Search
Keyword: microsoft internet explorer
execution at every system startup: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows\CurrentVersion\Run Microsoft Updater = "{malware path}\{malware name}.exe" Other System Modifications This Trojan deletes the
\Software\Microsoft\ Multimedia\DrawDib HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\ Control\MediaResources\msvideo It adds the following registry entries: HKEY_CURRENT_USER\Software\Microsoft\ Multimedia
CVE-2010-3225 This security update addresses the vulnerability in the Microsoft Windows Media Player Network Sharing Service that could allow remote code execution once an attacker sends a specially
CVE-2010-0250 �A remote code execution vulnerability exists in the way that Microsoft DirectShow parses AVI media files. This vulnerability could allow remote code execution if a user opened a
CVE-2010-0020 The SMB implementation in the Server service in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold,
CVE-2009-0555 Microsoft Windows Media Runtime, as used in DirectShow WMA Voice Codec, Windows Media Audio Voice Decoder, and Audio Compression Manager (ACM), does not properly process Advanced
The DataGrid ActiveX control in Microsoft Visual Basic 6.0 and Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2 does not properly handle errors during access to incorrectly initialized objects, which allows
CVE-2009-2506,MS09-073 Integer overflow in the text converters in Microsoft Office Word 2002 SP3 and 2003 SP3; Works 8.5; Office Converter Pack; and WordPad in Windows 2000 SP4, XP SP2 and SP3, and
CVE-2008-4024,MS08-072 Microsoft Office Word 2000 SP3 and 2002 SP3 and Office 2004 for Mac allow remote attackers to execute arbitrary code via a Word document with a crafted lcbPlcfBkfSdt field in
CVE-2010-1902,MS10-056 Buffer overflow in Microsoft Office Word 2002 SP3, 2003 SP3, and 2007 SP2; Microsoft Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Office Word Viewer;
CVE-2010-0477 The SMB client in Microsoft Windows Server 2008 R2 and Windows 7 does not properly handle (1) SMBv1 and (2) SMBv2 response packets, which allows remote SMB servers and man-in-the-middle
CVE-2010-2550 The SMB Server in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate
CVE-2010-2551 The SMB Server in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate an internal variable in an SMB packet, which
CVE-2009-1129 Multiple stack-based buffer overflows in the PowerPoint 95 importer (PP7X32.DLL) in Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allow remote attackers to execute
\Microsoft\ Windows NT\CurrentVersion Application = "66efafe" HKEY_CURRENT_USER\Software\Microsoft\ Windows NT\CurrentVersion x = "x" Dropping Routine This worm drops the following files: %Windows%\csrss.exe
* It modifies the following registry entries: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ DirectDraw\MostRecentApplication Name = "{malware file name}" (Note: The default value data of the said registry entry
execution at every system startup: HKEY_CURRENT_USER\Software\Microsoft\ Windows\CurrentVersion\RunOnce WMI Performance Adapter = "{malware path and file name}" Other System Modifications This Trojan adds the
Technique This spyware adds the following registry entries to enable its automatic execution at every system startup: HKEY_CURRENT_USER\Software\Microsoft\ Windows\CurrentVersion\Run v3configure = "rundll32
NOTES: It enumerates the entries in the following registry keys: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run It then
\Microsoft\ Security Center FirewallOverride = "1" HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Security Center AntiVirusOverride = "1" Other Details This worm connects to the following possibly malicious URL: