From e18aedfabf0972df8f72b4fd4e565f0e0531f93e Mon Sep 17 00:00:00 2001
From: Jeremy Long <jeremy.long@gmail.com>
Date: Mon, 27 May 2013 19:53:14 -0400
Subject: [PATCH] reduced size to make tests fasters

Former-commit-id: 9d29ec809fe43f21d89f77e1200d92af1a103bd6
---
 src/test/resources/nvdcve-2.0-2012.xml        | 2706 +++++++++++++++++
 .../nvdcve-2.0-2012.xml.REMOVED.git-id        |    1 -
 src/test/resources/nvdcve-2012.xml            | 1454 +++++++++
 .../resources/nvdcve-2012.xml.REMOVED.git-id  |    1 -
 4 files changed, 4160 insertions(+), 2 deletions(-)
 create mode 100644 src/test/resources/nvdcve-2.0-2012.xml
 delete mode 100644 src/test/resources/nvdcve-2.0-2012.xml.REMOVED.git-id
 create mode 100644 src/test/resources/nvdcve-2012.xml
 delete mode 100644 src/test/resources/nvdcve-2012.xml.REMOVED.git-id

diff --git a/src/test/resources/nvdcve-2.0-2012.xml b/src/test/resources/nvdcve-2.0-2012.xml
new file mode 100644
index 000000000..feb7ce427
--- /dev/null
+++ b/src/test/resources/nvdcve-2.0-2012.xml
@@ -0,0 +1,2706 @@
+<?xml version='1.0' encoding='UTF-8'?>
+<nvd xmlns:patch="http://scap.nist.gov/schema/patch/0.1" xmlns:cvss="http://scap.nist.gov/schema/cvss-v2/0.2" xmlns:scap-core="http://scap.nist.gov/schema/scap-core/0.1" xmlns:cpe-lang="http://cpe.mitre.org/language/2.0" xmlns="http://scap.nist.gov/schema/feed/vulnerability/2.0" xmlns:vuln="http://scap.nist.gov/schema/vulnerability/0.4" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" nvd_xml_version="2.0" pub_date="2012-12-26T03:00:00" xsi:schemaLocation="http://scap.nist.gov/schema/patch/0.1 http://nvd.nist.gov/schema/patch_0.1.xsd http://scap.nist.gov/schema/scap-core/0.1 http://nvd.nist.gov/schema/scap-core_0.1.xsd http://scap.nist.gov/schema/feed/cpe:/a:/2.0 http://nvd.nist.gov/schema/nvd-cve-feed_2.0.xsd">
+  <entry id="CVE-2012-0001">
+    <vuln:vulnerable-configuration id="http://nvd.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_xp::sp2:professional_x64" />
+        <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_server_2003::sp2" />
+        <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_server_2003::sp2:x64" />
+        <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_server_2003::sp2:itanium" />
+        <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_vista::sp2" />
+        <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_vista::sp2:x64" />
+        <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_server_2008::sp2:x32" />
+        <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_server_2008::sp2:x64" />
+        <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_server_2008:-:sp2:itanium" />
+        <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_7:-:-:x32" />
+        <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_7:-:sp1:x32" />
+        <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_7:-:-:x64" />
+        <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_7:-:sp1:x64" />
+        <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_server_2008:r2::x64" />
+        <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_server_2008:r2:sp1:x64" />
+        <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_server_2008:r2::itanium" />
+        <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_server_2008:r2:sp1:itanium" />
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/o:microsoft:windows_vista::sp2:x64</vuln:product>
+      <vuln:product>cpe:/o:microsoft:windows_server_2008:r2:sp1:x64</vuln:product>
+      <vuln:product>cpe:/o:microsoft:windows_server_2008::sp2:x64</vuln:product>
+      <vuln:product>cpe:/o:microsoft:windows_server_2008::sp2:x32</vuln:product>
+      <vuln:product>cpe:/o:microsoft:windows_server_2008:r2:sp1:itanium</vuln:product>
+      <vuln:product>cpe:/o:microsoft:windows_server_2003::sp2:itanium</vuln:product>
+      <vuln:product>cpe:/o:microsoft:windows_server_2008:r2::x64</vuln:product>
+      <vuln:product>cpe:/o:microsoft:windows_xp::sp2:professional_x64</vuln:product>
+      <vuln:product>cpe:/o:microsoft:windows_server_2008:-:sp2:itanium</vuln:product>
+      <vuln:product>cpe:/o:microsoft:windows_server_2008:r2::itanium</vuln:product>
+      <vuln:product>cpe:/o:microsoft:windows_server_2003::sp2:x64</vuln:product>
+      <vuln:product>cpe:/o:microsoft:windows_7:-:-:x32</vuln:product>
+      <vuln:product>cpe:/o:microsoft:windows_vista::sp2</vuln:product>
+      <vuln:product>cpe:/o:microsoft:windows_7:-:-:x64</vuln:product>
+      <vuln:product>cpe:/o:microsoft:windows_server_2003::sp2</vuln:product>
+      <vuln:product>cpe:/o:microsoft:windows_7:-:sp1:x64</vuln:product>
+      <vuln:product>cpe:/o:microsoft:windows_7:-:sp1:x32</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2012-0001</vuln:cve-id>
+    <vuln:published-datetime>2012-01-10T16:55:03.697-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2012-10-29T23:59:23.987-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>9.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>COMPLETE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2012-01-11T09:55:00.000-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:assessment_check name="oval:org.mitre.oval:def:14758" href="http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:14758" system="http://oval.mitre.org/XMLSchema/oval-definitions-5" />
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECTRACK</vuln:source>
+      <vuln:reference href="http://www.securitytracker.com/id?1026493" xml:lang="en">1026493</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/51296" xml:lang="en">51296</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>MS</vuln:source>
+      <vuln:reference href="http://technet.microsoft.com/security/bulletin/MS12-001" xml:lang="en">MS12-001</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/47356" xml:lang="en">47356</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SUSE</vuln:source>
+      <vuln:reference href="http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00016.html" xml:lang="en">openSUSE-SU-2012:0917</vuln:reference>
+    </vuln:references>
+    <vuln:scanner>
+      <vuln:definition name="oval:org.mitre.oval:def:14758" href="http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:14758" system="http://oval.mitre.org/XMLSchema/oval-definitions-5" />
+    </vuln:scanner>
+    <vuln:summary>The kernel in Microsoft Windows XP SP2, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly load structured exception handling tables, which allows context-dependent attackers to bypass the SafeSEH security feature by leveraging a Visual C++ .NET 2003 application, aka "Windows Kernel SafeSEH Bypass Vulnerability."</vuln:summary>
+  </entry>
+  <entry id="CVE-2012-0002">
+    <vuln:vulnerable-configuration id="http://nvd.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_xp::sp3" />
+        <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_xp:-:sp2:x64" />
+        <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_server_2003::sp2" />
+        <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_server_2003::sp2:x64" />
+        <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_server_2003::sp2:itanium" />
+        <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_vista::sp2" />
+        <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_vista::sp2:x64" />
+        <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_server_2008::sp2:x86" />
+        <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_server_2008::sp2:x64" />
+        <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_server_2008:-:sp2:itanium" />
+        <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_7:::x86" />
+        <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_7::sp1:x86" />
+        <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_7:::x64" />
+        <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_7::sp1:x64" />
+        <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_server_2008:r2::x64" />
+        <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_server_2008:r2:sp1:x64" />
+        <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_server_2008:r2::itanium" />
+        <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_server_2008:r2:sp1:itanium" />
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/o:microsoft:windows_xp::sp3</vuln:product>
+      <vuln:product>cpe:/o:microsoft:windows_vista::sp2:x64</vuln:product>
+      <vuln:product>cpe:/o:microsoft:windows_server_2008:r2:sp1:x64</vuln:product>
+      <vuln:product>cpe:/o:microsoft:windows_7:::x86</vuln:product>
+      <vuln:product>cpe:/o:microsoft:windows_server_2008::sp2:x64</vuln:product>
+      <vuln:product>cpe:/o:microsoft:windows_xp:-:sp2:x64</vuln:product>
+      <vuln:product>cpe:/o:microsoft:windows_server_2008:r2:sp1:itanium</vuln:product>
+      <vuln:product>cpe:/o:microsoft:windows_server_2003::sp2:itanium</vuln:product>
+      <vuln:product>cpe:/o:microsoft:windows_7:::x64</vuln:product>
+      <vuln:product>cpe:/o:microsoft:windows_server_2008:r2::x64</vuln:product>
+      <vuln:product>cpe:/o:microsoft:windows_server_2008:-:sp2:itanium</vuln:product>
+      <vuln:product>cpe:/o:microsoft:windows_server_2008:r2::itanium</vuln:product>
+      <vuln:product>cpe:/o:microsoft:windows_server_2003::sp2:x64</vuln:product>
+      <vuln:product>cpe:/o:microsoft:windows_server_2008::sp2:x86</vuln:product>
+      <vuln:product>cpe:/o:microsoft:windows_vista::sp2</vuln:product>
+      <vuln:product>cpe:/o:microsoft:windows_7::sp1:x86</vuln:product>
+      <vuln:product>cpe:/o:microsoft:windows_7::sp1:x64</vuln:product>
+      <vuln:product>cpe:/o:microsoft:windows_server_2003::sp2</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2012-0002</vuln:cve-id>
+    <vuln:published-datetime>2012-03-13T17:55:01.103-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2012-08-13T23:33:06.473-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>9.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>COMPLETE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2012-03-14T09:47:00.000-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:assessment_check name="oval:org.mitre.oval:def:14623" href="http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:14623" system="http://oval.mitre.org/XMLSchema/oval-definitions-5" />
+    <vuln:cwe id="CWE-94" />
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>MS</vuln:source>
+      <vuln:reference href="http://technet.microsoft.com/security/bulletin/MS12-020" xml:lang="en">MS12-020</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The Remote Desktop Protocol (RDP) implementation in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly process packets in memory, which allows remote attackers to execute arbitrary code by sending crafted RDP packets triggering access to an object that (1) was not properly initialized or (2) is deleted, aka "Remote Desktop Protocol Vulnerability."</vuln:summary>
+  </entry>
+  <entry id="CVE-2012-0003">
+    <vuln:vulnerable-configuration id="http://nvd.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_xp::sp3" />
+        <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_xp:2005:sp3:media_center" />
+        <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_xp::sp2:professional_x64" />
+        <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_server_2003::sp2" />
+        <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_server_2003::sp2:x64" />
+        <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_server_2003::sp2:itanium" />
+        <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_vista::sp2" />
+        <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_vista::sp2:x64" />
+        <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_server_2008::sp2:x32" />
+        <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_server_2008::sp2:x64" />
+        <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_server_2008:-:sp2:itanium" />
+        <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_7:-:-:x32" />
+        <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_7:-:sp1:x32" />
+        <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_7:-:-:x64" />
+        <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_7:-:sp1:x64" />
+        <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_server_2008:r2::x64" />
+        <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_server_2008:r2:sp1:x64" />
+        <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_server_2008:r2::itanium" />
+        <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_server_2008:r2:sp1:itanium" />
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/o:microsoft:windows_xp::sp3</vuln:product>
+      <vuln:product>cpe:/o:microsoft:windows_vista::sp2:x64</vuln:product>
+      <vuln:product>cpe:/o:microsoft:windows_server_2008:r2:sp1:x64</vuln:product>
+      <vuln:product>cpe:/o:microsoft:windows_server_2008::sp2:x64</vuln:product>
+      <vuln:product>cpe:/o:microsoft:windows_server_2008::sp2:x32</vuln:product>
+      <vuln:product>cpe:/o:microsoft:windows_server_2008:r2:sp1:itanium</vuln:product>
+      <vuln:product>cpe:/o:microsoft:windows_server_2003::sp2:itanium</vuln:product>
+      <vuln:product>cpe:/o:microsoft:windows_server_2008:r2::x64</vuln:product>
+      <vuln:product>cpe:/o:microsoft:windows_xp::sp2:professional_x64</vuln:product>
+      <vuln:product>cpe:/o:microsoft:windows_server_2008:-:sp2:itanium</vuln:product>
+      <vuln:product>cpe:/o:microsoft:windows_server_2008:r2::itanium</vuln:product>
+      <vuln:product>cpe:/o:microsoft:windows_server_2003::sp2:x64</vuln:product>
+      <vuln:product>cpe:/o:microsoft:windows_7:-:-:x32</vuln:product>
+      <vuln:product>cpe:/o:microsoft:windows_7:-:-:x64</vuln:product>
+      <vuln:product>cpe:/o:microsoft:windows_vista::sp2</vuln:product>
+      <vuln:product>cpe:/o:microsoft:windows_server_2003::sp2</vuln:product>
+      <vuln:product>cpe:/o:microsoft:windows_7:-:sp1:x64</vuln:product>
+      <vuln:product>cpe:/o:microsoft:windows_xp:2005:sp3:media_center</vuln:product>
+      <vuln:product>cpe:/o:microsoft:windows_7:-:sp1:x32</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2012-0003</vuln:cve-id>
+    <vuln:published-datetime>2012-01-10T16:55:03.727-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2012-01-31T23:12:41.710-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>9.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>COMPLETE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2012-01-11T11:09:00.000-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:assessment_check name="oval:org.mitre.oval:def:14337" href="http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:14337" system="http://oval.mitre.org/XMLSchema/oval-definitions-5" />
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECTRACK</vuln:source>
+      <vuln:reference href="http://www.securitytracker.com/id?1026492" xml:lang="en">1026492</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/51292" xml:lang="en">51292</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MS</vuln:source>
+      <vuln:reference href="http://technet.microsoft.com/security/bulletin/MS12-004" xml:lang="en">MS12-004</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/47485" xml:lang="en">47485</vuln:reference>
+    </vuln:references>
+    <vuln:scanner>
+      <vuln:definition name="oval:org.mitre.oval:def:14337" href="http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:14337" system="http://oval.mitre.org/XMLSchema/oval-definitions-5" />
+    </vuln:scanner>
+    <vuln:summary>Unspecified vulnerability in winmm.dll in Windows Multimedia Library in Windows Media Player (WMP) in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP2, and Server 2008 SP2 allows remote attackers to execute arbitrary code via a crafted MIDI file, aka "MIDI Remote Code Execution Vulnerability."</vuln:summary>
+  </entry>
+  <entry id="CVE-2012-0004">
+    <vuln:vulnerable-configuration id="http://nvd.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_xp::sp3" />
+        <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_xp:2005:sp3:media_center" />
+        <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_xp:-:sp2:x64" />
+        <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_server_2003::sp2" />
+        <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_server_2003::sp2:x64" />
+        <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_server_2003::sp2:itanium" />
+        <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_vista::sp2" />
+        <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_vista::sp2:x64" />
+        <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_server_2008::sp2:x32" />
+        <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_server_2008::sp2:x64" />
+        <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_server_2008:-:sp2:itanium" />
+        <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_7:-:-:x32" />
+        <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_7:-:sp1:x32" />
+        <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_7:-:-:x64" />
+        <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_7:-:sp1:x64" />
+        <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_server_2008:r2::x64" />
+        <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_server_2008:r2:sp1:x64" />
+        <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_server_2008:r2::itanium" />
+        <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_server_2008:r2:sp1:itanium" />
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/o:microsoft:windows_xp::sp3</vuln:product>
+      <vuln:product>cpe:/o:microsoft:windows_vista::sp2:x64</vuln:product>
+      <vuln:product>cpe:/o:microsoft:windows_server_2008:r2:sp1:x64</vuln:product>
+      <vuln:product>cpe:/o:microsoft:windows_server_2008::sp2:x64</vuln:product>
+      <vuln:product>cpe:/o:microsoft:windows_server_2008::sp2:x32</vuln:product>
+      <vuln:product>cpe:/o:microsoft:windows_xp:-:sp2:x64</vuln:product>
+      <vuln:product>cpe:/o:microsoft:windows_server_2008:r2:sp1:itanium</vuln:product>
+      <vuln:product>cpe:/o:microsoft:windows_server_2003::sp2:itanium</vuln:product>
+      <vuln:product>cpe:/o:microsoft:windows_server_2008:r2::x64</vuln:product>
+      <vuln:product>cpe:/o:microsoft:windows_server_2008:-:sp2:itanium</vuln:product>
+      <vuln:product>cpe:/o:microsoft:windows_server_2008:r2::itanium</vuln:product>
+      <vuln:product>cpe:/o:microsoft:windows_server_2003::sp2:x64</vuln:product>
+      <vuln:product>cpe:/o:microsoft:windows_7:-:-:x32</vuln:product>
+      <vuln:product>cpe:/o:microsoft:windows_7:-:-:x64</vuln:product>
+      <vuln:product>cpe:/o:microsoft:windows_vista::sp2</vuln:product>
+      <vuln:product>cpe:/o:microsoft:windows_server_2003::sp2</vuln:product>
+      <vuln:product>cpe:/o:microsoft:windows_7:-:sp1:x64</vuln:product>
+      <vuln:product>cpe:/o:microsoft:windows_xp:2005:sp3:media_center</vuln:product>
+      <vuln:product>cpe:/o:microsoft:windows_7:-:sp1:x32</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2012-0004</vuln:cve-id>
+    <vuln:published-datetime>2012-01-10T16:55:03.777-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2012-01-31T00:00:00.000-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>9.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>COMPLETE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2012-01-11T11:17:00.000-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:assessment_check name="oval:org.mitre.oval:def:14832" href="http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:14832" system="http://oval.mitre.org/XMLSchema/oval-definitions-5" />
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECTRACK</vuln:source>
+      <vuln:reference href="http://www.securitytracker.com/id?1026492" xml:lang="en">1026492</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/51295" xml:lang="en">51295</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>MS</vuln:source>
+      <vuln:reference href="http://technet.microsoft.com/security/bulletin/MS12-004" xml:lang="en">MS12-004</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/47485" xml:lang="en">47485</vuln:reference>
+    </vuln:references>
+    <vuln:scanner>
+      <vuln:definition name="oval:org.mitre.oval:def:14832" href="http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:14832" system="http://oval.mitre.org/XMLSchema/oval-definitions-5" />
+    </vuln:scanner>
+    <vuln:summary>Unspecified vulnerability in DirectShow in DirectX in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted media file, related to Quartz.dll, Qdvd.dll, closed captioning, and the Line21 DirectShow filter, aka "DirectShow Remote Code Execution Vulnerability."</vuln:summary>
+  </entry>
+  <entry id="CVE-2012-0005">
+    <vuln:vulnerable-configuration id="http://nvd.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_xp::sp3" />
+        <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_xp::sp2:professional_x64" />
+        <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_server_2003::sp2" />
+        <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_server_2003::sp2:x64" />
+        <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_server_2003::sp2:itanium" />
+        <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_vista::sp2" />
+        <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_vista::sp2:x64" />
+        <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_server_2008::sp2:x32" />
+        <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_server_2008::sp2:x64" />
+        <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_server_2008:-:sp2:itanium" />
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/o:microsoft:windows_vista::sp2:x64</vuln:product>
+      <vuln:product>cpe:/o:microsoft:windows_xp::sp3</vuln:product>
+      <vuln:product>cpe:/o:microsoft:windows_server_2003::sp2:itanium</vuln:product>
+      <vuln:product>cpe:/o:microsoft:windows_xp::sp2:professional_x64</vuln:product>
+      <vuln:product>cpe:/o:microsoft:windows_server_2008:-:sp2:itanium</vuln:product>
+      <vuln:product>cpe:/o:microsoft:windows_server_2008::sp2:x64</vuln:product>
+      <vuln:product>cpe:/o:microsoft:windows_server_2003::sp2:x64</vuln:product>
+      <vuln:product>cpe:/o:microsoft:windows_vista::sp2</vuln:product>
+      <vuln:product>cpe:/o:microsoft:windows_server_2008::sp2:x32</vuln:product>
+      <vuln:product>cpe:/o:microsoft:windows_server_2003::sp2</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2012-0005</vuln:cve-id>
+    <vuln:published-datetime>2012-01-10T16:55:03.837-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2012-01-31T23:12:42.040-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>6.9</cvss:score>
+        <cvss:access-vector>LOCAL</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>COMPLETE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2012-01-11T11:25:00.000-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:assessment_check name="oval:org.mitre.oval:def:14879" href="http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:14879" system="http://oval.mitre.org/XMLSchema/oval-definitions-5" />
+    <vuln:cwe id="CWE-264" />
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECTRACK</vuln:source>
+      <vuln:reference href="http://www.securitytracker.com/id?1026495" xml:lang="en">1026495</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/51270" xml:lang="en">51270</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>MS</vuln:source>
+      <vuln:reference href="http://technet.microsoft.com/security/bulletin/MS12-003" xml:lang="en">MS12-003</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/47479" xml:lang="en">47479</vuln:reference>
+    </vuln:references>
+    <vuln:scanner>
+      <vuln:definition name="oval:org.mitre.oval:def:14879" href="http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:14879" system="http://oval.mitre.org/XMLSchema/oval-definitions-5" />
+    </vuln:scanner>
+    <vuln:summary>The Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP2, and Server 2008 SP2, when a Chinese, Japanese, or Korean system locale is used, can access uninitialized memory during the processing of Unicode characters, which allows local users to gain privileges via a crafted application, aka "CSRSS Elevation of Privilege Vulnerability."</vuln:summary>
+  </entry>
+  <entry id="CVE-2012-0006">
+    <vuln:vulnerable-configuration id="http://nvd.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_server_2003::sp2" />
+        <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_server_2003::sp2:x64" />
+        <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_server_2003::sp2:itanium" />
+        <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_server_2008::sp2:x86" />
+        <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_server_2008::sp2:x64" />
+        <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_server_2008:r2::x64" />
+        <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_server_2008:r2:sp1:x64" />
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/o:microsoft:windows_server_2008:r2:sp1:x64</vuln:product>
+      <vuln:product>cpe:/o:microsoft:windows_server_2003::sp2:itanium</vuln:product>
+      <vuln:product>cpe:/o:microsoft:windows_server_2008:r2::x64</vuln:product>
+      <vuln:product>cpe:/o:microsoft:windows_server_2008::sp2:x64</vuln:product>
+      <vuln:product>cpe:/o:microsoft:windows_server_2008::sp2:x86</vuln:product>
+      <vuln:product>cpe:/o:microsoft:windows_server_2003::sp2:x64</vuln:product>
+      <vuln:product>cpe:/o:microsoft:windows_server_2003::sp2</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2012-0006</vuln:cve-id>
+    <vuln:published-datetime>2012-03-13T17:55:01.180-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2012-08-13T23:33:07.020-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>5.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2012-03-14T09:56:00.000-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:assessment_check name="oval:org.mitre.oval:def:15098" href="http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:15098" system="http://oval.mitre.org/XMLSchema/oval-definitions-5" />
+    <vuln:cwe id="CWE-399" />
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>MS</vuln:source>
+      <vuln:reference href="http://technet.microsoft.com/security/bulletin/MS12-017" xml:lang="en">MS12-017</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The DNS server in Microsoft Windows Server 2003 SP2 and Server 2008 SP2, R2, and R2 SP1 does not properly handle objects in memory during record lookup, which allows remote attackers to cause a denial of service (daemon restart) via a crafted query, aka "DNS Denial of Service Vulnerability."</vuln:summary>
+  </entry>
+  <entry id="CVE-2012-0007">
+    <vuln:vulnerable-configuration id="http://nvd.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:microsoft:anti-cross_site_scripting_library:3.1" />
+        <cpe-lang:fact-ref name="cpe:/a:microsoft:anti-cross_site_scripting_library:4.0" />
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:microsoft:anti-cross_site_scripting_library:3.1</vuln:product>
+      <vuln:product>cpe:/a:microsoft:anti-cross_site_scripting_library:4.0</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2012-0007</vuln:cve-id>
+    <vuln:published-datetime>2012-01-10T16:55:03.930-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2012-01-31T23:12:42.210-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2012-01-11T12:15:00.000-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:assessment_check name="oval:org.mitre.oval:def:14314" href="http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:14314" system="http://oval.mitre.org/XMLSchema/oval-definitions-5" />
+    <vuln:cwe id="CWE-79" />
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECTRACK</vuln:source>
+      <vuln:reference href="http://www.securitytracker.com/id?1026499" xml:lang="en">1026499</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/51291" xml:lang="en">51291</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>MS</vuln:source>
+      <vuln:reference href="http://technet.microsoft.com/security/bulletin/MS12-007" xml:lang="en">MS12-007</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/47516" xml:lang="en">47516</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/47483" xml:lang="en">47483</vuln:reference>
+    </vuln:references>
+    <vuln:scanner>
+      <vuln:definition name="oval:org.mitre.oval:def:14314" href="http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:14314" system="http://oval.mitre.org/XMLSchema/oval-definitions-5" />
+    </vuln:scanner>
+    <vuln:summary>The Microsoft Anti-Cross Site Scripting (AntiXSS) Library 3.x and 4.0 does not properly evaluate characters after the detection of a Cascading Style Sheets (CSS) escaped character, which allows remote attackers to conduct cross-site scripting (XSS) attacks via HTML input, aka "AntiXSS Library Bypass Vulnerability."</vuln:summary>
+  </entry>
+  <entry id="CVE-2012-0008">
+    <vuln:vulnerable-configuration id="http://nvd.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:microsoft:visual_studio:2008:sp1" />
+        <cpe-lang:fact-ref name="cpe:/a:microsoft:visual_studio:2010" />
+        <cpe-lang:fact-ref name="cpe:/a:microsoft:visual_studio:2010:sp1" />
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:microsoft:visual_studio:2010</vuln:product>
+      <vuln:product>cpe:/a:microsoft:visual_studio:2010:sp1</vuln:product>
+      <vuln:product>cpe:/a:microsoft:visual_studio:2008:sp1</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2012-0008</vuln:cve-id>
+    <vuln:published-datetime>2012-03-13T17:55:01.277-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2012-08-13T23:33:07.283-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>6.9</cvss:score>
+        <cvss:access-vector>LOCAL</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>COMPLETE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2012-03-14T10:05:00.000-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:assessment_check name="oval:org.mitre.oval:def:15081" href="http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:15081" system="http://oval.mitre.org/XMLSchema/oval-definitions-5" />
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>MS</vuln:source>
+      <vuln:reference href="http://technet.microsoft.com/security/bulletin/MS12-021" xml:lang="en">MS12-021</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Untrusted search path vulnerability in Microsoft Visual Studio 2008 SP1, 2010, and 2010 SP1 allows local users to gain privileges via a Trojan horse add-in in an unspecified directory, aka "Visual Studio Add-In Vulnerability."</vuln:summary>
+  </entry>
+  <entry id="CVE-2012-0009">
+    <vuln:vulnerable-configuration id="http://nvd.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_xp::sp3" />
+        <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_xp::sp2:professional_x64" />
+        <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_server_2003::sp2" />
+        <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_server_2003::sp2:x64" />
+        <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_server_2003::sp2:itanium" />
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/o:microsoft:windows_xp::sp3</vuln:product>
+      <vuln:product>cpe:/o:microsoft:windows_server_2003::sp2:itanium</vuln:product>
+      <vuln:product>cpe:/o:microsoft:windows_xp::sp2:professional_x64</vuln:product>
+      <vuln:product>cpe:/o:microsoft:windows_server_2003::sp2:x64</vuln:product>
+      <vuln:product>cpe:/o:microsoft:windows_server_2003::sp2</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2012-0009</vuln:cve-id>
+    <vuln:published-datetime>2012-01-10T16:55:03.977-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2012-01-31T23:12:42.397-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>9.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>COMPLETE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2012-01-11T12:48:00.000-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:assessment_check name="oval:org.mitre.oval:def:14393" href="http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:14393" system="http://oval.mitre.org/XMLSchema/oval-definitions-5" />
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>MS</vuln:source>
+      <vuln:reference href="http://technet.microsoft.com/security/bulletin/MS12-002" xml:lang="en">MS12-002</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECTRACK</vuln:source>
+      <vuln:reference href="http://www.securitytracker.com/id?1026494" xml:lang="en">1026494</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/51297" xml:lang="en">51297</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/45189" xml:lang="en">45189</vuln:reference>
+    </vuln:references>
+    <vuln:scanner>
+      <vuln:definition name="oval:org.mitre.oval:def:14393" href="http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:14393" system="http://oval.mitre.org/XMLSchema/oval-definitions-5" />
+    </vuln:scanner>
+    <vuln:summary>Untrusted search path vulnerability in the Windows Object Packager configuration in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows local users to gain privileges via a Trojan horse executable file in the current working directory, as demonstrated by a directory that contains a file with an embedded packaged object, aka "Object Packager Insecure Executable Launching Vulnerability."</vuln:summary>
+  </entry>
+  <entry id="CVE-2012-0010">
+    <vuln:vulnerable-configuration id="http://nvd.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="AND">
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/a:microsoft:ie:6" />
+        </cpe-lang:logical-test>
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_xp::sp3" />
+          <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_xp:-:sp2:x64" />
+        </cpe-lang:logical-test>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://nvd.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="AND">
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/a:microsoft:ie:7" />
+        </cpe-lang:logical-test>
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_xp::sp3" />
+          <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_xp:-:sp2:x64" />
+          <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_vista::sp2" />
+          <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_vista::sp2:x64" />
+        </cpe-lang:logical-test>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://nvd.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="AND">
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/a:microsoft:ie:8" />
+        </cpe-lang:logical-test>
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_xp::sp3" />
+          <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_vista::sp2:x64" />
+          <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_vista::sp2" />
+          <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_7:::x86" />
+          <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_7::sp1:x86" />
+          <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_7:::x64" />
+          <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_7::sp1:x64" />
+        </cpe-lang:logical-test>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://nvd.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="AND">
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/a:microsoft:ie:9" />
+        </cpe-lang:logical-test>
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_xp::sp3" />
+          <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_vista::sp2:x64" />
+          <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_vista::sp2" />
+          <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_7:::x86" />
+          <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_7::sp1:x86" />
+          <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_7:::x64" />
+          <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_7::sp1:x64" />
+        </cpe-lang:logical-test>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:microsoft:ie:7</vuln:product>
+      <vuln:product>cpe:/a:microsoft:ie:6</vuln:product>
+      <vuln:product>cpe:/a:microsoft:ie:9</vuln:product>
+      <vuln:product>cpe:/a:microsoft:ie:8</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2012-0010</vuln:cve-id>
+    <vuln:published-datetime>2012-02-14T17:55:00.923-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2012-08-13T23:33:07.567-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2012-02-15T09:31:00.000-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:assessment_check name="oval:org.mitre.oval:def:14835" href="http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:14835" system="http://oval.mitre.org/XMLSchema/oval-definitions-5" />
+    <vuln:cwe id="CWE-200" />
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>MS</vuln:source>
+      <vuln:reference href="http://technet.microsoft.com/security/bulletin/MS12-010" xml:lang="en">MS12-010</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Microsoft Internet Explorer 6 through 9 does not properly perform copy-and-paste operations, which allows user-assisted remote attackers to read content from a different (1) domain or (2) zone via a crafted web site, aka "Copy and Paste Information Disclosure Vulnerability."</vuln:summary>
+  </entry>
+  <entry id="CVE-2012-0011">
+    <vuln:vulnerable-configuration id="http://nvd.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="AND">
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/a:microsoft:ie:7" />
+        </cpe-lang:logical-test>
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_vista::sp2" />
+          <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_vista::sp2:x64" />
+          <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_xp::sp3" />
+          <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_xp:-:sp2:x64" />
+          <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_server_2003::sp2" />
+          <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_server_2003::sp2:x64" />
+          <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_server_2003::sp2:itanium" />
+          <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_server_2008::sp2:x86" />
+          <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_server_2008::sp2:x64" />
+          <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_server_2008::sp2:itanium" />
+        </cpe-lang:logical-test>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://nvd.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="AND">
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/a:microsoft:ie:8" />
+        </cpe-lang:logical-test>
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_xp::sp3" />
+          <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_server_2003::sp2:x64" />
+          <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_server_2003::sp2" />
+          <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_vista::sp2" />
+          <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_vista::sp2:x64" />
+          <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_server_2008::sp2:x86" />
+          <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_server_2008::sp2:x64" />
+          <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_7:::x86" />
+          <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_7::sp1:x86" />
+          <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_7:::x64" />
+          <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_7::sp1:x64" />
+          <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_server_2008:r2::x64" />
+          <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_server_2008:r2:sp1:x64" />
+          <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_server_2008:r2::itanium" />
+          <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_server_2008:r2:sp1:itanium" />
+        </cpe-lang:logical-test>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://nvd.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="AND">
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/a:microsoft:ie:9" />
+        </cpe-lang:logical-test>
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_vista::sp2" />
+          <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_vista::sp2:x64" />
+          <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_server_2008::sp2:x86" />
+          <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_server_2008::sp2:x64" />
+          <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_7:::x86" />
+          <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_7::sp1:x86" />
+          <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_7:::x64" />
+          <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_7::sp1:x64" />
+          <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_server_2008:r2::x64" />
+          <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_server_2008:r2:sp1:x64" />
+        </cpe-lang:logical-test>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:microsoft:ie:7</vuln:product>
+      <vuln:product>cpe:/a:microsoft:ie:9</vuln:product>
+      <vuln:product>cpe:/a:microsoft:ie:8</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2012-0011</vuln:cve-id>
+    <vuln:published-datetime>2012-02-14T17:55:01.033-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2012-08-13T23:33:07.737-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>9.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>COMPLETE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2012-02-15T10:01:00.000-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:assessment_check name="oval:org.mitre.oval:def:14310" href="http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:14310" system="http://oval.mitre.org/XMLSchema/oval-definitions-5" />
+    <vuln:cwe id="CWE-94" />
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>MS</vuln:source>
+      <vuln:reference href="http://technet.microsoft.com/security/bulletin/MS12-010" xml:lang="en">MS12-010</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Microsoft Internet Explorer 7 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "HTML Layout Remote Code Execution Vulnerability."</vuln:summary>
+  </entry>
+  <entry id="CVE-2012-0012">
+    <vuln:vulnerable-configuration id="http://nvd.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="AND">
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/a:microsoft:ie:9" />
+        </cpe-lang:logical-test>
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_vista::sp2" />
+          <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_vista::sp2:x64" />
+          <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_server_2008::sp2:x86" />
+          <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_server_2008::sp2:x64" />
+          <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_7:::x86" />
+          <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_7::sp1:x86" />
+          <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_7:::x64" />
+          <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_7::sp1:x64" />
+          <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_server_2008:r2::x64" />
+          <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_server_2008:r2:sp1:x64" />
+        </cpe-lang:logical-test>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:microsoft:ie:9</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2012-0012</vuln:cve-id>
+    <vuln:published-datetime>2012-02-14T17:55:01.113-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2012-08-13T23:33:07.940-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2012-02-15T10:23:00.000-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:assessment_check name="oval:org.mitre.oval:def:14870" href="http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:14870" system="http://oval.mitre.org/XMLSchema/oval-definitions-5" />
+    <vuln:cwe id="CWE-200" />
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>MS</vuln:source>
+      <vuln:reference href="http://technet.microsoft.com/security/bulletin/MS12-010" xml:lang="en">MS12-010</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Microsoft Internet Explorer 9 does not properly handle the creation and initialization of string objects, which allows remote attackers to read data from arbitrary process-memory locations via a crafted web site, aka "Null Byte Information Disclosure Vulnerability."</vuln:summary>
+  </entry>
+  <entry id="CVE-2012-0013">
+    <vuln:vulnerable-configuration id="http://nvd.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_xp::sp3" />
+        <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_xp::sp2:professional_x64" />
+        <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_server_2003::sp2" />
+        <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_server_2003::sp2:x64" />
+        <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_server_2003::sp2:itanium" />
+        <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_vista::sp2" />
+        <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_vista::sp2:x64" />
+        <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_server_2008::sp2:x32" />
+        <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_server_2008::sp2:x64" />
+        <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_server_2008:-:sp2:itanium" />
+        <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_7:-:-:x32" />
+        <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_7:-:sp1:x32" />
+        <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_7:-:-:x64" />
+        <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_7:-:sp1:x64" />
+        <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_server_2008:r2::x64" />
+        <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_server_2008:r2:sp1:x64" />
+        <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_server_2008:r2::itanium" />
+        <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_server_2008:r2:sp1:itanium" />
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/o:microsoft:windows_xp::sp3</vuln:product>
+      <vuln:product>cpe:/o:microsoft:windows_vista::sp2:x64</vuln:product>
+      <vuln:product>cpe:/o:microsoft:windows_server_2008:r2:sp1:x64</vuln:product>
+      <vuln:product>cpe:/o:microsoft:windows_server_2008::sp2:x64</vuln:product>
+      <vuln:product>cpe:/o:microsoft:windows_server_2008::sp2:x32</vuln:product>
+      <vuln:product>cpe:/o:microsoft:windows_server_2008:r2:sp1:itanium</vuln:product>
+      <vuln:product>cpe:/o:microsoft:windows_server_2003::sp2:itanium</vuln:product>
+      <vuln:product>cpe:/o:microsoft:windows_server_2008:r2::x64</vuln:product>
+      <vuln:product>cpe:/o:microsoft:windows_xp::sp2:professional_x64</vuln:product>
+      <vuln:product>cpe:/o:microsoft:windows_server_2008:-:sp2:itanium</vuln:product>
+      <vuln:product>cpe:/o:microsoft:windows_server_2008:r2::itanium</vuln:product>
+      <vuln:product>cpe:/o:microsoft:windows_server_2003::sp2:x64</vuln:product>
+      <vuln:product>cpe:/o:microsoft:windows_7:-:-:x32</vuln:product>
+      <vuln:product>cpe:/o:microsoft:windows_vista::sp2</vuln:product>
+      <vuln:product>cpe:/o:microsoft:windows_7:-:-:x64</vuln:product>
+      <vuln:product>cpe:/o:microsoft:windows_server_2003::sp2</vuln:product>
+      <vuln:product>cpe:/o:microsoft:windows_7:-:sp1:x64</vuln:product>
+      <vuln:product>cpe:/o:microsoft:windows_7:-:sp1:x32</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2012-0013</vuln:cve-id>
+    <vuln:published-datetime>2012-01-10T16:55:04.010-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2012-08-13T23:33:08.113-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>9.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>COMPLETE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2012-01-11T12:53:00.000-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:assessment_check name="oval:org.mitre.oval:def:14197" href="http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:14197" system="http://oval.mitre.org/XMLSchema/oval-definitions-5" />
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECTRACK</vuln:source>
+      <vuln:reference href="http://www.securitytracker.com/id?1026497" xml:lang="en">1026497</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/51284" xml:lang="en">51284</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>MS</vuln:source>
+      <vuln:reference href="http://technet.microsoft.com/security/bulletin/MS12-005" xml:lang="en">MS12-005</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/47480" xml:lang="en">47480</vuln:reference>
+    </vuln:references>
+    <vuln:scanner>
+      <vuln:definition name="oval:org.mitre.oval:def:14197" href="http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:14197" system="http://oval.mitre.org/XMLSchema/oval-definitions-5" />
+    </vuln:scanner>
+    <vuln:summary>Incomplete blacklist vulnerability in the Windows Packager configuration in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted ClickOnce application in a Microsoft Office document, related to .application files, aka "Assembly Execution Vulnerability."</vuln:summary>
+  </entry>
+  <entry id="CVE-2012-0014">
+    <vuln:vulnerable-configuration id="http://nvd.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="AND">
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/a:microsoft:.net_framework:2.0:sp2" />
+          <cpe-lang:fact-ref name="cpe:/a:microsoft:.net_framework:3.5.1" />
+          <cpe-lang:fact-ref name="cpe:/a:microsoft:.net_framework:4.0" />
+        </cpe-lang:logical-test>
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_xp::sp3" />
+          <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_server_2003::sp2:x64" />
+          <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_server_2003::sp2" />
+          <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_vista::sp2" />
+          <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_vista::sp2:x64" />
+          <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_server_2008::sp2:x86" />
+          <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_server_2008::sp2:x64" />
+          <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_7:::x86" />
+          <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_7::sp1:x86" />
+          <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_7:::x64" />
+          <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_7::sp1:x64" />
+          <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_server_2008:r2::x64" />
+          <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_server_2008:r2:sp1:x64" />
+          <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_server_2008:r2::itanium" />
+          <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_server_2008:r2:sp1:itanium" />
+        </cpe-lang:logical-test>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://nvd.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="AND">
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/a:microsoft:silverlight:4.0.60129.0" />
+          <cpe-lang:fact-ref name="cpe:/a:microsoft:silverlight:4.0.60310.0" />
+          <cpe-lang:fact-ref name="cpe:/a:microsoft:silverlight:4.0.603310.0" />
+          <cpe-lang:fact-ref name="cpe:/a:microsoft:silverlight:4.0.60531.0" />
+          <cpe-lang:fact-ref name="cpe:/a:microsoft:silverlight:4.0.51204.0" />
+          <cpe-lang:fact-ref name="cpe:/a:microsoft:silverlight:4.0.50917.0" />
+          <cpe-lang:fact-ref name="cpe:/a:microsoft:silverlight:4.0.50826.0" />
+          <cpe-lang:fact-ref name="cpe:/a:microsoft:silverlight:4.0.50524.00" />
+          <cpe-lang:fact-ref name="cpe:/a:microsoft:silverlight:4.1.10111" />
+          <cpe-lang:fact-ref name="cpe:/a:microsoft:silverlight:4.0.60831.0" />
+        </cpe-lang:logical-test>
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/o:apple:mac_os_x" />
+          <cpe-lang:fact-ref name="cpe:/o:microsoft:windows" />
+        </cpe-lang:logical-test>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:microsoft:.net_framework:3.5.1</vuln:product>
+      <vuln:product>cpe:/a:microsoft:silverlight:4.0.50917.0</vuln:product>
+      <vuln:product>cpe:/a:microsoft:silverlight:4.0.51204.0</vuln:product>
+      <vuln:product>cpe:/a:microsoft:.net_framework:4.0</vuln:product>
+      <vuln:product>cpe:/a:microsoft:silverlight:4.1.10111</vuln:product>
+      <vuln:product>cpe:/a:microsoft:silverlight:4.0.60531.0</vuln:product>
+      <vuln:product>cpe:/a:microsoft:silverlight:4.0.50826.0</vuln:product>
+      <vuln:product>cpe:/a:microsoft:silverlight:4.0.50524.00</vuln:product>
+      <vuln:product>cpe:/a:microsoft:.net_framework:2.0:sp2</vuln:product>
+      <vuln:product>cpe:/a:microsoft:silverlight:4.0.60129.0</vuln:product>
+      <vuln:product>cpe:/a:microsoft:silverlight:4.0.60310.0</vuln:product>
+      <vuln:product>cpe:/a:microsoft:silverlight:4.0.603310.0</vuln:product>
+      <vuln:product>cpe:/a:microsoft:silverlight:4.0.60831.0</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2012-0014</vuln:cve-id>
+    <vuln:published-datetime>2012-02-14T17:55:01.173-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2012-08-13T23:33:08.270-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>9.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>COMPLETE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2012-02-15T10:41:00.000-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:assessment_check name="oval:org.mitre.oval:def:13972" href="http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:13972" system="http://oval.mitre.org/XMLSchema/oval-definitions-5" />
+    <vuln:cwe id="CWE-94" />
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>MS</vuln:source>
+      <vuln:reference href="http://technet.microsoft.com/security/bulletin/MS12-016" xml:lang="en">MS12-016</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Microsoft .NET Framework 2.0 SP2, 3.5.1, and 4, and Silverlight 4 before 4.1.10111, does not properly restrict access to memory associated with unmanaged objects, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, (3) a crafted .NET Framework application, or (4) a crafted Silverlight application, aka ".NET Framework Unmanaged Objects Vulnerability."</vuln:summary>
+  </entry>
+  <entry id="CVE-2012-0015">
+    <vuln:vulnerable-configuration id="http://nvd.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="AND">
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/a:microsoft:.net_framework:2.0:sp2" />
+          <cpe-lang:fact-ref name="cpe:/a:microsoft:.net_framework:3.5.1" />
+        </cpe-lang:logical-test>
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_xp::sp3" />
+          <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_server_2003::sp2:x64" />
+          <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_server_2003::sp2" />
+          <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_vista::sp2" />
+          <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_vista::sp2:x64" />
+          <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_server_2008::sp2:x86" />
+          <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_server_2008::sp2:x64" />
+          <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_7:::x86" />
+          <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_7::sp1:x86" />
+          <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_7:::x64" />
+          <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_7::sp1:x64" />
+          <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_server_2008:r2::x64" />
+          <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_server_2008:r2:sp1:x64" />
+          <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_server_2008:r2::itanium" />
+          <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_server_2008:r2:sp1:itanium" />
+        </cpe-lang:logical-test>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:microsoft:.net_framework:3.5.1</vuln:product>
+      <vuln:product>cpe:/a:microsoft:.net_framework:2.0:sp2</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2012-0015</vuln:cve-id>
+    <vuln:published-datetime>2012-02-14T17:55:01.237-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2012-08-13T23:33:08.440-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>9.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>COMPLETE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2012-02-15T11:39:00.000-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:assessment_check name="oval:org.mitre.oval:def:14513" href="http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:14513" system="http://oval.mitre.org/XMLSchema/oval-definitions-5" />
+    <vuln:cwe id="CWE-94" />
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>MS</vuln:source>
+      <vuln:reference href="http://technet.microsoft.com/security/bulletin/MS12-016" xml:lang="en">MS12-016</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Microsoft .NET Framework 2.0 SP2 and 3.5.1 does not properly calculate the length of an unspecified buffer, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka ".NET Framework Heap Corruption Vulnerability."</vuln:summary>
+  </entry>
+  <entry id="CVE-2012-0016">
+    <vuln:vulnerable-configuration id="http://nvd.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:microsoft:expression_design:-" />
+        <cpe-lang:fact-ref name="cpe:/a:microsoft:expression_design:-:sp1" />
+        <cpe-lang:fact-ref name="cpe:/a:microsoft:expression_design:2" />
+        <cpe-lang:fact-ref name="cpe:/a:microsoft:expression_design:3" />
+        <cpe-lang:fact-ref name="cpe:/a:microsoft:expression_design:4" />
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:microsoft:expression_design:-</vuln:product>
+      <vuln:product>cpe:/a:microsoft:expression_design:4</vuln:product>
+      <vuln:product>cpe:/a:microsoft:expression_design:2</vuln:product>
+      <vuln:product>cpe:/a:microsoft:expression_design:3</vuln:product>
+      <vuln:product>cpe:/a:microsoft:expression_design:-:sp1</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2012-0016</vuln:cve-id>
+    <vuln:published-datetime>2012-03-13T17:55:01.337-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2012-08-13T23:33:08.613-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>9.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>COMPLETE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2012-03-14T10:19:00.000-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:assessment_check name="oval:org.mitre.oval:def:14973" href="http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:14973" system="http://oval.mitre.org/XMLSchema/oval-definitions-5" />
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>MS</vuln:source>
+      <vuln:reference href="http://technet.microsoft.com/security/bulletin/MS12-022" xml:lang="en">MS12-022</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Untrusted search path vulnerability in Microsoft Expression Design; Expression Design SP1; and Expression Design 2, 3, and 4 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .xpr or .DESIGN file, aka "Expression Design Insecure Library Loading Vulnerability."</vuln:summary>
+  </entry>
+  <entry id="CVE-2012-0017">
+    <vuln:vulnerable-configuration id="http://nvd.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:microsoft:sharepoint_foundation:2010" />
+        <cpe-lang:fact-ref name="cpe:/a:microsoft:sharepoint_foundation:2010:sp1" />
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:microsoft:sharepoint_foundation:2010</vuln:product>
+      <vuln:product>cpe:/a:microsoft:sharepoint_foundation:2010:sp1</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2012-0017</vuln:cve-id>
+    <vuln:published-datetime>2012-02-14T17:55:01.363-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2012-08-13T23:33:08.770-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2012-02-15T11:42:00.000-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:assessment_check name="oval:org.mitre.oval:def:14637" href="http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:14637" system="http://oval.mitre.org/XMLSchema/oval-definitions-5" />
+    <vuln:cwe id="CWE-79" />
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>MS</vuln:source>
+      <vuln:reference href="http://technet.microsoft.com/security/bulletin/MS12-011" xml:lang="en">MS12-011</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Cross-site scripting (XSS) vulnerability in inplview.aspx in Microsoft SharePoint Foundation 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via JavaScript sequences in a URL, aka "XSS in inplview.aspx Vulnerability."</vuln:summary>
+  </entry>
+  <entry id="CVE-2012-0018">
+    <vuln:vulnerable-configuration id="http://nvd.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:microsoft:visio_viewer:2010" />
+        <cpe-lang:fact-ref name="cpe:/a:microsoft:visio_viewer:2010:sp1" />
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:microsoft:visio_viewer:2010:sp1</vuln:product>
+      <vuln:product>cpe:/a:microsoft:visio_viewer:2010</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2012-0018</vuln:cve-id>
+    <vuln:published-datetime>2012-05-08T20:55:01.193-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2012-08-18T23:40:23.957-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>9.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>COMPLETE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2012-05-09T10:00:00.000-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:assessment_check name="oval:org.mitre.oval:def:15606" href="http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:15606" system="http://oval.mitre.org/XMLSchema/oval-definitions-5" />
+    <vuln:cwe id="CWE-20" />
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECTRACK</vuln:source>
+      <vuln:reference href="http://www.securitytracker.com/id?1027042" xml:lang="en">1027042</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/53328" xml:lang="en">53328</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>MS</vuln:source>
+      <vuln:reference href="http://technet.microsoft.com/security/bulletin/MS12-031" xml:lang="en">MS12-031</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/49113" xml:lang="en">49113</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>OSVDB</vuln:source>
+      <vuln:reference href="http://osvdb.org/81731" xml:lang="en">81731</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Microsoft Visio Viewer 2010 Gold and SP1 does not properly validate attributes in Visio files, which allows remote attackers to execute arbitrary code via a crafted file, aka "VSD File Format Memory Corruption Vulnerability."</vuln:summary>
+  </entry>
+  <entry id="CVE-2012-0019">
+    <vuln:vulnerable-configuration id="http://nvd.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:microsoft:visio_viewer:2010" />
+        <cpe-lang:fact-ref name="cpe:/a:microsoft:visio_viewer:2010:sp1" />
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:microsoft:visio_viewer:2010:sp1</vuln:product>
+      <vuln:product>cpe:/a:microsoft:visio_viewer:2010</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2012-0019</vuln:cve-id>
+    <vuln:published-datetime>2012-02-14T17:55:01.440-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2012-08-13T23:33:09.097-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>9.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>COMPLETE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2012-02-15T12:00:00.000-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:assessment_check name="oval:org.mitre.oval:def:14347" href="http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:14347" system="http://oval.mitre.org/XMLSchema/oval-definitions-5" />
+    <vuln:cwe id="CWE-94" />
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>MS</vuln:source>
+      <vuln:reference href="http://technet.microsoft.com/security/bulletin/MS12-015" xml:lang="en">MS12-015</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Microsoft Visio Viewer 2010 Gold and SP1 does not properly handle memory during the parsing of files, which allows remote attackers to execute arbitrary code via crafted attributes in a Visio file, aka "VSD File Format Memory Corruption Vulnerability," a different vulnerability than CVE-2012-0020, CVE-2012-0136, CVE-2012-0137, and CVE-2012-0138.</vuln:summary>
+  </entry>
+  <entry id="CVE-2012-0020">
+    <vuln:vulnerable-configuration id="http://nvd.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:microsoft:visio_viewer:2010" />
+        <cpe-lang:fact-ref name="cpe:/a:microsoft:visio_viewer:2010:sp1" />
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:microsoft:visio_viewer:2010:sp1</vuln:product>
+      <vuln:product>cpe:/a:microsoft:visio_viewer:2010</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2012-0020</vuln:cve-id>
+    <vuln:published-datetime>2012-02-14T17:55:01.533-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2012-08-13T23:33:09.283-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>9.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>COMPLETE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2012-02-15T12:11:00.000-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:assessment_check name="oval:org.mitre.oval:def:14965" href="http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:14965" system="http://oval.mitre.org/XMLSchema/oval-definitions-5" />
+    <vuln:cwe id="CWE-94" />
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>MS</vuln:source>
+      <vuln:reference href="http://technet.microsoft.com/security/bulletin/MS12-015" xml:lang="en">MS12-015</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Microsoft Visio Viewer 2010 Gold and SP1 does not properly handle memory during the parsing of files, which allows remote attackers to execute arbitrary code via crafted attributes in a Visio file, aka "VSD File Format Memory Corruption Vulnerability," a different vulnerability than CVE-2012-0019, CVE-2012-0136, CVE-2012-0137, and CVE-2012-0138.</vuln:summary>
+  </entry>
+  <entry id="CVE-2012-0021">
+    <vuln:vulnerable-configuration id="http://nvd.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:apache:http_server:2.2.17" />
+        <cpe-lang:fact-ref name="cpe:/a:apache:http_server:2.2.18" />
+        <cpe-lang:fact-ref name="cpe:/a:apache:http_server:2.2.19" />
+        <cpe-lang:fact-ref name="cpe:/a:apache:http_server:2.2.20" />
+        <cpe-lang:fact-ref name="cpe:/a:apache:http_server:2.2.21" />
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:apache:http_server:2.2.18</vuln:product>
+      <vuln:product>cpe:/a:apache:http_server:2.2.21</vuln:product>
+      <vuln:product>cpe:/a:apache:http_server:2.2.20</vuln:product>
+      <vuln:product>cpe:/a:apache:http_server:2.2.19</vuln:product>
+      <vuln:product>cpe:/a:apache:http_server:2.2.17</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2012-0021</vuln:cve-id>
+    <vuln:published-datetime>2012-01-27T23:05:00.750-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2012-09-21T23:28:42.567-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>2.6</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>HIGH</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2012-01-30T11:51:00.000-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-20" />
+    <vuln:references xml:lang="en" reference_type="PATCH">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://issues.apache.org/bugzilla/show_bug.cgi?id=52256" xml:lang="en">https://issues.apache.org/bugzilla/show_bug.cgi?id=52256</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="PATCH">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://svn.apache.org/viewvc?view=revision&amp;revision=1227292" xml:lang="en">http://svn.apache.org/viewvc?view=revision&amp;revision=1227292</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://bugzilla.redhat.com/show_bug.cgi?id=785065" xml:lang="en">https://bugzilla.redhat.com/show_bug.cgi?id=785065</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html" xml:lang="en">http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://support.apple.com/kb/HT5501" xml:lang="en">http://support.apple.com/kb/HT5501</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/48551" xml:lang="en">48551</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>APPLE</vuln:source>
+      <vuln:reference href="http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html" xml:lang="en">APPLE-SA-2012-09-19-2</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://httpd.apache.org/security/vulnerabilities_22.html" xml:lang="en">http://httpd.apache.org/security/vulnerabilities_22.html</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>HP</vuln:source>
+      <vuln:reference href="http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041" xml:lang="en">SSRT100877</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>HP</vuln:source>
+      <vuln:reference href="http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041" xml:lang="en">HPSBMU02786</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The log_cookie function in mod_log_config.c in the mod_log_config module in the Apache HTTP Server 2.2.17 through 2.2.21, when a threaded MPM is used, does not properly handle a %{}C format string, which allows remote attackers to cause a denial of service (daemon crash) via a cookie that lacks both a name and a value.</vuln:summary>
+  </entry>
+  <entry id="CVE-2012-0022">
+    <vuln:vulnerable-configuration id="http://nvd.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:apache:tomcat:5.5.30" />
+        <cpe-lang:fact-ref name="cpe:/a:apache:tomcat:5.5.0" />
+        <cpe-lang:fact-ref name="cpe:/a:apache:tomcat:5.5.25" />
+        <cpe-lang:fact-ref name="cpe:/a:apache:tomcat:5.5.10" />
+        <cpe-lang:fact-ref name="cpe:/a:apache:tomcat:5.5.1" />
+        <cpe-lang:fact-ref name="cpe:/a:apache:tomcat:5.5.28" />
+        <cpe-lang:fact-ref name="cpe:/a:apache:tomcat:5.5.27" />
+        <cpe-lang:fact-ref name="cpe:/a:apache:tomcat:5.5.9" />
+        <cpe-lang:fact-ref name="cpe:/a:apache:tomcat:5.5.8" />
+        <cpe-lang:fact-ref name="cpe:/a:apache:tomcat:5.5.7" />
+        <cpe-lang:fact-ref name="cpe:/a:apache:tomcat:5.5.6" />
+        <cpe-lang:fact-ref name="cpe:/a:apache:tomcat:5.5.5" />
+        <cpe-lang:fact-ref name="cpe:/a:apache:tomcat:5.5.4" />
+        <cpe-lang:fact-ref name="cpe:/a:apache:tomcat:5.5.29" />
+        <cpe-lang:fact-ref name="cpe:/a:apache:tomcat:5.5.31" />
+        <cpe-lang:fact-ref name="cpe:/a:apache:tomcat:5.5.17" />
+        <cpe-lang:fact-ref name="cpe:/a:apache:tomcat:5.5.18" />
+        <cpe-lang:fact-ref name="cpe:/a:apache:tomcat:5.5.15" />
+        <cpe-lang:fact-ref name="cpe:/a:apache:tomcat:5.5.16" />
+        <cpe-lang:fact-ref name="cpe:/a:apache:tomcat:5.5.13" />
+        <cpe-lang:fact-ref name="cpe:/a:apache:tomcat:5.5.14" />
+        <cpe-lang:fact-ref name="cpe:/a:apache:tomcat:5.5.11" />
+        <cpe-lang:fact-ref name="cpe:/a:apache:tomcat:5.5.12" />
+        <cpe-lang:fact-ref name="cpe:/a:apache:tomcat:5.5.24" />
+        <cpe-lang:fact-ref name="cpe:/a:apache:tomcat:5.5.3" />
+        <cpe-lang:fact-ref name="cpe:/a:apache:tomcat:5.5.22" />
+        <cpe-lang:fact-ref name="cpe:/a:apache:tomcat:5.5.23" />
+        <cpe-lang:fact-ref name="cpe:/a:apache:tomcat:5.5.26" />
+        <cpe-lang:fact-ref name="cpe:/a:apache:tomcat:5.5.32" />
+        <cpe-lang:fact-ref name="cpe:/a:apache:tomcat:5.5.20" />
+        <cpe-lang:fact-ref name="cpe:/a:apache:tomcat:5.5.21" />
+        <cpe-lang:fact-ref name="cpe:/a:apache:tomcat:5.5.19" />
+        <cpe-lang:fact-ref name="cpe:/a:apache:tomcat:5.5.2" />
+        <cpe-lang:fact-ref name="cpe:/a:apache:tomcat:5.5.33" />
+        <cpe-lang:fact-ref name="cpe:/a:apache:tomcat:5.5.34" />
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://nvd.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:apache:tomcat:6.0.15" />
+        <cpe-lang:fact-ref name="cpe:/a:apache:tomcat:6.0.30" />
+        <cpe-lang:fact-ref name="cpe:/a:apache:tomcat:6.0" />
+        <cpe-lang:fact-ref name="cpe:/a:apache:tomcat:6.0.14" />
+        <cpe-lang:fact-ref name="cpe:/a:apache:tomcat:6.0.6" />
+        <cpe-lang:fact-ref name="cpe:/a:apache:tomcat:6.0.7" />
+        <cpe-lang:fact-ref name="cpe:/a:apache:tomcat:6.0.8" />
+        <cpe-lang:fact-ref name="cpe:/a:apache:tomcat:6.0.9" />
+        <cpe-lang:fact-ref name="cpe:/a:apache:tomcat:6.0.29" />
+        <cpe-lang:fact-ref name="cpe:/a:apache:tomcat:6.0.28" />
+        <cpe-lang:fact-ref name="cpe:/a:apache:tomcat:6.0.17" />
+        <cpe-lang:fact-ref name="cpe:/a:apache:tomcat:6.0.18" />
+        <cpe-lang:fact-ref name="cpe:/a:apache:tomcat:6.0.1" />
+        <cpe-lang:fact-ref name="cpe:/a:apache:tomcat:6.0.0" />
+        <cpe-lang:fact-ref name="cpe:/a:apache:tomcat:6.0.5" />
+        <cpe-lang:fact-ref name="cpe:/a:apache:tomcat:6.0.4" />
+        <cpe-lang:fact-ref name="cpe:/a:apache:tomcat:6.0.27" />
+        <cpe-lang:fact-ref name="cpe:/a:apache:tomcat:6.0.3" />
+        <cpe-lang:fact-ref name="cpe:/a:apache:tomcat:6.0.26" />
+        <cpe-lang:fact-ref name="cpe:/a:apache:tomcat:6.0.2" />
+        <cpe-lang:fact-ref name="cpe:/a:apache:tomcat:6.0.32" />
+        <cpe-lang:fact-ref name="cpe:/a:apache:tomcat:6.0.24" />
+        <cpe-lang:fact-ref name="cpe:/a:apache:tomcat:6.0.13" />
+        <cpe-lang:fact-ref name="cpe:/a:apache:tomcat:6.0.31" />
+        <cpe-lang:fact-ref name="cpe:/a:apache:tomcat:6.0.12" />
+        <cpe-lang:fact-ref name="cpe:/a:apache:tomcat:6.0.11" />
+        <cpe-lang:fact-ref name="cpe:/a:apache:tomcat:6.0.10" />
+        <cpe-lang:fact-ref name="cpe:/a:apache:tomcat:6.0.20" />
+        <cpe-lang:fact-ref name="cpe:/a:apache:tomcat:6.0.19" />
+        <cpe-lang:fact-ref name="cpe:/a:apache:tomcat:6.0.16" />
+        <cpe-lang:fact-ref name="cpe:/a:apache:tomcat:6.0.33" />
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://nvd.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:apache:tomcat:7.0.5" />
+        <cpe-lang:fact-ref name="cpe:/a:apache:tomcat:7.0.6" />
+        <cpe-lang:fact-ref name="cpe:/a:apache:tomcat:7.0.1" />
+        <cpe-lang:fact-ref name="cpe:/a:apache:tomcat:7.0.10" />
+        <cpe-lang:fact-ref name="cpe:/a:apache:tomcat:7.0.11" />
+        <cpe-lang:fact-ref name="cpe:/a:apache:tomcat:7.0.2" />
+        <cpe-lang:fact-ref name="cpe:/a:apache:tomcat:7.0.0:beta" />
+        <cpe-lang:fact-ref name="cpe:/a:apache:tomcat:7.0.4" />
+        <cpe-lang:fact-ref name="cpe:/a:apache:tomcat:7.0.0" />
+        <cpe-lang:fact-ref name="cpe:/a:apache:tomcat:7.0.3" />
+        <cpe-lang:fact-ref name="cpe:/a:apache:tomcat:7.0.7" />
+        <cpe-lang:fact-ref name="cpe:/a:apache:tomcat:7.0.9" />
+        <cpe-lang:fact-ref name="cpe:/a:apache:tomcat:7.0.8" />
+        <cpe-lang:fact-ref name="cpe:/a:apache:tomcat:7.0.13" />
+        <cpe-lang:fact-ref name="cpe:/a:apache:tomcat:7.0.21" />
+        <cpe-lang:fact-ref name="cpe:/a:apache:tomcat:7.0.18" />
+        <cpe-lang:fact-ref name="cpe:/a:apache:tomcat:7.0.15" />
+        <cpe-lang:fact-ref name="cpe:/a:apache:tomcat:7.0.20" />
+        <cpe-lang:fact-ref name="cpe:/a:apache:tomcat:7.0.17" />
+        <cpe-lang:fact-ref name="cpe:/a:apache:tomcat:7.0.14" />
+        <cpe-lang:fact-ref name="cpe:/a:apache:tomcat:7.0.12" />
+        <cpe-lang:fact-ref name="cpe:/a:apache:tomcat:7.0.16" />
+        <cpe-lang:fact-ref name="cpe:/a:apache:tomcat:7.0.19" />
+        <cpe-lang:fact-ref name="cpe:/a:apache:tomcat:7.0.22" />
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:apache:tomcat:7.0.15</vuln:product>
+      <vuln:product>cpe:/a:apache:tomcat:5.5.18</vuln:product>
+      <vuln:product>cpe:/a:apache:tomcat:6.0.2</vuln:product>
+      <vuln:product>cpe:/a:apache:tomcat:5.5.11</vuln:product>
+      <vuln:product>cpe:/a:apache:tomcat:7.0.18</vuln:product>
+      <vuln:product>cpe:/a:apache:tomcat:5.5.14</vuln:product>
+      <vuln:product>cpe:/a:apache:tomcat:5.5.13</vuln:product>
+      <vuln:product>cpe:/a:apache:tomcat:5.5.24</vuln:product>
+      <vuln:product>cpe:/a:apache:tomcat:5.5.0</vuln:product>
+      <vuln:product>cpe:/a:apache:tomcat:6.0.15</vuln:product>
+      <vuln:product>cpe:/a:apache:tomcat:7.0.9</vuln:product>
+      <vuln:product>cpe:/a:apache:tomcat:6.0.16</vuln:product>
+      <vuln:product>cpe:/a:apache:tomcat:6.0.19</vuln:product>
+      <vuln:product>cpe:/a:apache:tomcat:6.0</vuln:product>
+      <vuln:product>cpe:/a:apache:tomcat:5.5.3</vuln:product>
+      <vuln:product>cpe:/a:apache:tomcat:5.5.33</vuln:product>
+      <vuln:product>cpe:/a:apache:tomcat:6.0.9</vuln:product>
+      <vuln:product>cpe:/a:apache:tomcat:5.5.1</vuln:product>
+      <vuln:product>cpe:/a:apache:tomcat:6.0.1</vuln:product>
+      <vuln:product>cpe:/a:apache:tomcat:6.0.10</vuln:product>
+      <vuln:product>cpe:/a:apache:tomcat:6.0.0</vuln:product>
+      <vuln:product>cpe:/a:apache:tomcat:5.5.12</vuln:product>
+      <vuln:product>cpe:/a:apache:tomcat:7.0.21</vuln:product>
+      <vuln:product>cpe:/a:apache:tomcat:6.0.11</vuln:product>
+      <vuln:product>cpe:/a:apache:tomcat:5.5.16</vuln:product>
+      <vuln:product>cpe:/a:apache:tomcat:5.5.25</vuln:product>
+      <vuln:product>cpe:/a:apache:tomcat:6.0.7</vuln:product>
+      <vuln:product>cpe:/a:apache:tomcat:5.5.31</vuln:product>
+      <vuln:product>cpe:/a:apache:tomcat:6.0.18</vuln:product>
+      <vuln:product>cpe:/a:apache:tomcat:7.0.12</vuln:product>
+      <vuln:product>cpe:/a:apache:tomcat:7.0.14</vuln:product>
+      <vuln:product>cpe:/a:apache:tomcat:5.5.22</vuln:product>
+      <vuln:product>cpe:/a:apache:tomcat:6.0.29</vuln:product>
+      <vuln:product>cpe:/a:apache:tomcat:7.0.1</vuln:product>
+      <vuln:product>cpe:/a:apache:tomcat:6.0.5</vuln:product>
+      <vuln:product>cpe:/a:apache:tomcat:7.0.0:beta</vuln:product>
+      <vuln:product>cpe:/a:apache:tomcat:7.0.3</vuln:product>
+      <vuln:product>cpe:/a:apache:tomcat:5.5.2</vuln:product>
+      <vuln:product>cpe:/a:apache:tomcat:5.5.26</vuln:product>
+      <vuln:product>cpe:/a:apache:tomcat:6.0.3</vuln:product>
+      <vuln:product>cpe:/a:apache:tomcat:5.5.7</vuln:product>
+      <vuln:product>cpe:/a:apache:tomcat:5.5.17</vuln:product>
+      <vuln:product>cpe:/a:apache:tomcat:6.0.33</vuln:product>
+      <vuln:product>cpe:/a:apache:tomcat:5.5.9</vuln:product>
+      <vuln:product>cpe:/a:apache:tomcat:6.0.6</vuln:product>
+      <vuln:product>cpe:/a:apache:tomcat:7.0.4</vuln:product>
+      <vuln:product>cpe:/a:apache:tomcat:5.5.5</vuln:product>
+      <vuln:product>cpe:/a:apache:tomcat:7.0.22</vuln:product>
+      <vuln:product>cpe:/a:apache:tomcat:5.5.8</vuln:product>
+      <vuln:product>cpe:/a:apache:tomcat:7.0.17</vuln:product>
+      <vuln:product>cpe:/a:apache:tomcat:6.0.17</vuln:product>
+      <vuln:product>cpe:/a:apache:tomcat:7.0.6</vuln:product>
+      <vuln:product>cpe:/a:apache:tomcat:7.0.16</vuln:product>
+      <vuln:product>cpe:/a:apache:tomcat:7.0.5</vuln:product>
+      <vuln:product>cpe:/a:apache:tomcat:6.0.12</vuln:product>
+      <vuln:product>cpe:/a:apache:tomcat:5.5.6</vuln:product>
+      <vuln:product>cpe:/a:apache:tomcat:6.0.28</vuln:product>
+      <vuln:product>cpe:/a:apache:tomcat:6.0.30</vuln:product>
+      <vuln:product>cpe:/a:apache:tomcat:7.0.0</vuln:product>
+      <vuln:product>cpe:/a:apache:tomcat:5.5.4</vuln:product>
+      <vuln:product>cpe:/a:apache:tomcat:5.5.10</vuln:product>
+      <vuln:product>cpe:/a:apache:tomcat:5.5.28</vuln:product>
+      <vuln:product>cpe:/a:apache:tomcat:7.0.13</vuln:product>
+      <vuln:product>cpe:/a:apache:tomcat:5.5.21</vuln:product>
+      <vuln:product>cpe:/a:apache:tomcat:5.5.15</vuln:product>
+      <vuln:product>cpe:/a:apache:tomcat:5.5.27</vuln:product>
+      <vuln:product>cpe:/a:apache:tomcat:5.5.19</vuln:product>
+      <vuln:product>cpe:/a:apache:tomcat:5.5.34</vuln:product>
+      <vuln:product>cpe:/a:apache:tomcat:6.0.13</vuln:product>
+      <vuln:product>cpe:/a:apache:tomcat:6.0.32</vuln:product>
+      <vuln:product>cpe:/a:apache:tomcat:7.0.2</vuln:product>
+      <vuln:product>cpe:/a:apache:tomcat:6.0.26</vuln:product>
+      <vuln:product>cpe:/a:apache:tomcat:6.0.24</vuln:product>
+      <vuln:product>cpe:/a:apache:tomcat:5.5.23</vuln:product>
+      <vuln:product>cpe:/a:apache:tomcat:6.0.31</vuln:product>
+      <vuln:product>cpe:/a:apache:tomcat:6.0.14</vuln:product>
+      <vuln:product>cpe:/a:apache:tomcat:7.0.7</vuln:product>
+      <vuln:product>cpe:/a:apache:tomcat:6.0.27</vuln:product>
+      <vuln:product>cpe:/a:apache:tomcat:7.0.10</vuln:product>
+      <vuln:product>cpe:/a:apache:tomcat:6.0.8</vuln:product>
+      <vuln:product>cpe:/a:apache:tomcat:5.5.29</vuln:product>
+      <vuln:product>cpe:/a:apache:tomcat:5.5.20</vuln:product>
+      <vuln:product>cpe:/a:apache:tomcat:5.5.30</vuln:product>
+      <vuln:product>cpe:/a:apache:tomcat:6.0.4</vuln:product>
+      <vuln:product>cpe:/a:apache:tomcat:7.0.8</vuln:product>
+      <vuln:product>cpe:/a:apache:tomcat:5.5.32</vuln:product>
+      <vuln:product>cpe:/a:apache:tomcat:6.0.20</vuln:product>
+      <vuln:product>cpe:/a:apache:tomcat:7.0.20</vuln:product>
+      <vuln:product>cpe:/a:apache:tomcat:7.0.19</vuln:product>
+      <vuln:product>cpe:/a:apache:tomcat:7.0.11</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2012-0022</vuln:cve-id>
+    <vuln:published-datetime>2012-01-18T23:01:16.990-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2012-11-06T00:05:39.687-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>5.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2012-01-19T14:31:00.000-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-189" />
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>XF</vuln:source>
+      <vuln:reference href="http://xforce.iss.net/xforce/xfdb/72425" xml:lang="en">apache-tomcat-parameter-dos(72425)</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/51447" xml:lang="en">51447</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>DEBIAN</vuln:source>
+      <vuln:reference href="http://www.debian.org/security/2012/dsa-2401" xml:lang="en">DSA-2401</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://tomcat.apache.org/security-7.html" xml:lang="en">http://tomcat.apache.org/security-7.html</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://tomcat.apache.org/security-6.html" xml:lang="en">http://tomcat.apache.org/security-6.html</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://tomcat.apache.org/security-5.html" xml:lang="en">http://tomcat.apache.org/security-5.html</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/48213" xml:lang="en">48213</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>REDHAT</vuln:source>
+      <vuln:reference href="http://rhn.redhat.com/errata/RHSA-2012-0345.html" xml:lang="en">RHSA-2012:0345</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>HP</vuln:source>
+      <vuln:reference href="http://marc.info/?l=bugtraq&amp;m=132871655717248&amp;w=2" xml:lang="en">HPSBUX02741</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BUGTRAQ</vuln:source>
+      <vuln:reference href="http://archives.neohapsis.com/archives/bugtraq/2012-01/0112.html" xml:lang="en">20120117 [SECURITY] CVE-2012-0022 Apache Tomcat Denial of Service</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Apache Tomcat 5.5.x before 5.5.35, 6.x before 6.0.34, and 7.x before 7.0.23 uses an inefficient approach for handling parameters, which allows remote attackers to cause a denial of service (CPU consumption) via a request that contains many parameters and parameter values, a different vulnerability than CVE-2011-4858.</vuln:summary>
+  </entry>
+  <entry id="CVE-2012-0023">
+    <vuln:vulnerable-configuration id="http://nvd.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:videolan:vlc_media_player:0.9.10" />
+        <cpe-lang:fact-ref name="cpe:/a:videolan:vlc_media_player:0.9.9" />
+        <cpe-lang:fact-ref name="cpe:/a:videolan:vlc_media_player:0.9.1" />
+        <cpe-lang:fact-ref name="cpe:/a:videolan:vlc_media_player:0.9.4" />
+        <cpe-lang:fact-ref name="cpe:/a:videolan:vlc_media_player:0.9.3" />
+        <cpe-lang:fact-ref name="cpe:/a:videolan:vlc_media_player:0.9.2" />
+        <cpe-lang:fact-ref name="cpe:/a:videolan:vlc_media_player:0.9.6" />
+        <cpe-lang:fact-ref name="cpe:/a:videolan:vlc_media_player:0.9.5" />
+        <cpe-lang:fact-ref name="cpe:/a:videolan:vlc_media_player:0.9.0" />
+        <cpe-lang:fact-ref name="cpe:/a:videolan:vlc_media_player:0.9.9a" />
+        <cpe-lang:fact-ref name="cpe:/a:videolan:vlc_media_player:0.9.8a" />
+        <cpe-lang:fact-ref name="cpe:/a:videolan:vlc_media_player:1.1.4.1" />
+        <cpe-lang:fact-ref name="cpe:/a:videolan:vlc_media_player:1.1.9" />
+        <cpe-lang:fact-ref name="cpe:/a:videolan:vlc_media_player:1.1.7" />
+        <cpe-lang:fact-ref name="cpe:/a:videolan:vlc_media_player:1.0.3" />
+        <cpe-lang:fact-ref name="cpe:/a:videolan:vlc_media_player:1.0.0" />
+        <cpe-lang:fact-ref name="cpe:/a:videolan:vlc_media_player:1.0.2" />
+        <cpe-lang:fact-ref name="cpe:/a:videolan:vlc_media_player:1.0.1" />
+        <cpe-lang:fact-ref name="cpe:/a:videolan:vlc_media_player:1.1.4" />
+        <cpe-lang:fact-ref name="cpe:/a:videolan:vlc_media_player:1.1.5" />
+        <cpe-lang:fact-ref name="cpe:/a:videolan:vlc_media_player:1.1.6.1" />
+        <cpe-lang:fact-ref name="cpe:/a:videolan:vlc_media_player:1.1.11" />
+        <cpe-lang:fact-ref name="cpe:/a:videolan:vlc_media_player:1.1.6" />
+        <cpe-lang:fact-ref name="cpe:/a:videolan:vlc_media_player:1.1.8" />
+        <cpe-lang:fact-ref name="cpe:/a:videolan:vlc_media_player:1.1.10" />
+        <cpe-lang:fact-ref name="cpe:/a:videolan:vlc_media_player:1.1.10.1" />
+        <cpe-lang:fact-ref name="cpe:/a:videolan:vlc_media_player:1.0.4" />
+        <cpe-lang:fact-ref name="cpe:/a:videolan:vlc_media_player:1.1.0" />
+        <cpe-lang:fact-ref name="cpe:/a:videolan:vlc_media_player:1.1.1" />
+        <cpe-lang:fact-ref name="cpe:/a:videolan:vlc_media_player:1.1.2" />
+        <cpe-lang:fact-ref name="cpe:/a:videolan:vlc_media_player:1.1.3" />
+        <cpe-lang:fact-ref name="cpe:/a:videolan:vlc_media_player:1.0.5" />
+        <cpe-lang:fact-ref name="cpe:/a:videolan:vlc_media_player:1.0.6" />
+        <cpe-lang:fact-ref name="cpe:/a:videolan:vlc_media_player:1.1.12" />
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:videolan:vlc_media_player:1.1.1</vuln:product>
+      <vuln:product>cpe:/a:videolan:vlc_media_player:1.1.4.1</vuln:product>
+      <vuln:product>cpe:/a:videolan:vlc_media_player:1.0.3</vuln:product>
+      <vuln:product>cpe:/a:videolan:vlc_media_player:1.0.2</vuln:product>
+      <vuln:product>cpe:/a:videolan:vlc_media_player:0.9.2</vuln:product>
+      <vuln:product>cpe:/a:videolan:vlc_media_player:1.0.4</vuln:product>
+      <vuln:product>cpe:/a:videolan:vlc_media_player:0.9.8a</vuln:product>
+      <vuln:product>cpe:/a:videolan:vlc_media_player:0.9.6</vuln:product>
+      <vuln:product>cpe:/a:videolan:vlc_media_player:1.1.11</vuln:product>
+      <vuln:product>cpe:/a:videolan:vlc_media_player:1.1.6</vuln:product>
+      <vuln:product>cpe:/a:videolan:vlc_media_player:1.1.2</vuln:product>
+      <vuln:product>cpe:/a:videolan:vlc_media_player:1.1.0</vuln:product>
+      <vuln:product>cpe:/a:videolan:vlc_media_player:1.1.10.1</vuln:product>
+      <vuln:product>cpe:/a:videolan:vlc_media_player:0.9.1</vuln:product>
+      <vuln:product>cpe:/a:videolan:vlc_media_player:1.0.0</vuln:product>
+      <vuln:product>cpe:/a:videolan:vlc_media_player:1.1.5</vuln:product>
+      <vuln:product>cpe:/a:videolan:vlc_media_player:1.1.3</vuln:product>
+      <vuln:product>cpe:/a:videolan:vlc_media_player:1.1.8</vuln:product>
+      <vuln:product>cpe:/a:videolan:vlc_media_player:1.1.9</vuln:product>
+      <vuln:product>cpe:/a:videolan:vlc_media_player:1.0.5</vuln:product>
+      <vuln:product>cpe:/a:videolan:vlc_media_player:1.1.4</vuln:product>
+      <vuln:product>cpe:/a:videolan:vlc_media_player:0.9.5</vuln:product>
+      <vuln:product>cpe:/a:videolan:vlc_media_player:1.1.7</vuln:product>
+      <vuln:product>cpe:/a:videolan:vlc_media_player:0.9.9a</vuln:product>
+      <vuln:product>cpe:/a:videolan:vlc_media_player:0.9.0</vuln:product>
+      <vuln:product>cpe:/a:videolan:vlc_media_player:0.9.4</vuln:product>
+      <vuln:product>cpe:/a:videolan:vlc_media_player:1.1.6.1</vuln:product>
+      <vuln:product>cpe:/a:videolan:vlc_media_player:1.0.6</vuln:product>
+      <vuln:product>cpe:/a:videolan:vlc_media_player:0.9.10</vuln:product>
+      <vuln:product>cpe:/a:videolan:vlc_media_player:1.1.12</vuln:product>
+      <vuln:product>cpe:/a:videolan:vlc_media_player:0.9.9</vuln:product>
+      <vuln:product>cpe:/a:videolan:vlc_media_player:1.1.10</vuln:product>
+      <vuln:product>cpe:/a:videolan:vlc_media_player:0.9.3</vuln:product>
+      <vuln:product>cpe:/a:videolan:vlc_media_player:1.0.1</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2012-0023</vuln:cve-id>
+    <vuln:published-datetime>2012-10-30T15:55:03.527-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2012-11-06T00:00:00.000-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>9.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>COMPLETE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2012-10-31T08:22:00.000-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-399" />
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.videolan.org/security/sa1108.html" xml:lang="en">http://www.videolan.org/security/sa1108.html</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="PATCH">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://git.videolan.org/?p=vlc.git;a=commit;h=7d282fac1cc455b5a5eca2bb56375efcbf879b06" xml:lang="en">http://git.videolan.org/?p=vlc.git;a=commit;h=7d282fac1cc455b5a5eca2bb56375efcbf879b06</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>XF</vuln:source>
+      <vuln:reference href="http://xforce.iss.net/xforce/xfdb/71916" xml:lang="en">vlcmediaplayer-getchunkheader-code-exec(71916)</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>OSVDB</vuln:source>
+      <vuln:reference href="http://www.osvdb.org/77975" xml:lang="en">77975</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECTRACK</vuln:source>
+      <vuln:reference href="http://securitytracker.com/id?1026449" xml:lang="en">1026449</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/47325" xml:lang="en">47325</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Double free vulnerability in the get_chunk_header function in modules/demux/ty.c in VideoLAN VLC media player 0.9.0 through 1.1.12 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted TiVo (TY) file.</vuln:summary>
+  </entry>
+  <entry id="CVE-2012-0024">
+    <vuln:vulnerable-configuration id="http://nvd.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:1.4.07" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:1.4.06" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:1.4.05" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:1.4.04" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:1.4.03" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:1.4.02" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:1.4.01" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:1.3.07.10" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:1.3.07.09" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:1.3.07.08" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:1.3.07.07" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:1.3.07.06" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:1.3.07.05" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:1.3.07.04" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:1.3.07.03" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:1.3.07.02" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:1.3.07.01" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:1.3.14" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:1.3.13" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:1.3.12" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:1.3.11" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:1.3.10" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:1.3.09" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:1.3.08" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:1.3.07" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:1.3.06" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:1.3.05" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:1.3.04" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:1.3.03" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:1.3.02" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:1.3.01" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:1.2.12.07" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:1.2.12.06" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:1.2.12.05" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:1.2.12.04" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:1.2.12.03" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:1.2.12.02" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:1.2.12.01" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:1.2.12.10" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:1.2.12.09" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:1.2.12.08" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:1.1.58" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:1.1.57" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:1.1.56" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:1.1.55" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:1.1.54" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:1.1.53" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:1.1.52" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:1.1.51" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:1.1.50" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:1.1.49" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:1.1.48" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:1.1.47" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:1.1.46" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:1.1.45" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:1.1.44" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:1.1.43" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:1.1.41" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:1.1.42" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:1.1.39" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:1.1.40" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:1.1.37" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:1.1.38" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:1.1.35" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:1.1.36" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:1.1.33" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:1.1.34" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:1.1.31" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:1.1.32" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:1.1.29" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:1.1.30" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:1.1.27" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:1.1.28" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:1.1.91" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:1.1.59" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:1.1.60" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:1.1.61" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:1.1.90" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:1.1.11" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:1.1.12" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:1.1.13" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:1.1.14" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:1.1.15" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:1.1.16" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:1.1.17" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:1.1.18" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:1.1.19" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:1.1.20" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:1.1.21" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:1.1.22" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:1.1.23" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:1.1.24" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:1.1.25" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:1.1.26" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:1.1.01" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:1.1.04" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:1.1.02" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:1.1.06" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:1.1.05" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:1.1.08" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:1.1.07" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:1.1.10" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:1.1.09" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:1.0.39" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:1.0.40" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:1.0.31" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:1.0.32" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:1.0.33" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:1.0.34" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:1.0.35" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:1.0.36" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:1.0.37" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:1.0.38" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:1.0.24" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:1.0.23" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:1.0.26" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:1.0.25" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:1.0.28" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:1.0.27" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:1.0.30" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:1.0.29" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:1.0.16" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:1.0.15" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:1.0.18" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:1.0.17" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:1.0.20" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:1.0.19" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:1.0.22" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:1.0.21" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:1.0.04" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:1.0.03" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:1.0.06" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:1.0.05" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:1.0.00" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:1.0.02" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:1.0.41" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:1.0.01" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:1.0.12" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:1.0.11" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:1.0.14" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:1.0.13" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:1.0.08" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:1.0.07" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:1.0.10" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:1.0.09" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:0.9.22" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:0.9.23" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:0.9.20" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:0.9.21" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:0.9.26" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:0.9.27" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:0.9.24" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:0.9.25" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:0.9.30" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:0.9.31" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:0.9.28" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:0.9.29" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:0.9.34" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:0.9.35" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:0.9.32" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:0.9.33" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:0.9.11" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:0.9.15" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:0.9.14" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:0.9.13" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:0.9.12" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:0.9.19" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:0.9.18" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:0.9.17" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:0.9.16" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:0.9.37" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:0.9.36" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:0.9.39" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:0.9.38" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:0.9.92" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:0.9.91" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:0.6.02" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:0.6.03" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:0.6.00" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:0.6.01" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:0.5.32" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:0.5.33" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:0.9.00" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:0.8.99" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:0.8.05" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:0.6.19" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:0.6.18" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:0.6.17" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:0.6.16" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:0.6.15" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:0.6.14" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:0.6.13" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:0.6.12" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:0.6.11" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:0.6.10" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:0.6.09" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:0.6.08" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:0.6.07" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:0.6.06" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:0.6.05" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:0.6.04" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:0.5.28" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:0.5.29" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:0.5.30" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:0.5.31" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:0.7.20" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:0.7.21" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:0.7.18" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:0.7.19" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:0.7.16" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:0.7.17" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:0.7.14" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:0.7.15" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:0.8.06" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:0.8.07" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:0.8.03" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:0.8.04" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:0.8.01" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:0.8.02" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:0.7.22" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:0.8.00" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:0.7.05" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:0.7.04" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:0.7.03" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:0.7.02" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:0.7.01" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:0.7.00" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:0.6.21" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:0.6.20" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:0.7.13" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:0.7.12" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:0.7.11" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:0.7.10" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:0.7.09" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:0.7.08" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:0.7.07" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:0.7.06" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:0.8.28" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:0.8.29" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:0.8.30" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:0.8.31" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:0.8.24" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:0.8.25" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:0.8.26" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:0.8.27" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:0.8.99a" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:0.9.01" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:0.9.02" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:0.9.03" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:0.8.32" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:0.8.33" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:0.8.34" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:0.8.35" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:0.8.13" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:0.8.12" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:0.8.15" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:0.8.14" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:0.8.09" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:0.8.08" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:0.8.11" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:0.8.10" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:0.8.21" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:0.8.20" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:0.8.23" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:0.8.22" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:0.8.17" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:0.8.16" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:0.8.19" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:0.8.18" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:0.9.07" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:0.9.06" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:0.9.05" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:0.9.04" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:0.9.10" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:0.9.09" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:0.9.08" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:0.1.28" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:0.1.29" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:0.1.26" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:0.1.27" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:0.1.32" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:0.1.33" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:0.1.30" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:0.1.31" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:0.1.20" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:0.1.21" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:0.1.18" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:0.1.19" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:0.1.24" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:0.1.25" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:0.1.22" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:0.1.23" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:0.2.04" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:0.2.03" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:0.2.02" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:0.2.01" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:0.2.08" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:0.2.07" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:0.2.06" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:0.2.05" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:0.1.37" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:0.1.36" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:0.1.35" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:0.1.34" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:0.2.00" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:0.1.40" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:0.1.39" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:0.1.38" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:0.0.03" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:0.0.04" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:0.0.05" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:0.0.06" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:0.0.07" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:0.0.08" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:0.1.00" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:0.1.01" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:0.0.01" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:0.0.02" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:0.1.11" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:0.1.10" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:0.1.13" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:0.1.12" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:0.1.15" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:0.1.14" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:0.1.17" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:0.1.16" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:0.1.03" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:0.1.02" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:0.1.05" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:0.1.04" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:0.1.07" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:0.1.06" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:0.1.09" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:0.1.08" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:0.5.26" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:0.5.27" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:0.5.24" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:0.5.25" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:0.5.22" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:0.5.23" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:0.5.20" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:0.5.21" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:0.5.18" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:0.5.19" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:0.4.03" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:0.4.04" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:0.5.00" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:0.5.01" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:0.3.06" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:0.4.00" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:0.4.01" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:0.4.02" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:0.3.02" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:0.3.03" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:0.3.04" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:0.3.05" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:0.2.09" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:0.2.10" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:0.3.00" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:0.3.01" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:0.5.15" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:0.5.14" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:0.5.17" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:0.5.16" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:0.5.11" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:0.5.10" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:0.5.13" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:0.5.12" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:0.5.07" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:0.5.06" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:0.5.09" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:0.5.08" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:0.5.03" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:0.5.02" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:0.5.05" />
+        <cpe-lang:fact-ref name="cpe:/a:maradns:maradns:0.5.04" />
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:maradns:maradns:1.1.39</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:1.1.40</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:1.0.12</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:0.8.06</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:1.1.46</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:0.8.13</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:1.1.32</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:0.9.31</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:0.3.02</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:0.7.13</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:0.1.05</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:1.1.08</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:1.1.14</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:1.1.45</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:0.8.05</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:1.1.04</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:0.1.19</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:0.8.09</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:0.9.36</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:0.1.32</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:0.8.30</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:1.1.09</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:1.0.19</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:0.9.16</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:1.1.37</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:1.0.15</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:0.2.07</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:0.6.07</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:0.9.17</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:0.4.03</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:1.1.23</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:0.3.06</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:0.5.07</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:1.2.12.07</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:0.1.20</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:1.0.33</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:0.1.15</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:0.8.12</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:1.3.07</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:1.2.12.09</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:0.9.18</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:0.1.22</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:0.9.38</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:0.0.02</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:1.0.13</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:0.8.10</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:1.1.11</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:1.3.07.05</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:0.5.04</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:0.7.01</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:1.0.20</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:1.1.54</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:0.5.18</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:0.1.30</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:0.9.32</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:0.1.06</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:0.7.21</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:1.0.39</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:1.4.05</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:1.0.25</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:1.2.12.03</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:1.0.35</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:0.5.11</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:0.8.11</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:1.0.27</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:1.0.28</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:0.3.03</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:0.8.01</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:0.5.31</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:1.2.12.02</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:0.9.01</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:0.0.01</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:1.1.38</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:0.1.18</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:1.3.07.03</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:0.1.21</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:1.1.01</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:0.5.28</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:1.1.30</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:1.0.38</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:0.9.34</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:0.1.14</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:0.1.27</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:0.8.28</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:0.9.15</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:0.1.03</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:0.8.99a</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:1.3.09</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:1.0.11</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:0.9.07</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:0.5.13</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:0.7.00</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:0.2.08</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:1.0.31</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:0.1.07</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:0.0.08</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:1.0.03</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:0.1.29</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:1.3.07.10</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:0.1.34</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:1.0.08</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:0.2.02</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:1.3.10</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:1.3.06</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:1.3.05</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:1.1.43</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:1.1.47</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:0.8.26</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:0.9.13</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:0.1.13</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:0.0.07</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:1.2.12.01</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:1.0.29</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:0.1.28</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:0.9.30</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:0.4.04</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:0.1.31</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:0.9.03</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:1.1.21</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:1.0.36</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:1.1.06</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:1.1.50</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:1.1.42</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:1.1.41</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:0.8.03</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:0.6.15</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:0.9.11</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:1.3.02</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:1.1.53</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:0.7.05</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:1.1.22</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:1.0.18</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:0.7.07</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:1.3.07.06</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:0.6.02</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:0.9.25</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:0.6.08</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:0.7.04</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:0.9.28</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:0.7.20</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:1.1.44</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:1.3.07.08</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:0.9.24</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:0.4.02</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:0.1.35</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:0.5.02</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:0.5.30</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:1.1.35</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:0.6.14</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:0.1.17</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:0.7.12</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:0.8.27</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:1.1.17</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:0.5.00</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:0.6.03</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:0.5.05</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:0.1.09</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:0.7.16</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:0.7.15</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:1.3.07.01</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:0.5.16</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:1.3.14</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:0.8.29</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:0.1.38</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:0.9.33</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:1.0.17</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:1.0.00</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:1.0.09</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:0.1.24</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:0.8.20</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:0.6.00</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:0.1.26</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:0.9.08</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:0.2.00</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:0.7.02</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:1.0.23</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:1.1.27</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:0.3.05</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:0.1.12</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:0.6.10</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:0.6.18</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:0.6.06</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:0.0.05</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:1.0.22</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:1.0.24</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:1.4.01</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:0.7.08</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:1.1.24</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:1.1.60</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:0.5.27</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:0.7.10</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:0.1.02</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:0.5.33</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:0.8.02</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:1.4.07</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:0.8.31</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:0.9.22</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:0.1.00</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:0.8.00</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:1.1.49</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:0.5.32</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:1.3.08</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:0.5.21</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:0.1.40</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:0.8.22</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:1.3.12</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:1.2.12.08</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:1.1.12</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:0.6.04</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:0.9.27</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:0.6.13</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:0.5.15</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:0.1.11</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:0.3.00</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:0.7.03</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:0.5.24</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:1.1.36</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:0.5.09</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:0.9.14</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:1.4.06</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:1.0.30</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:0.6.16</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:1.1.57</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:0.7.14</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:1.0.32</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:1.0.16</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:1.3.07.09</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:0.9.35</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:0.6.17</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:1.1.52</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:0.8.21</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:1.0.05</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:1.0.14</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:0.8.32</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:1.1.31</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:1.2.12.04</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:0.5.25</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:0.2.05</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:0.7.22</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:0.2.03</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:1.3.11</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:0.9.91</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:1.3.04</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:0.2.09</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:0.6.09</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:0.1.10</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:0.6.12</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:0.8.24</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:1.4.03</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:1.3.07.07</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:1.0.10</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:1.1.58</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:0.5.26</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:1.1.13</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:0.9.12</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:0.9.04</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:1.0.40</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:0.6.19</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:0.7.11</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:0.9.37</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:1.1.56</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:0.9.20</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:0.8.35</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:0.8.16</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:1.0.41</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:0.9.06</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:1.2.12.05</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:0.2.06</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:0.7.19</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:0.5.10</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:1.1.48</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:0.5.01</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:0.8.04</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:1.3.07.04</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:0.9.92</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:0.1.16</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:1.3.13</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:1.1.16</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:0.0.04</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:0.6.21</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:0.8.07</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:0.6.01</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:1.1.91</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:1.1.25</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:1.0.21</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:0.9.39</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:1.3.03</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:0.1.36</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:0.8.18</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:0.8.23</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:0.6.11</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:0.9.09</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:0.5.03</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:1.1.19</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:1.0.26</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:0.0.03</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:0.7.09</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:0.9.19</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:1.0.01</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:0.0.06</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:1.4.02</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:0.5.06</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:1.1.55</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:0.8.14</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:0.7.17</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:1.3.07.02</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:0.5.22</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:0.8.34</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:0.5.19</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:0.1.37</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:0.9.02</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:1.0.07</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:1.1.20</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:1.1.33</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:0.8.19</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:1.1.61</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:1.0.06</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:0.3.04</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:1.1.29</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:1.2.12.06</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:0.9.05</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:0.1.04</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:0.5.14</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:0.5.17</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:1.1.10</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:0.8.99</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:1.0.34</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:1.1.90</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:0.7.06</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:0.2.01</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:1.1.51</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:1.1.07</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:0.4.01</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:0.6.05</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:0.9.00</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:0.5.12</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:0.1.23</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:0.2.10</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:1.1.34</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:1.4.04</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:0.9.21</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:1.0.04</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:0.8.15</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:1.1.15</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:1.3.01</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:0.1.25</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:1.1.26</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:0.3.01</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:1.0.02</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:1.1.59</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:0.5.08</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:0.8.08</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:0.2.04</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:0.8.17</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:0.9.26</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:0.4.00</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:0.9.29</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:0.1.33</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:0.1.08</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:1.1.28</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:0.1.39</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:0.8.33</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:0.8.25</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:0.9.23</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:0.5.29</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:1.0.37</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:0.1.01</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:0.6.20</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:0.5.20</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:1.1.05</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:0.7.18</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:1.1.18</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:0.5.23</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:1.1.02</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:1.2.12.10</vuln:product>
+      <vuln:product>cpe:/a:maradns:maradns:0.9.10</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2012-0024</vuln:cve-id>
+    <vuln:published-datetime>2012-01-07T19:55:03.597-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2012-01-09T14:38:10.383-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>5.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2012-01-09T14:35:00.000-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-20" />
+    <vuln:references xml:lang="en" reference_type="PATCH">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://samiam.org/blog/20111229.html" xml:lang="en">http://samiam.org/blog/20111229.html</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://bugzilla.redhat.com/show_bug.cgi?id=771428" xml:lang="en">https://bugzilla.redhat.com/show_bug.cgi?id=771428</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://openwall.com/lists/oss-security/2012/01/03/6" xml:lang="en">[oss-security] 20120103 CVE request: maradns hash table collision cpu dos</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://openwall.com/lists/oss-security/2012/01/03/13" xml:lang="en">[oss-security] 20120103 Re: CVE request: maradns hash table collision cpu dos</vuln:reference>
+    </vuln:references>
+    <vuln:summary>MaraDNS before 1.3.07.12 and 1.4.x before 1.4.08 computes hash values for DNS data without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted queries with the Recursion Desired (RD) bit set.</vuln:summary>
+  </entry>
+  <entry id="CVE-2012-0025">
+    <vuln:vulnerable-configuration id="http://nvd.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:irfanview:flashpix_plugin:4.2.2.0" />
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:irfanview:flashpix_plugin:4.2.2.0</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2012-0025</vuln:cve-id>
+    <vuln:published-datetime>2012-11-02T14:55:02.763-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2012-11-05T10:17:45.263-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>6.8</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2012-11-05T10:14:00.000-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-399" />
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>XF</vuln:source>
+      <vuln:reference href="http://xforce.iss.net/xforce/xfdb/71892" xml:lang="en">libfpx-freeallmemory-code-exec(71892)</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://www.protekresearchlab.com/index.php?option=com_content&amp;view=article&amp;id=31&amp;Itemid=31" xml:lang="en">http://www.protekresearchlab.com/index.php?option=com_content&amp;view=article&amp;id=31&amp;Itemid=31</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>OSVDB</vuln:source>
+      <vuln:reference href="http://www.osvdb.org/77958" xml:lang="en">77958</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.imagemagick.org/download/delegates/libfpx-1.3.1-1.zip" xml:lang="en">http://www.imagemagick.org/download/delegates/libfpx-1.3.1-1.zip</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>EXPLOIT-DB</vuln:source>
+      <vuln:reference href="http://www.exploit-db.com/exploits/18256" xml:lang="en">18256</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/47322" xml:lang="en">47322</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/47246" xml:lang="en">47246</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Double free vulnerability in the Free_All_Memory function in jpeg/dectile.c in libfpx before 1.3.1-1, as used in the FlashPix PlugIn 4.2.2.0 for IrfanView, allows remote attackers to cause a denial of service (crash) via a crafted FPX image.</vuln:summary>
+  </entry>
+  <entry id="CVE-2012-0026">
+    <vuln:cve-id>CVE-2012-0026</vuln:cve-id>
+    <vuln:published-datetime>2012-01-04T06:55:03.660-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2012-01-04T06:55:04.317-05:00</vuln:last-modified-datetime>
+    <vuln:summary>** REJECT **  DO NOT USE THIS CANDIDATE NUMBER.  ConsultIDs: CVE-2012-0287.  Reason: This candidate is a duplicate of CVE-2012-0287.  Notes: All CVE users should reference CVE-2012-0287 instead of this candidate.  All references and descriptions in this candidate have been removed to prevent accidental usage.</vuln:summary>
+  </entry>
+  <entry id="CVE-2012-0027">
+    <vuln:vulnerable-configuration id="http://nvd.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:openssl:openssl:1.0.0e" />
+        <cpe-lang:fact-ref name="cpe:/a:openssl:openssl:1.0.0d" />
+        <cpe-lang:fact-ref name="cpe:/a:openssl:openssl:1.0.0c" />
+        <cpe-lang:fact-ref name="cpe:/a:openssl:openssl:1.0.0b" />
+        <cpe-lang:fact-ref name="cpe:/a:openssl:openssl:1.0.0a" />
+        <cpe-lang:fact-ref name="cpe:/a:openssl:openssl:1.0.0:beta5" />
+        <cpe-lang:fact-ref name="cpe:/a:openssl:openssl:1.0.0:beta4" />
+        <cpe-lang:fact-ref name="cpe:/a:openssl:openssl:1.0.0:beta3" />
+        <cpe-lang:fact-ref name="cpe:/a:openssl:openssl:1.0.0:beta2" />
+        <cpe-lang:fact-ref name="cpe:/a:openssl:openssl:1.0.0:beta1" />
+        <cpe-lang:fact-ref name="cpe:/a:openssl:openssl:1.0.0" />
+        <cpe-lang:fact-ref name="cpe:/a:openssl:openssl:0.9.8s" />
+        <cpe-lang:fact-ref name="cpe:/a:openssl:openssl:0.9.8r" />
+        <cpe-lang:fact-ref name="cpe:/a:openssl:openssl:0.9.8g" />
+        <cpe-lang:fact-ref name="cpe:/a:openssl:openssl:0.9.8f" />
+        <cpe-lang:fact-ref name="cpe:/a:openssl:openssl:0.9.8n" />
+        <cpe-lang:fact-ref name="cpe:/a:openssl:openssl:0.9.8q" />
+        <cpe-lang:fact-ref name="cpe:/a:openssl:openssl:0.9.8o" />
+        <cpe-lang:fact-ref name="cpe:/a:openssl:openssl:0.9.8l" />
+        <cpe-lang:fact-ref name="cpe:/a:openssl:openssl:0.9.8p" />
+        <cpe-lang:fact-ref name="cpe:/a:openssl:openssl:0.9.8h" />
+        <cpe-lang:fact-ref name="cpe:/a:openssl:openssl:0.9.8m" />
+        <cpe-lang:fact-ref name="cpe:/a:openssl:openssl:0.9.8k" />
+        <cpe-lang:fact-ref name="cpe:/a:openssl:openssl:0.9.8i" />
+        <cpe-lang:fact-ref name="cpe:/a:openssl:openssl:0.9.8j" />
+        <cpe-lang:fact-ref name="cpe:/a:openssl:openssl:0.9.8" />
+        <cpe-lang:fact-ref name="cpe:/a:openssl:openssl:0.9.8a" />
+        <cpe-lang:fact-ref name="cpe:/a:openssl:openssl:0.9.8e" />
+        <cpe-lang:fact-ref name="cpe:/a:openssl:openssl:0.9.8c" />
+        <cpe-lang:fact-ref name="cpe:/a:openssl:openssl:0.9.8b" />
+        <cpe-lang:fact-ref name="cpe:/a:openssl:openssl:0.9.8d" />
+        <cpe-lang:fact-ref name="cpe:/a:openssl:openssl:0.9.7m" />
+        <cpe-lang:fact-ref name="cpe:/a:openssl:openssl:0.9.7l" />
+        <cpe-lang:fact-ref name="cpe:/a:openssl:openssl:0.9.7k" />
+        <cpe-lang:fact-ref name="cpe:/a:openssl:openssl:0.9.7j" />
+        <cpe-lang:fact-ref name="cpe:/a:openssl:openssl:0.9.7i" />
+        <cpe-lang:fact-ref name="cpe:/a:openssl:openssl:0.9.7h" />
+        <cpe-lang:fact-ref name="cpe:/a:openssl:openssl:0.9.7g" />
+        <cpe-lang:fact-ref name="cpe:/a:openssl:openssl:0.9.7f" />
+        <cpe-lang:fact-ref name="cpe:/a:openssl:openssl:0.9.7e" />
+        <cpe-lang:fact-ref name="cpe:/a:openssl:openssl:0.9.7d" />
+        <cpe-lang:fact-ref name="cpe:/a:openssl:openssl:0.9.7c" />
+        <cpe-lang:fact-ref name="cpe:/a:openssl:openssl:0.9.7b" />
+        <cpe-lang:fact-ref name="cpe:/a:openssl:openssl:0.9.7a" />
+        <cpe-lang:fact-ref name="cpe:/a:openssl:openssl:0.9.7" />
+        <cpe-lang:fact-ref name="cpe:/a:openssl:openssl:0.9.6m" />
+        <cpe-lang:fact-ref name="cpe:/a:openssl:openssl:0.9.6l" />
+        <cpe-lang:fact-ref name="cpe:/a:openssl:openssl:0.9.6k" />
+        <cpe-lang:fact-ref name="cpe:/a:openssl:openssl:0.9.6j" />
+        <cpe-lang:fact-ref name="cpe:/a:openssl:openssl:0.9.6i" />
+        <cpe-lang:fact-ref name="cpe:/a:openssl:openssl:0.9.6h:bogus" />
+        <cpe-lang:fact-ref name="cpe:/a:openssl:openssl:0.9.6h" />
+        <cpe-lang:fact-ref name="cpe:/a:openssl:openssl:0.9.6g" />
+        <cpe-lang:fact-ref name="cpe:/a:openssl:openssl:0.9.6f" />
+        <cpe-lang:fact-ref name="cpe:/a:openssl:openssl:0.9.6e" />
+        <cpe-lang:fact-ref name="cpe:/a:openssl:openssl:0.9.6d" />
+        <cpe-lang:fact-ref name="cpe:/a:openssl:openssl:0.9.6c" />
+        <cpe-lang:fact-ref name="cpe:/a:openssl:openssl:0.9.6b" />
+        <cpe-lang:fact-ref name="cpe:/a:openssl:openssl:0.9.6a" />
+        <cpe-lang:fact-ref name="cpe:/a:openssl:openssl:0.9.6" />
+        <cpe-lang:fact-ref name="cpe:/a:openssl:openssl:0.9.5a" />
+        <cpe-lang:fact-ref name="cpe:/a:openssl:openssl:0.9.5" />
+        <cpe-lang:fact-ref name="cpe:/a:openssl:openssl:0.9.4" />
+        <cpe-lang:fact-ref name="cpe:/a:openssl:openssl:0.9.3a" />
+        <cpe-lang:fact-ref name="cpe:/a:openssl:openssl:0.9.3" />
+        <cpe-lang:fact-ref name="cpe:/a:openssl:openssl:0.9.2b" />
+        <cpe-lang:fact-ref name="cpe:/a:openssl:openssl:0.9.1c" />
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:openssl:openssl:0.9.8m</vuln:product>
+      <vuln:product>cpe:/a:openssl:openssl:0.9.6a</vuln:product>
+      <vuln:product>cpe:/a:openssl:openssl:0.9.6</vuln:product>
+      <vuln:product>cpe:/a:openssl:openssl:0.9.8q</vuln:product>
+      <vuln:product>cpe:/a:openssl:openssl:0.9.8s</vuln:product>
+      <vuln:product>cpe:/a:openssl:openssl:1.0.0:beta5</vuln:product>
+      <vuln:product>cpe:/a:openssl:openssl:0.9.7k</vuln:product>
+      <vuln:product>cpe:/a:openssl:openssl:0.9.6h</vuln:product>
+      <vuln:product>cpe:/a:openssl:openssl:0.9.7</vuln:product>
+      <vuln:product>cpe:/a:openssl:openssl:0.9.2b</vuln:product>
+      <vuln:product>cpe:/a:openssl:openssl:0.9.8r</vuln:product>
+      <vuln:product>cpe:/a:openssl:openssl:0.9.8h</vuln:product>
+      <vuln:product>cpe:/a:openssl:openssl:1.0.0e</vuln:product>
+      <vuln:product>cpe:/a:openssl:openssl:1.0.0</vuln:product>
+      <vuln:product>cpe:/a:openssl:openssl:0.9.8o</vuln:product>
+      <vuln:product>cpe:/a:openssl:openssl:0.9.8f</vuln:product>
+      <vuln:product>cpe:/a:openssl:openssl:0.9.8k</vuln:product>
+      <vuln:product>cpe:/a:openssl:openssl:0.9.7h</vuln:product>
+      <vuln:product>cpe:/a:openssl:openssl:0.9.7d</vuln:product>
+      <vuln:product>cpe:/a:openssl:openssl:0.9.6e</vuln:product>
+      <vuln:product>cpe:/a:openssl:openssl:0.9.6i</vuln:product>
+      <vuln:product>cpe:/a:openssl:openssl:0.9.1c</vuln:product>
+      <vuln:product>cpe:/a:openssl:openssl:0.9.7e</vuln:product>
+      <vuln:product>cpe:/a:openssl:openssl:1.0.0c</vuln:product>
+      <vuln:product>cpe:/a:openssl:openssl:0.9.6d</vuln:product>
+      <vuln:product>cpe:/a:openssl:openssl:0.9.8e</vuln:product>
+      <vuln:product>cpe:/a:openssl:openssl:0.9.7f</vuln:product>
+      <vuln:product>cpe:/a:openssl:openssl:0.9.3</vuln:product>
+      <vuln:product>cpe:/a:openssl:openssl:0.9.7i</vuln:product>
+      <vuln:product>cpe:/a:openssl:openssl:0.9.7b</vuln:product>
+      <vuln:product>cpe:/a:openssl:openssl:0.9.4</vuln:product>
+      <vuln:product>cpe:/a:openssl:openssl:0.9.8c</vuln:product>
+      <vuln:product>cpe:/a:openssl:openssl:0.9.6h:bogus</vuln:product>
+      <vuln:product>cpe:/a:openssl:openssl:1.0.0d</vuln:product>
+      <vuln:product>cpe:/a:openssl:openssl:0.9.5</vuln:product>
+      <vuln:product>cpe:/a:openssl:openssl:1.0.0:beta3</vuln:product>
+      <vuln:product>cpe:/a:openssl:openssl:0.9.8l</vuln:product>
+      <vuln:product>cpe:/a:openssl:openssl:1.0.0a</vuln:product>
+      <vuln:product>cpe:/a:openssl:openssl:1.0.0:beta2</vuln:product>
+      <vuln:product>cpe:/a:openssl:openssl:0.9.6g</vuln:product>
+      <vuln:product>cpe:/a:openssl:openssl:1.0.0:beta1</vuln:product>
+      <vuln:product>cpe:/a:openssl:openssl:0.9.6l</vuln:product>
+      <vuln:product>cpe:/a:openssl:openssl:0.9.7c</vuln:product>
+      <vuln:product>cpe:/a:openssl:openssl:0.9.8n</vuln:product>
+      <vuln:product>cpe:/a:openssl:openssl:0.9.6f</vuln:product>
+      <vuln:product>cpe:/a:openssl:openssl:0.9.8j</vuln:product>
+      <vuln:product>cpe:/a:openssl:openssl:0.9.6b</vuln:product>
+      <vuln:product>cpe:/a:openssl:openssl:0.9.6j</vuln:product>
+      <vuln:product>cpe:/a:openssl:openssl:0.9.6c</vuln:product>
+      <vuln:product>cpe:/a:openssl:openssl:0.9.8i</vuln:product>
+      <vuln:product>cpe:/a:openssl:openssl:0.9.3a</vuln:product>
+      <vuln:product>cpe:/a:openssl:openssl:0.9.5a</vuln:product>
+      <vuln:product>cpe:/a:openssl:openssl:0.9.7g</vuln:product>
+      <vuln:product>cpe:/a:openssl:openssl:0.9.7a</vuln:product>
+      <vuln:product>cpe:/a:openssl:openssl:0.9.6k</vuln:product>
+      <vuln:product>cpe:/a:openssl:openssl:0.9.8p</vuln:product>
+      <vuln:product>cpe:/a:openssl:openssl:0.9.8</vuln:product>
+      <vuln:product>cpe:/a:openssl:openssl:0.9.8a</vuln:product>
+      <vuln:product>cpe:/a:openssl:openssl:1.0.0:beta4</vuln:product>
+      <vuln:product>cpe:/a:openssl:openssl:0.9.8b</vuln:product>
+      <vuln:product>cpe:/a:openssl:openssl:0.9.7l</vuln:product>
+      <vuln:product>cpe:/a:openssl:openssl:0.9.6m</vuln:product>
+      <vuln:product>cpe:/a:openssl:openssl:0.9.7j</vuln:product>
+      <vuln:product>cpe:/a:openssl:openssl:0.9.7m</vuln:product>
+      <vuln:product>cpe:/a:openssl:openssl:0.9.8g</vuln:product>
+      <vuln:product>cpe:/a:openssl:openssl:0.9.8d</vuln:product>
+      <vuln:product>cpe:/a:openssl:openssl:1.0.0b</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2012-0027</vuln:cve-id>
+    <vuln:published-datetime>2012-01-05T20:55:01.050-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2012-07-03T00:05:45.453-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>5.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2012-01-06T09:10:00.000-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-399" />
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.openssl.org/news/secadv_20120104.txt" xml:lang="en">http://www.openssl.org/news/secadv_20120104.txt</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MANDRIVA</vuln:source>
+      <vuln:reference href="http://www.mandriva.com/security/advisories?name=MDVSA-2012:007" xml:lang="en">MDVSA-2012:007</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>OSVDB</vuln:source>
+      <vuln:reference href="http://osvdb.org/78191" xml:lang="en">78191</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SUSE</vuln:source>
+      <vuln:reference href="http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00017.html" xml:lang="en">openSUSE-SU-2012:0083</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>HP</vuln:source>
+      <vuln:reference href="http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041" xml:lang="en">SSRT100877</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>HP</vuln:source>
+      <vuln:reference href="http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041" xml:lang="en">HPSBMU02786</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The GOST ENGINE in OpenSSL before 1.0.0f does not properly handle invalid parameters for the GOST block cipher, which allows remote attackers to cause a denial of service (daemon crash) via crafted data from a TLS client.</vuln:summary>
+  </entry>
+</nvd>
\ No newline at end of file
diff --git a/src/test/resources/nvdcve-2.0-2012.xml.REMOVED.git-id b/src/test/resources/nvdcve-2.0-2012.xml.REMOVED.git-id
deleted file mode 100644
index 974e414d7..000000000
--- a/src/test/resources/nvdcve-2.0-2012.xml.REMOVED.git-id
+++ /dev/null
@@ -1 +0,0 @@
-9b5390434d0c6bbf79b5b64c94bff06f497f780c
\ No newline at end of file
diff --git a/src/test/resources/nvdcve-2012.xml b/src/test/resources/nvdcve-2012.xml
new file mode 100644
index 000000000..8b68072d9
--- /dev/null
+++ b/src/test/resources/nvdcve-2012.xml
@@ -0,0 +1,1454 @@
+<?xml version='1.0' encoding='UTF-8'?>
+<nvd xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://nvd.nist.gov/feeds/cve/1.2" xsi:schemaLocation="http://nvd.nist.gov/feeds/cve/1.2 http://nvd.nist.gov/schema/nvdcve.xsd" nvd_xml_version="1.2" pub_date="2012-12-26">
+  <entry type="CVE" severity="High" seq="2012-0001" published="2012-01-10" name="CVE-2012-0001" modified="2012-10-29" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:C/I:C/A:C)" CVSS_score="9.3" CVSS_impact_subscore="10.0" CVSS_exploit_subscore="8.6" CVSS_base_score="9.3">
+    <desc>
+      <descript source="cve">The kernel in Microsoft Windows XP SP2, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly load structured exception handling tables, which allows context-dependent attackers to bypass the SafeSEH security feature by leveraging a Visual C++ .NET 2003 application, aka "Windows Kernel SafeSEH Bypass Vulnerability."</descript>
+    </desc>
+    <loss_types>
+      <avail />
+      <conf />
+      <int />
+    </loss_types>
+    <range>
+      <network />
+    </range>
+    <refs>
+      <ref url="http://www.securitytracker.com/id?1026493" source="SECTRACK">1026493</ref>
+      <ref url="http://www.securityfocus.com/bid/51296" source="BID">51296</ref>
+      <ref url="http://technet.microsoft.com/security/bulletin/MS12-001" source="MS" adv="1">MS12-001</ref>
+      <ref url="http://secunia.com/advisories/47356" source="SECUNIA">47356</ref>
+      <ref url="http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:14758" source="OVAL">oval:org.mitre.oval:def:14758</ref>
+      <ref url="http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00016.html" source="SUSE">openSUSE-SU-2012:0917</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="microsoft" name="windows_7">
+        <vers num="-" edition="-" />
+        <vers num="-" edition="-:x32" />
+        <vers num="-" edition="-:x64" />
+        <vers num="-" edition="sp1" />
+        <vers num="-" edition="sp1:x64" />
+        <vers num="-" edition="sp1:x32" />
+      </prod>
+      <prod vendor="microsoft" name="windows_server_2003">
+        <vers num="" edition="sp2" />
+        <vers num="" edition="sp2:itanium" />
+        <vers num="" edition="sp2:x64" />
+      </prod>
+      <prod vendor="microsoft" name="windows_server_2008">
+        <vers num="" edition="sp2" />
+        <vers num="" edition="sp2:x64" />
+        <vers num="" edition="sp2:x32" />
+        <vers num="-" edition="sp2" />
+        <vers num="-" edition="sp2:itanium" />
+        <vers num="r2" edition="" />
+        <vers num="r2" edition=":x64" />
+        <vers num="r2" edition=":itanium" />
+        <vers num="r2" edition="sp1" />
+        <vers num="r2" edition="sp1:x64" />
+        <vers num="r2" edition="sp1:itanium" />
+      </prod>
+      <prod vendor="microsoft" name="windows_vista">
+        <vers num="" edition="sp2" />
+        <vers num="" edition="sp2:x64" />
+      </prod>
+      <prod vendor="microsoft" name="windows_xp">
+        <vers num="" edition="sp2" />
+        <vers num="" edition="sp2:professional_x64" />
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2012-0002" published="2012-03-13" name="CVE-2012-0002" modified="2012-08-13" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:C/I:C/A:C)" CVSS_score="9.3" CVSS_impact_subscore="10.0" CVSS_exploit_subscore="8.6" CVSS_base_score="9.3">
+    <desc>
+      <descript source="cve">The Remote Desktop Protocol (RDP) implementation in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly process packets in memory, which allows remote attackers to execute arbitrary code by sending crafted RDP packets triggering access to an object that (1) was not properly initialized or (2) is deleted, aka "Remote Desktop Protocol Vulnerability."</descript>
+      <descript source="nvd">Per: http://technet.microsoft.com/en-us/security/bulletin/ms12-020
+
+"By default, the Remote Desktop Protocol is not enabled on any Windows operating system. Systems that do not have RDP enabled are not at risk. Note that on Windows XP and Windows Server 2003, Remote Assistance can enable RDP."</descript>
+    </desc>
+    <loss_types>
+      <avail />
+      <conf />
+      <int />
+    </loss_types>
+    <range>
+      <network />
+    </range>
+    <refs>
+      <ref url="http://technet.microsoft.com/security/bulletin/MS12-020" source="MS" patch="1" adv="1">MS12-020</ref>
+      <ref url="http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:14623" source="OVAL">oval:org.mitre.oval:def:14623</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="microsoft" name="windows_7">
+        <vers num="" edition=":x86" />
+        <vers num="" edition=":x64" />
+        <vers num="" edition="sp1" />
+        <vers num="" edition="sp1:x86" />
+        <vers num="" edition="sp1:x64" />
+      </prod>
+      <prod vendor="microsoft" name="windows_server_2003">
+        <vers num="" edition="sp2" />
+        <vers num="" edition="sp2:itanium" />
+        <vers num="" edition="sp2:x64" />
+      </prod>
+      <prod vendor="microsoft" name="windows_server_2008">
+        <vers num="" edition="sp2" />
+        <vers num="" edition="sp2:x64" />
+        <vers num="" edition="sp2:x86" />
+        <vers num="-" edition="sp2" />
+        <vers num="-" edition="sp2:itanium" />
+        <vers num="r2" edition="" />
+        <vers num="r2" edition=":x64" />
+        <vers num="r2" edition=":itanium" />
+        <vers num="r2" edition="sp1" />
+        <vers num="r2" edition="sp1:x64" />
+        <vers num="r2" edition="sp1:itanium" />
+      </prod>
+      <prod vendor="microsoft" name="windows_vista">
+        <vers num="" edition="sp2" />
+        <vers num="" edition="sp2:x64" />
+      </prod>
+      <prod vendor="microsoft" name="windows_xp">
+        <vers num="" edition="sp3" />
+        <vers num="-" edition="sp2" />
+        <vers num="-" edition="sp2:x64" />
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2012-0003" published="2012-01-10" name="CVE-2012-0003" modified="2012-01-31" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:C/I:C/A:C)" CVSS_score="9.3" CVSS_impact_subscore="10.0" CVSS_exploit_subscore="8.6" CVSS_base_score="9.3">
+    <desc>
+      <descript source="cve">Unspecified vulnerability in winmm.dll in Windows Multimedia Library in Windows Media Player (WMP) in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP2, and Server 2008 SP2 allows remote attackers to execute arbitrary code via a crafted MIDI file, aka "MIDI Remote Code Execution Vulnerability."</descript>
+    </desc>
+    <loss_types>
+      <avail />
+      <conf />
+      <int />
+    </loss_types>
+    <range>
+      <network />
+      <user_init />
+    </range>
+    <refs>
+      <ref url="http://www.securitytracker.com/id?1026492" source="SECTRACK">1026492</ref>
+      <ref url="http://www.securityfocus.com/bid/51292" source="BID">51292</ref>
+      <ref url="http://technet.microsoft.com/security/bulletin/MS12-004" source="MS">MS12-004</ref>
+      <ref url="http://secunia.com/advisories/47485" source="SECUNIA">47485</ref>
+      <ref url="http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:14337" source="OVAL">oval:org.mitre.oval:def:14337</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="microsoft" name="windows_7">
+        <vers num="-" edition="-" />
+        <vers num="-" edition="-:x32" />
+        <vers num="-" edition="-:x64" />
+        <vers num="-" edition="sp1" />
+        <vers num="-" edition="sp1:x64" />
+        <vers num="-" edition="sp1:x32" />
+      </prod>
+      <prod vendor="microsoft" name="windows_server_2003">
+        <vers num="" edition="sp2" />
+        <vers num="" edition="sp2:itanium" />
+        <vers num="" edition="sp2:x64" />
+      </prod>
+      <prod vendor="microsoft" name="windows_server_2008">
+        <vers num="" edition="sp2" />
+        <vers num="" edition="sp2:x64" />
+        <vers num="" edition="sp2:x32" />
+        <vers num="-" edition="sp2" />
+        <vers num="-" edition="sp2:itanium" />
+        <vers num="r2" edition="" />
+        <vers num="r2" edition=":x64" />
+        <vers num="r2" edition=":itanium" />
+        <vers num="r2" edition="sp1" />
+        <vers num="r2" edition="sp1:x64" />
+        <vers num="r2" edition="sp1:itanium" />
+      </prod>
+      <prod vendor="microsoft" name="windows_vista">
+        <vers num="" edition="sp2" />
+        <vers num="" edition="sp2:x64" />
+      </prod>
+      <prod vendor="microsoft" name="windows_xp">
+        <vers num="" edition="sp2" />
+        <vers num="" edition="sp2:professional_x64" />
+        <vers num="" edition="sp3" />
+        <vers num="2005" edition="sp3" />
+        <vers num="2005" edition="sp3:media_center" />
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2012-0004" published="2012-01-10" name="CVE-2012-0004" modified="2012-01-31" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:C/I:C/A:C)" CVSS_score="9.3" CVSS_impact_subscore="10.0" CVSS_exploit_subscore="8.6" CVSS_base_score="9.3">
+    <desc>
+      <descript source="cve">Unspecified vulnerability in DirectShow in DirectX in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted media file, related to Quartz.dll, Qdvd.dll, closed captioning, and the Line21 DirectShow filter, aka "DirectShow Remote Code Execution Vulnerability."</descript>
+    </desc>
+    <loss_types>
+      <avail />
+      <conf />
+      <int />
+    </loss_types>
+    <range>
+      <network />
+      <user_init />
+    </range>
+    <refs>
+      <ref url="http://www.securitytracker.com/id?1026492" source="SECTRACK">1026492</ref>
+      <ref url="http://www.securityfocus.com/bid/51295" source="BID">51295</ref>
+      <ref url="http://technet.microsoft.com/security/bulletin/MS12-004" source="MS" adv="1">MS12-004</ref>
+      <ref url="http://secunia.com/advisories/47485" source="SECUNIA">47485</ref>
+      <ref url="http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:14832" source="OVAL">oval:org.mitre.oval:def:14832</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="microsoft" name="windows_7">
+        <vers num="-" edition="-" />
+        <vers num="-" edition="-:x32" />
+        <vers num="-" edition="-:x64" />
+        <vers num="-" edition="sp1" />
+        <vers num="-" edition="sp1:x64" />
+        <vers num="-" edition="sp1:x32" />
+      </prod>
+      <prod vendor="microsoft" name="windows_server_2003">
+        <vers num="" edition="sp2" />
+        <vers num="" edition="sp2:itanium" />
+        <vers num="" edition="sp2:x64" />
+      </prod>
+      <prod vendor="microsoft" name="windows_server_2008">
+        <vers num="" edition="sp2" />
+        <vers num="" edition="sp2:x64" />
+        <vers num="" edition="sp2:x32" />
+        <vers num="-" edition="sp2" />
+        <vers num="-" edition="sp2:itanium" />
+        <vers num="r2" edition="" />
+        <vers num="r2" edition=":x64" />
+        <vers num="r2" edition=":itanium" />
+        <vers num="r2" edition="sp1" />
+        <vers num="r2" edition="sp1:x64" />
+        <vers num="r2" edition="sp1:itanium" />
+      </prod>
+      <prod vendor="microsoft" name="windows_vista">
+        <vers num="" edition="sp2" />
+        <vers num="" edition="sp2:x64" />
+      </prod>
+      <prod vendor="microsoft" name="windows_xp">
+        <vers num="" edition="sp3" />
+        <vers num="-" edition="sp2" />
+        <vers num="-" edition="sp2:x64" />
+        <vers num="2005" edition="sp3" />
+        <vers num="2005" edition="sp3:media_center" />
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2012-0005" published="2012-01-10" name="CVE-2012-0005" modified="2012-01-31" CVSS_version="2.0" CVSS_vector="(AV:L/AC:M/Au:N/C:C/I:C/A:C)" CVSS_score="6.9" CVSS_impact_subscore="10.0" CVSS_exploit_subscore="3.4" CVSS_base_score="6.9">
+    <desc>
+      <descript source="cve">The Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP2, and Server 2008 SP2, when a Chinese, Japanese, or Korean system locale is used, can access uninitialized memory during the processing of Unicode characters, which allows local users to gain privileges via a crafted application, aka "CSRSS Elevation of Privilege Vulnerability."</descript>
+    </desc>
+    <loss_types>
+      <avail />
+      <conf />
+      <int />
+    </loss_types>
+    <range>
+      <local />
+    </range>
+    <refs>
+      <ref url="http://www.securitytracker.com/id?1026495" source="SECTRACK">1026495</ref>
+      <ref url="http://www.securityfocus.com/bid/51270" source="BID">51270</ref>
+      <ref url="http://technet.microsoft.com/security/bulletin/MS12-003" source="MS" adv="1">MS12-003</ref>
+      <ref url="http://secunia.com/advisories/47479" source="SECUNIA">47479</ref>
+      <ref url="http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:14879" source="OVAL">oval:org.mitre.oval:def:14879</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="microsoft" name="windows_server_2003">
+        <vers num="" edition="sp2" />
+        <vers num="" edition="sp2:itanium" />
+        <vers num="" edition="sp2:x64" />
+      </prod>
+      <prod vendor="microsoft" name="windows_server_2008">
+        <vers num="" edition="sp2" />
+        <vers num="" edition="sp2:x64" />
+        <vers num="" edition="sp2:x32" />
+        <vers num="-" edition="sp2" />
+        <vers num="-" edition="sp2:itanium" />
+      </prod>
+      <prod vendor="microsoft" name="windows_vista">
+        <vers num="" edition="sp2" />
+        <vers num="" edition="sp2:x64" />
+      </prod>
+      <prod vendor="microsoft" name="windows_xp">
+        <vers num="" edition="sp2" />
+        <vers num="" edition="sp2:professional_x64" />
+        <vers num="" edition="sp3" />
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2012-0006" published="2012-03-13" name="CVE-2012-0006" modified="2012-08-13" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:N/I:N/A:P)" CVSS_score="5.0" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="10.0" CVSS_base_score="5.0">
+    <desc>
+      <descript source="cve">The DNS server in Microsoft Windows Server 2003 SP2 and Server 2008 SP2, R2, and R2 SP1 does not properly handle objects in memory during record lookup, which allows remote attackers to cause a denial of service (daemon restart) via a crafted query, aka "DNS Denial of Service Vulnerability."</descript>
+    </desc>
+    <loss_types>
+      <avail />
+    </loss_types>
+    <range>
+      <network />
+    </range>
+    <refs>
+      <ref url="http://technet.microsoft.com/security/bulletin/MS12-017" source="MS" patch="1" adv="1">MS12-017</ref>
+      <ref url="http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:15098" source="OVAL">oval:org.mitre.oval:def:15098</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="microsoft" name="windows_server_2003">
+        <vers num="" edition="sp2" />
+        <vers num="" edition="sp2:itanium" />
+        <vers num="" edition="sp2:x64" />
+      </prod>
+      <prod vendor="microsoft" name="windows_server_2008">
+        <vers num="" edition="sp2" />
+        <vers num="" edition="sp2:x64" />
+        <vers num="" edition="sp2:x86" />
+        <vers num="r2" edition="" />
+        <vers num="r2" edition=":x64" />
+        <vers num="r2" edition="sp1" />
+        <vers num="r2" edition="sp1:x64" />
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2012-0007" published="2012-01-10" name="CVE-2012-0007" modified="2012-01-31" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:N/I:P/A:N)" CVSS_score="4.3" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.6" CVSS_base_score="4.3">
+    <desc>
+      <descript source="cve">The Microsoft Anti-Cross Site Scripting (AntiXSS) Library 3.x and 4.0 does not properly evaluate characters after the detection of a Cascading Style Sheets (CSS) escaped character, which allows remote attackers to conduct cross-site scripting (XSS) attacks via HTML input, aka "AntiXSS Library Bypass Vulnerability."</descript>
+    </desc>
+    <loss_types>
+      <int />
+    </loss_types>
+    <range>
+      <network />
+      <user_init />
+    </range>
+    <refs>
+      <ref url="http://www.securitytracker.com/id?1026499" source="SECTRACK">1026499</ref>
+      <ref url="http://www.securityfocus.com/bid/51291" source="BID">51291</ref>
+      <ref url="http://technet.microsoft.com/security/bulletin/MS12-007" source="MS" adv="1">MS12-007</ref>
+      <ref url="http://secunia.com/advisories/47516" source="SECUNIA">47516</ref>
+      <ref url="http://secunia.com/advisories/47483" source="SECUNIA">47483</ref>
+      <ref url="http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:14314" source="OVAL">oval:org.mitre.oval:def:14314</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="microsoft" name="anti-cross_site_scripting_library">
+        <vers num="3.1" />
+        <vers num="4.0" />
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2012-0008" published="2012-03-13" name="CVE-2012-0008" modified="2012-08-13" CVSS_version="2.0" CVSS_vector="(AV:L/AC:M/Au:N/C:C/I:C/A:C)" CVSS_score="6.9" CVSS_impact_subscore="10.0" CVSS_exploit_subscore="3.4" CVSS_base_score="6.9">
+    <desc>
+      <descript source="cve">Untrusted search path vulnerability in Microsoft Visual Studio 2008 SP1, 2010, and 2010 SP1 allows local users to gain privileges via a Trojan horse add-in in an unspecified directory, aka "Visual Studio Add-In Vulnerability."</descript>
+      <descript source="nvd">Per: http://cwe.mitre.org/data/definitions/426.html
+
+'CWE-426: Untrusted Search Path'
+</descript>
+    </desc>
+    <impacts>
+      <impact source="nvd">Per: http://technet.microsoft.com/en-us/security/bulletin/ms12-021
+
+'An attacker could then place a specially crafted add-in in the path used by Visual Studio. When Visual Studio is started by an administrator, the specially crafted add-in would be loaded with the same privileges as the administrator.'
+
+'The vulnerability could not be exploited remotely or by anonymous users.'</impact>
+    </impacts>
+    <loss_types>
+      <avail />
+      <conf />
+      <int />
+    </loss_types>
+    <range>
+      <local />
+    </range>
+    <refs>
+      <ref url="http://technet.microsoft.com/security/bulletin/MS12-021" source="MS" patch="1" adv="1">MS12-021</ref>
+      <ref url="http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:15081" source="OVAL">oval:org.mitre.oval:def:15081</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="microsoft" name="visual_studio">
+        <vers num="2008" edition="sp1" />
+        <vers num="2010" edition="sp1" />
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2012-0009" published="2012-01-10" name="CVE-2012-0009" modified="2012-01-31" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:C/I:C/A:C)" CVSS_score="9.3" CVSS_impact_subscore="10.0" CVSS_exploit_subscore="8.6" CVSS_base_score="9.3">
+    <desc>
+      <descript source="cve">Untrusted search path vulnerability in the Windows Object Packager configuration in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows local users to gain privileges via a Trojan horse executable file in the current working directory, as demonstrated by a directory that contains a file with an embedded packaged object, aka "Object Packager Insecure Executable Launching Vulnerability."</descript>
+      <descript source="nvd">Per: http://cwe.mitre.org/data/definitions/426.html
+
+'CWE-426: Untrusted Search Path'</descript>
+    </desc>
+    <impacts>
+      <impact source="nvd">Per: http://technet.microsoft.com/en-us/security/bulletin/ms12-002
+
+'The vulnerability could allow remote code execution if a user opens a legitimate file with an embedded packaged object that is located in the same network directory as a specially crafted executable file.'</impact>
+    </impacts>
+    <loss_types>
+      <avail />
+      <conf />
+      <int />
+    </loss_types>
+    <range>
+      <network />
+      <user_init />
+    </range>
+    <refs>
+      <ref url="http://technet.microsoft.com/security/bulletin/MS12-002" source="MS" patch="1" adv="1">MS12-002</ref>
+      <ref url="http://www.securitytracker.com/id?1026494" source="SECTRACK">1026494</ref>
+      <ref url="http://www.securityfocus.com/bid/51297" source="BID">51297</ref>
+      <ref url="http://secunia.com/advisories/45189" source="SECUNIA">45189</ref>
+      <ref url="http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:14393" source="OVAL">oval:org.mitre.oval:def:14393</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="microsoft" name="windows_server_2003">
+        <vers num="" edition="sp2" />
+        <vers num="" edition="sp2:itanium" />
+        <vers num="" edition="sp2:x64" />
+      </prod>
+      <prod vendor="microsoft" name="windows_xp">
+        <vers num="" edition="sp2" />
+        <vers num="" edition="sp2:professional_x64" />
+        <vers num="" edition="sp3" />
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2012-0010" published="2012-02-14" name="CVE-2012-0010" modified="2012-08-13" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:P/I:N/A:N)" CVSS_score="4.3" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.6" CVSS_base_score="4.3">
+    <desc>
+      <descript source="cve">Microsoft Internet Explorer 6 through 9 does not properly perform copy-and-paste operations, which allows user-assisted remote attackers to read content from a different (1) domain or (2) zone via a crafted web site, aka "Copy and Paste Information Disclosure Vulnerability."</descript>
+    </desc>
+    <loss_types>
+      <conf />
+    </loss_types>
+    <range>
+      <network />
+      <user_init />
+    </range>
+    <refs>
+      <ref url="http://technet.microsoft.com/security/bulletin/MS12-010" source="MS" patch="1" adv="1">MS12-010</ref>
+      <ref url="http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:14835" source="OVAL">oval:org.mitre.oval:def:14835</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="microsoft" name="ie">
+        <vers num="6" />
+        <vers num="7" />
+        <vers num="8" />
+        <vers num="9" />
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2012-0011" published="2012-02-14" name="CVE-2012-0011" modified="2012-08-13" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:C/I:C/A:C)" CVSS_score="9.3" CVSS_impact_subscore="10.0" CVSS_exploit_subscore="8.6" CVSS_base_score="9.3">
+    <desc>
+      <descript source="cve">Microsoft Internet Explorer 7 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "HTML Layout Remote Code Execution Vulnerability."</descript>
+    </desc>
+    <loss_types>
+      <avail />
+      <conf />
+      <int />
+    </loss_types>
+    <range>
+      <network />
+      <user_init />
+    </range>
+    <refs>
+      <ref url="http://technet.microsoft.com/security/bulletin/MS12-010" source="MS" patch="1" adv="1">MS12-010</ref>
+      <ref url="http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:14310" source="OVAL">oval:org.mitre.oval:def:14310</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="microsoft" name="ie">
+        <vers num="7" />
+        <vers num="8" />
+        <vers num="9" />
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2012-0012" published="2012-02-14" name="CVE-2012-0012" modified="2012-08-13" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:P/I:N/A:N)" CVSS_score="4.3" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.6" CVSS_base_score="4.3">
+    <desc>
+      <descript source="cve">Microsoft Internet Explorer 9 does not properly handle the creation and initialization of string objects, which allows remote attackers to read data from arbitrary process-memory locations via a crafted web site, aka "Null Byte Information Disclosure Vulnerability."</descript>
+    </desc>
+    <loss_types>
+      <conf />
+    </loss_types>
+    <range>
+      <network />
+      <user_init />
+    </range>
+    <refs>
+      <ref url="http://technet.microsoft.com/security/bulletin/MS12-010" source="MS" patch="1" adv="1">MS12-010</ref>
+      <ref url="http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:14870" source="OVAL">oval:org.mitre.oval:def:14870</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="microsoft" name="ie">
+        <vers num="9" />
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2012-0013" published="2012-01-10" name="CVE-2012-0013" modified="2012-08-13" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:C/I:C/A:C)" CVSS_score="9.3" CVSS_impact_subscore="10.0" CVSS_exploit_subscore="8.6" CVSS_base_score="9.3">
+    <desc>
+      <descript source="cve">Incomplete blacklist vulnerability in the Windows Packager configuration in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted ClickOnce application in a Microsoft Office document, related to .application files, aka "Assembly Execution Vulnerability."</descript>
+    </desc>
+    <loss_types>
+      <avail />
+      <conf />
+      <int />
+    </loss_types>
+    <range>
+      <network />
+      <user_init />
+    </range>
+    <refs>
+      <ref url="http://www.securitytracker.com/id?1026497" source="SECTRACK">1026497</ref>
+      <ref url="http://www.securityfocus.com/bid/51284" source="BID">51284</ref>
+      <ref url="http://technet.microsoft.com/security/bulletin/MS12-005" source="MS" adv="1">MS12-005</ref>
+      <ref url="http://secunia.com/advisories/47480" source="SECUNIA">47480</ref>
+      <ref url="http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:14197" source="OVAL">oval:org.mitre.oval:def:14197</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="microsoft" name="windows_7">
+        <vers num="-" edition="-" />
+        <vers num="-" edition="-:x32" />
+        <vers num="-" edition="-:x64" />
+        <vers num="-" edition="sp1" />
+        <vers num="-" edition="sp1:x64" />
+        <vers num="-" edition="sp1:x32" />
+      </prod>
+      <prod vendor="microsoft" name="windows_server_2003">
+        <vers num="" edition="sp2" />
+        <vers num="" edition="sp2:itanium" />
+        <vers num="" edition="sp2:x64" />
+      </prod>
+      <prod vendor="microsoft" name="windows_server_2008">
+        <vers num="" edition="sp2" />
+        <vers num="" edition="sp2:x64" />
+        <vers num="" edition="sp2:x32" />
+        <vers num="-" edition="sp2" />
+        <vers num="-" edition="sp2:itanium" />
+        <vers num="r2" edition="" />
+        <vers num="r2" edition=":x64" />
+        <vers num="r2" edition=":itanium" />
+        <vers num="r2" edition="sp1" />
+        <vers num="r2" edition="sp1:x64" />
+        <vers num="r2" edition="sp1:itanium" />
+      </prod>
+      <prod vendor="microsoft" name="windows_vista">
+        <vers num="" edition="sp2" />
+        <vers num="" edition="sp2:x64" />
+      </prod>
+      <prod vendor="microsoft" name="windows_xp">
+        <vers num="" edition="sp2" />
+        <vers num="" edition="sp2:professional_x64" />
+        <vers num="" edition="sp3" />
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2012-0014" published="2012-02-14" name="CVE-2012-0014" modified="2012-08-13" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:C/I:C/A:C)" CVSS_score="9.3" CVSS_impact_subscore="10.0" CVSS_exploit_subscore="8.6" CVSS_base_score="9.3">
+    <desc>
+      <descript source="cve">Microsoft .NET Framework 2.0 SP2, 3.5.1, and 4, and Silverlight 4 before 4.1.10111, does not properly restrict access to memory associated with unmanaged objects, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, (3) a crafted .NET Framework application, or (4) a crafted Silverlight application, aka ".NET Framework Unmanaged Objects Vulnerability."</descript>
+    </desc>
+    <loss_types>
+      <avail />
+      <conf />
+      <int />
+    </loss_types>
+    <range>
+      <network />
+      <user_init />
+    </range>
+    <refs>
+      <ref url="http://technet.microsoft.com/security/bulletin/MS12-016" source="MS" patch="1" adv="1">MS12-016</ref>
+      <ref url="http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:13972" source="OVAL">oval:org.mitre.oval:def:13972</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="microsoft" name=".net_framework">
+        <vers num="2.0" edition="sp2" />
+        <vers num="3.5.1" />
+        <vers num="4.0" />
+      </prod>
+      <prod vendor="microsoft" name="silverlight">
+        <vers num="4.0.50524.00" />
+        <vers num="4.0.50826.0" />
+        <vers num="4.0.50917.0" />
+        <vers num="4.0.51204.0" />
+        <vers num="4.0.60129.0" />
+        <vers num="4.0.60310.0" />
+        <vers num="4.0.603310.0" />
+        <vers num="4.0.60531.0" />
+        <vers num="4.0.60831.0" />
+        <vers num="4.1.10111" />
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2012-0015" published="2012-02-14" name="CVE-2012-0015" modified="2012-08-13" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:C/I:C/A:C)" CVSS_score="9.3" CVSS_impact_subscore="10.0" CVSS_exploit_subscore="8.6" CVSS_base_score="9.3">
+    <desc>
+      <descript source="cve">Microsoft .NET Framework 2.0 SP2 and 3.5.1 does not properly calculate the length of an unspecified buffer, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka ".NET Framework Heap Corruption Vulnerability."</descript>
+    </desc>
+    <loss_types>
+      <avail />
+      <conf />
+      <int />
+    </loss_types>
+    <range>
+      <network />
+      <user_init />
+    </range>
+    <refs>
+      <ref url="http://technet.microsoft.com/security/bulletin/MS12-016" source="MS" patch="1" adv="1">MS12-016</ref>
+      <ref url="http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:14513" source="OVAL">oval:org.mitre.oval:def:14513</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="microsoft" name=".net_framework">
+        <vers num="2.0" edition="sp2" />
+        <vers num="3.5.1" />
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2012-0016" published="2012-03-13" name="CVE-2012-0016" modified="2012-08-13" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:C/I:C/A:C)" CVSS_score="9.3" CVSS_impact_subscore="10.0" CVSS_exploit_subscore="8.6" CVSS_base_score="9.3">
+    <desc>
+      <descript source="cve">Untrusted search path vulnerability in Microsoft Expression Design; Expression Design SP1; and Expression Design 2, 3, and 4 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .xpr or .DESIGN file, aka "Expression Design Insecure Library Loading Vulnerability."</descript>
+      <descript source="nvd">Per:  http://cwe.mitre.org/data/definitions/426.html
+
+'CWE-426: Untrusted Search Path'</descript>
+    </desc>
+    <impacts>
+      <impact source="nvd">Per: http://technet.microsoft.com/en-us/security/bulletin/ms12-022
+
+'This is a remote code execution vulnerability.'</impact>
+    </impacts>
+    <loss_types>
+      <avail />
+      <conf />
+      <int />
+    </loss_types>
+    <range>
+      <network />
+      <user_init />
+    </range>
+    <refs>
+      <ref url="http://technet.microsoft.com/security/bulletin/MS12-022" source="MS" patch="1" adv="1">MS12-022</ref>
+      <ref url="http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:14973" source="OVAL">oval:org.mitre.oval:def:14973</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="microsoft" name="expression_design">
+        <vers num="-" edition="sp1" />
+        <vers num="2" />
+        <vers num="3" />
+        <vers num="4" />
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2012-0017" published="2012-02-14" name="CVE-2012-0017" modified="2012-08-13" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:N/I:P/A:N)" CVSS_score="4.3" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.6" CVSS_base_score="4.3">
+    <desc>
+      <descript source="cve">Cross-site scripting (XSS) vulnerability in inplview.aspx in Microsoft SharePoint Foundation 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via JavaScript sequences in a URL, aka "XSS in inplview.aspx Vulnerability."</descript>
+    </desc>
+    <loss_types>
+      <int />
+    </loss_types>
+    <range>
+      <network />
+      <user_init />
+    </range>
+    <refs>
+      <ref url="http://technet.microsoft.com/security/bulletin/MS12-011" source="MS" patch="1" adv="1">MS12-011</ref>
+      <ref url="http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:14637" source="OVAL">oval:org.mitre.oval:def:14637</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="microsoft" name="sharepoint_foundation">
+        <vers num="2010" edition="sp1" />
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2012-0018" published="2012-05-08" name="CVE-2012-0018" modified="2012-08-18" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:C/I:C/A:C)" CVSS_score="9.3" CVSS_impact_subscore="10.0" CVSS_exploit_subscore="8.6" CVSS_base_score="9.3">
+    <desc>
+      <descript source="cve">Microsoft Visio Viewer 2010 Gold and SP1 does not properly validate attributes in Visio files, which allows remote attackers to execute arbitrary code via a crafted file, aka "VSD File Format Memory Corruption Vulnerability."</descript>
+    </desc>
+    <loss_types>
+      <avail />
+      <conf />
+      <int />
+    </loss_types>
+    <range>
+      <network />
+      <user_init />
+    </range>
+    <refs>
+      <ref url="http://www.securitytracker.com/id?1027042" source="SECTRACK">1027042</ref>
+      <ref url="http://www.securityfocus.com/bid/53328" source="BID">53328</ref>
+      <ref url="http://technet.microsoft.com/security/bulletin/MS12-031" source="MS" adv="1">MS12-031</ref>
+      <ref url="http://secunia.com/advisories/49113" source="SECUNIA">49113</ref>
+      <ref url="http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:15606" source="OVAL">oval:org.mitre.oval:def:15606</ref>
+      <ref url="http://osvdb.org/81731" source="OSVDB">81731</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="microsoft" name="visio_viewer">
+        <vers num="2010" edition="sp1" />
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2012-0019" published="2012-02-14" name="CVE-2012-0019" modified="2012-08-13" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:C/I:C/A:C)" CVSS_score="9.3" CVSS_impact_subscore="10.0" CVSS_exploit_subscore="8.6" CVSS_base_score="9.3">
+    <desc>
+      <descript source="cve">Microsoft Visio Viewer 2010 Gold and SP1 does not properly handle memory during the parsing of files, which allows remote attackers to execute arbitrary code via crafted attributes in a Visio file, aka "VSD File Format Memory Corruption Vulnerability," a different vulnerability than CVE-2012-0020, CVE-2012-0136, CVE-2012-0137, and CVE-2012-0138.</descript>
+    </desc>
+    <loss_types>
+      <avail />
+      <conf />
+      <int />
+    </loss_types>
+    <range>
+      <network />
+      <user_init />
+    </range>
+    <refs>
+      <ref url="http://technet.microsoft.com/security/bulletin/MS12-015" source="MS" patch="1" adv="1">MS12-015</ref>
+      <ref url="http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:14347" source="OVAL">oval:org.mitre.oval:def:14347</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="microsoft" name="visio_viewer">
+        <vers num="2010" edition="sp1" />
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2012-0020" published="2012-02-14" name="CVE-2012-0020" modified="2012-08-13" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:C/I:C/A:C)" CVSS_score="9.3" CVSS_impact_subscore="10.0" CVSS_exploit_subscore="8.6" CVSS_base_score="9.3">
+    <desc>
+      <descript source="cve">Microsoft Visio Viewer 2010 Gold and SP1 does not properly handle memory during the parsing of files, which allows remote attackers to execute arbitrary code via crafted attributes in a Visio file, aka "VSD File Format Memory Corruption Vulnerability," a different vulnerability than CVE-2012-0019, CVE-2012-0136, CVE-2012-0137, and CVE-2012-0138.</descript>
+    </desc>
+    <loss_types>
+      <avail />
+      <conf />
+      <int />
+    </loss_types>
+    <range>
+      <network />
+      <user_init />
+    </range>
+    <refs>
+      <ref url="http://technet.microsoft.com/security/bulletin/MS12-015" source="MS" patch="1" adv="1">MS12-015</ref>
+      <ref url="http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:14965" source="OVAL">oval:org.mitre.oval:def:14965</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="microsoft" name="visio_viewer">
+        <vers num="2010" edition="sp1" />
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Low" seq="2012-0021" published="2012-01-27" name="CVE-2012-0021" modified="2012-09-21" CVSS_version="2.0" CVSS_vector="(AV:N/AC:H/Au:N/C:N/I:N/A:P)" CVSS_score="2.6" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="4.9" CVSS_base_score="2.6">
+    <desc>
+      <descript source="cve">The log_cookie function in mod_log_config.c in the mod_log_config module in the Apache HTTP Server 2.2.17 through 2.2.21, when a threaded MPM is used, does not properly handle a %{}C format string, which allows remote attackers to cause a denial of service (daemon crash) via a cookie that lacks both a name and a value.</descript>
+    </desc>
+    <loss_types>
+      <avail />
+    </loss_types>
+    <range>
+      <network />
+    </range>
+    <refs>
+      <ref url="https://issues.apache.org/bugzilla/show_bug.cgi?id=52256" source="CONFIRM" patch="1">https://issues.apache.org/bugzilla/show_bug.cgi?id=52256</ref>
+      <ref url="http://svn.apache.org/viewvc?view=revision&amp;revision=1227292" source="CONFIRM" patch="1">http://svn.apache.org/viewvc?view=revision&amp;revision=1227292</ref>
+      <ref url="https://bugzilla.redhat.com/show_bug.cgi?id=785065" source="CONFIRM">https://bugzilla.redhat.com/show_bug.cgi?id=785065</ref>
+      <ref url="http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html" source="CONFIRM">http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html</ref>
+      <ref url="http://support.apple.com/kb/HT5501" source="CONFIRM">http://support.apple.com/kb/HT5501</ref>
+      <ref url="http://secunia.com/advisories/48551" source="SECUNIA">48551</ref>
+      <ref url="http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html" source="APPLE">APPLE-SA-2012-09-19-2</ref>
+      <ref url="http://httpd.apache.org/security/vulnerabilities_22.html" source="CONFIRM" adv="1">http://httpd.apache.org/security/vulnerabilities_22.html</ref>
+      <ref url="http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041" source="HP">SSRT100877</ref>
+      <ref url="http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041" source="HP">HPSBMU02786</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="apache" name="http_server">
+        <vers num="2.2.17" />
+        <vers num="2.2.18" />
+        <vers num="2.2.19" />
+        <vers num="2.2.20" />
+        <vers num="2.2.21" />
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2012-0022" published="2012-01-18" name="CVE-2012-0022" modified="2012-11-06" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:N/I:N/A:P)" CVSS_score="5.0" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="10.0" CVSS_base_score="5.0">
+    <desc>
+      <descript source="cve">Apache Tomcat 5.5.x before 5.5.35, 6.x before 6.0.34, and 7.x before 7.0.23 uses an inefficient approach for handling parameters, which allows remote attackers to cause a denial of service (CPU consumption) via a request that contains many parameters and parameter values, a different vulnerability than CVE-2011-4858.</descript>
+    </desc>
+    <loss_types>
+      <avail />
+    </loss_types>
+    <range>
+      <network />
+    </range>
+    <refs>
+      <ref url="http://xforce.iss.net/xforce/xfdb/72425" source="XF">apache-tomcat-parameter-dos(72425)</ref>
+      <ref url="http://www.securityfocus.com/bid/51447" source="BID">51447</ref>
+      <ref url="http://www.debian.org/security/2012/dsa-2401" source="DEBIAN">DSA-2401</ref>
+      <ref url="http://tomcat.apache.org/security-7.html" source="CONFIRM" adv="1">http://tomcat.apache.org/security-7.html</ref>
+      <ref url="http://tomcat.apache.org/security-6.html" source="CONFIRM" adv="1">http://tomcat.apache.org/security-6.html</ref>
+      <ref url="http://tomcat.apache.org/security-5.html" source="CONFIRM" adv="1">http://tomcat.apache.org/security-5.html</ref>
+      <ref url="http://secunia.com/advisories/48213" source="SECUNIA">48213</ref>
+      <ref url="http://rhn.redhat.com/errata/RHSA-2012-0345.html" source="REDHAT">RHSA-2012:0345</ref>
+      <ref url="http://marc.info/?l=bugtraq&amp;m=132871655717248&amp;w=2" source="HP">HPSBUX02741</ref>
+      <ref url="http://archives.neohapsis.com/archives/bugtraq/2012-01/0112.html" source="BUGTRAQ">20120117 [SECURITY] CVE-2012-0022 Apache Tomcat Denial of Service</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="apache" name="tomcat">
+        <vers num="5.5.0" />
+        <vers num="5.5.1" />
+        <vers num="5.5.10" />
+        <vers num="5.5.11" />
+        <vers num="5.5.12" />
+        <vers num="5.5.13" />
+        <vers num="5.5.14" />
+        <vers num="5.5.15" />
+        <vers num="5.5.16" />
+        <vers num="5.5.17" />
+        <vers num="5.5.18" />
+        <vers num="5.5.19" />
+        <vers num="5.5.2" />
+        <vers num="5.5.20" />
+        <vers num="5.5.21" />
+        <vers num="5.5.22" />
+        <vers num="5.5.23" />
+        <vers num="5.5.24" />
+        <vers num="5.5.25" />
+        <vers num="5.5.26" />
+        <vers num="5.5.27" />
+        <vers num="5.5.28" />
+        <vers num="5.5.29" />
+        <vers num="5.5.3" />
+        <vers num="5.5.30" />
+        <vers num="5.5.31" />
+        <vers num="5.5.32" />
+        <vers num="5.5.33" />
+        <vers num="5.5.34" />
+        <vers num="5.5.4" />
+        <vers num="5.5.5" />
+        <vers num="5.5.6" />
+        <vers num="5.5.7" />
+        <vers num="5.5.8" />
+        <vers num="5.5.9" />
+        <vers num="6.0" />
+        <vers num="6.0.0" />
+        <vers num="6.0.1" />
+        <vers num="6.0.10" />
+        <vers num="6.0.11" />
+        <vers num="6.0.12" />
+        <vers num="6.0.13" />
+        <vers num="6.0.14" />
+        <vers num="6.0.15" />
+        <vers num="6.0.16" />
+        <vers num="6.0.17" />
+        <vers num="6.0.18" />
+        <vers num="6.0.19" />
+        <vers num="6.0.2" />
+        <vers num="6.0.20" />
+        <vers num="6.0.24" />
+        <vers num="6.0.26" />
+        <vers num="6.0.27" />
+        <vers num="6.0.28" />
+        <vers num="6.0.29" />
+        <vers num="6.0.3" />
+        <vers num="6.0.30" />
+        <vers num="6.0.31" />
+        <vers num="6.0.32" />
+        <vers num="6.0.33" />
+        <vers num="6.0.4" />
+        <vers num="6.0.5" />
+        <vers num="6.0.6" />
+        <vers num="6.0.7" />
+        <vers num="6.0.8" />
+        <vers num="6.0.9" />
+        <vers num="7.0.0" edition="beta" />
+        <vers num="7.0.1" />
+        <vers num="7.0.10" />
+        <vers num="7.0.11" />
+        <vers num="7.0.12" />
+        <vers num="7.0.13" />
+        <vers num="7.0.14" />
+        <vers num="7.0.15" />
+        <vers num="7.0.16" />
+        <vers num="7.0.17" />
+        <vers num="7.0.18" />
+        <vers num="7.0.19" />
+        <vers num="7.0.2" />
+        <vers num="7.0.20" />
+        <vers num="7.0.21" />
+        <vers num="7.0.22" />
+        <vers num="7.0.3" />
+        <vers num="7.0.4" />
+        <vers num="7.0.5" />
+        <vers num="7.0.6" />
+        <vers num="7.0.7" />
+        <vers num="7.0.8" />
+        <vers num="7.0.9" />
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2012-0023" published="2012-10-30" name="CVE-2012-0023" modified="2012-11-06" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:C/I:C/A:C)" CVSS_score="9.3" CVSS_impact_subscore="10.0" CVSS_exploit_subscore="8.6" CVSS_base_score="9.3">
+    <desc>
+      <descript source="cve">Double free vulnerability in the get_chunk_header function in modules/demux/ty.c in VideoLAN VLC media player 0.9.0 through 1.1.12 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted TiVo (TY) file.</descript>
+    </desc>
+    <loss_types>
+      <avail />
+      <conf />
+      <int />
+    </loss_types>
+    <range>
+      <network />
+      <user_init />
+    </range>
+    <refs>
+      <ref url="http://www.videolan.org/security/sa1108.html" source="CONFIRM" patch="1" adv="1">http://www.videolan.org/security/sa1108.html</ref>
+      <ref url="http://git.videolan.org/?p=vlc.git;a=commit;h=7d282fac1cc455b5a5eca2bb56375efcbf879b06" source="CONFIRM" patch="1">http://git.videolan.org/?p=vlc.git;a=commit;h=7d282fac1cc455b5a5eca2bb56375efcbf879b06</ref>
+      <ref url="http://xforce.iss.net/xforce/xfdb/71916" source="XF">vlcmediaplayer-getchunkheader-code-exec(71916)</ref>
+      <ref url="http://www.osvdb.org/77975" source="OSVDB">77975</ref>
+      <ref url="http://securitytracker.com/id?1026449" source="SECTRACK">1026449</ref>
+      <ref url="http://secunia.com/advisories/47325" source="SECUNIA" adv="1">47325</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="videolan" name="vlc_media_player">
+        <vers num="0.9.0" />
+        <vers num="0.9.1" />
+        <vers num="0.9.10" />
+        <vers num="0.9.2" />
+        <vers num="0.9.3" />
+        <vers num="0.9.4" />
+        <vers num="0.9.5" />
+        <vers num="0.9.6" />
+        <vers num="0.9.8a" />
+        <vers num="0.9.9" />
+        <vers num="0.9.9a" />
+        <vers num="1.0.0" />
+        <vers num="1.0.1" />
+        <vers num="1.0.2" />
+        <vers num="1.0.3" />
+        <vers num="1.0.4" />
+        <vers num="1.0.5" />
+        <vers num="1.0.6" />
+        <vers num="1.1.0" />
+        <vers num="1.1.1" />
+        <vers num="1.1.10" />
+        <vers num="1.1.10.1" />
+        <vers num="1.1.11" />
+        <vers num="1.1.12" />
+        <vers num="1.1.2" />
+        <vers num="1.1.3" />
+        <vers num="1.1.4" />
+        <vers num="1.1.4.1" />
+        <vers num="1.1.5" />
+        <vers num="1.1.6" />
+        <vers num="1.1.6.1" />
+        <vers num="1.1.7" />
+        <vers num="1.1.8" />
+        <vers num="1.1.9" />
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2012-0024" published="2012-01-07" name="CVE-2012-0024" modified="2012-01-09" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:N/I:N/A:P)" CVSS_score="5.0" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="10.0" CVSS_base_score="5.0">
+    <desc>
+      <descript source="cve">MaraDNS before 1.3.07.12 and 1.4.x before 1.4.08 computes hash values for DNS data without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted queries with the Recursion Desired (RD) bit set.</descript>
+    </desc>
+    <loss_types>
+      <avail />
+    </loss_types>
+    <range>
+      <network />
+    </range>
+    <refs>
+      <ref url="http://samiam.org/blog/20111229.html" source="CONFIRM" patch="1">http://samiam.org/blog/20111229.html</ref>
+      <ref url="https://bugzilla.redhat.com/show_bug.cgi?id=771428" source="CONFIRM">https://bugzilla.redhat.com/show_bug.cgi?id=771428</ref>
+      <ref url="http://openwall.com/lists/oss-security/2012/01/03/6" source="MLIST">[oss-security] 20120103 CVE request: maradns hash table collision cpu dos</ref>
+      <ref url="http://openwall.com/lists/oss-security/2012/01/03/13" source="MLIST">[oss-security] 20120103 Re: CVE request: maradns hash table collision cpu dos</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="maradns" name="maradns">
+        <vers num="0.0.01" />
+        <vers num="0.0.02" />
+        <vers num="0.0.03" />
+        <vers num="0.0.04" />
+        <vers num="0.0.05" />
+        <vers num="0.0.06" />
+        <vers num="0.0.07" />
+        <vers num="0.0.08" />
+        <vers num="0.1.00" />
+        <vers num="0.1.01" />
+        <vers num="0.1.02" />
+        <vers num="0.1.03" />
+        <vers num="0.1.04" />
+        <vers num="0.1.05" />
+        <vers num="0.1.06" />
+        <vers num="0.1.07" />
+        <vers num="0.1.08" />
+        <vers num="0.1.09" />
+        <vers num="0.1.10" />
+        <vers num="0.1.11" />
+        <vers num="0.1.12" />
+        <vers num="0.1.13" />
+        <vers num="0.1.14" />
+        <vers num="0.1.15" />
+        <vers num="0.1.16" />
+        <vers num="0.1.17" />
+        <vers num="0.1.18" />
+        <vers num="0.1.19" />
+        <vers num="0.1.20" />
+        <vers num="0.1.21" />
+        <vers num="0.1.22" />
+        <vers num="0.1.23" />
+        <vers num="0.1.24" />
+        <vers num="0.1.25" />
+        <vers num="0.1.26" />
+        <vers num="0.1.27" />
+        <vers num="0.1.28" />
+        <vers num="0.1.29" />
+        <vers num="0.1.30" />
+        <vers num="0.1.31" />
+        <vers num="0.1.32" />
+        <vers num="0.1.33" />
+        <vers num="0.1.34" />
+        <vers num="0.1.35" />
+        <vers num="0.1.36" />
+        <vers num="0.1.37" />
+        <vers num="0.1.38" />
+        <vers num="0.1.39" />
+        <vers num="0.1.40" />
+        <vers num="0.2.00" />
+        <vers num="0.2.01" />
+        <vers num="0.2.02" />
+        <vers num="0.2.03" />
+        <vers num="0.2.04" />
+        <vers num="0.2.05" />
+        <vers num="0.2.06" />
+        <vers num="0.2.07" />
+        <vers num="0.2.08" />
+        <vers num="0.2.09" />
+        <vers num="0.2.10" />
+        <vers num="0.3.00" />
+        <vers num="0.3.01" />
+        <vers num="0.3.02" />
+        <vers num="0.3.03" />
+        <vers num="0.3.04" />
+        <vers num="0.3.05" />
+        <vers num="0.3.06" />
+        <vers num="0.4.00" />
+        <vers num="0.4.01" />
+        <vers num="0.4.02" />
+        <vers num="0.4.03" />
+        <vers num="0.4.04" />
+        <vers num="0.5.00" />
+        <vers num="0.5.01" />
+        <vers num="0.5.02" />
+        <vers num="0.5.03" />
+        <vers num="0.5.04" />
+        <vers num="0.5.05" />
+        <vers num="0.5.06" />
+        <vers num="0.5.07" />
+        <vers num="0.5.08" />
+        <vers num="0.5.09" />
+        <vers num="0.5.10" />
+        <vers num="0.5.11" />
+        <vers num="0.5.12" />
+        <vers num="0.5.13" />
+        <vers num="0.5.14" />
+        <vers num="0.5.15" />
+        <vers num="0.5.16" />
+        <vers num="0.5.17" />
+        <vers num="0.5.18" />
+        <vers num="0.5.19" />
+        <vers num="0.5.20" />
+        <vers num="0.5.21" />
+        <vers num="0.5.22" />
+        <vers num="0.5.23" />
+        <vers num="0.5.24" />
+        <vers num="0.5.25" />
+        <vers num="0.5.26" />
+        <vers num="0.5.27" />
+        <vers num="0.5.28" />
+        <vers num="0.5.29" />
+        <vers num="0.5.30" />
+        <vers num="0.5.31" />
+        <vers num="0.5.32" />
+        <vers num="0.5.33" />
+        <vers num="0.6.00" />
+        <vers num="0.6.01" />
+        <vers num="0.6.02" />
+        <vers num="0.6.03" />
+        <vers num="0.6.04" />
+        <vers num="0.6.05" />
+        <vers num="0.6.06" />
+        <vers num="0.6.07" />
+        <vers num="0.6.08" />
+        <vers num="0.6.09" />
+        <vers num="0.6.10" />
+        <vers num="0.6.11" />
+        <vers num="0.6.12" />
+        <vers num="0.6.13" />
+        <vers num="0.6.14" />
+        <vers num="0.6.15" />
+        <vers num="0.6.16" />
+        <vers num="0.6.17" />
+        <vers num="0.6.18" />
+        <vers num="0.6.19" />
+        <vers num="0.6.20" />
+        <vers num="0.6.21" />
+        <vers num="0.7.00" />
+        <vers num="0.7.01" />
+        <vers num="0.7.02" />
+        <vers num="0.7.03" />
+        <vers num="0.7.04" />
+        <vers num="0.7.05" />
+        <vers num="0.7.06" />
+        <vers num="0.7.07" />
+        <vers num="0.7.08" />
+        <vers num="0.7.09" />
+        <vers num="0.7.10" />
+        <vers num="0.7.11" />
+        <vers num="0.7.12" />
+        <vers num="0.7.13" />
+        <vers num="0.7.14" />
+        <vers num="0.7.15" />
+        <vers num="0.7.16" />
+        <vers num="0.7.17" />
+        <vers num="0.7.18" />
+        <vers num="0.7.19" />
+        <vers num="0.7.20" />
+        <vers num="0.7.21" />
+        <vers num="0.7.22" />
+        <vers num="0.8.00" />
+        <vers num="0.8.01" />
+        <vers num="0.8.02" />
+        <vers num="0.8.03" />
+        <vers num="0.8.04" />
+        <vers num="0.8.05" />
+        <vers num="0.8.06" />
+        <vers num="0.8.07" />
+        <vers num="0.8.08" />
+        <vers num="0.8.09" />
+        <vers num="0.8.10" />
+        <vers num="0.8.11" />
+        <vers num="0.8.12" />
+        <vers num="0.8.13" />
+        <vers num="0.8.14" />
+        <vers num="0.8.15" />
+        <vers num="0.8.16" />
+        <vers num="0.8.17" />
+        <vers num="0.8.18" />
+        <vers num="0.8.19" />
+        <vers num="0.8.20" />
+        <vers num="0.8.21" />
+        <vers num="0.8.22" />
+        <vers num="0.8.23" />
+        <vers num="0.8.24" />
+        <vers num="0.8.25" />
+        <vers num="0.8.26" />
+        <vers num="0.8.27" />
+        <vers num="0.8.28" />
+        <vers num="0.8.29" />
+        <vers num="0.8.30" />
+        <vers num="0.8.31" />
+        <vers num="0.8.32" />
+        <vers num="0.8.33" />
+        <vers num="0.8.34" />
+        <vers num="0.8.35" />
+        <vers num="0.8.99" />
+        <vers num="0.8.99a" />
+        <vers num="0.9.00" />
+        <vers num="0.9.01" />
+        <vers num="0.9.02" />
+        <vers num="0.9.03" />
+        <vers num="0.9.04" />
+        <vers num="0.9.05" />
+        <vers num="0.9.06" />
+        <vers num="0.9.07" />
+        <vers num="0.9.08" />
+        <vers num="0.9.09" />
+        <vers num="0.9.10" />
+        <vers num="0.9.11" />
+        <vers num="0.9.12" />
+        <vers num="0.9.13" />
+        <vers num="0.9.14" />
+        <vers num="0.9.15" />
+        <vers num="0.9.16" />
+        <vers num="0.9.17" />
+        <vers num="0.9.18" />
+        <vers num="0.9.19" />
+        <vers num="0.9.20" />
+        <vers num="0.9.21" />
+        <vers num="0.9.22" />
+        <vers num="0.9.23" />
+        <vers num="0.9.24" />
+        <vers num="0.9.25" />
+        <vers num="0.9.26" />
+        <vers num="0.9.27" />
+        <vers num="0.9.28" />
+        <vers num="0.9.29" />
+        <vers num="0.9.30" />
+        <vers num="0.9.31" />
+        <vers num="0.9.32" />
+        <vers num="0.9.33" />
+        <vers num="0.9.34" />
+        <vers num="0.9.35" />
+        <vers num="0.9.36" />
+        <vers num="0.9.37" />
+        <vers num="0.9.38" />
+        <vers num="0.9.39" />
+        <vers num="0.9.91" />
+        <vers num="0.9.92" />
+        <vers num="1.0.00" />
+        <vers num="1.0.01" />
+        <vers num="1.0.02" />
+        <vers num="1.0.03" />
+        <vers num="1.0.04" />
+        <vers num="1.0.05" />
+        <vers num="1.0.06" />
+        <vers num="1.0.07" />
+        <vers num="1.0.08" />
+        <vers num="1.0.09" />
+        <vers num="1.0.10" />
+        <vers num="1.0.11" />
+        <vers num="1.0.12" />
+        <vers num="1.0.13" />
+        <vers num="1.0.14" />
+        <vers num="1.0.15" />
+        <vers num="1.0.16" />
+        <vers num="1.0.17" />
+        <vers num="1.0.18" />
+        <vers num="1.0.19" />
+        <vers num="1.0.20" />
+        <vers num="1.0.21" />
+        <vers num="1.0.22" />
+        <vers num="1.0.23" />
+        <vers num="1.0.24" />
+        <vers num="1.0.25" />
+        <vers num="1.0.26" />
+        <vers num="1.0.27" />
+        <vers num="1.0.28" />
+        <vers num="1.0.29" />
+        <vers num="1.0.30" />
+        <vers num="1.0.31" />
+        <vers num="1.0.32" />
+        <vers num="1.0.33" />
+        <vers num="1.0.34" />
+        <vers num="1.0.35" />
+        <vers num="1.0.36" />
+        <vers num="1.0.37" />
+        <vers num="1.0.38" />
+        <vers num="1.0.39" />
+        <vers num="1.0.40" />
+        <vers num="1.0.41" />
+        <vers num="1.1.01" />
+        <vers num="1.1.02" />
+        <vers num="1.1.04" />
+        <vers num="1.1.05" />
+        <vers num="1.1.06" />
+        <vers num="1.1.07" />
+        <vers num="1.1.08" />
+        <vers num="1.1.09" />
+        <vers num="1.1.10" />
+        <vers num="1.1.11" />
+        <vers num="1.1.12" />
+        <vers num="1.1.13" />
+        <vers num="1.1.14" />
+        <vers num="1.1.15" />
+        <vers num="1.1.16" />
+        <vers num="1.1.17" />
+        <vers num="1.1.18" />
+        <vers num="1.1.19" />
+        <vers num="1.1.20" />
+        <vers num="1.1.21" />
+        <vers num="1.1.22" />
+        <vers num="1.1.23" />
+        <vers num="1.1.24" />
+        <vers num="1.1.25" />
+        <vers num="1.1.26" />
+        <vers num="1.1.27" />
+        <vers num="1.1.28" />
+        <vers num="1.1.29" />
+        <vers num="1.1.30" />
+        <vers num="1.1.31" />
+        <vers num="1.1.32" />
+        <vers num="1.1.33" />
+        <vers num="1.1.34" />
+        <vers num="1.1.35" />
+        <vers num="1.1.36" />
+        <vers num="1.1.37" />
+        <vers num="1.1.38" />
+        <vers num="1.1.39" />
+        <vers num="1.1.40" />
+        <vers num="1.1.41" />
+        <vers num="1.1.42" />
+        <vers num="1.1.43" />
+        <vers num="1.1.44" />
+        <vers num="1.1.45" />
+        <vers num="1.1.46" />
+        <vers num="1.1.47" />
+        <vers num="1.1.48" />
+        <vers num="1.1.49" />
+        <vers num="1.1.50" />
+        <vers num="1.1.51" />
+        <vers num="1.1.52" />
+        <vers num="1.1.53" />
+        <vers num="1.1.54" />
+        <vers num="1.1.55" />
+        <vers num="1.1.56" />
+        <vers num="1.1.57" />
+        <vers num="1.1.58" />
+        <vers num="1.1.59" />
+        <vers num="1.1.60" />
+        <vers num="1.1.61" />
+        <vers num="1.1.90" />
+        <vers num="1.1.91" />
+        <vers num="1.2.12.01" />
+        <vers num="1.2.12.02" />
+        <vers num="1.2.12.03" />
+        <vers num="1.2.12.04" />
+        <vers num="1.2.12.05" />
+        <vers num="1.2.12.06" />
+        <vers num="1.2.12.07" />
+        <vers num="1.2.12.08" />
+        <vers num="1.2.12.09" />
+        <vers num="1.2.12.10" />
+        <vers num="1.3.01" />
+        <vers num="1.3.02" />
+        <vers num="1.3.03" />
+        <vers num="1.3.04" />
+        <vers num="1.3.05" />
+        <vers num="1.3.06" />
+        <vers num="1.3.07" />
+        <vers num="1.3.07.01" />
+        <vers num="1.3.07.02" />
+        <vers num="1.3.07.03" />
+        <vers num="1.3.07.04" />
+        <vers num="1.3.07.05" />
+        <vers num="1.3.07.06" />
+        <vers num="1.3.07.07" />
+        <vers num="1.3.07.08" />
+        <vers num="1.3.07.09" />
+        <vers num="1.3.07.10" />
+        <vers num="1.3.08" />
+        <vers num="1.3.09" />
+        <vers num="1.3.10" />
+        <vers num="1.3.11" />
+        <vers num="1.3.12" />
+        <vers num="1.3.13" />
+        <vers num="1.3.14" />
+        <vers num="1.4.01" />
+        <vers num="1.4.02" />
+        <vers num="1.4.03" />
+        <vers num="1.4.04" />
+        <vers num="1.4.05" />
+        <vers num="1.4.06" />
+        <vers num="1.4.07" />
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2012-0025" published="2012-11-02" name="CVE-2012-0025" modified="2012-11-05" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:P/I:P/A:P)" CVSS_score="6.8" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="8.6" CVSS_base_score="6.8">
+    <desc>
+      <descript source="cve">Double free vulnerability in the Free_All_Memory function in jpeg/dectile.c in libfpx before 1.3.1-1, as used in the FlashPix PlugIn 4.2.2.0 for IrfanView, allows remote attackers to cause a denial of service (crash) via a crafted FPX image.</descript>
+    </desc>
+    <loss_types>
+      <avail />
+      <conf />
+      <int />
+    </loss_types>
+    <range>
+      <network />
+    </range>
+    <refs>
+      <ref url="http://xforce.iss.net/xforce/xfdb/71892" source="XF">libfpx-freeallmemory-code-exec(71892)</ref>
+      <ref url="http://www.protekresearchlab.com/index.php?option=com_content&amp;view=article&amp;id=31&amp;Itemid=31" source="MISC">http://www.protekresearchlab.com/index.php?option=com_content&amp;view=article&amp;id=31&amp;Itemid=31</ref>
+      <ref url="http://www.osvdb.org/77958" source="OSVDB">77958</ref>
+      <ref url="http://www.imagemagick.org/download/delegates/libfpx-1.3.1-1.zip" source="CONFIRM">http://www.imagemagick.org/download/delegates/libfpx-1.3.1-1.zip</ref>
+      <ref url="http://www.exploit-db.com/exploits/18256" source="EXPLOIT-DB">18256</ref>
+      <ref url="http://secunia.com/advisories/47322" source="SECUNIA" adv="1">47322</ref>
+      <ref url="http://secunia.com/advisories/47246" source="SECUNIA" adv="1">47246</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="irfanview" name="flashpix_plugin">
+        <vers num="4.2.2.0" />
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" seq="2012-0026" reject="1" published="2012-01-04" name="CVE-2012-0026" modified="2012-01-04">
+    <desc>
+      <descript source="cve">** REJECT **  DO NOT USE THIS CANDIDATE NUMBER.  ConsultIDs: CVE-2012-0287.  Reason: This candidate is a duplicate of CVE-2012-0287.  Notes: All CVE users should reference CVE-2012-0287 instead of this candidate.  All references and descriptions in this candidate have been removed to prevent accidental usage.</descript>
+    </desc>
+    <refs />
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2012-0027" published="2012-01-05" name="CVE-2012-0027" modified="2012-07-03" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:N/I:N/A:P)" CVSS_score="5.0" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="10.0" CVSS_base_score="5.0">
+    <desc>
+      <descript source="cve">The GOST ENGINE in OpenSSL before 1.0.0f does not properly handle invalid parameters for the GOST block cipher, which allows remote attackers to cause a denial of service (daemon crash) via crafted data from a TLS client.</descript>
+    </desc>
+    <loss_types>
+      <avail />
+    </loss_types>
+    <range>
+      <network />
+    </range>
+    <refs>
+      <ref url="http://www.openssl.org/news/secadv_20120104.txt" source="CONFIRM" adv="1">http://www.openssl.org/news/secadv_20120104.txt</ref>
+      <ref url="http://www.mandriva.com/security/advisories?name=MDVSA-2012:007" source="MANDRIVA">MDVSA-2012:007</ref>
+      <ref url="http://osvdb.org/78191" source="OSVDB">78191</ref>
+      <ref url="http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00017.html" source="SUSE">openSUSE-SU-2012:0083</ref>
+      <ref url="http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041" source="HP">SSRT100877</ref>
+      <ref url="http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041" source="HP">HPSBMU02786</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="openssl" name="openssl">
+        <vers num="0.9.1c" />
+        <vers num="0.9.2b" />
+        <vers num="0.9.3" />
+        <vers num="0.9.3a" />
+        <vers num="0.9.4" />
+        <vers num="0.9.5" />
+        <vers num="0.9.5a" />
+        <vers num="0.9.6" />
+        <vers num="0.9.6a" />
+        <vers num="0.9.6b" />
+        <vers num="0.9.6c" />
+        <vers num="0.9.6d" />
+        <vers num="0.9.6e" />
+        <vers num="0.9.6f" />
+        <vers num="0.9.6g" />
+        <vers num="0.9.6h" edition="bogus" />
+        <vers num="0.9.6i" />
+        <vers num="0.9.6j" />
+        <vers num="0.9.6k" />
+        <vers num="0.9.6l" />
+        <vers num="0.9.6m" />
+        <vers num="0.9.7" />
+        <vers num="0.9.7a" />
+        <vers num="0.9.7b" />
+        <vers num="0.9.7c" />
+        <vers num="0.9.7d" />
+        <vers num="0.9.7e" />
+        <vers num="0.9.7f" />
+        <vers num="0.9.7g" />
+        <vers num="0.9.7h" />
+        <vers num="0.9.7i" />
+        <vers num="0.9.7j" />
+        <vers num="0.9.7k" />
+        <vers num="0.9.7l" />
+        <vers num="0.9.7m" />
+        <vers num="0.9.8" />
+        <vers num="0.9.8a" />
+        <vers num="0.9.8b" />
+        <vers num="0.9.8c" />
+        <vers num="0.9.8d" />
+        <vers num="0.9.8e" />
+        <vers num="0.9.8f" />
+        <vers num="0.9.8g" />
+        <vers num="0.9.8h" />
+        <vers num="0.9.8i" />
+        <vers num="0.9.8j" />
+        <vers num="0.9.8k" />
+        <vers num="0.9.8l" />
+        <vers num="0.9.8m" />
+        <vers num="0.9.8n" />
+        <vers num="0.9.8o" />
+        <vers num="0.9.8p" />
+        <vers num="0.9.8q" />
+        <vers num="0.9.8r" />
+        <vers num="0.9.8s" />
+        <vers num="1.0.0" edition="beta1" />
+        <vers num="1.0.0" edition="beta2" />
+        <vers num="1.0.0" edition="beta3" />
+        <vers num="1.0.0" edition="beta4" />
+        <vers num="1.0.0" edition="beta5" />
+        <vers num="1.0.0a" />
+        <vers num="1.0.0b" />
+        <vers num="1.0.0c" />
+        <vers num="1.0.0d" />
+        <vers prev="1" num="1.0.0e" />
+      </prod>
+    </vuln_soft>
+  </entry>
+</nvd>
\ No newline at end of file
diff --git a/src/test/resources/nvdcve-2012.xml.REMOVED.git-id b/src/test/resources/nvdcve-2012.xml.REMOVED.git-id
deleted file mode 100644
index 1f786bc02..000000000
--- a/src/test/resources/nvdcve-2012.xml.REMOVED.git-id
+++ /dev/null
@@ -1 +0,0 @@
-f2ff6066ee3da30900f068dae7819e3bbf5a0618
\ No newline at end of file