http://oval.mitre.org/repository This feed provides information about the latest updates to the OVAL Repository, including new OVAL definitions; definitions that have changed status (e.g., from Draft to Interim or Interim to Accepted); and definitions that have been modified is posted here. Each update to the OVAL Repository will also update this feed. The OVAL Repository is updated as edits and additions are completed. It is possible for this feed to be updated several times per day, but updates rarely occure more often than once per day. en-us oval@mitre.org Sat, 07 Nov 2009 10:10:53 EST http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:229 The operating system installed on the system is Microsoft Windows 2000 SP4 or later. New http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:229 Wed, 04 Nov 2009 17:59:56 EST http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:453 Unspecified vulnerability in PowerPoint in Microsoft Office 2000, Office XP, Office 2003, Office 2004 for Mac, and Office v.X for Mac allows user-assisted attackers to execute arbitrary code via a crafted Data record in a PPT file, a different vulnerability than CVE-2006-3435 and CVE-2006-4694. New http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:453 Wed, 04 Nov 2009 17:59:43 EST http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:220 Unspecified vulnerability in PowerPoint in Microsoft Office 2000, Office XP, Office 2003, Office 2004 for Mac, and Office v.X for Mac allows user-assisted attackers to execute arbitrary code via an unspecified "crafted file," a different vulnerability than CVE-2006-3435, CVE-2006-4694, and CVE-2006-3876. New http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:220 Wed, 04 Nov 2009 17:59:43 EST http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:666 The application Microsoft PowerPoint 2003 is installed. New http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:666 Wed, 04 Nov 2009 17:59:42 EST http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:568 Unspecified vulnerability in PowerPoint in Microsoft Office 2000, Office XP, Office 2003, Office 2004 for Mac, and Office v.X for Mac allows user-assisted attackers to execute arbitrary code via an unspecified "crafted file," a different vulnerability than CVE-2006-3435, CVE-2006-4694, and CVE-2006-3876. New http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:568 Wed, 04 Nov 2009 17:59:42 EST http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:696 The application Microsoft PowerPoint 2000 is installed. New http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:696 Wed, 04 Nov 2009 17:59:41 EST http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:305 The application Microsoft PowerPoint 2002 is installed. New http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:305 Wed, 04 Nov 2009 17:59:41 EST http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:663 The application Microsoft Office XP is installed. New http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:663 Wed, 04 Nov 2009 17:59:39 EST http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:798 Buffer overflow in Microsoft Office 2000 SP3, XP SP3, and other versions and packages, allows user-assisted attackers to execute arbitrary code via a routing slip that is longer than specified by the provided length field, as exploited by malware such as TROJ_MDROPPER.BH and Trojan.PPDropper.E in attacks against PowerPoint. New http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:798 Wed, 04 Nov 2009 17:59:17 EST http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:6548 Heap-based buffer overflow in the GIF image parser in Mozilla Firefox before 3.0.15 and 3.5.x before 3.5.4, and SeaMonkey before 2.0, allows remote attackers to execute arbitrary code via unspecified vectors. New http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:6548 Wed, 04 Nov 2009 15:47:24 EST http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:6541 Mozilla Firefox before 3.0.15 and 3.5.x before 3.5.4, and SeaMonkey before 2.0, does not properly handle a right-to-left override (aka RLO or U+202E) Unicode character in a download filename, which allows remote attackers to spoof file extensions via a crafted filename, as demonstrated by displaying a non-executable extension for an executable file. New http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:6541 Wed, 04 Nov 2009 15:47:24 EST http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:6504 The installed e-mail and news client on the system is Mozilla Thunderbird. New http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:6504 Wed, 04 Nov 2009 15:47:24 EST http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:6347 Mozilla Firefox before 3.0.15 and 3.5.x before 3.5.4, and SeaMonkey before 2.0, allows remote attackers to execute arbitrary code via a crafted regular expression in a Proxy Auto-configuration (PAC) file. New http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:6347 Wed, 04 Nov 2009 15:47:24 EST http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:6565 content/html/document/src/nsHTMLDocument.cpp in Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4 allows user-assisted remote attackers to bypass the Same Origin Policy and read an arbitrary content selection via the document.getSelection function. New http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:6565 Wed, 04 Nov 2009 15:47:23 EST http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:6464 Use-after-free vulnerability in Mozilla Firefox 3.5.x before 3.5.4 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code by creating JavaScript web-workers recursively. New http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:6464 Wed, 04 Nov 2009 15:47:23 EST http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:6455 Mozilla Firefox before 3.0.15, and 3.5.x before 3.5.4, allows remote attackers to read form history by forging mouse and keyboard events that leverage the auto-fill feature to populate form fields, in an attacker-readable form, with history entries. New http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:6455 Wed, 04 Nov 2009 15:47:23 EST http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:6372 The installed browser on the system is Mozilla Seamonkey. New http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:6372 Wed, 04 Nov 2009 15:47:23 EST http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:6582 Multiple unspecified vulnerabilities in libvorbis, as used in Mozilla Firefox 3.5.x before 3.5.4, allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unknown vectors. NOTE: this might overlap CVE-2009-2663. New http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:6582 Wed, 04 Nov 2009 15:47:22 EST http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:6580 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. New http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:6580 Wed, 04 Nov 2009 15:47:22 EST http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:6443 The oggplay_data_handle_theora_frame function in media/liboggplay/src/liboggplay/oggplay_data.c in liboggplay, as used in Mozilla Firefox 3.5.x before 3.5.4, attempts to reuse an earlier frame data structure upon encountering a decoding error for the first frame, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or possibly execute arbitrary code via a crafted .ogg video file. New http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:6443 Wed, 04 Nov 2009 15:47:22 EST http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:6375 Multiple unspecified vulnerabilities in liboggz before cf5feeaab69b05e24, as used in Mozilla Firefox 3.5.x before 3.5.4, allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unknown vectors. New http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:6375 Wed, 04 Nov 2009 15:47:22 EST http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:5935 content/html/document/src/nsHTMLDocument.cpp in Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4 allows user-assisted remote attackers to bypass the Same Origin Policy and read an arbitrary content selection via the document.getSelection function. New http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:5935 Wed, 04 Nov 2009 15:47:22 EST http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:6528 Array index error in Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4 allows remote attackers to execute arbitrary code via a long string that triggers incorrect memory allocation and a heap-based buffer overflow during conversion to a floating-point number New http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:6528 Wed, 04 Nov 2009 15:47:21 EST http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:6495 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.5.x before 3.5.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. New http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:6495 Wed, 04 Nov 2009 15:47:21 EST http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:5996 Multiple unspecified vulnerabilities in the JavaScript engine in Mozilla Firefox 3.5.x before 3.5.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. New http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:5996 Wed, 04 Nov 2009 15:47:21 EST http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:5581 layout/base/nsCSSFrameConstructor.cpp in the browser engine in Mozilla Firefox 3.0.x before 3.0.15 does not properly handle first-letter frames, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors. New http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:5581 Wed, 04 Nov 2009 15:47:21 EST http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:6562 The browser installed on the system is Mozilla Firefox New http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:6562 Wed, 04 Nov 2009 15:47:20 EST http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:6165 The operating system installed on the system is Microsoft Windows 7 (32-bit) New http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:6165 Wed, 04 Nov 2009 15:47:20 EST http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1935 A version of Microsoft Windows Server 2003 Service Pack 2 (x86) is installed. New http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1935 Wed, 04 Nov 2009 15:47:20 EST http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:565 A version of Microsoft Windows Server 2003 Service Pack 1 (x86) is installed. New http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:565 Wed, 04 Nov 2009 15:47:19 EST http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:4873 The operating system installed on the system is Microsoft Windows Vista (32-bit) Service Pack 1 New http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:4873 Wed, 04 Nov 2009 15:47:19 EST http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1282 The operating system installed on the system is Microsoft Windows Vista (32-bit) New http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1282 Wed, 04 Nov 2009 15:47:19 EST http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:754 A version of Microsoft Windows XP (x86) Service Pack 2 is installed. New http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:754 Wed, 04 Nov 2009 15:47:18 EST http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:5631 A version of Microsoft Windows XP (x86) Service Pack 3 is installed. New http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:5631 Wed, 04 Nov 2009 15:47:18 EST http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:6460 Opera before 10.00, when a collapsed address bar is used, does not properly update the domain name from the previously visited site to the currently visited site, which might allow remote attackers to spoof URLs. New http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:6460 Mon, 02 Nov 2009 04:00:19 EST http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:6444 Opera before 10.00 does not properly handle a (1) '\0' character or (2) invalid wildcard character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority. New http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:6444 Mon, 02 Nov 2009 04:00:19 EST http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:6442 Opera before 10.00 trusts root X.509 certificates signed with the MD2 algorithm, which makes it easier for man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted server certificate. New http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:6442 Mon, 02 Nov 2009 04:00:19 EST http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:6435 libpurple/protocols/irc/msgs.c in the IRC protocol plugin in libpurple in Pidgin before 2.6.2 allows remote IRC servers to cause a denial of service (NULL pointer dereference and application crash) via a TOPIC message that lacks a topic string. New http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:6435 Mon, 02 Nov 2009 04:00:18 EST http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:6434 The XMPP protocol plugin in libpurple in Pidgin before 2.6.2 does not properly handle an error IQ stanza during an attempted fetch of a custom smiley, which allows remote attackers to cause a denial of service (application crash) via XHTML-IM content with cid: images. New http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:6434 Mon, 02 Nov 2009 04:00:18 EST http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:6416 Multiple unspecified vulnerabilities in Wireshark 1.2.0 allow remote attackers to cause a denial of service (application crash) via a file that records a malformed packet trace and is processed by the (1) Bluetooth L2CAP, (2) RADIUS, or (3) MIOP dissector. NOTE: it was later reported that the RADIUS issue also affects 0.10.13 through 1.0.9. New http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:6416 Mon, 02 Nov 2009 04:00:17 EST http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:6413 Unspecified vulnerability in the TLS dissector in Wireshark 1.2.0 and 1.2.1, when running on Windows, allows remote attackers to cause a denial of service (application crash) via unknown vectors related to TLS 1.2 conversations. New http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:6413 Mon, 02 Nov 2009 04:00:17 EST http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:6405 Heap-based buffer overflow in Apple QuickTime before 7.6.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted H.264 movie file. New http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:6405 Mon, 02 Nov 2009 04:00:17 EST http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:6398 Unspecified vulnerability in the JavaScript engine in Mozilla Firefox 3.5.x before 3.5.3 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. New http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:6398 Mon, 02 Nov 2009 04:00:16 EST http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:6379 Buffer overflow in the IPMI dissector in Wireshark 1.2.0 allows remote attackers to cause a denial of service (crash) via unspecified vectors related to an array index error. NOTE: some of these details are obtained from third party information. New http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:6379 Mon, 02 Nov 2009 04:00:16 EST http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:6370 Cross-site scripting (XSS) vulnerability in Opera 9 and 10 allows remote attackers to inject arbitrary web script or HTML via a (1) RSS or (2) Atom feed, related to the rendering of the application/rss+xml content type as "scripted content." NOTE: the vendor reportedly considers this behavior a "design feature," not a vulnerability. New http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:6370 Mon, 02 Nov 2009 04:00:16 EST http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:6358 Opera 9.52 and earlier allows remote attackers to cause a denial of service (CPU consumption) via a series of automatic submissions of a form containing a KEYGEN element, a related issue to CVE-2009-1828. New http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:6358 Mon, 02 Nov 2009 04:00:15 EST http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:6357 Opera before 10.00 does not check all intermediate X.509 certificates for revocation, which makes it easier for remote SSL servers to bypass validation of the certificate chain via a revoked certificate. New http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:6357 Mon, 02 Nov 2009 04:00:15 EST http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:6350 Opera 9.52 and earlier allows remote attackers to cause a denial of service (unusable browser) by calling the window.print function in a loop, aka a "printing DoS attack," possibly a related issue to CVE-2009-0821. New http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:6350 Mon, 02 Nov 2009 04:00:15 EST http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:6338 The msn_slp_process_msg function in libpurple/protocols/msn/slpcall.c in the MSN protocol plugin in libpurple 2.6.0 and 2.6.1, as used in Pidgin before 2.6.2, allows remote attackers to cause a denial of service (application crash) via a handwritten (aka Ink) message, related to an uninitialized variable and the incorrect "UTF16-LE" charset name. New http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:6338 Mon, 02 Nov 2009 04:00:14 EST http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:6322 The msn_slp_sip_recv function in libpurple/protocols/msn/slp.c in the MSN protocol plugin in libpurple in Pidgin before 2.6.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an SLP invite message that lacks certain required fields, as demonstrated by a malformed message from a KMess client. New http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:6322 Mon, 02 Nov 2009 04:00:14 EST