Vulnerability  oval:org.mitre.oval:def:28207
TrueType font parsing vulnerability - CVE-2015-1671 (MS15-044)  

The Windows DirectWrite library, as used in Microsoft .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2; Office 2007 SP3 and 2010 SP2; Live Meeting 2007 Console; Lync 2010; Lync 2010 Attendee; Lync 2013 SP1; Lync Basic 2013 SP1; Silverlight 5 before 5.1.40416.00; and Silverlight 5 Developer Runtime before 5.1.40416.00, allows remote attackers to execute arbitrary code via a crafted TrueType font, aka "TrueType Font Parsing Vulnerability."
Create Date: 2015-05-20 Last Update Date: 2015-08-17

Affected Platforms/Products

Affected Products (CPE + CVE references)
Platforms: windows (from OVAL definitions) Products: windows
  • Microsoft Windows Server 2012 R2
  • Microsoft Windows Server 2012
  • Microsoft Windows 8.1
  • Microsoft Windows 8
  • Microsoft Windows Server 2008 R2
  • Microsoft Windows 7
  • Microsoft Windows Server 2008
  • Microsoft Windows Vista
  • Microsoft Windows Server 2003
  • Microsoft Office 2010
  • Microsoft Office 2007
  • Microsoft live meeting 2007
  • Microsoft Lync 2010 Attendee
  • Microsoft Lync Basic 2013
  • Microsoft Lync 2010
  • Microsoft Silverlight 5
  • Microsoft .NET Framework 4.0
  • Microsoft .NET Framework 3.5.1
  • Microsoft .NET Framework 3.0
  • Microsoft .NET Framework 4.5.2
  • Microsoft .NET Framework 4.5.1
  • Microsoft .NET Framework 4.5

References

Criteria

The system is vulnerable
IF : Any one of the following are true
IF : All of the following are true .net 3.5/win8/server 2012/versions
Prerequisites (Extended Definitions)
Microsoft .NET Framework 3.5 SP1 is installed oval:org.mitre.oval:def:12542
IF : Any one of the following are true GDR/LDR
IF : Check if the version of presentationcore.dll is less than 3.0.6920.6418
Windows : File Test :  Check if the version of presentationcore.dll is less than 3.0.6920.6418 
At least one of the objects listed below must exist on the system (Existence check)
Windows : File Object holds the file presentationcore.dll (3.0)
[[value of ${{windows:registry_object:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion : ProgramFilesDir [behaviours=]}}]]\Reference Assemblies\Microsoft\Framework\v3.0\presentationcore.dll
version less than 3.0.6920.6418 (datatype=version)
State holds if the version is less than 3.0.6920.6418 windows : file_state 
IF : All of the following are true Check for LDR
IF : Check if the version of presentationcore.dll is less than 3.0.6920.8671
Windows : File Test :  Check if the version of presentationcore.dll is less than 3.0.6920.8671 
At least one of the objects listed below must exist on the system (Existence check)
Windows : File Object holds the file presentationcore.dll (3.0)
[[value of ${{windows:registry_object:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion : ProgramFilesDir [behaviours=]}}]]\Reference Assemblies\Microsoft\Framework\v3.0\presentationcore.dll
version less than 3.0.6920.8671 (datatype=version)
State holds if the version is less than 3.0.6920.8671 windows : file_state 
IF : Check if the version of presentationcore.dll is greater than or equal to 3.0.6920.8600
Windows : File Test :  Check if the version of presentationcore.dll is greater than or equal to 3.0.6920.8600 
At least one of the objects listed below must exist on the system (Existence check)
Windows : File Object holds the file presentationcore.dll (3.0)
[[value of ${{windows:registry_object:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion : ProgramFilesDir [behaviours=]}}]]\Reference Assemblies\Microsoft\Framework\v3.0\presentationcore.dll
version greater than or equal 3.0.6920.8600 (datatype=version)
State holds if the version is greater than or equal to 3.0.6920.8600 windows : file_state 
IF : Any one of the following are true either os
Prerequisites (Extended Definitions)
Microsoft Windows Server 2012 (64-bit) is installed oval:org.mitre.oval:def:15585
Microsoft Windows 8 (x64) is installed oval:org.mitre.oval:def:15571
Microsoft Windows 8 (x86) is installed oval:org.mitre.oval:def:14914
IF : All of the following are true office 2010/version
Prerequisites (Extended Definitions)
Microsoft Office 2010 is installed oval:org.mitre.oval:def:12061
IF : Check if the version of Ogl.dll is less than 14.0.7148.5000
Windows : File Test :  Check if the version of Ogl.dll is less than 14.0.7148.5000 
At least one of the objects listed below must exist on the system (Existence check)
Windows : File Object that holds the Ogl.dll (Office 2010) information
[[value of ${{windows:registry_object:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion : CommonFilesDir}}]]\Microsoft Shared\OFFICE14\ogl.dll
version less than 14.0.7148.5000 (datatype=version)
State holds if the version is less than 14.0.7148.5000 windows : file_state 
IF : All of the following are true office 2007/version
Prerequisites (Extended Definitions)
Microsoft Office 2007 is installed oval:org.mitre.oval:def:1211
IF : Check if the version of Ogl.dll is less than 12.0.6719.5000
Windows : File Test :  Check if the version of Ogl.dll is less than 12.0.6719.5000 
At least one of the objects listed below must exist on the system (Existence check)
Windows : File 
[[value of ${{windows:registry_object:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion : CommonFilesDir}}]]\Microsoft Shared\OFFICE12\ogl.dll
version less than 12.0.6719.5000 (datatype=version)
State holds if the version is less than 12.0.6719.5000 windows : file_state 
IF : All of the following are true live meeting 2007/version
Prerequisites (Extended Definitions)
Microsoft Live Meeting 2007 Console is installed oval:org.mitre.oval:def:24814
IF : Check if the version of Ogl.dll is less than 12.0.6719.5000
Windows : File Test :  Check if the version of Ogl.dll is less than 12.0.6719.5000 
At least one of the objects listed below must exist on the system (Existence check)
Windows : File Object holds the details of Ogl.dll (Live Meeting 2007)
[[value of ${{windows:registry_object:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion : ProgramFilesDir [behaviours=]}}]]\Microsoft Office\Live Meeting 8\Console\ogl.dll
version less than 12.0.6719.5000 (datatype=version)
State holds if the version is less than 12.0.6719.5000 windows : file_state 
IF : All of the following are true For vulnerable Microsoft Lync 2010 attendee (admin)
Prerequisites (Extended Definitions)
Microsoft Lync 2010 Attendee (admin level install) is installed oval:org.mitre.oval:def:15556
IF : Check if the version of ogl.dll (Lync 2010 Attendee for admin) is less than 4.0.7577.4461
Windows : File Test :  Check if the version of ogl.dll (Lync 2010 Attendee for admin) is less than 4.0.7577.4461 
At least one of the objects listed below must exist on the system (Existence check)
Windows : File Object holds path for Ogl.dll (Lync 2010 attendee for admin)
[[value of ${{windows:registry_object:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\AttendeeCommunicator.exe : path}}]]\ogl.dll
version less than 4.0.7577.4461 (datatype=version)
State holds if the version is less than 4.0.7577.4461 windows : file_state 
IF : All of the following are true For vulnerable Microsoft Lync 2010 attendee (user)
Prerequisites (Extended Definitions)
Microsoft Lync 2010 Attendee (user level install) is installed oval:org.mitre.oval:def:15641
IF : Check if the version of ogl.dll (Lync 2010 Attendee for user) is less than 4.0.7577.4461
Windows : File Test :  Check if the version of ogl.dll (Lync 2010 Attendee for user) is less than 4.0.7577.4461 
At least one of the objects listed below must exist on the system (Existence check)
Windows : File Object holds path for Ogl.dll (Lync 2010 Attendee for user)
[[value of ${{windows:registry_object:HKEY_USERS\^S-.*\\Software\\Microsoft\\Windows\\CurrentVersion\\App Paths\\AttendeeCommunicator\.exe$ : path}}]]\ogl.dll
version less than 4.0.7577.4461 (datatype=version)
State holds if the version is less than 4.0.7577.4461 windows : file_state 
IF : All of the following are true lync basic 2013/version
Prerequisites (Extended Definitions)
Microsoft Lync Basic 2013 is installed oval:org.mitre.oval:def:17284
IF : Check if the version of Autohelper.DLL is less than 15.0.4709.1000
Windows : File Test :  Check if the version of Autohelper.DLL is less than 15.0.4709.1000 
At least one of the objects listed below must exist on the system (Existence check)
Windows : File Object that holds the Microsoft Lync Basic 2013 Autohelper.dll install Location
[[value of ${{windows:registry_object:\}}]]\OFFICE15\autohelper.dll
version less than 15.0.4709.1000 (datatype=version)
State holds if the version is less than 15.0.4709.1000 windows : file_state 
IF : All of the following are true For vulnerable Microsoft Lync 2010
Prerequisites (Extended Definitions)
Microsoft Lync 2010 is installed oval:org.mitre.oval:def:15099
IF : Check if the version of Ogl.dll (Lync 2010) is less than 4.0.7577.4461
Windows : File Test :  Check if the version of Ogl.dll (Lync 2010) is less than 4.0.7577.4461 
At least one of the objects listed below must exist on the system (Existence check)
Windows : File Object holds the path to Ogl.dll (Lync 2010)
[[value of ${{windows:registry_object:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Communicator : InstallationDirectory}}]]\ogl.dll
version less than 4.0.7577.4461 (datatype=version)
State holds if the version is less than 4.0.7577.4461 windows : file_state 
IF : All of the following are true .net 3.0 sp2/win xp/server 2003/versions
Prerequisites (Extended Definitions)
Microsoft .NET Framework 3.0 SP2 is installed oval:org.mitre.oval:def:15312
IF : Any one of the following are true GDR/LDR
IF : Check if the version of xpsviewer.exe is less than 3.0.6920.4082
Windows : File Test :  Check if the version of xpsviewer.exe is less than 3.0.6920.4082 
At least one of the objects listed below must exist on the system (Existence check)
Windows : File Object holds file location of XPSviewer.exe
[[value of ${{windows:registry_object:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion : SystemRoot}}]]\System32\XPSViewer\xpsviewer.exe
version less than 3.0.6920.4082 (datatype=version)
State holds if the version is less than 3.0.6920.4082 windows : file_state 
IF : All of the following are true ldr range
IF : Check if the version of xpsviewer.exe is less than 3.0.6920.8673
Windows : File Test :  Check if the version of xpsviewer.exe is less than 3.0.6920.8673 
At least one of the objects listed below must exist on the system (Existence check)
Windows : File Object holds file location of XPSviewer.exe
[[value of ${{windows:registry_object:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion : SystemRoot}}]]\System32\XPSViewer\xpsviewer.exe
version less than 3.0.6920.8673 (datatype=version)
State holds if the version is less than 3.0.6920.8673 windows : file_state 
IF : Check if the version of xpsviewer.exe is greater than or equal to 3.0.6920.8000
Windows : File Test :  Check if the version of xpsviewer.exe is greater than or equal to 3.0.6920.8000 
At least one of the objects listed below must exist on the system (Existence check)
Windows : File Object holds file location of XPSviewer.exe
[[value of ${{windows:registry_object:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion : SystemRoot}}]]\System32\XPSViewer\xpsviewer.exe
version greater than or equal 3.0.6920.8000 (datatype=version)
State holds if the version is greater than or equal to 3.0.6920.8000 windows : file_state 
IF : Any one of the following are true either os
Prerequisites (Extended Definitions)
Microsoft Windows Server 2003 (32-bit) is installed oval:org.mitre.oval:def:1870
Microsoft Windows Server 2003 (x64) is installed oval:org.mitre.oval:def:730
IF : All of the following are true .net 3.0 sp2/vista/server 2008/versions
Prerequisites (Extended Definitions)
Microsoft .NET Framework 3.0 SP2 is installed oval:org.mitre.oval:def:15312
IF : Any one of the following are true GDR/LDR
IF : Check if the version of xpsviewer.exe is less than 3.0.6920.4225
Windows : File Test :  Check if the version of xpsviewer.exe is less than 3.0.6920.4225 
At least one of the objects listed below must exist on the system (Existence check)
Windows : File Object holds file location of XPSviewer.exe
[[value of ${{windows:registry_object:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion : SystemRoot}}]]\System32\XPSViewer\xpsviewer.exe
version less than 3.0.6920.4225 (datatype=version)
State holds if the version is less than 3.0.6920.4225 windows : file_state 
IF : All of the following are true ldr range
IF : Check if the version of xpsviewer.exe is less than 3.0.6920.8671
Windows : File Test :  Check if the version of xpsviewer.exe is less than 3.0.6920.8671 
At least one of the objects listed below must exist on the system (Existence check)
Windows : File Object holds file location of XPSviewer.exe
[[value of ${{windows:registry_object:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion : SystemRoot}}]]\System32\XPSViewer\xpsviewer.exe
version less than 3.0.6920.8671 (datatype=version)
State holds if the version is less than 3.0.6920.8671 windows : file_state 
IF : Check if the version of xpsviewer.exe is greater than or equal to 3.0.6920.8000
Windows : File Test :  Check if the version of xpsviewer.exe is greater than or equal to 3.0.6920.8000 
At least one of the objects listed below must exist on the system (Existence check)
Windows : File Object holds file location of XPSviewer.exe
[[value of ${{windows:registry_object:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion : SystemRoot}}]]\System32\XPSViewer\xpsviewer.exe
version greater than or equal 3.0.6920.8000 (datatype=version)
State holds if the version is greater than or equal to 3.0.6920.8000 windows : file_state 
IF : Any one of the following are true either os
Prerequisites (Extended Definitions)
Microsoft Windows Server 2008 (ia-64) is installed oval:org.mitre.oval:def:5667
Microsoft Windows Server 2008 (64-bit) is installed oval:org.mitre.oval:def:5356
Microsoft Windows Server 2008 (32-bit) is installed oval:org.mitre.oval:def:4870
Microsoft Windows Vista x64 Edition is installed oval:org.mitre.oval:def:2041
Microsoft Windows Vista (32-bit) is installed oval:org.mitre.oval:def:1282
IF : All of the following are true .net 3.5.1/win 8.1/server 2012 R2/versions
Prerequisites (Extended Definitions)
Microsoft .NET Framework 3.5 SP1 is installed oval:org.mitre.oval:def:12542
IF : Any one of the following are true Check for vulnerable versions
IF : Check if the version of presentationcore.dll is less than 3.0.6920.8005
Windows : File Test :  Check if the version of presentationcore.dll is less than 3.0.6920.8005 
At least one of the objects listed below must exist on the system (Existence check)
Windows : File Object holds the file presentationcore.dll (3.0)
[[value of ${{windows:registry_object:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion : ProgramFilesDir [behaviours=]}}]]\Reference Assemblies\Microsoft\Framework\v3.0\presentationcore.dll
version less than 3.0.6920.8005 (datatype=version)
State holds if the version is less than 3.0.6920.8005 windows : file_state 
IF : All of the following are true Check for LDR
IF : Check if the version of presentationcore.dll is less than 3.0.6920.8671
Windows : File Test :  Check if the version of presentationcore.dll is less than 3.0.6920.8671 
At least one of the objects listed below must exist on the system (Existence check)
Windows : File Object holds the file presentationcore.dll (3.0)
[[value of ${{windows:registry_object:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion : ProgramFilesDir [behaviours=]}}]]\Reference Assemblies\Microsoft\Framework\v3.0\presentationcore.dll
version less than 3.0.6920.8671 (datatype=version)
State holds if the version is less than 3.0.6920.8671 windows : file_state 
IF : Check if the version of presentationcore.dll is greater than or equal to 3.0.6920.8600
Windows : File Test :  Check if the version of presentationcore.dll is greater than or equal to 3.0.6920.8600 
At least one of the objects listed below must exist on the system (Existence check)
Windows : File Object holds the file presentationcore.dll (3.0)
[[value of ${{windows:registry_object:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion : ProgramFilesDir [behaviours=]}}]]\Reference Assemblies\Microsoft\Framework\v3.0\presentationcore.dll
version greater than or equal 3.0.6920.8600 (datatype=version)
State holds if the version is greater than or equal to 3.0.6920.8600 windows : file_state 
IF : Any one of the following are true Win 8.1 / 2k12 R2
Prerequisites (Extended Definitions)
Microsoft Windows Server 2012 R2 is installed oval:org.mitre.oval:def:18858
Microsoft Windows 8.1 (x64) is installed oval:org.mitre.oval:def:20956
Microsoft Windows 8.1 (x86) is installed oval:org.mitre.oval:def:20924
IF : All of the following are true .net 3.5.1/win 7/server 2008 R2/versions
Prerequisites (Extended Definitions)
Microsoft .NET Framework 3.5 SP1 is installed oval:org.mitre.oval:def:12542
IF : Any one of the following are true either file versions
IF : Check if the version of system.printing.dll is less than 3.0.6920.5466
Windows : File Test :  Check if the version of system.printing.dll is less than 3.0.6920.5466 
At least one of the objects listed below must exist on the system (Existence check)
Windows : File Object holds file location for System.Printing.dll
[[value of ${{windows:registry_object:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion : ProgramFilesDir [behaviours=]}}]]\Reference Assemblies\Microsoft\Framework\v3.0\system.printing.dll
version less than 3.0.6920.5466 (datatype=version)
State holds if the version is less than 3.0.6920.5466 windows : file_state 
IF : All of the following are true ldr range
IF : Check if the version of system.printing.dll is less than 3.0.6920.8671
Windows : File Test :  Check if the version of system.printing.dll is less than 3.0.6920.8671 
At least one of the objects listed below must exist on the system (Existence check)
Windows : File Object holds file location for System.Printing.dll
[[value of ${{windows:registry_object:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion : ProgramFilesDir [behaviours=]}}]]\Reference Assemblies\Microsoft\Framework\v3.0\system.printing.dll
version less than 3.0.6920.8671 (datatype=version)
State holds if the version is less than 3.0.6920.8671 windows : file_state 
IF : Check if the version of system.printing.dll is greater than or equal to 3.0.6920.8000
Windows : File Test :  Check if the version of system.printing.dll is greater than or equal to 3.0.6920.8000 
At least one of the objects listed below must exist on the system (Existence check)
Windows : File Object holds file location for System.Printing.dll
[[value of ${{windows:registry_object:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion : ProgramFilesDir [behaviours=]}}]]\Reference Assemblies\Microsoft\Framework\v3.0\system.printing.dll
version greater than or equal 3.0.6920.8000 (datatype=version)
State holds if the version is greater than or equal to 3.0.6920.8000 windows : file_state 
IF : Any one of the following are true either os
Prerequisites (Extended Definitions)
Microsoft Windows Server 2008 R2 Itanium-Based Edition is installed oval:org.mitre.oval:def:5954
Microsoft Windows Server 2008 R2 x64 Edition is installed oval:org.mitre.oval:def:6438
Microsoft Windows 7 x64 Edition is installed oval:org.mitre.oval:def:5950
Microsoft Windows 7 (32-bit) is installed oval:org.mitre.oval:def:6165
IF : All of the following are true .net 4.0/win xp.server 2003/vista/server 2008/versions
Prerequisites (Extended Definitions)
Microsoft .NET Framework 4.0 is installed oval:org.mitre.oval:def:6749
IF : Any one of the following are true GDR/LDR
IF : Check if the version of presentationcore.dll is less than 4.0.30319.1034
Windows : File Test :  Check if the version of presentationcore.dll is less than 4.0.30319.1034 
At least one of the objects listed below must exist on the system (Existence check)
Windows : File PresentationCore.dll in .NET 4.0 Framework\WPF directory
[[value of ${{windows:registry_object:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion : SystemRoot}}]]\Microsoft.NET\Framework\v4.0.30319\WPF\presentationcore.dll
version less than 4.0.30319.1034 (datatype=version)
State holds if the version is less than 4.0.30319.1034 windows : file_state 
IF : All of the following are true ldr range
IF : Check if the version of presentationcore.dll is greater than or equal to 4.0.30319.2000
Windows : File Test :  Check if the version of presentationcore.dll is greater than or equal to 4.0.30319.2000 
At least one of the objects listed below must exist on the system (Existence check)
Windows : File PresentationCore.dll in .NET 4.0 Framework\WPF directory
[[value of ${{windows:registry_object:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion : SystemRoot}}]]\Microsoft.NET\Framework\v4.0.30319\WPF\presentationcore.dll
version greater than or equal 4.0.30319.2000 (datatype=version)
State matches if the version is greater than or equal to 4.0.30319.2000 windows : file_state 
IF : Check if the version of presentationcore.dll is less than 4.0.30319.2059
Windows : File Test :  Check if the version of presentationcore.dll is less than 4.0.30319.2059 
At least one of the objects listed below must exist on the system (Existence check)
Windows : File PresentationCore.dll in .NET 4.0 Framework\WPF directory
[[value of ${{windows:registry_object:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion : SystemRoot}}]]\Microsoft.NET\Framework\v4.0.30319\WPF\presentationcore.dll
version less than 4.0.30319.2059 (datatype=version)
State holds if the version is less than 4.0.30319.2059 windows : file_state 
IF : Any one of the following are true either os
Prerequisites (Extended Definitions)
Microsoft Windows Server 2008 (64-bit) is installed oval:org.mitre.oval:def:5356
Microsoft Windows Server 2008 (ia-64) is installed oval:org.mitre.oval:def:5667
Microsoft Windows Server 2008 (32-bit) is installed oval:org.mitre.oval:def:4870
Microsoft Windows Vista x64 Edition is installed oval:org.mitre.oval:def:2041
Microsoft Windows Vista (32-bit) is installed oval:org.mitre.oval:def:1282
Microsoft Windows Server 2003 for Itanium is installed oval:org.mitre.oval:def:1867
Microsoft Windows Server 2003 (x64) is installed oval:org.mitre.oval:def:730
Microsoft Windows Server 2003 (32-bit) is installed oval:org.mitre.oval:def:1870
IF : All of the following are true .net 4.5/vista/server 2008/versions
IF : Any one of the following are true GDR/LDR
IF : Check if the version of wpftxt_v0400.dll is less than 4.0.30319.34259
Windows : File Test :  Check if the version of wpftxt_v0400.dll is less than 4.0.30319.34259 
At least one of the objects listed below must exist on the system (Existence check)
Windows : File Object holds the file wpftxt_v0400.dll
[[value of ${{windows:registry_object:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion : SystemRoot}}]]\Microsoft.NET\Framework\v4.0.30319\WPF\wpftxt_v0400.dll
version less than 4.0.30319.34259 (datatype=version)
State holds if the version is less than 4.0.30319.34259 windows : file_state 
IF : All of the following are true ldr range
IF : Check if the version of wpftxt_v0400.dll is greater than or equal to 4.0.30319.36000
Windows : File Test :  Check if the version of wpftxt_v0400.dll is greater than or equal to 4.0.30319.36000 
At least one of the objects listed below must exist on the system (Existence check)
Windows : File Object holds the file wpftxt_v0400.dll
[[value of ${{windows:registry_object:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion : SystemRoot}}]]\Microsoft.NET\Framework\v4.0.30319\WPF\wpftxt_v0400.dll
version greater than or equal 4.0.30319.36000 (datatype=version)
State matches if the version is greater than or equal to 4.0.30319.36000 windows : file_state 
IF : Check if the version of wpftxt_v0400.dll is less than 4.0.30319.36297
Windows : File Test :  Check if the version of wpftxt_v0400.dll is less than 4.0.30319.36297 
At least one of the objects listed below must exist on the system (Existence check)
Windows : File Object holds the file wpftxt_v0400.dll
[[value of ${{windows:registry_object:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion : SystemRoot}}]]\Microsoft.NET\Framework\v4.0.30319\WPF\wpftxt_v0400.dll
version less than 4.0.30319.36297 (datatype=version)
State holds if the version is less than 4.0.30319.36297 windows : file_state 
IF : Any one of the following are true either os
Prerequisites (Extended Definitions)
Microsoft Windows Server 2008 (ia-64) is installed oval:org.mitre.oval:def:5667
Microsoft Windows Server 2008 (64-bit) is installed oval:org.mitre.oval:def:5356
Microsoft Windows Server 2008 (32-bit) is installed oval:org.mitre.oval:def:4870
Microsoft Windows Vista x64 Edition is installed oval:org.mitre.oval:def:2041
Microsoft Windows Vista (32-bit) is installed oval:org.mitre.oval:def:1282
IF : Any one of the following are true .Net 4.5/4.5.1/4.5.2
Prerequisites (Extended Definitions)
Microsoft .NET Framework 4.5.1 is installed oval:org.mitre.oval:def:22275
Microsoft .NET Framework 4.5 is installed oval:org.mitre.oval:def:15925
Microsoft .NET Framework 4.5.2 is installed oval:org.mitre.oval:def:26546
IF : All of the following are true Silverlight Vulnerable version
Prerequisites (Extended Definitions)
Microsoft Silverlight 5 is installed oval:org.mitre.oval:def:15148
IF : Check if the version of silverlight is less than 5.1.40416.0
Windows : Registry Test :  Check if the version of silverlight is less than 5.1.40416.0 
At least one of the objects listed below must exist on the system (Existence check)
Windows : Registry Object Registry that holds the Version of the Microsoft Silverlight
\
value less than 5.1.40416.0 (datatype=version)
State holds if the version is less than 5.1.40416.0 windows : registry_state 
IF : All of the following are true Win 8.1 / 2K12 R2and vulnerable file version
IF : Check if the version of win32k.sys is less than 6.3.9600.17796
Windows : File Test :  Check if the version of win32k.sys is less than 6.3.9600.17796 
At least one of the objects listed below must exist on the system (Existence check)
Windows : File 
[[value of ${{windows:registry_object:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion : SystemRoot}}]]\System32\win32k.sys
version less than 6.3.9600.17796 (datatype=version)
State matches if the version is less than 6.3.9600.17796 windows : file_state 
IF : Any one of the following are true Win 8.1 / 2k12 R2
Prerequisites (Extended Definitions)
Microsoft Windows Server 2012 R2 is installed oval:org.mitre.oval:def:18858
Microsoft Windows 8.1 (x64) is installed oval:org.mitre.oval:def:20956
Microsoft Windows 8.1 (x86) is installed oval:org.mitre.oval:def:20924
IF : All of the following are true Win 7 / R2 + vulnerable file version
IF : Any one of the following are true gdr/ldr
IF : Check if the version of win32k.sys is less than 6.1.7601.18834
Windows : File Test :  Check if the version of win32k.sys is less than 6.1.7601.18834 
At least one of the objects listed below must exist on the system (Existence check)
Windows : File 
[[value of ${{windows:registry_object:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion : SystemRoot}}]]\System32\win32k.sys
version less than 6.1.7601.18834 (datatype=version)
State holds if the version is less than 6.1.7601.18834 windows : file_state 
IF : All of the following are true Check for LDR
IF : Check if the version of win32k.sys is less than 6.1.7601.23038
Windows : File Test :  Check if the version of win32k.sys is less than 6.1.7601.23038 
At least one of the objects listed below must exist on the system (Existence check)
Windows : File 
[[value of ${{windows:registry_object:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion : SystemRoot}}]]\System32\win32k.sys
version less than 6.1.7601.23038 (datatype=version)
State holds if the version is less than 6.1.7601.23038 windows : file_state 
IF : Check if the version of Win32k.sys is greater than or equal to 6.1.7601.23000
Windows : File Test :  Check if the version of Win32k.sys is greater than or equal to 6.1.7601.23000 
At least one of the objects listed below must exist on the system (Existence check)
Windows : File 
[[value of ${{windows:registry_object:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion : SystemRoot}}]]\System32\win32k.sys
version greater than or equal 6.1.7601.23000 (datatype=version)
State holds if the version is greater than or equal to 6.1.7601.23000 windows : file_state 
IF : Any one of the following are true Win 7 / R2
Prerequisites (Extended Definitions)
Microsoft Windows Server 2008 R2 Itanium-Based Edition is installed oval:org.mitre.oval:def:5954
Microsoft Windows Server 2008 R2 x64 Edition is installed oval:org.mitre.oval:def:6438
Microsoft Windows 7 x64 Edition is installed oval:org.mitre.oval:def:5950
Microsoft Windows 7 (32-bit) is installed oval:org.mitre.oval:def:6165
IF : All of the following are true Win 8/2k12 and vulnerable file version
IF : Any one of the following are true Win 8 / 2k12
Prerequisites (Extended Definitions)
Microsoft Windows Server 2012 (64-bit) is installed oval:org.mitre.oval:def:15585
Microsoft Windows 8 (x86) is installed oval:org.mitre.oval:def:14914
Microsoft Windows 8 (x64) is installed oval:org.mitre.oval:def:15571
IF : Any one of the following are true gdr/ldr
IF : Check if the version of win32k.sys is less than 6.2.9200.17343
Windows : File Test :  Check if the version of win32k.sys is less than 6.2.9200.17343 
At least one of the objects listed below must exist on the system (Existence check)
Windows : File 
[[value of ${{windows:registry_object:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion : SystemRoot}}]]\System32\win32k.sys
version less than 6.2.9200.17343 (datatype=version)
State holds if the version is less than 6.2.9200.17343 windows : file_state 
IF : All of the following are true Check for LDR
IF : Check if the version of win32k.sys is less than 6.2.9200.21457
Windows : File Test :  Check if the version of win32k.sys is less than 6.2.9200.21457 
At least one of the objects listed below must exist on the system (Existence check)
Windows : File 
[[value of ${{windows:registry_object:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion : SystemRoot}}]]\System32\win32k.sys
version less than 6.2.9200.21457 (datatype=version)
State holds if the version is less than 6.2.9200.21457 windows : file_state 
IF : Check if the version of Win32k.sys is greater than or equal to 6.2.9200.21000
Windows : File Test :  Check if the version of Win32k.sys is greater than or equal to 6.2.9200.21000 
At least one of the objects listed below must exist on the system (Existence check)
Windows : File 
[[value of ${{windows:registry_object:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion : SystemRoot}}]]\System32\win32k.sys
version greater than or equal 6.2.9200.21000 (datatype=version)
State matches if the version is greater than or equal to 6.2.9200.21000 windows : file_state 
IF : All of the following are true Vista / 2k8 + vulnerable file version
IF : Any one of the following are true gdr/ldr
IF : Check if the version of win32k.sys is less than 6.0.6002.19372
Windows : File Test :  Check if the version of win32k.sys is less than 6.0.6002.19372 
At least one of the objects listed below must exist on the system (Existence check)
Windows : File 
[[value of ${{windows:registry_object:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion : SystemRoot}}]]\System32\win32k.sys
version less than 6.0.6002.19372 (datatype=version)
State matches if the version is less than 6.0.6002.19372 windows : file_state 
IF : All of the following are true Check for LDR
IF : Check if the version of Win32k.sys is greater than or equal to 6.0.6002.23000
Windows : File Test :  Check if the version of Win32k.sys is greater than or equal to 6.0.6002.23000 
At least one of the objects listed below must exist on the system (Existence check)
Windows : File 
[[value of ${{windows:registry_object:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion : SystemRoot}}]]\System32\win32k.sys
version greater than or equal 6.0.6002.23000 (datatype=version)
State holds if the version is greater than or equal to 6.0.6002.23000 windows : file_state 
IF : Check if the version of win32k.sys is less than 6.0.6002.23680
Windows : File Test :  Check if the version of win32k.sys is less than 6.0.6002.23680 
At least one of the objects listed below must exist on the system (Existence check)
Windows : File 
[[value of ${{windows:registry_object:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion : SystemRoot}}]]\System32\win32k.sys
version less than 6.0.6002.23680 (datatype=version)
State matches if the version is less than 6.0.6002.23680 windows : file_state 
IF : Any one of the following are true Vista / 2K8
Prerequisites (Extended Definitions)
Microsoft Windows Vista (32-bit) is installed oval:org.mitre.oval:def:1282
Microsoft Windows Server 2008 (ia-64) is installed oval:org.mitre.oval:def:5667
Microsoft Windows Server 2008 (64-bit) is installed oval:org.mitre.oval:def:5356
Microsoft Windows Server 2008 (32-bit) is installed oval:org.mitre.oval:def:4870
Microsoft Windows Vista x64 Edition is installed oval:org.mitre.oval:def:2041
IF : All of the following are true Windows Server 2k3 and vulnerable file version
IF : Check if the version of win32k.sys is less than 5.2.3790.5615
Windows : File Test :  Check if the version of win32k.sys is less than 5.2.3790.5615 
At least one of the objects listed below must exist on the system (Existence check)
Windows : File 
[[value of ${{windows:registry_object:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion : SystemRoot}}]]\System32\win32k.sys
version less than 5.2.3790.5615 (datatype=version)
State holds if the version is less than 5.2.3790.5615 windows : file_state 
IF : Any one of the following are true Either OS
Prerequisites (Extended Definitions)
Microsoft Windows Server 2003 (32-bit) is installed oval:org.mitre.oval:def:1870
Microsoft Windows Server 2003 for Itanium is installed oval:org.mitre.oval:def:1867
Microsoft Windows Server 2003 (x64) is installed oval:org.mitre.oval:def:730

Quick Help

References To Objects
[[ .. ${{...}}]] are refences to values of other objects.
Other Help Topics
Data Types
What is an Object?
What is a State?
What is a Test?
Other Help Topics
Regular Expression Patterns
Some object or state definitions are defined as regular expression patterns, you should interpret the regexp pattern while evaluating them.

OVAL Definitions By Referenced Objects

How does it work?   User agreement and privacy statement   About & Contact
CVE is a registred trademark of the MITRE Corporation and the authoritive source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritive source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritive source of OVAL content is MITRE's OVAL web site.
Warning: This site and all data are provided as is. It is not guaranteed that all information is accurate and complete. Use any information provided on this site at your own risk. By using this site you accept that you know that these data are provided as is and not guaranteed to be accurate, correct or complete. All trademarks appearing on this site are the property of their respective owners in the US or other countries. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss. PLEASE SEE nvd.nist.gov and oval.mitre.org for more details about OVAL language and definitions.
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor/web site owner/maintainer be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
Use of OVAL and all related data is subject to terms of use defined by Mitre at http://oval.mitre.org/oval/about/termsofuse.html