Hi there,
A local vulnerabilty analyzer based on OVAL concept.
http://www.security-database.com/ssa.php

1.5 Final Release

    * NOW SSA Security System Analyzer in added to OVAL.mitre.org compatibility program
          o http://oval.mitre.org/compatible/questionnaires/21.html

    * NOW fully based on OVAL 5.2 Interpreter.
    * Added OVAL XML Database Plug-in.
          o View OVAL ID Information
          o Search by OS and OVAL ID
                + Double click on entry and get more information (linked to OVAL.mitre.org and security-database.com)
          o More information about CVE (CVSS, Related sources, Related missed patches....)

    * Added function Stop/Reload in SSA
    * Improved performance in SSA Core Scanner
    * Fixed bugs (function checks, abnormal scan abort...)
    * Fixed bugs in Updater Plug-in
    * Added second progress bar in Updater Plug-in to indicate the stages left to be processed.

Yes i did.
I tested it on some servers i've audited (Windows 2000 servers and Windows 2003 server). It was excellent. At one shot, i got all local vulnerabilities. Moreover, they included a very handy plugin (OVAL ID Database viewer) that linked me to CVE (on their website). Information on CVSS, crosslinks with ms patches, external references could be retrieved from website (security-database.com)

Test it and tell me what you think ?