://vdb.dragonsoft.com/
Contents:
* 33 Reported Vulnerabilities
* Sort by Risk
-------------------------------------------------
Date Reported: 2005/02/09
Name: MS05-014:MS IE DHTML Method Buffer Overflow Vulnerability
Risk: High
Category: MS HotFix
Affect OS: Windows NT4, 2000, XP, 2003
Description: http://vdb.dragonsoft.com/detail.php?id=2175
Date Reported: 2005/02/09
Name: MS05-013:Windows DHTML Bypass Cross-domain Vulnerability-2003
Risk: High
Category: MS HotFix
Affect OS: Windows 2003
Description: http://vdb.dragonsoft.com/detail.php?id=2170
Date Reported: 2005/02/09
Name: MS05-013:Windows DHTML Bypass Cross-domain Vulnerability-XP
Risk: High
Category: MS HotFix
Affect OS: Windows XP
Description: http://vdb.dragonsoft.com/detail.php?id=2169
Date Reported: 2005/02/09
Name: MS05-013:Windows DHTML Bypass Cross-domain Vulnerability-2000
Risk: High
Category: MS HotFix
Affect OS: Windows 2000
Description: http://vdb.dragonsoft.com/detail.php?id=2168
Date Reported: 2005/02/09
Name: MS05-011:Windows SMB Buffer Overflow Vulnerability-2003
Risk: High
Category: MS HotFix
Affect OS: Windows 2003
Description: http://vdb.dragonsoft.com/detail.php?id=2161
Date Reported: 2005/02/09
Name: MS05-011:Windows SMB Buffer Overflow Vulnerability-XP
Risk: High
Category: MS HotFix
Affect OS: Windows XP
Description: http://vdb.dragonsoft.com/detail.php?id=2160
Date Reported: 2005/02/09
Name: MS05-011:Windows SMB Buffer Overflow Vulnerability-2000
Risk: High
Category: MS HotFix
Affect OS: Windows 2000
Description: http://vdb.dragonsoft.com/detail.php?id=2159
Date Reported: 2005/02/09
Name: MS05-010:Microsoft License Logging Service Buffer Overflow Vulnerability-2003
Risk: High
Category: MS HotFix
Affect OS: Windows 2003
Description: http://vdb.dragonsoft.com/detail.php?id=2158
Date Reported: 2005/02/09
Name: MS05-010:Microsoft License Logging Service Buffer Overflow Vulnerability-2000
Risk: High
Category: MS HotFix
Affect OS: Windows 2000
Description: http://vdb.dragonsoft.com/detail.php?id=2157
Date Reported: 2005/02/09
Name: MS05-010:Microsoft License Logging Service Buffer Overflow Vulnerability-NT4
Risk: High
Category: MS HotFix
Affect OS: NT4
Description: http://vdb.dragonsoft.com/detail.php?id=2156
Date Reported: 2005/02/09
Name: MS05-009:Windows Media Player PNG Buffer Overflow Vulnerability
Risk: High
Category: MS HotFix
Affect OS: Windows NT4, 2000, XP, 2003
Description: http://vdb.dragonsoft.com/detail.php?id=2155
Date Reported: 2005/02/09
Name: MS05-009:Windows Messenger PNG Buffer Overflow Vulnerability
Risk: High
Category: MS HotFix
Affect OS: Windows NT4, 2000, XP, 2003
Description: http://vdb.dragonsoft.com/detail.php?id=2154
Date Reported: 2005/02/09
Name: MS05-012:Microsoft OLE Buffer Overflow Vulnerability-2003
Risk: High
Category: MS HotFix
Affect OS: Windows 2003
Description: http://vdb.dragonsoft.com/detail.php?id=2164
Date Reported: 2005/02/09
Name: MS05-012:Microsoft OLE Buffer Overflow Vulnerability-XP
Risk: High
Category: MS HotFix
Affect OS: Windows XP
Description: http://vdb.dragonsoft.com/detail.php?id=2163
Date Reported: 2005/02/09
Name: MS05-012:Microsoft OLE Buffer Overflow Vulnerability-2000
Risk: High
Category: MS HotFix
Affect OS: Windows 2000
Description: http://vdb.dragonsoft.com/detail.php?id=2162
Date Reported: 2005/02/09
Name: MS05-005:MS Office XP URL Buffer Overflow Vulnerability
Risk: High
Category: MS HotFix
Affect OS: Windows NT4, 2000, XP, 2003
Description: http://vdb.dragonsoft.com/detail.php?id=2148
Date Reported: 2005/02/09
Name: MS05-015:Windows Hyperlink Object Library Vulnerability-2003
Risk: Medium
Category: MS HotFix
Affect OS: Windows 2003
Description: http://vdb.dragonsoft.com/detail.php?id=2179
Date Reported: 2005/02/09
Name: MS05-015:Windows Hyperlink Object Library Vulnerability-XP
Risk: Medium
Category: MS HotFix
Affect OS: Windows XP
Description: http://vdb.dragonsoft.com/detail.php?id=2178
Date Reported: 2005/02/09
Name: MS05-015:Windows Hyperlink Object Library Vulnerability-2000
Risk: Medium
Category: MS HotFix
Affect OS: Windows 2000
Description: http://vdb.dragonsoft.com/detail.php?id=2177
Date Reported: 2005/02/09
Name: MS05-014:MS IE CDF Cross-Domain Vulnerability
Risk: Medium
Category: MS HotFix
Affect OS: Windows NT4, 2000, XP, 2003
Description: http://vdb.dragonsoft.com/detail.php?id=2176
Date Reported: 2005/02/09
Name: MS05-014:MS IE URL Decoding Vulnerability
Risk: Medium
Category: MS HotFix
Affect OS: Windows NT4, 2000, XP, 2003
Description: http://vdb.dragonsoft.com/detail.php?id=2174
Date Reported: 2005/02/09
Name: MS05-014:MS IE Drag and Drop Embedded Code Vulnerability-2003
Risk: Medium
Category: MS HotFix
Affect OS: Windows NT4, 2000, XP, 2003
Description: http://vdb.dragonsoft.com/detail.php?id=2173
Date Reported: 2005/02/09
Name: MS05-014:MS IE Drag and Drop Embedded Code Vulnerability-XP
Risk: Medium
Category: MS HotFix
Affect OS: Windows NT4, 2000, XP, 2003
Description: http://vdb.dragonsoft.com/detail.php?id=2172
Date Reported: 2005/02/09
Name: MS05-014:MS IE Drag and Drop Embedded Code Vulnerability-2000
Risk: Medium
Category: MS HotFix
Affect OS: Windows NT4, 2000, XP, 2003
Description: http://vdb.dragonsoft.com/detail.php?id=2171
Date Reported: 2005/02/09
Name: MS05-006:Windows SharePoint Services Cross-Site Scripting and Spoofing Vulnerability
Risk: Medium
Category: MS HotFix
Affect OS: Windows NT4, 2000, XP, 2003
Description: http://vdb.dragonsoft.com/detail.php?id=2149
Date Reported: 2005/02/09
Name: MS05-004:ASP.NET URI Remote Information Disclosure Vulnerability
Risk: Medium
Category: MS HotFix
Affect OS: Windows NT4, 2000, XP, 2003
Description: http://vdb.dragonsoft.com/detail.php?id=2147
Date Reported: 2005/02/09
Name: MS05-008:MS IE Drag-and-Drop Events Vulnerability-2003
Risk: Medium
Category: MS HotFix
Affect OS: Windows 2003
Description: http://vdb.dragonsoft.com/detail.php?id=2153
Date Reported: 2005/02/09
Name: MS05-008:MS IE Drag-and-Drop Events Vulnerability-XP
Risk: Medium
Category: MS HotFix
Affect OS: Windows XP
Description: http://vdb.dragonsoft.com/detail.php?id=2152
Date Reported: 2005/02/09
Name: MS05-008:MS IE Drag-and-Drop Events Vulnerability-2000
Risk: Medium
Category: MS HotFix
Affect OS: Windows 2000
Description: http://vdb.dragonsoft.com/detail.php?id=2151
Date Reported: 2005/02/09
Name: MS05-012:Windows COM Privilege Escalation Vulnerability-2003
Risk: Low
Category: MS HotFix
Affect OS: Windows 2003
Description: http://vdb.dragonsoft.com/detail.php?id=2167
Date Reported: 2005/02/09
Name: MS05-012:Windows COM Privilege Escalation Vulnerability-XP
Risk: Low
Category: MS HotFix
Affect OS: Windows XP
Description: http://vdb.dragonsoft.com/detail.php?id=2166
Date Reported: 2005/02/09
Name: MS05-012:Windows COM Privilege Escalation Vulnerability-2000
Risk: Low
Category: MS HotFix
Affect OS: Windows 2000
Description: http://vdb.dragonsoft.com/detail.php?id=2165
Date Reported: 2005/02/09
Name: MS05-007:Windows Named Pipe Information Disclosure Vulnerability-XP
Risk: Low
Category: MS HotFix
Affect OS: Windows XP
Description: http://vdb.dragonsoft.com/detail.php?id=2150
-------------------------------------------------
Risk:
High: Allow immediate remote, or local access or immediate execution of code or commands,
with unauthorized privileges, and bypassing security on firewalls.
Medium: Potential of granting access or allowing code execution by means of complex or
lengthy exploit procedures. Examples are cross-site scripting, man-in-the-middle
attacks, SQL injection, denial of service, information disclosure.
Low: deny service or provide non-system information that could be used to formulate
structured attacks on a target, but not directly gain unauthorized access.
-------------------------------------------------
Copyright (c) 2002 DragonSoft Security Associate, Inc. All rights reserved
Permission is hereby granted for the electronic redistribution of this document.
It is not to be edited or altered in any way without the express written consent
of the DragonSoft Security Associate. If you wish to reprint the whole or any
part of this document in any other medium excluding electronic media, please email
alert@dragonsoft.com for permission.
Disclaimer: The information in the database may change without notice.
Use of this information constitutes acceptance for use in an AS IS condition.
There are NO warranties with regard to this information, implied or otherwise,
with regard to this information or its use. Any use of this information is at
the user's risk. In no event shall the author/distributor be held liable for any
damages whatsoever arising out of or in connection with the use or spread of this information.
Please send suggestions, updates, and comments to: DragonSoft
vdb_adm@dragonsoft.com of DragonSoft Security Associate, Inc.
About DragonSoft Security Associates:
DragonSoft Security Associates is a leading developer in Taiwan for network security software
and an active contributor to network security education.
Founded in 2002, DragonSoft offers vulnerability management solutions, including
vulnerability assessment, System Security Management and intrusion prevention.
DragonSoft Security Associate, Inc. http://www.dragonsoft.com/
Tel. +886-3-5630989
Fax. +886-3-5797758
6F, No. 30, Lane 607, Sec. 1, Guangfu Rd., Hsinchu, Taiwan 300, R.O.C
|
|
|
