OSVDB: Open Sourced Vulnerability Database

Creditee: Brett Moore

Known Contact Information:

(as of 2008-05-14)
(as of 2008-07-08)
(as of 2010-02-09)

Known Affiliations:

security-assessment.com (as of 2004-04-13)
Zero Day Initiative (ZDI) (as of 2008-05-14)
iDefense Labs VCP (as of 2008-07-08)
Insomnia Security (as of 2008-09-09)

Disclosed Vulnerabilities (15):

Disc. Date	OSVDB ID	CVEID	Title
2010-02-09	62245	2010-0027	Microsoft Windows Shell Handler ShellExecute API Crafted URL Arbitrary Command Execution
2008-12-09	50613	2008-4259	Microsoft IE WebDAV Cached Content Request Parsing Overflow
2008-12-09	50580	2008-4255	Microsoft Visual Basic Animation ActiveX (mscomct2.ocx) AVI Parsing Memory Corruption
2008-09-09	47964	2008-3007	Microsoft Office OneNote Protocol Handler (onenote://) URI Handling Arbitrary Code Execution
2008-07-08	46771	2008-0107	Microsoft SQL Server Stored Backup File Processing Memory Corruption Arbitrary Code Execution
2008-05-14	45313	2008-2286	Symantec Altiris Deployment Solution Client Come-alive Packet Multiple Field SQL Injection
2008-05-14	45314	2008-2291	Symantec Altiris Deployment Solution Weakly Encrypted Domain Credential Remote Disclosure
2007-08-14	36396	2007-2216	Microsoft IE ActiveX tblinf32.dll Unspecified Arbitrary Code Execution
2007-02-13	31883	2006-3448	Microsoft Step-by-Step Interactive Training Bookmark
2006-12-14	31896	2006-6617	Microsoft Project Server pdsrequest.asp GetInitializationData Request SQL Database Password Disclosure
2006-12-13	35950	2006-6578	Microsoft IIS IUSR_Machine Account Arbitrary Non-EXE Command Execution
2006-12-13	35962	2006-6579	Microsoft Windows XP Registry QHEADLES Permission Weakness
2006-07-11	27152	2006-0026	Microsoft Windows IIS ASP Page Processing Overflow
2004-07-14	7803	2003-1041	Microsoft Windows showHelp Arbitrary Code Execution
2004-04-13	5254	2003-0908	Microsoft Windows Utility Manager Privilege Escalation

The database information may change without any notice. Use of the information constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the copyright holder or distributor (OSVDB or OSF) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.