[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

241641

 
 

909

 
 

192372

 
 

277

Paid content will be excluded from the download.


Download | Alert*


oval:org.secpod.oval:def:39018
The host is missing a critical update according to Adobe advisory, APSB17-04. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to properly handle unknown vectors. Successful exploitation allows remote attackers to cause code execution.

oval:org.secpod.oval:def:32905
The host is installed with Internet Explorer 10 or 11 and is prone to a remote code execution vulnerability. A flaw is present in the application, which fails to properly handle inputs before loading dynamic link library (DLL) files. Successfully exploitation allows remote attackers to take control ...

oval:org.secpod.oval:def:59872
An information disclosure vulnerability exists when the win32k component improperly provides kernel information. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system.To exploit this vulnerability, an attacker would have to log on to ...

oval:org.secpod.oval:def:34360
The host is installed with Adobe Flash Player before 18.0.0.352 or 19.x through 21.x before 21.0.0.242 or Adobe AIR before 21.0.0.215 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle unknown vectors. Successful exploitation could allow at ...

oval:org.secpod.oval:def:34367
The host is installed with Adobe Flash Player before 18.0.0.352 or 19.x through 21.x before 21.0.0.242 or Adobe AIR before 21.0.0.215 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle unknown vectors. Successful exploitation could allow at ...

oval:org.secpod.oval:def:34368
The host is installed with Adobe Flash Player before 18.0.0.352 or 19.x through 21.x before 21.0.0.242 or Adobe AIR before 21.0.0.215 and is prone to an use-after-free vulnerability. A flaw is present in the application, which fails to handle unknown vectors. Successful exploitation could allow atta ...

oval:org.secpod.oval:def:34365
The host is installed with Adobe Flash Player before 18.0.0.352 or 19.x through 21.x before 21.0.0.242 or Adobe AIR before 21.0.0.215 and is prone to an use-after-free vulnerability. A flaw is present in the application, which fails to handle unknown vectors. Successful exploitation could allow atta ...

oval:org.secpod.oval:def:34366
The host is installed with Adobe Flash Player before 18.0.0.352 or 19.x through 21.x before 21.0.0.242 or Adobe AIR before 21.0.0.215 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle unknown vectors. Successful exploitation could allow at ...

oval:org.secpod.oval:def:34363
The host is installed with Adobe Flash Player before 18.0.0.352 or 19.x through 21.x before 21.0.0.242 or Adobe AIR before 21.0.0.215 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle unknown vectors. Successful exploitation could allow at ...

oval:org.secpod.oval:def:34364
The host is installed with Adobe Flash Player before 18.0.0.352 or 19.x through 21.x before 21.0.0.242 or Adobe AIR before 21.0.0.215 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle unknown vectors. Successful exploitation could allow at ...

oval:org.secpod.oval:def:34361
The host is installed with Adobe Flash Player before 18.0.0.352 or 19.x through 21.x before 21.0.0.242 or Adobe AIR before 21.0.0.215 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle unknown vectors. Successful exploitation could allow at ...

oval:org.secpod.oval:def:34362
The host is installed with Adobe Flash Player before 18.0.0.352 or 19.x through 21.x before 21.0.0.242 or Adobe AIR before 21.0.0.215 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle unknown vectors. Successful exploitation could allow at ...

oval:org.secpod.oval:def:34359
The host is installed with Adobe Flash Player before 18.0.0.352 or 19.x through 21.x before 21.0.0.242 or Adobe AIR before 21.0.0.215 and is prone to a directory traversal vulnerability. A flaw is present in the application, which fails to handle unknown vectors. Successful exploitation could allow ...

oval:org.secpod.oval:def:34381
The host is installed with Adobe Flash Player before 18.0.0.352 or 19.x through 21.x before 21.0.0.242 or Adobe AIR before 21.0.0.215 and is prone to an use-after-free vulnerability. A flaw is present in the application, which fails to handle unknown vectors. Successful exploitation could allow atta ...

oval:org.secpod.oval:def:34382
The host is installed with Adobe Flash Player before 18.0.0.352 or 19.x through 21.x before 21.0.0.242 or Adobe AIR before 21.0.0.215 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle unknown vectors. Successful exploitation could allow at ...

oval:org.secpod.oval:def:34380
The host is installed with Adobe Flash Player before 18.0.0.352 or 19.x through 21.x before 21.0.0.242 or Adobe AIR before 21.0.0.215 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle unknown vectors. Successful exploitation could allow at ...

oval:org.secpod.oval:def:34370
The host is installed with Adobe Flash Player before 18.0.0.352 or 19.x through 21.x before 21.0.0.242 or Adobe AIR before 21.0.0.215 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle unknown vectors. Successful exploitation could allow at ...

oval:org.secpod.oval:def:34371
The host is installed with Adobe Flash Player before 18.0.0.352 or 19.x through 21.x before 21.0.0.242 or Adobe AIR before 21.0.0.215 and is prone to an use-after-free vulnerability. A flaw is present in the application, which fails to handle unknown vectors. Successful exploitation could allow atta ...

oval:org.secpod.oval:def:34378
The host is installed with Adobe Flash Player before 18.0.0.352 or 19.x through 21.x before 21.0.0.242 or Adobe AIR before 21.0.0.215 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle unknown vectors. Successful exploitation could allow at ...

oval:org.secpod.oval:def:34379
The host is installed with Adobe Flash Player before 18.0.0.352 or 19.x through 21.x before 21.0.0.242 or Adobe AIR before 21.0.0.215 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle unknown vectors. Successful exploitation could allow at ...

oval:org.secpod.oval:def:34376
The host is installed with Adobe Flash Player before 18.0.0.352 or 19.x through 21.x before 21.0.0.242 or Adobe AIR before 21.0.0.215 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle unknown vectors. Successful exploitation could allow at ...

oval:org.secpod.oval:def:34377
The host is installed with Adobe Flash Player before 18.0.0.352 or 19.x through 21.x before 21.0.0.242 or Adobe AIR before 21.0.0.215 and is prone to a heap buffer overflow vulnerability. A flaw is present in the application, which fails to handle unknown vectors. Successful exploitation could allow ...

oval:org.secpod.oval:def:34374
The host is installed with Adobe Flash Player before 18.0.0.352 or 19.x through 21.x before 21.0.0.242 or Adobe AIR before 21.0.0.215 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle unknown vectors. Successful exploitation could allow at ...

oval:org.secpod.oval:def:34375
The host is installed with Adobe Flash Player before 18.0.0.352 or 19.x through 21.x before 21.0.0.242 or Adobe AIR before 21.0.0.215 and is prone to a buffer overflow vulnerability. A flaw is present in the application, which fails to handle unknown vectors. Successful exploitation could allow atta ...

oval:org.secpod.oval:def:34372
The host is installed with Adobe Flash Player before 18.0.0.352 or 19.x through 21.x before 21.0.0.242 or Adobe AIR before 21.0.0.215 and is prone to an use-after-free vulnerability. A flaw is present in the application, which fails to handle unknown vectors. Successful exploitation could allow atta ...

oval:org.secpod.oval:def:34373
The host is installed with Adobe Flash Player before 18.0.0.352 or 19.x through 21.x before 21.0.0.242 or Adobe AIR before 21.0.0.215 and is prone to a type confusion vulnerability. A flaw is present in the application, which fails to handle unknown vectors. Successful exploitation could allow attac ...

oval:org.secpod.oval:def:34369
The host is installed with Adobe Flash Player before 18.0.0.352 or 19.x through 21.x before 21.0.0.242 or Adobe AIR before 21.0.0.215 and is prone to an use-after-free vulnerability. A flaw is present in the application, which fails to handle unknown vectors. Successful exploitation could allow atta ...

oval:org.secpod.oval:def:25837
Configure Periodic Execution of AIDE (/etc/crontab) should be configured appropriately.

oval:org.secpod.oval:def:41249
The host is missing an important security update KB4025344

oval:org.secpod.oval:def:25797
The operating system installed on the system is Microsoft Windows 10 64 bit

oval:org.secpod.oval:def:26532
The host is installed with Microsoft Windows 8.1, 10 or Windows 2012 R2 and is prone to a security feature bypass vulnerability. A flaw is present in Hyper-V, which fails to handle a specially crafted application. Successful exploitation could allow remote attackers to cause Hyper-V to allow uninten ...

oval:org.secpod.oval:def:26533
The host is missing an important security update according to Microsoft security bulletin, MS15-105. The update is required to fix a security feature bypass vulnerability. A flaw is present in Hyper-V, which fails to handle a specially crafted application. Successful exploitation could allow remote ...

oval:org.secpod.oval:def:33794
The host is installed with Microsoft Windows 8.1, 10 or Windows Server 2012 R2 and is prone to an information disclosure vulnerability. A flaw is present in Hyper-V, which fails to properly validate input from an authenticated user on a guest operating system. Successful exploitation could allow rem ...

oval:org.secpod.oval:def:33793
The host is missing an important security update according to Microsoft security bulletin, MS16-045. The update is required to fix multiple vulnerabilities. A flaw is present in Hyper-V, which fails to properly validate input from an authenticated user on a guest operating system. Successful exploit ...

oval:org.secpod.oval:def:33796
The host is installed with Microsoft Windows 8.1, 10, Windows Server 2012 or Windows Server 2012 R2 and is prone to a remote code execution vulnerability. A flaw is present in Hyper-V, which fails to properly validate input from an authenticated user on a guest operating system. Successful exploitat ...

oval:org.secpod.oval:def:33795
The host is installed with Microsoft Windows 8.1, 10, Windows Server 2012 or Windows Server 2012 R2 and is prone to an information disclosure vulnerability. A flaw is present in Hyper-V, which fails to properly validate input from an authenticated user on a guest operating system. Successful exploit ...

oval:org.secpod.oval:def:25888
The host is installed with Internet Explorer 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which improperly accesses objects in memory. Successful exploitation could allow attackers to execute arbitrary code in the context of the current u ...

oval:org.secpod.oval:def:25889
The host is missing a critical security update according to Microsoft security bulletin, MS15-093. The update is required to fix a memory corruption vulnerability. A flaw is present in the application, which improperly accesses objects in memory. Successful exploitation could allow attackers to exec ...

oval:org.secpod.oval:def:25855
The host is installed with Microsoft Microsoft Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8, Server 2012, Windows 8.1, Server 2012 R2, Windows 10, .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, or 4.6 and is prone to an Onetype font parsing vulnerabilit ...

oval:org.secpod.oval:def:25858
The host is installed with Microsoft Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8, Server 2012, Windows 8.1, Windows 10 or Server 2012 R2 and is prone to a security feature bypass vulnerability. A flaw is present in the application, which fails to properly validat ...

oval:org.secpod.oval:def:25859
The host is missing a critical security update according to Microsoft security bulletin, MS15-080. The update is required fix multiple vulnerabilities. The flaws are present in the applications, which fail to handle a crafted TrueType fonts or OneType fonts. Successful exploitation could allow attac ...

oval:org.secpod.oval:def:25804
The host is installed with Microsoft Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8, 8.1, 10, Server 2012 or Server 2012 R2 and is prone to a mount manager elevation of privilege vulnerability. The flaw is present in the application, which fails to properly process ...

oval:org.secpod.oval:def:25805
The host is missing an important security update according to Microsoft security bulletin, MS15-085. The update is required to fix a mount manager elevation of privilege vulnerability. The flaw is present in the application, which fails to properly process symbolic links. Successful exploitation cou ...

oval:org.secpod.oval:def:25845
The host is installed with Microsoft Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8, Server 2012, Windows 8.1, Windows 10 or Server 2012 R2 and is prone to an ASLR security feature bypass vulnerability. A flaw is present in the application, which fails to properly i ...

oval:org.secpod.oval:def:25846
The host is installed with Microsoft Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8, Server 2012, Windows 8.1, Server 2012 R2, WIndows 10, Microsoft Office 2007 SP3 or 2010 SP2, Live Meeting 2007 Console, Lync 2010, Lync 2010 Attendee, Lync 2013 SP1, Lync Basic 2013 ...

oval:org.secpod.oval:def:25849
The host is installed with Microsoft Microsoft Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8, Server 2012, Windows 8.1, Server 2012 R2, Windows 10, .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, 4.6, Office 2007 SP3 or 2010 SP2, Live Meeting 2007 Console ...

oval:org.secpod.oval:def:25850
The host is installed with Microsoft Microsoft Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8, Server 2012, Windows 8.1, Server 2012 R2, Windows 10, .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, 4.6, Office 2007 SP3 or 2010 SP2, Live Meeting 2007 Console ...

oval:org.secpod.oval:def:25851
The host is installed with Microsoft Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8, Server 2012, Windows 8.1, Windows 10 or Server 2012 R2 and is prone to an Onetype font parsing vulnerability. A flaw is present in the application, which fails to handle a crafted O ...

oval:org.secpod.oval:def:25852
The host is installed with Microsoft Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8, Server 2012, Windows 8.1, Windows 10 or Server 2012 R2 and is prone to an Onetype font parsing vulnerability. A flaw is present in the application, which fails to handle a crafted O ...

oval:org.secpod.oval:def:25854
The host is installed with Microsoft Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8, Server 2012, Windows 8.1, Windows 10 or Server 2012 R2 and is prone to an Onetype font parsing vulnerability. A flaw is present in the applications, which fail to handle a crafted O ...

oval:org.secpod.oval:def:25836
The host is missing a critical security update according to Microsoft security bulletin, MS15-079. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to properly handle crafted data. Successful exploitation could allow attackers to execute a ...

oval:org.secpod.oval:def:25839
The host is installed with Microsoft Edge on Microsoft Windows 10 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle a specially crafted webpage. Successful exploitation could allow attackers to gain the same user rights as the current user ...

oval:org.secpod.oval:def:25840
The host is installed with Microsoft Edge on Microsoft Windows 10 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle a specially crafted webpage. Successful exploitation could allow attackers to gain the same user rights as the current user ...

oval:org.secpod.oval:def:25841
The host is installed with Microsoft Edge on Microsoft Windows 10 and is prone to an ASLR bypass vulnerability. A flaw is present in the application, which fails to handle a specially crafted webpage. Successful exploitation could allow attackers to gain the same user rights as the current user.

oval:org.secpod.oval:def:25842
The host is missing a critical security update according to Microsoft security bulletin, MS15-091. The update is required to fix multiple vulnerabilities. The flaws are in the application, which fails to handle a specially crafted webpage. Successful exploitation could allow attackers to gain the sa ...

oval:org.secpod.oval:def:25822
The host is missing an important security update according to Microsoft security bulletin, MS15-088. The update is required to fix an unsafe command line parameter passing vulnerability. A flaw is present in the application, which fails to properly handle unsafe command line parameters. Successful e ...

oval:org.secpod.oval:def:25823
The host is installed with Microsoft Excel 2007, 2010, 2013, Powerpoint 2007, 2010, 2013, Visio 2007, 2010, 2013, Word 2007, 2010, 2013, Internet Explorer 7, 8, 9, 10 or 11, Microsoft Windows Server 2008, 2008 R2, 2012, 2012 R2, Windows Vista, 7, 8, 8.1 or 10 and is prone to an unsafe command line p ...

oval:org.secpod.oval:def:25824
The host is installed with Internet Explorer 7, 8, 9, 10, 11 or Microsoft Edge on Microsoft Windows 10 and is prone to a memory corruption vulnerability. A flaw is present in the applications, which fail to properly handle crafted data. Successful exploitation could allow attackers to execute arbitr ...

oval:org.secpod.oval:def:25825
The host is installed with Internet Explorer 7, 8, 9, 10 or 11 and is prone to an ASLR bypass vulnerability. A flaw is present in the application, which fails to properly use ASLR security feature. Successful exploitation could allow attackers to bypass the Address Space Layout Randomization.

oval:org.secpod.oval:def:25827
The host is installed with Internet Explorer 8, 9, 10 or 11 and is prone to an edge memory corruption vulnerability. A flaw is present in the application, which fails to properly access an object in memory. Successful exploitation could allow attackers to execute arbitrary code in the context of the ...

oval:org.secpod.oval:def:25831
The host is installed with Internet Explorer 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly access an object in memory. Successful exploitation could allow attackers to execute arbitrary code in the context of the current user.

oval:org.secpod.oval:def:25819
The host is installed with Microsoft .NET Framework 4.6 on Microsoft Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8, 8.1, Server 2012, Server 2012 R2 or Windows 10 and is prone to a RyuJIT optimization elevation of privilege vulnerability. A flaw is present in the a ...

oval:org.secpod.oval:def:25817
The host is installed with Microsoft .NET Framework 4.6 on Microsoft Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8, 8.1, Server 2012, Server 2012 R2 or Windows 10 and is prone to a RyuJIT optimization elevation of privilege vulnerability. A flaw is present in the a ...

oval:org.secpod.oval:def:25820
The host is installed with Microsoft .NET Framework 4.6 on Microsoft Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8, 8.1, Server 2012, Server 2012 R2 or Windows 10 and is prone to a RyuJIT optimization elevation of privilege vulnerability. A flaw is present in the a ...

oval:org.secpod.oval:def:25821
The host is missing a important security update according to Microsoft bulletin, MS15-092. The update is required to fix multiple elevation of privilege vulnerabilities. The flaws are present in the application, which improperly optimizes certain parameters resulting in a code generation error. An a ...

oval:org.secpod.oval:def:26538
The host is installed with Windows journal in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, Windows 8.1, Windows 10 or Windows Server 2012 R2 and is prone to a remote code execution vulnerability. A flaw is present in the application, ...

oval:org.secpod.oval:def:26537
The host is installed with Windows journal in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, Windows 8.1 or Windows 10 or Windows Server 2012 R2 and is prone to a remote code execution vulnerability. A flaw is present in the applicatio ...

oval:org.secpod.oval:def:26539
The host is installed with Windows journal in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, Windows 8.1, Windows 10 or Windows Server 2012 R2 and is prone to an integer overflow remote code execution vulnerability. A flaw is present i ...

oval:org.secpod.oval:def:26541
The host is missing a critical security update according to Microsoft security bulletin, MS15-098. The updated is required to fix multiple remote code execution vulnerabilities. The flaws are present in the application, which fails to properly handle a crafted journal file. Successful exploitation a ...

oval:org.secpod.oval:def:26540
The host is installed with Windows journal in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, Windows 8.1, Windows 10 or Windows Server 2012 R2 and is prone to a denial of service vulnerability. A flaw is present in the application, whi ...

oval:org.secpod.oval:def:26542
The host is missing an important security update according to Microsoft security bulletin, MS15-102. The update is required to fix multiple elevation of privilege vulnerability. The flaws are present in the application, which fails to properly handle a crafted application. Successful exploitation co ...

oval:org.secpod.oval:def:26545
The host is installed with Microsoft Windows 8, Windows Server 2012, Windows 8.1, Windows 10 or Windows Server 2012 R2 and is prone to a task management elevation of privilege vulnerability. A flaw is present in the application, which fails to properly properly validate and enforce impersonation lev ...

oval:org.secpod.oval:def:26544
The host is installed with Microsoft Windows 8, Windows Server 2012, Windows 8.1, Windows 10 or Windows Server 2012 R2 and is prone to a task management elevation of privilege vulnerability. A flaw is present in the application, which fails to properly properly validate and enforce impersonation lev ...

oval:org.secpod.oval:def:26526
The host is missing a critical security update according to Microsoft security bulletin, MS15-095. The update is required to fix multiple memory corruption vulnerabilities. The flaws are present in the application, which fails to handle a specially crafted webpage. Successful exploitation could allo ...

oval:org.secpod.oval:def:26536
The host is installed with Windows journal in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, Windows 8.1, Windows 10 or Windows Server 2012 R2 and is prone to a remote code execution vulnerability. A flaw is present in the application, ...

oval:org.secpod.oval:def:26516
The host is installed with Internet Explorer 11 and is prone to a privilege escalation vulnerability. A flaw is present in the application, which fails to properly validate permissions under specific conditions. Successful exploitation could allow attackers to gain elevated privileges.

oval:org.secpod.oval:def:26523
The host is installed with Microsoft Edge on Microsoft Windows 10 or Internet Explorer 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the applications, which fail to properly access objects in memory. Successful exploitation could allow attackers to execute ...

oval:org.secpod.oval:def:26522
The host is missing a critical security update according to Microsoft security bulletin, MS15-094. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to properly handle a specially crafted webpage. Successful exploitation could allow attacke ...

oval:org.secpod.oval:def:26525
The host is installed with Microsoft Edge on Microsoft Windows 10 or Internet Explorer 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the applications, to properly access objects in memory. Successful exploitation could allow attackers to execute arbitrary code in t ...

oval:org.secpod.oval:def:26524
The host is installed with Microsoft Edge on Microsoft Windows 10 or Internet Explorer 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the applications, which fail to properly access objects in memory. Successful exploitation could allow attackers to execute ...

oval:org.secpod.oval:def:26509
The host is installed with Internet Explorer 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly access objects in memory. Successful exploitation could allow attackers to execute arbitrary code in the context of the curr ...

oval:org.secpod.oval:def:26508
The host is installed with Internet Explorer 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly access objects in memory. Successful exploitation could allow attackers to execute arbitrary code in the context of the curr ...

oval:org.secpod.oval:def:26510
The host is installed with Internet Explorer 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly access objects in memory. Successful exploitation could allow attackers to execute arbitrary code in the context of the curr ...

oval:org.secpod.oval:def:26512
The host is installed with Internet Explorer 10 or 11 and is prone to a tampering vulnerability. A flaw is present in the application, which fails to properly handle a file with an improper flag that in turn permits a file operation. Successful exploitation could allow attackers to bypass certain se ...

oval:org.secpod.oval:def:26513
The host is installed with Microsoft Edge on Microsoft Windows 10 or Internet Explorer 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the applications, which fail to properly access objects in memory. Successful exploitation could allow attackers to execute arbit ...

oval:org.secpod.oval:def:26559
The host is installed with Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, Windows 8.1, Windows 10 or Windows Server 2012 R2 and is prone to font driver elevation of privilege vulnerability. A flaw is present in the application, which fail to han ...

oval:org.secpod.oval:def:26563
The host is installed with Windows 10 and is prone to an font driver elevation of privilege vulnerability. A flaw is present in the application, which fail to handle objects in memory. Successful exploitation could allow attackers to execute arbitrary code.

oval:org.secpod.oval:def:26562
The host is installed with Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, Windows 8.1, Windows 10 or Windows Server 2012 R2 and is prone to a Win32k memory corruption vulnerability. A flaw is present in the application, which fails to properly h ...

oval:org.secpod.oval:def:26565
The host is installed with Windows 8, Windows Server 2012, Windows 8.1, Windows 10 or Windows Server 2012 R2 and is prone to a Win32k elevation of privilege vulnerability. A flaw is present in the application, which fails to properly handle objects in memory. Successful exploitation could allow atta ...

oval:org.secpod.oval:def:26566
The host is installed with Windows 8.1, Windows 10 or Windows Server 2012 R2 and is prone to a Kernel ASLR bypass vulnerability . A flaw is present in the application, which fails to properly handle objects in memory. Successful exploitation could allow attackers to execute arbitrary code.

oval:org.secpod.oval:def:26561
The host is installed with Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, Windows 8.1, Windows 10 or Windows Server 2012 R2 and is prone to a Win32k memory corruption vulnerability. A flaw is present in the application, which fails to properly h ...

oval:org.secpod.oval:def:26560
The host is installed with Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, Windows 8.1, Windows 10 or Windows Server 2012 R2 and is prone to a Win32k memory corruption vulnerability. A flaw is present in the application, which fails to properly h ...

oval:org.secpod.oval:def:26552
The host is installed with .NET Framework 2.0 SP2, 3.5, 3.5.1, 4.0, 4.5, 4.5.1, 4.5.2 or 4.6 and is prone to an elevation of privilege vulnerability. A flaw is present in the application, which fails to validate the number of objects in memory before copying those objects into an array. An attacker ...

oval:org.secpod.oval:def:26554
The host is missing an important security update according to Microsoft bulletin, MS15-101. The update is required to fix multiple elevation of privilege vulnerabilities. The flaws are present in the application, which improperly optimizes certain parameters resulting in a code generation error. An ...

oval:org.secpod.oval:def:26553
The host is installed with .NET Framework 4.5, 4.5.1, 4.5.2 or 4.6 and is prone to a MVC denial of service vulnerability. A flaw is present in the application, which fails to handle certain specially crafted requests. An attacker who successfully exploited this vulnerability could send a small numbe ...

oval:org.secpod.oval:def:26556
The host is installed with Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, Windows 8.1, Windows 10 or Windows Server 2012 R2 and is prone to an opentype font parsing vulnerability. A flaw is present in the application, which fail to handle specia ...

oval:org.secpod.oval:def:26555
The host is missing a critical security update according to Microsoft security bulletin, MS15-097. The update is required to multiple remote code execution vulnerabilities. The flaws are present in the applications, which fail to handle a specially crafted document. Successful exploitation could all ...

oval:org.secpod.oval:def:26558
The host is installed with Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, Windows 8.1, Windows 10 or Windows Server 2012 R2 and is prone to a Win32k memory corruption vulnerability. A flaw is present in the application, which fails to properly h ...

oval:org.secpod.oval:def:26557
The host is installed with Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, Windows 8.1, Windows 10 or Windows Server 2012 R2 and is prone to a font driver elevation of privilege vulnerability. A flaw is present in the application, which fail to h ...

oval:org.secpod.oval:def:30000
The host is installed with Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8, Server 2012, Windows 8.1, Server 2012 R2 or Windows 10 and is prone to an elevation of privilege vulnerability. A flaw is present in the application, which improperly validates junctions in certain s ...

oval:org.secpod.oval:def:30001
The host is installed with Windows 8, Server 2012, Windows 8.1, Server 2012 R2 or Windows 10 and is prone to a trusted boot security feature bypass vulnerability. A flaw is present in the application, which fails to properly enforce the Windows Trusted Boot policy. An attacker who successfully explo ...

oval:org.secpod.oval:def:30028
The host is installed with Internet Explorer 9, 10 or 11 and is prone to an information disclosure vulnerability. A flaw is present in the application, which improperly discloses the contents of its memory. Successful exploitation could provide an attacker with information to further compromise the ...

oval:org.secpod.oval:def:30026
The host is installed with Internet Explorer 8, 9, 10 or 11 and is prone to an elevation of privilege vulnerability. A flaw is present in the application, which does not properly validate permissions under specific conditions. Successful exploitation could allow attackers to run script with elevated ...

oval:org.secpod.oval:def:30027
The host is installed with Internet Explorer 11 and is prone to an information disclosure vulnerability. A flaw is present in the application, which improperly discloses the contents of its memory. Successful exploitation could provide an attacker with information to further compromise the user's co ...

oval:org.secpod.oval:def:30021
The host is installed with Internet Explorer 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly access objects in memory. An attacker who successfully exploited these vulnerabilities could gain the same user rights as th ...

oval:org.secpod.oval:def:30017
The host is installed with JScript and Vbscript 5.8 scripting engines and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle objects in memory. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the cu ...

oval:org.secpod.oval:def:30018
The host is installed with JScript and Vbscript 5.7 or 5.8 scripting engines and is prone to an information disclosure vulnerability. A flaw is present in the applications, which improperly disclose the contents of its memory. Successful exploitation could provide an attacker with information to fur ...

oval:org.secpod.oval:def:30019
The host is missing a critical security update according to Microsoft bulletin, MS15-106. The update is required to fix multiple vulnerabilities. The flaws are present in the applications, which fails to properly access objects in memory. An attacker who successfully exploited these vulnerabilities ...

oval:org.secpod.oval:def:30014
The host is installed with JScript and Vbscript 5.7 or 5.8 scripting engines and is prone to memory corruption vulnerability. A flaw is present in the applications, which fail to handle objects in memory. An attacker who successfully exploited the vulnerabilities could gain the same user rights as t ...

oval:org.secpod.oval:def:30015
The host is installed with JScript and Vbscript 5.7 or 5.8 scripting engines and is prone to an ASLR bypass vulnerability. A flaw is present in the applications, which fail to use the Address Space Layout Randomization (ASLR) security feature. Successful exploitation could allow attacker to more rel ...

oval:org.secpod.oval:def:30016
The host is installed with JScript and Vbscript 5.7 or 5.8 scripting engines and is prone to a memory corruption vulnerability. A flaw is present in the applications, which fail to handle objects in memory. An attacker who successfully exploited the vulnerabilities could gain the same user rights as ...

oval:org.secpod.oval:def:30002
The host is installed with Windows 8, Server 2012, Windows 8.1, Server 2012 R2 or Windows 10 and is prone to an elevation of privilege vulnerability. A flaw is present in the application, which fails to properly handle objects in memory. An attacker who successfully exploited the vulnerabilities cou ...

oval:org.secpod.oval:def:30003
The host is missing a critical security update according to Microsoft security bulletin, MS15-109. The update is required to fix a remote code execution vulnerability. A flaw is present in the application, which fails to properly handle a specially crafted toolbar object. Successful exploitation cou ...

oval:org.secpod.oval:def:30004
The host is installed with Microsoft Windows Vista, Server 2008, Windows 7, Server 2008 R2, Windows 8, 8.1, 10, Server 2012 or Server 2012 R2 and is prone to an use-after-free vulnerability. A flaw is present in the application, which fails to properly handle objects in memory. Successful exploitati ...

oval:org.secpod.oval:def:29996
The host is installed with Microsoft Edge and is prone to a XSS filter bypass vulnerability. A flaw is present in the application, which fails to properly disable a HTML attribute in otherwise appropriately filtered HTTP response data. Successful exploitation could allow attackers to run initially d ...

oval:org.secpod.oval:def:29997
The host is missing an important security update according to Microsoft bulletin, MS15-111. The update is required to fix multiple vulnerabilities. The flaws are present in windows kernel, which fails to properly handle objects in memory, certain scenarios involving junction and mount-point creation ...

oval:org.secpod.oval:def:29994
The host is missing an important security update according to Microsoft security bulletin, MS15-107. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle a specially crafted webpage. Successful exploitation could allow attackers to g ...

oval:org.secpod.oval:def:29995
The host is installed with Microsoft Edge and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to handle a specially crafted webpage. Successful exploitation could allow attackers to disclose the contents of memory.

oval:org.secpod.oval:def:29998
The host is installed with Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8, Server 2012, Windows 8.1, Server 2012 R2 or Windows 10 and is prone to a kernel memory corruption vulnerability. A flaw is present in the Windows kernel, which fails to properly handle objects in mem ...

oval:org.secpod.oval:def:29999
The host is installed with Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8, Server 2012, Windows 8.1, Server 2012 R2 or Windows 10 and is prone to an elevation of privilege vulnerability. A flaw is present in the Windows kernel, which fails to properly handle objects in memo ...

oval:org.secpod.oval:def:31698
The host is installed with Microsoft Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8, Server 2012, Windows 8.1, Server 2012 R2 or Windows 10 and is prone to an elevation of privilege vulnerability. A flaw is present in the Windows Pragmatic General Multicast (PGM) protocol, ...

oval:org.secpod.oval:def:31699
The host is missing an important security update according to Microsoft security bulletin, MS15-133. The update is required to fix an elevation of privilege vulnerability. A flaw is present in the Windows Pragmatic General Multicast (PGM) protocol, which fails to properly handle freed memory content ...

oval:org.secpod.oval:def:31700
The host is installed with Microsoft Windows 8, Windows Server 2012, Windows 8.1, Windows 10 or Windows Server 2012 R2 and is prone to a remote code execution vulnerability. A flaw is present in the application, which fails to properly validate input before loading libraries. Successful exploitation ...

oval:org.secpod.oval:def:31701
The host is installed with Microsoft Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Microsoft Windows 8, Windows Server 2012, Windows 8.1, Windows 10 or Windows Server 2012 R2 and is prone to a remote code execution vulnerability. A flaw is present in the application, which fails to ...

oval:org.secpod.oval:def:31703
The host is missing an important security update according to Microsoft security bulletin, MS15-132. The update is required to fix multiple remote code execution vulnerabilities. The flaws are present in the application, which fails to properly validate input before loading libraries. Successful exp ...

oval:org.secpod.oval:def:31704
The host is installed with Windows 10 and is prone to an elevation of kernel memory privilege vulnerability in Microsoft Windows. The flaw is present in the windows, which fails to handle kernel memory objects. An attacker who successfully exploited this vulnerability could run arbitrary code in ker ...

oval:org.secpod.oval:def:31705
The host is installed with Microsoft Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8, 8.1, Server 2012, Server 2012 R2 or Windows 10 and is prone to an elevation of kernel memory privilege vulnerability in Microsoft Windows. The flaw is present in the windows, which ...

oval:org.secpod.oval:def:31010
The host is installed with .Net framework 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2 or 4.6 and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to handle specially crafted XML files. An attacker who successfully exploited this vulnerability could ...

oval:org.secpod.oval:def:31011
The host is installed with .Net framework 4, 4.5, 4.5.1, 4.5.2 or 4.6 and is prone to an elevation of privilege vulnerability. A flaw is present in the application, which improperly validates values in HTTP requests. An attacker who successfully exploited the vulnerability could leverage a vulnerabl ...

oval:org.secpod.oval:def:31012
The host is installed with .Net framework 2.0 SP2, 3.5.1 and is prone to an ASLR bypass vulnerability. A flaw is present in the application, which does not properly implement the Address Space Layout Randomization (ASLR) security feature. An attacker who successfully exploited this vulnerability cou ...

oval:org.secpod.oval:def:31013
The host is missing an important security update according to Microsoft bulletin, MS15-118. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted vectors. An attacker who successfully exploited this vulnerability could take co ...

oval:org.secpod.oval:def:31007
The host is missing a critical security update according to Microsoft security bulletin, MS15-112. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to properly handle objects in memory. Successful exploitation could allow attackers to exec ...

oval:org.secpod.oval:def:31008
The host is missing a critical security update according to Microsoft security bulletin, MS15-113. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to properly handle a specially crafted webpage. Successful exploitation could allow attacke ...

oval:org.secpod.oval:def:31003
The host is installed with Internet Explorer 9, 10 or 11 and is prone to an information disclosure vulnerability. A flaw is present in the application, which discloses the contents of its memory. An attacker who successfully exploited this vulnerability could provide the attacker with information to ...

oval:org.secpod.oval:def:31004
The host is installed with Microsoft Edge, Internet Explorer 9, 10 or 11 and is prone to an ASLR Bypass vulnerability. A flaw is present in the application, which fails to use the Address Space Layout Randomization (ASLR) security feature. An attacker who successfully exploited it could bypass the A ...

oval:org.secpod.oval:def:31000
The host is installed with Internet Explorer 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly access objects in memory. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current ...

oval:org.secpod.oval:def:31001
The host is installed with Internet Explorer 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly access objects in memory. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the curr ...

oval:org.secpod.oval:def:31002
The host is installed with Microsoft Edge, Internet Explorer 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly access objects in memory. An attacker who successfully exploited these vulnerabilities could gain the same user ri ...

oval:org.secpod.oval:def:30996
The host is installed with Internet Explorer 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly access objects in memory. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user.

oval:org.secpod.oval:def:30997
The host is installed with Internet Explorer 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly access objects in memory. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user.

oval:org.secpod.oval:def:30998
The host is installed with Microsoft Edge, Internet Explorer 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly access objects in memory. An attacker who successfully exploited these vulnerabilities could gain the same user right ...

oval:org.secpod.oval:def:30999
The host is installed with Internet Explorer 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly access objects in memory. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current ...

oval:org.secpod.oval:def:30992
The host is installed with Internet Explorer 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly access objects in memory. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user.

oval:org.secpod.oval:def:30993
The host is installed with Internet Explorer 11 or Microsoft Edge and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly access objects in memory. An attacker who successfully exploited these vulnerabilities could gain the same user rights as ...

oval:org.secpod.oval:def:30994
The host is installed with Internet Explorer 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly access objects in memory. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user.

oval:org.secpod.oval:def:30995
The host is installed with Internet Explorer 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly access objects in memory. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user.

oval:org.secpod.oval:def:30990
The host is installed with Internet Explorer 8, 9, 10 or 11 and is prone to a scripting engine memory corruption vulnerability. A flaw is present in the application, which fails to properly access objects in memory. An attacker who successfully exploited these vulnerabilities could gain the same use ...

oval:org.secpod.oval:def:30991
The host is installed with Internet Explorer 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly access objects in memory. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user.

oval:org.secpod.oval:def:30985
The host is installed with Internet Explorer 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly access objects in memory. An attacker who successfully exploited these vulnerabilities could gain the same user rights as th ...

oval:org.secpod.oval:def:30986
The host is installed with Internet Explorer 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly access objects in memory. An attacker who successfully exploited these vulnerabilities could gain the same user rights as th ...

oval:org.secpod.oval:def:30987
The host is installed with Internet Explorer 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly access objects in memory. An attacker who successfully exploited these vulnerabilities could gain the same user rights as th ...

oval:org.secpod.oval:def:30988
The host is installed with Internet Explorer 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly access objects in memory. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the c ...

oval:org.secpod.oval:def:30981
The host is missing a critical security update according to Microsoft security bulletin, MS15-115. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to properly handle crafted data. Successful exploitation could allow attackers to execute a ...

oval:org.secpod.oval:def:30982
The host is installed with Internet Explorer 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly access objects in memory. An attacker who successfully exploited these vulnerabilities could gain the same user rights as th ...

oval:org.secpod.oval:def:30983
The host is installed with Internet Explorer 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly access objects in memory. An attacker who successfully exploited these vulnerabilities could gain the same user rights as th ...

oval:org.secpod.oval:def:30984
The host is installed with Internet Explorer 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly access objects in memory. An attacker who successfully exploited these vulnerabilities could gain the same user rights as th ...

oval:org.secpod.oval:def:30989
The host is installed with Internet Explorer 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly access objects in memory. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the c ...

oval:org.secpod.oval:def:30980
The host is installed with Microsoft Windows 8.1, Server 2012 R2 or Windows 10 and is prone to an information disclosure vulnerability. A flaw is present in the Windows kernel-mode driver, which fails to properly handle objects in memory. Successful exploitation allows remote attackers to install pr ...

oval:org.secpod.oval:def:30974
The host is installed with Microsoft Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8, 8.1, Server 2012, Server 2012 R2 or Windows 10 and is prone to a security feature bypass vulnerability. The flaw is present in the application, which fails to properly validate perm ...

oval:org.secpod.oval:def:30975
The host is installed with Microsoft Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8, Server 2012, Windows 8.1, Server 2012 R2 or Windows 10 and is prone to an elevation of privilege vulnerability. A flaw is present in the Windows kernel-mode driver, which fails to properly ...

oval:org.secpod.oval:def:30976
The host is installed with Microsoft Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8, Server 2012, Windows 8.1, Server 2012 R2 or Windows 10 and is prone to an elevation of privilege vulnerability. A flaw is present in the Windows kernel-mode driver, which fails to properly ...

oval:org.secpod.oval:def:30977
The host is installed with Microsoft Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8, Server 2012, Windows 8.1, Server 2012 R2 or Windows 10 and is prone to an information disclosure vulnerability. A flaw is present in the Windows kernel-mode driver, which fails to properly ...

oval:org.secpod.oval:def:30972
The host is installed with Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, Windows 8.1, Windows Server 2012 R2 or Windows 10 and is prone to an elevation of privilege vulnerability. A flaw is present in the application, which makes a ca ...

oval:org.secpod.oval:def:30973
The host is missing an important security update according to Microsoft security bulletin, MS15-119. The update is required to fix an elevation of privilege vulnerability. A flaw is present in the application, which makes a call to a memory address without verifying that the address is valid. Succes ...

oval:org.secpod.oval:def:30978
The host is installed with Microsoft Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8, Server 2012, Windows 8.1, Server 2012 R2 or Windows 10 and is prone to a remote code execution vulnerability. A flaw is present in the Windows graphics memory, which fails to properly handl ...

oval:org.secpod.oval:def:30979
The host is installed with Microsoft Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8, Server 2012, Windows 8.1, Server 2012 R2 or Windows 10 and is prone to a remote code execution vulnerability. A flaw is present in the Windows graphics memory, which fails to properly handl ...

oval:org.secpod.oval:def:30966
The host is installed with Microsoft Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8, 8.1, 10, Server 2012 or Server 2012 R2 and is prone to a security feature bypass vulnerability. A flaw is present in the Windows Kerberos, which fails to check the password change o ...

oval:org.secpod.oval:def:30967
The host is missing an important security update according to Microsoft security bulletin, MS15-122. The update is required to fix a security feature bypass vulnerability. A flaw is present in the Windows Kerberos, which fails to check the password change of a user signing into a workstation. An att ...

oval:org.secpod.oval:def:31755
The host is installed with Microsoft Lync 2010, Microsoft Skype For business 2016, Microsoft Skype For Business Basic 2016, Microsoft Lync Basic 2013, Microsoft Lync 2010 Attendee, Microsoft live meeting 2007, Microsoft Live Meeting 2007 Add-In, Microsoft Office 2007, Microsoft Office 2010 or Word V ...

oval:org.secpod.oval:def:31757
The host is missing a critical security update according to Microsoft security bulletin, MS15-128. The update is required to fix graphics memory corruption vulnerabilities. The flaws are present in the Windows font library, which improperly handles specially crafted embedded fonts. An attacker who s ...

oval:org.secpod.oval:def:31751
The host is missing a critical security update according to Microsoft security bulletin, MS15-124. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to properly handle a specially crafted webpage. Successful exploitation could allow attacke ...

oval:org.secpod.oval:def:31752
The host is missing a critical security update according to Microsoft security bulletin, MS15-125. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle a specially crafted webpage. Successful exploitation could allow attackers to exe ...

oval:org.secpod.oval:def:31753
The host is installed with Microsoft Lync 2010, Microsoft Skype For business 2016, Microsoft Skype For Business Basic 2016, Microsoft Lync Basic 2013, Microsoft Lync 2010 Attendee, Microsoft live meeting 2007, Microsoft Live Meeting 2007 Add-In, Microsoft Office 2007, Microsoft Office 2010, .NET Fra ...

oval:org.secpod.oval:def:31744
The host is installed with Microsoft Edge and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly access objects in memory. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user.

oval:org.secpod.oval:def:31745
The host is installed with Microsoft Edge and is prone to a spoofing vulnerability. A flaw is present in the application, which does not properly parse HTTP responses. An attacker who successfully exploited this vulnerability could trick a user by redirecting them to a specially crafted website.

oval:org.secpod.oval:def:31746
The host is installed with Microsoft Edge and is prone to an elevation of privilege vulnerability. A flaw is present in the application, which does not properly validate permissions under specific conditions. An attacker who successfully exploited this vulnerability could elevate privileges in affec ...

oval:org.secpod.oval:def:31747
The host is installed with Microsoft Edge and is prone to a XSS filter bypass vulnerability. A flaw is present in the application, which does not properly handle filtered HTTP response data. An attacker who successfully exploited the vulnerability could cause script to run on another user's system i ...

oval:org.secpod.oval:def:31740
The host is installed with Microsoft Edge or Internet Explorer 11 and is prone to a memory corruption vulnerability. A flaw is present in the applications, which fail to properly access objects in memory. An attacker who successfully exploited these vulnerabilities could gain the same user rights as ...

oval:org.secpod.oval:def:31741
The host is installed with Internet Explorer 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly access objects in memory. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user.

oval:org.secpod.oval:def:31748
The host is installed with Vbscript or JScript 5.7 or 5.8 scripting engines and is prone to an information disclosure vulnerability. A flaw is present in the application, which discloses the contents of its memory. Successful exploitation could allow attackers to compromise the users computer or dat ...

oval:org.secpod.oval:def:31749
The host is installed with Vbscript or JScript 5.7 or 5.8 scripting engines and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle objects in memory. An attacker who successfully exploited the vulnerability could gain the same user rights as th ...

oval:org.secpod.oval:def:31735
The host is installed with Microsoft Edge or Internet Explorer 11 and is prone to a memory corruption vulnerability. A flaw is present in the applications, which fail to properly access objects in memory. An attacker who successfully exploited these vulnerabilities could gain the same user rights as ...

oval:org.secpod.oval:def:31736
The host is installed with Microsoft Edge, Internet Explorer 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the applications, which fail to properly access objects in memory. An attacker who successfully exploited these vulnerabilities could gain the same user right ...

oval:org.secpod.oval:def:31731
The host is installed with Microsoft Edge, Internet Explorer 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the applications, which fail to properly access objects in memory. An attacker who successfully exploited these vulnerabilities could gain the same user ri ...

oval:org.secpod.oval:def:31737
The host is installed with Internet Explorer 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly access objects in memory. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the curr ...

oval:org.secpod.oval:def:31738
The host is installed with Internet Explorer 11 and is prone to an information disclosure vulnerability. A flaw is present in the application, which improperly discloses the contents of its memory. An attacker who successfully exploited this vulnerability could provide the attacker with information ...

oval:org.secpod.oval:def:31739
The host is installed with Microsoft Edge or Internet Explorer 11 and is prone to a memory corruption vulnerability. A flaw is present in the applications, which fail to properly access objects in memory. An attacker who successfully exploited these vulnerabilities could gain the same user rights as ...

oval:org.secpod.oval:def:31723
The host is installed with Microsoft Edge or Internet Explorer 11 and is prone to an elevation of privilege vulnerability. A flaw is present in the applications, which do not properly enforce content types. An attacker who successfully exploited the vulnerability could run arbitrary script with elev ...

oval:org.secpod.oval:def:31724
The host is installed with Microsoft Edge or Internet Explorer 11 and is prone to a memory corruption vulnerability. A flaw is present in the applications, which fail to properly access objects in memory. An attacker who successfully exploited these vulnerabilities could gain the same user rights as ...

oval:org.secpod.oval:def:31720
The host is installed with Internet Explorer 8, 9, 10 or 11 and is prone to a XSS filter bypass vulnerability. A flaw is present in the application, which fails to properly filter HTTP response data. An attacker who successfully exploited the vulnerabilities could cause script to run on another user ...

oval:org.secpod.oval:def:31721
The host is installed with Microsoft Edge, Internet Explorer 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the applications, which fail to properly access objects in memory. An attacker who successfully exploited these vulnerabilities could gain the same user ...

oval:org.secpod.oval:def:31726
The host is installed with Microsoft Edge or Internet Explorer 11 and is prone to a memory corruption vulnerability. A flaw is present in the applications, which fail to properly access objects in memory. An attacker who successfully exploited these vulnerabilities could gain the same user rights as ...

oval:org.secpod.oval:def:31719
The host is installed with Internet Explorer 8, 9, 10 or 11 and is prone to a XSS filter bypass vulnerability. A flaw is present in the application, which fails to properly filter HTTP response data. An attacker who successfully exploited the vulnerabilities could cause script to run on another user ...

oval:org.secpod.oval:def:31716
The host is installed with Microsoft Edge, Internet Explorer 7, 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the applications, which fail to properly access objects in memory. An attacker who successfully exploited these vulnerabilities could gain the same u ...

oval:org.secpod.oval:def:31717
The host is installed with Microsoft Edge, Internet Explorer 7, 8, 9, 10 or 11 and is prone to an ASLR bypass vulnerability. A flaw is present in the applications, which fail to properly access objects in memory. An attacker who successfully exploited it could bypass the Address Space Layout Randomi ...

oval:org.secpod.oval:def:31718
The host is installed with Internet Explorer 8, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly access objects in memory. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the c ...

oval:org.secpod.oval:def:31708
The host is installed with Microsoft Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8, 8.1, Server 2012, Server 2012 R2 or Windows 10 and is prone to an elevation of kernel memory privilege vulnerability in Microsoft Windows. The flaw is present in the windows, which ...

oval:org.secpod.oval:def:31706
The host is installed with Microsoft Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8, 8.1, Server 2012, Server 2012 R2 or Windows 10 and is prone to an elevation of kernel memory privilege vulnerability in Microsoft Windows. The flaw is present in the windows, which ...

oval:org.secpod.oval:def:31707
The host is missing a important security update according to Microsoft security bulletin, MS15-135. The update is required to fix multiple vulnerabilities. The flaws are present in the windows, which fails to handle kernel memory objects. Successful exploitation could allow attackers to run arbitrar ...

oval:org.secpod.oval:def:32861
The host is missing a critical security update according to Microsoft security bulletin, MS16-013. The update is required to fix a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle a crafted journal file. Successful exploitation allows attackers to ...

oval:org.secpod.oval:def:32870
The host is installed with Microsoft Windows 8.1, 10, Server 2012 or 2012 R2 and is prone to a remote code execution vulnerability. A flaw is present in the Microsoft Windows Reader, which fails to properly handle crafted file. Successful exploitation allows attackers to execute arbitrary code.

oval:org.secpod.oval:def:32867
The host is missing a important security update according to Microsoft security bulletin, MS16-018. The update is required to fix an elevation of privilege vulnerability. A flaw is present in the Windows kernel, which fails to handle specific kernel objects in memory. Successful exploitation could a ...

oval:org.secpod.oval:def:32866
The host is installed with Microsoft Windows 7 SP1, Windows 8.1, Windows 10, Windows Server 2012 or Windows Server 2012 R2 and is prone to an elevation of privilege vulnerability. A flaw is present in the application, which fails to handle objects in memory. Successful exploitation allows attackers ...

oval:org.secpod.oval:def:32869
The host is installed with Microsoft Windows 8.1, Windows 10, Server 2012 or 2012 R2 and is prone to a buffer overflow vulnerability. A flaw is present in the PDF library, which fails to properly handle application programming interface (API) calls. Successful exploitation allows attackers to execut ...

oval:org.secpod.oval:def:32868
The host is installed with Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Server 2012, Windows 8.1, Server 2012 R2 or Windows 10 and is prone to an elevation of privilege vulnerability. A flaw is present in the Windows kernel, which fails to properly handle objects in memory. An atta ...

oval:org.secpod.oval:def:32863
The host is installed with Microsoft Windows Server 2008, Server 2008 R2, Windows Vista, Windows 7, Server 2012, Server 2012 R2, Windows 8.1 or Windows 10 and is prone to an elevation of privilege vulnerability. A flaw is present in the WebDAV, which fails to properly validate input. An attacker who ...

oval:org.secpod.oval:def:32862
The host is installed with Windows journal in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows Server 2012, Windows 8.1, Windows 10 or Windows Server 2012 R2 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to ...

oval:org.secpod.oval:def:32865
The host is missing a critical security update according to Microsoft security bulletin, MS16-017. The update is required to fix an elevation of privilege vulnerability. A flaw is present in the application, which fails to handle objects in memory. Successful exploitation allows attackers to run spe ...

oval:org.secpod.oval:def:32864
The host is missing an important security update according to Microsoft security bulletin, MS16-016. The update is required to fix an elevation of privilege vulnerability. A flaw is present in the WebDAV, which fails to properly validate input. An attacker who successfully exploited this vulnerabili ...

oval:org.secpod.oval:def:32583
The host is installed with Microsoft Edge and is prone to a spoofing vulnerability. A flaw is present in the application, which does not properly parse HTTP responses. An attacker who successfully exploited this vulnerability could trick a user by redirecting them to a specially crafted website.

oval:org.secpod.oval:def:32586
The host is missing an critical security update according to Microsoft security bulletin, MS16-005. The update is required to fix a remote code execution vulnerability. A flaw is present in the Windows Kernel-Mode drivers, which fails to handle objects in memory. Successful exploitation could allow ...

oval:org.secpod.oval:def:32585
The host is installed with Microsoft Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1 or Windows 10 and is prone to a remote code execution vulnerability. A flaw is present in the Windows kernel-mode driver, which fails to properly handle objects in memory. An attacker who succe ...

oval:org.secpod.oval:def:32582
The host is installed with Microsoft Edge and is prone to a spoofing vulnerability. A flaw is present in the application, which does not properly parse HTTP responses. An attacker who successfully exploited this vulnerability could trick a user by redirecting them to a specially crafted website.

oval:org.secpod.oval:def:32581
The host is missing a critical security update according to Microsoft security bulletin, MS16-002. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle a specially crafted webpage. Successful exploitation could allow attackers to exe ...

oval:org.secpod.oval:def:32590
The host is missing a critical security update according to Microsoft security bulletin, MS16-001. The update is required to fix an information disclosure vulnerability. A flaw is present in the application, which fails to handle a crafted web page discloses the contents of its memory. Successful ex ...

oval:org.secpod.oval:def:32593
The host is installed with Internet Explorer 9, 10 or 11 and is prone to an information disclosure vulnerability. A flaw is present in the applications, which fail to properly access objects in memory. An attacker who successfully exploited these vulnerabilities could gain the same user rights as th ...

oval:org.secpod.oval:def:32592
The host is installed with Vbscript or JScript 5.7 or 5.8 scripting engines and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle a crafted web page discloses the contents of its memory. Successful exploitation could allow attackers to execute ...

oval:org.secpod.oval:def:32588
The host is installed with Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8, Server 2012, Windows 8.1, Server 2012 R2 or Windows 10 and is prone to an elevation of privilege vulnerability. A flaw is present in the Windows kernel, which fails to properly handle objects in memo ...

oval:org.secpod.oval:def:32587
The host is missing an important security update according to Microsoft bulletin, MS16-008. The update is required to fix multiple vulnerabilities. The flaws are present in windows kernel, which fails to properly handle objects in memory, certain scenarios involving junction and mount-point creation ...

oval:org.secpod.oval:def:32589
The host is installed with Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8, Server 2012, Windows 8.1, Server 2012 R2 or Windows 10 and is prone to an elevation of privilege vulnerability. A flaw is present in the Windows kernel, which fails to properly handle objects in memo ...

oval:org.secpod.oval:def:32613
The host is installed with Microsoft Windows 10 and is prone to Windows Remote Desktop protocol security bypass vulnerability. A flaw is present in the system, which fails to handle user input. Successful exploitation could allow attackers to bypass intended access restrictions and establish session ...

oval:org.secpod.oval:def:32610
The host is installed with Microsoft Windows Vista SP2, Windows Server 2008 SP2, Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8, Windows Server 2012, Windows 8.1, Windows Server 2012 R2 or Windows 10 and is prone to remote code execution vulnerability via a crafted file. A flaw is present in t ...

oval:org.secpod.oval:def:32612
The host is installed with Windows 7 SP1, Windows 8, Windows 8.1 or Windows Server 2012 R2 and is prone to remote code execution vulnerability. A flaw is present in the system, which fails to load DLL file. Successful exploitation could allow attackers to gain privileges via a crafted application.

oval:org.secpod.oval:def:32611
The host is installed with Microsoft Windows Vista SP2, Windows Server 2008 SP2, Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8, Windows Server 2012, Windows 8.1, Windows Server 2012 R2 or Windows 10 and is prone to remote code execution vulnerability. A flaw is present in the system, which fa ...

oval:org.secpod.oval:def:32609
The host is installed with Microsoft Windows Vista SP2, Windows Server 2008 SP2, Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8, Windows 8.1, Windows Server 2012 R2 or Windows 10 and is prone to privilege escalation vulnerability. A flaw is present in the system, which fails to load DLL file p ...

oval:org.secpod.oval:def:32608
The host is missing an important security update according to Microsoft security bulletin, MS16-007. The update is required to fix multiple remote code execution vulnerabilities. The flaws are present in the operation system, which fail to load DLL files while processing. An attacker who successfull ...

oval:org.secpod.oval:def:32896
The host is missing a critical security update according to Microsoft security bulletin, MS16-011. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to properly handle exceptions when dispatching certain window messages. Successfully exploi ...

oval:org.secpod.oval:def:32895
The host is missing a critical security update according to Microsoft security bulletin, APSB16-04. The update is required to fix multiple vulnerabilities. The flaws are present in the applications, which fail to properly handle unknown vectors. Successful exploitation could allow attackers to execu ...

oval:org.secpod.oval:def:32898
The host is installed with Internet Explorer 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could corrupt memory, execute arbitrary code i ...

oval:org.secpod.oval:def:32897
The host is missing a critical security update according to Microsoft security bulletin, MS16-009. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to properly handle objects in memory. Successful exploitation could allow attackers to corr ...

oval:org.secpod.oval:def:32892
The host is installed with Adobe Flash Player before 18.0.0.329, 19.x, 20.x before 20.0.0.306, Adobe AIR before 20.0.0.260, Internet Explorer 10, Internet Explorer 11 or Microsoft Edge and is prone to a buffer overflow vulnerability. A flaw is present in the applications, which fail to properly hand ...

oval:org.secpod.oval:def:32891
The host is installed with Adobe Flash Player before 18.0.0.329, 19.x, 20.x before 20.0.0.306, Adobe AIR before 20.0.0.260, Internet Explorer 10, Internet Explorer 11 or Microsoft Edge and is prone to a memory corruption vulnerability. A flaw is present in the applications, which fail to properly ha ...

oval:org.secpod.oval:def:32894
The host is missing a critical update according to Adobe advisory, APSB16-04. The update is required to fix multiple vulnerabilities. The flaws are present in the applications, which fail to properly handle unknown vectors. Successful exploitation could allow attackers to execute arbitrary code.

oval:org.secpod.oval:def:32893
The host is installed with Adobe Flash Player before 18.0.0.329, 19.x, 20.x before 20.0.0.306, Adobe AIR before 20.0.0.260, Internet Explorer 10, Internet Explorer 11 or Microsoft Edge and is prone to a type confusion vulnerability. A flaw is present in the applications, which fail to properly handl ...

oval:org.secpod.oval:def:32890
The host is installed with Adobe Flash Player before 18.0.0.329, 19.x, 20.x before 20.0.0.306, Adobe AIR before 20.0.0.260, Internet Explorer 10, Internet Explorer 11 or Microsoft Edge and is prone to a memory corruption vulnerability. A flaw is present in the applications, which fail to properly ha ...

oval:org.secpod.oval:def:32889
The host is installed with Adobe Flash Player before 18.0.0.329, 19.x, 20.x before 20.0.0.306, Adobe AIR before 20.0.0.260, Internet Explorer 10, Internet Explorer 11 or Microsoft Edge and is prone to a memory corruption vulnerability. A flaw is present in the applications, which fail to properly ha ...

oval:org.secpod.oval:def:32888
The host is installed with Adobe Flash Player before 18.0.0.329, 19.x, 20.x before 20.0.0.306, Adobe AIR before 20.0.0.260, Internet Explorer 10, Internet Explorer 11 or Microsoft Edge and is prone to a memory corruption vulnerability. A flaw is present in the applications, which fail to properly ha ...

oval:org.secpod.oval:def:32885
The host is installed with Adobe Flash Player before 18.0.0.329, 19.x, 20.x before 20.0.0.306, Adobe AIR before 20.0.0.260, Internet Explorer 10, Internet Explorer 11 or Microsoft Edge and is prone to a memory corruption vulnerability. A flaw is present in the applications, which fail to properly ha ...

oval:org.secpod.oval:def:32884
The host is installed with Adobe Flash Player before 18.0.0.329, 19.x, 20.x before 20.0.0.306, Adobe AIR before 20.0.0.260, Internet Explorer 10, Internet Explorer 11 or Microsoft Edge and is prone to a memory corruption vulnerability. A flaw is present in the applications, which fail to properly ha ...

oval:org.secpod.oval:def:32887
The host is installed with Adobe Flash Player before 18.0.0.329, 19.x, 20.x before 20.0.0.306, Adobe AIR before 20.0.0.260, Internet Explorer 10, Internet Explorer 11 or Microsoft Edge and is prone to a memory corruption vulnerability. A flaw is present in the applications, which fail to properly ha ...

oval:org.secpod.oval:def:32886
The host is installed with Adobe Flash Player before 18.0.0.329, 19.x, 20.x before 20.0.0.306, Adobe AIR before 20.0.0.260, Internet Explorer 10, Internet Explorer 11 or Microsoft Edge and is prone to a memory corruption vulnerability. A flaw is present in the applications, which fail to properly ha ...

oval:org.secpod.oval:def:32881
The host is installed with Adobe Flash Player before 18.0.0.329, 19.x, 20.x before 20.0.0.306, Adobe AIR before 20.0.0.260, Internet Explorer 10, Internet Explorer 11 or Microsoft Edge and is prone to a memory corruption vulnerability. A flaw is present in the applications, which fail to properly ha ...

oval:org.secpod.oval:def:32880
The host is installed with Adobe Flash Player before 18.0.0.329, 19.x, 20.x before 20.0.0.306, Adobe AIR before 20.0.0.260, Internet Explorer 10, Internet Explorer 11 or Microsoft Edge and is prone to a memory corruption vulnerability. A flaw is present in the applications, which fail to properly ha ...

oval:org.secpod.oval:def:32883
The host is installed with Adobe Flash Player before 18.0.0.329, 19.x, 20.x before 20.0.0.306, Adobe AIR before 20.0.0.260, Internet Explorer 10, Internet Explorer 11 or Microsoft Edge and is prone to a memory corruption vulnerability. A flaw is present in the applications, which fail to properly ha ...

oval:org.secpod.oval:def:32882
The host is installed with Adobe Flash Player before 18.0.0.329, 19.x, 20.x before 20.0.0.306, Adobe AIR before 20.0.0.260, Internet Explorer 10, Internet Explorer 11 or Microsoft Edge and is prone to a memory corruption vulnerability. A flaw is present in the applications, which fail to properly ha ...

oval:org.secpod.oval:def:32878
The host is installed with Adobe Flash Player before 18.0.0.329, 19.x, 20.x before 20.0.0.306, Adobe AIR before 20.0.0.260, Internet Explorer 10, Internet Explorer 11 or Microsoft Edge and is prone to a memory corruption vulnerability. A flaw is present in the applications, which fail to properly ha ...

oval:org.secpod.oval:def:32877
The host is installed with Adobe Flash Player before 18.0.0.329, 19.x, 20.x before 20.0.0.306, Adobe AIR before 20.0.0.260, Internet Explorer 10, Internet Explorer 11 or Microsoft Edge and is prone to an use-after-free vulnerability. A flaw is present in the applications, which fail to properly hand ...

oval:org.secpod.oval:def:32879
The host is installed with Adobe Flash Player before 18.0.0.329, 19.x, 20.x before 20.0.0.306, Adobe AIR before 20.0.0.260, Internet Explorer 10, Internet Explorer 11 or Microsoft Edge and is prone to a memory corruption vulnerability. A flaw is present in the applications, which fail to properly ha ...

oval:org.secpod.oval:def:32874
The host is installed with Adobe Flash Player before 18.0.0.329, 19.x, 20.x before 20.0.0.306, Adobe AIR before 20.0.0.260, Internet Explorer 10, Internet Explorer 11 or Microsoft Edge and is prone to an use-after-free vulnerability. A flaw is present in the applications, which fail to properly hand ...

oval:org.secpod.oval:def:32873
The host is installed with Adobe Flash Player before 18.0.0.329, 19.x, 20.x before 20.0.0.306, Adobe AIR before 20.0.0.260, Internet Explorer 10, Internet Explorer 11 or Microsoft Edge and is prone to an use-after-free vulnerability. A flaw is present in the applications, which fail to properly hand ...

oval:org.secpod.oval:def:32876
The host is installed with Adobe Flash Player before 18.0.0.329, 19.x, 20.x before 20.0.0.306, Adobe AIR before 20.0.0.260, Internet Explorer 10, Internet Explorer 11 or Microsoft Edge and is prone to an use-after-free vulnerability. A flaw is present in the applications, which fail to properly hand ...

oval:org.secpod.oval:def:32875
The host is installed with Adobe Flash Player before 18.0.0.329, 19.x, 20.x before 20.0.0.306, Adobe AIR before 20.0.0.260, Internet Explorer 10, Internet Explorer 11 or Microsoft Edge and is prone to an use-after-free vulnerability. A flaw is present in the applications, which fail to properly hand ...

oval:org.secpod.oval:def:32872
The host is installed with Adobe Flash Player before 18.0.0.329, 19.x, 20.x before 20.0.0.306, Adobe AIR before 20.0.0.260, Internet Explorer 10, Internet Explorer 11 or Microsoft Edge and is prone to an use-after-free vulnerability. A flaw is present in the applications, which fail to properly hand ...

oval:org.secpod.oval:def:32871
The host is missing a critical security update according to Microsoft security bulletin, MS16-012. The update is required to fix a remote code execution vulnerability. A flaw is present in the Microsoft Windows Reader, which fails to properly handle crafted file. Successful exploitation allows attac ...

oval:org.secpod.oval:def:32911
The host is installed with Internet Explorer 9, 10 or 11 or Microsoft Edge and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle crafted website or improperly accesses objects in memory. An attacker who successfully exploited this vulnerabilit ...

oval:org.secpod.oval:def:32910
The host is installed with Internet Explorer 11 or Microsoft Edge and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle crafted website or improperly accesses objects in memory. An attacker who successfully exploited this vulnerability could c ...

oval:org.secpod.oval:def:32913
The host is missing a critical security update according to Microsoft security bulletin, MS16-014. The update is required to fix multiple remote code execution vulnerabilities. The flaws are present in the Microsoft Windows, which fails to properly handle crafted file. Successful exploitation could ...

oval:org.secpod.oval:def:32912
The host is installed with Internet Explorer 9, 10 or 11 or Microsoft Edge and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle crafted website or improperly accesses objects in memory. An attacker who successfully exploited this vulnerabilit ...

oval:org.secpod.oval:def:32918
The host is installed with Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Server 2012, Windows 8.1, Server 2012 R2 or Windows 10 and is prone to a security bypass vulnerability. A flaw is present in the Windows, when Kerberos fails to check the password change of a user signing into ...

oval:org.secpod.oval:def:32915
The host is installed with Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Server 2012, Windows 8.1, Server 2012 R2 or Windows 10 and is prone to remote code execution vulnerability. A flaw is present in the Windows, which fails validates input before loading dynamic link library (DLL ...

oval:org.secpod.oval:def:32916
The host is installed with Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Server 2012, Windows 8.1, Server 2012 R2 or Windows 10 and is prone to remote code execution vulnerability. A flaw is present in the Windows, which fails validates input before loading dynamic link library (DLL ...

oval:org.secpod.oval:def:32900
The host is installed with Internet Explorer 9, 10 or 11 and is prone to a elevation of privilege vulnerability. A flaw is present in the application, which fails to properly handle cross-domain policies. Successfully exploitation allows remote attackers to access information from one domain and inj ...

oval:org.secpod.oval:def:32902
The host is installed with Internet Explorer 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could corrupt memory, execute arbitrary code i ...

oval:org.secpod.oval:def:32901
The host is installed with Internet Explorer 9, 10 or 11 and is prone to a elevation of privilege vulnerability. A flaw is present in the application, which fails to properly handle cross-domain policies. Successfully exploitation allows remote attackers to access information from one domain and inj ...

oval:org.secpod.oval:def:32908
The host is installed with Internet Explorer 9, 10 or 11 or Microsoft Edge and is prone to a spoofing vulnerability. A flaw is present in the application, which fails to properly parse HTTP responses. An attacker who successfully exploited this vulnerability could trick a user by redirecting them to ...

oval:org.secpod.oval:def:32907
The host is installed with Microsoft Edge and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could corrupt memory, execute arbitrary code in the context o ...

oval:org.secpod.oval:def:32909
The host is installed with Internet Explorer 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could corrupt memory, execute arbitrary code i ...

oval:org.secpod.oval:def:32904
The host is installed with Internet Explorer 9, 10 or 11 and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to properly handle Hyperlink Object Library. Successfully exploitation allows remote attackers to obtain information to further compromi ...

oval:org.secpod.oval:def:32906
The host is installed with Microsoft Edge and is prone to an ASLR bypass vulnerability. A flaw is present in the application, which fails to properly handle exceptions when dispatching certain window messages. Successfully exploitation allows an attacker to probe the layout of the address space and ...

oval:org.secpod.oval:def:33310
The host is installed with Adobe Flash Player before 18.0.0.333, 19.x, 20.x before 21.0.0.182, Adobe AIR before 21.0.0.176, Internet Explorer 10, Internet Explorer 11 or Microsoft Edge and is prone to an use-after-free vulnerability. A flaw is present in the applications, which fail to properly hand ...

oval:org.secpod.oval:def:33311
The host is installed with Adobe Flash Player before 18.0.0.333, 19.x, 20.x before 21.0.0.182, Adobe AIR before 21.0.0.176, Internet Explorer 10, Internet Explorer 11 or Microsoft Edge and is prone to an use-after-free vulnerability. A flaw is present in the applications, which fail to properly hand ...

oval:org.secpod.oval:def:33307
The host is installed with Adobe Flash Player before 18.0.0.333, 19.x, 20.x before 21.0.0.182, Adobe AIR before 21.0.0.176, Internet Explorer 10, Internet Explorer 11 or Microsoft Edge and is prone to an use-after-free vulnerability. A flaw is present in the applications, which fail to properly hand ...

oval:org.secpod.oval:def:33306
The host is installed with Adobe Flash Player before 18.0.0.333, 19.x, 20.x before 21.0.0.182, Adobe AIR before 21.0.0.176, Internet Explorer 10, Internet Explorer 11 or Microsoft Edge and is prone to an use-after-free vulnerability. A flaw is present in the applications, which fail to properly hand ...

oval:org.secpod.oval:def:33309
The host is installed with Adobe Flash Player before 18.0.0.333, 19.x, 20.x before 21.0.0.182, Adobe AIR before 21.0.0.176, Internet Explorer 10, Internet Explorer 11 or Microsoft Edge and is prone to an use-after-free vulnerability. A flaw is present in the applications, which fail to properly hand ...

oval:org.secpod.oval:def:33308
The host is installed with Adobe Flash Player before 18.0.0.333, 19.x, 20.x before 21.0.0.182, Adobe AIR before 21.0.0.176, Internet Explorer 10, Internet Explorer 11 or Microsoft Edge and is prone to an use-after-free vulnerability. A flaw is present in the applications, which fail to properly hand ...

oval:org.secpod.oval:def:33303
The host is installed with Adobe Flash Player before 18.0.0.333, 19.x, 20.x before 21.0.0.182, Adobe AIR before 21.0.0.176, Internet Explorer 10, Internet Explorer 11 or Microsoft Edge and is prone to a memory corruption vulnerability. A flaw is present in the applications, which fail to properly ha ...

oval:org.secpod.oval:def:33305
The host is installed with Adobe Flash Player before 18.0.0.333, 19.x, 20.x before 21.0.0.182, Adobe AIR before 21.0.0.176, Internet Explorer 10, Internet Explorer 11 or Microsoft Edge and is prone to an use-after-free vulnerability. A flaw is present in the applications, which fail to properly hand ...

oval:org.secpod.oval:def:33304
The host is installed with Adobe Flash Player before 18.0.0.333, 19.x, 20.x before 21.0.0.182, Adobe AIR before 21.0.0.176, Internet Explorer 10, Internet Explorer 11 or Microsoft Edge and is prone to a heap overflow vulnerability. A flaw is present in the applications, which fail to properly handle ...

oval:org.secpod.oval:def:33300
The host is installed with Adobe Flash Player before 18.0.0.333, 19.x, 20.x before 21.0.0.182, Adobe AIR before 21.0.0.176, Internet Explorer 10, Internet Explorer 11 or Microsoft Edge and is prone to a memory corruption vulnerability. A flaw is present in the applications, which fail to properly ha ...

oval:org.secpod.oval:def:33260
The host is installed with Microsoft Edge, Internet Explorer 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which improperly accesses objects in memory. Successfully exploitation can corrupt memory in such a way that an attacker could execute arb ...

oval:org.secpod.oval:def:33262
The host is installed with .NET Framework 2.0 SP2, 3.0, 3.5, 3.5.1, 4.5.2, 4.6 or 4.6.1 and is prone to a security feature bypass vulnerability. A flaw is present in the .NET Framework component, which does not properly validate certain elements of a signed XML document. Successful exploitation allo ...

oval:org.secpod.oval:def:33261
The host is missing a important security update according to Microsoft security bulletin, MS16-035. The update is required to fix a security feature bypass vulnerability. The flaw is present in the .NET Framework, which does not properly validate certain elements of a signed XML document. Successful ...

oval:org.secpod.oval:def:33259
The host is installed with Microsoft Edge or Internet Explorer 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which improperly accesses objects in memory. Successfully exploitation can corrupt memory in such a way that an attacker could execute arbitrary ...

oval:org.secpod.oval:def:33255
The host is installed with Internet Explorer 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which improperly accesses objects in memory. Successfully exploitation can corrupt memory in such a way that an attacker could execute arbitrary code in t ...

oval:org.secpod.oval:def:33254
The host is installed with Internet Explorer 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which improperly accesses objects in memory. Successfully exploitation can corrupt memory in such a way that an attacker could execute arbitrary code in the contex ...

oval:org.secpod.oval:def:33251
The host is installed with Microsoft Edge, Internet Explorer 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which improperly accesses objects in memory. Successfully exploitation can corrupt memory in such a way that an attacker could execute arb ...

oval:org.secpod.oval:def:33250
The host is installed with Internet Explorer 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which improperly accesses objects in memory. Successfully exploitation can corrupt memory in such a way that an attacker could execute arbitrary code in t ...

oval:org.secpod.oval:def:33253
The host is installed with Microsoft Edge or Internet Explorer 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which improperly accesses objects in memory. Successfully exploitation can corrupt memory in such a way that an attacker could execute arbitrary ...

oval:org.secpod.oval:def:33252
The host is installed with Microsoft Edge, Internet Explorer 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which improperly accesses objects in memory. Successfully exploitation can corrupt memory in such a way that an attacker could execute arbitr ...

oval:org.secpod.oval:def:33244
The host is installed with Microsoft Edge and is prone to an information disclosure vulnerability. A flaw is present in the application, which improperly accesses objects in memory. Successfully exploitation can corrupt memory in such a way that an attacker could execute arbitrary code in the contex ...

oval:org.secpod.oval:def:33246
The host is installed with Microsoft Edge and is prone to a memory corruption vulnerability. A flaw is present in the application, which improperly accesses objects in memory. Successfully exploitation can corrupt memory in such a way that an attacker could execute arbitrary code in the context of t ...

oval:org.secpod.oval:def:33245
The host is installed with Microsoft Edge and is prone to a memory corruption vulnerability. A flaw is present in the application, which improperly accesses objects in memory. Successfully exploitation can corrupt memory in such a way that an attacker could execute arbitrary code in the context of t ...

oval:org.secpod.oval:def:33240
The host is missing a critical security update according to Microsoft security bulletin, MS16-024. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which improperly accesses objects in memory. Successfully exploitation can corrupt memory in such a way ...

oval:org.secpod.oval:def:33242
The host is installed with Microsoft Edge and is prone to a memory corruption vulnerability. A flaw is present in the application, which improperly accesses objects in memory. Successfully exploitation can corrupt memory in such a way that an attacker could execute arbitrary code in the context of t ...

oval:org.secpod.oval:def:33241
The host is missing a critical security update according to Microsoft security bulletin, MS16-023. The update is required to fix multiple memory corruption vulnerabilities. The flaws are present in the application, which improperly accesses objects in memory. Successfully exploitation can corrupt me ...

oval:org.secpod.oval:def:33237
The host is missing a critical security update according to Microsoft security bulletin, MS16-028. The update is required to fix multiple remote code execution vulnerabilities. The flaws are present in the Microsoft Windows PDF Library, which fails to properly handle specially crafted .pdf file. An ...

oval:org.secpod.oval:def:33239
The host is installed with Microsoft Windows 10 and is prone to a remote code execution vulnerability. A flaw is present in the Microsoft Windows PDF Library, which fails to properly handle specially crafted .pdf file. An attacker who successfully exploited this vulnerability could cause arbitrary c ...

oval:org.secpod.oval:def:33238
The host is installed with Microsoft Windows 8.1, 10, Server 2012 or 2012 R2 and is prone to a remote code execution vulnerability. A flaw is present in the Microsoft Windows PDF Library, which fails to properly handle specially crafted .pdf file. An attacker who successfully exploited this vulnerab ...

oval:org.secpod.oval:def:33292
The host is installed with Adobe Flash Player before 18.0.0.333, 19.x, 20.x before 21.0.0.182, Adobe AIR before 21.0.0.176, Internet Explorer 10, Internet Explorer 11 or Microsoft Edge and is prone to a memory corruption vulnerability. A flaw is present in the applications, which fail to properly ha ...

oval:org.secpod.oval:def:33299
The host is installed with Adobe Flash Player before 18.0.0.333, 19.x, 20.x before 21.0.0.182, Adobe AIR before 21.0.0.176, Internet Explorer 10, Internet Explorer 11 or Microsoft Edge and is prone to a memory corruption vulnerability. A flaw is present in the applications, which fail to properly ha ...

oval:org.secpod.oval:def:33298
The host is installed with Adobe Flash Player before 18.0.0.333, 19.x, 20.x before 21.0.0.182, Adobe AIR before 21.0.0.176, Internet Explorer 10, Internet Explorer 11 or Microsoft Edge and is prone to a memory corruption vulnerability. A flaw is present in the applications, which fail to properly ha ...

oval:org.secpod.oval:def:33297
The host is installed with Adobe Flash Player before 18.0.0.333, 19.x, 20.x before 21.0.0.182, Adobe AIR before 21.0.0.176, Internet Explorer 10, Internet Explorer 11 or Microsoft Edge and is prone to a memory corruption vulnerability. A flaw is present in the applications, which fail to properly ha ...

oval:org.secpod.oval:def:33233
The host is installed with Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Server 2012, Windows 8.1, Server 2012 R2 or Windows 10 and is prone to an elevation of privilege vulnerability. A flaw is present in the Windows kernel, which fails to properly handle objects in memory. ...

oval:org.secpod.oval:def:33232
The host is installed with Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Server 2012, Windows 8.1, Server 2012 R2 or Windows 10 and is prone to an elevation of privilege vulnerability. A flaw is present in the Windows kernel, which fails to properly handle objects in memory. ...

oval:org.secpod.oval:def:33234
The host is installed with Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Server 2012, Windows 8.1, Server 2012 R2 or Windows 10 and is prone to an elevation of privilege vulnerability. A flaw is present in the Windows kernel, which fails to properly handle objects in memory. ...

oval:org.secpod.oval:def:33231
The host is installed with Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Server 2012, Windows 8.1, Server 2012 R2 or Windows 10 and is prone to an elevation of privilege vulnerability. A flaw is present in the Windows Kernel, which fails to properly handle objects in memory. ...

oval:org.secpod.oval:def:33230
The host is missing a important security update according to Microsoft security bulletin, MS16-034. The update is required to fix multiple elevation of privilege vulnerabilities. The flaws are present in the Windows Kernel, which fails to handle specific Kernel objects in memory. Successful exploita ...

oval:org.secpod.oval:def:33229
The host is installed with Microsoft Windows Server 2008, 2008 R2, 2012, 2012 R2, Windows Vista, 7, 8.1 or 10 and is prone to a denial of service vulnerability. A flaw is present in the application, which improperly handles specially crafted document and specially crafted embedded OpenType fonts. An ...

oval:org.secpod.oval:def:33226
The host is missing a important security update according to Microsoft security bulletin, MS16-032. The update is required to fix an elevation of privilege vulnerability. A flaw is present in the Secondary Logon Service in Microsoft Windows, which fails to properly manage request handles in memory. ...

oval:org.secpod.oval:def:33225
The host is installed with Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Server 2012, Windows 8.1, Server 2012 R2 or Windows 10 and is prone to an elevation of privilege vulnerability. A flaw is present in the Secondary Logon Service in Microsoft Windows, which fails to properly man ...

oval:org.secpod.oval:def:33228
The host is installed with Microsoft Windows Server 2008, 2008 R2, 2012, 2012 R2, Windows Vista, 7, 8.1 or 10 and is prone to a remote code execution vulnerability. A flaw is present in the application, which improperly handles specially crafted fonts. An attacker who successfully exploited this vul ...

oval:org.secpod.oval:def:33227
The host is missing a important security update according to Microsoft security bulletin, MS16-026. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which improperly handles specially crafted fonts. An attacker who successfully exploited this vulnerab ...

oval:org.secpod.oval:def:33222
The host is missing an important security update according to Microsoft security bulletin, MS16-030. The update is required to fix remote code execution vulnerabilities. The flaws are present in the Windows OLE, which fails to properly validate user input. Successful exploitation could allow attacke ...

oval:org.secpod.oval:def:33221
The host is installed with Microsoft Windows Server 2008, Server 2008 R2, Windows Vista, Windows 7, Server 2012, Server 2012 R2, Windows 8.1 or Windows 10 and is prone to a remote code execution vulnerability. A flaw is present in the Windows OLE, which fails to properly validate user input. Success ...

oval:org.secpod.oval:def:33224
The host is missing an important security update according to Microsoft security bulletin, MS16-033. The update is required to fix an elevation of privilege vulnerability. A flaw is present in USB Mass Storage, which fails to properly validate objects in memory. Successful exploitation could allow a ...

oval:org.secpod.oval:def:33223
The host is installed with Microsoft Windows Server 2008, Server 2008 R2, Windows Vista, Windows 7, Server 2012, Server 2012 R2, Windows 8.1 or Windows 10 and is prone to an elevation of privilege vulnerability. A flaw is present in USB Mass Storage, which fails to properly validate objects in memor ...

oval:org.secpod.oval:def:33220
The host is installed with Microsoft Windows Server 2008, Server 2008 R2, Windows Vista, Windows 7, Server 2012, Server 2012 R2, Windows 8.1 or Windows 10 and is prone to a remote code execution vulnerability. A flaw is present in the Windows OLE, which fails to properly validate user input. Success ...

oval:org.secpod.oval:def:33219
The host is installed with Microsoft Windows and is prone to remote code execution vulnerability. A flaw is present in the Microsoft Windows Media Parsing, which fails to handle specially crafted media content that is hosted on a website. Successful exploitation could allow attackers to take control ...

oval:org.secpod.oval:def:33218
The host is installed with Microsoft Windows and is prone to remote code execution vulnerability. A flaw is present in the Microsoft Windows Media Parsing, which fails to handle specially crafted media content that is hosted on a website. Successful exploitation could allow attackers to take control ...

oval:org.secpod.oval:def:33217
The host is missing a important security update according to Microsoft security bulletin, MS16-027. The update is required to fix multiple remote code execution vulnerabilities. The flaws are present in the Windows Media Parsing, which fails to handle specially crafted media content that is hosted o ...

oval:org.secpod.oval:def:33320
The host is missing a critical update according to Adobe advisory, MS16-036. The update is required to fix multiple vulnerabilities. The flaws are present in the applications, which fail to properly handle unknown vectors. Successful exploitation could allow attackers to execute arbitrary code.

oval:org.secpod.oval:def:33318
The host is installed with Adobe Flash Player before 18.0.0.333, 19.x, 20.x before 21.0.0.182, Adobe AIR before 21.0.0.176, Internet Explorer 10, Internet Explorer 11 or Microsoft Edge and is prone to an integer overflow vulnerability. A flaw is present in the applications, which fail to properly ha ...

oval:org.secpod.oval:def:33317
The host is installed with Adobe Flash Player before 18.0.0.333, 19.x, 20.x before 21.0.0.182, Adobe AIR before 21.0.0.176, Internet Explorer 10, Internet Explorer 11 or Microsoft Edge and is prone to an integer overflow vulnerability. A flaw is present in the applications, which fail to properly ha ...

oval:org.secpod.oval:def:33316
The host is installed with Adobe Flash Player before 18.0.0.333, 19.x, 20.x before 21.0.0.182, Adobe AIR before 21.0.0.176, Internet Explorer 10, Internet Explorer 11 or Microsoft Edge and is prone to an integer overflow vulnerability. A flaw is present in the applications, which fail to properly ha ...

oval:org.secpod.oval:def:33790
The host is missing a important security update according to Microsoft security bulletin, MS16-047. The update is required to fix SAM and LSAD downgrade vulnerability. A flaw is present in the Security Account Manager (SAM) and Local Security Authority (Domain Policy) (LSAD) remote protocols, which ...

oval:org.secpod.oval:def:33787
The host is installed with Windows 10 and is prone to an elevation of privilege vulnerability. A flaw is present in the Secondary Logon Service in Microsoft Windows, which fails to properly manage request handles in memory. An attacker who successfully exploited this vulnerability could run arbitrar ...

oval:org.secpod.oval:def:33789
The host is installed with Microsoft Windows Vista SP2, Windows Server 2008 SP2, Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1, Windows Server 2012 R2 or Windows 10 and is prone to SAM and LSAD downgrade vulnerability. A flaw is present in the Security Account Manager (SAM) and Local Securi ...

oval:org.secpod.oval:def:33788
The host is missing a important security update according to Microsoft security bulletin, MS16-046. The update is required to fix an elevation of privilege vulnerability. A flaw is present in the Secondary Logon Service in Microsoft Windows, which fails to properly manage request handles in memory. ...

oval:org.secpod.oval:def:33798
The host is installed with Microsoft XML Core Services 3.0 in Microsoft Windows Server 2012, Windows server2012 R2, Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 10 or Windows 8.1 and is prone to a remote code execution vulnerability. A flaw is present in the application, wh ...

oval:org.secpod.oval:def:33797
The host is missing a critical security update according to Microsoft security bulletin, MS16-040. The update is required to fix a remote code execution vulnerability. A flaw is present in the application, which fails to handle parser while processing user input. Successful exploitation could allow ...

oval:org.secpod.oval:def:33799
The host is missing an important security update according to Microsoft security bulletin, MS16-048. The update is required to fix a CSRSS security feature bypass vulnerability. A flaw is present in the Client-Server Run-time Subsystem (CSRSS), which fails to properly manage process tokens in memory ...

oval:org.secpod.oval:def:33813
The host is missing a critical security update according to Microsoft security bulletin, MS16-037. The update is required to fix multiple memory corruption vulnerabilities. The flaws are present in the application, which improperly accesses objects in memory. Successfully exploitation can corrupt me ...

oval:org.secpod.oval:def:33812
The host is missing a critical security update according to Microsoft security bulletin, MS16-038. The update is required to fix multiple memory corruption vulnerabilities. The flaws are present in the application, which improperly accesses objects in memory. Successfully exploitation can corrupt me ...

oval:org.secpod.oval:def:33811
The host is installed with Microsoft Edge, Internet Explorer 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which improperly accesses objects in memory. Successfully exploitation can corrupt memory in such a way that an attacker could execute arb ...

oval:org.secpod.oval:def:33817
The host is installed with Microsoft Windows 10 and is prone to a denial of service vulnerability. A flaw is present in the application, which improperly parses specially crafted HTTP 2.0 requests. Successful exploitation could allow an attacker to create a denial of service condition, causing the t ...

oval:org.secpod.oval:def:33816
The host is missing an important security update according to Microsoft security bulletin, MS16-049. The update is required to fix a denial of service vulnerability. A flaw is present in the application, which improperly parses specially crafted HTTP 2.0 requests. Successful exploitation could allow ...

oval:org.secpod.oval:def:33802
The host is installed with Microsoft Edge and is prone to an elevation of privilege vulnerability. A flaw is present in the application, which improperly enforce cross-domain policies. Successfully exploitation could allow an attacker to access information from one domain and inject it into another ...

oval:org.secpod.oval:def:33801
The host is installed with Microsoft Edge and is prone to an elevation of privilege vulnerability. A flaw is present in the application, which improperly enforce cross-domain policies. Successfully exploitation could allow an attacker to access information from one domain and inject it into another ...

oval:org.secpod.oval:def:33804
The host is installed with Microsoft Edge and is prone to a memory corruption vulnerability. A flaw is present in the application, which improperly accesses objects in memory. Successfully exploitation can corrupt memory in such a way that an attacker could execute arbitrary code in the context of t ...

oval:org.secpod.oval:def:33803
The host is installed with Microsoft Edge and is prone to a memory corruption vulnerability. A flaw is present in the application, which improperly accesses objects in memory. Successfully exploitation can corrupt memory in such a way that an attacker could execute arbitrary code in the context of t ...

oval:org.secpod.oval:def:33800
The host is installed with Microsoft Windows Server 2012, Windows 8.1, Server 2012 R2 or Windows 10 and is prone to a CSRSS security feature bypass vulnerability. A flaw is present in the Client-Server Run-time Subsystem (CSRSS), which fails to properly manage process tokens in memory. An attacker w ...

oval:org.secpod.oval:def:33809
The host is installed with Internet Explorer 11 and is prone to a remote code execution vulnerability. A flaw is present in the application, which improperly validates input before loading dynamic link library (DLL) files. Successfully exploitation could take control of an affected system.

oval:org.secpod.oval:def:33806
The host is installed with Internet Explorer 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which improperly accesses objects in memory. Successfully exploitation can corrupt memory in such a way that an attacker could execute arbitrary code in the contex ...

oval:org.secpod.oval:def:33808
The host is installed with Internet Explorer 9, 10 or 11 and is prone to an information disclosure vulnerability. A flaw is present in the application, which does not properly handle JavaScript. Successfully exploitation allow an attacker to detect specific files on the user's computer, In web-based ...

oval:org.secpod.oval:def:34329
The host is installed with .NET Framework 2.0 SP2, 3.5.1, 4.5.2, 4.6 or 4.6.1 and is prone to a TLS/SSL information disclosure vulnerability. A flaw is present in the TLS/SSL protocol, which fails to properly handle an injection of unencrypted data into the secure channel and then man-in-the-middle ...

oval:org.secpod.oval:def:34327
The host is installed with Microsoft Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8.1, Windows 10, Server 2012 or 2012 R2 and is prone to an information disclosure vulnerability. A flaw is present in the Windows GDI component, which improperly discloses the contents ...

oval:org.secpod.oval:def:34328
The host is installed with Microsoft Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8.1, Windows 10, Server 2012 or 2012 R2 and is prone to an information disclosure vulnerability. A flaw is present in the Windows GDI component, which improperly discloses the contents ...

oval:org.secpod.oval:def:34325
The host is installed with Microsoft Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8.1, Windows 10, Server 2012 or 2012 R2 and is prone to an use-after-free vulnerability. A flaw is present in the Windows GDI component, which fails to handle objects in memory. Succes ...

oval:org.secpod.oval:def:34326
The host is installed with Microsoft Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8.1, Windows 10, Server 2012 or 2012 R2 and is prone to an use-after-free vulnerability. A flaw is present in the Windows GDI component, which fails to handle objects in memory. Succes ...

oval:org.secpod.oval:def:34323
The host is missing an critical security update according to Microsoft security bulletin, MS16-055. The update is required to fix multiple vulnerabilities. A flaw is present in the Windows graphics component, which fails to handle objects in memory. Successful exploitation could allow attackers to o ...

oval:org.secpod.oval:def:34324
The host is installed with Microsoft Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8.1, Server 2012 or 2012 R2 and is prone to a memory corruption vulnerability. A flaw is present in the windows imaging component, which fails to handle objects in memory. Successful e ...

oval:org.secpod.oval:def:34312
The host is installed with Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Server 2012, Windows 8.1, Server 2012 R2 or Windows 10 and is prone to an elevation of privilege vulnerability. A flaw is present in the application, which fails to properly handle parsing of certain symbolic l ...

oval:org.secpod.oval:def:34313
The host is missing an important security update according to Microsoft security bulletin, MS16-060. The update is required to fix an elevation of privilege vulnerability. A flaw is present in the application, which fails to properly handle parsing of certain symbolic links. Successful exploitation ...

oval:org.secpod.oval:def:34310
The host is installed with Microsoft Windows Vista, 7, 8.1, 10, Server 2008, 2008 R2, 2012 or 2012 R2 and is prone to a RPC network data representation engine elevation of privilege vulnerability. A flaw is present in the application, which fails to properly handle specially crafted Remote Procedure ...

oval:org.secpod.oval:def:34311
The host is missing an important security update according to Microsoft security bulletin, MS16-061. The update is required to fix a RPC network data representation engine elevation of privilege vulnerability. A flaw is present in the application, which fails to properly handle specially crafted Rem ...

oval:org.secpod.oval:def:34309
The host is missing an important security update according to Microsoft security bulletin, MS16-066. The update is required to fix a hypervisor code integrity security feature bypass vulnerability. A flaw is present in the application, which incorrectly allows certain kernel-mode pages to be marked ...

oval:org.secpod.oval:def:34308
The host is installed with Windows 10 and is prone to a hypervisor code integrity security feature bypass vulnerability. A flaw is present in the application, which incorrectly allows certain kernel-mode pages to be marked as Read, Write, Execute (RWX) even with Hypervisor Code Integrity (HVCI) enab ...

oval:org.secpod.oval:def:34305
The host is missing a critical security update according to Microsoft security bulletin, MS16-057. The update is required to fix a remote code execution vulnerability. A flaw is present in the application, which fails to handle crafted objects in memory. Successful exploitation could allow attackers ...

oval:org.secpod.oval:def:34304
The host is installed with Windows 8.1, 10 or Server 2012 R2 and is prone to a remote code execution vulnerability. A flaw is present in the application, which fails to handle crafted objects in memory. Successful exploitation could allow attackers to execute arbitrary code or crash the service.

oval:org.secpod.oval:def:33967
The host is installed with Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Server 2012, Windows 8.1, Server 2012 R2 or Windows 10 and is prone to an elevation of privilege vulnerability. A flaw is present in the Windows Kernel, which fails to properly handle objects in memory. ...

oval:org.secpod.oval:def:33966
The host is installed with Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Server 2012, Windows 8.1, Server 2012 R2 or Windows 10 and is prone to an elevation of privilege vulnerability. A flaw is present in the Windows Kernel, which fails to properly handle objects in memory. ...

oval:org.secpod.oval:def:33963
The host is missing a critical security update according to Microsoft security bulletin, MS16-039. The update is required to fix multiple vulnerabilities. The flaws are present in the Windows font library, which improperly handles specially crafted embedded fonts. An attacker who successfully exploi ...

oval:org.secpod.oval:def:33965
The host is installed with Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Server 2012, Windows 8.1, Server 2012 R2 or Windows 10 and is prone to an elevation of privilege vulnerability. A flaw is present in the Windows Kernel, which fails to properly handle objects in memory. ...

oval:org.secpod.oval:def:33964
The host is installed with Microsoft Lync 2010, Microsoft Skype For business 2016, Microsoft Skype For Business Basic 2016, Microsoft Lync Basic 2013, Microsoft Lync 2010 Attendee, .NET Framework 3.0 SP2, 3.5, 3.5.1, Microsoft live meeting 2007, Microsoft Live Meeting 2007 Add-In, Microsoft Office 2 ...

oval:org.secpod.oval:def:35571
The host is missing an important security update according to Microsoft security bulletin, MS16-072. The update is required to fix a group policy elevation of privilege vulnerability. A flaw is present in the group policy, which fails to properly handle group policy updates process. An attacker who ...

oval:org.secpod.oval:def:35572
The host is installed with Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Server 2012, Windows 8.1, Server 2012 R2 or Windows 10 and is prone to a group policy elevation of privilege vulnerability. A flaw is present in the group policy, which fails to properly handle group po ...

oval:org.secpod.oval:def:35590
The host is installed with Microsoft Windows 10 and is prone to an elevation of privilege vulnerability. A flaw is present in the microsoft graphics component, which fails to handle objects in memory. Successful exploitation could run processes in an elevated context.

oval:org.secpod.oval:def:35597
The host is missing an important security update according to Microsoft security bulletin, MS16-082. The update is required to fix a denial of service vulnerability. A flaw is present in the Windows search component, which fails to properly handle objects in memory. An attacker who successfully expl ...

oval:org.secpod.oval:def:35596
The host is installed with Windows 7 SP1, Server 2008 R2 SP1, Server 2012, Windows 8.1, Server 2012 R2 or Windows 10 and is prone to a denial of service vulnerability. A flaw is present in the Windows search component, which fails to properly handle objects in memory. An attacker who successfully ex ...

oval:org.secpod.oval:def:35580
The host is missing an important security update according to Microsoft security bulletin, MS16-078. The update is required to fix an elevation of privilege vulnerability. A flaw is present in the application, which fails to properly sanitize input. Successful exploitation could allow attackers to r ...

oval:org.secpod.oval:def:35581
The host is missing an important security update according to Microsoft security bulletin, MS16-073. The update is required to fix multiple vulnerabilities. The flaws are present in the Windows, which fails to properly handle objects in memory and memory addresses. An attacker who successfully explo ...

oval:org.secpod.oval:def:35588
The host is installed with Microsoft Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8.1, Server 2012, Server 2012 R2 or Windows 10 and is prone to an information disclosure vulnerability. A flaw is present in the windows graphics component, which fails to handle objec ...

oval:org.secpod.oval:def:35589
The host is installed with Microsoft Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8.1, Server 2012, Server 2012 R2 or Windows 10 and is prone to an elevation of privilege vulnerability. A flaw is present in the adobe type manager font driver, which fails to handle o ...

oval:org.secpod.oval:def:35587
The host is missing a critical security update according to Microsoft security bulletin, MS16-074. The update is required to fix multiple vulnerabilities. The flaws are present in the windows graphics component, which fails to handle objects in memory. Successful exploitation could allow attackers t ...

oval:org.secpod.oval:def:35582
The host is installed with Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Server 2012, Windows 8.1, Server 2012 R2 or Windows 10 and is prone to an elevation of privilege vulnerability. A flaw is present in the Windows Kernel, which fails to properly handle objects in memory. ...

oval:org.secpod.oval:def:35583
The host is installed with Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Server 2012, Windows 8.1, Server 2012 R2 or Windows 10 and is prone to an elevation of privilege vulnerability. A flaw is present in the Windows Kernel, which fails to properly handle objects in memory. ...

oval:org.secpod.oval:def:35579
The host is installed with Microsoft Windows 10 or Windows 10 Update 1511 and is prone to an elevation of privilege vulnerability. A flaw is present in the application, which fails to properly sanitize input. Successful exploitation could allow attackers to run arbitrary code with elevated privilege ...

oval:org.secpod.oval:def:34356
The host is missing an important security update according to Microsoft security bulletin, MS16-062. The update is required to fix multiple vulnerabilities. A flaw is present in the Windows, which fails to properly handle objects in memory and memory addresses. An attacker who successfully exploited ...

oval:org.secpod.oval:def:34354
The host is installed with Microsoft Server 2008, Server 2008 R2, Windows Vista, Windows 7, Server 2012, Server 2012 R2, Windows 8.1 or Windows 10 and is prone to an elevation of privilege vulnerability. A flaw is present in the application, which fails to handle objects in memory and incorrectly ma ...

oval:org.secpod.oval:def:34355
The host is installed with Microsoft Windows Server 2008 R2, Windows 7, Server 2012, Server 2012 R2, Windows 8.1 or Windows 10 and is prone to an elevation of privilege vulnerability. A flaw is present in the application, which fails to handle objects in memory and incorrectly maps kernel memory. An ...

oval:org.secpod.oval:def:34352
The host is installed with Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Server 2012, Windows 8.1, Server 2012 R2 or Windows 10 and is prone to an elevation of privilege vulnerability. A flaw is present in the Windows Kernel, which fails to properly handle objects in memory. ...

oval:org.secpod.oval:def:34353
The host is installed with Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Server 2012, Windows 8.1, Server 2012 R2 or Windows 10 and is prone to an information disclosure vulnerability. A flaw is present in the Windows Kernel, which fails to properly handle memory addresses. ...

oval:org.secpod.oval:def:34350
The host is installed with Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Server 2012, Windows 8.1, Server 2012 R2 or Windows 10 and is prone to an elevation of privilege vulnerability. A flaw is present in the Windows Kernel, which fails to properly handle objects in memory. ...

oval:org.secpod.oval:def:34351
The host is installed with Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Server 2012, Windows 8.1, Server 2012 R2 or Windows 10 and is prone to an elevation of privilege vulnerability. A flaw is present in the Windows Kernel, which fails to properly handle objects in memory. ...

oval:org.secpod.oval:def:34349
The host is installed with Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Server 2012, Windows 8.1, Server 2012 R2 or Windows 10 and is prone to an elevation of privilege vulnerability. A flaw is present in the Windows Kernel, which fails to properly handle objects in memory. ...

oval:org.secpod.oval:def:34343
The host is installed with Microsoft Windows Vista SP2, Windows 7 SP1, Windows 8.1 or Windows 10 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle a crafted journal file. Successful exploitation allows attackers to execute an arbi ...

oval:org.secpod.oval:def:34341
The host is installed with Microsoft Edge, Internet Explorer 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which improperly accesses objects in memory. Successful exploitation can corrupt memory in such a way that an attacker could execute arbit ...

oval:org.secpod.oval:def:34342
The host is missing a critical security update according to Microsoft security bulletin, MS16-056. The update is required to fix a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle a crafted journal file. Successful exploitation allows attackers to ...

oval:org.secpod.oval:def:34340
The host is installed with Internet Explorer 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which improperly handle objects in memory. Successful exploitation could allow attackers to gain the same user rights as the current user, If the current ...

oval:org.secpod.oval:def:34338
The host is installed with Vbscript 5.7, Internet Explorer 7, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which improperly handles JScript and VBScript engines render when handling objects in memory in Internet Explorer. Successful exploitatio ...

oval:org.secpod.oval:def:34339
The host is installed with Internet Explorer 11 and is prone to a security feature bypass Vulnerability. A flaw is present in the User Mode Code Integrity (UMCI) component of Device Guard, which improperly validates code integrity. Successful exploitation allow an attacker to execute unsigned code t ...

oval:org.secpod.oval:def:34336
The host is installed with Microsoft Edge and is prone to a memory corruption vulnerability. A flaw is present in the application, which improperly accesses objects in memory. Successful exploitation can corrupt memory in such a way that an attacker could execute arbitrary code in the context of the ...

oval:org.secpod.oval:def:34337
The host is installed with Internet Explorer 10 or 11 and is prone to an information disclosure vulnerability. A flaw is present in the application, which improperly handle file access permissions. Successful exploitation could allow an attacker to disclose the contents of arbitrary files on the use ...

oval:org.secpod.oval:def:34334
The host is installed with Microsoft Edge and is prone to a memory corruption vulnerability. A flaw is present in the application, which improperly accesses objects in memory. Successful exploitation can corrupt memory in such a way that an attacker could execute arbitrary code in the context of the ...

oval:org.secpod.oval:def:34335
The host is installed with Microsoft Edge and is prone to a memory corruption vulnerability. A flaw is present in the application, which improperly accesses objects in memory. Successful exploitation can corrupt memory in such a way that an attacker could execute arbitrary code in the context of the ...

oval:org.secpod.oval:def:34332
The host is missing an critical security update according to Microsoft security bulletin, MS16-052. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which improperly accesses objects in memory. Successful exploitation can corrupt memory in such a way ...

oval:org.secpod.oval:def:34333
The host is missing an critical security update according to Microsoft security bulletin, MS16-051. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which improperly accesses objects in memory. Successful exploitation can corrupt memory in such a way ...

oval:org.secpod.oval:def:34330
The host is missing an critical security update according to Microsoft security bulletin, MS16-065. The update is required to fix a TLS/SSL information disclosure vulnerability. A flaw is present in the TLS/SSL protocol, which fails to properly handle an injection of unencrypted data into the secure ...

oval:org.secpod.oval:def:34383
The host is missing a critical update according to Microsoft security bulletin, MS16-064. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to properly handle unknown vectors. Successful exploitation allows remote attackers to cause code ex ...

oval:org.secpod.oval:def:35610
The host is installed with Microsoft Windows Vista SP2, Windows Server 2008 SP2, Windows 7 SP1, Windows Server 2008 R2 SP1, Windows Server 2012, Windows 8.1, Windows Server 2012 R2 or Windows 10 and is prone to an elevation of privilege vulnerability. A flaw is present in the microsoft server messag ...

oval:org.secpod.oval:def:35607
The host is installed with Microsoft Edge on Windows 8.1, 10, Server 2012 or 2012 R2 and is prone to an information disclosure vulnerability. A flaw is present in the Microsoft Windows PDF Library, which fails to properly handle specially crafted .pdf file. An attacker who successfully exploited the ...

oval:org.secpod.oval:def:35608
The host is missing an important security update according to Microsoft security bulletin, MS16-080. The update is required to fix multiple information disclosure vulnerabilities. The flaws are present in the Microsoft Windows PDF Library, which fails to properly handle specially crafted .pdf file. ...

oval:org.secpod.oval:def:35606
The host is installed with Microsoft Edge on Windows 8.1, 10, Server 2012 or 2012 R2 and is prone to an information disclosure vulnerability. A flaw is present in the Microsoft Windows PDF Library, which fails to properly handle specially crafted .pdf file. An attacker who successfully exploited the ...

oval:org.secpod.oval:def:35609
The host is missing an important security update according to Microsoft security bulletin, MS16-075. The update is required to fix an elevation of privilege vulnerability. A flaw is present in the microsoft server message block, which fails to handle authentication request intended for another servi ...

oval:org.secpod.oval:def:35643
The host is installed with Adobe Flash Player before 18.0.0.360 or 19.x through 21.x before 22.0.0.192 and is prone to a memory corruption vulnerability. A flaw is present in the applications, which fail to handle unspecified vectors. Successful exploitation allow attackers to have code execution.

oval:org.secpod.oval:def:35641
The host is installed with Adobe Flash Player before 18.0.0.360 or 19.x through 21.x before 22.0.0.192 and is prone to a memory corruption vulnerability. A flaw is present in the applications, which fail to handle unspecified vectors. Successful exploitation allow attackers to have code execution.

oval:org.secpod.oval:def:35642
The host is installed with Adobe Flash Player before 18.0.0.360 or 19.x through 21.x before 22.0.0.192 and is prone to a memory corruption vulnerability. A flaw is present in the applications, which fail to handle unspecified vectors. Successful exploitation allow attackers to have code execution.

oval:org.secpod.oval:def:35629
The host is installed with Vbscript 5.7, Internet Explorer 7, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in VBScript engine, which improperly handles objects in memory in Internet Explorer. Successful exploitation could allow attackers to gain the same user righ ...

oval:org.secpod.oval:def:35627
The host is installed with Vbscript 5.7, Internet Explorer 7, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in VBScript engine, which improperly handles objects in memory in Internet Explorer. Successful exploitation could allow attackers to gain the same user righ ...

oval:org.secpod.oval:def:35628
The host is installed with Vbscript 5.7, Internet Explorer 7, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in VBScript engine, which improperly handles objects in memory in Internet Explorer. Successful exploitation could allow attackers to gain the same user righ ...

oval:org.secpod.oval:def:35625
The host is installed with Internet Explorer 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in VBScript engine, which improperly handles objects in memory in Internet Explorer. Successful exploitation could allow attackers to gain the same user rights as the current ...

oval:org.secpod.oval:def:35626
The host is installed with Internet Explorer 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in VBScript engine, which improperly handles objects in memory in Internet Explorer. Successful exploitation could allow attackers to gain the same user rights as the current ...

oval:org.secpod.oval:def:35623
The host is installed with Internet Explorer 11 and is prone to a memory corruption vulnerability. A flaw is present in VBScript engine, which improperly handles objects in memory in Internet Explorer. Successful exploitation could allow attackers to gain the same user rights as the current user, If ...

oval:org.secpod.oval:def:35624
The host is installed with Internet Explorer 10, 11 or Microsoft edge and is prone to a memory corruption vulnerability. A flaw is present in VBScript engine, which improperly handles objects in memory in Internet Explorer. Successful exploitation could allow attackers to gain the same user rights a ...

oval:org.secpod.oval:def:35621
The host is installed with Internet Explorer 9, 10 or 11 and is prone to a XSS filter vulnerability. A flaw is present in the application, which improperly validate JavaScript under specific conditions in Internet Explorer. Successful exploitation allow attackers to run arbitrary code with medium-in ...

oval:org.secpod.oval:def:35622
The host is installed with Internet Explorer 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in VBScript engine, which improperly handles objects in memory in Internet Explorer. Successful exploitation could allow attackers to gain the same user rights as the current ...

oval:org.secpod.oval:def:35620
The host is installed with Internet Explorer 9, 10 or 11 and is prone to an elevation of privilege vulnerability. A flaw is present in the application, where Web Proxy Auto Discovery (WPAD) protocol falls back to a vulnerable proxy discovery process. Successful exploitation could allow attackers to ...

oval:org.secpod.oval:def:35618
The host is installed with Microsoft Edge and is prone to a memory corruption vulnerability. A flaw is present in the application, which improperly handles objects in memory in Microsoft Edge. Successful exploitation could allow attackers to run arbitrary code in the context of the current user.

oval:org.secpod.oval:def:35619
The host is installed with Microsoft Edge and is prone to a security feature bypass vulnerability. A flaw is present in the Content Security Policy (CSP), which fails to properly validate certain specially crafted documents. Successful exploitation of this bypass could trick a user into loading a pa ...

oval:org.secpod.oval:def:35614
The host is missing an important security update according to Microsoft security bulletin, MS16-077. The update is required to fix multiple elevation of privilege vulnerabilities. The flaws are present in the application, which improperly handle certain proxy discovery scenarios using the Web Proxy ...

oval:org.secpod.oval:def:35615
The host is installed with Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Server 2012, Windows 8.1, Server 2012 R2 or Windows 10 and is prone to an elevation of privilege vulnerability. A flaw is present in the application, which improperly handle certain proxy discovery scen ...

oval:org.secpod.oval:def:35612
The host is missing a critical security update according to Microsoft security bulletin, MS16-068. The update is required to fix multiple vulnerabilities. The flaws are present in the Content Security Policy (CSP), which fails to properly validate certain specially crafted documents. Successful expl ...

oval:org.secpod.oval:def:35613
The host is missing a critical security update according to Microsoft security bulletin, MS16-063. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle objects in memory or Web Proxy Auto Discovery (WPAD) protocol. Successful exploit ...

oval:org.secpod.oval:def:35682
The host is missing a critical update according to Microsoft security bulletin, MS16-083. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fail to properly handle unknown vectors. Successful exploitation allows remote attackers to cause unspecif ...

oval:org.secpod.oval:def:35678
The host is installed with Microsoft Edge, IE10 or IE11 with Adobe Flash Player plugin before 22.0.0.192 and is prone to an unspecified vulnerability. A flaw is present in the applications, which fail to handle via unknown vectors. Successful exploitation allow attackers to have code execution.

oval:org.secpod.oval:def:35676
The host is installed with Adobe Flash Player before 18.0.0.360 or 19.x through 21.x before 22.0.0.192 and is prone to a memory corruption vulnerability. A flaw is present in the applications, which fail to handle via unknown vectors. Successful exploitation allow attackers to have code execution.

oval:org.secpod.oval:def:35677
The host is installed with Microsoft Edge, IE10 or IE11 with Adobe Flash Player plugin before 22.0.0.192 and is prone to an unspecified vulnerability. A flaw is present in the applications, which fail to handle via unknown vectors. Successful exploitation allow attackers to have code execution.

oval:org.secpod.oval:def:35674
The host is installed with Adobe Flash Player before 18.0.0.360 or 19.x through 21.x before 22.0.0.192 and is prone to a memory corruption vulnerability. A flaw is present in the applications, which fail to handle unspecified vectors. Successful exploitation allow attackers to have code execution.

oval:org.secpod.oval:def:35675
The host is installed with Adobe Flash Player before 18.0.0.360 or 19.x through 21.x before 22.0.0.192 and is prone to a memory corruption vulnerability. A flaw is present in the applications, which fail to handle unspecified vectors. Successful exploitation allow attackers to have code execution.

oval:org.secpod.oval:def:35672
The host is installed with Adobe Flash Player before 18.0.0.360 or 19.x through 21.x before 22.0.0.192 and is prone to a memory corruption vulnerability. A flaw is present in the applications, which fail to handle unspecified vectors. Successful exploitation allow attackers to have code execution.

oval:org.secpod.oval:def:35673
The host is installed with Adobe Flash Player before 18.0.0.360 or 19.x through 21.x before 22.0.0.192 and is prone to a memory corruption vulnerability. A flaw is present in the applications, which fail to handle unspecified vectors. Successful exploitation allow attackers to have code execution.

oval:org.secpod.oval:def:35670
The host is installed with Adobe Flash Player before 18.0.0.360 or 19.x through 21.x before 22.0.0.192 and is prone to a memory corruption vulnerability. A flaw is present in the applications, which fail to handle unspecified vectors. Successful exploitation allow attackers to have code execution.

oval:org.secpod.oval:def:35671
The host is installed with Adobe Flash Player before 18.0.0.360 or 19.x through 21.x before 22.0.0.192 and is prone to a memory corruption vulnerability. A flaw is present in the applications, which fail to handle unspecified vectors. Successful exploitation allow attackers to have code execution.

oval:org.secpod.oval:def:35669
The host is installed with Adobe Flash Player before 18.0.0.360 or 19.x through 21.x before 22.0.0.192 and is prone to a memory corruption vulnerability. A flaw is present in the applications, which fail to handle unspecified vectors. Successful exploitation allow attackers to have code execution.

oval:org.secpod.oval:def:35667
The host is installed with Adobe Flash Player before 18.0.0.360 or 19.x through 21.x before 22.0.0.192 and is prone to a type confusion vulnerability. A flaw is present in the applications, which fail to handle unspecified vectors. Successful exploitation allow attackers to have code execution.

oval:org.secpod.oval:def:35668
The host is installed with Adobe Flash Player before 18.0.0.360 or 19.x through 21.x before 22.0.0.192 and is prone to a memory corruption vulnerability. A flaw is present in the applications, which fail to handle unspecified vectors. Successful exploitation allow attackers to have code execution.

oval:org.secpod.oval:def:35665
The host is installed with Adobe Flash Player before 18.0.0.360 or 19.x through 21.x before 22.0.0.192 and is prone to an use-after-free vulnerability. A flaw is present in the applications, which fail to handle unspecified vectors. Successful exploitation allow attackers to have code execution.

oval:org.secpod.oval:def:35666
The host is installed with Adobe Flash Player before 18.0.0.360 or 19.x through 21.x before 22.0.0.192 and is prone to an use-after-free vulnerability. A flaw is present in the applications, which fail to handle unspecified vectors. Successful exploitation allow attackers to have code execution.

oval:org.secpod.oval:def:35663
The host is installed with Adobe Flash Player before 18.0.0.360 or 19.x through 21.x before 22.0.0.192 and is prone to an use-after-free vulnerability. A flaw is present in the applications, which fail to handle unspecified vectors. Successful exploitation allow attackers to have code execution.

oval:org.secpod.oval:def:35664
The host is installed with Adobe Flash Player before 18.0.0.360 or 19.x through 21.x before 22.0.0.192 and is prone to an use-after-free vulnerability. A flaw is present in the applications, which fail to handle unspecified vectors. Successful exploitation allow attackers to have code execution.

oval:org.secpod.oval:def:35661
The host is installed with Adobe Flash Player before 18.0.0.360 or 19.x through 21.x before 22.0.0.192 and is prone to an use-after-free vulnerability. A flaw is present in the applications, which fail to handle unspecified vectors. Successful exploitation allow attackers to have code execution.

oval:org.secpod.oval:def:35662
The host is installed with Adobe Flash Player before 18.0.0.360 or 19.x through 21.x before 22.0.0.192 and is prone to a type confusion vulnerability. A flaw is present in the applications, which fail to handle unspecified vectors. Successful exploitation allow attackers to have code execution.

oval:org.secpod.oval:def:35660
The host is installed with Adobe Flash Player before 18.0.0.360 or 19.x through 21.x before 22.0.0.192 and is prone to an use-after-free vulnerability. A flaw is present in the applications, which fail to handle unspecified vectors. Successful exploitation allow attackers to have code execution.

oval:org.secpod.oval:def:35658
The host is installed with Adobe Flash Player before 18.0.0.360 or 19.x through 21.x before 22.0.0.192 and is prone to a directory traversal vulnerability. A flaw is present in the applications, which fail to handle unspecified vectors. Successful exploitation allow attackers to have code execution.

oval:org.secpod.oval:def:35659
The host is installed with Adobe Flash Player before 18.0.0.360 or 19.x through 21.x before 22.0.0.192 and is prone to a memory corruption vulnerability. A flaw is present in the applications, which fail to handle unspecified vectors. Successful exploitation allow attackers to have code execution.

oval:org.secpod.oval:def:35656
The host is installed with Adobe Flash Player before 18.0.0.360 or 19.x through 21.x before 22.0.0.192 and is prone to a heap based buffer overflow vulnerability. A flaw is present in the applications, which fail to handle unspecified vectors. Successful exploitation allow attackers to have code exe ...

oval:org.secpod.oval:def:35657
The host is installed with Adobe Flash Player before 18.0.0.360 or 19.x through 21.x before 22.0.0.192 and is prone to a same-origin-policy bypass vulnerability. A flaw is present in the applications, which fail to handle unspecified vectors. Successful exploitation allow attackers lead to informati ...

oval:org.secpod.oval:def:35654
The host is installed with Adobe Flash Player before 18.0.0.360 or 19.x through 21.x before 22.0.0.192 and is prone to a heap based buffer overflow vulnerability. A flaw is present in the applications, which fail to handle unspecified vectors. Successful exploitation allow attackers to have code exe ...

oval:org.secpod.oval:def:35655
The host is installed with Adobe Flash Player before 18.0.0.360 or 19.x through 21.x before 22.0.0.192 and is prone to a memory corruption vulnerability. A flaw is present in the applications, which fail to handle unspecified vectors. Successful exploitation allow attackers to have code execution.

oval:org.secpod.oval:def:35652
The host is installed with Adobe Flash Player before 18.0.0.360 or 19.x through 21.x before 22.0.0.192 and is prone to a memory corruption vulnerability. A flaw is present in the applications, which fail to handle unspecified vectors. Successful exploitation allow attackers to have code execution.

oval:org.secpod.oval:def:35653
The host is installed with Adobe Flash Player before 18.0.0.360 or 19.x through 21.x before 22.0.0.192 and is prone to a heap based buffer overflow vulnerability. A flaw is present in the applications, which fail to handle unspecified vectors. Successful exploitation allow attackers to have code exe ...

oval:org.secpod.oval:def:35650
The host is installed with Adobe Flash Player before 18.0.0.360 or 19.x through 21.x before 22.0.0.192 and is prone to a memory corruption vulnerability. A flaw is present in the applications, which fail to handle unspecified vectors. Successful exploitation allow attackers to have code execution.

oval:org.secpod.oval:def:35651
The host is installed with Adobe Flash Player before 18.0.0.360 or 19.x through 21.x before 22.0.0.192 and is prone to a memory corruption vulnerability. A flaw is present in the applications, which fail to handle unspecified vectors. Successful exploitation allow attackers to have code execution.

oval:org.secpod.oval:def:35649
The host is installed with Adobe Flash Player before 18.0.0.360 or 19.x through 21.x before 22.0.0.192 and is prone to a memory corruption vulnerability. A flaw is present in the applications, which fail to handle unspecified vectors. Successful exploitation allow attackers to have code execution.

oval:org.secpod.oval:def:35647
The host is installed with Adobe Flash Player before 18.0.0.360 or 19.x through 21.x before 22.0.0.192 and is prone to a memory corruption vulnerability. A flaw is present in the applications, which fail to handle unspecified vectors. Successful exploitation allow attackers to have code execution.

oval:org.secpod.oval:def:35648
The host is installed with Adobe Flash Player before 18.0.0.360 or 19.x through 21.x before 22.0.0.192 and is prone to a memory corruption vulnerability. A flaw is present in the applications, which fail to handle unspecified vectors. Successful exploitation allow attackers to have code execution.

oval:org.secpod.oval:def:35645
The host is installed with Adobe Flash Player before 18.0.0.360 or 19.x through 21.x before 22.0.0.192 and is prone to a memory corruption vulnerability. A flaw is present in the applications, which fail to handle unspecified vectors. Successful exploitation allow attackers to have code execution.

oval:org.secpod.oval:def:35646
The host is installed with Adobe Flash Player before 18.0.0.360 or 19.x through 21.x before 22.0.0.192 and is prone to a memory corruption vulnerability. A flaw is present in the applications, which fail to handle unspecified vectors. Successful exploitation allow attackers to have code execution.

oval:org.secpod.oval:def:35644
The host is installed with Adobe Flash Player before 18.0.0.360 or 19.x through 21.x before 22.0.0.192 and is prone to a memory corruption vulnerability. A flaw is present in the applications, which fail to handle unspecified vectors. Successful exploitation allow attackers to have code execution.

oval:org.secpod.oval:def:35865
The host is installed with Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Server 2012, Windows 8.1, Server 2012 R2 or Windows 10 and is prone to an information disclosure vulnerability. A flaw is present in the Windows GDI component, which improperly discloses kernel memory a ...

oval:org.secpod.oval:def:35866
The host is missing an important security update according to Microsoft bulletin, MS16-090. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which improperly handles kernel memory. An attacker who successfully exploited these vulnerabilities could obt ...

oval:org.secpod.oval:def:35863
The host is installed with Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Server 2012, Windows 8.1, Server 2012 R2 or Windows 10 and is prone to an elevation of privilege vulnerability. A flaw is present in the Windows Kernel, which fails to properly handle objects in memory. ...

oval:org.secpod.oval:def:35864
The host is installed with Windows Server 2012 or Windows 10 and is prone to an elevation of privilege vulnerability. A flaw is present in the Windows Kernel, which fails to properly handle objects in memory. An attacker who successfully exploited these vulnerability could run arbitrary code in kern ...

oval:org.secpod.oval:def:35861
The host is installed with Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Server 2012, Windows 8.1, Server 2012 R2 or Windows 10 and is prone to an elevation of privilege vulnerability. A flaw is present in the Windows Kernel, which fails to properly handle objects in memory. ...

oval:org.secpod.oval:def:35862
The host is installed with Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Server 2012, Windows 8.1, Server 2012 R2 or Windows 10 and is prone to an elevation of privilege vulnerability. A flaw is present in the Windows Kernel, which fails to properly handle objects in memory. ...

oval:org.secpod.oval:def:35860
The host is installed with Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Server 2012, Windows 8.1, Server 2012 R2 or Windows 10 and is prone to an elevation of privilege vulnerability. A flaw is present in the Windows Kernel, which fails to properly handle objects in memory. ...

oval:org.secpod.oval:def:35858
The host is installed with Microsoft Windows 10 and is prone to an information disclosure vulnerability. A flaw is present in Windows Secure Kernel Mode, which improperly handles objects in memory. Successful exploitation allows attacker to read sensitive information on the target system.

oval:org.secpod.oval:def:35859
The host is missing an important security update according to Microsoft bulletin, MS16-089. The update is required to fix an information disclosure vulnerability. A flaw is present in Windows Secure Kernel Mode, which improperly handles objects in memory. Successful exploitation allows attacker to r ...

oval:org.secpod.oval:def:35898
The host is installed with Adobe Flash Player before 18.0.0.366 or 19.x through 21.x before 22.0.0.209 or Microsoft IE10 or IE11 or microsoft edge and is prone to a use-after-free vulnerability. A flaw is present in the applications, which fail to handle unspecified vectors. Successful exploitation ...

oval:org.secpod.oval:def:35899
The host is installed with Adobe Flash Player before 18.0.0.366 or 19.x through 21.x before 22.0.0.209 or Microsoft IE10 or IE11 or microsoft edge and is prone to a use-after-free vulnerability. A flaw is present in the applications, which fail to handle unspecified vectors. Successful exploitation ...

oval:org.secpod.oval:def:35896
The host is installed with Adobe Flash Player before 18.0.0.366 or 19.x through 21.x before 22.0.0.209 or Microsoft IE10 or IE11 or microsoft edge and is prone to a use-after-free vulnerability. A flaw is present in the applications, which fail to handle unspecified vectors. Successful exploitation ...

oval:org.secpod.oval:def:35897
The host is installed with Adobe Flash Player before 18.0.0.366 or 19.x through 21.x before 22.0.0.209 or Microsoft IE10 or IE11 or microsoft edge and is prone to a use-after-free vulnerability. A flaw is present in the applications, which fail to handle unspecified vectors. Successful exploitation ...

oval:org.secpod.oval:def:35894
The host is installed with Adobe Flash Player before 18.0.0.366 or 19.x through 21.x before 22.0.0.209 or Microsoft IE10 or IE11 or microsoft edge and is prone to a use-after-free vulnerability. A flaw is present in the applications, which fail to handle unspecified vectors. Successful exploitation ...

oval:org.secpod.oval:def:35895
The host is installed with Adobe Flash Player before 18.0.0.366 or 19.x through 21.x before 22.0.0.209 or Microsoft IE10 or IE11 or microsoft edge and is prone to a use-after-free vulnerability. A flaw is present in the applications, which fail to handle unspecified vectors. Successful exploitation ...

oval:org.secpod.oval:def:35892
The host is installed with Adobe Flash Player before 18.0.0.366 or 19.x through 21.x before 22.0.0.209 or Microsoft IE10 or IE11 or microsoft edge and is prone to a use-after-free vulnerability. A flaw is present in the applications, which fail to handle unspecified vectors. Successful exploitation ...

oval:org.secpod.oval:def:35893
The host is installed with Adobe Flash Player before 18.0.0.366 or 19.x through 21.x before 22.0.0.209 or Microsoft IE10 or IE11 or microsoft edge and is prone to a use-after-free vulnerability. A flaw is present in the applications, which fail to handle unspecified vectors. Successful exploitation ...

oval:org.secpod.oval:def:35891
The host is installed with Adobe Flash Player before 18.0.0.366 or 19.x through 21.x before 22.0.0.209 or Microsoft IE10 or IE11 or microsoft edge and is prone to a use-after-free vulnerability. A flaw is present in the applications, which fail to handle unspecified vectors. Successful exploitation ...

oval:org.secpod.oval:def:35883
The host is installed with Adobe Flash Player before 18.0.0.366 or 19.x through 21.x before 22.0.0.209 or Microsoft IE10 or IE11 or microsoft edge and is prone to a use-after-free vulnerability. A flaw is present in the applications, which fail to handle unspecified vectors. Successful exploitation ...

oval:org.secpod.oval:def:35880
The host is installed with Adobe Flash Player before 18.0.0.366 or 19.x through 21.x before 22.0.0.209 or Microsoft IE10 or IE11 or microsoft edge and is prone to a use-after-free vulnerability. A flaw is present in the applications, which fail to handle unspecified vectors. Successful exploitation ...

oval:org.secpod.oval:def:35877
The host is installed with Adobe Flash Player before 18.0.0.366 or 19.x through 21.x before 22.0.0.209 or Microsoft IE10 or IE11 or microsoft edge and is prone to a use-after-free vulnerability. A flaw is present in the applications, which fail to handle unspecified vectors. Successful exploitation ...

oval:org.secpod.oval:def:35874
The host is installed with Adobe Flash Player before 18.0.0.366 or 19.x through 21.x before 22.0.0.209 or Microsoft IE10 or IE11 or microsoft edge and is prone to a use-after-free vulnerability. A flaw is present in the applications, which fail to handle unspecified vectors. Successful exploitation ...

oval:org.secpod.oval:def:35872
The host is installed with Adobe Flash Player before 18.0.0.366 or 19.x through 21.x before 22.0.0.209 or Microsoft IE10 or IE11 or microsoft edge and is prone to a use-after-free vulnerability. A flaw is present in the applications, which fail to handle unspecified vectors. Successful exploitation ...

oval:org.secpod.oval:def:35873
The host is installed with Adobe Flash Player before 18.0.0.366 or 19.x through 21.x before 22.0.0.209 or Microsoft IE10 or IE11 or microsoft edge and is prone to a use-after-free vulnerability. A flaw is present in the applications, which fail to handle unspecified vectors. Successful exploitation ...

oval:org.secpod.oval:def:35870
The host is installed with Adobe Flash Player before 18.0.0.366 or 19.x through 21.x before 22.0.0.209 or Microsoft IE10 or IE11 or microsoft edge and is prone to a use-after-free vulnerability. A flaw is present in the applications, which fail to handle unspecified vectors. Successful exploitation ...

oval:org.secpod.oval:def:35871
The host is installed with Adobe Flash Player before 18.0.0.366 or 19.x through 21.x before 22.0.0.209 or Microsoft IE10 or IE11 or microsoft edge and is prone to a use-after-free vulnerability. A flaw is present in the applications, which fail to handle unspecified vectors. Successful exploitation ...

oval:org.secpod.oval:def:35869
The host is installed with Adobe Flash Player before 18.0.0.366 or 19.x through 21.x before 22.0.0.209 or Microsoft IE10 or IE11 or microsoft edge and is prone to a use-after-free vulnerability. A flaw is present in the applications, which fail to handle unspecified vectors. Successful exploitation ...

oval:org.secpod.oval:def:35868
The host is installed with Adobe Flash Player before 18.0.0.366 or 19.x through 21.x before 22.0.0.209 or Microsoft IE10 or IE11 or microsoft edge and is prone to a use-after-free vulnerability. A flaw is present in the applications, which fail to handle unspecified vectors. Successful exploitation ...

oval:org.secpod.oval:def:35924
The host is missing a critical security update according to Microsoft bulletin, MS16-085. The update is required to fix multiple vulnerabilities. The flaws are present in application, which improperly handles objects in memory in Internet Explorer. Successful exploitation could allow attackers to ga ...

oval:org.secpod.oval:def:35925
The host is missing a critical security update according to Microsoft bulletin, MS16-084. The update is required to fix multiple vulnerabilities. The flaws are present in application, which improperly handles objects in memory in Internet Explorer. Successful exploitation could allow attackers to ga ...

oval:org.secpod.oval:def:35922
The host is missing an important security update according to Microsoft bulletin, MS16-094. The update is required to fix a security feature vulnerability. A flaw is present in Windows Secure Boot, which improperly applies an affected policy. An attacker who successfully exploited this vulnerability ...

oval:org.secpod.oval:def:35920
The host is missing a critical security update according to Microsoft security bulletin, MS16-093. The update is required to fix multiple vulnerabilities. The flaws are present in the applications, which fail to handle unspecified vectors. Successful exploitation allows attackers to execute arbitrar ...

oval:org.secpod.oval:def:35921
The host is installed with Microsoft Windows 8.1, 10, Server 2012 or Server 2012 R2 and is prone to a security feature vulnerability. A flaw is present in Windows Secure Boot, which improperly applies an affected policy. An attacker who successfully exploited this vulnerability could disable code in ...

oval:org.secpod.oval:def:35916
The host is installed with Adobe Flash Player before 18.0.0.366 or 19.x through 21.x before 22.0.0.209 or Microsoft IE10 or IE11 or microsoft edge and is prone to a use-after-free vulnerability. A flaw is present in the applications, which fail to handle unspecified vectors. Successful exploitation ...

oval:org.secpod.oval:def:35917
The host is installed with Adobe Flash Player before 18.0.0.366 or 19.x through 21.x before 22.0.0.209 or Microsoft IE10 or IE11 or microsoft edge and is prone to a use-after-free vulnerability. A flaw is present in the applications, which fail to handle unspecified vectors. Successful exploitation ...

oval:org.secpod.oval:def:35918
The host is installed with Adobe Flash Player before 18.0.0.366 or 19.x through 21.x before 22.0.0.209 or Microsoft IE10 or IE11 or microsoft edge and is prone to a use-after-free vulnerability. A flaw is present in the applications, which fail to handle unspecified vectors. Successful exploitation ...

oval:org.secpod.oval:def:35900
The host is installed with Adobe Flash Player before 18.0.0.366 or 19.x through 21.x before 22.0.0.209 or Microsoft IE10 or IE11 or microsoft edge and is prone to a use-after-free vulnerability. A flaw is present in the applications, which fail to handle unspecified vectors. Successful exploitation ...

oval:org.secpod.oval:def:35901
The host is installed with Adobe Flash Player before 18.0.0.366 or 19.x through 21.x before 22.0.0.209 or Microsoft IE10 or IE11 or microsoft edge and is prone to a memory leak vulnerability. A flaw is present in the applications, which fail to handle unspecified vectors. Successful exploitation all ...

oval:org.secpod.oval:def:35930
The host is installed with Microsoft edge and is prone to a ASLR security feature bypass vulnerability. A flaw is present in applications, which improperly handles objects in memory in Internet Explorer. Successful exploitation could allow attackers to load additional malicious code in to the proces ...

oval:org.secpod.oval:def:35927
The host is installed with Microsoft edge and is prone to a memory corruption vulnerability. A flaw is present in edge, which improperly handles objects in memory. Successful exploitation could allow attackers to gain the same user rights as the current user, if the current user is logged on with ad ...

oval:org.secpod.oval:def:35928
The host is installed with Microsoft edge and is prone to a memory corruption vulnerability. A flaw is present in application, which improperly handles objects in memory. Successful exploitation could allow attackers to gain the same user rights as the current user, if the current user is logged on ...

oval:org.secpod.oval:def:35942
The host is installed with Internet Explorer 9, 10, 11 or Microsoft edge and is prone to a memory corruption vulnerability. A flaw is present in Internet Explorer, which improperly handles objects in memory. Successful exploitation could allow attackers to execute arbitrary code in the context of th ...

oval:org.secpod.oval:def:35940
The host is installed with Internet Explorer 11 or Microsoft edge and is prone to an information disclosure vulnerability. A flaw is present in applications, which improperly handles objects in memory in Internet Explorer. Successful exploitation could allow attackers to obtain information to furthe ...

oval:org.secpod.oval:def:35941
The host is installed with Internet Explorer 11 or Microsoft edge and is prone to a memory corruption vulnerability. A flaw is present in applications, which improperly handles objects in memory in Internet Explorer. Successful exploitation could allow attackers to gain the same user rights as the c ...

oval:org.secpod.oval:def:35937
The host is installed with Microsoft edge and is prone to a spoofing vulnerability. A flaw is present in application, which fails to properly parse HTML content. Successful exploitation could allow attackers to trick a user by redirecting the user to a specially crafted website.

oval:org.secpod.oval:def:35938
The host is installed with Internet Explorer 9, 10, 11 or Microsoft edge and is prone to an information disclosure vulnerability. A flaw is present in microsoft browser XSS filter, which fails to properly validate content under specific conditions. Successful exploitation could allow attackers to ru ...

oval:org.secpod.oval:def:35935
The host is installed with Internet Explorer 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in Internet Explorer, which improperly handles objects in memory. Successful exploitation could allow attackers to execute arbitrary code in the context of the current user o ...

oval:org.secpod.oval:def:35936
The host is installed with Internet Explorer 9, 10, 11 or Microsoft edge and is prone to a spoofing vulnerability. A flaw is present in microsoft browser, which fails to properly parse HTTP content. Successful exploitation could allow attackers to gain the same user rights as the current user, if th ...

oval:org.secpod.oval:def:35933
The host is installed with Internet Explorer 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in Internet Explorer, which improperly handles objects in memory. Successful exploitation could allow attackers to execute arbitrary code in the context of the current user o ...

oval:org.secpod.oval:def:35934
The host is installed with Internet Explorer 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in Internet Explorer, which improperly handles objects in memory. Successful exploitation could allow attackers to execute arbitrary code in the context of the current user o ...

oval:org.secpod.oval:def:35932
The host is installed with Internet Explorer 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in Internet Explorer, which improperly handles objects in memory. Successful exploitation could allow attackers to execute arbitrary code in the context of the current user or c ...

oval:org.secpod.oval:def:35939
The host is installed with Internet Explorer 9, 10, 11 or Microsoft edge and is prone to a memory corruption vulnerability. A flaw is present in applications, which improperly handles objects in memory in Internet Explorer. Successful exploitation could allow attackers to gain the same user rights a ...

oval:org.secpod.oval:def:35953
The host is missing a critical security update according to Microsoft security bulletin, MS16-087. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to execute arbitrary ...

oval:org.secpod.oval:def:35951
The host is installed with Microsoft Windows Vista, Windows 7, Windows 8.1, Windows 10, Windows Server 2008, Server 2008 R2, Server 2012 or Server 2012 R2 and is prone to a remote code execution vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful explo ...

oval:org.secpod.oval:def:35952
The host is installed with Microsoft Windows Vista, Windows 7, Windows 8.1, Windows 10, Windows Server 2008, Server 2008 R2, Server 2012 or Server 2012 R2 and is prone to an elevation privilege vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploi ...

oval:org.secpod.oval:def:35950
The host is installed with Windows 10 and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to properly handle certain page fault system calls. Successful exploitation could disclose information from one process to another.

oval:org.secpod.oval:def:35948
The host is missing an important security update according to Microsoft security bulletin, MS16-092. The update is required to fix an elevation of privilege vulnerability. A flaw is present in the application, which fails to properly handle low integrity application which can use certain object mana ...

oval:org.secpod.oval:def:35949
The host is installed with Server 2012, Windows 8.1, Server 2012 R2 or Windows 10 and is prone to a security feature bypass vulnerability. A flaw is present in the application, which fails to properly handle check time of use (TOCTOU) issues in file path-based checks from a low integrity application ...

oval:org.secpod.oval:def:35946
The host is installed with .NET Framework 2.0 SP2, 3.5.1, 4.5.2, 4.6 or 4.6.1 and is prone to an information disclosure vulnerability. A flaw is present in the application, which improperly parses XML input containing a reference to an external entity. Successful exploitation allows attackers to rea ...

oval:org.secpod.oval:def:35947
The host is missing an important security update according to Microsoft security bulletin, MS16-091. The update is required to fix an information disclosure vulnerability. A flaw is present in the application, which improperly parses XML input containing a reference to an external entity. Successful ...

oval:org.secpod.oval:def:35944
The host is installed with Internet Explorer 10, 11 or Microsoft edge and is prone to an information disclosure vulnerability. A flaw is present in applications, which improperly handles objects in memory in Internet Explorer. Successful exploitation could allow attackers to obtain information to fu ...

oval:org.secpod.oval:def:35945
The host is installed with Vbscript 5.7, Internet Explorer 7, 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in VBScript engine, which improperly handles objects in memory in Internet Explorer. Successful exploitation could allow attackers to corrupt memory, execute ...

oval:org.secpod.oval:def:35943
The host is installed with Internet Explorer 9, 10, 11 or Microsoft edge and is prone to a memory corruption vulnerability. A flaw is present in applications, which improperly handles objects in memory in Internet Explorer. Successful exploitation could allow attackers to gain the same user rights a ...

oval:org.secpod.oval:def:36757
The host is missing an important security update according to Microsoft security advisory, 3179528. The update is required to fix an information disclosure vulnerability. A flaw is present in the application, which improperly handles objects in memory. A locally-authenticated attacker who successful ...

oval:org.secpod.oval:def:36718
The host is installed with Windows 10 and is prone to an universal outlook information disclosure vulnerability. A flaw is present in the universal outlook, which fails to establish a secure connection. An attacker who successfully exploited this vulnerability could obtain the username and password ...

oval:org.secpod.oval:def:36717
The host is missing an important security update according to Microsoft bulletin, MS16-103. The update is required to fix an universal outlook information disclosure vulnerability. A flaw is present in the universal outlook, which fails to establish a secure connection. An attacker who successfully ...

oval:org.secpod.oval:def:36716
The host is missing an important security update according to Microsoft security bulletin, MS16-100. The update is required to fix a security feature bypass vulnerability. A flaw is present in the application, which fails to perform proper integrity checks. Successful exploitation could allow attack ...

oval:org.secpod.oval:def:36715
The host is installed with Microsoft Windows 8.1, 10, Server 2012 or Server 2012 R2 and is prone to a security feature bypass vulnerability. A flaw is present in the application, which fails to perform proper integrity checks. Successful exploitation could allow attackers to load a boot manager.

oval:org.secpod.oval:def:36713
The host is missing a critical security update according to Microsoft security bulletin, MS16-102. The update is required to fix a remote code execution vulnerability. A flaw is present in the Microsoft Windows PDF Library, which fails to properly handle objects in memory. An attacker who successful ...

oval:org.secpod.oval:def:36990
The host is missing an important security update according to Microsoft bulletin, MS16-113. The update is required to fix an information disclosure vulnerability. A flaw is present in the application, which fails to properly handle objects in memory. Successful exploitation could allow attackers to ...

oval:org.secpod.oval:def:36993
The host is installed with Windows Server 2012, Windows 8.1, Server 2012 R2 or Windows 10 and is prone to an elevation of privilege vulnerability. A flaw is present in the Windows Kernel, which fails to properly handle objects in memory. An attacker who successfully exploited these vulnerability cou ...

oval:org.secpod.oval:def:36991
The host is installed with Windows 10 and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to properly handle objects in memory. Successful exploitation could allow attackers to disclose sensitive information.

oval:org.secpod.oval:def:37054
The host is installed with Microsoft Windows 10 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could crash the system.

oval:org.secpod.oval:def:37477
The host is installed with Internet Explorer 11 and is prone to a memory corruption vulnerability. A flaw is present in the applications, which improperly handles objects in memory. Successful exploitation could allow attackers to gain the same user rights as the current user, if the current user is ...

oval:org.secpod.oval:def:37924
The host is installed with Microsoft Windows 10 and is prone to an information disclosure vulnerability. A flaw is present in the Windows Virtual Secure Mode, which fails to properly handle objects in memory. A locally-authenticated attacker who successfully exploited this vulnerability could be abl ...

oval:org.secpod.oval:def:39427
The host is installed with Microsoft Edge and is prone to a memory corruption vulnerability. A flaw is present in the applications, which improperly handles objects in memory. Successful exploitation could allow attackers to execute arbitrary code in the context of the current user.

oval:org.secpod.oval:def:39367
An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delet ...

oval:org.secpod.oval:def:39363
An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delet ...

oval:org.secpod.oval:def:39837
An elevation of privilege vulnerability exists when Microsoft Windows fails to properly sanitize handles in memory. An attacker who successfully exploited the vulnerability could run arbitrary code as System. An attacker could then install programs; view, change, or delete data; or create new accoun ...

oval:org.secpod.oval:def:39824
The host is missing an important security update KB4015221

oval:org.secpod.oval:def:40494
The host is missing an important security update KB4019474

oval:org.secpod.oval:def:40939
The host is missing an important security update KB4022727

oval:org.secpod.oval:def:41164
KB4032695 fixes non-security issues introduced in KB4022727

oval:org.secpod.oval:def:41215
An Denial Of Service vulnerability exists when Windows Explorer attempts to open a non-existent file.An attacker who successfully exploited this vulnerability could cause a denial of service.A attacker could exploit this vulnerability by hosting a specially crafted web site and convince a user to br ...

oval:org.secpod.oval:def:41242
The host is missing an important security update KB4025338

oval:org.secpod.oval:def:41682
The host is missing a critical security update KB4034668

oval:org.secpod.oval:def:42330
An information disclosure vulnerability exists in the Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (ASLR) bypass. An attacker who successfully exploited the vulnerability could retrieve the memory address of a kern ...

oval:org.secpod.oval:def:42351
The host is missing an important security update KB4042895

oval:org.secpod.oval:def:42038
The host is missing an important security update KB4038781

oval:org.secpod.oval:def:42750
The host is missing an important security update KB4048956

oval:org.secpod.oval:def:43896
The host is missing a critical security update for KB4074596

oval:org.secpod.oval:def:43418
The host is missing an important security update 4056893

oval:org.secpod.oval:def:44970
An information disclosure vulnerability exists when the Windows kernel fails to properly initialize a memory address. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. To exploit this vulnerability, an attacker would have to l ...

oval:org.secpod.oval:def:44974
An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. To exploit this vulnerability, an attacker would have to log on to ...

oval:org.secpod.oval:def:45000
The host is missing a critical security update for KB4093111

oval:org.secpod.oval:def:44641
The host is missing an important security update for KB4088786

oval:org.secpod.oval:def:45422
The host is missing an important security update for KB4103716

oval:org.secpod.oval:def:46050
The host is missing a critical security update for KB4284860

oval:org.secpod.oval:def:46372
An elevation of privilege vulnerability exists when Windows fails a check, allowing a sandbox escape. An attacker who successfully exploited the vulnerability could use the sandbox escape to elevate privileges on an affected system. This vulnerability by itself does not allow arbitrary code executi ...

oval:org.secpod.oval:def:47165
The host is missing an important security update for KB4343892

oval:org.secpod.oval:def:47455
An information disclosure vulnerability exists in the way that the Microsoft Server Message Block 2.0 (SMBv2) server handles certain requests. An attacker who successfully exploited this vulnerability could craft a special packet, which could lead to information disclosure from the server. To exploi ...

oval:org.secpod.oval:def:46415
The host is missing an important security update for KB4338829

oval:org.secpod.oval:def:49747
The host is missing an important security update for KB4471323

oval:org.secpod.oval:def:47937
The host is missing a critical security update for KB4462922

oval:org.secpod.oval:def:50004
The host is missing a critical security update for KB4483228

oval:org.secpod.oval:def:49150
The host is missing an important security update for KB4467680

oval:org.secpod.oval:def:47490
The host is missing a critical security update for KB4457132

oval:org.secpod.oval:def:50132
The host is missing an important security update for KB4480962

oval:org.secpod.oval:def:50748
The host is missing an important security update for KB4487018

oval:org.secpod.oval:def:51410
The host is missing an critical security update for KB4489872

oval:org.secpod.oval:def:54202
The host is missing an important security update for KB4493475

oval:org.secpod.oval:def:54744
The host is missing an important security update for KB4499154

oval:org.secpod.oval:def:55418
An elevation of privilege vulnerability exists in the way that the Windows Network File System (NFS) handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.To exploit the vulnerability, a locally authenticated attacker could r ...

oval:org.secpod.oval:def:55439
The host is missing a critical security update for KB4503291

oval:org.secpod.oval:def:57947
The host is missing an important security update for KB4512497

oval:org.secpod.oval:def:58757
The host is missing a critical security update 4522009

oval:org.secpod.oval:def:58973
The host is missing an important security update for KB4520011

oval:org.secpod.oval:def:59658
An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new a ...

oval:org.secpod.oval:def:58513
The host is missing an important security update for KB4516070

oval:org.secpod.oval:def:59908
The host is missing an important security update for KB4530681

oval:org.secpod.oval:def:59685
An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delet ...

oval:org.secpod.oval:def:60680
The host is missing an important security update for KB4534306

oval:org.secpod.oval:def:59712
The host is missing an important security update for KB4525232

oval:org.secpod.oval:def:61334
The host is missing an important security update 4502496.

oval:org.secpod.oval:def:61360
The host is missing an important security update for KB4537776

oval:org.secpod.oval:def:61939
The host is missing a critical security update for KB4540693

oval:org.secpod.oval:def:62558
The host is missing a critical security update for KB4550930

oval:org.secpod.oval:def:63188
The host is missing a critical security update for KB4556826

oval:org.secpod.oval:def:63792
The host is missing an important security update for KB4561649

oval:org.secpod.oval:def:64351
The host is missing a critical security update for KB4565513

oval:org.secpod.oval:def:65075
The host is missing a critical security update for KB4571692

oval:org.secpod.oval:def:65518
The host is missing an important security update for KB4577049

oval:org.secpod.oval:def:66940
The host is missing an important security update for KB4586787

oval:org.secpod.oval:def:66150
The host is missing an important security update for KB4580327

oval:org.secpod.oval:def:67707
The host is missing an important security update for KB4592464

oval:org.secpod.oval:def:68246
The host is missing an important security update for KB4598231

oval:org.secpod.oval:def:70052
The host is missing an important security update for KB5000807

oval:org.secpod.oval:def:69084
The host is missing an important security update for KB4601331

oval:org.secpod.oval:def:71870
The host is missing a critical security update for KB5003172

oval:org.secpod.oval:def:71062
The host is missing a critical security update for KB5001340

oval:org.secpod.oval:def:73282
The host is missing a critical security update for KB5003687

oval:org.secpod.oval:def:73843
The host is missing a critical security update for KB5004249

oval:org.secpod.oval:def:74336
The host is missing a critical security update for KB5005040

oval:org.secpod.oval:def:76471
The host is missing a critical security update for KB5008230

oval:org.secpod.oval:def:75362
The host is missing an important security update for KB5006675

oval:org.secpod.oval:def:74934
The host is missing a critical security update for KB5005569

oval:org.secpod.oval:def:75845
The host is missing a critical security update for KB5007207

oval:org.secpod.oval:def:77082
Windows Extensible Firmware Interface Security Feature Bypass Vulnerability

oval:org.secpod.oval:def:77169
The host is missing a critical security update for KB5009585

oval:org.secpod.oval:def:78084
The host is missing an important security update for KB5011491

oval:org.secpod.oval:def:77687
The host is missing an important security update for KB5010358

oval:org.secpod.oval:def:80003
The host is missing a critical security update for KB5013963

oval:org.secpod.oval:def:78851
The host is missing an important security update KB5012653

oval:org.secpod.oval:def:81947
The host is missing a critical security update for KB5015832

oval:org.secpod.oval:def:81564
The host is missing a critical security update for KB5014710

oval:org.secpod.oval:def:83879
The host is missing a critical security update for KB5017327

oval:org.secpod.oval:def:82715
The host is missing a critical security update for KB5016639

oval:org.secpod.oval:def:86156
The host is missing a critical security update for KB5021243

oval:org.secpod.oval:def:86694
Windows Installer Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

oval:org.secpod.oval:def:87497
Windows MSHTML Platform Remote Code Execution Vulnerability

oval:org.secpod.oval:def:87498
Windows Distributed File System (DFS) Remote Code Execution Vulnerability. Successful exploitation of this vulnerability requires that an attacker will need to first gain access to the restricted network before running an attack.

oval:org.secpod.oval:def:87496
Microsoft PostScript Printer Driver Remote Code Execution Vulnerability

oval:org.secpod.oval:def:87493
Microsoft ODBC Driver Remote Code Execution Vulnerability. An attacker could exploit the vulnerability by tricking an authenticated user into attempting to connect to a malicious SQL server via ODBC, which could result in the server receiving a malicious networking packet. This could allow the attac ...

oval:org.secpod.oval:def:87494
Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability. An attacker could exploit the vulnerability by tricking an authenticated user into attempting to connect to a malicious SQL server via OLEDB, which could result in the server receiving a malicious networking packet. T ...

oval:org.secpod.oval:def:87491
Microsoft Protected Extensible Authentication Protocol (PEAP) Denial of Service Vulnerability

oval:org.secpod.oval:def:87492
Microsoft ODBC Driver Remote Code Execution Vulnerability. An attacker could exploit the vulnerability by tricking an authenticated user into attempting to connect to a malicious SQL server via ODBC, which could result in the server receiving a malicious networking packet. This could allow the attac ...

oval:org.secpod.oval:def:87490
Microsoft Protected Extensible Authentication Protocol (PEAP) Remote Code Execution Vulnerability. An authenticated attacker could attack a Microsoft Protected Extensible Authentication Protocol (PEAP) Server by sending specially crafted malicious PEAP packets over the network.

oval:org.secpod.oval:def:87488
Microsoft Protected Extensible Authentication Protocol (PEAP) Remote Code Execution Vulnerability. An unauthenticated attacker could attack a Microsoft Protected Extensible Authentication Protocol (PEAP) Server by sending specially crafted malicious PEAP packets over the network.

oval:org.secpod.oval:def:87489
Microsoft PostScript Printer Driver Information Disclosure Vulnerability. An attacker who successfully exploited the vulnerability could potentially read small portions of heap memory.

oval:org.secpod.oval:def:87486
Microsoft Protected Extensible Authentication Protocol (PEAP) Remote Code Execution Vulnerability. An unauthenticated attacker could attack a Microsoft Protected Extensible Authentication Protocol (PEAP) Server by sending specially crafted malicious PEAP packets over the network.

oval:org.secpod.oval:def:87487
Microsoft Protected Extensible Authentication Protocol (PEAP) Information Disclosure Vulnerability. An attacker who successfully exploited this vulnerability could view heap memory from a privileged process running on the server.

oval:org.secpod.oval:def:87484
NT OS Kernel Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

oval:org.secpod.oval:def:87485
Microsoft Protected Extensible Authentication Protocol (PEAP) Remote Code Execution Vulnerability. On Successful exploitation, attacker could target the server accounts in an arbitrary or remote code execution and attempt to trigger malicious code in the context of the server's account through a net ...

oval:org.secpod.oval:def:87482
Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability. An attacker could exploit the vulnerability by tricking an authenticated user into attempting to connect to a malicious SQL server via OLEDB, which could result in the server receiving a malicious networking packet. T ...

oval:org.secpod.oval:def:87483
Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability. An attacker could exploit the vulnerability by tricking an authenticated user into attempting to connect to a malicious SQL server via OLEDB, which could result in the server receiving a malicious networking packet. T ...

oval:org.secpod.oval:def:87481
Microsoft PostScript Printer Driver Remote Code Execution Vulnerability. An authenticated attacker could send a specially crafted file to a shared printer. This could result in arbitrary code execution on the system that is sharing the printer

oval:org.secpod.oval:def:87516
Windows Graphics Component Remote Code Execution Vulnerability. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

oval:org.secpod.oval:def:87517
Windows Common Log File System Driver Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

oval:org.secpod.oval:def:87515
Windows Graphics Component Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

oval:org.secpod.oval:def:87512
Windows Kerberos Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

oval:org.secpod.oval:def:87513
Windows Secure Channel Denial of Service Vulnerability

oval:org.secpod.oval:def:87510
Windows Secure Channel Denial of Service Vulnerability

oval:org.secpod.oval:def:87511
Windows Active Directory Domain Services API Denial of Service Vulnerability

oval:org.secpod.oval:def:87509
Windows Common Log File System Driver Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

oval:org.secpod.oval:def:87507
Windows Graphics Component Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

oval:org.secpod.oval:def:87508
Windows iSCSI Service Denial of Service Vulnerability

oval:org.secpod.oval:def:87505
Windows Media Remote Code Execution Vulnerability. The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally.

oval:org.secpod.oval:def:87503
Windows iSCSI Discovery Service Denial of Service Vulnerability. An attacker could impact availability of the service resulting in "denial of service"[DOS].

oval:org.secpod.oval:def:87504
Windows iSCSI Service Denial of Service Vulnerability

oval:org.secpod.oval:def:87501
Windows Internet Storage Name Service (iSNS) Server Information Disclosure Vulnerability. An attacker who successfully exploited this vulnerability could view heap memory from a privileged process running on the server.

oval:org.secpod.oval:def:87502
Windows Internet Storage Name Service (iSNS) Server Information Disclosure Vulnerability. An attacker who successfully exploited the vulnerability could potentially read User Mode Service Memory.

oval:org.secpod.oval:def:87500
Windows Fax Service Remote Code Execution Vulnerability. Successful exploitation of this vulnerability requires an attacker to compromise admin credentials on the device. Successful exploitation of this vulnerability requires that an attacker will need to first gain access to the restricted network ...

oval:org.secpod.oval:def:88099
Remote Procedure Call Runtime Remote Code Execution Vulnerability. To exploit this vulnerability, an unauthenticated attacker would need to send a specially crafted RPC call to an RPC host. This could result in remote code execution on the server side with the same permissions as the RPC service.

oval:org.secpod.oval:def:88063
Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability. An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory.

oval:org.secpod.oval:def:88064
Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability. An authenticated attacker with normal privileges could send a modified XPS file to a shared printer, which can result in a remote code execution.

oval:org.secpod.oval:def:88061
Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability

oval:org.secpod.oval:def:88062
Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability. Successful exploitation of this vulnerability requires an attacker to prepare the target environment to improve exploit reliability.

oval:org.secpod.oval:def:88060
Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability. An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory.

oval:org.secpod.oval:def:88058
Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability. An authenticated attacker with normal privileges could send a modified XPS file to a shared printer, which can result in a remote code execution.

oval:org.secpod.oval:def:88059
Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability. Successful exploitation of this vulnerability requires an attacker to prepare the target environment to improve exploit reliability.

oval:org.secpod.oval:def:88056
Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability. An authenticated attacker with normal privileges could send a modified XPS file to a shared printer, which can result in a remote code execution.

oval:org.secpod.oval:def:88057
Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability. An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory.

oval:org.secpod.oval:def:88054
Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability. An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory.

oval:org.secpod.oval:def:88055
Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability. Successful exploitation of this vulnerability requires an attacker to prepare the target environment to improve exploit reliability.

oval:org.secpod.oval:def:88052
Microsoft PostScript and PCL6 Class Printer Driver Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

oval:org.secpod.oval:def:88053
Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability. An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory.

oval:org.secpod.oval:def:88050
Windows Internet Key Exchange (IKE) Extension Denial of Service Vulnerability

oval:org.secpod.oval:def:88051
Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability. An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory.

oval:org.secpod.oval:def:88049
Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability. An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory.

oval:org.secpod.oval:def:88047
Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability. An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory.

oval:org.secpod.oval:def:88048
Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability. An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory.

oval:org.secpod.oval:def:88043
Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability. Successful exploitation of this vulnerability requires an attacker to prepare the target environment to improve exploit reliability.

oval:org.secpod.oval:def:88041
Windows HTTP.sys Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

oval:org.secpod.oval:def:88042
Windows Hyper-V Denial of Service Vulnerability. Successful exploitation of this vulnerability could allow a Hyper-V guest to affect the functionality of the Hyper-V host.

oval:org.secpod.oval:def:88040
Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability. An authenticated attacker with normal privileges could send a modified XPS file to a shared printer, which can result in a remote code execution.

oval:org.secpod.oval:def:88038
Windows Media Remote Code Execution Vulnerability. The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally.

oval:org.secpod.oval:def:88039
Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability. An authenticated attacker with normal privileges could send a modified XPS file to a shared printer, which can result in a remote code execution.

oval:org.secpod.oval:def:88037
Windows Media Remote Code Execution Vulnerability. The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally.

oval:org.secpod.oval:def:88100
Windows Point-to-Point Protocol over Ethernet (PPPoE) Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

oval:org.secpod.oval:def:88122
Remote Procedure Call Runtime Remote Code Execution Vulnerability. To exploit this vulnerability, an unauthenticated attacker would need to send a specially crafted RPC call to an RPC host. This could result in remote code execution on the server side with the same permissions as the RPC service.

oval:org.secpod.oval:def:88123
Windows Graphics Component Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

oval:org.secpod.oval:def:88119
Remote Procedure Call Runtime Remote Code Execution Vulnerability. To exploit this vulnerability, an unauthenticated attacker would need to send a specially crafted RPC call to an RPC host. This could result in remote code execution on the server side with the same permissions as the RPC service.

oval:org.secpod.oval:def:88117
Windows Graphics Component Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain specific limited SYSTEM privileges.

oval:org.secpod.oval:def:88118
Windows Secure Channel Denial of Service Vulnerability

oval:org.secpod.oval:def:88115
Windows Kernel Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

oval:org.secpod.oval:def:88116
Windows Kernel Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

oval:org.secpod.oval:def:88113
Windows Kernel Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

oval:org.secpod.oval:def:88114
Windows Kernel Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

oval:org.secpod.oval:def:88111
Internet Control Message Protocol (ICMP) Remote Code Execution Vulnerability. An attacker could send a low-level protocol error containing a fragmented IP packet inside another ICMP packet in its header to the target machine. To trigger the vulnerable code path, an application on the target must be ...

oval:org.secpod.oval:def:88112
Windows Cryptographic Services Remote Code Execution Vulnerability. An attacker could upload a certificate to a service that processes or imports certificates, or an attacker could convince an authenticated user to import a certificate on their system.

oval:org.secpod.oval:def:88110
Windows Point-to-Point Protocol over Ethernet (PPPoE) Remote Code Execution Vulnerability. Successful exploitation of this vulnerability requires an attacker to win a race condition.

oval:org.secpod.oval:def:88108
Client Server Run-Time Subsystem (CSRSS) Information Disclosure Vulnerability. An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory.

oval:org.secpod.oval:def:88109
Windows Accounts Picture Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

oval:org.secpod.oval:def:88106
Remote Procedure Call Runtime Remote Code Execution Vulnerability. To exploit this vulnerability, an unauthenticated attacker would need to send a specially crafted RPC call to an RPC host. This could result in remote code execution on the server side with the same permissions as the RPC service.

oval:org.secpod.oval:def:88107
Windows Point-to-Point Protocol over Ethernet (PPPoE) Remote Code Execution Vulnerability. Successful exploitation of this vulnerability requires an attacker to win a race condition.

oval:org.secpod.oval:def:88104
Client Server Run-Time Subsystem (CSRSS) Information Disclosure Vulnerability. An attacker who successfully exploited this vulnerability could view heap memory from a privileged process running on the server.

oval:org.secpod.oval:def:88105
Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability. Successful exploitation of this vulnerability requires an attacker to win a race condition.

oval:org.secpod.oval:def:89701
Win32k Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

oval:org.secpod.oval:def:89700
Windows MSHTML Platform Security Feature Bypass Vulnerability. An attacker can craft a malicious URL that would evade zone checks, resulting in a limited loss of integrity and availability of the victim machine.

oval:org.secpod.oval:def:89719
Windows OLE Remote Code Execution Vulnerability. Successful exploitation of this vulnerability requires an attacker to win a race condition and also to take additional actions prior to exploitation to prepare the target environment. In an email attack scenario, an attacker could exploit the vulnerab ...

oval:org.secpod.oval:def:89718
Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability. Successful exploitation of this vulnerability requires an attacker to win a race condition. An unauthenticated attacker who successfully exploited this vulnerability could gain code execution through a speciall ...

oval:org.secpod.oval:def:89717
Windows Backup Service Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

oval:org.secpod.oval:def:89716
Windows iSCSI Target Service Information Disclosure Vulnerability. Exploiting this vulnerability could allow the disclosure of initialized or uninitialized memory in the process heap.

oval:org.secpod.oval:def:89715
Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability. When Windows Message Queuing service is running in a PGM Server environment, an attacker could send a specially crafted file over the network to achieve remote code execution and attempt to trigger malicious code.

oval:org.secpod.oval:def:89714
Remote Procedure Call Runtime Denial of Service Vulnerability

oval:org.secpod.oval:def:89713
Windows Pragmatic General Multicast (PGM) Denial of Service Vulnerability

oval:org.secpod.oval:def:89699
Windows Driver Revocation List Security Feature Bypass Vulnerability. An attacker who successfully exploited this vulnerability could bypass the revocation list feature by modifying it and therefore impact the integrity of that list.

oval:org.secpod.oval:def:89697
Windows Bluetooth Driver Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

oval:org.secpod.oval:def:89693
Server for NFS Denial of Service Vulnerability

oval:org.secpod.oval:def:89690
Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability. Successful exploitation of this vulnerability requires an attacker to win a race condition. To exploit this vulnerability, an attacker would need to send a specially crafted malicious SSTP packet to a SSTP server. T ...

oval:org.secpod.oval:def:89688
Windows NFS Portmapper Information Disclosure Vulnerability. An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory.

oval:org.secpod.oval:def:89687
Windows NTLM Security Support Provider Information Disclosure Vulnerability. Successful exploitation of this vulnerability requires an attacker to prepare the target environment to improve exploit reliability.

oval:org.secpod.oval:def:90742
Remote Procedure Call Runtime Denial of Service Vulnerability

oval:org.secpod.oval:def:90741
Remote Procedure Call Runtime Denial of Service Vulnerability

oval:org.secpod.oval:def:90744
Remote Procedure Call Runtime Denial of Service Vulnerability

oval:org.secpod.oval:def:90743
Remote Procedure Call Runtime Denial of Service Vulnerability

oval:org.secpod.oval:def:90746
Remote Procedure Call Runtime Denial of Service Vulnerability

oval:org.secpod.oval:def:90745
Remote Procedure Call Runtime Denial of Service Vulnerability

oval:org.secpod.oval:def:90748
Remote Procedure Call Runtime Remote Code Execution Vulnerability. The authenticated attacker could take advantage of this vulnerability to execute malicious code through the RPC runtime.

oval:org.secpod.oval:def:90747
Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability

oval:org.secpod.oval:def:90740
Remote Procedure Call Runtime Denial of Service Vulnerability

oval:org.secpod.oval:def:90749
Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability

oval:org.secpod.oval:def:90753
Remote Procedure Call Runtime Denial of Service Vulnerability

oval:org.secpod.oval:def:90755
Remote Procedure Call Runtime Denial of Service Vulnerability

oval:org.secpod.oval:def:90754
Remote Procedure Call Runtime Information Disclosure Vulnerability. An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory.

oval:org.secpod.oval:def:90757
Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability. An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory.

oval:org.secpod.oval:def:90756
Remote Procedure Call Runtime Denial of Service Vulnerability

oval:org.secpod.oval:def:90759
Windows MSHTML Platform Security Feature Bypass Vulnerability

oval:org.secpod.oval:def:90758
Windows Print Spooler Information Disclosure Vulnerability. The type of information that could be disclosed if an attacker successfully exploited this vulnerability is uninitialized memory.

oval:org.secpod.oval:def:90751
Windows MSHTML Platform Security Feature Bypass Vulnerability

oval:org.secpod.oval:def:90750
Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability. An attacker who successfully exploited this vulnerability could view heap memory from a privileged process running on the server.

oval:org.secpod.oval:def:90735
Remote Procedure Call Runtime Denial of Service Vulnerability

oval:org.secpod.oval:def:90734
Remote Procedure Call Runtime Denial of Service Vulnerability

oval:org.secpod.oval:def:90737
Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability. An attacker who successfully exploited this vulnerability could view heap memory from a privileged process running on the server.

oval:org.secpod.oval:def:90736
Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability. An attacker who successfully exploited this vulnerability could view heap memory from a privileged process running on the server.

oval:org.secpod.oval:def:90739
Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability. An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory.

oval:org.secpod.oval:def:90738
Windows MSHTML Platform Elevation of Privilege Vulnerability. The attacker would gain the rights of the user that is running the affected application.

oval:org.secpod.oval:def:90786
Active Template Library Elevation of Privilege Vulnerability. Successful exploitation of this vulnerability requires an attacker to take additional actions prior to exploitation to prepare the target environment.

oval:org.secpod.oval:def:90785
Windows Installer Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

oval:org.secpod.oval:def:90787
Microsoft Message Queuing Remote Code Execution Vulnerability. To exploit this vulnerability, an attacker would need to send a specially crafted malicious MSMQ packet to a MSMQ server. This could result in remote code execution on the server side.

oval:org.secpod.oval:def:90782
Microsoft Message Queuing Denial of Service Vulnerability

oval:org.secpod.oval:def:90781
Microsoft ODBC Driver Remote Code Execution Vulnerability. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32038

oval:org.secpod.oval:def:90783
Microsoft Message Queuing Denial of Service Vulnerability

oval:org.secpod.oval:def:90797
Windows Extended Negotiation Denial of Service Vulnerability

oval:org.secpod.oval:def:90796
Windows Authentication Denial of Service Vulnerability

oval:org.secpod.oval:def:90793
Windows Online Certificate Status Protocol (OCSP) SnapIn Remote Code Execution Vulnerability. The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally.

oval:org.secpod.oval:def:90792
Microsoft Message Queuing Remote Code Execution Vulnerability. Successful exploitation of this vulnerability requires an attacker to win a race condition.

oval:org.secpod.oval:def:90778
Windows Win32k Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

oval:org.secpod.oval:def:90862
Windows Partition Management Driver Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

oval:org.secpod.oval:def:90865
Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability. Successful exploitation of this vulnerability requires an attacker to take additional actions prior to exploitation to prepare the target environment. This attack is limited to systems connected to the same network segmen ...

oval:org.secpod.oval:def:90864
Windows Cryptographic Information Disclosure Vulnerability. An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory.

oval:org.secpod.oval:def:90867
Windows Common Log File System Driver Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

oval:org.secpod.oval:def:90869
Microsoft VOLSNAP.SYS Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain administrator privileges.

oval:org.secpod.oval:def:90868
USB Audio Class System Driver Remote Code Execution Vulnerability. An authenticated attacker could use Remote Desktop to connect to a vulnerable system that has Plug and Play device redirection enabled. Alternatively, an attacker could plug a specially crafted USB device into the port of a vulnerabl ...

oval:org.secpod.oval:def:90876
Windows Transaction Manager Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

oval:org.secpod.oval:def:90878
Windows Remote Desktop Protocol Security Feature Bypass. The RDP Gateway protocol is enforcing the usage of Datagram Transport Layer Security (DTLS) version 1.0, which is a deprecated (RFC 8996) protocol with known vulnerabilities. An attacker with a machine-in-the-middle (MitM) position who success ...

oval:org.secpod.oval:def:90879
Windows Peer Name Resolution Protocol Denial of Service Vulnerability

oval:org.secpod.oval:def:90854
Windows Netlogon Information Disclosure Vulnerability. The attacker must inject themselves into the logical network path between the target and the resource requested by the victim to read or modify network communications. This is called a man-in-the-middle (MITM) attack. An attacker who successfull ...

oval:org.secpod.oval:def:90856
OLE Automation Information Disclosure Vulnerability. The type of information that could be disclosed if an attacker successfully exploited this vulnerability is uninitialized memory.

oval:org.secpod.oval:def:90857
Windows Remote Desktop Security Feature Bypass Vulnerability. An attacker with a machine-in-the-middle (MitM) position who successfully exploited this vulnerability could bypass the certificate validation performed when a targeted user connects to a trusted server.

oval:org.secpod.oval:def:90859
Volume Shadow Copy Elevation of Privilege Vulnerability. The attacker would gain the rights of the user that is running the affected application. An authenticated attacker would need to perform specific actions on a vulnerable system, then convince another user on that system to interact with the Vo ...

oval:org.secpod.oval:def:90805
Windows Kernel Elevation of Privilege Vulnerability. Successful exploitation of this vulnerability requires an attacker to win a race condition.

oval:org.secpod.oval:def:90804
Windows Kernel Elevation of Privilege Vulnerability. Successful exploitation of this vulnerability requires an attacker to win a race condition.

oval:org.secpod.oval:def:90806
Windows Clip Service Elevation of Privilege Vulnerability. Successful exploitation of this vulnerability requires an attacker to win a race condition.

oval:org.secpod.oval:def:93106
The host is missing an important security update for KB5030220

oval:org.secpod.oval:def:90889
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability. To exploit this vulnerability, an attacker would need to send specially crafted packets to a server configured with the Routing and Remote Access Service running.

oval:org.secpod.oval:def:90888
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability. To exploit this vulnerability, an attacker would need to send specially crafted packets to a server configured with the Routing and Remote Access Service running.

oval:org.secpod.oval:def:90881
Windows CNG Key Isolation Service Elevation of Privilege Vulnerability

oval:org.secpod.oval:def:90880
Windows CryptoAPI Denial of Service Vulnerability

oval:org.secpod.oval:def:90883
Windows Image Acquisition Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

oval:org.secpod.oval:def:90882
Microsoft DirectMusic Information Disclosure Vulnerability. An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory.

oval:org.secpod.oval:def:90890
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability. To exploit this vulnerability, an attacker would need to send specially crafted packets to a server configured with the Routing and Remote Access Service running.

oval:org.secpod.oval:def:90892
Windows Error Reporting Service Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain administrator privileges. An attacker must have local access to the targeted machine and the user must be able to create folders and performance traces on the ma ...

oval:org.secpod.oval:def:90891
Azure Active Directory Security Feature Bypass Vulnerability. An attacker would require access to a low privileged session on the user's device to obtain a JWT (JSON Web Token) which can then be used to craft a long-lived assertion using the Windows Hello for Business Key from the victim's device. B ...

oval:org.secpod.oval:def:90922
The host is missing a critical security update for KB5028186

oval:org.secpod.oval:def:91857
The host is missing a critical security update for KB5029259

oval:org.secpod.oval:def:94498
The host is missing a critical security update for KB5032199

oval:org.secpod.oval:def:93716
The host is missing a critical security update for KB5031377

oval:org.secpod.oval:def:95795
Microsoft USBHUB 3.0 Device Driver Remote Code Execution Vulnerability

oval:org.secpod.oval:def:95798
Windows Kernel Elevation of Privilege Vulnerability. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

oval:org.secpod.oval:def:95834
The host is missing a critical security update for KB5033379

oval:org.secpod.oval:def:98019
The host is missing a critical security update for KB5034774

oval:org.secpod.oval:def:39333
The host is missing a critical security update according to Microsoft security bulletin, MS17-008. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to execute arbitrary ...

oval:org.secpod.oval:def:39334
A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system. To exploit the vulnerability, an attacker could run a specially crafted application on a guest operating system that could cause ...

oval:org.secpod.oval:def:39330
A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system. To exploit the vulnerability, an attacker who already has a privileged account on a guest operating system, running as ...

oval:org.secpod.oval:def:39331
A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system. To exploit the vulnerability, an attacker who already has a privileged account on a guest operating system, running as ...

oval:org.secpod.oval:def:39332
An information disclosure vulnerability exists when Windows Hyper-V on a host operating system fails to properly validate input from an authenticated user on a guest operating system. To exploit the vulnerability, an attacker on a guest operating system could run a specially crafted application that ...

oval:org.secpod.oval:def:39325
A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system. To exploit the vulnerability, an attacker who already has a privileged account on a guest operating system, running as ...

oval:org.secpod.oval:def:39326
A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate vSMB packet data. An attacker who successfully exploited these vulnerabilities could execute arbitrary code on a target operating system.To exploit these vulnerabilities, an attacker running ...

oval:org.secpod.oval:def:39327
A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system. To exploit the vulnerability, an attacker who already has a privileged account on a guest operating system, running as ...

oval:org.secpod.oval:def:39328
A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system. To exploit the vulnerability, an attacker who already has a privileged account on a guest operating system, running as ...

oval:org.secpod.oval:def:39329
A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system. To exploit the vulnerability, an attacker could run a specially crafted application on a guest operating system that could cause ...

oval:org.secpod.oval:def:40433
An elevation of privilege vulnerability exists when Windows Hyper-V on a host server fails to properly validate vSMB packet data. An attacker who successfully exploited these vulnerabilities could gain elevated privileges on a target operating system.This vulnerability by itself does not allow arbit ...

oval:org.secpod.oval:def:39773
A denial of service vulnerability exists when Microsoft Hyper-V on a host server fails to properly validate input from a privileged user on a guest operating system. To exploit the vulnerability, an attacker who already has a privileged account on a guest operating system, running as a virtual machi ...

oval:org.secpod.oval:def:39774
A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system. An attacker who successfully exploited the vulnerability could cause the host server to crash. To exploit the vulnerabi ...

oval:org.secpod.oval:def:39775
A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system. An attacker who successfully exploited the vulnerability could cause the host server to crash. To exploit the vulnerabi ...

oval:org.secpod.oval:def:39770
A remote code execution vulnerability exists when Windows Hyper-V Network Switch on a host server fails to properly validate input from an authenticated user on a guest operating system. To exploit the vulnerability, an attacker could run a specially crafted application on a guest operating system t ...

oval:org.secpod.oval:def:39771
A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system. An attacker who successfully exploited the vulnerability could cause the host server to crash. To exploit the vulnerabi ...

oval:org.secpod.oval:def:39772
A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system. An attacker who successfully exploited the vulnerability could cause the host server to crash. To exploit the vulnerabi ...

oval:org.secpod.oval:def:39764
A remote code execution vulnerability exists when Windows Hyper-V Network Switch on a host server fails to properly validate input from an authenticated user on a guest operating system. To exploit the vulnerability, an attacker could run a specially crafted application on a guest operating system t ...

oval:org.secpod.oval:def:39767
A denial of service vulnerability exists when Microsoft Hyper-V on a host server fails to properly validate input from a privileged user on a guest operating system. To exploit the vulnerability, an attacker who already has a privileged account on a guest operating system, running as a virtual machi ...

oval:org.secpod.oval:def:39768
A denial of service vulnerability exists when Microsoft Hyper-V on a host server fails to properly validate input from a privileged user on a guest operating system. To exploit the vulnerability, an attacker who already has a privileged account on a guest operating system, running as a virtual machi ...

oval:org.secpod.oval:def:39769
A remote code execution vulnerability exists when Windows Hyper-V Network Switch on a host server fails to properly validate input from an authenticated user on a guest operating system. To exploit the vulnerability, an attacker could run a specially crafted application on a guest operating system t ...

oval:org.secpod.oval:def:39761
A remote code execution vulnerability exists when Windows Hyper-V Network Switch on a host server fails to properly validate input from an authenticated user on a guest operating system. To exploit the vulnerability, an attacker could run a specially crafted application on a guest operating system t ...

oval:org.secpod.oval:def:40924
An elevation of privilege vulnerability exists when Windows Hyper-V instruction emulation fails to properly enforce privilege levels. An attacker who successfully exploited this vulnerability could gain elevated privileges on a target guest operating system. The host operating system is not vulnerab ...

oval:org.secpod.oval:def:42013
An information disclosure vulnerability exists when Windows Hyper-V on a host operating system fails to properly validate input from an authenticated user on a guest operating system. To exploit the vulnerability, an attacker on a guest operating system could run a specially crafted application that ...

oval:org.secpod.oval:def:42014
An information disclosure vulnerability exists when Windows Hyper-V on a host operating system fails to properly validate input from an authenticated user on a guest operating system. To exploit the vulnerability, an attacker on a guest operating system could run a specially crafted application that ...

oval:org.secpod.oval:def:42020
An information disclosure vulnerability exists when Windows Hyper-V on a host operating system fails to properly validate input from an authenticated user on a guest operating system. To exploit the vulnerability, an attacker on a guest operating system could run a specially crafted application that ...

oval:org.secpod.oval:def:41651
A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system. To exploit the vulnerability, an attacker could run a specially crafted application on a guest operating system that could cause ...

oval:org.secpod.oval:def:44618
A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system. An attacker who successfully exploited the vulnerability could cause the host server to crash. To exploit the vulnerab ...

oval:org.secpod.oval:def:44620
An information disclosure vulnerability exists when Windows Hyper-V on a host operating system fails to properly validate input from an authenticated user on a guest operating system. To exploit the vulnerability, an attacker on a guest operating system could run a specially crafted application that ...

oval:org.secpod.oval:def:45371
A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system. To exploit the vulnerability, an attacker could run a specially crafted application on a guest operating system that could cause ...

oval:org.secpod.oval:def:44973
An information disclosure vulnerability exists when Windows Hyper-V on a host operating system fails to properly validate input from an authenticated user on a guest operating system. To exploit the vulnerability, an attacker on a guest operating system could run a specially crafted application that ...

oval:org.secpod.oval:def:47445
An information disclosure vulnerability exists when Windows Hyper-V on a host operating system fails to properly validate input from an authenticated user on a guest operating system. To exploit the vulnerability, an attacker on a guest operating system could run a specially crafted application that ...

oval:org.secpod.oval:def:47446
A security feature bypass vulnerability exists when Windows Hyper-V BIOS loader fails to provide a high-entropy source. To exploit this vulnerability, an attacker would need to reboot a guest virtual machine numerous times until the vulnerability is triggered. The security update addresses the vulne ...

oval:org.secpod.oval:def:47450
A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system. To exploit the vulnerability, an attacker could run a specially crafted application on a guest operating system that could cause ...

oval:org.secpod.oval:def:55369
A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system. To exploit the vulnerability, an attacker could run a specially crafted application on a guest operating system that could cause ...

oval:org.secpod.oval:def:58464
A denial of service vulnerability exists when Microsoft Hyper-V on a host server fails to properly validate input from a privileged user on a guest operating system. To exploit the vulnerability, an attacker who already has a privileged account on a guest operating system, running as a virtual machi ...

oval:org.secpod.oval:def:59656
A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system. To exploit the vulnerability, an attacker could run a specially crafted application on a guest operating system that could cause ...

oval:org.secpod.oval:def:68216
Hyper-V Denial of Service Vulnerability

oval:org.secpod.oval:def:37008
The host is installed with Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Server 2012, Windows 8.1, Server 2012 R2 or Windows 10 and is prone to an elevation of privilege vulnerability. A flaw is present in the application, which fails to properly handle kernel API enforced permissio ...

oval:org.secpod.oval:def:37007
The host is installed with Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Server 2012, Windows 8.1, Server 2012 R2 or Windows 10 and is prone to an elevation of privilege vulnerability. A flaw is present in the application, where kernel API improperly allows a user to access sensitiv ...

oval:org.secpod.oval:def:36743
The host is installed with Microsoft Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8.1, 10, Server 2012 or Server 2012 R2 and is prone to a kerberos security feature bypass vulnerability. A flaw is present in the Windows Kerberos, which fails to properly handle a pas ...

oval:org.secpod.oval:def:36742
The host is missing an important security update according to Microsoft security bulletin, MS16-101. The update is required to fix multiple vulnerabilities. The flaws are present in the Windows Kerberos, which fails to properly handle a password change request and falls back to NT LAN Manager (NTLM) ...

oval:org.secpod.oval:def:36739
The host is missing a critical security update according to Microsoft security bulletin, MS16-097. The update is required to fix multiple remote code execution vulnerabilities. The flaws are present in the Windows font library, which improperly handles specially crafted embedded fonts. Successful ex ...

oval:org.secpod.oval:def:36736
The host is installed with Microsoft Windows Vista, 7, 8.1, 10, Server 2008, Server 2008 R2, Server 2012 or Server 2012 R2 Microsoft Lync 2010, Microsoft Skype For business 2016, Microsoft Skype For Business Basic 2016, Microsoft Lync Basic 2013, Microsoft Lync 2010 Attendee, Microsoft live meeting ...

oval:org.secpod.oval:def:36735
The host is missing a critical security update according to Microsoft bulletin, MS16-095. The update is required to fix multiple vulnerabilities. The flaws are present in application, which improperly handles objects in memory in Internet Explorer. Successful exploitation could allow attackers to ga ...

oval:org.secpod.oval:def:36734
The host is installed with Internet Explorer 9, 10, 11 or Microsoft edge and is prone to an information disclosure vulnerability. A flaw is present in Internet Explorer, which improperly handles objects in memory. Successful exploitation could allow attackers to obtain information to further comprom ...

oval:org.secpod.oval:def:36733
The host is installed with Internet Explorer 9, 10, 11 or Microsoft edge and is prone to an information disclosure vulnerability. A flaw is present in Internet Explorer, which improperly handles objects in memory. Successful exploitation could allow attackers to obtain information to further comprom ...

oval:org.secpod.oval:def:36732
The host is installed with Internet Explorer 9, 10, 11 or Microsoft edge and is prone to an information disclosure vulnerability. A flaw is present in Internet Explorer, which improperly handles objects in memory. Successful exploitation could allow attackers to obtain information to further comprom ...

oval:org.secpod.oval:def:36731
The host is installed with Internet Explorer 11 or Microsoft edge and is prone to a memory corruption vulnerability. A flaw is present in Internet Explorer, which improperly handles objects in memory. Successful exploitation could allow attackers to execute arbitrary code in the context of the curre ...

oval:org.secpod.oval:def:36730
The host is installed with Internet Explorer 10 or 11 and is prone to an information disclosure vulnerability. A flaw is present in Internet Explorer, which improperly handles objects in memory. Successful exploitation could allow attackers to obtain information to further compromise the user's syst ...

oval:org.secpod.oval:def:36729
The host is installed with Internet Explorer 9, 10, 11 or Microsoft edge and is prone to a memory corruption vulnerability. A flaw is present in Internet Explorer, which improperly handles objects in memory. Successful exploitation could allow attackers to execute arbitrary code in the context of th ...

oval:org.secpod.oval:def:36728
The host is installed with Internet Explorer 11 and is prone to a memory corruption vulnerability. A flaw is present in Internet Explorer, which improperly handles objects in memory. Successful exploitation could allow attackers to execute arbitrary code in the context of the current user or could g ...

oval:org.secpod.oval:def:36727
The host is installed with Internet Explorer 11 or Microsoft edge and is prone to a memory corruption vulnerability. A flaw is present in Internet Explorer, which improperly handles objects in memory. Successful exploitation could allow attackers to execute arbitrary code in the context of the curre ...

oval:org.secpod.oval:def:36726
The host is installed with Internet Explorer 11 and is prone to a memory corruption vulnerability. A flaw is present in Internet Explorer, which improperly handles objects in memory. Successful exploitation could allow attackers to execute arbitrary code in the context of the current user or could g ...

oval:org.secpod.oval:def:36725
The host is missing a critical security update according to Microsoft bulletin, MS16-096. The update is required to fix multiple vulnerabilities. The flaws are present in application, which improperly handles objects in memory. Successful exploitation could allow attackers to gain the same user righ ...

oval:org.secpod.oval:def:36724
The host is installed with Microsoft Edge and is prone to a memory corruption vulnerability. A flaw is present in the application, which improperly handles objects in memory. Successful exploitation could allow attackers to execute arbitrary code in the context of the current user or could gain the ...

oval:org.secpod.oval:def:36723
The host is installed with Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Server 2012, Windows 8.1, Server 2012 R2 or Windows 10 and is prone to an elevation of privilege vulnerability. A flaw is present in the Windows Kernel, which fails to properly handle objects in memory. ...

oval:org.secpod.oval:def:36722
The host is installed with Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Server 2012, Windows 8.1, Server 2012 R2 or Windows 10 and is prone to an elevation of privilege vulnerability. A flaw is present in the Windows Kernel, which fails to properly handle objects in memory. ...

oval:org.secpod.oval:def:36721
The host is installed with Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Server 2012, Windows 8.1, Server 2012 R2 or Windows 10 and is prone to an elevation of privilege vulnerability. A flaw is present in the Windows Kernel, which fails to properly handle objects in memory. ...

oval:org.secpod.oval:def:36720
The host is installed with Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Server 2012, Windows 8.1, Server 2012 R2 or Windows 10 and is prone to an elevation of privilege vulnerability. A flaw is present in the Windows Kernel, which fails to properly handle objects in memory. ...

oval:org.secpod.oval:def:36719
The host is missing an important security update according to Microsoft bulletin, MS16-098. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which improperly handles kernel memory. An attacker who successfully exploited these vulnerabilities could obt ...

oval:org.secpod.oval:def:36710
The host is installed with Microsoft Edge, Micosoft Windows 8.1, 10, Server 2012 or 2012 R2 and is prone to a remote code execution vulnerability. A flaw is present in the Microsoft Windows PDF Library, which fails to properly handle objects in memory. An attacker who successfully exploited the vuln ...

oval:org.secpod.oval:def:36997
The host is missing an important security update according to Microsoft bulletin, MS16-098. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which improperly handles kernel memory. An attacker who successfully exploited these vulnerabilities could obt ...

oval:org.secpod.oval:def:36995
The host is installed with Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Server 2012, Windows 8.1, Server 2012 R2 or Windows 10 and is prone to an elevation of privilege vulnerability. A flaw is present in the Windows Graphics Device Interface (GDI), which fails to properly ...

oval:org.secpod.oval:def:36994
The host is installed with Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Server 2012, Windows 8.1, Server 2012 R2 or Windows 10 and is prone to an information disclosure vulnerability. A flaw is present in the Windows Graphics Device Interface (GDI), which fails to properly ...

oval:org.secpod.oval:def:36992
The host is installed with Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Server 2012, Windows 8.1, Server 2012 R2 or Windows 10 and is prone to an elevation of privilege vulnerability. A flaw is present in the Windows Kernel, which fails to properly handle objects in memory. ...

oval:org.secpod.oval:def:37071
The host is missing a critical security update according to Microsoft bulletin, MS16-104. The update is required to fix multiple vulnerabilities. The flaws are present in application, which improperly handles objects in memory in Internet Explorer. Successful exploitation could allow attackers to ga ...

oval:org.secpod.oval:def:37070
The host is missing a critical security update according to Microsoft bulletin, MS16-105. The update is required to fix multiple vulnerabilities. The flaws are present in application, which improperly handles objects in memory. Successful exploitation could allow attackers to gain the same user righ ...

oval:org.secpod.oval:def:37066
The host is installed with Internet Explorer 11 or Microsoft edge and is prone to an information disclosure vulnerability. A flaw is present in Internet Explorer, which improperly handles objects in memory. Successful exploitation could obtain information to further compromise a target system.

oval:org.secpod.oval:def:37065
The host is installed with Internet Explorer 9, 10, 11 and is prone to a memory corruption vulnerability. A flaw is present in Internet Explorer, which improperly handles objects in memory. Successful exploitation could allow attackers to gain the same user rights as the current user, if the current ...

oval:org.secpod.oval:def:37064
The host is installed with Internet Explorer 9, 10, 11 or Microsoft Edge and is prone to a memory corruption vulnerability. A flaw is present in Internet Explorer, which improperly handles objects in memory. Successful exploitation could allow attackers to gain the same user rights as the current us ...

oval:org.secpod.oval:def:37063
The host is installed with Internet Explorer 10, 11 or Microsoft Edge and is prone to a memory corruption vulnerability. A flaw is present in Internet Explorer, which improperly handles objects in memory. Successful exploitation could allow attackers to gain the same user rights as the current user, ...

oval:org.secpod.oval:def:37062
The host is installed with Internet Explorer 10, 11 and is prone to an elevation of privilege vulnerability. A flaw is present in Internet Explorer, which fails to handle a check which allow sandbox escape. Successful exploitation could use the sandbox escape to elevate privileges on an affected sys ...

oval:org.secpod.oval:def:37061
The host is installed with Internet Explorer 11 and is prone to an information disclosure vulnerability. A flaw is present in Internet Explorer, which fails to handle cross-origin requests. Successful exploitation could determine the origin of all of the web pages in the affected browser.

oval:org.secpod.oval:def:37060
The host is installed with Internet Explorer 11 or Microsoft Edge and is prone to a memory corruption vulnerability. A flaw is present in Internet Explorer, which improperly handles objects in memory. Successful exploitation could allow attackers to gain the same user rights as the current user, if ...

oval:org.secpod.oval:def:37069
The host is installed with Internet Explorer 9, 10, 11 and is prone to a memory corruption vulnerability. A flaw is present in Internet Explorer, which improperly handles objects in memory. Successful exploitation could allow attackers to gain the same user rights as the current user, if the current ...

oval:org.secpod.oval:def:37068
The host is installed with Internet Explorer 9, 10, 11 and is prone to a security feature bypass vulnerability. A flaw is present in Internet Explorer, which improperly handles objects in memory. Successful exploitation could entice users into clicking a link that directs them to the attacker's site ...

oval:org.secpod.oval:def:37067
The host is installed with Internet Explorer 9, 10, 11 or Microsoft edge and is prone to an information disclosure vulnerability. A flaw is present in Internet Explorer, which improperly handles objects in memory. Successful exploitation could obtain information to further compromise a target system ...

oval:org.secpod.oval:def:37055
The host is missing an important security update according to Microsoft bulletin, MS16-110. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to properly handle crafted vectors. An attacker who successfully exploited this vulnerability coul ...

oval:org.secpod.oval:def:37053
The host is installed with Microsoft Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8.1, 10, Server 2012 or Server 2012 R2 and is prone to a remote code execution vulnerability. A flaw is present in the application, which fails to properly handle objects in memory. An ...

oval:org.secpod.oval:def:37052
The host is installed with Microsoft Windows Windows 8.1 or 10 and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to properly validate NT LAN Manager (NTLM) Single Sign-On (SSO) requests during Microsoft Account (MSA) login sessions. An attacke ...

oval:org.secpod.oval:def:37051
The host is installed with Microsoft Windows 10 and is prone to an elevation of privilege vulnerability. A flaw is present in the application, which fails to properly handle a specially crafted DLL. A locally-authenticated attacker who successfully exploited this vulnerability could run arbitrary co ...

oval:org.secpod.oval:def:37050
The host is missing an important security update according to Microsoft security bulletin, MS16-114. The update is required to fix a remote code execution vulnerability. A flaw is present in the application, which improperly handles crafted packets. Successful exploitation could allow attackers to e ...

oval:org.secpod.oval:def:37059
The host is installed with Microsoft edge and is prone to a memory corruption vulnerability. A flaw is present in Microsoft Edge, which improperly handles objects in memory. Successful exploitation could allow attackers to gain the same user rights as the current user, if the current user is logged ...

oval:org.secpod.oval:def:37058
The host is installed with Microsoft edge and is prone to a memory corruption vulnerability. A flaw is present in Microsoft Edge, which improperly handles objects in memory. Successful exploitation could allow attackers to gain the same user rights as the current user, if the current user is logged ...

oval:org.secpod.oval:def:37057
The host is installed with Microsoft edge and is prone to a memory corruption vulnerability. A flaw is present in Microsoft Edge, which improperly handles objects in memory. Successful exploitation could allow attackers to gain the same user rights as the current user, if the current user is logged ...

oval:org.secpod.oval:def:37056
The host is installed with Microsoft edge and is prone to a memory corruption vulnerability. A flaw is present in Microsoft Edge, which improperly handles objects in memory. Successful exploitation could allow attackers to gain the same user rights as the current user, if the current user is logged ...

oval:org.secpod.oval:def:37044
The host is missing a critical security update according to Microsoft security bulletin, MS16-115. The update is required to fix multiple vulnerabilities. A flaw is present in the Microsoft Windows PDF Library, which fails to properly handle objects in memory. An attacker who successfully exploited ...

oval:org.secpod.oval:def:37043
The host is missing a critical update according to Microsoft security bulletin, MS16-117. The update is required to fix multiple vulnerabilities. The flaws are present in the applications, which fails to properly handle unknown vectors. Successful exploitation allows remote attackers to cause code e ...

oval:org.secpod.oval:def:37041
The host is installed with Adobe Flash Player before 18.0.0.375 or 19.x through 22.x before 23.0.0.162 or IE10, IE 11 or Microsoft edge and is prone to an use-after-free vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation could lead ...

oval:org.secpod.oval:def:37040
The host is installed with Adobe Flash Player before 18.0.0.375 or 19.x through 22.x before 23.0.0.162 or IE10, IE 11 or Microsoft edge and is prone to an use-after-free vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation could lead ...

oval:org.secpod.oval:def:37049
The host is installed with Microsoft Windows Vista SP2, Windows 7 SP1, Windows 8.1, Windows 10, Windows Server 2008 SP2,Windows Server 2008 R2 SP1, Windows Server 2012 or Windows Server 2012 R2 and is prone to a remote code execution vulnerability. A flaw is present in the application, which imprope ...

oval:org.secpod.oval:def:37048
The host is installed with Micosoft Windows 8.1, 10 or 2012 R2 and is prone to an elevation of privilege vulnerability. A flaw is present in the Microsoft Windows PDF Library, which fails to properly handle windows lock screen. An attacker who successfully exploited the vulnerability could potential ...

oval:org.secpod.oval:def:37047
The host is missing a critical security update according to Microsoft security bulletin, MS16-112. The update is required to fix an elevation of privilege vulnerability. A flaw is present in the Microsoft Windows PDF Library, which fails to properly handle windows lock screen. An attacker who succes ...

oval:org.secpod.oval:def:37046
The host is installed with Microsoft Edge, Micosoft Windows 8.1, 10, Server 2012 or 2012 R2 and is prone to a remote code execution vulnerability. A flaw is present in the Microsoft Windows PDF Library, which fails to properly handle objects in memory. An attacker who successfully exploited the vuln ...

oval:org.secpod.oval:def:37045
The host is installed with Microsoft Edge, Micosoft Windows 8.1, 10, Server 2012 or 2012 R2 and is prone to a remote code execution vulnerability. A flaw is present in the Microsoft Windows PDF Library, which fails to properly handle objects in memory. An attacker who successfully exploited the vuln ...

oval:org.secpod.oval:def:37033
The host is installed with Adobe Flash Player before 18.0.0.375 or 19.x through 22.x before 23.0.0.162 or IE10, IE 11 or Microsoft edge and is prone to an use-after-free vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation could lead ...

oval:org.secpod.oval:def:37032
The host is installed with Adobe Flash Player before 18.0.0.375 or 19.x through 22.x before 23.0.0.162 or IE10, IE 11 or Microsoft edge and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation could le ...

oval:org.secpod.oval:def:37031
The host is installed with Adobe Flash Player before 18.0.0.375 or 19.x through 22.x before 23.0.0.162 or IE10, IE 11 or Microsoft edge and is prone to an use-after-free vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation could lead ...

oval:org.secpod.oval:def:37030
The host is installed with Adobe Flash Player before 18.0.0.375 or 19.x through 22.x before 23.0.0.162 or IE10, IE 11 or Microsoft edge and is prone to an integer overflow vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation could le ...

oval:org.secpod.oval:def:37039
The host is installed with Adobe Flash Player before 18.0.0.375 or 19.x through 22.x before 23.0.0.162 or IE10, IE 11 or Microsoft edge and is prone to an use-after-free vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation could lead ...

oval:org.secpod.oval:def:37038
The host is installed with Adobe Flash Player before 18.0.0.375 or 19.x through 22.x before 23.0.0.162 or IE10, IE 11 or Microsoft edge and is prone to an use-after-free vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation could lead ...

oval:org.secpod.oval:def:37037
The host is installed with Adobe Flash Player before 18.0.0.375 or 19.x through 22.x before 23.0.0.162 or IE10, IE 11 or Microsoft edge and is prone to an use-after-free vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation could lead ...

oval:org.secpod.oval:def:37036
The host is installed with Adobe Flash Player before 18.0.0.375 or 19.x through 22.x before 23.0.0.162 or IE10, IE 11 or Microsoft edge and is prone to an use-after-free vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation could lead ...

oval:org.secpod.oval:def:37035
The host is installed with Adobe Flash Player before 18.0.0.375 or 19.x through 22.x before 23.0.0.162 or IE10, IE 11 or Microsoft edge and is prone to an use-after-free vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation could lead ...

oval:org.secpod.oval:def:37034
The host is installed with Adobe Flash Player before 18.0.0.375 or 19.x through 22.x before 23.0.0.162 or IE10, IE 11 or Microsoft edge and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation could le ...

oval:org.secpod.oval:def:37022
The host is installed with Adobe Flash Player before 18.0.0.375 or 19.x through 22.x before 23.0.0.162 or IE10, IE 11 or Microsoft edge and is prone to a security bypass vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation could allo ...

oval:org.secpod.oval:def:37021
The host is installed with Adobe Flash Player before 18.0.0.375 or 19.x through 22.x before 23.0.0.162 or IE10, IE 11 or Microsoft edge and is prone to a security bypass vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation could allo ...

oval:org.secpod.oval:def:37020
The host is installed with Adobe Flash Player before 18.0.0.375 or 19.x through 22.x before 23.0.0.162 or IE10, IE 11 or Microsoft edge and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation could le ...

oval:org.secpod.oval:def:37029
The host is installed with Adobe Flash Player before 18.0.0.375 or 19.x through 22.x before 23.0.0.162 or IE10, IE 11 or Microsoft edge and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation could le ...

oval:org.secpod.oval:def:37028
The host is installed with Adobe Flash Player before 18.0.0.375 or 19.x through 22.x before 23.0.0.162 or IE10, IE 11 or Microsoft edge and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation could le ...

oval:org.secpod.oval:def:37027
The host is installed with Adobe Flash Player before 18.0.0.375 or 19.x through 22.x before 23.0.0.162 or IE10, IE 11 or Microsoft edge and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation could le ...

oval:org.secpod.oval:def:37026
The host is installed with Adobe Flash Player before 18.0.0.375 or 19.x through 22.x before 23.0.0.162 or IE10, IE 11 or Microsoft edge and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation could le ...

oval:org.secpod.oval:def:37025
The host is installed with Adobe Flash Player before 18.0.0.375 or 19.x through 22.x before 23.0.0.162 or IE10, IE 11 or Microsoft edge and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation could le ...

oval:org.secpod.oval:def:37024
The host is installed with Adobe Flash Player before 18.0.0.375 or 19.x through 22.x before 23.0.0.162 or IE10, IE 11 or Microsoft edge and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation could le ...

oval:org.secpod.oval:def:37023
The host is installed with Adobe Flash Player before 18.0.0.375 or 19.x through 22.x before 23.0.0.162 or IE10, IE 11 or Microsoft edge and is prone to an use-after-free vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation could lead ...

oval:org.secpod.oval:def:37011
The host is missing an important security update according to Microsoft security bulletin, MS16-111. The update is required to fix an elevation of privilege vulnerability. A flaw is present in the application, which fails to properly handle session objects and kernel API enforced permissions. Succes ...

oval:org.secpod.oval:def:37010
The host is installed with Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Server 2012, Windows 8.1, Server 2012 R2 or Windows 10 and is prone to an elevation of privilege vulnerability. A flaw is present in the application, which fails to properly handle session objects. Successful e ...

oval:org.secpod.oval:def:37019
The host is installed with Adobe Flash Player before 18.0.0.375 or 19.x through 22.x before 23.0.0.162 or IE10, IE 11 or Microsoft edge and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation could le ...

oval:org.secpod.oval:def:37018
The host is installed with Adobe Flash Player before 18.0.0.375 or 19.x through 22.x before 23.0.0.162 or IE10, IE 11 or Microsoft edge and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation could le ...

oval:org.secpod.oval:def:37017
The host is installed with Adobe Flash Player before 18.0.0.375 or 19.x through 22.x before 23.0.0.162 or IE10, IE 11 or Microsoft edge and is prone to an use-after-free vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation could lead ...

oval:org.secpod.oval:def:37016
The host is installed with Adobe Flash Player before 18.0.0.375 or 19.x through 22.x before 23.0.0.162 or IE10, IE 11 or Microsoft edge and is prone to a security bypass vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation could allo ...

oval:org.secpod.oval:def:37009
The host is installed with Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Server 2012, Windows 8.1, Server 2012 R2 or Windows 10 and is prone to an elevation of privilege vulnerability. A flaw is present in the application, which fails to properly handle session objects. Successful e ...

oval:org.secpod.oval:def:37433
The host is installed with Windows 10 and is prone to a privilege escalation vulnerability. A flaw is present in the application, which fails to properly sanitize input. Successful exploitation could lead to unsecure library loading behavior.

oval:org.secpod.oval:def:37432
The host is missing a critical security update according to Microsoft security bulletin, MS16-122. The update is required to fix a remote code execution vulnerability. A flaw is present in the Microsoft video control, which fails to properly handle objects in memory. Successful exploitation could al ...

oval:org.secpod.oval:def:37431
The host is installed with Vista SP2, Windows 7 SP1, Windows 8.1 or Windows 10 and is prone to an remote code execution vulnerability. A flaw is present in the Microsoft video control, which fails to properly handle objects in memory. Successful exploitation could allow attacker to run arbitrary cod ...

oval:org.secpod.oval:def:37860
The host is missing a critical update according to Microsoft security bulletin, MS16-128. The update is required to fix an use-after-free vulnerability. A flaw is present application, which fails to properly handle unknown vectors. Successful exploitation allows remote attackers to crash the service ...

oval:org.secpod.oval:def:37858
The host is installed with Adobe Flash Player before 23.0.0.205 or IE10, IE 11, Microsoft Edge or Google Chrome 54.0.2840.71 or before and is prone to an use-after-free vulnerability. A flaw is present in the applications, which fail to handle unspecified vectors. Successful exploitation could lead ...

oval:org.secpod.oval:def:37891
The host is installed with Microsoft Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8.1, 10, Server 2012 or Server 2012 R2 and is prone to an elevation of privilege vulnerability. A flaw is present in the Windows Common Log File System Driver, which fails to properly ...

oval:org.secpod.oval:def:37890
The host is installed with Microsoft Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8.1, 10, Server 2012 or Server 2012 R2 and is prone to an elevation of privilege vulnerability. A flaw is present in the Windows Common Log File System Driver, which fails to properly ...

oval:org.secpod.oval:def:37897
The host is installed with Microsoft Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8.1, 10, Server 2012 or Server 2012 R2 and is prone to an elevation of privilege vulnerability. A flaw is present in the Windows Common Log File System Driver, which fails to properly ...

oval:org.secpod.oval:def:37896
The host is installed with Microsoft Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8.1, 10, Server 2012 or Server 2012 R2 and is prone to an elevation of privilege vulnerability. A flaw is present in the Windows Common Log File System Driver, which fails to properly ...

oval:org.secpod.oval:def:37895
The host is installed with Microsoft Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8.1, 10, Server 2012 or Server 2012 R2 and is prone to an elevation of privilege vulnerability. A flaw is present in the Windows Common Log File System Driver, which fails to properly ...

oval:org.secpod.oval:def:37894
The host is installed with Microsoft Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8.1, 10, Server 2012 or Server 2012 R2 and is prone to an elevation of privilege vulnerability. A flaw is present in the Windows Common Log File System Driver, which fails to properly ...

oval:org.secpod.oval:def:37893
The host is installed with Microsoft Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8.1, 10, Server 2012 or Server 2012 R2 and is prone to an elevation of privilege vulnerability. A flaw is present in the Windows Common Log File System Driver, which fails to properly ...

oval:org.secpod.oval:def:37892
The host is installed with Microsoft Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8.1, 10, Server 2012 or Server 2012 R2 and is prone to an elevation of privilege vulnerability. A flaw is present in the Windows Common Log File System Driver, which fails to properly ...

oval:org.secpod.oval:def:37889
The host is installed with Microsoft Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8.1, 10, Server 2012 or Server 2012 R2 and is prone to an elevation of privilege vulnerability. A flaw is present in the Windows Common Log File System Driver, which fails to properly ...

oval:org.secpod.oval:def:37888
The host is installed with Microsoft Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8.1, 10, Server 2012 or Server 2012 R2 and is prone to an elevation of privilege vulnerability. A flaw is present in the Windows Common Log File System Driver, which fails to properly ...

oval:org.secpod.oval:def:37437
The host is installed with Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Server 2012, Windows 8.1, Server 2012 R2 or Windows 10 and is prone to an elevation of privilege vulnerability. A flaw is present in the Windows Kernel, which fails to properly handle objects in memory. ...

oval:org.secpod.oval:def:37436
The host is installed with Windows Server 2012, Windows 8.1, Server 2012 R2 or Windows 10 and is prone to an elevation of privilege vulnerability. A flaw is present in the Windows Kernel, which fails to properly handle objects in memory. An attacker who successfully exploited these vulnerability cou ...

oval:org.secpod.oval:def:37435
The host is installed with Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Server 2012, Windows 8.1, Server 2012 R2 or Windows 10 and is prone to an elevation of privilege vulnerability. A flaw is present in the Windows Kernel, which fails to properly handle objects in memory. ...

oval:org.secpod.oval:def:37434
The host is missing an important security update according to Microsoft security bulletin, MS16-125. The update is required to fix a privilege escalation vulnerability. A flaw is present in the application, which fails to properly sanitize input. Successful exploitation could lead to unsecure librar ...

oval:org.secpod.oval:def:37473
The host is installed with Microsoft Edge and is prone to a memory corruption vulnerability. A flaw is present in Microsoft Edge, which improperly handles objects in memory. Successful exploitation could allow attackers to gain the same user rights as the current user, if the current user is logged ...

oval:org.secpod.oval:def:37472
The host is installed with Microsoft Edge and is prone to a security feature bypass corruption vulnerability. A flaw is present in Microsoft Edge, which fails to properly handle validation of certain specially crafted documents. Successful exploitation could allow attackers to gain the same user rig ...

oval:org.secpod.oval:def:37471
The host is installed with Microsoft Edge and is prone to a remote code execution vulnerability. A flaw is present in Microsoft Edge, which improperly handles objects in memory. Successful exploitation could allow attackers to gain the same user rights as the current user, if the current user is log ...

oval:org.secpod.oval:def:37470
The host is installed with Microsoft Edge and is prone to a memory corruption vulnerability. A flaw is present in Microsoft Edge, which improperly handles objects in memory. Successful exploitation could allow attackers to gain the same user rights as the current user, if the current user is logged ...

oval:org.secpod.oval:def:37478
The host is installed with Internet Explorer 9, 10, 11 or edge and is prone to a memory corruption vulnerability. A flaw is present in the applications, which improperly handles objects in memory. Successful exploitation could allow attackers to gain the same user rights as the current user, if the ...

oval:org.secpod.oval:def:37476
The host is installed with Internet Explorer 9, 10 or 11 and is prone to an information disclosure vulnerability. A flaw is present in the Internet Messaging API, which fails to properly handle objects in memory. Successful exploitation could allow the attacker to test for the presence of files on d ...

oval:org.secpod.oval:def:37475
The host is installed with Internet Explorer 9, 10, 11 or Microsoft Edge and is prone to an information disclosure vulnerability. A flaw is present in the applications, which improperly handles objects in memory. Successful exploitation could allow attackers to detect specific files on the user's co ...

oval:org.secpod.oval:def:37474
The host is installed with Microsoft Edge and is prone to a memory corruption vulnerability. A flaw is present in Microsoft Edge, which improperly handles objects in memory. Successful exploitation could allow attackers to gain the same user rights as the current user, if the current user is logged ...

oval:org.secpod.oval:def:37462
The host is installed with Adobe Flash Player before 18.0.0.382 or 19.x through 22.x before 23.0.0.185 or IE10, IE 11 or Microsoft Edge and is prone to an use-after-free vulnerability. A flaw is present applications, which fail to handle unspecified vectors. Successful exploitation could lead to cod ...

oval:org.secpod.oval:def:37461
The host is installed with Adobe Flash Player before 18.0.0.382 or 19.x through 22.x before 23.0.0.185 or IE10, IE 11 or Microsoft Edge and is prone to a memory corruption vulnerability. A flaw is present applications, which fail to handle unspecified vectors. Successful exploitation could lead to c ...

oval:org.secpod.oval:def:37460
The host is installed with Adobe Flash Player before 18.0.0.382 or 19.x through 22.x before 23.0.0.185 or IE10, IE 11 or Microsoft Edge and is prone to a memory corruption vulnerability. A flaw is present applications, which fail to handle unspecified vectors. Successful exploitation could lead to c ...

oval:org.secpod.oval:def:37469
The host is installed with Microsoft Edge and is prone to a memory corruption vulnerability. A flaw is present in Microsoft Edge, which improperly handles objects in memory. Successful exploitation could allow attackers to gain the same user rights as the current user, if the current user is logged ...

oval:org.secpod.oval:def:37467
The host is missing a critical update according to Microsoft security bulletin, MS16-127. The update is required to fix multiple vulnerabilities. The flaws are present applications, which fail to properly handle unknown vectors. Successful exploitation allows remote attackers to cause code execution ...

oval:org.secpod.oval:def:37466
The host is installed with IE10, IE 11 or Microsoft Edge and is prone to a remot code execution vulnerability. A flaw is present applications, which fail to handle unspecified vectors. Successful exploitation could lead to code execution.

oval:org.secpod.oval:def:37465
The host is installed with Adobe Flash Player before 18.0.0.382 or 19.x through 22.x before 23.0.0.185 or IE10, IE 11 or Microsoft Edge and is prone to a type confusion vulnerability. A flaw is present applications, which fail to handle unspecified vectors. Successful exploitation could lead to code ...

oval:org.secpod.oval:def:37464
The host is installed with Adobe Flash Player before 18.0.0.382 or 19.x through 22.x before 23.0.0.185 or IE10, IE 11 or Microsoft Edge and is prone to a memory corruption vulnerability. A flaw is present applications, which fail to handle unspecified vectors. Successful exploitation could lead to c ...

oval:org.secpod.oval:def:37463
The host is installed with Adobe Flash Player before 18.0.0.382 or 19.x through 22.x before 23.0.0.185 or IE10, IE 11 or Microsoft Edge and is prone to a memory corruption vulnerability. A flaw is present applications, which fail to handle unspecified vectors. Successful exploitation could lead to c ...

oval:org.secpod.oval:def:37459
The host is installed with Adobe Flash Player before 18.0.0.382 or 19.x through 22.x before 23.0.0.185 or IE10, IE 11 or Microsoft Edge and is prone to a memory corruption vulnerability. A flaw is present applications, which fail to handle unspecified vectors. Successful exploitation could lead to c ...

oval:org.secpod.oval:def:37458
The host is installed with Adobe Flash Player before 18.0.0.382 or 19.x through 22.x before 23.0.0.185 or IE10, IE 11 or Microsoft Edge and is prone to a memory corruption vulnerability. A flaw is present applications, which fail to handle unspecified vectors. Successful exploitation could lead to c ...

oval:org.secpod.oval:def:37457
The host is installed with Adobe Flash Player before 18.0.0.382 or 19.x through 22.x before 23.0.0.185 or IE10, IE 11 or Microsoft Edge and is prone to a memory corruption vulnerability. A flaw is present applications, which fail to handle unspecified vectors. Successful exploitation could lead to c ...

oval:org.secpod.oval:def:37456
The host is installed with Adobe Flash Player before 18.0.0.382 or 19.x through 22.x before 23.0.0.185 or IE10, IE 11 or Microsoft Edge and is prone to an use-after-free vulnerability. A flaw is present applications, which fail to handle unspecified vectors. Successful exploitation could lead to cod ...

oval:org.secpod.oval:def:37455
The host is installed with Adobe Flash Player before 18.0.0.382 or 19.x through 22.x before 23.0.0.185 or IE10, IE 11 or Microsoft Edge and is prone to a security bypass vulnerability. A flaw is present applications, which fail to handle unspecified vectors. Successful exploitation could lead to cod ...

oval:org.secpod.oval:def:37454
The host is installed with Adobe Flash Player before 18.0.0.382 or 19.x through 22.x before 23.0.0.185 or IE10, IE 11 or Microsoft Edge and is prone to a memory corruption vulnerability. A flaw is present applications, which fail to handle unspecified vectors. Successful exploitation could lead to c ...

oval:org.secpod.oval:def:37440
The host is missing a critical security update according to Microsoft security bulletin, MS16-123. The update is required to fix multiple elevation of privilege vulnerabilities. A flaw is present in the Windows Kernel, which fails to properly handle objects in memory. An attacker who successfully ex ...

oval:org.secpod.oval:def:37445
The host is missing an important security update according to Microsoft security bulletin, MS16-124. The update is required to fix an elevation of privilege vulnerability. A flaw is present in the application, which fails to properly handle session objects and kernel API enforced permissions. Succes ...

oval:org.secpod.oval:def:37444
The host is installed with Windows 10 and is prone to an elevation of privilege vulnerability. A flaw is present in the application, which fails to properly handle session objects. Successful exploitation could allow local authenticated attacker to hijack the session of another user.

oval:org.secpod.oval:def:37443
The host is installed with Server 2012, Windows 8.1, Server 2012 R2 or Windows 10 and is prone to an elevation of privilege vulnerability. A flaw is present in the application, which fails to properly handle session objects. Successful exploitation could allow local authenticated attacker to hijack ...

oval:org.secpod.oval:def:37442
The host is installed with Server 2012, Windows 8.1, Server 2012 R2 or Windows 10 and is prone to an elevation of privilege vulnerability. A flaw is present in the application, which fails to properly handle session objects. Successful exploitation could allow local authenticated attacker to hijack ...

oval:org.secpod.oval:def:37441
The host is installed with Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Server 2012, Windows 8.1, Server 2012 R2 or Windows 10 and is prone to an elevation of privilege vulnerability. A flaw is present in the application, which fails to properly handle session objects. Successful e ...

oval:org.secpod.oval:def:37439
The host is installed with Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Server 2012, Windows 8.1, Server 2012 R2 or Windows 10 and is prone to an elevation of privilege vulnerability. A flaw is present in the Windows Kernel, which fails to properly handle objects in memory. ...

oval:org.secpod.oval:def:37438
The host is installed with Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Server 2012, Windows 8.1, Server 2012 R2 or Windows 10 and is prone to an elevation of privilege vulnerability. A flaw is present in the Windows Kernel, which fails to properly handle objects in memory. ...

oval:org.secpod.oval:def:37495
The host is installed with Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Server 2012, Windows 8.1, Server 2012 R2, Windows 10, Microsoft Skype For business 2016, Microsoft Skype For Business Basic 2016, Microsoft lync 2013, lync 2010, live meeting console 2007, Microsoft Off ...

oval:org.secpod.oval:def:37494
The host is installed with Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Server 2012, Windows 8.1, Server 2012 R2, Windows 10, Microsoft Skype For business 2016, Microsoft Skype For Business Basic 2016, Microsoft lync 2013, lync 2010, live meeting console 2007, Microsoft Off ...

oval:org.secpod.oval:def:37493
The host is installed with Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Server 2012, Windows 8.1, Server 2012 R2 or Windows 10 and is prone to a remote code execution vulnerability. A flaw is present in the Windows Graphics Component, which fails to properly handle objects ...

oval:org.secpod.oval:def:37492
The host is installed with Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Server 2012, Windows 8.1, Server 2012 R2 or Windows 10 and is prone to an elevation of privilege vulnerability. A flaw is present in the Windows Kernel, which fails to properly handle objects in memory. ...

oval:org.secpod.oval:def:37491
The host is installed with Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Server 2012, Windows 8.1, Server 2012 R2, Windows 10, Microsoft Skype For business 2016, Microsoft Skype For Business Basic 2016, Microsoft lync 2013, lync 2010, live meeting console 2007, Microsoft Off ...

oval:org.secpod.oval:def:37490
The host is installed with Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Server 2012, Windows 8.1, Server 2012 R2, Windows 10, Microsoft Skype For business 2016, Microsoft Skype For Business Basic 2016, Microsoft lync 2013, lync 2010, live meeting console 2007, Microsoft Off ...

oval:org.secpod.oval:def:37496
The host is missing an critical security update according to Microsoft bulletin, MS16-120. The update is required to fix multiple vulnerabilities. The flaws are present in the applications, which improperly handles GDI components. An attacker who successfully exploited these vulnerabilities could ob ...

oval:org.secpod.oval:def:37484
The host is installed with Internet Explorer 11 or Edge and is prone to a memory corruption vulnerability. A flaw is present in the applications, which improperly handles objects in memory. Successful exploitation could allow attackers to gain the same user rights as the current user, if the current ...

oval:org.secpod.oval:def:37483
The host is installed with Internet Explorer 10, 11 or Microsoft Edge and is prone to an elevation of privilege vulnerability. A flaw is present in the applications, which fails to properly secure private namespace. Successful exploitation could allow attackers to gain elevated permissions on the na ...

oval:org.secpod.oval:def:37482
The host is installed with Internet Explorer 10, 11 or Microsoft Edge and is prone to an elevation of privilege vulnerability. A flaw is present in the applications, which fails to properly secure private namespace. Successful exploitation could allow attackers to gain elevated permissions on the na ...

oval:org.secpod.oval:def:37481
The host is installed with Internet Explorer 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in Internet Explorer, which improperly handles objects in memory. Successful exploitation could allow attackers to gain the same user rights as the current user, if the curre ...

oval:org.secpod.oval:def:37480
The host is installed with Internet Explorer 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in Internet Explorer, which improperly handles objects in memory. Successful exploitation could allow attackers to gain the same user rights as the current user, if the curre ...

oval:org.secpod.oval:def:37489
The host is installed with Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Server 2012, Windows 8.1, Server 2012 R2, Windows 10, .net framework 3.0, 4.6, 4.5 SP2, 3.5.1, Microsoft Skype For business 2016, Microsoft Skype For Business Basic 2016, Microsoft lync 2013, lync 2010, ...

oval:org.secpod.oval:def:37488
The host is missing a critical security update according to Microsoft bulletin, MS16-118. The update is required to fix multiple vulnerabilities. The flaws are present in application, which improperly handles objects in memory in Internet Explorer. Successful exploitation could allow attackers to ga ...

oval:org.secpod.oval:def:37487
The host is missing a critical security update according to Microsoft bulletin, MS16-119. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which improperly handles objects in memory. Successful exploitation could allow attackers to gain the same user ...

oval:org.secpod.oval:def:37485
The host is installed with Internet Explorer 9, 10 or 11 and is prone to an information disclosure vulnerability. A flaw is present in Internet Explorer, which leaves credential data in memory. Successful exploitation could allow attackers to harvest credentials from a memory dump of the browser pro ...

oval:org.secpod.oval:def:38288
The host is installed with Adobe Flash Player before 24.0.0.186, IE10, IE 11 or Microsoft Edge and is prone to an use-after-free vulnerability. A flaw is present in the applications, which fail to handle unspecified vectors. Successful exploitation could lead to code execution.

oval:org.secpod.oval:def:38280
The host is installed with Adobe Flash Player before 24.0.0.186, IE10, IE 11 or Microsoft Edge and is prone to a memory corruption vulnerability. A flaw is present in the applications, which fail to handle unspecified vectors. Successful exploitation could lead to code execution.

oval:org.secpod.oval:def:38281
The host is installed with Adobe Flash Player before 24.0.0.186, IE10, IE 11 or Microsoft Edge and is prone to a memory corruption vulnerability. A flaw is present in the applications, which fail to handle unspecified vectors. Successful exploitation could lead to code execution.

oval:org.secpod.oval:def:38282
The host is installed with Adobe Flash Player before 24.0.0.186, IE10, IE 11 or Microsoft Edge and is prone to an use-after-free vulnerability. A flaw is present in the applications, which fail to handle unspecified vectors. Successful exploitation could lead to code execution.

oval:org.secpod.oval:def:38283
The host is installed with Adobe Flash Player before 24.0.0.186, IE10, IE 11 or Microsoft Edge and is prone to an use-after-free vulnerability. A flaw is present in the applications, which fail to handle unspecified vectors. Successful exploitation could lead to code execution.

oval:org.secpod.oval:def:38284
The host is installed with Adobe Flash Player before 24.0.0.186, IE10, IE 11 or Microsoft Edge and is prone to an use-after-free vulnerability. A flaw is present in the applications, which fail to handle unspecified vectors. Successful exploitation could lead to code execution.

oval:org.secpod.oval:def:38285
The host is installed with Adobe Flash Player before 24.0.0.186, IE10, IE 11 or Microsoft Edge and is prone to an use-after-free vulnerability. A flaw is present in the applications, which fail to handle unspecified vectors. Successful exploitation could lead to code execution.

oval:org.secpod.oval:def:38286
The host is installed with Adobe Flash Player before 24.0.0.186, IE10, IE 11 or Microsoft Edge and is prone to an use-after-free vulnerability. A flaw is present in the applications, which fail to handle unspecified vectors. Successful exploitation could lead to code execution.

oval:org.secpod.oval:def:38287
The host is installed with Adobe Flash Player before 24.0.0.186, IE10, IE 11 or Microsoft Edge and is prone to a security bypass vulnerability. A flaw is present in the applications, which fail to handle unspecified vectors. Successful exploitation could lead to code execution.

oval:org.secpod.oval:def:38277
The host is installed with Adobe Flash Player before 24.0.0.186, IE10, IE 11 or Microsoft Edge and is prone to an use-after-free vulnerability. A flaw is present in the applications, which fail to handle unspecified vectors. Successful exploitation could lead to code execution.

oval:org.secpod.oval:def:38278
The host is installed with Adobe Flash Player before 24.0.0.186, IE10, IE 11 or Microsoft Edge and is prone to a memory corruption vulnerability. A flaw is present in the applications, which fail to handle unspecified vectors. Successful exploitation could lead to code execution.

oval:org.secpod.oval:def:38279
The host is installed with Adobe Flash Player before 24.0.0.186, IE10, IE 11 or Microsoft Edge and is prone to a memory corruption vulnerability. A flaw is present in the applications, which fail to handle unspecified vectors. Successful exploitation could lead to code execution.

oval:org.secpod.oval:def:38270
The host is missing an important security update according to Microsoft bulletin, MS16-152. The update is required to fix an information disclosure vulnerability. A flaw is present in the application, which fails to properly handle certain page fault system calls. Successful exploitation could allow ...

oval:org.secpod.oval:def:38271
The host is installed with Microsoft Windows 10 or Server 2016 and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to properly handle certain page fault system calls. Successful exploitation could allow attackers to disclose sensitive informatio ...

oval:org.secpod.oval:def:38272
The host is installed with Adobe Flash Player before 24.0.0.186, IE10, IE 11 or Microsoft Edge and is prone to a buffer overflow vulnerability. A flaw is present in the applications, which fail to handle unspecified vectors. Successful exploitation could lead to code execution.

oval:org.secpod.oval:def:38273
The host is installed with Adobe Flash Player before 24.0.0.186, IE10, IE 11 or Microsoft Edge and is prone to a buffer overflow vulnerability. A flaw is present in the applications, which fail to handle unspecified vectors. Successful exploitation could lead to code execution.

oval:org.secpod.oval:def:38274
The host is installed with Adobe Flash Player before 24.0.0.186, IE10, IE 11 or Microsoft Edge and is prone to a buffer overflow vulnerability. A flaw is present in the applications, which fail to handle unspecified vectors. Successful exploitation could lead to code execution.

oval:org.secpod.oval:def:38275
The host is installed with Adobe Flash Player before 24.0.0.186, IE10, IE 11 or Microsoft Edge and is prone to a buffer overflow vulnerability. A flaw is present in the applications, which fail to handle unspecified vectors. Successful exploitation could lead to code execution.

oval:org.secpod.oval:def:38276
The host is installed with Adobe Flash Player before 24.0.0.186, IE10, IE 11 or Microsoft Edge and is prone to a memory corruption vulnerability. A flaw is present in the applications, which fail to handle unspecified vectors. Successful exploitation could lead to code execution.

oval:org.secpod.oval:def:38268
The host is missing an important security update according to Microsoft bulletin, MS16-150. The update is required to fix an elevation of privilege vulnerability. A flaw is present in the application, which fails to handle a crafted application. Successful exploitation could allow elevation of privi ...

oval:org.secpod.oval:def:38269
The host is installed with Microsoft Windows 10 or Server 2016 and is prone to an elevation of privilege vulnerability. A flaw is present in the application, which fails to handle a crafted application. Successful exploitation could allow elevation of privilege.

oval:org.secpod.oval:def:38291
The host is missing an important security update according to Microsoft security bulletin, MS16-153. The update is required to fix an information disclosure vulnerability. A flaw is present in the Windows Common Log File System Driver, which fails to properly handle objects in memory. An attacker wh ...

oval:org.secpod.oval:def:38292
The host is installed with Microsoft Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8.1, Windows 10, Server 2012, Server 2016 or Server 2012 R2 and is prone to an information disclosure vulnerability. A flaw is present in the Windows Common Log File System Driver, whi ...

oval:org.secpod.oval:def:38290
The host is missing a critical update according to Microsoft security bulletin, MS16-154. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to properly handle unknown vectors. Successful exploitation allows remote attackers to cause code ex ...

oval:org.secpod.oval:def:37899
The host is installed with Adobe Flash Player before 23.0.0.207 or IE10, IE 11, Microsoft Edge and is prone to an use-after-free vulnerability. A flaw is present in the applications, which fail to handle unspecified vectors. Successful exploitation could lead to code execution.

oval:org.secpod.oval:def:37898
The host is missing an important security update according to Microsoft security bulletin, MS16-134. The update is required to fix multiple elevation of privilege vulnerabilities. The flaws are present in the Windows Common Log File System Driver, which fails to properly handle objects in memory. An ...

oval:org.secpod.oval:def:37958
The host is missing a critical security update according to Microsoft bulletin, MS16-142. The update is required to fix multiple vulnerabilities. The flaws are present in application, which improperly handles objects in memory in Internet Explorer. Successful exploitation could allow attackers to ga ...

oval:org.secpod.oval:def:37957
The host is missing a critical security update according to Microsoft bulletin, MS16-129. The update is required to fix multiple vulnerabilities. The flaws are present in application, which improperly handles objects in memory. Successful exploitation could allow attackers to gain the same user righ ...

oval:org.secpod.oval:def:37956
The host is installed with Microsoft edge and is prone to an information disclosure vulnerability. A flaw is present in Microsoft edge, which improperly handles objects in memory. Successful exploitation allow attackers to trick a user to allow access to the user's My Documents folder.

oval:org.secpod.oval:def:37955
The host is installed with Microsoft edge and is prone to a memory corruption vulnerability. A flaw is present in Microsoft edge, which improperly handles objects in memory. Successful exploitation could allow attackers to execute arbitrary code in the context of the current user.

oval:org.secpod.oval:def:37910
The host is installed with Server 2012, Windows 8.1, Server 2012 R2 or Windows 10 and is prone to an elevation of privilege vulnerability. A flaw is present in the application, which fails to properly handle user access to certain files. Successful exploitation could manipulate files in locations no ...

oval:org.secpod.oval:def:37907
The host is installed with Adobe Flash Player before 23.0.0.207 or IE10, IE 11, Microsoft Edge and is prone to a type confusion vulnerability. A flaw is present in the applications, which fail to handle unspecified vectors. Successful exploitation could lead to code execution.

oval:org.secpod.oval:def:37906
The host is installed with Adobe Flash Player before 23.0.0.207 or IE10, IE 11, Microsoft Edge and is prone to an use-after-free vulnerability. A flaw is present in the applications, which fail to handle unspecified vectors. Successful exploitation could lead to code execution.

oval:org.secpod.oval:def:37905
The host is installed with Adobe Flash Player before 23.0.0.207 or IE10, IE 11, Microsoft Edge and is prone to an use-after-free vulnerability. A flaw is present in the applications, which fail to handle unspecified vectors. Successful exploitation could lead to code execution.

oval:org.secpod.oval:def:37904
The host is installed with Adobe Flash Player before 23.0.0.207 or IE10, IE 11, Microsoft Edge and is prone to an use-after-free vulnerability. A flaw is present in the applications, which fail to handle unspecified vectors. Successful exploitation could lead to code execution.

oval:org.secpod.oval:def:37903
The host is installed with Adobe Flash Player before 23.0.0.207 or IE10, IE 11, Microsoft Edge and is prone to a type confusion vulnerability. A flaw is present in the applications, which fail to handle unspecified vectors. Successful exploitation could lead to code execution.

oval:org.secpod.oval:def:37902
The host is installed with Adobe Flash Player before 23.0.0.207 or IE10, IE 11, Microsoft Edge and is prone to a type confusion vulnerability. A flaw is present in the applications, which fail to handle unspecified vectors. Successful exploitation could lead to code execution.

oval:org.secpod.oval:def:37901
The host is installed with Adobe Flash Player before 23.0.0.207 or IE10, IE 11, Microsoft Edge and is prone to an use-after-free vulnerability. A flaw is present in the applications, which fail to handle unspecified vectors. Successful exploitation could lead to code execution.

oval:org.secpod.oval:def:37900
The host is installed with Adobe Flash Player before 23.0.0.207 or IE10, IE 11, Microsoft Edge and is prone to an use-after-free vulnerability. A flaw is present in the applications, which fail to handle unspecified vectors. Successful exploitation could lead to code execution.

oval:org.secpod.oval:def:37954
The host is installed with Microsoft edge and is prone to a memory corruption vulnerability. A flaw is present in Microsoft edge, which improperly handles objects in memory. Successful exploitation could allow attackers to execute arbitrary code in the context of the current user.

oval:org.secpod.oval:def:37953
The host is installed with Microsoft edge and is prone to a memory corruption vulnerability. A flaw is present in Microsoft edge, which improperly handles objects in memory. Successful exploitation could allow attackers to execute arbitrary code in the context of the current user.

oval:org.secpod.oval:def:37952
The host is installed with Microsoft edge and is prone to a memory corruption vulnerability. A flaw is present in Microsoft edge, which improperly handles objects in memory. Successful exploitation could allow attackers to execute arbitrary code in the context of the current user.

oval:org.secpod.oval:def:37951
The host is installed with Microsoft edge and is prone to a memory corruption vulnerability. A flaw is present in Microsoft edge, which improperly handles objects in memory. Successful exploitation could allow attackers to execute arbitrary code in the context of the current user.

oval:org.secpod.oval:def:37950
The host is installed with Microsoft edge and is prone to a memory corruption vulnerability. A flaw is present in Microsoft edge, which improperly handles objects in memory. Successful exploitation could allow attackers to execute arbitrary code in the context of the current user.

oval:org.secpod.oval:def:37949
The host is installed with Internet Explorer 9, 10, 11 or edge and is prone to a memory corruption vulnerability. A flaw is present in Microsoft edge, which improperly handles objects in memory. Successful exploitation could allow attackers to execute arbitrary code in the context of the current use ...

oval:org.secpod.oval:def:37948
The host is installed with Microsoft edge and is prone to a memory corruption vulnerability. A flaw is present in Microsoft edge, which improperly handles objects in memory. Successful exploitation could allow attackers to execute arbitrary code in the context of the current user.

oval:org.secpod.oval:def:37947
The host is installed with Microsoft edge and is prone to a memory corruption vulnerability. A flaw is present in Microsoft edge, which improperly handles objects in memory. Successful exploitation could allow attackers to execute arbitrary code in the context of the current user.

oval:org.secpod.oval:def:37946
The host is installed with Internet Explorer 9, 10, 11 or Microsoft edge and is prone to a memory corruption vulnerability. A flaw is present in Internet Explorer, which improperly handles objects in memory. Successful exploitation could allow attackers to obtain information to further compromise th ...

oval:org.secpod.oval:def:37945
The host is installed with Internet Explorer 9, 10, 11 or Microsoft edge and is prone to a memory corruption vulnerability. A flaw is present in Internet Explorer, which improperly handles objects in memory. Successful exploitation could allow attackers to obtain information to further compromise th ...

oval:org.secpod.oval:def:37944
The host is installed with Internet Explorer 9, 10, 11 or Microsoft edge and is prone to an information disclosure vulnerability. A flaw is present in Internet Explorer, which improperly handles objects in memory. Successful exploitation could allow attackers to obtain information to further comprom ...

oval:org.secpod.oval:def:37943
The host is installed with Internet Explorer 9, 10, 11 or Microsoft edge and is prone to an information disclosure vulnerability. A flaw is present in Internet Explorer, which improperly handles objects in memory. Successful exploitation could allow attackers to obtain information to further comprom ...

oval:org.secpod.oval:def:37942
The host is installed with Internet Explorer 9, 10, 11 or Microsoft edge and is prone to an information disclosure vulnerability. A flaw is present in Internet Explorer, which improperly handles objects in memory. Successful exploitation could allow attackers to obtain information to further comprom ...

oval:org.secpod.oval:def:37941
The host is installed with Internet Explorer 10, 11 or Microsoft edge and is prone to a memory corruption vulnerability. A flaw is present in Internet Explorer, which improperly handles objects in memory. Successful exploitation could allow attackers to obtain information to further compromise the u ...

oval:org.secpod.oval:def:37940
The host is installed with Internet Explorer 11 or Microsoft edge and is prone to a memory corruption vulnerability. A flaw is present in Internet Explorer, which improperly handles objects in memory. Successful exploitation could allow attackers to obtain information to further compromise the user' ...

oval:org.secpod.oval:def:37939
The host is installed with Microsoft Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8.1, Server 2012, Server 2012 R2 and 10 and is prone to an remote code execution vulnerability. A flaw is present in the specially crafted embedded fonts, which fails to properly hand ...

oval:org.secpod.oval:def:37938
The host is installed with Microsoft Windows Vista SP2, Server 2008 R2 SP1, Windows 8.1, Server 2012, Server 2012 R2 and 10 and is prone to an memory corruption vulnerability. A flaw is present in the Windows Media Foundation component, which fails to properly handle objects in memory. An attacker w ...

oval:org.secpod.oval:def:37937
The host is installed with Microsoft Windows Vista SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8.1, Server 2012, Server 2012 R2 and 10 and is prone to an memory corruption vulnerability. A flaw is present in the Windows Animation Manager, which fails to properly handle objects in memory. An atta ...

oval:org.secpod.oval:def:37936
The host is installed with Microsoft Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8.1, Server 2012, Server 2012 R2 and 10 and is prone to an information disclosure vulnerability. A flaw is present in the ATMFD component, which fails to properly handle objects in mem ...

oval:org.secpod.oval:def:37935
The host is missing an important security update according to Microsoft security bulletin, MS16-132. The update is required to fix multiple vulnerabilities. The flaws are present in the Microsoft Graphics component, which fails to properly handle a specially crafted object in memory. An attacker who ...

oval:org.secpod.oval:def:37934
The host is missing a critical security update according to Microsoft security bulletin, MS16-130. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to properly handle specially crafted application. Successful exploitation could allow attac ...

oval:org.secpod.oval:def:37933
The host is installed with Microsoft Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8.1, 10, Server 2012 or Server 2012 R2 and is prone to a remote code execution vulnerability. A flaw is present in the Windows image file loading functionality, which improperly handle ...

oval:org.secpod.oval:def:37932
The host is installed with Windows 10 and is prone to an elevation of privilege vulnerability. A flaw is present in the Task Scheduler, which improperly handles scheduling of a new task with a malicious UNC path. Successful exploitation could allow attacker to run arbitrary code with elevated system ...

oval:org.secpod.oval:def:37931
The host is installed with Microsoft Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8.1, 10, Server 2012 or Server 2012 R2 and is prone to an elevation of privilege vulnerability. A flaw is present in the Windows IME, which improperly handles DLL loading. Successful e ...

oval:org.secpod.oval:def:37928
The host is missing an important security update according to Microsoft security bulletin, MS16-140. The update is required to fix a secure boot component vulnerability. A flaw is present in the Windows Secure Boot, which improperly loads a boot policy. An attacker who successfully exploited the vul ...

oval:org.secpod.oval:def:37927
The host is installed with Microsoft Windows 8.1, 10, Server 2012 or Server 2012 R2 and is prone to a security feature bypass vulnerability. A flaw is present in the Windows Secure Boot, which improperly loads a boot policy. An attacker who successfully exploited the vulnerabilities could disable co ...

oval:org.secpod.oval:def:37926
The host is missing an important security update according to Microsoft security bulletin, MS16-138. The update is required to fix multiple VHD driver elevation of privilege vulnerabilities. A flaw is present in the application, which fails to properly handle handle user access to certain files. Suc ...

oval:org.secpod.oval:def:37925
The host is missing an important security update according to Microsoft security bulletin, MS16-137. The update is required to fix multiple vulnerability. A flaw is present in the application, which fails to properly handle crafted vectors. An attacker who successfully exploited this vulnerability c ...

oval:org.secpod.oval:def:37923
The host is installed with Microsoft Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8.1, 10, Server 2012 or Server 2012 R2 and is prone to an elevation of privilege vulnerability. A flaw is present in the Windows NTLM, which fails to properly handle NTLM password chan ...

oval:org.secpod.oval:def:37922
The host is installed with Microsoft Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8.1, 10, Server 2012 or Server 2012 R2 and is prone to a denial of service vulnerability. A flaw is present in the Windows Local Security Authority Subsystem Service (LSASS), which fai ...

oval:org.secpod.oval:def:37921
The host is missing an important security update according to Microsoft security bulletin, MS16-135. The update is required to fix multiple vulnerabilities. The flaws are present in the Windows Kernel-mode driver, which fails to properly handle a specially crafted application. An attacker who succes ...

oval:org.secpod.oval:def:37920
The host is installed with Microsoft Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8.1, 10, Server 2012, Server 2012 R2 or Server 2016 and is prone to an elevation of privilege vulnerability. A flaw is present in the Windows kernel-mode driver, which fails to properl ...

oval:org.secpod.oval:def:37918
The host is installed with Microsoft Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8.1, 10, Server 2012, Server 2012 R2 or Server 2016 and is prone to an information disclosure vulnerability. A flaw is present in the Windows Bowser.sys Kernel-Mode driver, which fails ...

oval:org.secpod.oval:def:37917
The host is installed with Microsoft Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8.1, 10, Server 2012, Server 2012 R2 or Server 2016 and is prone to an elevation of privilege vulnerability. A flaw is present in the Windows kernel-mode driver, which fails to properl ...

oval:org.secpod.oval:def:37916
The host is installed with Microsoft Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8.1, 10, Server 2012, Server 2012 R2 or Server 2016 and is prone to an information disclosure vulnerability. A flaw is present in the Windows Kernel, which fails to properly handle spe ...

oval:org.secpod.oval:def:37915
The host is installed with Vista SP2, Windows 7 SP1, Windows 8.1 or Windows 10 and is prone to a remote code execution vulnerability. A flaw is present in the Microsoft video control, which fails to properly handle objects in memory. Successful exploitation could allow attacker to run arbitrary code ...

oval:org.secpod.oval:def:37914
The host is missing an important security update according to Microsoft security bulletin, MS16-131. The update is required to fix remote code execution vulnerability. A flaw is present in the Microsoft Video Control, which fails to properly handle objects in memory. Successful exploitation could al ...

oval:org.secpod.oval:def:37913
The host is installed with Windows 10 and is prone to an elevation of privilege vulnerability. A flaw is present in the application, which fails to properly handle user access to certain files. Successful exploitation could manipulate files in locations not intended to be available to the user.

oval:org.secpod.oval:def:37912
The host is installed with Windows 10 and is prone to an elevation of privilege vulnerability. A flaw is present in the application, which fails to properly handle user access to certain files. Successful exploitation could manipulate files in locations not intended to be available to the user.

oval:org.secpod.oval:def:37911
The host is installed with Server 2012, Windows 8.1, Server 2012 R2 or Windows 10 and is prone to an elevation of privilege vulnerability. A flaw is present in the application, which fails to properly handle user access to certain files. Successful exploitation could manipulate files in locations no ...

oval:org.secpod.oval:def:37919
The host is installed with Microsoft Windows 7 SP1, Server 2008 R2 SP1, Windows 8.1, 10, Server 2012, Server 2012 R2 or Server 2016 and is prone to an elevation of privilege vulnerability. A flaw is present in the Windows kernel-mode driver, which fails to properly handle specially crafted applicati ...

oval:org.secpod.oval:def:38299
The host is installed with Microsoft Edge and is prone to a memory corruption vulnerability. A flaw is present in the applications, which improperly handles objects in memory. Successful exploitation could allow attackers to gain the same user rights as the current user, if the current user is logge ...

oval:org.secpod.oval:def:38293
The host is missing an important security update according to Microsoft security bulletin, MS16-147. The update is required to fix a remote code execution vulnerability. A flaw is present in the Windows Uniscribe, which fails to properly handle objects in memory. An attacker who successfully exploit ...

oval:org.secpod.oval:def:38294
The host is installed with Microsoft Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8.1, Windows 10, Server 2012, Server 2016 or Server 2012 R2 and is prone to a remote code execution vulnerability. A flaw is present in the Windows Uniscribe, which fails to properly h ...

oval:org.secpod.oval:def:38296
The host is installed with Microsoft Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8.1, Server 2012, Server 2012 R2, Windows 10 or Server 2016 and is prone to a remote code execution vulnerability. A flaw is present in the windows GDI component, which improperly hand ...

oval:org.secpod.oval:def:38297
The host is installed with Microsoft Windows 10 or Server 2016 and is prone to a remote code execution vulnerability. A flaw is present in the windows GDI component, which improperly handles objects in the memory. An attacker who successfully exploited these vulnerabilities could take control of the ...

oval:org.secpod.oval:def:38298
The host is missing an critical security update according to Microsoft bulletin, MS16-146. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to properly handle crafted website. Successful exploitation could allow remote code execution.

oval:org.secpod.oval:def:38320
The host is installed with Microsoft Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8.1, Windows 10, Server 2012, Server 2016 or Server 2012 R2 and is prone to an elevation of privilege Vulnerability. A flaw is present in the Windows kernel-mode driver, which fails to ...

oval:org.secpod.oval:def:38318
The host is missing an important security update according to Microsoft security bulletin, MS16-151. The update is required to fix multiple vulnerabilities. The flaws are present in the Windows Kernel-mode driver, which fails to properly handle a specially crafted application. An attacker who succes ...

oval:org.secpod.oval:def:38319
The host is installed with Microsoft Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8.1, Windows 10, Server 2012, Server 2016 or Server 2012 R2 and is prone to an elevation of privilege Vulnerability. A flaw is present in the Microsoft Graphics Component, which fails ...

oval:org.secpod.oval:def:38311
The host is installed with Internet Explorer 9, 10, 11 or Edge and is prone to an information disclosure vulnerability. A flaw is present in the applications, which improperly handles objects in memory. Successful exploitation could allow attackers to obtain information to further compromise a targe ...

oval:org.secpod.oval:def:38313
The host is missing a critical security update according to Microsoft bulletin, MS16-145. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which improperly handles objects in memory. Successful exploitation could allow attackers to gain the same user ...

oval:org.secpod.oval:def:38314
The host is missing a critical security update according to Microsoft bulletin, MS16-144. The update is required to fix multiple vulnerabilities. The flaws are present in application, which improperly handles objects in memory in Internet Explorer. Successful exploitation could allow attackers to ga ...

oval:org.secpod.oval:def:38315
The host is installed with Microsoft Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8.1, 10, Server 2012, Server 2012 R2 or Server 2016 and is prone to an information disclosure vulnerability. A flaw is present in the Windows Crypto Driver, which improperly handles ob ...

oval:org.secpod.oval:def:38316
The host is installed with Microsoft Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8.1, 10, Server 2012, Server 2012 R2 or Server 2016 and is prone to an elevation of privilege vulnerability. A flaw is present in the Windows Installer, which improperly sanitize input ...

oval:org.secpod.oval:def:38317
The host is missing an important security update according to Microsoft bulletin, MS16-149. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to properly handle crafted application. Successful exploitation could allow elevation of privileg ...

oval:org.secpod.oval:def:38307
The host is installed with Internet Explorer 10, 11 or edge and is prone to a security feature bypass vulnerability. A flaw is present in the applications, which fails to properly apply same origin policy for scripts running inside Web Workers. Successful exploitation allow attackers to trick a user ...

oval:org.secpod.oval:def:38308
The host is installed with Internet Explorer 9, 10 or 11 is prone to a memory corruption vulnerability. A flaw is present in the applications, which improperly handles objects in memory. Successful exploitation could allow attackers to gain the same user rights as the current user, if the current us ...

oval:org.secpod.oval:def:38309
The host is installed with Internet Explorer 9, 10, 11 or edge and is prone to a memory corruption vulnerability. A flaw is present in the applications, which improperly handles objects in memory. Successful exploitation could allow attackers to gain the same user rights as the current user, if the ...

oval:org.secpod.oval:def:38300
The host is installed with Microsoft Edge and is prone to a memory corruption vulnerability. A flaw is present in the applications, which improperly handles objects in memory. Successful exploitation could allow attackers to gain the same user rights as the current user, if the current user is logge ...

oval:org.secpod.oval:def:38301
The host is installed with Microsoft Edge and is prone to a memory corruption vulnerability. A flaw is present in the applications, which improperly handles objects in memory. Successful exploitation could allow attackers to gain the same user rights as the current user, if the current user is logge ...

oval:org.secpod.oval:def:38302
The host is installed with Microsoft Edge and is prone to a memory corruption vulnerability. A flaw is present in the applications, which improperly handles objects in memory. Successful exploitation could allow attackers to gain the same user rights as the current user, if the current user is logge ...

oval:org.secpod.oval:def:38303
The host is installed with Microsoft Edge and is prone to an information disclosure vulnerability. A flaw is present in the applications, which properly validate content under specific conditions. Successful exploitation could allow attackers to run arbitrary code that could lead to an information d ...

oval:org.secpod.oval:def:38304
The host is installed with Microsoft Edge and is prone to an information disclosure vulnerability. A flaw is present in the applications, which properly validate content under specific conditions. Successful exploitation could allow attackers to run arbitrary code that could lead to an information d ...

oval:org.secpod.oval:def:38305
The host is installed with Microsoft Edge and is prone to a memory corruption vulnerability. A flaw is present in the applications, which improperly handles objects in memory. Successful exploitation could allow attackers to gain the same user rights as the current user, if the current user is logge ...

oval:org.secpod.oval:def:38306
The host is installed with Internet Explorer 11 or edge and is prone to a memory corruption vulnerability. A flaw is present in the applications, which improperly handles objects in memory. Successful exploitation could allow attackers to gain the same user rights as the current user, if the current ...

oval:org.secpod.oval:def:39014
The host is installed with Adobe Flash Player before 24.0.0.221, Flash Player plugin in IE 11, IE 10 or Microsoft Edge and is prone to an use-after-free vulnerability. A flaw is present in the applications, which fail to handle unspecified vectors. An attacker who successfully exploited the vulnerab ...

oval:org.secpod.oval:def:39015
The host is installed with Adobe Flash Player before 24.0.0.221, Flash Player plugin in IE 11, IE 10 or Microsoft Edge and is prone to an use-after-free vulnerability. A flaw is present in the applications, which fail to handle unspecified vectors. An attacker who successfully exploited the vulnerab ...

oval:org.secpod.oval:def:39016
The host is installed with Adobe Flash Player before 24.0.0.221, Flash Player plugin in IE 11, IE 10 or Microsoft Edge and is prone to an integer overflow vulnerability. A flaw is present in the applications, which fail to handle unspecified vectors. An attacker who successfully exploited the vulner ...

oval:org.secpod.oval:def:39017
The host is installed with Adobe Flash Player before 24.0.0.221, Flash Player plugin in IE 11, IE 10 or Microsoft Edge and is prone to a type confusion vulnerability. A flaw is present in the applications, which fail to handle unspecified vectors. An attacker who successfully exploited the vulnerabi ...

oval:org.secpod.oval:def:39010
The host is installed with Adobe Flash Player before 24.0.0.221, Flash Player plugin in IE 11, IE 10 or Microsoft Edge and is prone to a heap buffer overflow vulnerability. A flaw is present in the applications, which fail to handle unspecified vectors. An attacker who successfully exploited the vul ...

oval:org.secpod.oval:def:39011
The host is installed with Adobe Flash Player before 24.0.0.221, Flash Player plugin in IE 11, IE 10 or Microsoft Edge and is prone to a heap buffer overflow vulnerability. A flaw is present in the applications, which fail to handle unspecified vectors. An attacker who successfully exploited the vul ...

oval:org.secpod.oval:def:39012
The host is installed with Adobe Flash Player before 24.0.0.221, Flash Player plugin in IE 11, IE 10 or Microsoft Edge and is prone to an use-after-free vulnerability. A flaw is present in the applications, which fail to handle unspecified vectors. An attacker who successfully exploited the vulnerab ...

oval:org.secpod.oval:def:39013
The host is installed with Adobe Flash Player before 24.0.0.221, Flash Player plugin in IE 11, IE 10 or Microsoft Edge and is prone to an use-after-free vulnerability. A flaw is present in the applications, which fail to handle unspecified vectors. An attacker who successfully exploited the vulnerab ...

oval:org.secpod.oval:def:39005
The host is installed with Adobe Flash Player before 24.0.0.221, Flash Player plugin in IE 11, IE 10 or Microsoft Edge and is prone to a memory corruption vulnerability. A flaw is present in the applications, which fail to handle unspecified vectors. An attacker who successfully exploited the vulner ...

oval:org.secpod.oval:def:39006
The host is installed with Adobe Flash Player before 24.0.0.221, Flash Player plugin in IE 11, IE 10 or Microsoft Edge and is prone to a memory corruption vulnerability. A flaw is present in the applications, which fail to handle unspecified vectors. An attacker who successfully exploited the vulner ...

oval:org.secpod.oval:def:39007
The host is installed with Adobe Flash Player before 24.0.0.221, Flash Player plugin in IE 11, IE 10 or Microsoft Edge and is prone to a memory corruption vulnerability. A flaw is present in the applications, which fail to handle unspecified vectors. An attacker who successfully exploited the vulner ...

oval:org.secpod.oval:def:39008
The host is installed with Adobe Flash Player before 24.0.0.221, Flash Player plugin in IE 11, IE 10 or Microsoft Edge and is prone to a memory corruption vulnerability. A flaw is present in the applications, which fail to handle unspecified vectors. An attacker who successfully exploited the vulner ...

oval:org.secpod.oval:def:39009
The host is installed with Adobe Flash Player before 24.0.0.221, Flash Player plugin in IE 11, IE 10 or Microsoft Edge and is prone to a heap buffer overflow vulnerability. A flaw is present in the applications, which fail to handle unspecified vectors. An attacker who successfully exploited the vul ...

oval:org.secpod.oval:def:38630
The host is installed with Adobe Flash Player before 24.0.0.194 or Flash Player plugin in IE10, IE 11 or Microsoft Edge and is prone to an use-after-free vulnerability. A flaw is present in the applications, which fail to handle unspecified vectors. An attacker who successfully exploited the vulnera ...

oval:org.secpod.oval:def:38631
The host is installed with Adobe Flash Player before 24.0.0.194 or Flash Player plugin in IE10, IE 11 or Microsoft Edge and is prone to an use-after-free vulnerability. A flaw is present in the applications, which fail to handle unspecified vectors. An attacker who successfully exploited the vulnera ...

oval:org.secpod.oval:def:38634
The host is missing an important update according to Microsoft bulletin, MS17-003. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to properly handle unknown vectors. Successful exploitation allows remote attackers to cause code execution ...

oval:org.secpod.oval:def:38626
The host is installed with Adobe Flash Player before 24.0.0.194 or Flash Player plugin in IE10, IE 11 or Microsoft Edge and is prone to an use-after-free vulnerability. A flaw is present in the applications, which fail to handle unspecified vectors. An attacker who successfully exploited the vulnera ...

oval:org.secpod.oval:def:38627
The host is installed with Adobe Flash Player before 24.0.0.194 or Flash Player plugin in IE10, IE 11 or Microsoft Edge and is prone to a heap buffer overflow vulnerability. A flaw is present in the applications, which fail to handle unspecified vectors. An attacker who successfully exploited the vu ...

oval:org.secpod.oval:def:38628
The host is installed with Adobe Flash Player before 24.0.0.194 or Flash Player plugin in IE10, IE 11 or Microsoft Edge and is prone to a heap buffer overflow vulnerability. A flaw is present in the applications, which fail to handle unspecified vectors. An attacker who successfully exploited the vu ...

oval:org.secpod.oval:def:38629
The host is installed with Adobe Flash Player before 24.0.0.194 or Flash Player plugin in IE10, IE 11 or Microsoft Edge and is prone to an use-after-free vulnerability. A flaw is present in the applications, which fail to handle unspecified vectors. An attacker who successfully exploited the vulnera ...

oval:org.secpod.oval:def:38620
The host is installed with Adobe Flash Player before 24.0.0.194 or Flash Player plugin in IE10, IE 11 or Microsoft Edge and is prone to a memory corruption vulnerability. A flaw is present in the applications, which fail to handle unspecified vectors. An attacker who successfully exploited the vulne ...

oval:org.secpod.oval:def:38621
The host is installed with Adobe Flash Player before 24.0.0.194 or Flash Player plugin in IE10, IE 11 or Microsoft Edge and is prone to a memory corruption vulnerability. A flaw is present in the applications, which fail to handle unspecified vectors. An attacker who successfully exploited the vulne ...

oval:org.secpod.oval:def:38622
The host is installed with Adobe Flash Player before 24.0.0.194 or Flash Player plugin in IE10, IE 11 or Microsoft Edge and is prone to a heap buffer overflow vulnerability. A flaw is present in the applications, which fail to handle unspecified vectors. An attacker who successfully exploited the vu ...

oval:org.secpod.oval:def:38623
The host is installed with Adobe Flash Player before 24.0.0.194 or Flash Player plugin in IE10, IE 11 or Microsoft Edge and is prone to a memory corruption vulnerability. A flaw is present in the applications, which fail to handle unspecified vectors. An attacker who successfully exploited the vulne ...

oval:org.secpod.oval:def:38624
The host is installed with Adobe Flash Player before 24.0.0.194 or Flash Player plugin in IE10, IE 11 or Microsoft Edge and is prone to a memory corruption vulnerability. A flaw is present in the applications, which fail to handle unspecified vectors. An attacker who successfully exploited the vulne ...

oval:org.secpod.oval:def:38625
The host is installed with Adobe Flash Player before 24.0.0.194 or Flash Player plugin in IE10, IE 11 or Microsoft Edge and is prone to a memory corruption vulnerability. A flaw is present in the applications, which fail to handle unspecified vectors. An attacker who successfully exploited the vulne ...

oval:org.secpod.oval:def:38618
The host is installed with Microsoft Edge and is prone to an elevation of privilege vulnerability. A flaw is present in the application, which improperly enforces cross-domain policies with about:blank. Successful exploitation could allow attackers to access information from one domain and inject it ...

oval:org.secpod.oval:def:38619
The host is missing an important security update according to Microsoft bulletin, MS17-001. The update is required to fix an elevation of privilege vulnerability. A flaw is present in the application, which improperly enforces cross-domain policies with about:blank. Successful exploitation could all ...

oval:org.secpod.oval:def:39114
The host is installed with Microsoft Windows Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Windows 8.1, Server 2012, Server 2012 R2, Server 2016, or Windows 10 and is prone to an information disclosure vulnerability. A flaw is present in the windows GDI, which fails to handle a craf ...

oval:org.secpod.oval:def:39115
The host is installed with Internet Explorer 10, 11 or edge and is prone to a type confusion vulnerability. A flaw is present in the applications, which fails to properly handle a malicious website. Successful exploitation could allow attackers to execute arbitrary code on the target machine.

oval:org.secpod.oval:def:39118
The host is installed with Microsoft Windows 10, Windows 8.1, Windows Server 2016 and Windows Server 2012 R2 and is prone to a denial of service vulnerability. A flaw is present in the SMB2 TREE_CONNECT Response structure, which fails to properly handle a specially-crafted server response that conta ...

oval:org.secpod.oval:def:39293
The host is installed with Adobe Flash Player before 25.0.0.127, Flash Player plugin in IE 11, IE 10 or Microsoft Edge and is prone to a buffer overflow vulnerability. A flaw is present in the applications, which fail to handle unspecified vectors. An attacker who successfully exploited the vulnerab ...

oval:org.secpod.oval:def:39294
The host is installed with Adobe Flash Player before 25.0.0.127, Flash Player plugin in IE 11, IE 10 or Microsoft Edge and is prone to a memory corruption vulnerability. A flaw is present in the applications, which fail to handle unspecified vectors. An attacker who successfully exploited the vulner ...

oval:org.secpod.oval:def:39295
The host is installed with Adobe Flash Player before 25.0.0.127, Flash Player plugin in IE 11, IE 10 or Microsoft Edge and is prone to a memory corruption vulnerability. A flaw is present in the applications, which fail to handle unspecified vectors. An attacker who successfully exploited the vulner ...

oval:org.secpod.oval:def:39296
The host is installed with Adobe Flash Player before 25.0.0.127, Flash Player plugin in IE 11, IE 10 or Microsoft Edge and is prone to a random number generator vulnerability. A flaw is present in the applications, which fail to handle unspecified vectors. An attacker who successfully exploited the ...

oval:org.secpod.oval:def:39297
The host is installed with Adobe Flash Player before 25.0.0.127, Flash Player plugin in IE 11, IE 10 or Microsoft Edge and is prone to an use-after-free vulnerability. A flaw is present in the applications, which fail to handle unspecified vectors. An attacker who successfully exploited the vulnerab ...

oval:org.secpod.oval:def:39298
The host is installed with Adobe Flash Player before 25.0.0.127, Flash Player plugin in IE 11, IE 10 or Microsoft Edge and is prone to an use-after-free vulnerability. A flaw is present in the applications, which fail to handle unspecified vectors. An attacker who successfully exploited the vulnerab ...

oval:org.secpod.oval:def:39299
The host is installed with Adobe Flash Player before 25.0.0.127, Flash Player plugin in IE 11, IE 10 or Microsoft Edge and is prone to an use-after-free vulnerability. A flaw is present in the applications, which fail to handle unspecified vectors. An attacker who successfully exploited the vulnerab ...

oval:org.secpod.oval:def:39308
The host is installed with Microsoft XML Core Services 3.0 in Microsoft Windows Server 2012, Windows server2012 R2, Vista SP2, Server 2008 SP2, Windows 7 SP1, Server 2008 R2 SP1, Server 2016, Windows 10 or Windows 8.1 and is prone to an information Disclosure vulnerability. A flaw is present in the ...

oval:org.secpod.oval:def:39309
The host is missing a critical security update according to Microsoft security bulletin, MS17-022. The update is required to fix an information disclosure vulnerability. A flaw is present in the application, which fails to properly handle objects in memory. Successful exploitation could allow attack ...

oval:org.secpod.oval:def:39301
The host is missing an important update according to Microsoft bulletin, MS17-023. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to properly handle unknown vectors. Successful exploitation allows remote attackers to cause code execution ...

oval:org.secpod.oval:def:39306
An elevation of privilege vulnerability exists when Microsoft IIS Server fails to properly sanitize a specially crafted request. An attacker who successfully exploited this vulnerability could then perform cross-site scripting attacks on affected systems and run script in the security context of the ...

oval:org.secpod.oval:def:39307
The host is missing an important security update according to Microsoft security bulletin, MS17-016. The update is required to fix an XSS elevation of privilege vulnerability. The flaws are present in the application, which fails to handle crafted data. Successful exploitation could allow attackers ...

oval:org.secpod.oval:def:39410
A remote code execution vulnerability exists due to the way the Windows Graphics Component handles objects in memory. An attacker who successfully exploited the vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create n ...

oval:org.secpod.oval:def:39411
The host is missing an critical security update according to Microsoft bulletin, MS17-013. The update is required to fix multiple vulnerabilities. The flaws are present in the applications, which improperly handles GDI components. An attacker who successfully exploited these vulnerabilities could ex ...

oval:org.secpod.oval:def:39412
The host is installed with Microsoft Edge and is prone to a memory corruption vulnerability. A flaw is present in the Microsoft Windows PDF Library, which improperly handles objects in memory. Successful exploitation could allow attackers execute arbitrary code in the context of the current user.

oval:org.secpod.oval:def:39413
The host is missing a critical security update according to Microsoft bulletin, MS17-006. The update is required to fix multiple vulnerabilities. The flaws are present in application, which improperly handles objects in memory in Internet Explorer. Successful exploitation could allow attackers to ex ...

oval:org.secpod.oval:def:39414
The host is missing a critical security update according to Microsoft bulletin, MS17-007. The update is required to fix multiple vulnerabilities. The flaws are present in application, which improperly handles objects in memory. Successful exploitation could allow attackers to execute arbitrary code ...

oval:org.secpod.oval:def:39415
The host is missing a critical security update according to Microsoft security bulletin, MS17-009. The update is required to fix a memory corruption vulnerability. A flaw is present in the Microsoft Windows PDF Library, which fails to properly handle objects in memory. Successful exploitation could ...

oval:org.secpod.oval:def:39416
A security feature bypass exists when Device Guard does not properly validate certain elements of a signed PowerShell script. An attacker who successfully exploited this vulnerability could modify the contents of a PowerShell script without invalidating the signature associated with the file. Becaus ...

oval:org.secpod.oval:def:39417
An information disclosure vulnerability exists when Windows dnsclient fails to properly handle requests. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user's system.There are multiple ways an attacker could exploit the vulnerability; If t ...

oval:org.secpod.oval:def:39409
Multiple information disclosure vulnerabilities exist in the way that the Color Management Module (ICM32.dll) handles objects in memory. These vulnerabilities allow an attacker to retrieve information to bypassusermode ASLR (Address Space Layout Randomization) on a targeted system. By itself, the in ...

oval:org.secpod.oval:def:39400
An elevation of privilege vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete da ...

oval:org.secpod.oval:def:39401
An elevation of privilege vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete da ...

oval:org.secpod.oval:def:39402
An elevation of privilege vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete da ...

oval:org.secpod.oval:def:39403
An elevation of privilege vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete da ...

oval:org.secpod.oval:def:39404
An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory, allowing an attacker to retrieve information from a targeted system. By itself, the information disclosure does not allow arbitrary code execution; however, it could ...

oval:org.secpod.oval:def:39405
An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory, allowing an attacker to retrieve information from a targeted system. By itself, the information disclosure does not allow arbitrary code execution; however, it could ...

oval:org.secpod.oval:def:39406
An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain informationto further compromise the user's system.There are multiple ways an attacker could exploit th ...

oval:org.secpod.oval:def:39454
The host is installed with Internet Explorer 11 and is prone to an information disclosure vulnerability. A flaw is present in the applications, which improperly handles objects in memory. Successful exploitation could allow attackers to detect specific files on the user's computer.

oval:org.secpod.oval:def:39455
The host is installed with Internet Explorer 9, 10 or 11 and is prone to an information disclosure vulnerability. A flaw is present in the applications, which improperly handles objects in memory. Successful exploitation could allow attackers to obtain information to further compromise a target syst ...

oval:org.secpod.oval:def:39456
The host is installed with Internet Explorer 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the applications, which improperly handles objects in memory. Successful exploitation could allow attackers to execute arbitrary code in the context of the current user.

oval:org.secpod.oval:def:39457
The host is installed with Internet Explorer 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the applications, which improperly handles objects in memory. Successful exploitation could allow attackers to execute arbitrary code in the context of the current user.

oval:org.secpod.oval:def:39458
The host is installed with Internet Explorer 11 and is prone to an elevation of privilege vulnerability. A flaw is present in the applications, which does not properly enforce cross-domain policies. Successful exploitation could allow attackers to access information from one domain and inject it int ...

oval:org.secpod.oval:def:39459
The host is installed with Internet Explorer 9, 10 or 11 and is prone to an information disclosure vulnerability. A flaw is present in the Internet Messaging API, which fails to properly handle objects in memory. Successful exploitation could allow the attackers to obtain information to further comp ...

oval:org.secpod.oval:def:39450
The host is installed with Internet Explorer 11 or Microsoft Edge and is prone to a spoofing vulnerability. A flaw is present in the applications, which does not properly parse HTTP responses. Successful exploitation could allow attackers to spoof content or be used as a pivot to chain an attack wit ...

oval:org.secpod.oval:def:39451
The host is installed with Internet Explorer 11 or Microsoft Edge and is prone to a spoofing vulnerability. A flaw is present in the applications, which does not properly parse HTTP responses. Successful exploitation could allow attackers to spoof content or be used as a pivot to chain an attack wit ...

oval:org.secpod.oval:def:39452
The host is installed with Internet Explorer 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the applications, which improperly handles objects in memory. Successful exploitation could allow attackers to execute arbitrary code in the context of the current user.

oval:org.secpod.oval:def:39453
The host is installed with Internet Explorer 9, 10 or 11 and is prone to a memory corruption vulnerability. A flaw is present in the applications, which improperly handles objects in memory. Successful exploitation could allow attackers to execute arbitrary code in the context of the current user.

oval:org.secpod.oval:def:39444
The host is installed with Microsoft Edge and is prone to a memory corruption vulnerability. A flaw is present in the applications, which improperly handles objects in memory. Successful exploitation could allow attackers to execute arbitrary code in the context of the current user.

oval:org.secpod.oval:def:39445
The host is installed with Microsoft Edge and is prone to a memory corruption vulnerability. A flaw is present in the applications, which improperly handles objects in memory. Successful exploitation could allow attackers to execute arbitrary code in the context of the current user.

oval:org.secpod.oval:def:39448
The host is installed with Microsoft Edge and is prone to a spoofing vulnerability. A flaw is present in the applications, which does not properly parse HTTP responses. Successful exploitation could allow attackers to redirect to a specially crafted website.

oval:org.secpod.oval:def:39449
The host is installed with Internet Explorer 9, 10, 11 or Microsoft Edge and is prone to an information disclosure vulnerability. A flaw is present in the applications, which improperly handles objects in memory. Successful exploitation could allow attackers to obtain information to further compromi ...

oval:org.secpod.oval:def:39440
The host is installed with Microsoft Edge and is prone to a memory corruption vulnerability. A flaw is present in the applications, which improperly handles objects in memory. Successful exploitation could allow attackers to execute arbitrary code in the context of the current user.

oval:org.secpod.oval:def:39441
The host is installed with Microsoft Edge and is prone to a memory corruption vulnerability. A flaw is present in the applications, which improperly handles objects in memory. Successful exploitation could allow attackers to execute arbitrary code in the context of the current user.

oval:org.secpod.oval:def:39433
The host is installed with Microsoft Edge and is prone to a memory corruption vulnerability. A flaw is present in the applications, which improperly handles objects in memory. Successful exploitation could allow attackers to execute arbitrary code in the context of the current user.

oval:org.secpod.oval:def:39434
The host is installed with Microsoft Edge and is prone to a memory corruption vulnerability. A flaw is present in the applications, which improperly handles objects in memory. Successful exploitation could allow attackers to execute arbitrary code in the context of the current user.

oval:org.secpod.oval:def:39435
The host is installed with Microsoft Edge and is prone to a memory corruption vulnerability. A flaw is present in the applications, which improperly handles objects in memory. Successful exploitation could allow attackers to execute arbitrary code in the context of the current user.

oval:org.secpod.oval:def:39437
The host is installed with Microsoft Edge and is prone to a memory corruption vulnerability. A flaw is present in the applications, which improperly handles objects in memory. Successful exploitation could allow attackers to execute arbitrary code in the context of the current user.

oval:org.secpod.oval:def:39439
The host is installed with Microsoft Edge and is prone to a memory corruption vulnerability. A flaw is present in the applications, which improperly handles objects in memory. Successful exploitation could allow attackers to execute arbitrary code in the context of the current user.

oval:org.secpod.oval:def:39430
The host is installed with Microsoft Edge and is prone to a memory corruption vulnerability. A flaw is present in the applications, which improperly handles objects in memory. Successful exploitation could allow attackers to execute arbitrary code in the context of the current user.

oval:org.secpod.oval:def:39431
The host is installed with Microsoft Edge and is prone to a memory corruption vulnerability. A flaw is present in the applications, which improperly handles objects in memory. Successful exploitation could allow attackers to execute arbitrary code in the context of the current user.

oval:org.secpod.oval:def:39429
The host is installed with Microsoft Edge and is prone to a memory corruption vulnerability. A flaw is present in the applications, which improperly handles objects in memory. Successful exploitation could allow attackers to execute arbitrary code in the context of the current user.

oval:org.secpod.oval:def:39421
The host is missing a critical security update according to Microsoft security bulletin, MS17-012. The update is required to fix a remote code execution vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to execute a ...

oval:org.secpod.oval:def:39422
The host is installed with Microsoft Edge and is prone to a memory corruption vulnerability. A flaw is present in the applications, which improperly handles objects in memory. Successful exploitation could allow attackers to execute arbitrary code in the context of the current user.

oval:org.secpod.oval:def:39423
The host is installed with Microsoft Edge and is prone to an information disclosure vulnerability. A flaw is present in the applications, which improperly handles objects in memory. Successful exploitation could allow attackers to obtain information to further compromise a target system.

oval:org.secpod.oval:def:39424
The host is installed with Microsoft Edge and is prone to an information disclosure vulnerability. A flaw is present in the applications, which improperly handles objects in memory. Successful exploitation could allow attackers to obtain information to further compromise a target system.

oval:org.secpod.oval:def:39425
The host is installed with Microsoft Edge and is prone to an information disclosure vulnerability. A flaw is present in the applications, which improperly handles objects in memory. Successful exploitation could allow attackers to obtain information to further compromise a target system.

oval:org.secpod.oval:def:39426
The host is installed with Microsoft Edge and is prone to an information disclosure vulnerability. A flaw is present in the applications, which improperly handles objects in memory. Successful exploitation could allow attackers to obtain information to further compromise a target system.

oval:org.secpod.oval:def:39428
The host is installed with Microsoft Edge and is prone to a memory corruption vulnerability. A flaw is present in the applications, which improperly handles objects in memory. Successful exploitation could allow attackers to execute arbitrary code in the context of the current user.

oval:org.secpod.oval:def:39420
An elevation of privilege exists in Windows when a DCOM object in Helppane.exe configured to run as the interactive user fails to properly authenticate the client. An attacker who successfully exploited the vulnerability could run arbitrary code in another user's session.

oval:org.secpod.oval:def:39779
An elevation of privilege vulnerability exists in Windows when the Microsoft Graphics Component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or del ...

oval:org.secpod.oval:def:39784
The host is installed with Adobe Flash Player before 25.0.0.148, Flash Player plugin in IE 11, IE 10 or Microsoft Edge and is prone to a memory corruption vulnerability. A flaw is present in the applications, which fail to handle unspecified vectors. An attacker who successfully exploited the vulner ...

oval:org.secpod.oval:def:39780
A remote code execution vulnerability exists in the way that the VBScript engine, when rendered in Internet Explorer, handles objects in memory. In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit this vulnerability through Internet Explorer ...

oval:org.secpod.oval:def:39781
A Win32k information disclosure vulnerability exists when the win32k component improperly provides kernel information. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system.To exploit this vulnerability, an attacker would have to log ...

oval:org.secpod.oval:def:39782
A Win32k information disclosure vulnerability exists when the win32k component improperly provides kernel information. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system.To exploit this vulnerability, an attacker would have to log ...

oval:org.secpod.oval:def:39783
An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delet ...

oval:org.secpod.oval:def:39377
A remote code execution vulnerability exists due to the way Windows Uniscribe handles objects in memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts ...

oval:org.secpod.oval:def:39378
The host is missing a critical security update according to Microsoft security bulletin, MS17-011. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to execute arbitrary ...

oval:org.secpod.oval:def:39366
An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delet ...

oval:org.secpod.oval:def:39368
An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delet ...

oval:org.secpod.oval:def:39369
An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delet ...

oval:org.secpod.oval:def:39362
An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delet ...

oval:org.secpod.oval:def:39364
An elevation of privilege vulnerability exists when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or ...

oval:org.secpod.oval:def:39365
The host is missing an important security update according to Microsoft security bulletin, MS17-018. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted application. Successful exploitation could allow attackers to take comp ...

oval:org.secpod.oval:def:39356
An elevation of privilege vulnerability exists in the way that the Windows Kernel API enforces permissions. An attacker who successfully exploited the vulnerability could run processes in an elevated context. To exploit the vulnerability, a locally authenticated attacker could run a specially crafte ...

oval:org.secpod.oval:def:39357
An elevation of privilege vulnerability exists when Windows fails to check the length of a buffer prior to copying memory to it. An attacker who successfully exploited the vulnerability could gain elevated privileges on a targeted system. To exploit the vulnerability, an attacker would first need ac ...

oval:org.secpod.oval:def:39358
The host is missing an important security update according to Microsoft security bulletin, MS17-017. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted application. Successful exploitation could allow attackers to escalate ...

oval:org.secpod.oval:def:39399
An information disclosure vulnerability exists when Windows Uniscribe improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit the vulne ...

oval:org.secpod.oval:def:39398
An information disclosure vulnerability exists when Windows Uniscribe improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user's system. There are multiple ways an attacker could exploit the vuln ...

oval:org.secpod.oval:def:39322
The host is missing an important security update according to Microsoft security bulletin, MS17-021. The update is required to fix an information disclosure vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to discl ...

oval:org.secpod.oval:def:39321
An information disclosure vulnerability exists in the way Windows DirectShow handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise a target system.In a web-based attack scenario, an attacker could host a website used to att ...

oval:org.secpod.oval:def:39312
Remote code execution vulnerabilities exist in the way that the Microsoft Server Message Block 1.0 (SMBv1) server handles certain requests. An attacker who successfully exploited the vulnerabilities could gain the ability to execute code on the target server.To exploit the vulnerability, in most sit ...

oval:org.secpod.oval:def:39313
Remote code execution vulnerabilities exist in the way that the Microsoft Server Message Block 1.0 (SMBv1) server handles certain requests. An attacker who successfully exploited the vulnerabilities could gain the ability to execute code on the target server.To exploit the vulnerability, in most sit ...

oval:org.secpod.oval:def:39314
Remote code execution vulnerabilities exist in the way that the Microsoft Server Message Block 1.0 (SMBv1) server handles certain requests. An attacker who successfully exploited the vulnerabilities could gain the ability to execute code on the target server.To exploit the vulnerability, in most sit ...

oval:org.secpod.oval:def:39315
Remote code execution vulnerabilities exist in the way that the Microsoft Server Message Block 1.0 (SMBv1) server handles certain requests. An attacker who successfully exploited the vulnerabilities could gain the ability to execute code on the target server.To exploit the vulnerability, in most sit ...

oval:org.secpod.oval:def:39316
An information disclosure vulnerability exists in the way that the Microsoft Server Message Block 1.0 (SMBv1) server handles certain requests. An attacker who successfully exploited this vulnerability could craft a special packet, which could lead to information disclosure from the server. To exploi ...

oval:org.secpod.oval:def:39317
Remote code execution vulnerabilities exist in the way that the Microsoft Server Message Block 1.0 (SMBv1) server handles certain requests. An attacker who successfully exploited the vulnerabilities could gain the ability to execute code on the target server.To exploit the vulnerability, in most sit ...

oval:org.secpod.oval:def:39318
The host is missing a critical security update according to Microsoft security bulletin, MS17-010. The update is required to fix multiple vulnerabilities. The flaws are present in the applications, which fails to handle crafted data. Successful exploitation could allow attackers to gain the ability ...

oval:org.secpod.oval:def:40487
The host is installed with Microsoft Edge and is prone to a memory corruption vulnerability. A flaw is present in the application, which improperly handles objects in memory. Successful exploitation could allow attackers to execute arbitrary code in the context of the current user.

oval:org.secpod.oval:def:40485
The host is installed with Microsoft Edge and is prone to a memory corruption vulnerability. A flaw is present in the application, which improperly handles objects in memory. Successful exploitation could allow attackers to execute arbitrary code in the context of the current user.

oval:org.secpod.oval:def:40486
The host is installed with Microsoft Edge and is prone to a memory corruption vulnerability. A flaw is present in the application, which improperly handles objects in memory. Successful exploitation could allow attackers to execute arbitrary code in the context of the current user.

oval:org.secpod.oval:def:40443
An information disclosure vulnerability exists in the way that the Microsoft Server Message Block 1.0 (SMBv1) server handles certain requests. An attacker who successfully exploited this vulnerability could craft a special packet, which could lead to information disclosure from the server. To exploi ...

oval:org.secpod.oval:def:40444
An information disclosure vulnerability exists in the way that the Microsoft Server Message Block 1.0 (SMBv1) server handles certain requests. An attacker who successfully exploited this vulnerability could craft a special packet, which could lead to information disclosure from the server. To exploi ...

oval:org.secpod.oval:def:40441
An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory.An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system.An authenticated attacker could exploit this vulnerability by runn ...

oval:org.secpod.oval:def:40442
An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delet ...

oval:org.secpod.oval:def:40447
An information disclosure vulnerability exists in the way that the Microsoft Server Message Block 1.0 (SMBv1) server handles certain requests. An attacker who successfully exploited this vulnerability could craft a special packet, which could lead to information disclosure from the server. To exploi ...

oval:org.secpod.oval:def:40448
A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 1.0 (SMBv1) server handles certain requests. An attacker who successfully exploited the vulnerability could gain the ability to execute code on the target server.To exploit the vulnerability, in most situ ...

oval:org.secpod.oval:def:40445
A denial of service vulnerability exists in the Microsoft Server Block Message (SMB) when an attacker sends specially crafted requests to the server. An attacker who exploited this vulnerability could cause the affected system to stop responding until it is manually restarted. To attempt to exploit ...

oval:org.secpod.oval:def:40446
An information disclosure vulnerability exists in the way that the Microsoft Server Message Block 1.0 (SMBv1) server handles certain requests. An attacker who successfully exploited this vulnerability could craft a special packet, which could lead to information disclosure from the server. To exploi ...

oval:org.secpod.oval:def:40449
A denial of service vulnerability exists in the Microsoft Server Block Message (SMB) when an attacker sends specially crafted requests to the server. An attacker who exploited this vulnerability could cause the affected system to stop responding until it is manually restarted. To attempt to exploit ...

oval:org.secpod.oval:def:40450
An information disclosure vulnerability exists in the way that the Microsoft Server Message Block 1.0 (SMBv1) server handles certain requests. An attacker who successfully exploited this vulnerability could craft a special packet, which could lead to information disclosure from the server. To exploi ...

oval:org.secpod.oval:def:40451
An information disclosure vulnerability exists in the way that the Microsoft Server Message Block 1.0 (SMBv1) server handles certain requests. An attacker who successfully exploited this vulnerability could craft a special packet, which could lead to information disclosure from the server. To exploi ...

oval:org.secpod.oval:def:40454
A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 1.0 (SMBv1) server handles certain requests. An attacker who successfully exploited the vulnerability could gain the ability to execute code on the target server.To exploit the vulnerability, in most situ ...

oval:org.secpod.oval:def:40455
A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 1.0 (SMBv1) server handles certain requests. An attacker who successfully exploited the vulnerability could gain the ability to execute code on the target server.To exploit the vulnerability, in most situ ...

oval:org.secpod.oval:def:40452
An information disclosure vulnerability exists in the way that the Microsoft Server Message Block 1.0 (SMBv1) server handles certain requests. An attacker who successfully exploited this vulnerability could craft a special packet, which could lead to information disclosure from the server. To exploi ...

oval:org.secpod.oval:def:40453
A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 1.0 (SMBv1) server handles certain requests. An attacker who successfully exploited the vulnerability could gain the ability to execute code on the target server.To exploit the vulnerability, in most situ ...

oval:org.secpod.oval:def:40458
The host is installed with Adobe Flash Player before 25.0.0.171 or flash plugin for IE10, IE 11 or Microsoft Edge and is prone to a memory corruption vulnerability. A flaw is present in the applications, which fail to handle unspecified vectors. Successful exploitation could lead to code execution.

oval:org.secpod.oval:def:40459
The host is installed with Adobe Flash Player before 25.0.0.171 or flash plugin for IE10, IE 11 or Microsoft Edge and is prone to a memory corruption vulnerability. A flaw is present in the applications, which fail to handle unspecified vectors. Successful exploitation could lead to code execution.

oval:org.secpod.oval:def:40456
A denial of service vulnerability exists in the Microsoft Server Block Message (SMB) when an attacker sends specially crafted requests to the server. An attacker who exploited this vulnerability could cause the affected system to stop responding until it is manually restarted. To attempt to exploit ...

oval:org.secpod.oval:def:40457
The host is installed with Adobe Flash Player before 25.0.0.171 or flash plugin for IE10, IE 11 or Microsoft Edge and is prone to a memory corruption vulnerability. A flaw is present in the applications, which fail to handle unspecified vectors. Successful exploitation could lead to code execution.

oval:org.secpod.oval:def:40461
The host is installed with Adobe Flash Player before 25.0.0.171 or flash plugin for IE10, IE 11 or Microsoft Edge and is prone to a memory corruption vulnerability. A flaw is present in the applications, which fail to handle unspecified vectors. Successful exploitation could lead to code execution.

oval:org.secpod.oval:def:40462
The host is installed with Adobe Flash Player before 25.0.0.171 or flash plugin for IE10, IE 11 or Microsoft Edge and is prone to a memory corruption vulnerability. A flaw is present in the applications, which fail to handle unspecified vectors. Successful exploitation could lead to code execution.

oval:org.secpod.oval:def:40460
The host is installed with Adobe Flash Player before 25.0.0.171 or flash plugin for IE10, IE 11 or Microsoft Edge and is prone to an use-after-free vulnerability. A flaw is present in the applications, which fail to handle unspecified vectors. Successful exploitation could lead to code execution.

oval:org.secpod.oval:def:40465
The host is missing a critical security update KB4020821. This security update resolves vulnerabilities in Microsoft IE10, IE11 and Edge that could allow remote code execution.

oval:org.secpod.oval:def:40463
The host is installed with Adobe Flash Player before 25.0.0.171 or flash plugin for IE10, IE 11 or Microsoft Edge and is prone to a memory corruption vulnerability. A flaw is present in the applications, which fail to handle unspecified vectors. Successful exploitation could lead to code execution.

oval:org.secpod.oval:def:40471
The host is installed with .NET Framework 2.0 SP2, 3.5.1, 4.5.2, 4.6, 4.7, 4.6.1 or 4.6.2 and is prone to a security feature bypass vulnerability. A flaw is present in the application, which fails to properly validate certificates. Successful exploitation allows attackers to present a certificate th ...

oval:org.secpod.oval:def:40476
The host is installed with Internet Explorer 9, 10, 11 or Microsoft Edge and is prone to a memory corruption vulnerability. A flaw is present in the applications, which improperly handles objects in memory. Successful exploitation could allow attackers to execute arbitrary code in the context of the ...

oval:org.secpod.oval:def:40479
The host is installed with Microsoft Edge and is prone to a memory corruption vulnerability. A flaw is present in the application, which improperly handles objects in memory. Successful exploitation could allow attackers to execute arbitrary code in the context of the current user.

oval:org.secpod.oval:def:40480
The host is installed with Microsoft Edge and is prone to a memory corruption vulnerability. A flaw is present in the application, which improperly handles objects in memory. Successful exploitation could allow attackers to execute arbitrary code in the context of the current user.

oval:org.secpod.oval:def:40483
The host is installed with Microsoft Edge and is prone to a memory corruption vulnerability. A flaw is present in the application, which improperly handles objects in memory. Successful exploitation could allow attackers to execute arbitrary code in the context of the current user.

oval:org.secpod.oval:def:40482
The host is installed with Microsoft Edge and is prone to a memory corruption vulnerability. A flaw is present in the application, which improperly handles objects in memory. Successful exploitation could allow attackers to execute arbitrary code in the context of the current user.

oval:org.secpod.oval:def:40429
An elevation of privilege vulnerability exists when the Windows improperly handles objects in memory. In a local attack scenario, an attacker could exploit this vulnerability by running a specially crafted application to take control over the affected system. An attacker who successfully exploited t ...

oval:org.secpod.oval:def:40432
An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory, allowing an attacker to retrieve information from a targeted system. By itself, the information disclosure does not allow arbitrary code execution; however, it could ...

oval:org.secpod.oval:def:40434
An elevation of privilege exists in Windows COM Aggregate Marshaler. An attacker who successfully exploited the vulnerability could run arbitrary code with elevated privileges.To exploit the vulnerability, an attacker could run a specially crafted application that could exploit the vulnerability. Th ...

oval:org.secpod.oval:def:40435
An elevation of privilege vulnerability exists when Windows fails to properly validate input before loading type libraries. An attacker could use this vulnerability to elevate their privilege level. To exploit this vulnerability an attacker would first need to have access to the local system and hav ...

oval:org.secpod.oval:def:40439
An elevation of privilege vulnerability exists when Windows improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context. On systems with Windows 7 for x64-based Systems or later installed, this vulnerability can lead to d ...

oval:org.secpod.oval:def:40440
An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory.An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system.An authenticated attacker could exploit this vulnerability by runn ...

oval:org.secpod.oval:def:39790
The host is installed with Adobe Flash Player before 25.0.0.148, Flash Player plugin in IE 11, IE 10 or Microsoft Edge and is prone to an use-after-free vulnerability. A flaw is present in the applications, which fail to handle unspecified vectors. An attacker who successfully exploited the vulnerab ...

oval:org.secpod.oval:def:39792
The host is missing a critical security update KB4018483. This security update resolves vulnerabilities in Microsoft IE10, IE11 and Edge that could allow remote code execution.

oval:org.secpod.oval:def:39785
The host is installed with Adobe Flash Player before 25.0.0.148, Flash Player plugin in IE 11, IE 10 or Microsoft Edge and is prone to a memory corruption vulnerability. A flaw is present in the applications, which fail to handle unspecified vectors. An attacker who successfully exploited the vulner ...

oval:org.secpod.oval:def:39786
The host is installed with Adobe Flash Player before 25.0.0.148, Flash Player plugin in IE 11, IE 10 or Microsoft Edge and is prone to a memory corruption vulnerability. A flaw is present in the applications, which fail to handle unspecified vectors. An attacker who successfully exploited the vulner ...

oval:org.secpod.oval:def:39787
The host is installed with Adobe Flash Player before 25.0.0.148, Flash Player plugin in IE 11, IE 10 or Microsoft Edge and is prone to an use-after-free vulnerability. A flaw is present in the applications, which fail to handle unspecified vectors. An attacker who successfully exploited the vulnerab ...

oval:org.secpod.oval:def:39788
The host is installed with Adobe Flash Player before 25.0.0.148, Flash Player plugin in IE 11, IE 10 or Microsoft Edge and is prone to an use-after-free vulnerability. A flaw is present in the applications, which fail to handle unspecified vectors. An attacker who successfully exploited the vulnerab ...

oval:org.secpod.oval:def:39789
The host is installed with Adobe Flash Player before 25.0.0.148, Flash Player plugin in IE 11, IE 10 or Microsoft Edge and is prone to an use-after-free vulnerability. A flaw is present in the applications, which fail to handle unspecified vectors. An attacker who successfully exploited the vulnerab ...

oval:org.secpod.oval:def:39840
A denial of service vulnerability exists in the way that Windows handles objects in memory. An attacker who successfully exploited the vulnerability could cause a target system to stop responding. Note that the denial of service condition would not allow an attacker to execute code or to elevate use ...

oval:org.secpod.oval:def:39841
An information disclosure vulnerability exists in Adobe Type Manager Font Driver (ATMFD.dll) when it fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system.There are multiple ways an attacke ...

oval:org.secpod.oval:def:39842
An elevation of privilege vulnerability exists in Microsoft Windows OLE when it fails an integrity-level check. An attacker who successfully exploited the vulnerability could allow an application with limited privileges on an affected system to execute code at a medium integrity level. The vulnerabi ...

oval:org.secpod.oval:def:39838
An elevation of privilege vulnerability exists when LDAP request buffer lengths are improperly calculated; In a remote attack scenario, an attacker could exploit this vulnerability by running a specially crafted application to send malicious traffic to a Domain Controller. An attacker who successful ...

oval:org.secpod.oval:def:39839
An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. An authenticated attacker could exploit this vulnerability by runnin ...

oval:org.secpod.oval:def:39831
The host is installed with Microsoft Edge and is prone to a security feature bypass vulnerability. A flaw is present in the application, which improperly handles certain specially crafted documents. Successful exploitation could allow attackers to load a web page with malicious content.

oval:org.secpod.oval:def:39833
The host is installed with Microsoft Edge and is prone to an information disclosure vulnerability. A flaw is present in the application, which improperly handles objects in memory. Successful exploitation could allow attackers to obtain information to further compromise the users system.

oval:org.secpod.oval:def:39827
The host is installed with Internet Explorer 11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which improperly handles objects in memory. Successful exploitation could allow attackers to execute arbitrary code in the context of the current user.

oval:org.secpod.oval:def:39828
The host is installed with Internet Explorer 10 or 11 and is prone to an elevation of privilege vulnerability. A flaw is present in the application, which does not properly enforce cross-domain policies. Successful exploitation could allow attackers to access information from one domain and inject i ...

oval:org.secpod.oval:def:40489
The host is installed with Internet Explorer 11 or Microsoft Edge and is prone to a memory corruption vulnerability. A flaw is present in the applications, which improperly handles objects in memory. Successful exploitation could allow attackers to execute arbitrary code in the context of the curren ...

oval:org.secpod.oval:def:40490
The host is installed with Internet Explorer 11 or Microsoft Edge and is prone to a memory corruption vulnerability. A flaw is present in the applications, which improperly handles objects in memory. Successful exploitation could allow attackers to execute arbitrary code in the context of the curren ...

oval:org.secpod.oval:def:40491
The host is installed with Internet Explorer 9, 10, 11 and is prone to a memory corruption vulnerability. A flaw is present in the applications, which improperly handles objects in memory. Successful exploitation could allow attackers to execute arbitrary code in the context of the current user.

oval:org.secpod.oval:def:40492
The host is installed with Internet Explorer 10, 11 and is prone to a memory corruption vulnerability. A flaw is present in the applications, which improperly handles objects in memory. Successful exploitation could allow attackers to execute arbitrary code in the context of the current user.

oval:org.secpod.oval:def:40493
The host is installed with Internet Explorer 10, 11 and is prone to a memory corruption vulnerability. A flaw is present in the applications, which improperly handles objects in memory. Successful exploitation could allow attackers to execute arbitrary code in the context of the current user.

oval:org.secpod.oval:def:40883
An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory.To exploit this vulnerability, an authenticated attacker could run a specially crafted application. An attacker who successfully exploited this vulnerability could obtain information to fu ...

oval:org.secpod.oval:def:40884
An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory.To exploit this vulnerability, an authenticated attacker could run a specially crafted application. An attacker who successfully exploited this vulnerability could obtain information to fu ...

oval:org.secpod.oval:def:40881
An information disclosure vulnerability exists when the Windows kernel fails to properly initialize a memory address, allowing an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (KASLR) bypass.An attacker who successfully exploited this vulnerability c ...

oval:org.secpod.oval:def:40887
An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory.To exploit this vulnerability, an authenticated attacker could run a specially crafted application. An attacker who successfully exploited this vulnerability could obtain information to fu ...

oval:org.secpod.oval:def:40888
An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory.To exploit this vulnerability, an authenticated attacker could run a specially crafted application. An attacker who successfully exploited this vulnerability could obtain information to fu ...

oval:org.secpod.oval:def:40885
An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory.To exploit this vulnerability, an authenticated attacker could run a specially crafted application. An attacker who successfully exploited this vulnerability could obtain information to fu ...

oval:org.secpod.oval:def:40886
An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory.To exploit this vulnerability, an authenticated attacker could run a specially crafted application. An attacker who successfully exploited this vulnerability could obtain information to fu ...

oval:org.secpod.oval:def:40889
An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory.To exploit this vulnerability, an authenticated attacker could run a specially crafted application. An attacker who successfully exploited this vulnerability could obtain information to fu ...

oval:org.secpod.oval:def:40890
An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory.To exploit this vulnerability, an authenticated attacker could run a specially crafted application. An attacker who successfully exploited this vulnerability could obtain information to fu ...

oval:org.secpod.oval:def:40891
An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory.To exploit this vulnerability, an authenticated attacker could run a specially crafted application. An attacker who successfully exploited this vulnerability could obtain information to fu ...

oval:org.secpod.oval:def:40892
An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory.To exploit this vulnerability, an authenticated attacker could run a specially crafted application. An attacker who successfully exploited this vulnerability could obtain information to fu ...

oval:org.secpod.oval:def:40898
A remote code execution vulnerability exists in Microsoft Windows if a user opens a specially craftedPDF file. An attacker who successfully exploited the vulnerability could cause arbitrary code to execute in the context of the current user.To exploit the vulnerability, an attacker must entice the u ...

oval:org.secpod.oval:def:40896
A security feature bypass vulnerability exists in Device Guard that could allow an attacker to inject malicious code into a Windows PowerShell session. An attacker who successfully exploited this vulnerability could inject code into a trusted PowerShell process to bypass the Device Guard Code Integr ...

oval:org.secpod.oval:def:40897
A security feature bypass vulnerability exists in Device Guard that could allow an attacker to inject malicious code into a Windows PowerShell session. An attacker who successfully exploited this vulnerability could inject code into a trusted PowerShell process to bypass the Device Guard Code Integr ...

oval:org.secpod.oval:def:40869
The host is installed with Adobe Flash Player before 26.0.0.126 or flash plugin for IE10, IE 11 or Microsoft Edge and is prone to a memory corruption vulnerability. A flaw is present in the applications, which fail to handle unspecified vectors. Successful exploitation could lead to code execution.

oval:org.secpod.oval:def:40868
The host is installed with Adobe Flash Player before 26.0.0.126 or flash plugin for IE10, IE 11 or Microsoft Edge and is prone to a memory corruption vulnerability. A flaw is present in the applications, which fail to handle unspecified vectors. Successful exploitation could lead to code execution.

oval:org.secpod.oval:def:40872
The host is installed with Adobe Flash Player before 26.0.0.126 or flash plugin for IE10, IE 11 or Microsoft Edge and is prone to a memory corruption vulnerability. A flaw is present in the applications, which fail to handle unspecified vectors. Successful exploitation could lead to code execution.

oval:org.secpod.oval:def:40873
The host is installed with Adobe Flash Player before 26.0.0.126 or flash plugin for IE10, IE 11 or Microsoft Edge and is prone to a memory corruption vulnerability. A flaw is present in the applications, which fail to handle unspecified vectors. Successful exploitation could lead to code execution.

oval:org.secpod.oval:def:40870
The host is installed with Adobe Flash Player before 26.0.0.126 or flash plugin for IE10, IE 11 or Microsoft Edge and is prone to a memory corruption vulnerability. A flaw is present in the applications, which fail to handle unspecified vectors. Successful exploitation could lead to code execution.

oval:org.secpod.oval:def:40871
The host is installed with Adobe Flash Player before 26.0.0.126 or flash plugin for IE10, IE 11 or Microsoft Edge and is prone to an use-after-free vulnerability. A flaw is present in the applications, which fail to handle unspecified vectors. Successful exploitation could lead to code execution.

oval:org.secpod.oval:def:40876
The host is installed with Adobe Flash Player before 26.0.0.126 or flash plugin for IE10, IE 11 or Microsoft Edge and is prone to an use-after-free vulnerability. A flaw is present in the applications, which fail to handle unspecified vectors. Successful exploitation could lead to code execution.

oval:org.secpod.oval:def:40874
The host is installed with Adobe Flash Player before 26.0.0.126 or flash plugin for IE10, IE 11 or Microsoft Edge and is prone to an use-after-free vulnerability. A flaw is present in the applications, which fail to handle unspecified vectors. Successful exploitation could lead to code execution.

oval:org.secpod.oval:def:40875
The host is installed with Adobe Flash Player before 26.0.0.126 or flash plugin for IE10, IE 11 or Microsoft Edge and is prone to an use-after-free vulnerability. A flaw is present in the applications, which fail to handle unspecified vectors. Successful exploitation could lead to code execution.

oval:org.secpod.oval:def:40878
The host is missing a critical security update KB4022730. This security update resolves vulnerabilities in Microsoft IE10, IE11 and Edge that could allow remote code execution.

oval:org.secpod.oval:def:40879
An information disclosure vulnerability exists when the Windows kernel fails to properly initialize a memory address, allowing an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (KASLR) bypass.An attacker who successfully exploited this vulnerability c ...

oval:org.secpod.oval:def:40880
An information disclosure vulnerability exists when the Windows kernel fails to properly initialize a memory address, allowing an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (KASLR) bypass.An attacker who successfully exploited this vulnerability c ...

oval:org.secpod.oval:def:40920
An elevation of privilege vulnerability exists when Windows Secure Kernel Mode fails to properly handle objects in memory.To exploit the vulnerability, a locally-authenticated attacker could attempt to run a specially crafted application on a targeted system. An attacker who successfully exploited t ...

oval:org.secpod.oval:def:40925
A remote code execution vulnerability exists when Microsoft Windows fails to properly handle cabinet files.To exploit the vulnerability, an attacker would have to convince a user to either open a specially crafted cabinet file or spoof a network printer and trick a user into installing a malicious c ...

oval:org.secpod.oval:def:40926
A remote code execution vulnerability exists when Windows Search handles objects in memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full use ...

oval:org.secpod.oval:def:40927
An information disclosure vulnerability exists when Windows Search handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system.To exploit the vulnerability,an attacker could send specially crafted SMB messages to ...

oval:org.secpod.oval:def:40953
A remote code execution vulnerability exists in the way JavaScript engines render when handling objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully ...

oval:org.secpod.oval:def:40951
A security feature bypass vulnerability exists when Microsoft Edge fails to correctly apply Same Origin Policy for HTML elements present in other browser windows. An attacker could use this vulnerability to trick a user into loading a page with malicious content.To exploit this vulnerability, an att ...

oval:org.secpod.oval:def:40952
A security feature bypass vulnerability exists when Microsoft Edge does not properly enforce same-origin policies, which could allow an attacker to access information from origins outside the current one. In a web-based attack scenario, an attacker could trick a user into loading a page with malicio ...

oval:org.secpod.oval:def:40902
An elevation of privilege exists in Windows when a DCOM object in Helppane.exe, configured to run as the interactive user, fails to properly authenticate the client. An attacker who successfully exploited the vulnerability could run arbitrary code in another user's session.To exploit the vulnerabili ...

oval:org.secpod.oval:def:40903
An information disclosure vulnerability exists in Microsoft Windows when a user opens a specially craftedPDF file. An attacker who successfully exploited the vulnerability could read memory in the context of the current user.To exploit the vulnerability, an attacker would have to trick the user into ...

oval:org.secpod.oval:def:40900
An elevation of privilege vulnerability exists when tdx.sys fails to check the length of a buffer prior to copying memory to it.To exploit the vulnerability, in a local attack scenario, an attacker could run a specially crafted application to elevate the attacker's privilege level. An attacker who s ...

oval:org.secpod.oval:def:40901
An elevation of privilege vulnerability exists in the way that the Windows Kernel handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.To exploit the vulnerability, a locally authenticated attacker could run a specially craf ...

oval:org.secpod.oval:def:40906
An elevation of privilege vulnerability exists when Windows improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context.To exploit the vulnerability, an attacker would have to either log on locally to an affected system, ...

oval:org.secpod.oval:def:40907
An elevation of privilege vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context.To exploit the vulnerability, an attacker would have to either log on locally to an affect ...

oval:org.secpod.oval:def:40904
A remote code execution vulnerability exists in Microsoft Windows that could allow remote code execution if a .LNK file is processed.An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rig ...

oval:org.secpod.oval:def:40905
An elevation of privilege vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context.To exploit the vulnerability, an attacker would have to either log on locally to an affect ...

oval:org.secpod.oval:def:40908
An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory.To exploit this vulnerability, an authenticated attacker could run a specially crafted application. An attacker who successfully exploited this vulnerability could obtain information to fu ...

oval:org.secpod.oval:def:40909
An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory.To exploit this vulnerability, an authenticated attacker could run a specially crafted application. An attacker who successfully exploited this vulnerability could obtain information to fu ...

oval:org.secpod.oval:def:40913
An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory.To exploit this vulnerability, an authenticated attacker could run a specially crafted application. An attacker who successfully exploited this vulnerability could obtain information to fu ...

oval:org.secpod.oval:def:40914
An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory.To exploit this vulnerability, an authenticated attacker could run a specially crafted application. An attacker who successfully exploited this vulnerability could obtain information to fu ...

oval:org.secpod.oval:def:40911
An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory.To exploit this vulnerability, an authenticated attacker could run a specially crafted application. An attacker who successfully exploited this vulnerability could obtain information to fu ...

oval:org.secpod.oval:def:40912
An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory.To exploit this vulnerability, an authenticated attacker could run a specially crafted application. An attacker who successfully exploited this vulnerability could obtain information to fu ...

oval:org.secpod.oval:def:40918
An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory.To exploit this vulnerability, an authenticated attacker could run a specially crafted application. An attacker who successfully exploited this vulnerability could obtain information to fu ...

oval:org.secpod.oval:def:40916
An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory.To exploit this vulnerability, an authenticated attacker could run a specially crafted application. An attacker who successfully exploited this vulnerability could obtain information to fu ...

oval:org.secpod.oval:def:40919
A security feature bypass vulnerability exists when Microsoft Windows fails to enforce case sensitivity for certain variable checks, which could allow an attacker to set variables that are either read-only or require authentication.To exploit this vulnerability, an attacker could run a specially cra ...

oval:org.secpod.oval:def:41179
The host is installed with .NET Framework 4.6, 4.7, 4.6.1 or 4.6.2 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to properly handle web requests. Successful exploitation allows attackers to could cause a denial of service against a .NET web appl ...

oval:org.secpod.oval:def:41180
The host is installed with Adobe Flash Player before 26.0.0.137 or flash plugin for IE10, IE 11 or Microsoft Edge and is prone to a security bypass vulnerability. A flaw is present in the applications, which fail to handle unspecified vectors. Successful exploitation could lead to information disclo ...

oval:org.secpod.oval:def:41184
The host is missing a critical security update KB4025376. This security update resolves vulnerabilities in Microsoft IE10, IE11 and Edge that could allow remote code execution.

oval:org.secpod.oval:def:41181
The host is installed with Adobe Flash Player before 26.0.0.137 or flash plugin for IE10, IE 11 or Microsoft Edge and is prone to a memory corruption vulnerability. A flaw is present in the applications, which fail to handle unspecified vectors. Successful exploitation could lead to remote code exec ...

oval:org.secpod.oval:def:41182
The host is installed with Adobe Flash Player before 26.0.0.137 or flash plugin for IE10, IE 11 or Microsoft Edge and is prone to a memory corruption vulnerability. A flaw is present in the applications, which fail to handle unspecified vectors. Successful exploitation could lead to memory address d ...

oval:org.secpod.oval:def:41188
A security feature bypass vulnerability exists when Microsoft Edge fails to correctly apply Same Origin Policy for HTML elements present in other browser windows. An attacker could use this vulnerability to trick a user into loading a page with malicious content.To exploit this vulnerability, an att ...

oval:org.secpod.oval:def:41185
A remote code execution vulnerability exists in the way Microsoft Edge handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain ...

oval:org.secpod.oval:def:41189
A remote code execution vulnerability exists in the way that the Chakra JavaScript engine renders when handling objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. In a web-based a ...

oval:org.secpod.oval:def:41195
A spoofing vulnerability exists when Microsoft Edge does not properly parse HTTP content. An attacker who successfully exploited this vulnerability could trick a user by redirecting the user to a specially crafted website. The specially crafted website could either spoof content or serve as a pivot ...

oval:org.secpod.oval:def:41192
A remote code execution vulnerability exists in the way Microsoft Edge handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain ...

oval:org.secpod.oval:def:41193
A remote code execution vulnerability exists in the way that the Scripting Engine renders when handling objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.In a web-based attack ...

oval:org.secpod.oval:def:41198
An elevation of privilege vulnerability exists in Windows when the Microsoft Graphics Component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or del ...

oval:org.secpod.oval:def:41199
An information disclosure vulnerability exists in Microsoft Windows when Win32k fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system.To exploit the vulnerability, an attacker could create ...

oval:org.secpod.oval:def:41197
A remote code execution vulnerability exists in the way Microsoft Edge handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain ...

oval:org.secpod.oval:def:41147
An information disclosure vulnerability exists when the Windows Graphics component improperly handles objects in memory.An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system.An authenticated attacker could exploit this vulnerability ...

oval:org.secpod.oval:def:41148
An Elevation of Privilege vulnerability exists when the Windows Graphics component improperly initializes contents in memory.An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or cr ...

oval:org.secpod.oval:def:41149
An information disclosure vulnerability exists when DirectX improperly handles objects in memory.An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full ...

oval:org.secpod.oval:def:41165
An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. An authenticated attacker could exploit this vulnerability by runnin ...

oval:org.secpod.oval:def:41175
The host is installed with Microsoft malware protection engine before 1.1.13903.0 for Microsoft Windows Defender or Microsoft Security Essentials and is prone to a remote code execution vulnerability. A flaw is present in the application, which fails to handle a crafted file. Successful exploitation ...

oval:org.secpod.oval:def:41213
An Information Disclosure vulnerability exists when the HTTP.sys server application component improperly handles objects in memory.An attacker who successfully exploited this vulnerability could obtain information to further compromise the HTTP.sys server application system.A remote unauthenticated ...

oval:org.secpod.oval:def:41211
An elevation of privilege vulnerability exists in Windows when the Microsoft Graphics Component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or del ...

oval:org.secpod.oval:def:41212
An elevation of privilege vulnerability exists when Windows improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context.To exploit the vulnerability, an attacker would have to either log on locally to an affected system, ...

oval:org.secpod.oval:def:41217
A remote code execution vulnerability exists when Windows Search handles objects in memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full use ...

oval:org.secpod.oval:def:41218
An elevation of privilege vulnerability exists when the Windows Common Log File System (CLFS) driver improperly handles objects in memory.In a local attack scenario, an attacker could exploit this vulnerability by running a specially crafted application to take control of the affected system. An att ...

oval:org.secpod.oval:def:41216
A remote code execution vulnerability exists in the way that Microsoft WordPad parses specially crafted files.Exploitation of this vulnerability requires that a user open a specially crafted file with an affected version of Microsoft WordPad. In an email attack scenario, an attacker could exploit th ...

oval:org.secpod.oval:def:41202
An elevation of privilege vulnerability exists in the way that the Windows Kernel handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.To exploit the vulnerability, a locally authenticated attacker could run a specially craf ...

oval:org.secpod.oval:def:41203
An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (ALPC).An attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the local system. An attacker could then install programs; view, ...

oval:org.secpod.oval:def:41200
A security feature bypass vulnerability exists in Microsoft Windows when Kerberos fails to prevent tampering with the SNAME field during ticket exchange. An attacker who successfully exploited this vulnerability could use it to bypass Extended Protection for Authentication.To exploit this vulnerabil ...

oval:org.secpod.oval:def:41201
An elevation of privilege vulnerability exists in Windows when the Microsoft Graphics Component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or del ...

oval:org.secpod.oval:def:41207
An elevation of privilege vulnerability exists in Windows when the Microsoft Graphics Component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or del ...

oval:org.secpod.oval:def:41204
An elevation of privilege vulnerability exists in Microsoft Windows when Kerberos falls back to NT LAN Manager (NTLM) Authentication Protocol as the default authentication protocol.In a remote attack scenario, an attacker could exploit this vulnerability by running a specially crafted application to ...

oval:org.secpod.oval:def:41205
An information disclosure vulnerability exists when the Windows kernel fails to properly initialize a memory address, allowing an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (KASLR) bypass.An attacker who successfully exploited this vulnerability c ...

oval:org.secpod.oval:def:41209
An elevation of privilege vulnerability exists in Windows when the Microsoft Graphics Component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or del ...

oval:org.secpod.oval:def:41210
An elevation of privilege vulnerability exists in Windows when the Microsoft Graphics Component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or del ...

oval:org.secpod.oval:def:41264
A remote code execution vulnerability exists in the way JavaScript engines render when handling objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully ...

oval:org.secpod.oval:def:41265
A remote code execution vulnerability exists in the way JavaScript engines render when handling objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully ...

oval:org.secpod.oval:def:41262
A spoofing vulnerability exists when an affected Microsoft browser does not properly parse HTTP content. An attacker who successfully exploited this vulnerability could trick a user by redirecting the user to a specially crafted website. The specially crafted website could either spoof content or se ...

oval:org.secpod.oval:def:41263
A remote code execution vulnerability exists in the way JavaScript engines render when handling objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully ...

oval:org.secpod.oval:def:41266
A remote code execution vulnerability exists in the way that the VBScript engine, when rendered in Internet Explorer, handles objects in memory. In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit this vulnerability through Internet Explorer ...

oval:org.secpod.oval:def:41267
An elevation of privilege vulnerability exists in Windows when the Microsoft Graphics Component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or del ...

oval:org.secpod.oval:def:41276
A remote code execution vulnerability exists when Windows Explorer improperly handles executable files and shares during rename operations. An attacker who successfully exploited this vulnerability could run arbitrary code in the context of another user. Users not running as administrators would be ...

oval:org.secpod.oval:def:41279
An information disclosure vulnerability exists in the Windows Performance Monitor Console when it improperly parses XML input containing a reference to an external entity. An attacker who successfully exploited this vulnerability could read arbitrary files via an XML external entity (XXE)declaration ...

oval:org.secpod.oval:def:41277
An information disclosure vulnerability exists in the Windows System Information Console when it improperly parses XML input containing a reference to an external entity. An attacker who successfully exploited this vulnerability could read arbitrary files via an XML external entity (XXE)declaration. ...

oval:org.secpod.oval:def:41278
A remote code execution vulnerability exists in PowerShell when PSObject wraps a CIM Instance. An attacker who successfully exploited this vulnerability could execute malicious code on a vulnerable system.In an attack scenario, an attacker could execute malicious code in a PowerShell remote session. ...

oval:org.secpod.oval:def:40954
A remote code execution vulnerability exists in the way the Microsoft Edge JavaScript scripting engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploi ...

oval:org.secpod.oval:def:40957
A remote code execution vulnerability exists in Microsoft Windows, Microsoft Word 2013 and Microsoft Word 2016 if a user opens a specially crafted PDF file. An attacker who successfully exploited the vulnerability could cause arbitrary code to execute in the context of the current user.To exploit th ...

oval:org.secpod.oval:def:40958
An information disclosure vulnerability exists when Windows Uniscribe improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit the vulne ...

oval:org.secpod.oval:def:40959
A remote code execution vulnerability exists due to the way Windows Uniscribe handles objects in memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts ...

oval:org.secpod.oval:def:40960
An information disclosure vulnerability exists when Windows Uniscribe improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit the vulne ...

oval:org.secpod.oval:def:40961
An information disclosure vulnerability exists when Windows Uniscribe improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit the vulne ...

oval:org.secpod.oval:def:40964
An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system.There are multiple ways an attacker could exploit th ...

oval:org.secpod.oval:def:40965
A remote code execution vulnerability exist when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; o ...

oval:org.secpod.oval:def:40962
An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system.There are multiple ways an attacker could exploit th ...

oval:org.secpod.oval:def:40963
An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system.There are multiple ways an attacker could exploit th ...

oval:org.secpod.oval:def:40968
An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system.There are multiple ways an attacker could exploit th ...

oval:org.secpod.oval:def:40969
An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system.There are multiple ways an attacker could exploit th ...

oval:org.secpod.oval:def:40967
An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system.There are multiple ways an attacker could exploit th ...

oval:org.secpod.oval:def:40975
A remote code execution vulnerability exists in the way JavaScript engines render when handling objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully ...

oval:org.secpod.oval:def:40976
A remote code execution vulnerability exists in the way JavaScript engines render when handling objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully ...

oval:org.secpod.oval:def:40973
A remote code execution vulnerability exists in the way JavaScript engines render when handling objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully ...

oval:org.secpod.oval:def:40977
An information disclosure vulnerability exists when affected Microsoft scripting enginesdo not properly handle objects in memory. The vulnerability could allow an attacker to detect specific files on the user's computer. In a web-based attack scenario, an attacker could host a website that is used t ...

oval:org.secpod.oval:def:40978
A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. This vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.In a web-based attack scenario, an attacker could host a s ...

oval:org.secpod.oval:def:41603
The host is installed with Adobe Flash Player before 26.0.0.151 or flash plugin for IE10, IE 11 or Microsoft Edge and is prone to a security bypass vulnerability. A flaw is present in the applications, which fail to handle unspecified vectors. Successful exploitation could lead to information disclo ...

oval:org.secpod.oval:def:41971
A remote code execution vulnerability exists when Microsoft Windows PDF Library improperly handles objects in memory. The vulnerability could corrupt memory in a way that enables an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vuln ...

oval:org.secpod.oval:def:41977
A remote code execution vulnerability exists when Microsoft Windows PDF Library improperly handles objects in memory. The vulnerability could corrupt memory in a way that enables an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vuln ...

oval:org.secpod.oval:def:41976
An information disclosure vulnerability exists in Microsoft browsers due to improper parent domain verification in certain functionality. An attacker who successfully exploited the vulnerability could obtain specific information that is used in the parent domain. To exploit the vulnerability, an at ...

oval:org.secpod.oval:def:41975
A spoofing vulnerability exists when Microsoft Edge does not properly parse HTTP content. An attacker who successfully exploited this vulnerability could trick a user by redirecting the user to a specially crafted website. The specially crafted website could either spoof content or serve as a pivot ...

oval:org.secpod.oval:def:41974
A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that enables an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability ...

oval:org.secpod.oval:def:41978
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited ...

oval:org.secpod.oval:def:41983
A remote code execution vulnerability exists when Microsoft browsers improperly access objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. In a web-based attack scenario, an attacker could host a s ...

oval:org.secpod.oval:def:41982
A remote code execution vulnerability exists in the way that Microsoft browser JavaScript engines render content when handling objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. In a web-based att ...

oval:org.secpod.oval:def:41981
A remote code execution vulnerability exists in the way that Microsoft browser JavaScript engines render content when handling objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. In a web-based att ...

oval:org.secpod.oval:def:41987
A security feature bypass exists in Microsoft Edge when the Edge Content Security Policy (CSP) fails to properly validate certain specially crafted documents. An attacker who exploited the bypass could trick a user into loading a page containing malicious content. To exploit the bypass, an attacker ...

oval:org.secpod.oval:def:41986
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited ...

oval:org.secpod.oval:def:41989
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited ...

oval:org.secpod.oval:def:41990
A remote code execution vulnerability exists in the way Microsoft Edge handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain ...

oval:org.secpod.oval:def:41995
A race condition that could lead to a remote code execution vulnerability exists in NetBT Session Services when NetBT fails to maintain certain sequencing requirements. To exploit the vulnerability, an attacker needs to be able to send specially crafted NetBT Session Service packets to an impacted s ...

oval:org.secpod.oval:def:41999
An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. To exploit this vulnerability, an attacker would have to log on to ...

oval:org.secpod.oval:def:41998
A information disclosure vulnerability exists when the Windows GDI+ component improperly discloses kernel memory addresses. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. To exploit this vulnerability, an attacker would have ...

oval:org.secpod.oval:def:41997
An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delet ...

oval:org.secpod.oval:def:41996
A spoofing vulnerability exists in Microsoft's implementation of the Bluetooth stack. An attacker who successfully exploited this vulnerability could perform a man-in-the-middle attack and force a user's computer to unknowingly route traffic through the attacker's computer. The attacker can then mon ...

oval:org.secpod.oval:def:41959
A spoofing vulnerability exists when Internet Explorer improperly handles specific HTML content. An attacker who successfully exploited this vulnerability could trick a user into believing that the user was visiting a legitimate website. The specially crafted website could either spoof content or se ...

oval:org.secpod.oval:def:41957
The host is installed with Adobe Flash Player before 27.0.0.130 or flash plugin for IE10, IE 11 or Microsoft Edge and is prone to a remote code execution vulnerability. A flaw is present in the applications, which fail to handle unspecified vectors. Successful exploitation could lead to memory corru ...

oval:org.secpod.oval:def:41956
The host is installed with Adobe Flash Player before 27.0.0.130 or flash plugin for IE10, IE 11 or Microsoft Edge and is prone to a remote code execution vulnerability. A flaw is present in the applications, which fail to handle unspecified vectors. Successful exploitation could lead to memory corru ...

oval:org.secpod.oval:def:41961
A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. In a web-based attack scenario, an attacker could host a ...

oval:org.secpod.oval:def:41960
A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. In a web-based attack scenario, an attacker could host a ...

oval:org.secpod.oval:def:41965
An information disclosure vulnerability exists when Microsoft Edge improperly handles clipboard events. For an attack to be successful, an attacker must persuade a user to visit a malicious website and leave it open during clipboard activities. The update addresses the vulnerability by changing ho ...

oval:org.secpod.oval:def:41963
A vulnerability exists when Microsoft Edge improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. To exploit the vulnerability, an attacker could host a specially crafted website ...

oval:org.secpod.oval:def:41969
A security feature bypass exists in Microsoft Edge when the Edge Content Security Policy (CSP) fails to properly validate certain specially crafted documents. An attacker who exploited the bypass could trick a user into loading a page containing malicious content. To exploit the bypass, an attacker ...

oval:org.secpod.oval:def:42002
A information disclosure vulnerability exists when the Windows GDI+ component improperly discloses kernel memory addresses. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. To exploit this vulnerability, an attacker would have ...

oval:org.secpod.oval:def:42000
An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. To exploit this vulnerability, an attacker would have to log on to ...

oval:org.secpod.oval:def:42003
An information disclosure vulnerability exists when the Microsoft Windows Graphics Component improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. To exploit this vulnerability, an attacker wou ...

oval:org.secpod.oval:def:42009
A remote code execution vulnerability exists due to the way Windows Uniscribe handles objects in memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts ...

oval:org.secpod.oval:def:42008
An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface+ (GDI+) handles objects in memory, allowing an attacker to retrieve information from a targeted system. By itself, the information disclosure does not allow arbitrary code execution; however, it cou ...

oval:org.secpod.oval:def:42007
An Information disclosure vulnerability exists in Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (KASLR) bypass. An attacker who successfully exploited this vulnerability could retrieve the memory address of a kernel ...

oval:org.secpod.oval:def:42011
An elevation of privilege vulnerability exists in Windows Error Reporting (WER) when WER handles and executes files. The vulnerability could allow elevation of privilege if an attacker can successfully exploit it. An attacker who successfully exploited the vulnerability could gain greater access to ...

oval:org.secpod.oval:def:42010
A remote code execution vulnerability exists when Windows Shell does not properly validate file copy destinations. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, ...

oval:org.secpod.oval:def:42016
An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. To exploit this vulnerability, an attacker would have to log on to ...

oval:org.secpod.oval:def:42015
An information disclosure vulnerability exists when the Windows kernel fails to properly initialize a memory address, allowing an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (KASLR) bypass. An attacker who successfully exploited this vulnerability ...

oval:org.secpod.oval:def:42024
An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or ...

oval:org.secpod.oval:def:42023
An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. To exploit this vulnerability, an attacker would have to log on to ...

oval:org.secpod.oval:def:41652
An information disclosure vulnerability exists when the win32k component improperly provides kernel information. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system.To exploit this vulnerability, an attacker would have to log on to ...

oval:org.secpod.oval:def:41610
A remote code execution vulnerability exists in the way JavaScript engines render when handling objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully ...

oval:org.secpod.oval:def:41614
A remote code execution vulnerability exists when Microsoft browsers improperly access objects in memory. The vulnerability could corrupt memory in such a way that enables an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerabili ...

oval:org.secpod.oval:def:41611
A remote code execution vulnerability exists in the way JavaScript engines render when handling objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully ...

oval:org.secpod.oval:def:41612
A remote code execution vulnerability exists in the way JavaScript engines render when handling objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully ...

oval:org.secpod.oval:def:41615
A remote code execution vulnerability exists in the way Microsoft browsers handle objects in memory while rendering content. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited t ...

oval:org.secpod.oval:def:41624
An information disclosure vulnerability exists when Microsoft Edge improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. To exploit the vulnerability, in a web-based attack scenario, an attacker ...

oval:org.secpod.oval:def:41622
A remote code execution vulnerability exists in the way that Microsoft browser JavaScript engines render content when handling objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. In a web-based atta ...

oval:org.secpod.oval:def:41629
An information disclosure vulnerability exists when Microsoft Edge improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. To exploit the vulnerability, in a web-based attack scenario, an attacker ...

oval:org.secpod.oval:def:41630
A remote code execution vulnerability exists in the way that Microsoft browser JavaScript engines render content when handling objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. In a web-based atta ...

oval:org.secpod.oval:def:41638
A remote code execution vulnerability exists in the way that Microsoft browser JavaScript engines render content when handling objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. In a web-based atta ...

oval:org.secpod.oval:def:41642
A remote code execution vulnerability exists when Microsoft Windows PDF Library improperly handles objects in memory. The vulnerability could corrupt memory in a way that enables an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vuln ...

oval:org.secpod.oval:def:41643
A remote code execution vulnerability exists in Windows Input Method Editor (IME) when IME improperly handles parameters in a method of a DCOM class.The DCOM server is a Windows component installed regardless of which languages/IMEs are enabled. An attacker can instantiate the DCOM class and exploit ...

oval:org.secpod.oval:def:41640
A denial of service vulnerability exists when Microsoft Windows improperly handles NetBIOS packets.An attacker who successfully exploited this vulnerability could cause a target computer to become completely unresponsive.A remote unauthenticated attacker could exploit this vulnerability by sending a ...

oval:org.secpod.oval:def:41641
A buffer overflow vulnerability exists in the Microsoft JET Database Engine that could allow remote code execution on an affected system.An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, ...

oval:org.secpod.oval:def:41644
An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or ...

oval:org.secpod.oval:def:41645
A remote code execution vulnerability exists when Windows Search handles objects in memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full use ...

oval:org.secpod.oval:def:41648
An elevation of privilege vulnerability exists when the Windows Common Log File System (CLFS) driver improperly handles objects in memory.In a local attack scenario, an attacker could exploit this vulnerability by running a specially crafted application to take control of the affected system. An att ...

oval:org.secpod.oval:def:41650
This security update resolves a vulnerability in Windows Error Reporting (WER). The vulnerability could allow elevation of privilege if successfully exploited by an attacker. An attacker who successfully exploited this vulnerability could gain greater access to sensitive information and system funct ...

oval:org.secpod.oval:def:41606
The host is missing a critical security update KB4034662. This security update resolves vulnerabilities in Microsoft IE10, IE11 and Edge that could allow remote code execution.

oval:org.secpod.oval:def:41604
The host is installed with Adobe Flash Player before 26.0.0.151 or flash plugin for IE10, IE 11 or Microsoft Edge and is prone to a type confusion vulnerability. A flaw is present in the applications, which fail to handle unspecified vectors. Successful exploitation could lead to remote code executi ...

oval:org.secpod.oval:def:41609
A security feature bypass vulnerability exists when Internet Explorer fails to validate User Mode Code Integrity (UMCI) policies. The vulnerability could allow an attacker to bypass Device Guard UCMI policies.To exploit the vulnerability, a user could either visit a malicious website or an attacker ...

oval:org.secpod.oval:def:42299
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploi ...

oval:org.secpod.oval:def:42297
An information disclosure vulnerability exists when Internet Explorer improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. To exploit the vulnerability, in a web-based attack scenario, an attac ...

oval:org.secpod.oval:def:42303
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited ...

oval:org.secpod.oval:def:42302
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited ...

oval:org.secpod.oval:def:42306
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited ...

oval:org.secpod.oval:def:42305
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited ...

oval:org.secpod.oval:def:42304
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited ...

oval:org.secpod.oval:def:42310
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited ...

oval:org.secpod.oval:def:42313
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited ...

oval:org.secpod.oval:def:42312
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploi ...

oval:org.secpod.oval:def:42311
A remote code execution vulnerability exists in the way the scripting engine handle objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited t ...

oval:org.secpod.oval:def:42318
A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker wh ...

oval:org.secpod.oval:def:42317
A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability c ...

oval:org.secpod.oval:def:42319
A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploited the vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; o ...

oval:org.secpod.oval:def:42321
An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. To exploit this vulnerability, an attacker would have to log on to a ...

oval:org.secpod.oval:def:42320
A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploited the vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; o ...

oval:org.secpod.oval:def:42325
A remote code execution vulnerability exists in Windows Domain Name System (DNS) DNSAPI.dll when it fails to properly handle DNS responses. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the Local System Account. To exploit the vulnerability, the ...

oval:org.secpod.oval:def:42324
An Information disclosure vulnerability exists when Windows Search improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. To exploit the vulnerability, the attacker could send specially crafted m ...

oval:org.secpod.oval:def:42323
A remote code execution vulnerability exists when Windows Search handles objects in memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full use ...

oval:org.secpod.oval:def:42322
A remote code execution vulnerability exists in the way that certain Windows components handle the loading of DLL files. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; ...

oval:org.secpod.oval:def:42329
An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (ALPC). An attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the local system. An attacker could then install programs; view, ...

oval:org.secpod.oval:def:42327
A denial of service vulnerability exists in the Microsoft Server Block Message (SMB) when an attacker sends specially crafted requests to the server. An attacker who exploited this vulnerability could cause the affected system to crash. To attempt to exploit this issue, an attacker would need to sen ...

oval:org.secpod.oval:def:42326
A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 1.0 (SMBv1) server handles certain requests. An attacker who successfully exploited the vulnerability could gain the ability to execute code on the target server. To exploit the vulnerability, in most sit ...

oval:org.secpod.oval:def:42332
An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. To exploit this vulnerability, an attacker would have to log on to a ...

oval:org.secpod.oval:def:42331
An information disclosure vulnerability exists in the Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (ASLR) bypass. An attacker who successfully exploited the vulnerability could retrieve the memory address of a kern ...

oval:org.secpod.oval:def:42336
An Security Feature bypass vulnerability exists in Microsoft Windows storage when it fails to validate an integrity-level check. An attacker who successfully exploited the vulnerability could allow an application with a certain integrity level to execute code at a different integrity level. The upda ...

oval:org.secpod.oval:def:42335
An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory. To exploit this vulnerability, an authenticated attacker could run a specially crafted application. An attacker who successfully exploited this vulnerability could obtain information to f ...

oval:org.secpod.oval:def:42334
An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory, allowing an attacker to retrieve information from a targeted system. By itself, the information disclosure does not allow arbitrary code execution; however, it could ...

oval:org.secpod.oval:def:42333
An information disclosure vulnerability exists in the way that the Windows SMB Server handles certain requests. An authenticated attacker who successfully exploited this vulnerability could craft a special packet, which could lead to information disclosure from the server. To exploit the vulnerabili ...

oval:org.secpod.oval:def:42339
An elevation of privilege vulnerability exists when the Windows Graphics Component improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context. In a local attack scenario, an attacker could exploit this vulnerability by r ...

oval:org.secpod.oval:def:42338
A security feature bypass vulnerability exists in Device Guard that could allow an attacker to inject malicious code into a Windows PowerShell session. An attacker who successfully exploited this vulnerability could inject code into a trusted PowerShell process to bypass the Device Guard Code Integr ...

oval:org.secpod.oval:def:42343
An elevation of privilege vulnerability exists when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or ...

oval:org.secpod.oval:def:42342
An information disclosure vulnerability exists when the Microsoft Windows Graphics Component improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. To exploit this vulnerability, an attacker woul ...

oval:org.secpod.oval:def:42341
An elevation of privilege vulnerability exists when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or ...

oval:org.secpod.oval:def:42398
A security vulnerability exists in certain Trusted Platform Module (TPM) chipsets. The vulnerability weakens key strength. It is important to note that this is a firmware vulnerability, and not a vulnerability in the operating system or a specific application. After you have installed software and/o ...

oval:org.secpod.oval:def:42399
Microsoft is releasing an optional security enhancement to NT LAN Manager (NTLM), limiting which network resources various clients in the Windows 10 or the Windows Server 2016 operating systems can use NTLM Single Sign On(SSO) as an authentication method. When you deploy the new security enhancement ...

oval:org.secpod.oval:def:42347
A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory via the Microsoft Windows Text Services Framework. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attac ...

oval:org.secpod.oval:def:42346
A buffer overflow vulnerability exists in the Microsoft JET Database Engine that could allow remote code execution on an affected system. An attacker who successfully exploited this vulnerability could take control of an affected system. An attacker could then install programs; view, change, or dele ...

oval:org.secpod.oval:def:42345
A buffer overflow vulnerability exists in the Microsoft JET Database Engine that could allow remote code execution on an affected system. An attacker who successfully exploited this vulnerability could take control of an affected system. An attacker could then install programs; view, change, or dele ...

oval:org.secpod.oval:def:42344
A security feature bypass vulnerability exists in Device Guard that could allow an attacker to inject malicious code into a Windows PowerShell session. An attacker who successfully exploited this vulnerability could inject code into a trusted PowerShell process to bypass the Device Guard Code Integr ...

oval:org.secpod.oval:def:42687
An information disclosure vulnerability exists when the scripting engine does not properly handle objects in memory in Microsoft browsers. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. In a web-based attack scenario, an att ...

oval:org.secpod.oval:def:42689
A remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory. The vulnerability could corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerabilit ...

oval:org.secpod.oval:def:42691
An information disclosure vulnerability exists when the scripting engine does not properly handle objects in memory in Internet Explorer. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. In a web-based attack scenario, an atta ...

oval:org.secpod.oval:def:42690
An information disclosure vulnerability exists in the way that Microsoft Edge handles cross-origin requests. An attacker who successfully exploited this vulnerability could determine the origin of all webpages in the affected browser. In a web-based attack scenario, an attacker could host a website ...

oval:org.secpod.oval:def:42695
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited ...

oval:org.secpod.oval:def:42694
A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited ...

oval:org.secpod.oval:def:42693
A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited ...

oval:org.secpod.oval:def:42692
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited ...

oval:org.secpod.oval:def:42698
A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited ...

oval:org.secpod.oval:def:42697
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited ...

oval:org.secpod.oval:def:42696
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited ...

oval:org.secpod.oval:def:42703
A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability c ...

oval:org.secpod.oval:def:42702
An information disclosure vulnerability exists when Internet Explorer improperly handles page content, which could allow an attacker to detect the navigation of the user leaving a maliciously crafted page. To exploit the vulnerability, in a web-based attack scenario, an attacker could host a specia ...

oval:org.secpod.oval:def:42701
An information disclosure vulnerability exists when Internet Explorer improperly handles page content, which could allow an attacker to detect the navigation of the user leaving a maliciously crafted page. To exploit the vulnerability, in a web-based attack scenario, an attacker could host a specia ...

oval:org.secpod.oval:def:42705
remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory. The vulnerability could corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability ...

oval:org.secpod.oval:def:42704
A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability c ...

oval:org.secpod.oval:def:42081
A remote code execution vulnerability exists when Microsoft .NET Framework processes untrusted input. An attacker who successfully exploited this vulnerability in software using the .NET framework could take control of an affected system. An attacker could then install programs; view, change, or del ...

oval:org.secpod.oval:def:42057
An information disclosure vulnerability exists when Windows Uniscribe improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit the vulne ...

oval:org.secpod.oval:def:42056
An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory, allowing an attacker to retrieve information from a targeted system. By itself, the information disclosure does not allow arbitrary code execution; however, it could ...

oval:org.secpod.oval:def:42058
A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; ...

oval:org.secpod.oval:def:43158
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited ...

oval:org.secpod.oval:def:43160
A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited ...

oval:org.secpod.oval:def:43164
An information disclosure vulnerability exists when the scripting engine does not properly handle objects in memory in Microsoft browsers. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. In a web-based attack scenario, an att ...

oval:org.secpod.oval:def:43163
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited ...

oval:org.secpod.oval:def:43161
A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability c ...

oval:org.secpod.oval:def:43168
An information disclosure vulnerability exists when the Windows its:// protocol handler unnecessarily sends traffic to a remote site in order to determine the zone of a provided URL. This could potentially result in the disclosure of sensitive information to a malicious site. To exploit the vulnera ...

oval:org.secpod.oval:def:43167
A security feature bypass exists when Device Guard incorrectly validates an untrusted file. An attacker who successfully exploited this vulnerability could make an unsigned file appear to be signed. Because Device Guard relies on the signature to determine the file is non-malicious, Device Guard cou ...

oval:org.secpod.oval:def:43166
A remote code execution vulnerability exists in RPC if the server has Routing and Remote Access enabled. An attacker who successfully exploited this vulnerability could execute code on the target system. An attacker could then install programs; view, change, or delete data; or create new accounts wi ...

oval:org.secpod.oval:def:43165
A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited ...

oval:org.secpod.oval:def:43179
The host is installed with Adobe Flash Player before 28.0.0.126 or flash plugin for IE10, IE 11 or Microsoft Edge and is prone to a business logic error vulnerability. A flaw is present in the applications, which fail to handle unspecified vectors. Successful exploitation could lead to Unintended re ...

oval:org.secpod.oval:def:43181
The host is missing a critical update according to Adobe advisory, ADV170022. The update is required to fix a business logic error vulnerability. A flaw are present in the application, which fails to properly handle unknown vectors. Successful exploitation could lead to Unintended reset of global se ...

oval:org.secpod.oval:def:43139
The host is installed with Microsoft malware protection engine before 1.1.14405.2 for Windows Defender or Microsoft Security Essentials and is prone to a remote code execution vulnerability. A flaw is present in the application, which fails to handle a crafted file. Successful exploitation allows at ...

oval:org.secpod.oval:def:43137
The host is installed with Microsoft malware protection engine before 1.1.14405.2 for Windows Defender or Microsoft Security Essentials and is prone to a remote code execution vulnerability. A flaw is present in the application, which fails to handle a crafted file. Successful exploitation allows at ...

oval:org.secpod.oval:def:43146
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited ...

oval:org.secpod.oval:def:43145
A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that enables an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability ...

oval:org.secpod.oval:def:43144
An information disclosure vulnerability exists when Internet Explorer improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. To exploit the vulnerability, in a web-based attack scenario, an atta ...

oval:org.secpod.oval:def:43143
A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability c ...

oval:org.secpod.oval:def:43149
A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited ...

oval:org.secpod.oval:def:43147
A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability c ...

oval:org.secpod.oval:def:43152
A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability c ...

oval:org.secpod.oval:def:43151
A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability c ...

oval:org.secpod.oval:def:43150
A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited ...

oval:org.secpod.oval:def:43155
A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability c ...

oval:org.secpod.oval:def:43154
An information disclosure vulnerability exists when Internet Explorer improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. To exploit the vulnerability, in a web-based attack scenario, an atta ...

oval:org.secpod.oval:def:42798
The host is installed with Adobe Flash Player before 27.0.0.183 and earlier versions, flash plugin for IE10, IE 11, Microsoft Edge or Google Chrome before 65.0.3325.146 and is prone to a use after free vulnerability. A flaw is present in the applications, which fail to handle unspecified vectors. Su ...

oval:org.secpod.oval:def:42797
The host is installed with Adobe Flash Player before 27.0.0.183 and earlier versions or flash plugin for IE10, IE 11 or Microsoft Edge and is prone to a Out-of-bounds Read vulnerability. A flaw is present in the applications, which fail to handle unspecified vectors. Successful exploitation could le ...

oval:org.secpod.oval:def:42799
The host is installed with Adobe Flash Player before 27.0.0.183 and earlier versions, flash plugin for IE10, IE 11, Microsoft Edge or Google Chrome before 65.0.3325.146 and is prone to a use after free vulnerability. A flaw is present in the applications, which fail to handle unspecified vectors. Su ...

oval:org.secpod.oval:def:42709
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited ...

oval:org.secpod.oval:def:42708
A security feature bypass vulnerability exists in Microsoft Edge when the Edge Content Security Policy (CSP) fails to properly validate certain specially crafted documents. An attacker who exploited the bypass could trick a user into loading a page containing malicious content. To exploit the bypas ...

oval:org.secpod.oval:def:42710
A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability c ...

oval:org.secpod.oval:def:42718
A security feature bypass exists when Device Guard incorrectly validates an untrusted file. An attacker who successfully exploited this vulnerability could make an unsigned file appear to be signed. Because Device Guard relies on the signature to determine the file is non-malicious, Device Guard cou ...

oval:org.secpod.oval:def:42717
A denial of service vulnerability exists when Windows Search improperly handles objects in memory. An attacker who successfully exploited the vulnerability could cause a remote denial of service against a system. To exploit the vulnerability, the attacker could send specially crafted messages to th ...

oval:org.secpod.oval:def:42716
An information vulnerability exists when Windows Media Player improperly discloses file information. Successful exploitation of the vulnerability could allow the attacker to test for the presence of files on disk. To exploit the vulnerability, an attacker would have to log onto an affected system a ...

oval:org.secpod.oval:def:42719
An information disclosure vulnerability exists when the Windows kernel fails to properly initialize a memory address. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. To exploit this vulnerability, an attacker would have to l ...

oval:org.secpod.oval:def:42725
An information disclosure vulnerability exists when the Microsoft Windows Graphics Component improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. To exploit this vulnerability, an attacker wou ...

oval:org.secpod.oval:def:42724
An information disclosure vulnerability exists when the Windows kernel fails to properly initialize a memory address. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. To exploit this vulnerability, an attacker would have to l ...

oval:org.secpod.oval:def:42723
An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new a ...

oval:org.secpod.oval:def:42722
An information disclosure vulnerability exists when the Windows kernel fails to properly initialize a memory address. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. To exploit this vulnerability, an attacker would have to l ...

oval:org.secpod.oval:def:42729
An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory. To exploit this vulnerability, an authenticated attacker could run a specially crafted application. An attacker who successfully exploited this vulnerability could obtain information to ...

oval:org.secpod.oval:def:42728
An information disclosure vulnerability exists when the Windows kernel fails to properly initialize a memory address. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. To exploit this vulnerability, an attacker would have to l ...

oval:org.secpod.oval:def:42726
A Win32k information disclosure vulnerability exists when the Windows GDI component improperly discloses kernel memory addresses. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. To exploit this vulnerability, an attacker woul ...

oval:org.secpod.oval:def:42801
The host is installed with Adobe Flash Player before 27.0.0.183 and earlier versions or flash plugin for IE10, IE 11 or Microsoft Edge and is prone to a Out-of-bounds Read vulnerability. A flaw is present in the applications, which fail to handle unspecified vectors. Successful exploitation could le ...

oval:org.secpod.oval:def:42800
The host is installed with Adobe Flash Player before 27.0.0.183 and earlier versions or flash plugin for IE10, IE 11 or Microsoft Edge and is prone to a Out-of-bounds Read vulnerability. A flaw is present in the applications, which fail to handle unspecified vectors. Successful exploitation could le ...

oval:org.secpod.oval:def:43377
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited ...

oval:org.secpod.oval:def:43379
An information disclosure vulnerability exists when Microsoft Edge PDF Reader improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. To exploit the vulnerability, in a web-based attack scenario, ...

oval:org.secpod.oval:def:43378
A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited ...

oval:org.secpod.oval:def:43384
A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited ...

oval:org.secpod.oval:def:43383
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited ...

oval:org.secpod.oval:def:43382
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited ...

oval:org.secpod.oval:def:43388
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited ...

oval:org.secpod.oval:def:43389
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited ...

oval:org.secpod.oval:def:43391
An information disclosure vulnerability exists when the scripting engine does not properly handle objects in memory in Microsoft Edge. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. In a web-based attack scenario, an attacker ...

oval:org.secpod.oval:def:43394
An elevation of privilege vulnerability exists when Microsoft Edge does not properly enforce cross-domain policies, which could allow an attacker to access information from one domain and inject it into another domain. In a web-based attack scenario, an attacker could host a website that is used to ...

oval:org.secpod.oval:def:43791
The host is missing an important security update 4072698

oval:org.secpod.oval:def:43790
The host is missing an important security update 4078130

oval:org.secpod.oval:def:43873
An information disclosure vulnerability exists when VBScript improperly discloses the contents of its memory, which could provide an attacker with information to further compromise the users computer or data. To exploit the vulnerability, an attacker must know the memory address of where the object ...

oval:org.secpod.oval:def:43836
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited ...

oval:org.secpod.oval:def:43835
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited ...

oval:org.secpod.oval:def:43839
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited ...

oval:org.secpod.oval:def:43838
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited ...

oval:org.secpod.oval:def:43843
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited ...

oval:org.secpod.oval:def:43841
A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited ...

oval:org.secpod.oval:def:43847
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploi ...

oval:org.secpod.oval:def:43845
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited ...

oval:org.secpod.oval:def:43844
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited ...

oval:org.secpod.oval:def:43848
An elevation of privilege vulnerability exists in the way that the Windows Kernel handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. To exploit the vulnerability, a locally authenticated attacker could run a specially cr ...

oval:org.secpod.oval:def:43850
An elevation of privilege vulnerability exists in the way that the Windows Kernel handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. To exploit the vulnerability, a locally authenticated attacker could run a specially cr ...

oval:org.secpod.oval:def:43851
An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. To exploit this vulnerability, an attacker would have to log on to ...

oval:org.secpod.oval:def:43858
An elevation of privilege vulnerability exists when NTFS improperly handles objects. An attacker who successfully exploited this vulnerability could run processes in an elevated context. To exploit the vulnerability, an attacker would first have to log on to the system, and then run a specially cra ...

oval:org.secpod.oval:def:43857
An elevation of privilege vulnerability exists when AppContainer improperly implements constrained impersonation. An attacker who successfully exploited this vulnerability could run processes in an elevated context. To exploit the vulnerability, an attacker would first have to log on to the system ...

oval:org.secpod.oval:def:43856
An elevation of privilege vulnerability exists in the way that the Windows Kernel handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. To exploit the vulnerability, a locally authenticated attacker could run a specially cr ...

oval:org.secpod.oval:def:43860
A remote code execution vulnerability exists in StructuredQuery when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative us ...

oval:org.secpod.oval:def:43865
An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. To exploit this vulnerability, an attacker would have to log on to ...

oval:org.secpod.oval:def:43864
An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. To exploit this vulnerability, an attacker would have to log on to ...

oval:org.secpod.oval:def:43869
An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new a ...

oval:org.secpod.oval:def:43867
An information disclosure vulnerability exists in the Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (ASLR) bypass. An attacker who successfully exploited the vulnerability could retrieve the memory address of a kern ...

oval:org.secpod.oval:def:43872
An elevation of privilege vulnerability exists when the Windows Common Log File System (CLFS) driver improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context. To exploit the vulnerability, an attacker would first have ...

oval:org.secpod.oval:def:43871
An elevation of privilege vulnerability exists when the Windows Common Log File System (CLFS) driver improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context. To exploit the vulnerability, an attacker would first have ...

oval:org.secpod.oval:def:43805
The host is installed with Adobe Flash Player 28.0.0.137 or earlier and is prone to an use-after-free vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allows an attacker to take control of the affected system.

oval:org.secpod.oval:def:43919
Microsoft has deprecated the Document Signing functionality in XPS Viewer. This functionality relied upon the SHA-1 algorithm and is part of the overall effort to remove this algorithm from Windows products. This change impacts XPS Viewer on all supported versions of Windows

oval:org.secpod.oval:def:44566
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully ex ...

oval:org.secpod.oval:def:44568
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully ex ...

oval:org.secpod.oval:def:44569
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited ...

oval:org.secpod.oval:def:44574
An information disclosure vulnerability exists when affected Microsoft browsers improperly handle objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. To exploit the vulnerability, in a web-based attack scenari ...

oval:org.secpod.oval:def:44575
An information disclosure vulnerability exists when Internet Explorer improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. To exploit the vulnerability, in a web-based attack scenario, an atta ...

oval:org.secpod.oval:def:44571
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploi ...

oval:org.secpod.oval:def:44572
An information disclosure vulnerability exists when the scripting engine does not properly handle objects in memory in Microsoft browsers. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. In a web-based attack scenario, an att ...

oval:org.secpod.oval:def:44577
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully ex ...

oval:org.secpod.oval:def:44578
An information disclosure vulnerability exists when affected Microsoft browsers improperly handle objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. To exploit the vulnerability, in a web-based attack scenari ...

oval:org.secpod.oval:def:44579
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully ex ...

oval:org.secpod.oval:def:44585
An elevation of privilege vulnerability exists when Internet Explorer fails a check, allowing sandbox escape. An attacker who successfully exploited the vulnerability could use the sandbox escape to elevate privileges on an affected system. This vulnerability by itself does not allow arbitrary code ...

oval:org.secpod.oval:def:44580
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully ex ...

oval:org.secpod.oval:def:44581
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploi ...

oval:org.secpod.oval:def:44605
An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory. To exploit this vulnerability, an authenticated attacker could run a specially crafted application. An attacker who successfully exploited this vulnerability could obtain information to ...

oval:org.secpod.oval:def:44606
An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory. To exploit this vulnerability, an authenticated attacker could run a specially crafted application. An attacker who successfully exploited this vulnerability could obtain information to ...

oval:org.secpod.oval:def:44607
An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory. To exploit this vulnerability, an authenticated attacker could run a specially crafted application. An attacker who successfully exploited this vulnerability could obtain information to ...

oval:org.secpod.oval:def:44609
An elevation of privilege vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete da ...

oval:org.secpod.oval:def:44616
A remote code execution vulnerability exists when Windows Shell does not properly validate file copy destinations. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, ...

oval:org.secpod.oval:def:44617
A security feature bypass vulnerability exists in Windows Scripting Host which could allow an attacker to bypass Device Guard. An attacker who successfully exploited this vulnerability could circumvent a User Mode Code Integrity (UMCI) policy on the machine. To exploit the vulnerability, an attacke ...

oval:org.secpod.oval:def:44610
An elevation of privilege vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete da ...

oval:org.secpod.oval:def:44611
An elevation of privilege vulnerability exists in the Windows Installer when the Windows Installer fails to properly sanitize input leading to an insecure library loading behavior. A locally authenticated attacker could run arbitrary code with elevated system privileges. An attacker could then inst ...

oval:org.secpod.oval:def:44613
An information disclosure vulnerability exists when Windows Remote Assistance incorrectly processes XML External Entities (XXE). An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. To exploit this condition, an attacker would ne ...

oval:org.secpod.oval:def:44621
An information disclosure vulnerability exists in the Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (ASLR) bypass. An attacker who successfully exploited the vulnerability could retrieve the memory address of a kern ...

oval:org.secpod.oval:def:44622
An information disclosure vulnerability exists in the Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (ASLR) bypass. An attacker who successfully exploited the vulnerability could retrieve the memory address of a kern ...

oval:org.secpod.oval:def:44623
An information disclosure vulnerability exists in the Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (ASLR) bypass. An attacker who successfully exploited the vulnerability could retrieve the memory address of a kern ...

oval:org.secpod.oval:def:43403
An information disclosure vulnerability exists in the Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (ASLR) bypass. An attacker who successfully exploited the vulnerability could retrieve the memory address of a kern ...

oval:org.secpod.oval:def:43401
An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new a ...

oval:org.secpod.oval:def:43406
An elevation of privilege vulnerability exists in the Microsoft Server Message Block (SMB) Server when an attacker with valid credentials attempts to open a specially crafted file over the SMB protocol on the same machine. An attacker who successfully exploited this vulnerability could bypass certai ...

oval:org.secpod.oval:def:43405
An elevation of privilege vulnerability exists in the way that the Windows Kernel API enforces permissions. An attacker who successfully exploited the vulnerability could impersonate processes, interject cross-process communication, or interrupt system functionality. To exploit the vulnerability, a ...

oval:org.secpod.oval:def:43404
An information disclosure vulnerability exists in the Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (ASLR) bypass. An attacker who successfully exploited the vulnerability could retrieve the memory address of a kern ...

oval:org.secpod.oval:def:43409
An elevation of privilege vulnerability exists in the way that the Windows Kernel API enforces permissions. An attacker who successfully exploited the vulnerability could impersonate processes, interject cross-process communication, or interrupt system functionality. To exploit the vulnerability, a ...

oval:org.secpod.oval:def:43408
An elevation of privilege vulnerability exists in the way that the Windows Kernel API enforces permissions. An attacker who successfully exploited the vulnerability could impersonate processes, interject cross-process communication, or interrupt system functionality. To exploit the vulnerability, a ...

oval:org.secpod.oval:def:43410
A denial of service vulnerability exists in the way that Windows handles objects in memory. An attacker who successfully exploited the vulnerability could cause a target system to stop responding. Note that the denial of service condition would not allow an attacker to execute code or to elevate use ...

oval:org.secpod.oval:def:43411
An information disclosure vulnerability exists in Windows Adobe Type Manager Font Driver (ATMFD.dll) when it fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could potentially read data that was not intended to be disclosed. Note that this vulner ...

oval:org.secpod.oval:def:43459
A Denial of Service vulnerability exists when .NET, and .NET core, improperly process XML documents. An attacker who successfully exploited this vulnerability could cause a denial of service against a .NET application. A remote unauthenticated attacker could exploit this vulnerability by issuing spe ...

oval:org.secpod.oval:def:43461
A security feature bypass vulnerability exists when Microsoft .NET Framework (and .NET Core) components do not completely validate certificates. An attacker could present a certificate that is marked invalid for a specific use, but the component uses it for that purpose. This action disregards the E ...

oval:org.secpod.oval:def:44868
A remote code execution vulnerability exists when the Microsoft Malware Protection Engine does not properly scan a specially crafted file, leading to memory corruption. An attacker who successfully exploited this vulnerability could execute arbitrary code in the security context of the LocalSystem a ...

oval:org.secpod.oval:def:44966
The host is installed with Adobe Flash Player before 29.0.0.140 or flash plugin for IE10, IE 11 or Microsoft Edge and is prone to a heap overflow vulnerability. A flaw is present in the applications, which fails to handle unspecified vectors. Successful exploitation could lead to information disclos ...

oval:org.secpod.oval:def:44967
The host is installed with Adobe Flash Player before 29.0.0.140 or flash plugin for IE10, IE 11 or Microsoft Edge and is prone to an out-of-bounds write vulnerability. A flaw is present in the applications, which fails to handle unspecified vectors. Successful exploitation could lead to remote code ...

oval:org.secpod.oval:def:44969
A denial of service vulnerability exists in the way that Windows SNMP Service handles malformed SNMP traps. An attacker who successfully exploited the vulnerability could cause a target system to stop responding. Note that the denial of service condition would not allow an attacker to execute code ...

oval:org.secpod.oval:def:44962
The host is installed with Adobe Flash Player before 29.0.0.140 or flash plugin for IE10, IE 11 or Microsoft Edge and is prone to a use-after-free vulnerability. A flaw is present in the applications, which fails to handle unspecified vectors. Successful exploitation could lead to remote code execut ...

oval:org.secpod.oval:def:44963
The host is installed with Adobe Flash Player before 29.0.0.140 or flash plugin for IE10, IE 11 or Microsoft Edge and is prone to an out-of-bounds read vulnerability. A flaw is present in the applications, which fails to handle unspecified vectors. Successful exploitation could lead to information d ...

oval:org.secpod.oval:def:44964
The host is installed with Adobe Flash Player before 29.0.0.140 or flash plugin for IE10, IE 11 or Microsoft Edge and is prone to an out-of-bounds read vulnerability. A flaw is present in the applications, which fails to handle unspecified vectors. Successful exploitation could lead to information d ...

oval:org.secpod.oval:def:44965
The host is installed with Adobe Flash Player before 29.0.0.140 or flash plugin for IE10, IE 11 or Microsoft Edge and is prone to a out-of-bounds write vulnerability. A flaw is present in the applications, which fails to handle unspecified vectors. Successful exploitation could lead to remote code e ...

oval:org.secpod.oval:def:44972
A denial of service vulnerability exists in the HTTP 2.0 protocol stack (HTTP.sys) when HTTP.sys improperly parses specially crafted HTTP 2.0 requests. An attacker who successfully exploited the vulnerability could create a denial of service condition, causing the target system to become unresponsiv ...

oval:org.secpod.oval:def:44977
A security feature bypass exists when Device Guard incorrectly validates an untrusted file. An attacker who successfully exploited this vulnerability could make an unsigned file appear to be signed. Because Device Guard relies on the signature to determine the file is non-malicious, Device Guard cou ...

oval:org.secpod.oval:def:44978
An information disclosure vulnerability exists in the Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (ASLR) bypass. An attacker who successfully exploited the vulnerability could retrieve the memory address of a kern ...

oval:org.secpod.oval:def:44979
An information disclosure vulnerability exists in the Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (ASLR) bypass. An attacker who successfully exploited the vulnerability could retrieve the memory address of a kern ...

oval:org.secpod.oval:def:44980
An information disclosure vulnerability exists in the Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (ASLR) bypass. An attacker who successfully exploited the vulnerability could retrieve the memory address of a kern ...

oval:org.secpod.oval:def:44981
An information disclosure vulnerability exists in the Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (ASLR) bypass. An attacker who successfully exploited the vulnerability could retrieve the memory address of a kern ...

oval:org.secpod.oval:def:44982
An information disclosure vulnerability exists in the Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (ASLR) bypass. An attacker who successfully exploited the vulnerability could retrieve the memory address of a kern ...

oval:org.secpod.oval:def:44983
An information disclosure vulnerability exists in the Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (ASLR) bypass. An attacker who successfully exploited the vulnerability could retrieve the memory address of a kern ...

oval:org.secpod.oval:def:44988
A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability ...

oval:org.secpod.oval:def:44989
An elevation of privilege vulnerability exists in Windows Adobe Type Manager Font Driver (ATMFD.dll) when it fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code and take control of an affected system. An attacker could th ...

oval:org.secpod.oval:def:44984
An information disclosure vulnerability exists in the Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (ASLR) bypass. An attacker who successfully exploited the vulnerability could retrieve the memory address of a kern ...

oval:org.secpod.oval:def:44985
An information disclosure vulnerability exists in the Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (ASLR) bypass. An attacker who successfully exploited the vulnerability could retrieve the memory address of a kern ...

oval:org.secpod.oval:def:44986
A denial of service vulnerability exists in Remote Desktop Protocol (RDP) when an attacker connects to the target system using RDP and sends specially crafted requests. An attacker who successfully exploited this vulnerability could cause the RDP service on the target system to stop responding. To e ...

oval:org.secpod.oval:def:44987
A buffer overflow vulnerability exists in the Microsoft JET Database Engine that could allow remote code execution on an affected system. An attacker who successfully exploited this vulnerability could take control of an affected system. An attacker could then install programs; view, change, or dele ...

oval:org.secpod.oval:def:44991
A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploited the vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; o ...

oval:org.secpod.oval:def:44992
A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploited the vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; o ...

oval:org.secpod.oval:def:44993
A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploited the vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; o ...

oval:org.secpod.oval:def:44994
A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploited the vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; o ...

oval:org.secpod.oval:def:44990
An elevation of privilege vulnerability exists when Windows improperly handles objects in memory and incorrectly maps kernel memory. In a local attack scenario, an attacker could exploit this vulnerability by running a specially crafted application to take control over the affected system. An attac ...

oval:org.secpod.oval:def:44995
A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploited the vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; o ...

oval:org.secpod.oval:def:44996
A denial of service vulnerability exists in the way that Windows handles objects in memory. An attacker who successfully exploited the vulnerability could cause a target system to stop responding. Note that the denial of service condition would not allow an attacker to execute code or to elevate use ...

oval:org.secpod.oval:def:44927
A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability c ...

oval:org.secpod.oval:def:44929
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully ex ...

oval:org.secpod.oval:def:44933
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploi ...

oval:org.secpod.oval:def:44934
An information disclosure vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could provide an attacker with information to further compromise the user's computer or data. In ...

oval:org.secpod.oval:def:44935
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully ex ...

oval:org.secpod.oval:def:44936
A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability c ...

oval:org.secpod.oval:def:44930
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully ex ...

oval:org.secpod.oval:def:44931
An information disclosure vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could provide an attacker with information to further compromise the user's computer or data. In a ...

oval:org.secpod.oval:def:44932
An information disclosure vulnerability exists when the scripting engine does not properly handle objects in memory in Internet Explorer. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. In a web-based attack scenario, an atta ...

oval:org.secpod.oval:def:44937
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully ex ...

oval:org.secpod.oval:def:44938
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully ex ...

oval:org.secpod.oval:def:44939
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully ex ...

oval:org.secpod.oval:def:44944
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploi ...

oval:org.secpod.oval:def:44945
A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability c ...

oval:org.secpod.oval:def:44947
A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability c ...

oval:org.secpod.oval:def:44940
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploi ...

oval:org.secpod.oval:def:44941
A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability c ...

oval:org.secpod.oval:def:44943
An information disclosure vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could provide an attacker with information to further compromise the user's computer or data. In ...

oval:org.secpod.oval:def:44948
A remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory. The vulnerability could corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerabilit ...

oval:org.secpod.oval:def:44625
An information disclosure vulnerability exists in the Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (ASLR) bypass. An attacker who successfully exploited the vulnerability could retrieve the memory address of a kern ...

oval:org.secpod.oval:def:44626
An information disclosure vulnerability exists in the Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (ASLR) bypass. An attacker who successfully exploited the vulnerability could retrieve the memory address of a kern ...

oval:org.secpod.oval:def:44627
An information disclosure vulnerability exists in the Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (ASLR) bypass. An attacker who successfully exploited the vulnerability could retrieve the memory address of a kern ...

oval:org.secpod.oval:def:44628
An information disclosure vulnerability exists in the Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (ASLR) bypass. An attacker who successfully exploited the vulnerability could retrieve the memory address of a kern ...

oval:org.secpod.oval:def:44624
An information disclosure vulnerability exists in the Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (ASLR) bypass. An attacker who successfully exploited the vulnerability could retrieve the memory address of a kern ...

oval:org.secpod.oval:def:44629
A security feature bypass vulnerability exists in the Cryptography Next Generation (CNG) kernel-mode driver (cng.sys) when it fails to properly validate and enforce impersonation levels. An attacker could exploit this vulnerability by convincing a user to run a specially crafted application that is ...

oval:org.secpod.oval:def:44630
An information disclosure vulnerability exists in the Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (ASLR) bypass. An attacker who successfully exploited the vulnerability could retrieve the memory address of a kern ...

oval:org.secpod.oval:def:44636
The host is installed with Adobe Flash Player before 29.0.0.113 or flash plugin for IE10, IE 11 or Microsoft Edge and is prone to a Type Confusion vulnerability. A flaw is present in the applications, which fail to handle unspecified vectors. Successful exploitation could lead to Remote Code Executi ...

oval:org.secpod.oval:def:44632
An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delet ...

oval:org.secpod.oval:def:44634
An elevation of privilege vulnerability exists in Windows when the Microsoft Video Control mishandles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in system mode. An attacker could then install programs; view, change, or delete data; or creat ...

oval:org.secpod.oval:def:44635
The host is installed with Adobe Flash Player before 29.0.0.113 or flash plugin for IE10, IE 11 or Microsoft Edge and is prone to a Use After Free vulnerability. A flaw is present in the applications, which fail to handle unspecified vectors. Successful exploitation could lead to Remote Code Executi ...

oval:org.secpod.oval:def:44643
This security update addresses the following vulnerabilities, which are described in Adobe Security Bulletin APSB18-05: CVE-2018-4919 and CVE-2018-4920.

oval:org.secpod.oval:def:45382
An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or ...

oval:org.secpod.oval:def:45387
A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability ...

oval:org.secpod.oval:def:45388
An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new a ...

oval:org.secpod.oval:def:45383
An elevation of privilege vulnerability exists when the DirectX Graphics Kernel (DXGKRNL) driver improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context. To exploit the vulnerability, an attacker would first have to ...

oval:org.secpod.oval:def:45384
An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or ...

oval:org.secpod.oval:def:45385
An elevation of privilege vulnerability exists when the Windows Common Log File System (CLFS) driver improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context. To exploit the vulnerability, an attacker would first have ...

oval:org.secpod.oval:def:45339
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited ...

oval:org.secpod.oval:def:45343
A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited ...

oval:org.secpod.oval:def:45344
An information disclosure vulnerability exists when affected Microsoft browsers improperly handle objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. To exploit the vulnerability, in a web-based attack scenari ...

oval:org.secpod.oval:def:45345
A security feature bypass vulnerability exists when Microsoft Edge improperly handles requests of different origins. The vulnerability allows Microsoft Edge to bypass Same-Origin Policy (SOP) restrictions, and to allow requests that should otherwise be ignored. An attacker who successfully exploited ...

oval:org.secpod.oval:def:45346
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploi ...

oval:org.secpod.oval:def:45340
A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited ...

oval:org.secpod.oval:def:45341
A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited ...

oval:org.secpod.oval:def:45347
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploi ...

oval:org.secpod.oval:def:45349
A security feature bypass vulnerability exists when Internet Explorer fails to validate User Mode Code Integrity (UMCI) policies. The vulnerability could allow an attacker to bypass Device Guard UMCI policies. To exploit the vulnerability, a user could either visit a malicious website or an attacke ...

oval:org.secpod.oval:def:45355
An information disclosure vulnerability exists when Chakra improperly discloses the contents of its memory, which could provide an attacker with information to further compromise the users computer or data. To exploit the vulnerability, an attacker must know the memory address of where the object w ...

oval:org.secpod.oval:def:45356
A remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory. The vulnerability could corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerabilit ...

oval:org.secpod.oval:def:45357
A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that enables an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability ...

oval:org.secpod.oval:def:45352
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully ex ...

oval:org.secpod.oval:def:45353
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited ...

oval:org.secpod.oval:def:45368
A remote code execution vulnerability exists in Microsoft COM for Windows when it fails to properly handle serialized objects. An attacker who successfully exploited the vulnerability could use a specially crafted file or script to perform actions. In an email attack scenario, an attacker could exp ...

oval:org.secpod.oval:def:45369
A security feature bypass vulnerability exists in Windows Scripting Host which could allow an attacker to bypass Device Guard. An attacker who successfully exploited this vulnerability could circumvent a User Mode Code Integrity (UMCI) policy on the machine. To exploit the vulnerability, an attacke ...

oval:org.secpod.oval:def:45370
A security feature bypass vulnerability exists in Windows which could allow an attacker to bypass Device Guard. An attacker who successfully exploited this vulnerability could circumvent a User Mode Code Integrity (UMCI) policy on the machine. To exploit the vulnerability, an attacker would first h ...

oval:org.secpod.oval:def:45376
A security feature bypass vulnerability exists in Windows which could allow an attacker to bypass Device Guard. An attacker who successfully exploited this vulnerability could circumvent a User Mode Code Integrity (UMCI) policy on the machine. To exploit the vulnerability, an attacker would first h ...

oval:org.secpod.oval:def:45377
A security feature bypass vulnerability exists in Windows which could allow an attacker to bypass Device Guard. An attacker who successfully exploited this vulnerability could circumvent a User Mode Code Integrity (UMCI) policy on the machine. To exploit the vulnerability, an attacker would first h ...

oval:org.secpod.oval:def:45378
An elevation of privilege vulnerability exists in the way that the Windows Kernel API enforces permissions. An attacker who successfully exploited the vulnerability could impersonate processes, interject cross-process communication, or interrupt system functionality. To exploit the vulnerability, a ...

oval:org.secpod.oval:def:45379
A remote code execution vulnerability exists in the way that Windows handles objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary code with elevated permissions on a target system. To exploit the vulnerability, an attacker who has a domain user account ...

oval:org.secpod.oval:def:45374
An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or ...

oval:org.secpod.oval:def:45375
An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. To exploit this vulnerability, an attacker would have to log on to ...

oval:org.secpod.oval:def:45332
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully ex ...

oval:org.secpod.oval:def:45406
The host is missing a critical security update according to Adobe advisory, ADV180007. The update is required to fix a type confusion vulnerability. The flaws are present in the application, which fails to properly handle unknown vectors. Successful exploitation allows remote attackers to cause code ...

oval:org.secpod.oval:def:45407
A security feature bypass vulnerability exists in .Net Framework which could allow an attacker to bypass Device Guard. An attacker who successfully exploited this vulnerability could circumvent a User Mode Code Integrity (UMCI) policy on the machine. To exploit the vulnerability, an attacker would f ...

oval:org.secpod.oval:def:45408
A denial of service vulnerability exists when .NET and .NET Core improperly process XML documents. An attacker who successfully exploited this vulnerability could cause a denial of service against a .NET application. A remote unauthenticated attacker could exploit this vulnerability by issuing speci ...

oval:org.secpod.oval:def:45404
The host is installed with Adobe Flash Player before 29.0.0.171 or flash plugin for IE10, IE 11 or Microsoft Edge and is prone to a type confusion vulnerability. A flaw is present in the applications, which fail to handle unspecified vectors. Successful exploitation could lead to arbitrary code exec ...

oval:org.secpod.oval:def:46006
A denial of service vulnerability exists in the way that the Windows Code Integrity Module performs hashing. An attacker who successfully exploited the vulnerability could cause a system to stop responding. Note that the denial of service condition would not allow an attacker to execute code or to ...

oval:org.secpod.oval:def:46005
An elevation of privilege vulnerability exists when NTFS improperly checks access. An attacker who successfully exploited this vulnerability could run processes in an elevated context. To exploit the vulnerability, an attacker would first have to log on to the system, and then run a specially craft ...

oval:org.secpod.oval:def:46000
A security feature bypass vulnerability exists when Microsoft Edge improperly handles requests of different origins. The vulnerability allows Microsoft Edge to bypass Same-Origin Policy (SOP) restrictions, and to allow requests that should otherwise be ignored. An attacker who successfully exploited ...

oval:org.secpod.oval:def:46001
A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that enables an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability ...

oval:org.secpod.oval:def:46009
An elevation of privilege vulnerability exists when the (Human Interface Device) HID Parser Library driver improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context. To exploit the vulnerability, an attacker would firs ...

oval:org.secpod.oval:def:46015
An information disclosure vulnerability exists when Windows allows a normal user to access the Wireless LAN profile of an administrative user. An authenticated attacker who successfully exploited the vulnerability could access the Wireless LAN profile of an administrative user, including passwords f ...

oval:org.secpod.oval:def:46016
A remote code execution vulnerability exists when Windows improperly handles objects in memory. An attacker who successfully exploited these vulnerabilities could take control of an affected system. To exploit the vulnerabilities, an attacker would first have to log on to the target system and then ...

oval:org.secpod.oval:def:46011
A security feature bypass vulnerability exists in Device Guard that could allow an attacker to inject malicious code into a Windows PowerShell session. An attacker who successfully exploited this vulnerability could inject code into a trusted PowerShell process to bypass the Device Guard Code Integr ...

oval:org.secpod.oval:def:46013
An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. To exploit this vulnerability, an attacker would have to log on to ...

oval:org.secpod.oval:def:46012
A denial of service vulnerability exists when Windows improperly handles objects in memory. An attacker who successfully exploited the vulnerability could cause a target system to stop responding. To exploit this vulnerability, an attacker would have to log on to an affected system and run a specia ...

oval:org.secpod.oval:def:46019
A remote code execution vulnerability exists when Windows improperly handles objects in memory. An attacker who successfully exploited these vulnerabilities could take control of an affected system. To exploit the vulnerabilities, an attacker would first have to log on to the target system and then ...

oval:org.secpod.oval:def:46018
A security feature bypass vulnerability exists in Device Guard that could allow an attacker to inject malicious code into a Windows PowerShell session. An attacker who successfully exploited this vulnerability could inject code into a trusted PowerShell process to bypass the Device Guard Code Integr ...

oval:org.secpod.oval:def:46026
A security feature bypass vulnerability exists in Device Guard that could allow an attacker to inject malicious code into a Windows PowerShell session. An attacker who successfully exploited this vulnerability could inject code into a trusted PowerShell process to bypass the Device Guard Code Integr ...

oval:org.secpod.oval:def:46022
A security feature bypass vulnerability exists in Device Guard that could allow an attacker to inject malicious code into a Windows PowerShell session. An attacker who successfully exploited this vulnerability could inject code into a trusted PowerShell process to bypass the Device Guard Code Integr ...

oval:org.secpod.oval:def:46021
A security feature bypass vulnerability exists in Device Guard that could allow an attacker to inject malicious code into a Windows PowerShell session. An attacker who successfully exploited this vulnerability could inject code into a trusted PowerShell process to bypass the Device Guard Code Integr ...

oval:org.secpod.oval:def:46023
A security feature bypass vulnerability exists in Device Guard that could allow an attacker to inject malicious code into a Windows PowerShell session. An attacker who successfully exploited this vulnerability could inject code into a trusted PowerShell process to bypass the Device Guard Code Integr ...

oval:org.secpod.oval:def:45989
The host is missing a critical security update according to advisory ADV180014.

oval:org.secpod.oval:def:45985
The host is installed with Adobe Flash Player before 30.0.0.113 or flash plugin for IE10, IE 11 or Microsoft Edge and is prone to a type confusion vulnerability. A flaw is present in the applications, which fail to handle unspecified vectors. Successful exploitation could lead to arbitrary code exec ...

oval:org.secpod.oval:def:45986
The host is installed with Adobe Flash Player before 30.0.0.113 or flash plugin for IE10, IE 11 or Microsoft Edge and is prone to an integer overflow vulnerability. A flaw is present in the applications, which fail to handle unspecified vectors. Successful exploitation could lead to information disc ...

oval:org.secpod.oval:def:45987
The host is installed with Adobe Flash Player before 30.0.0.113 or flash plugin for IE10, IE 11 or Microsoft Edge and is prone to an out-of-bounds read vulnerability. A flaw is present in the applications, which fail to handle unspecified vectors. Successful exploitation could lead to information di ...

oval:org.secpod.oval:def:45988
The host is installed with Adobe Flash Player before 30.0.0.113 or flash plugin for IE10, IE 11 or Microsoft Edge and is prone to a stack-based buffer overflow vulnerability. A flaw is present in the applications, which fail to handle unspecified vectors. Successful exploitation could lead to arbitr ...

oval:org.secpod.oval:def:45993
A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability c ...

oval:org.secpod.oval:def:45998
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully ex ...

oval:org.secpod.oval:def:45999
An information disclosure vulnerability exists when Microsoft Edge improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. To exploit the vulnerability, in a web-based attack scenario, an attacke ...

oval:org.secpod.oval:def:47089
The host is installed with Adobe Flash Player before 30.0.0.154 and is prone to an out-of-bounds read vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation could allow attackers to cause information disclosure.

oval:org.secpod.oval:def:47088
The host is missing a critical security update according to Microsoft advisory, ADV180020. The update is required to fix multiple vulnerabilities. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation could lead to arbitrary code execution in the co ...

oval:org.secpod.oval:def:47090
The host is installed with Adobe Flash Player before 30.0.0.154 and is prone to a security bypass vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation could allow attackers to cause security mitigation bypass.

oval:org.secpod.oval:def:47092
The host is installed with Adobe Flash Player before 30.0.0.154 and is prone to an out-of-bounds read vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation could allow attackers to cause information disclosure.

oval:org.secpod.oval:def:47091
The host is installed with Adobe Flash Player before 30.0.0.154 and is prone to an out-of-bounds read vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation could allow attackers to cause information disclosure.

oval:org.secpod.oval:def:47093
The host is installed with Adobe Flash Player before 30.0.0.154 and is prone to a privilege escalation vulnerability. A flaw is present in the application, which fails to handle issues in a component with a known vulnerability. Successful exploitation could allow attackers to cause information discl ...

oval:org.secpod.oval:def:47104
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploi ...

oval:org.secpod.oval:def:47103
An information disclosure vulnerability exists when affected Microsoft browsers improperly allow cross-frame interaction. An attacker who successfully exploited this vulnerability could allow an attacker to obtain browser frame or window state from a different domain. For an attack to be successful ...

oval:org.secpod.oval:def:47106
An elevation of privilege vulnerability exists in Microsoft browsers allowing sandbox escape. An attacker who successfully exploited the vulnerability could use the sandbox escape to elevate privileges on an affected system. This vulnerability by itself does not allow arbitrary code execution; howe ...

oval:org.secpod.oval:def:47105
A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited ...

oval:org.secpod.oval:def:47102
A remote code execution vulnerability exists when Internet Explorer improperly validates hyperlinks before loading executable libraries. An attacker who successfully exploited this vulnerability could take control of an affected system. An attacker could then install programs; view, change, or dele ...

oval:org.secpod.oval:def:47101
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully ex ...

oval:org.secpod.oval:def:47108
A information disclosure vulnerability exists when WebAudio Library improperly handles audio requests. An attacker who has successfully exploited this vulnerability might be able to read privileged data across trust boundaries. In browsing scenarios, an attacker could convince a user to visit a mal ...

oval:org.secpod.oval:def:47109
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploi ...

oval:org.secpod.oval:def:47114
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully ex ...

oval:org.secpod.oval:def:47116
A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited ...

oval:org.secpod.oval:def:47111
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploi ...

oval:org.secpod.oval:def:47110
A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited ...

oval:org.secpod.oval:def:47119
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploi ...

oval:org.secpod.oval:def:47128
An elevation of privilege vulnerability exists in the Windows Installer when the Windows Installer fails to properly sanitize input leading to an insecure library loading behavior. A locally authenticated attacker could run arbitrary code with elevated system privileges. An attacker could then inst ...

oval:org.secpod.oval:def:47127
A remote code execution vulnerability exists in "Microsoft COM for Windows" when it fails to properly handle serialized objects. An attacker who successfully exploited the vulnerability could use a specially crafted file or script to perform actions. In an email attack scenario, an attack ...

oval:org.secpod.oval:def:47121
A remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory. The vulnerability could corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerabilit ...

oval:org.secpod.oval:def:47129
A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploited the vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; o ...

oval:org.secpod.oval:def:47130
A remote code execution vulnerability exists in Microsoft Windows that could allow remote code execution if a .LNK file is processed. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user r ...

oval:org.secpod.oval:def:47137
A security feature bypass vulnerability exists in Device Guard that could allow an attacker to inject malicious code into a Windows PowerShell session. An attacker who successfully exploited this vulnerability could inject code into a trusted PowerShell process to bypass the Device Guard Code Integr ...

oval:org.secpod.oval:def:47136
An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit ...

oval:org.secpod.oval:def:47138
A security feature bypass vulnerability exists in Device Guard that could allow an attacker to inject malicious code into a Windows PowerShell session. An attacker who successfully exploited this vulnerability could inject code into a trusted PowerShell process to bypass the Device Guard Code Integr ...

oval:org.secpod.oval:def:47133
An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit ...

oval:org.secpod.oval:def:47132
An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. To exploit this vulnerability, an attacker would have to log on to ...

oval:org.secpod.oval:def:47141
An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. To exploit this vulnerability, an attacker would have to log on to ...

oval:org.secpod.oval:def:47148
An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or ...

oval:org.secpod.oval:def:47147
An elevation of privilege vulnerability exists when the DirectX Graphics Kernel (DXGKRNL) driver improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context. To exploit the vulnerability, an attacker would first have to ...

oval:org.secpod.oval:def:47149
An elevation of privilege vulnerability exists when the DirectX Graphics Kernel (DXGKRNL) driver improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context. To exploit the vulnerability, an attacker would first have to ...

oval:org.secpod.oval:def:47143
An elevation of privilege vulnerability exists in the Network Driver Interface Specification (NDIS) when ndis.sys fails to check the length of a buffer prior to copying memory to it. To exploit the vulnerability, in a local attack scenario, an attacker could run a specially crafted application to e ...

oval:org.secpod.oval:def:47150
An elevation of privilege vulnerability exists when the DirectX Graphics Kernel (DXGKRNL) driver improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context. To exploit the vulnerability, an attacker would first have to ...

oval:org.secpod.oval:def:47153
An information disclosure vulnerability exists in Microsoft .NET Framework that could allow an attacker to access information in multi-tenant environments. The vulnerability is caused when .NET Framework is used in high-load/high-density network connections where content from one stream can blend in ...

oval:org.secpod.oval:def:47216
An attacker who has successfully exploited L1TF may be able to read privileged data across trust boundaries. In shared resource environments (such that exist in some cloud services configurations), this vulnerability could allow one virtual machine to improperly access information from another. An a ...

oval:org.secpod.oval:def:46028
A remote code execution vulnerability exists in Windows Domain Name System (DNS) DNSAPI.dll when it fails to properly handle DNS responses. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the Local System Account. To exploit the vulnerability, the ...

oval:org.secpod.oval:def:46029
A denial of service vulnerability exists in the HTTP 2.0 protocol stack (HTTP.sys) when HTTP.sys improperly parses specially crafted HTTP 2.0 requests. An attacker who successfully exploited the vulnerability could create a denial of service condition, causing the target system to become unresponsiv ...

oval:org.secpod.oval:def:46030
A remote code execution vulnerability exists when HTTP Protocol Stack (Http.sys) improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code and take control of the affected system. To exploit the vulnerability, in most situations, an ...

oval:org.secpod.oval:def:46033
A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory. An attacker who successfully exploited the vulnerability could install programs; view, change, or delete data; or create new accounts with full user rights. There are multiple ways an attack ...

oval:org.secpod.oval:def:46350
A security feature bypass vulnerability exists when Microsoft Internet Explorer improperly handles requests involving UNC resources. An attacker who successfully exploited the vulnerability could force the browser to load data that would otherwise be restricted. In a web-based attack scenario, an ...

oval:org.secpod.oval:def:46355
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploi ...

oval:org.secpod.oval:def:46352
A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited ...

oval:org.secpod.oval:def:46351
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploi ...

oval:org.secpod.oval:def:46354
A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited ...

oval:org.secpod.oval:def:46353
A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited ...

oval:org.secpod.oval:def:46367
A denial of service vulnerability exists in Windows Domain Name System (DNS) DNSAPI.dll when it fails to properly handle DNS responses. An attacker who successfully exploited the vulnerability could cause a system to stop responding. Note that the denial of service condition would not allow an attac ...

oval:org.secpod.oval:def:46366
An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delet ...

oval:org.secpod.oval:def:46369
An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new a ...

oval:org.secpod.oval:def:46368
A security feature bypass vulnerability exists when Microsoft WordPad improperly handles embedded OLE objects. An attacker who successfully exploited the vulnerability could bypass content blocking. In a file-sharing attack scenario, an attacker could provide a specially crafted document file desig ...

oval:org.secpod.oval:def:46365
A security feature bypass vulnerability exists in Device Guard that could allow an attacker to inject malicious code into a Windows PowerShell session. An attacker who successfully exploited this vulnerability could inject code into a trusted PowerShell process to bypass the Device Guard Code Integr ...

oval:org.secpod.oval:def:46364
A denial of service vulnerability exists when Windows improperly handles File Transfer Protocol (FTP) connections. An attacker who successfully exploited the vulnerability could cause a target system to stop responding. To exploit the vulnerability, an unauthenticated attacker could send specially ...

oval:org.secpod.oval:def:46370
A denial of service vulnerability exists when Windows improperly handles objects in memory. An attacker who successfully exploited the vulnerability could cause a target system to stop responding. To exploit this vulnerability, an attacker would have to log on to an affected system and run a specia ...

oval:org.secpod.oval:def:46371
An elevation of privilege vulnerability exists in the way that the Windows Kernel API enforces permissions. An attacker who successfully exploited the vulnerability could impersonate processes, interject cross-process communication, or interrupt system functionality. To exploit the vulnerability, a ...

oval:org.secpod.oval:def:46378
The host is installed with Adobe Flash Player before 30.0.0.134 and is prone to a type confusion vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation could allow attackers to cause arbitrary code exection.

oval:org.secpod.oval:def:46377
The host is installed with Adobe Flash Player before 30.0.0.134 and is prone to an out-of-bounds read vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation could lead to information disclosure.

oval:org.secpod.oval:def:46374
A security feature bypass vulnerability exists when Microsoft .NET Framework components do not correctly validate certificates. An attacker could present expired certificates when challenged. The security update addresses the vulnerability by ensuring that .NET Framework components correctly validat ...

oval:org.secpod.oval:def:46373
An elevation of privilege vulnerability exists in .NET Framework which could allow an attacker to elevate their privilege level. To exploit the vulnerability, an attacker would first have to access the local machine, and then run a malicious program. The update addresses the vulnerability by correct ...

oval:org.secpod.oval:def:46375
A remote code execution vulnerability exists when the Microsoft .NET Framework fails to validate input properly. An attacker who successfully exploited this vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new ac ...

oval:org.secpod.oval:def:46380
The host is missing a critical security update according to Microsoft advisory, ADV180017. The update is required to fix an out-of-bounds read vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation could lead to information disclosure.

oval:org.secpod.oval:def:46334
A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that enables an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability ...

oval:org.secpod.oval:def:46344
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully ex ...

oval:org.secpod.oval:def:46341
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully ex ...

oval:org.secpod.oval:def:47913
An information disclosure vulnerability exists when the Windows TCP/IP stack improperly handles fragmented IP packets. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. To exploit this vulnerability, an attacker would have to ...

oval:org.secpod.oval:def:47218
An attacker who has successfully exploited L1TF may be able to read privileged data across trust boundaries. In shared resource environments (such that exist in some cloud services configurations), this vulnerability could allow one virtual machine to improperly access information from another. An a ...

oval:org.secpod.oval:def:47217
An attacker who has successfully exploited L1TF may be able to read privileged data across trust boundaries. In shared resource environments (such that exist in some cloud services configurations), this vulnerability could allow one virtual machine to improperly access information from another. An a ...

oval:org.secpod.oval:def:47219
An attacker who has successfully exploited L1TF may be able to read privileged data across trust boundaries. In shared resource environments (such that exist in some cloud services configurations), this vulnerability could allow one virtual machine to improperly access information from another. An a ...

oval:org.secpod.oval:def:47438
A buffer overflow vulnerability exists in the Microsoft JET Database Engine that could allow remote code execution on an affected system. An attacker who successfully exploited this vulnerability could take control of an affected system. An attacker could then install programs; view, change, or dele ...

oval:org.secpod.oval:def:47437
A buffer overflow vulnerability exists in the Microsoft JET Database Engine that could allow remote code execution on an affected system. An attacker who successfully exploited this vulnerability could take control of an affected system. An attacker could then install programs; view, change, or dele ...

oval:org.secpod.oval:def:47439
An elevation of privilege vulnerability exists when the Windows Kernel API improperly handles registry objects in memory. An attacker who successfully exploited the vulnerability could gain elevated privileges on a targeted system. A locally authenticated attacker could exploit this vulnerability by ...

oval:org.secpod.oval:def:47444
An information disclosure vulnerability exists when the Windows Graphics component improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. An authenticated attacker could exploit this vulnerabili ...

oval:org.secpod.oval:def:47441
A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input. An attacker who successfully exploited the vulnerability could run malicious code remotely to take control of the users system. To exploit the vulnerability, an attacker could host a ...

oval:org.secpod.oval:def:47440
An information disclosure vulnerability exists when the Windows kernel fails to properly initialize a memory address. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. To exploit this vulnerability, an attacker would have to lo ...

oval:org.secpod.oval:def:47443
An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit t ...

oval:org.secpod.oval:def:47449
A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system. An attacker who successfully exploited the vulnerability could cause the host server to crash. To exploit the vulnerabi ...

oval:org.secpod.oval:def:47458
A security feature bypass exists when Device Guard incorrectly validates an untrusted file. An attacker who successfully exploited this vulnerability could make an unsigned file appear to be signed. Because Device Guard relies on the signature to determine the file is non-malicious, Device Guard cou ...

oval:org.secpod.oval:def:47457
An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. To exploit this vulnerability, an attacker would have to log on to a ...

oval:org.secpod.oval:def:47451
An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (ALPC). An attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the local system. An attacker could then install programs; view, ...

oval:org.secpod.oval:def:47454
An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. An authenticated attacker could exploit this vulnerability by runnin ...

oval:org.secpod.oval:def:47453
An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. An authenticated attacker could exploit this vulnerability by runnin ...

oval:org.secpod.oval:def:47461
An elevation of privilege vulnerability exists when Windows, allowing a sandbox escape. An attacker who successfully exploited the vulnerability could use the sandbox escape to elevate privileges on an affected system. This vulnerability by itself does not allow arbitrary code execution. However, th ...

oval:org.secpod.oval:def:47460
An elevation of privilege vulnerability exists when the DirectX Graphics Kernel (DXGKRNL) driver improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context. To exploit the vulnerability, an attacker would first have to l ...

oval:org.secpod.oval:def:47463
A remote code execution vulnerability exists when Microsoft .NET Framework processes untrusted input. An attacker who successfully exploited this vulnerability in software using the .NET framework could take control of an affected system. An attacker could then install programs; view, change, or del ...

oval:org.secpod.oval:def:47462
A remote code execution vulnerability exists when Windows does not properly handle specially crafted image files. An attacker who successfully exploited the vulnerability could execute arbitrary code. To exploit the vulnerability, an attacker would have to convince a user to download an image file. ...

oval:org.secpod.oval:def:47409
An information disclosure vulnerability exists when the browser scripting engine improperly handle object types. An attacker who has successfully exploited this vulnerability might be able to read privileged data across trust boundaries. In browsing scenarios, an attacker could convince a user to vi ...

oval:org.secpod.oval:def:47408
The host is installed with Adobe Flash Player before 31.0.0.108 and is prone to a privilege escalation vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation could allow attackers to cause information disclosure.

oval:org.secpod.oval:def:47406
The host is missing an important security update according to Microsoft advisory, ADV180023. The update is required to fix multiple vulnerabilities. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation could lead to information disclosure.

oval:org.secpod.oval:def:47412
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully ex ...

oval:org.secpod.oval:def:47414
A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability c ...

oval:org.secpod.oval:def:47413
A spoofing vulnerability exists when Microsoft Edge improperly handles specific HTML content. An attacker who successfully exploited this vulnerability could trick a user into believing that the user was on a legitimate website. The specially crafted website could either spoof content or serve as a ...

oval:org.secpod.oval:def:47410
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited ...

oval:org.secpod.oval:def:47415
An information disclosure vulnerability exists when the scripting engine does not properly handle objects in memory in Microsoft browsers. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. In a web-based attack scenario, an atta ...

oval:org.secpod.oval:def:47417
A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited ...

oval:org.secpod.oval:def:47423
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully ex ...

oval:org.secpod.oval:def:47424
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully ex ...

oval:org.secpod.oval:def:47421
An remote code execution vulnerability exists when Microsoft Edge PDF Reader improperly handles objects in memory. The vulnerability could corrupt memory in such a way that enables an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vu ...

oval:org.secpod.oval:def:47427
A security feature bypass vulnerability exists in Internet Explorer due to how scripts are handled that allows a universal cross-site scripting (UXSS) condition. An attacker could use the UXSS vulnerability to access any session belonging to web pages currently opened (or cached) by the browser at t ...

oval:org.secpod.oval:def:47426
An elevation of privilege vulnerability exists in Microsoft Edge that could allow an attacker to escape from the AppContainer sandbox in the browser. An attacker who successfully exploited this vulnerability could gain elevated privileges and break out of the Edge AppContainer sandbox. The vulnerabi ...

oval:org.secpod.oval:def:47434
A denial of service vulnerability exists in the Microsoft Server Block Message (SMB) when an attacker sends specially crafted requests to the server. An attacker who exploited this vulnerability could cause the affected system to crash. To attempt to exploit this issue, an attacker would need to sen ...

oval:org.secpod.oval:def:47433
A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; ...

oval:org.secpod.oval:def:47432
An information disclosure vulnerability exists in Windows when the Windows bowser.sys kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could potentially disclose contents of System memory. To exploit this vulnerability, an attack ...

oval:org.secpod.oval:def:47526
The host is missing an important security update according to MS advisory ADV180022.

oval:org.secpod.oval:def:47525
Microsoft is aware of a denial of service vulnerability (named "FragmentSmack" CVE-2018-5391) affecting Windows systems. An attacker could send many 8-byte sized IP fragments with random starting offsets, but withhold the last fragment and exploit the worst-case complexity of linked lists in reassem ...

oval:org.secpod.oval:def:49098
A remote code execution vulnerability exists when Windows Search handles objects in memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full use ...

oval:org.secpod.oval:def:49095
An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory. To exploit this vulnerability, an authenticated attacker could run a specially crafted application. An attacker who successfully exploited this vulnerability could obtain information to ...

oval:org.secpod.oval:def:49106
A remote code execution vulnerability exists in the way that Microsoft Graphics Components handle objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary code on a target system. To exploit the vulnerability, a user would have to open a specially crafted ...

oval:org.secpod.oval:def:49111
An information disclosure vulnerability exists when the win32k component improperly provides kernel information. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. To exploit this vulnerability, an attacker would have to log on ...

oval:org.secpod.oval:def:50728
An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or ...

oval:org.secpod.oval:def:51361
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited ...

oval:org.secpod.oval:def:50961
An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory. To exploit this vulnerability, an authenticated attacker could run a specially crafted application. An attacker who successfully exploited this vulnerability could obtain information to f ...

oval:org.secpod.oval:def:55341
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully ex ...

oval:org.secpod.oval:def:57269
An elevation of privilege vulnerability exists when DirectX improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full ...

oval:org.secpod.oval:def:57275
An elevation of privilege vulnerability exists in Microsoft Windows where a certain dll, with Local Service privilege, is vulnerable to race planting a customized dll.An attacker who successfully exploited this vulnerability could potentially elevate privilege to SYSTEM.The update addresses this vul ...

oval:org.secpod.oval:def:57887
A memory corruption vulnerability exists in the Windows DHCP client when an attacker sends specially crafted DHCP responses to a client. An attacker who successfully exploited the vulnerability could run arbitrary code on the client machine.To exploit the vulnerability, an attacker could send specia ...

oval:org.secpod.oval:def:58467
An information disclosure vulnerability exists when DirectX improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system.An authenticated attacker could exploit this vulnerability by running a speciall ...

oval:org.secpod.oval:def:59668
An elevation of privilege vulnerability exists when the Windows Graphics Component improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context.In a local attack scenario, an attacker could exploit this vulnerability by ru ...

oval:org.secpod.oval:def:60643
An information disclosure vulnerability exists when the Microsoft Windows Graphics Component improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system.To exploit this vulnerability, an attacker would ...

oval:org.secpod.oval:def:59867
An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or ...

oval:org.secpod.oval:def:61239
An information disclosure vulnerability exists when the win32k component improperly provides kernel information. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system.To exploit this vulnerability, an attacker would have to log on to ...

oval:org.secpod.oval:def:61309
An elevation of privilege vulnerability exists when DirectX improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full ...

oval:org.secpod.oval:def:61305
An elevation of privilege vulnerability exists when DirectX improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full ...

oval:org.secpod.oval:def:61871
An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory, allowing an attacker to retrieve information from a targeted system. By itself, the information disclosure does not allow arbitrary code execution; however, it could ...

oval:org.secpod.oval:def:61897
A denial of service vulnerability exists when the Windows Tile Object Service improperly handles hard links. An attacker who successfully exploited the vulnerability could cause a target system to stop responding.To exploit this vulnerability, an attacker would have to log on to an affected system a ...

oval:org.secpod.oval:def:73771
Microsoft Windows Media Foundation Remote Code Execution Vulnerability

oval:org.secpod.oval:def:89692
Secure Boot Security Feature Bypass Vulnerability. An attacker who successfully exploited this vulnerability could bypass Secure Boot.

oval:org.secpod.oval:def:47904
An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or ...

oval:org.secpod.oval:def:47903
A remote code execution vulnerability exists in the Microsoft JET Database Engine. An attacker who successfully exploited this vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. ...

oval:org.secpod.oval:def:47906
An information disclosure vulnerability exists when Windows Media Player improperly discloses file information. Successful exploitation of the vulnerability could allow an attacker to determine the presence of files on disk. To exploit the vulnerability, a user would have to open a specially crafte ...

oval:org.secpod.oval:def:47905
An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory, allowing an attacker to retrieve information from a targeted system. By itself, the information disclosure does not allow arbitrary code execution; however, it could ...

oval:org.secpod.oval:def:47900
An Elevation of Privilege vulnerability exists in Filter Manager when it improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute elevated code and take control of an affected system. An attacker could then install programs; view, change, or delet ...

oval:org.secpod.oval:def:47902
A remote code execution vulnerability exists when "Windows Theme API" does not properly decompress files. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, ...

oval:org.secpod.oval:def:47901
An elevation of privilege vulnerability exists when NTFS improperly checks access. An attacker who successfully exploited this vulnerability could run processes in an elevated context. To exploit the vulnerability, an attacker would first have to log on to the system, and then run a specially craft ...

oval:org.secpod.oval:def:47908
An elevation of privilege vulnerability exists when the DirectX Graphics Kernel (DXGKRNL) driver improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context. To exploit the vulnerability, an attacker would first have to ...

oval:org.secpod.oval:def:47907
An information disclosure vulnerability exists when Windows Media Player improperly discloses file information. Successful exploitation of the vulnerability could allow an attacker to determine the presence of files on disk. To exploit the vulnerability, a user would have to open a specially crafte ...

oval:org.secpod.oval:def:47909
An information disclosure vulnerability exists when DirectX improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. An authenticated attacker could exploit this vulnerability by running a specia ...

oval:org.secpod.oval:def:49679
A remote code execution vulnerability exists when the Internet Explorer VBScript execution policy does not properly restrict VBScript under specific conditions. An attacker who exploited the vulnerability could run arbitrary code with medium-integrity level privileges (the permissions of the current ...

oval:org.secpod.oval:def:49677
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully ex ...

oval:org.secpod.oval:def:49682
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully ex ...

oval:org.secpod.oval:def:49683
A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability c ...

oval:org.secpod.oval:def:49681
A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability ...

oval:org.secpod.oval:def:49684
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploi ...

oval:org.secpod.oval:def:49693
An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit t ...

oval:org.secpod.oval:def:49691
An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. To exploit this vulnerability, an attacker would have to log on to a ...

oval:org.secpod.oval:def:49692
An information disclosure vulnerability exists when Remote Procedure Call runtime improperly initializes objects in memory. To exploit this vulnerability, an authenticated attacker could run a specially crafted application. An attacker who successfully exploited this vulnerability could obtain infor ...

oval:org.secpod.oval:def:47914
A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input. An attacker who successfully exploited the vulnerability could run malicious code remotely to take control of the users system. To exploit the vulnerability, an attacker could host a ...

oval:org.secpod.oval:def:47911
A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system. To exploit the vulnerability, an attacker could run a specially crafted application on a guest operating system that could cause ...

oval:org.secpod.oval:def:47910
A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system. To exploit the vulnerability, an attacker could run a specially crafted application on a guest operating system that could cause ...

oval:org.secpod.oval:def:49080
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully ex ...

oval:org.secpod.oval:def:49081
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully ex ...

oval:org.secpod.oval:def:49088
A spoofing vulnerability exists when Microsoft Edge improperly handles specific HTML content. An attacker who successfully exploited this vulnerability could trick a user into believing that the user was on a legitimate website. The specially crafted website could either spoof content or serve as a ...

oval:org.secpod.oval:def:49086
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully ex ...

oval:org.secpod.oval:def:49087
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully ex ...

oval:org.secpod.oval:def:49084
An information disclosure vulnerability exists when VBScript improperly discloses the contents of its memory, which could provide an attacker with information to further compromise the users computer or data. To exploit the vulnerability, an attacker must know the memory address of where the object ...

oval:org.secpod.oval:def:49085
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully ex ...

oval:org.secpod.oval:def:49091
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully ex ...

oval:org.secpod.oval:def:49092
A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability ...

oval:org.secpod.oval:def:49097
A security feature bypass vulnerability exists in Microsoft JScript that could allow an attacker to bypass Device Guard. To exploit the vulnerability, an attacker would first have to access the local machine, and run a specially crafted application to create arbitrary COM objects. The update addre ...

oval:org.secpod.oval:def:49096
A tampering vulnerability exists in PowerShell that could allow an attacker to execute unlogged code. To exploit this vulnerability, an attacker would need to log on to the affected system and run a specially crafted application. The security update addresses the vulnerability by correcting log mana ...

oval:org.secpod.oval:def:49093
A remote code execution vulnerability exists when PowerShell improperly handles specially crafted files. An attacker who successfully exploited this vulnerability could execute malicious code on a vulnerable system. To exploit the vulnerability, an attacker must send a specially crafted file to a vu ...

oval:org.secpod.oval:def:49094
An information disclosure vulnerability exists when Kernel Remote Procedure Call Provider driver improperly initializes objects in memory. To exploit this vulnerability, an authenticated attacker could run a specially crafted application. An attacker who successfully exploited this vulnerability co ...

oval:org.secpod.oval:def:46003
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploi ...

oval:org.secpod.oval:def:49198
The host is missing a critical security update according to Microsoft advisory, ADV180030. The update is required to fix a type confusion vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation could allow attackers to cause arbitrary c ...

oval:org.secpod.oval:def:49197
The host is installed with Adobe Flash Player before 31.0.0.153 or flash plugin for IE10, IE 11 or Microsoft Edge and is prone to a type confusion vulnerability. A flaw is present in the applications, which fail to handle unspecified vectors. Successful exploitation could lead to arbitrary code exec ...

oval:org.secpod.oval:def:49100
An elevation of privilege vulnerability exists in the way that the Microsoft RemoteFX Virtual GPU miniport driver handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. To exploit the vulnerability, a locally authenticated a ...

oval:org.secpod.oval:def:49108
An elevation of privilege vulnerability exists when DirectX improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full ...

oval:org.secpod.oval:def:49105
An elevation of privilege exists in Windows COM Aggregate Marshaler. An attacker who successfully exploited the vulnerability could run arbitrary code with elevated privileges. To exploit the vulnerability, an attacker could run a specially crafted application that could exploit the vulnerability. ...

oval:org.secpod.oval:def:49104
A security feature bypass exists when Windows incorrectly validates kernel driver signatures. An attacker who successfully exploited this vulnerability could bypass security features and load improperly signed drivers into the kernel. In an attack scenario, an attacker could bypass security feature ...

oval:org.secpod.oval:def:49102
An elevation of privilege vulnerability exists when DirectX improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full ...

oval:org.secpod.oval:def:49109
An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or ...

oval:org.secpod.oval:def:49116
The host is missing a important security update according to Microsoft advisory, ADV180025. The update is required to fix multiple vulnerabilities. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation could allow attackers to obtain sensitive infor ...

oval:org.secpod.oval:def:49117
The host is installed with Adobe Flash Player before 31.0.0.148 or flash plugin for IE10, IE 11 or Microsoft Edge and is prone to a Out-of-bounds Read vulnerability. A flaw is present in the applications, which fail to handle unspecified vectors. Successful exploitation could lead to information dis ...

oval:org.secpod.oval:def:49112
An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (ALPC). An attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the local system. An attacker could then install programs; view ...

oval:org.secpod.oval:def:49301
The host is installed with Adobe Flash Player before 32.0.0.101 or flash plugin for IE10, IE 11 or Microsoft Edge and is prone to a use after free vulnerability. A flaw is present in the applications, which fail to handle unspecified vectors. Successful exploitation could lead to arbitrary code exec ...

oval:org.secpod.oval:def:49302
The host is installed with Adobe Flash Player before 32.0.0.101 or flash plugin for IE10, IE 11 or Microsoft Edge and is prone to a DLL hijacking vulnerability. A flaw is present in the applications, which fail to handle unspecified vectors. Successful exploitation could allow attackers to obtain se ...

oval:org.secpod.oval:def:49300
The host is missing a critical security update according to Microsoft advisory, ADV180031. The update is required to fix multiple vulnerabilities. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation could allow attackers to cause remote code exec ...

oval:org.secpod.oval:def:44619
A remote code execution vulnerability exists in the Credential Security Support Provider protocol (CredSSP). An attacker who successfully exploited this vulnerability could relay user credentials and use them to execute code on the target system. CredSSP is an authentication provider which processe ...

oval:org.secpod.oval:def:47885
A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability c ...

oval:org.secpod.oval:def:47886
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully ex ...

oval:org.secpod.oval:def:47883
A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability c ...

oval:org.secpod.oval:def:47899
An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. To exploit this vulnerability, an attacker would have to log on to ...

oval:org.secpod.oval:def:49694
An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit t ...

oval:org.secpod.oval:def:49695
An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector Service improperly impersonates certain file operations. An attacker who successfully exploited this vulnerability could gain elevated privileges. An attacker with unprivileged access to a vulnerable system co ...

oval:org.secpod.oval:def:49696
An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new a ...

oval:org.secpod.oval:def:49701
A remote code execution vulnerability exists in Windows where Microsoft text-to-speech fails to properly handle objects in the memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete ...

oval:org.secpod.oval:def:49705
An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delet ...

oval:org.secpod.oval:def:49704
An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or ...

oval:org.secpod.oval:def:50052
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully ex ...

oval:org.secpod.oval:def:50054
An elevation of privilege vulnerability exists in Microsoft Edge Browser Broker COM object. An attacker who successfully exploited the vulnerability could use the Browser Broker COM object to elevate privileges on an affected system. This vulnerability by itself does not allow arbitrary code executi ...

oval:org.secpod.oval:def:50055
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully ex ...

oval:org.secpod.oval:def:50057
A remote code execution vulnerability exists in the way that the MSHTML engine inproperly validates input. An attacker could execute arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnera ...

oval:org.secpod.oval:def:50070
An information disclosure vulnerability exists in .NET Framework and .NET Core which allows bypassing Cross-origin Resource Sharing (CORS) configurations. An attacker who successfully exploited the vulnerability could retrieve content, that is normally restricted, from a web application.

oval:org.secpod.oval:def:50071
An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. To exploit this vulnerability, an attacker would have to log on to a ...

oval:org.secpod.oval:def:50072
A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open ...

oval:org.secpod.oval:def:50073
An elevation of privilege vulnerability exists when Windows improperly handles authentication requests. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could exploit this vulnerability by running a specially crafted application on the ...

oval:org.secpod.oval:def:50075
An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. To exploit this vulnerability, an attacker would have to log on to a ...

oval:org.secpod.oval:def:50080
An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. To exploit this vulnerability, an attacker would have to log on to a ...

oval:org.secpod.oval:def:50081
An elevation of privilege vulnerability exists in the Microsoft XmlDocument class that could allow an attacker to escape from the AppContainer sandbox in the browser. An attacker who successfully exploited this vulnerability could gain elevated privileges and break out of the Edge AppContainer sandb ...

oval:org.secpod.oval:def:50082
An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. An authenticated attacker could exploit this vulnerability by runnin ...

oval:org.secpod.oval:def:50083
An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in an elevated context. An attacker could exploit this vulnerability by running a specially crafted applica ...

oval:org.secpod.oval:def:50084
An elevation of privilege vulnerability exists when the Windows Data Sharing Service improperly handles file operations. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could exploit this vulnerability by running a specially crafted a ...

oval:org.secpod.oval:def:50085
An elevation of privilege vulnerability exists when the Windows Data Sharing Service improperly handles file operations. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could exploit this vulnerability by running a specially crafted a ...

oval:org.secpod.oval:def:50086
An elevation of privilege vulnerability exists when the Windows Data Sharing Service improperly handles file operations. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could exploit this vulnerability by running a specially crafted a ...

oval:org.secpod.oval:def:50087
An elevation of privilege vulnerability exists when the Windows Data Sharing Service improperly handles file operations. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could exploit this vulnerability by running a specially crafted a ...

oval:org.secpod.oval:def:50078
An elevation of privilege exists in Windows COM Desktop Broker. An attacker who successfully exploited the vulnerability could run arbitrary code with elevated privileges. To exploit the vulnerability, an attacker could run a specially crafted application that could exploit the vulnerability. This v ...

oval:org.secpod.oval:def:50002
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploi ...

oval:org.secpod.oval:def:50090
A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open ...

oval:org.secpod.oval:def:50091
A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open ...

oval:org.secpod.oval:def:50092
A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open ...

oval:org.secpod.oval:def:50093
A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open ...

oval:org.secpod.oval:def:50088
A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open ...

oval:org.secpod.oval:def:50089
A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open ...

oval:org.secpod.oval:def:50690
An information disclosure vulnerability exists when Internet Explorer improperly handles objects in memory. An attacker who successfully exploited this vulnerability could test for the presence of files on disk. For an attack to be successful, an attacker must persuade a user to open a malicious web ...

oval:org.secpod.oval:def:50685
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited ...

oval:org.secpod.oval:def:50686
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited ...

oval:org.secpod.oval:def:50687
A spoofing vulnerability exists when Microsoft browsers improperly handles specific redirects. An attacker who successfully exploited this vulnerability could trick a user into believing that the user was on a legitimate website. The specially crafted website could either spoof content or serve as a ...

oval:org.secpod.oval:def:50688
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited ...

oval:org.secpod.oval:def:50670
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited ...

oval:org.secpod.oval:def:50666
The host is installed with Adobe Flash Player through 32.0.0.114 or flash plugin for IE10, IE 11 or Microsoft Edge and is prone to an out-of-bounds read vulnerability. A flaw is present in the applications, which fail to handle unspecified vectors. Successful exploitation could allow attackers to ob ...

oval:org.secpod.oval:def:50667
The host is missing a critical security update according to Microsoft advisory, ADV190003. The update is required to fix an out-of-bounds read vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation could allow attackers to obtain sensi ...

oval:org.secpod.oval:def:50668
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited ...

oval:org.secpod.oval:def:50669
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited ...

oval:org.secpod.oval:def:50681
A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that enables an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability ...

oval:org.secpod.oval:def:50671
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited ...

oval:org.secpod.oval:def:50672
A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability c ...

oval:org.secpod.oval:def:50678
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited ...

oval:org.secpod.oval:def:50720
An information disclosure vulnerability exists when the Human Interface Devices (HID) component improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the victims system. To exploit the vulnerability, an attacker ...

oval:org.secpod.oval:def:50721
An information disclosure vulnerability exists when the Human Interface Devices (HID) component improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the victims system. To exploit the vulnerability, an attacker ...

oval:org.secpod.oval:def:50722
An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit t ...

oval:org.secpod.oval:def:50723
An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit t ...

oval:org.secpod.oval:def:50724
An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit t ...

oval:org.secpod.oval:def:50725
A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delet ...

oval:org.secpod.oval:def:50726
An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit t ...

oval:org.secpod.oval:def:50727
An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. To exploit this vulnerability, an attacker would have to log on to a ...

oval:org.secpod.oval:def:50729
A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open ...

oval:org.secpod.oval:def:50730
A security feature bypass vulnerability exists in Windows which could allow an attacker to bypass Device Guard. An attacker who successfully exploited this vulnerability could circumvent a User Mode Code Integrity (UMCI) policy on the machine. To exploit the vulnerability, an attacker would first ha ...

oval:org.secpod.oval:def:50731
An information disclosure vulnerability exists when the win32k component improperly provides kernel information. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. To exploit this vulnerability, an attacker would have to log on t ...

oval:org.secpod.oval:def:50732
A security feature bypass vulnerability exists in Windows which could allow an attacker to bypass Device Guard. An attacker who successfully exploited this vulnerability could circumvent a User Mode Code Integrity (UMCI) policy on the machine. To exploit the vulnerability, an attacker would first ha ...

oval:org.secpod.oval:def:50733
A security feature bypass vulnerability exists in Windows which could allow an attacker to bypass Device Guard. An attacker who successfully exploited this vulnerability could circumvent a User Mode Code Integrity (UMCI) policy on the machine. To exploit the vulnerability, an attacker would first ha ...

oval:org.secpod.oval:def:50734
An information vulnerability exists when Windows improperly discloses file information. Successful exploitation of the vulnerability could allow the attacker to read the contents of files on disk. To exploit the vulnerability, an attacker would have to log onto an affected system and run a specially ...

oval:org.secpod.oval:def:50736
An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new a ...

oval:org.secpod.oval:def:50737
An elevation of privilege vulnerability exists when the Storage Service improperly handles file operations. An attacker who successfully exploited this vulnerability could gain elevated privileges on the victim system. To exploit the vulnerability, an attacker would first have to gain execution on t ...

oval:org.secpod.oval:def:50738
An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit t ...

oval:org.secpod.oval:def:50740
A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delet ...

oval:org.secpod.oval:def:50709
A remote code execution vulnerability exists in .NET Framework and Visual Studio software when the software fails to check the source markup of a file. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged ...

oval:org.secpod.oval:def:50710
A vulnerability exists in certain .Net Framework API's and Visual Studio in the way they parse URL's. An attacker who successfully exploited this vulnerability could use it to bypass security logic intended to ensure that a user-provided URL belonged to a specific hostname or a subdomain of that hos ...

oval:org.secpod.oval:def:50711
A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 2.0 (SMBv2) server handles certain requests. An attacker who successfully exploited the vulnerability could gain the ability to execute code on the target server. To exploit the vulnerability, in most sit ...

oval:org.secpod.oval:def:50712
A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 2.0 (SMBv2) server handles certain requests. An attacker who successfully exploited the vulnerability could gain the ability to execute code on the target server. To exploit the vulnerability, in most si ...

oval:org.secpod.oval:def:50713
A memory corruption vulnerability exists in the Windows Server DHCP service when an attacker sends specially crafted packets to a DHCP server. An attacker who successfully exploited the vulnerability could run arbitrary code on the DHCP server. To exploit the vulnerability, an attacker could send a ...

oval:org.secpod.oval:def:50714
An information disclosure vulnerability exists when Windows Hyper-V on a host operating system fails to properly validate input from an authenticated user on a guest operating system. To exploit the vulnerability, an attacker on a guest operating system could run a specially crafted application that ...

oval:org.secpod.oval:def:50715
A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open ...

oval:org.secpod.oval:def:50716
A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open ...

oval:org.secpod.oval:def:50717
A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open ...

oval:org.secpod.oval:def:50718
A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open ...

oval:org.secpod.oval:def:50719
A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open ...

oval:org.secpod.oval:def:51350
A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability ...

oval:org.secpod.oval:def:51352
A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability ...

oval:org.secpod.oval:def:51351
A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability ...

oval:org.secpod.oval:def:51346
A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited ...

oval:org.secpod.oval:def:51354
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploi ...

oval:org.secpod.oval:def:51355
An information disclosure vulnerability exists when the scripting engine does not properly handle objects in memory in Microsoft Edge. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user's system. In a web-based attack scenario, an attacke ...

oval:org.secpod.oval:def:50094
A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open ...

oval:org.secpod.oval:def:50095
A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open ...

oval:org.secpod.oval:def:50096
A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open ...

oval:org.secpod.oval:def:50097
A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open ...

oval:org.secpod.oval:def:50421
The host is missing an update according to Microsoft advisory, ADV190001.

oval:org.secpod.oval:def:51383
A denial of service vulnerability exists when Microsoft Hyper-V on a host server fails to properly validate input from a privileged user on a guest operating system. To exploit the vulnerability, an attacker who already has a privileged account on a guest operating system, running as a virtual machi ...

oval:org.secpod.oval:def:51375
A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to ope ...

oval:org.secpod.oval:def:51379
A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system. An attacker who successfully exploited the vulnerability could cause the host server to crash. To exploit the vulnerab ...

oval:org.secpod.oval:def:51390
An information disclosure vulnerability exists in the way that the Windows SMB Server handles certain requests. An authenticated attacker who successfully exploited this vulnerability could craft a special packet, which could lead to information disclosure from the server. To exploit the vulnerabil ...

oval:org.secpod.oval:def:51392
A denial of service vulnerability exists when Windows improperly handles objects in memory. An attacker who successfully exploited the vulnerability could cause a target system to stop responding. To exploit this vulnerability, an attacker would have to log on to an affected system and run a specia ...

oval:org.secpod.oval:def:51394
A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input. An attacker who successfully exploited the vulnerability could run malicious code remotely to take control of the users system. To exploit the vulnerability, an attacker could host a ...

oval:org.secpod.oval:def:51393
An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. To exploit this vulnerability, an attacker would have to log on to ...

oval:org.secpod.oval:def:51396
A remote code execution vulnerability exists in the way that comctl32.dll handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could g ...

oval:org.secpod.oval:def:51395
An information disclosure vulnerability exists when the Windows Print Spooler does not properly handle objects in memory. An attacker who successfully exploited this vulnerability could use the information to further exploit the victim system. To exploit this vulnerability, an attacker would have t ...

oval:org.secpod.oval:def:51389
An information disclosure vulnerability exists in the way that the Windows SMB Server handles certain requests. An authenticated attacker who successfully exploited this vulnerability could craft a special packet, which could lead to information disclosure from the server. To exploit the vulnerabil ...

oval:org.secpod.oval:def:51388
An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the users system. To exploit this vulnerability, an attacker would have to log on to ...

oval:org.secpod.oval:def:51398
An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory. To exploit this vulnerability, an authenticated attacker could run a specially crafted application. An attacker who successfully exploited this vulnerability could obtain information to ...

oval:org.secpod.oval:def:51399
A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability ...

oval:org.secpod.oval:def:51360
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited ...

oval:org.secpod.oval:def:51363
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited ...

oval:org.secpod.oval:def:51362
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited ...

oval:org.secpod.oval:def:51356
A security feature bypass vulnerability exists when Internet Explorer fails to validate the correct Security Zone of requests for specific URLs. This could allow an attacker to cause a user to access a URL in a less restricted Internet Security Zone than intended. To exploit this vulnerability, an a ...

oval:org.secpod.oval:def:51358
A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability c ...

oval:org.secpod.oval:def:51372
The host is missing a low security update according to Microsoft advisory, ADV190008.

oval:org.secpod.oval:def:51374
An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit ...

oval:org.secpod.oval:def:51365
A remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory. The vulnerability could corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerabilit ...

oval:org.secpod.oval:def:51366
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploi ...

oval:org.secpod.oval:def:51424
The host is missing a critical security update for 4489873

oval:org.secpod.oval:def:51400
An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. There are multiple ways an attacker could exploit ...

oval:org.