Xerox Responses to CERT Advisories and Vulnerability Notes |
CERT Advisory or
Vulnerability Note
Number: | Document Title: | Sort By:
Revision Date: | File Size: |
| TA04-033A | Multiple Vulnerabilities in Microsoft Internet Explorer (MS04-004) | May, 13 2005 | 92 KB |
| TA04-041A | Multiple Vulnerabilities in Microsoft ASN.1 Library (MS04-007) | May, 13 2005 | 86 KB |
| TA04-078A | Multiple Vulnerabilities in OpenSSL | June 10, 2005 | 64 KB |
| TA04-099A | Cross-Domain Vulnerability in Outlook Express MHTML Protocol Handler | May, 13 2005 | 76 KB |
| TA04-104A | Multiple Vulnerabilities in Microsoft Products | May, 13 2005 | 96 KB |
| TA04-111A | Vulnerabilities in TCP | April 5, 2005 | 64 KB |
| TA04-163A | Cross-Domain Redirect Vulnerability in Internet Explorer | June 13, 2005 | 81 KB |
| TA04-174A | Multiple Vulnerabilities in ISC DHCP 3 | June 14, 2005 | 62 KB |
| TA04-184A | Internet Explorer Update to Disable ADODB.Stream ActiveX Control | June 13, 2005 | 88 KB |
| TA04-212A | Critical Vulnerabilities in Microsoft Windows (MS04-025) | June 13, 2005 | 87 KB |
| TA04-217A | Multiple Vulnerabilities in libpng | May, 13 2005 | 72 KB |
| TA04-260A | Microsoft Windows JPEG component buffer overflow | May 13, 2005 | 101 KB |
| TA04-293A | Multiple Vulnerabilities in Microsoft Internet Explorer (MS04-038) | May 13, 2005 | 101 KB |
| TA04-315A | Buffer Overflow in Microsoft Internet Explorer | June 13, 2005 | 103 KB |
| TA04-336A | Update for Microsoft Internet Explorer HTML Elements Vulnerability (MS04-040) | June 13, 2005 | 103 KB |
| TA05-012B | Microsoft Windows HTML Help ActiveX Control Cross-Domain Vulnerability (MS05-001) | May 13, 2005 | 101 KB |
| CA-2004-01 | Multiple H.323 Message Vulnerabilities (MS04-001) | April 5, 2005 | 64 KB |
| CA-2004-02 | Email-borne Viruses | April 5, 2005 | 57 KB |
| CA-2003-04 | MS-SQL Server Worm (MS02-061) | Dec. 8, 2003 | 32 KB |
| CA-2003-07 | Remote Buffer Overflow in Sendmail | Jan. 22, 2004 | 35 KB |
| CA-2003-12 | Buffer Overflow in Sendmail | Jan. 22, 2004 | 35 KB |
| CA-2003-16 | Buffer Overflow in Microsoft RPC (MS03-026) | Jan. 12, 2004 | 39 KB |
| CA-2003-19 | Exploitation of Vulnerabilities in Microsoft RPC Interface (MS03-026) | Jan. 12, 2004 | 39 KB |
| CA-2003-20 | W32/Blaster worm (MS03-026) | Jan. 12, 2004 | 39 KB |
| CA-2003-22 | Multiple Vulnerabilities in Microsoft Internet Explorer (MS03-032) | March 2, 2004 | 90 KB |
| CA-2003-23 | RPCSS Vulnerabilities in Microsoft Windows (MS03-039) | June 17, 2004 | 69 KB |
| CA-2003-25 | Buffer Overflow in Sendmail | Jan. 22, 2004 | 34 KB |
| CA-2003-28 | Buffer Overflow in Windows Workstation Service (MS03-049) | March 2, 2004 | 83 KB |
| CA-2002-03 | Multiple Vulnerabilities in Many Implementations of SNMP | Jan. 15, 2003 | 31 KB |
| CA-2002-12 | Format String Vulnerability in ISC DHCPD | Jul. 17, 2002 | 73 KB |
| CA-2002-17 | Apache Web Server Chunk Handling Vulnerability | May 13, 2003 | 94 KB |
| CA-2002-18 | OpenSSH Vulnerabilities in Challenge Response Handling | Dec. 8, 2003 | 29 KB |
| CA-2002-23 | Multiple Vulnerabilities in OpenSSL | Dec. 8, 2003 | 27 KB |
| CA-2002-27 | Apache/mod_ssl Worm | Dec. 8, 2003 | 28 KB |
| CA-2002-28 | Trojan Horse Sendmail Distribution | Dec. 8, 2003 | 29 KB |
| CA-2002-29 | Buffer Overflow in Kerberos Administration Daemon | Dec. 8, 2003 | 27 KB |
| CA-2002-30 | Trojan Horse tcpdump and libpcap Distributions | Dec. 8, 2003 | 26 KB |
| CA-2002-36 | Multiple Vulnerabilities in SSH Implementations | Dec. 8, 2003 | 27 KB |
| VU#104555 | Buffer Overflow in mod_ssl | Jan. 22, 2004 | 34 KB |
| VU#106324 | Microsoft Windows contains a vulnerability in the way the Windows Shell launches applications (MS04-024) | May 13, 2005 | 81 KB |
| VU#111673 | SGI IRIX "xfsdump" creates quota information files insecurely | Jan. 22, 2004 | 34 KB |
| VU#119262 | Microsoft Windows kernel fails to reset values in CPU data structures (MS04-032) | May 13, 2005 | 102 KB |
| VU#130614 | Microsoft Outlook Express vulnerable to remote code execution (MS05-030) | June 16, 2005 | 54 KB |
| VU#140470 | Apple Mac OS X Server Admin fails to properly restrict users from using the proxy service (Apple Security Update 2005-005) | May 16, 2005 | 66 KB |
| VU#142121 | zlib "gzprintf()" function vulnerable to buffer overflow | Oct. 20, 2004 | 57 KB |
| VU#145486 | Apple Cocoa applications vulnerable to denial of service via malformed TIFF image (Apple Security Update 2005-005) | May 16, 2005 | 66 KB |
| VU#149953 | ISC "dhcrelay" fails to limit hop count when malicious bootp packet is received | Jan. 22, 2004 | 27 KB |
| VU#177584 | Microsoft Windows kernel vulnerable to a denial-of-service condition via animated cursor (.ani) frame number (MS05-002)
| June 13, 2005 | 104 KB |
| VU#187196 | Microsoft Windows fails to properly process showHelp URLs (MS04-023) | May 13, 2005 | 79 KB |
| VU#189754 | Microsoft Internet Explorer buffer overflow in PNG image rendering component (MS05-025) | June 16, 2005 | 70 KB |
| VU#192995 | Integer overflow in xdr_array() function when deserializing the XDR stream (MS02-027) | Dec. 4, 2003 | 28 KB |
| VU#200132 | Various *NIX PDF readers/viewers execute commands embedded within hyperlinks | Jan. 22, 2004 | 34 KB |
| VU#206537 | Apache vulnerable to DoS | Jan. 22, 2004 | 27 KB |
| VU#210606 | Apple Mac OS X "disk://" URI handler stores arbitrary files in a known location (Apple Security Update 2004-06-07)
| June 13, 2005 | 70 KB |
| VU#218526 | Microsoft Windows contains vulnerability in Window Management API (MS04-032) | May 13, 2005 | 101 KB |
| VU#220821 | Microsoft Print Spooler service contains a buffer overflow (MS05-043) | Aug. 10, 2005 | 71 KB |
| VU#222050 | Microsoft Internet Explorer Content Advisor contains a buffer overflow (MS05-020) | June 16, 2005 | 91 KB |
| VU#222750 | TCP/IP implementations do not adequately validate ICMP error messages (MS05-019; Sun Alert 57746) | June 13, 2005 | 55 KB |
| VU#228028 | Microsoft Windows Task Scheduler Buffer Overflow (MS04-022) | May 13, 2005 | 78 KB |
| VU#229595 | Overly large OPT record assertion | Dec. 4, 2003 | 26 KB |
| VU#233754 | Microsoft Windows does not adequately validate IP options (MS05-019) | June 7, 2005 | 65 KB |
| VU#258390 | Apple Mac OS X with Bluetooth enabled may allow file exchange without prompting users (Apple Security Update 2005-005) | May 16, 2005 | 66 KB |
| VU#258721 | Various FTP clients fail to account for pipe (|) characters in default file names | Jan. 22, 2004 | 34 KB |
| VU#258905 | Multiple implementations of LDAP Directory Server vulnerable to buffer overflow | June 7, 2005 | 57 KB |
| VU#259197 | Microsoft Client Server Runtime System Vulnerability (MS05-018) | June 16, 2005 | 91 KB |
| VU#275193 | Microsoft Exchange Server contains unchecked buffer in SMTP extended verb handling (MS05-021) | June 16, 2005 | 79 KB |
| VU#283646 | Microsoft ASP.NET fails to perform proper canonicalization (MS05-004) | June 10, 2005 | 83 KB |
| VU#284857 | ISC DHCPD minires library contains multiple buffer overflows | Dec. 4, 2003 | 33 KB |
| VU#312313 | Solaris X Window Font Service (XFS) daemon contains buffer overflow in Dispatch() funtion | Dec. 4, 2003 | 33 KB |
| VU#331694 | Apple Mac OS X chpass/chfn/chsh utilities do not properly validate external programs (Apple Security Update 2005-005) | June 7, 2005 | 65 KB |
| VU#354486 | Apple Mac OS X Server NetInfo Setup Tool fails to validate command line parameters (Apple Security Update 2005-005) | June 7, 2005 | 65 KB |
| VU#356070 | Apple Terminal fails to properly sanitize input for "x-man-page" URI (Apple Security Update 2005-005) | May 16, 2005 | 67 KB |
| VU#356600 | Microsoft Internet Explorer DHTML Editing ActiveX control contains a cross-domain vulnerability (MS05-013) | June 13, 2005 | 91 KB |
| VU#377804 | Multiple Open Software Foundation Distributed Computing Environment (DCE) implementations vulnerable to DoS | Jan. 22, 2004 | 32 KB |
| VU#383779 | ZIP archives containing files with large filenames can cause buffer overflows (MS02-054) | Dec. 4, 2003 | 34 KB |
| VU#390742 | Sun Solaris Volume Manager (SVM) fails to properly handle malformed probe requests | April 5, 2005 | 65 KB |
| VU#394792 | Microsoft Windows SMTP component vulnerable to remote code execution (MS04-035) | April 5, 2005 | 86 KB |
| VU#405955 | util-linux package vulnerable to privilege escalation when "ptmptmp" file is not removed properly when using "chfn" utility | Dec. 4, 2003 | 28 KB |
| VU#406121 | Apache mod-dav module vulnerable to DoS | Dec. 4, 2003 | 28 KB |
| VU#412115 | Network device drivers reuse old frame buffer data to pad packets | Dec. 4, 2003 | 27 KB |
| VU#412566 | Solaris conv_fix insecure file handling vulnerability | April 5, 2005 | 59 KB |
| VU#422156 | Microsoft Exchange Server fails to properly handle specially crafted SMTP extended verb requests (MS03-046) | July 1, 2004 | 59 KB |
| VU#428230 | Multiple vulnerabilities in S/MIME implementations | Jan. 22, 2004 | 31 KB |
| VU#435444 | Microsoft Outlook Web Access (OWA) contains cross-site scripting vulnerability in the "Compose New Message" form (MS03-047) | July 1, 2004 | 59 KB |
| VU#442569 | MIT Kerberos vulnerable to ticket splicing when using Kerberos4 triple DES service tickets | Jan. 22, 2004 | 34 KB |
| VU#457875 | Various DNS service implementations generate multiple simultaneous queries for the same resource record | Dec. 4, 2003 | 27 KB |
| VU#464113 | TCP/IP implementations handle unusual flag combinations inconsistently | Dec. 4, 2003 | 25 KB |
| VU#467036 | Microsoft Help and Support Center contains buffer overflow in code used to handle HCP protocol (MS03-044) | July 1, 2004 | 69 KB |
| VU#489397 | Microsoft Server Message Block vulnerable to buffer overflow (MS05-027) | June 16, 2005 | 70 KB |
| VU#490628 | Microsoft Windows Remote Desktop Protocol service input validation vulnerability (MS05-041) | Aug. 10, 2005 | 71 KB |
| VU#516825 | Integer overflow in Sun RPC XDR library routines | Dec. 4, 2003 | 29 KB |
| VU#524227 | GNU screen contains buffer overflow | Jan. 22, 2004 | 26 KB |
| VU#528719 | Multiple implementations of the Session Initiation Protocol (SIP) contain vulnerabilities | Apr. 7, 2004 | 35 KB |
| VU#546483 | Multiple networking devices fail to set the "Secure" attribute of a cookie | April 5, 2005 | 57 KB |
| VU#575892 | Buffer overflow in Microsoft Messenger Service (MS03-043) | July 1, 2004 | 79 KB |
| VU#578798 | Apple Mac OS X help system may interpret inappropriate local script files (Apple Security Update 2004-06-07) | July 1, 2004 | 59 KB |
| VU#580299 | Microsoft Internet Explorer contains URL decoding zone spoofing vulnerability (MS05-014) | June 13, 2005 | 90 KB |
| VU#582934 | Apple Mac OS X Foundation Framework vulnerable to buffer overflow via incorrect handling of an environmental variable (Apple Security Update 2005-005) | June 7, 2005 | 65 KB |
| VU#597889 | Microsoft COM Structured Storage Vulnerability (MS05-012) | June 13, 2005 | 90 KB |
| VU#610133 | Microsoft Windows domain controller denial of service in Kerberos message handling (MS05-042) | Aug. 11, 2005 | 71 KB |
| VU#623217 | Cryptographic weakness in Kerberos Version 4 protocol | Jan. 22, 2004 | 34 KB |
| VU#640488 | Microsoft Windows contains an unchecked buffer in the NetDDE services (MS04-031) | May 13, 2005 | 102 KB |
| VU#647436 | Microsoft Windows contains a buffer overflow in the POSIX subsystem (MS04-020) | May 13, 2005 | 77 KB |
| VU#648406 | Apple Mac OS X AppleFileServer fails to properly handle certain authentication requests (Apple Security Update 2004-05-03) | July 1, 2004 | 59 KB |
| VU#649374 | Microsoft Windows processing of zip files contains a buffer overflow (MS04-034) | May 13, 2005 | 98 KB |
| VU#650181 | Microsoft Object Management DoS Vulnerability (MS05-018) | June 16, 2005 | 91 KB |
| VU#652537 | Microsoft Windows SMB packet validation vulnerability (MS05-011) | June 13, 2005 | 89 KB |
| VU#673051 | Microsoft Windows Shell and HTML Application Host may allow remote code execution (MS05-016) | June 16, 2005 | 91 KB |
| VU#694782 | Sun Solaris passwd command allows for privilege escalation | April 5, 2005 | 59 KB |
| VU#698835 | Microsoft DHTML Drag-and-Drop events insufficiently validated (MS05-008 & MS05-014) | June 13, 2005 | 93 KB |
| VU#706838 | Apple Mac OS X vulnerable to buffer overflow via vpnd daemon (Apple Security Update 2005-005) | June 7, 2005 | 65 KB |
| VU#717748 | Microsoft Internet Information Server (IIS) 4.0 contains a buffer overflow in the redirect function (MS04-021) | May 13, 2004 | 71 KB |
| VU#718542 | Microsoft Agent vulnerable to trusted site spoofing (MS05-032) | June 16, 2005 | 70 KB |
| VU#738331 | Domain Name System (DNS) resolver libraries vulnerable to read buffer overflow | Dec. 4, 2003 | 27 KB |
| VU#756122 | Microsoft Internet Explorer URL validation routine contains a buffer overflow (MS05-020) | June 16, 2005 | 91 KB |
| VU#763513 | Microsoft Message Queuing vulnerable to buffer overflow (MS05-017) | Aug. 9, 2005 | 63 KB |
| VU#774338 | Microsoft Internet Explorer DHTML objects contain a race condition (MS05-020) | June 16, 2005 | 91 KB |
| VU#775933 | Microsoft Windows Kernel Vulnerability (MS05-018) | June 16, 2005 | 91 KB |
| VU#800829 | Telnet Client Information Disclosure Vulnerability (MS05-033; RHSA-2005:504-06; Sun Alert 101665, 101671) | June 16, 2005 | 52 KB |
| VU#803539 | Multiple vendors' Domain Name System (DNS) stub resolvers vulnerable to buffer overflow | Dec. 4, 2003 | 34 KB |
| VU#806278 | Microsoft Windows contains buffer overflow in processing of WMF and EMF image files (MS04-032) | May 13, 2005 | 102 KB |
| VU#820427 | Microsoft Hyperlink Object Library buffer overflow (MS05-015) | June 13, 2005 | 90 KB |
| VU#823971 | Microsoft Internet Explorer contains a Channel Definition Format (CDF) cross-domain vulnerability (MS05-014) | June 13, 2005 | 91 KB |
| VU#838572 | Microsoft Authenticode mechanism installs ActiveX controls without prompting user (MS03-041) | July 1, 2004 | 78 KB |
| VU#844360 | Domain Name System (DNS) stub resolver libraries vulnerable to buffer overflows via network name or address lookups | Dec. 4, 2003 | 26 KB |
| VU#843771 | Microsoft Internet Explorer contains a DHTML method heap memory corruption vulnerability (MS05-014) | June 13, 2005 | 91 KB |
| VU#849993 | Some implementations of mod_dav contain a format string vulnerability in "ap_log_rerror()" function | Dec. 4, 2003 | 28 KB |
| VU#850785 | Sun KCMS library service daemon does not adequately validate location of KCMS profiles | Jan. 22, 2004 | 32 KB |
| VU#851869 | Microsoft HTML Help input validation error (MS05-026) | June 16, 2005 | 70 KB |
| VU#852283 | Cached malformed SIG record buffer overflow | Dec. 4, 2003 | 26 KB |
| VU#868580 | Microsoft Windows Utility Manager launches applications with system privileges (MS04-019) | May 13, 2004 | 71 KB |
| VU#869640 | Microsoft Outlook Express fails to properly validate malformed e-mail headers (MS04-018) | April 5, 2005 | 60 KB |
| VU#879386 | Multiple Buffer Overflow Vulnerabilities in QNX | Oct. 31, 2002 | 19.2 KB |
| VU#881254 | Sun Java System Portal Server fails to properly handle changes to display options | April 5, 2005 | 60 KB |
| VU#886601 | Internet Key Exchange (IKE) protocol discloses identity when Aggressive Mode shared secret authentication is used | Dec. 8, 2003 | 26 KB |
| VU#895508 | Postfix vulnerable to DoS by supplying a remote SMTP listener with a malformed envelope address | Jan. 22, 2004 | 31 KB |
| VU#910998 | Microsoft Windows kernel fails to properly handle invalid opcodes used in DOS emulation (MS04-032) | May 13, 2005 | 102 KB |
| VU#911505 | Pam_xauth may insecurely forward "X MIT-Magic-Cookies" to new sessions | Jan. 22, 2004 | 34 KB |
| VU#920060 | Microsoft Windows HTML Help component fails to properly validate input data (MS04-023) | May 13, 2005 | 79 KB |
| VU#927278 | Multiple vulnerabilities in X.400 implementations | Jan. 22, 2004 | 31 KB |
| VU#927889 | Microsoft OLE buffer overflow (MS05-012) | June 13, 2005 | 91 KB |
| VU#929115 | PHP fails to properly parse the headers of HTTP POST requests | Dec. 8, 2003 | 28 KB |
| VU#939074 | Microsoft Windows XP named pipe fails to restrict anonymous access (MS05-007) | June 13, 2005 | 81 KB |
| VU#943749 | Microsoft font processing buffer overflow vulnerability (MS05-018) | June 16, 2005 | 91 KB |
| VU#944241 | rpc.walld fails to properly validate messages before broadcasting to clients | Jan. 22, 2004 | 34 KB |
| VU#959049 | Several COM objects cause memory corruption in Microsoft Internet Explorer (MS05-038) | Aug. 10, 2005 | 71 KB |
| VU#965206 | Microsoft Internet Explorer JPEG rendering library vulnerable to buffer overflow (MS05-038) | Aug. 10, 2005 | 71 KB |
| VU#967668 | Microsoft Windows ListBox and ComboBox controls vulnerable to buffer overflow when supplied crafted Windows message (MS03-045) | July 1, 2004 | 71 KB |
| VU#973654 | Linux kernel fails to properly handle floating point signals generated by "fsave" and "frstor"
| July 1, 2004 | 60 KB |
| VU#978316 | Vulnerability in OpenSSH daemon (sshd) | Jan. 22, 2004 | 33 KB |
| VU#989932 | Microsoft contains a buffer overflow in the Local Troubleshooter ActiveX control (Tshoot.ocx) (MS03-042) | July 1, 2004 | 74 KB |
| VU#998653 | Microsoft Plug and Play contains a buffer overflow vulnerability (MS05-039) | Aug. 10, 2005 | 71 KB |
