Vulnerabilites related to microsoft - windows_2000
Vulnerability from fkie_nvd
Published
2005-01-10 05:00
Modified
2024-11-20 23:48
Severity ?
Summary
HyperTerminal application for Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 does not properly validate the length of a value that is saved in a session file, which allows remote attackers to execute arbitrary code via a malicious HyperTerminal session file (.ht), web site, or Telnet URL contained in an e-mail message, triggering a buffer overflow.
References
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:microsoft:windows_2000:*:*:*:*:*:*:*:*", "matchCriteriaId": "4E545C63-FE9C-4CA1-AF0F-D999D84D2AFD", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_2000:*:sp1:*:*:*:*:*:*", "matchCriteriaId": "294EBA01-147B-4DA0-937E-ACBB655EDE53", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_2000:*:sp2:*:*:*:*:*:*", "matchCriteriaId": "4E8B7346-F2AA-434C-A048-7463EC1BB117", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_2000:*:sp3:*:*:*:*:*:*", "matchCriteriaId": "BE1A6107-DE00-4A1C-87FC-9E4015165B5B", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*", "matchCriteriaId": "83E7C4A0-78CF-4B56-82BF-EC932BDD8ADF", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_2003_server:datacenter_64-bit:sp1_beta_1:*:*:*:*:*:*", "matchCriteriaId": "207B8A6E-5158-4636-91D8-38021B91CB42", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_2003_server:enterprise:*:64-bit:*:*:*:*:*", "matchCriteriaId": "E69D0E21-8C62-403E-8097-2CA403CBBB1B", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_2003_server:enterprise:sp1_beta_1:*:*:*:*:*:*", "matchCriteriaId": "EAB2E520-56D9-4B3F-99BA-EBC04AC30E4F", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_2003_server:enterprise_64-bit:*:*:*:*:*:*:*", "matchCriteriaId": "B127407D-AE50-4AFE-A780-D85B5AF44A2D", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_2003_server:enterprise_64-bit:sp1_beta_1:*:*:*:*:*:*", "matchCriteriaId": "61E9C554-757E-4912-A3F6-6F1DB17483AD", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_2003_server:r2:*:64-bit:*:*:*:*:*", "matchCriteriaId": "5D42E51C-740A-4441-8BAF-D073111B984C", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_2003_server:r2:*:datacenter_64-bit:*:*:*:*:*", "matchCriteriaId": "34ACB544-87DD-4D9A-99F0-A10F48C1EE05", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_2003_server:r2:sp1_beta_1:*:*:*:*:*:*", "matchCriteriaId": "EEAFE154-7058-40A1-9806-22476A7DF0BA", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_2003_server:standard:*:64-bit:*:*:*:*:*", "matchCriteriaId": "74AD256D-4BCE-41FB-AD73-C5C63A59A06D", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_2003_server:standard:sp1_beta_1:*:*:*:*:*:*", "matchCriteriaId": "394F16B8-C29F-445A-AA47-AA82F78CFA20", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_2003_server:web:*:*:*:*:*:*:*", "matchCriteriaId": "B518E945-5FDE-4A37-878D-6946653C91F7", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_2003_server:web:sp1_beta_1:*:*:*:*:*:*", "matchCriteriaId": "A2A2852D-64BE-40B1-8811-02EBDC1E044E", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_nt:4.0:*:*:*:*:*:*:*", "matchCriteriaId": "E53CDA8E-50A8-4509-B070-CCA5604FFB21", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_nt:4.0:*:alpha:*:*:*:*:*", "matchCriteriaId": "1A4FF113-BDCB-472C-A300-3DE5A12A7031", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_nt:4.0:*:enterprise_server:*:*:*:*:*", "matchCriteriaId": "237D7C18-C8D6-4FDB-A160-FA17DD46A55A", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_nt:4.0:*:server:*:*:*:*:*", "matchCriteriaId": "7C5FCE82-1E2F-49B9-B504-8C03F2BCF296", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_nt:4.0:*:terminal_server:*:*:*:*:*", "matchCriteriaId": "6E7E6AD3-5418-4FEA-84B5-833059CA880D", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_nt:4.0:*:terminal_server_alpha:*:*:*:*:*", "matchCriteriaId": "A5CEA2F6-0064-487D-AE4F-9C4F32E1C4AC", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_nt:4.0:*:workstation:*:*:*:*:*", "matchCriteriaId": "35346A7B-2CB5-446D-B0C3-1F21D71A746D", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_nt:4.0:sp1:*:*:*:*:*:*", "matchCriteriaId": "5BDCBCB8-DAA3-465F-ADDE-9143B8251989", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_nt:4.0:sp1:alpha:*:*:*:*:*", "matchCriteriaId": "F8E32528-4DA7-4FF8-BBA1-929C5C44FAD4", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_nt:4.0:sp1:enterprise_server:*:*:*:*:*", "matchCriteriaId": "064F4E76-1B89-4FA5-97ED-64624285C014", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_nt:4.0:sp1:server:*:*:*:*:*", "matchCriteriaId": "089A953C-8446-4E6F-B506-430C38DF37B1", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_nt:4.0:sp1:terminal_server:*:*:*:*:*", "matchCriteriaId": "EA262C44-C0E6-493A-B8E5-4D26E4013226", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_nt:4.0:sp1:workstation:*:*:*:*:*", "matchCriteriaId": "416F06DD-980E-4A54-822D-CBA499FD1F86", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_nt:4.0:sp2:*:*:*:*:*:*", "matchCriteriaId": "B86E0671-ED68-4549-B3AC-FD8BD79B0860", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_nt:4.0:sp2:alpha:*:*:*:*:*", "matchCriteriaId": "3F9C691E-CD79-4D8B-BD35-04BDE4422A4E", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_nt:4.0:sp2:enterprise_server:*:*:*:*:*", "matchCriteriaId": "F66DC6FF-2B3D-4718-838F-9E055E89961F", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_nt:4.0:sp2:server:*:*:*:*:*", "matchCriteriaId": "656AE014-AEEC-46E8-A696-61FEA7932F21", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_nt:4.0:sp2:terminal_server:*:*:*:*:*", "matchCriteriaId": "EB519FE0-9E7D-4E71-8873-356C9D7CEAB5", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_nt:4.0:sp2:workstation:*:*:*:*:*", "matchCriteriaId": "A08D0EA1-DA1B-4C52-883A-3F156F032517", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_nt:4.0:sp3:*:*:*:*:*:*", "matchCriteriaId": "BB76E7EC-C396-4537-9065-4E815DA7097C", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_nt:4.0:sp3:alpha:*:*:*:*:*", "matchCriteriaId": "0EF2010D-5D16-40A7-B7DE-8168C76E5BDB", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_nt:4.0:sp3:enterprise_server:*:*:*:*:*", "matchCriteriaId": "DA267420-56C5-4697-B0AA-52932F78B24B", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_nt:4.0:sp3:server:*:*:*:*:*", "matchCriteriaId": "93BA426E-DD51-44AC-BE78-3164670FF9E1", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_nt:4.0:sp3:terminal_server:*:*:*:*:*", "matchCriteriaId": "224F8968-9F4C-4727-AAA3-61F5578EF54C", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_nt:4.0:sp3:workstation:*:*:*:*:*", "matchCriteriaId": "02BE9817-E1AE-4619-8302-CA7AA4167F48", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_nt:4.0:sp4:*:*:*:*:*:*", "matchCriteriaId": "4CD026E2-B073-40A6-AD4A-8C76B9169B01", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_nt:4.0:sp4:alpha:*:*:*:*:*", "matchCriteriaId": "DD500955-71F7-41AD-96EE-E8CC6A7FA7A3", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_nt:4.0:sp4:enterprise_server:*:*:*:*:*", "matchCriteriaId": "363E3895-A19B-42EC-B479-765168DC0B17", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_nt:4.0:sp4:server:*:*:*:*:*", "matchCriteriaId": "FBBBF25A-709B-4716-9894-AD82180091AD", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_nt:4.0:sp4:terminal_server:*:*:*:*:*", "matchCriteriaId": "407DA6E8-0832-49FE-AE14-35C104C237EC", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_nt:4.0:sp4:workstation:*:*:*:*:*", "matchCriteriaId": "88B70B7A-5BCC-4626-AAC7-D1ACFF25D66E", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_nt:4.0:sp5:*:*:*:*:*:*", "matchCriteriaId": "DBFB3E49-3FB5-4947-856D-727CBFFBA543", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_nt:4.0:sp5:alpha:*:*:*:*:*", "matchCriteriaId": "CC031C07-FA91-426B-9772-64910AE12635", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_nt:4.0:sp5:enterprise_server:*:*:*:*:*", "matchCriteriaId": "81B7961D-151D-4773-80CB-CCD0456BFEAA", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_nt:4.0:sp5:server:*:*:*:*:*", "matchCriteriaId": "82781A72-A34F-4668-9EE8-C203B04E3367", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_nt:4.0:sp5:terminal_server:*:*:*:*:*", "matchCriteriaId": "AFE612D2-DF38-404F-AED1-B8C9C24012DE", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_nt:4.0:sp5:workstation:*:*:*:*:*", "matchCriteriaId": "12ED7363-6EEE-4688-A9B7-C5EB1107A7B4", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_nt:4.0:sp6:*:*:*:*:*:*", "matchCriteriaId": "B9236480-6450-42E1-B1FF-F336488A683A", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_nt:4.0:sp6:alpha:*:*:*:*:*", "matchCriteriaId": "D97FA0F5-6A53-4E3A-BFCF-1AFF4B83CB37", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_nt:4.0:sp6:enterprise_server:*:*:*:*:*", "matchCriteriaId": "B5CAF64E-98AA-4813-A2A2-5AC3387CF230", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_nt:4.0:sp6:server:*:*:*:*:*", "matchCriteriaId": "BCDFDBBA-6C4F-472A-9F4F-461C424794E7", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_nt:4.0:sp6:terminal_server:*:*:*:*:*", "matchCriteriaId": "BCC5E316-FB61-408B-BAA2-7FE03D581250", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_nt:4.0:sp6:workstation:*:*:*:*:*", "matchCriteriaId": "EDDD8DA8-D074-4543-AEDF-F856B5567F21", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_nt:4.0:sp6a:*:*:*:*:*:*", "matchCriteriaId": "14F55877-A759-4C8A-84D5-70508E449799", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_nt:4.0:sp6a:alpha:*:*:*:*:*", "matchCriteriaId": "C79E6858-BB9C-4229-9DBE-8DA8627D10A4", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_nt:4.0:sp6a:enterprise_server:*:*:*:*:*", "matchCriteriaId": "CA7BA525-6DB8-4444-934A-932AFED69816", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_nt:4.0:sp6a:server:*:*:*:*:*", "matchCriteriaId": "90CFA69B-7814-4F97-A14D-D76310065CF3", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_nt:4.0:sp6a:workstation:*:*:*:*:*", "matchCriteriaId": "AB6ADBAF-6EB0-4CFA-9D33-A814AC20484E", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_xp:*:*:64-bit:*:*:*:*:*", "matchCriteriaId": "91D6D065-A28D-49DA-B7F4-38421FF86498", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_xp:*:*:home:*:*:*:*:*", "matchCriteriaId": "BC176BB0-1655-4BEA-A841-C4158167CC9B", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_xp:*:*:media_center:*:*:*:*:*", "matchCriteriaId": "403945FA-8676-4D98-B903-48452B46F48F", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_xp:*:gold:professional:*:*:*:*:*", "matchCriteriaId": "4BF263CB-4239-4DB0-867C-9069ED02CAD7", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp1:64-bit:*:*:*:*:*", "matchCriteriaId": "B3BBBB2E-1699-4E1E-81BB-7A394DD6B31D", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp1:home:*:*:*:*:*", "matchCriteriaId": "49693FA0-BF34-438B-AFF2-75ACC8A6D2E6", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp1:media_center:*:*:*:*:*", "matchCriteriaId": "6A05337E-18A5-4939-85A0-69583D9B5AD9", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:home:*:*:*:*:*", "matchCriteriaId": "E43BBC5A-057F-4BE2-B4BB-6791DDB0B9C1", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:media_center:*:*:*:*:*", "matchCriteriaId": "7E439FA5-78BF-41B1-BAEC-C1C94CE86F2E", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "HyperTerminal application for Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 does not properly validate the length of a value that is saved in a session file, which allows remote attackers to execute arbitrary code via a malicious HyperTerminal session file (.ht), web site, or Telnet URL contained in an e-mail message, triggering a buffer overflow." }, { "lang": "es", "value": "La aplicaci\u00f3n Hyperterminal de Windows NT 4.0, 2000, XP y Server 2003 no valida adecuadamente la longitud de un valor guardado en un fichero de sesi\u00f3n, lo que permite a atacantes remotos ejecutar c\u00f3digo arbitrario mediante un fichero de sesi\u00f3n de HyperTerminal (.ht) malicioso, sitio web, o URL Telnet contenida en un mensaje de correo electr\u00f3nico, disparando un desbordamiento de b\u00fafer." } ], "id": "CVE-2004-0568", "lastModified": "2024-11-20T23:48:52.580", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2005-01-10T05:00:00.000", "references": [ { "source": "cve@mitre.org", "url": "http://marc.info/?l=bugtraq\u0026m=110312618614849\u0026w=2" }, { "source": "cve@mitre.org", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-043" }, { "source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18336" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1603" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2545" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3138" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3973" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4508" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4741" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=bugtraq\u0026m=110312618614849\u0026w=2" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-043" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18336" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1603" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2545" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3138" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3973" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4508" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4741" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2000-04-07 04:00
Modified
2024-11-20 23:32
Severity ?
Summary
The unattended installation of Windows 2000 with the OEMPreinstall option sets insecure permissions for the All Users and Default Users directories.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
microsoft | windows_2000 | * |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:microsoft:windows_2000:*:*:*:*:*:*:*:*", "matchCriteriaId": "4E545C63-FE9C-4CA1-AF0F-D999D84D2AFD", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "The unattended installation of Windows 2000 with the OEMPreinstall option sets insecure permissions for the All Users and Default Users directories." } ], "id": "CVE-2000-0298", "lastModified": "2024-11-20T23:32:10.927", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0" }, "exploitabilityScore": 3.9, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2000-04-07T04:00:00.000", "references": [ { "source": "cve@mitre.org", "url": "http://archives.neohapsis.com/archives/ntbugtraq/2000-q2/0027.html" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/1758" }, { "source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/4278" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://archives.neohapsis.com/archives/ntbugtraq/2000-q2/0027.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/1758" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/4278" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
1999-12-01 05:00
Modified
2024-11-20 23:29
Severity ?
Summary
NTMail does not disable the VRFY command, even if the administrator has explicitly disabled it.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
microsoft | windows_2000 | * | |
microsoft | windows_nt | 4.0 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:microsoft:windows_2000:*:*:*:*:*:*:*:*", "matchCriteriaId": "4E545C63-FE9C-4CA1-AF0F-D999D84D2AFD", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_nt:4.0:*:*:*:*:*:*:*", "matchCriteriaId": "E53CDA8E-50A8-4509-B070-CCA5604FFB21", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "NTMail does not disable the VRFY command, even if the administrator has explicitly disabled it." } ], "id": "CVE-1999-0819", "lastModified": "2024-11-20T23:29:33.000", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "1999-12-01T05:00:00.000", "references": [ { "source": "cve@mitre.org", "url": "http://marc.info/?l=bugtraq\u0026m=94398141118586\u0026w=2" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=bugtraq\u0026m=94398141118586\u0026w=2" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2006-04-12 00:02
Modified
2024-11-21 00:05
Severity ?
Summary
Unspecified vulnerability in Windows Explorer in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allows remote attackers to execute arbitrary code via attack vectors involving COM objects and "crafted files and directories," aka the "Windows Shell Vulnerability."
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
microsoft | windows_2000 | * | |
microsoft | windows_2000 | * | |
microsoft | windows_2000 | * | |
microsoft | windows_2000 | * | |
microsoft | windows_2000 | * | |
microsoft | windows_2003_server | datacenter_64-bit | |
microsoft | windows_2003_server | enterprise | |
microsoft | windows_2003_server | enterprise | |
microsoft | windows_2003_server | enterprise_64-bit | |
microsoft | windows_2003_server | enterprise_64-bit | |
microsoft | windows_2003_server | r2 | |
microsoft | windows_2003_server | r2 | |
microsoft | windows_2003_server | r2 | |
microsoft | windows_2003_server | standard | |
microsoft | windows_2003_server | standard | |
microsoft | windows_2003_server | standard_64-bit | |
microsoft | windows_2003_server | web | |
microsoft | windows_2003_server | web | |
microsoft | windows_98 | * | |
microsoft | windows_98se | * | |
microsoft | windows_me | * | |
microsoft | windows_xp | * | |
microsoft | windows_xp | * | |
microsoft | windows_xp | * | |
microsoft | windows_xp | * | |
microsoft | windows_xp | * | |
microsoft | windows_xp | * | |
microsoft | windows_xp | * | |
microsoft | windows_xp | * | |
microsoft | windows_xp | * |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:microsoft:windows_2000:*:*:*:*:*:*:*:*", "matchCriteriaId": "4E545C63-FE9C-4CA1-AF0F-D999D84D2AFD", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_2000:*:sp1:*:*:*:*:*:*", "matchCriteriaId": "294EBA01-147B-4DA0-937E-ACBB655EDE53", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_2000:*:sp2:*:*:*:*:*:*", "matchCriteriaId": "4E8B7346-F2AA-434C-A048-7463EC1BB117", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_2000:*:sp3:*:*:*:*:*:*", "matchCriteriaId": "BE1A6107-DE00-4A1C-87FC-9E4015165B5B", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*", "matchCriteriaId": "83E7C4A0-78CF-4B56-82BF-EC932BDD8ADF", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_2003_server:datacenter_64-bit:sp1:*:*:*:*:*:*", "matchCriteriaId": "BE3DF901-734B-4956-9D22-FE4608A31DDA", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_2003_server:enterprise:*:64-bit:*:*:*:*:*", "matchCriteriaId": "E69D0E21-8C62-403E-8097-2CA403CBBB1B", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_2003_server:enterprise:sp1:*:*:*:*:*:*", "matchCriteriaId": "A86C732B-6E92-46FB-B1E5-F0BA2F0D6D82", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_2003_server:enterprise_64-bit:*:*:*:*:*:*:*", "matchCriteriaId": "B127407D-AE50-4AFE-A780-D85B5AF44A2D", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_2003_server:enterprise_64-bit:sp1:*:*:*:*:*:*", "matchCriteriaId": "986AE140-316D-4874-AEE2-3058A007D33F", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_2003_server:r2:*:64-bit:*:*:*:*:*", "matchCriteriaId": "5D42E51C-740A-4441-8BAF-D073111B984C", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_2003_server:r2:*:datacenter_64-bit:*:*:*:*:*", "matchCriteriaId": "34ACB544-87DD-4D9A-99F0-A10F48C1EE05", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_2003_server:r2:sp1:*:*:*:*:*:*", "matchCriteriaId": "C1BC59CF-BA8A-4D4C-92A5-CFDA7ECD685F", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_2003_server:standard:*:64-bit:*:*:*:*:*", "matchCriteriaId": "74AD256D-4BCE-41FB-AD73-C5C63A59A06D", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_2003_server:standard:sp1:*:*:*:*:*:*", "matchCriteriaId": "4B5F54BB-A80E-42F2-A700-82C1240E23D0", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_2003_server:standard_64-bit:*:*:*:*:*:*:*", "matchCriteriaId": "A3AC387D-BB23-4EB9-A7DA-6E3F5CD8EFD7", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_2003_server:web:*:*:*:*:*:*:*", "matchCriteriaId": "B518E945-5FDE-4A37-878D-6946653C91F7", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_2003_server:web:sp1:*:*:*:*:*:*", "matchCriteriaId": "76BDFB16-D71F-4E33-83FD-F0F2AE2FAE7F", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_98:*:gold:*:*:*:*:*:*", "matchCriteriaId": "2D3B703C-79B2-4FA2-9E12-713AB977A880", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_98se:*:*:*:*:*:*:*:*", "matchCriteriaId": "AA733AD2-D948-46A0-A063-D29081A56F1F", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_me:*:*:*:*:*:*:*:*", "matchCriteriaId": "799DA395-C7F8-477C-8BC7-5B4B88FB7503", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_xp:*:*:64-bit:*:*:*:*:*", "matchCriteriaId": "91D6D065-A28D-49DA-B7F4-38421FF86498", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_xp:*:*:home:*:*:*:*:*", "matchCriteriaId": "BC176BB0-1655-4BEA-A841-C4158167CC9B", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_xp:*:*:media_center:*:*:*:*:*", "matchCriteriaId": "403945FA-8676-4D98-B903-48452B46F48F", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_xp:*:gold:professional:*:*:*:*:*", "matchCriteriaId": "4BF263CB-4239-4DB0-867C-9069ED02CAD7", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp1:home:*:*:*:*:*", "matchCriteriaId": "49693FA0-BF34-438B-AFF2-75ACC8A6D2E6", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp1:media_center:*:*:*:*:*", "matchCriteriaId": "6A05337E-18A5-4939-85A0-69583D9B5AD9", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:home:*:*:*:*:*", "matchCriteriaId": "E43BBC5A-057F-4BE2-B4BB-6791DDB0B9C1", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:media_center:*:*:*:*:*", "matchCriteriaId": "7E439FA5-78BF-41B1-BAEC-C1C94CE86F2E", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:tablet_pc:*:*:*:*:*", "matchCriteriaId": "FB2BE2DE-7B06-47ED-A674-15D45448F357", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Unspecified vulnerability in Windows Explorer in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allows remote attackers to execute arbitrary code via attack vectors involving COM objects and \"crafted files and directories,\" aka the \"Windows Shell Vulnerability.\"" } ], "id": "CVE-2006-0012", "lastModified": "2024-11-21T00:05:27.837", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 4.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": true, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true } ] }, "published": "2006-04-12T00:02:00.000", "references": [ { "source": "secure@microsoft.com", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://secunia.com/advisories/19606" }, { "source": "secure@microsoft.com", "url": "http://securitytracker.com/id?1015897" }, { "source": "secure@microsoft.com", "tags": [ "Third Party Advisory", "US Government Resource" ], "url": "http://www.kb.cert.org/vuls/id/641460" }, { "source": "secure@microsoft.com", "url": "http://www.osvdb.org/24516" }, { "source": "secure@microsoft.com", "url": "http://www.securityfocus.com/bid/17464" }, { "source": "secure@microsoft.com", "tags": [ "US Government Resource" ], "url": "http://www.us-cert.gov/cas/techalerts/TA06-101A.html" }, { "source": "secure@microsoft.com", "url": "http://www.vupen.com/english/advisories/2006/1320" }, { "source": "secure@microsoft.com", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-015" }, { "source": "secure@microsoft.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25554" }, { "source": "secure@microsoft.com", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1191" }, { "source": "secure@microsoft.com", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1448" }, { "source": "secure@microsoft.com", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1679" }, { "source": "secure@microsoft.com", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1743" }, { "source": "secure@microsoft.com", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1764" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://secunia.com/advisories/19606" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securitytracker.com/id?1015897" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory", "US Government Resource" ], "url": "http://www.kb.cert.org/vuls/id/641460" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.osvdb.org/24516" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/17464" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "US Government Resource" ], "url": "http://www.us-cert.gov/cas/techalerts/TA06-101A.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2006/1320" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-015" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25554" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1191" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1448" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1679" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1743" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1764" } ], "sourceIdentifier": "secure@microsoft.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2002-06-25 04:00
Modified
2025-02-07 15:15
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
smss.exe debugging subsystem in Windows NT and Windows 2000 does not properly authenticate programs that connect to other programs, which allows local users to gain administrator or SYSTEM privileges by duplicating a handle to a privileged process, as demonstrated by DebPloit.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
microsoft | windows_2000 | - | |
microsoft | windows_nt | 4.0 | |
microsoft | windows_nt | 4.0 |
{ "cisaActionDue": "2022-03-24", "cisaExploitAdd": "2022-03-03", "cisaRequiredAction": "Apply updates per vendor instructions.", "cisaVulnerabilityName": "Microsoft Windows Privilege Escalation Vulnerability", "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:microsoft:windows_2000:-:*:*:*:*:*:*:*", "matchCriteriaId": "685F1981-EA61-4A00-89F8-A748A88962F8", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_nt:4.0:*:*:*:*:*:*:*", "matchCriteriaId": "E53CDA8E-50A8-4509-B070-CCA5604FFB21", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_nt:4.0:-:*:*:terminal_server:*:*:*", "matchCriteriaId": "E30F6C9C-3371-44FF-AD0B-3CAA0AB6F1B8", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "smss.exe debugging subsystem in Windows NT and Windows 2000 does not properly authenticate programs that connect to other programs, which allows local users to gain administrator or SYSTEM privileges by duplicating a handle to a privileged process, as demonstrated by DebPloit." } ], "id": "CVE-2002-0367", "lastModified": "2025-02-07T15:15:09.513", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0" }, "exploitabilityScore": 3.9, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary" }, { "cvssData": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] }, "published": "2002-06-25T04:00:00.000", "references": [ { "source": "cve@mitre.org", "tags": [ "Mailing List" ], "url": "http://marc.info/?l=ntbugtraq\u0026m=101614320402695\u0026w=2" }, { "source": "cve@mitre.org", "tags": [ "Broken Link", "Patch", "Vendor Advisory" ], "url": "http://www.iss.net/security_center/static/8462.php" }, { "source": "cve@mitre.org", "tags": [ "Broken Link", "Exploit", "Patch", "Third Party Advisory", "VDB Entry", "Vendor Advisory" ], "url": "http://www.securityfocus.com/archive/1/262074" }, { "source": "cve@mitre.org", "tags": [ "Broken Link", "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/archive/1/264441" }, { "source": "cve@mitre.org", "tags": [ "Broken Link", "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/archive/1/264927" }, { "source": "cve@mitre.org", "tags": [ "Broken Link", "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/bid/4287" }, { "source": "cve@mitre.org", "tags": [ "Patch", "Vendor Advisory" ], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-024" }, { "source": "cve@mitre.org", "tags": [ "Broken Link" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A158" }, { "source": "cve@mitre.org", "tags": [ "Broken Link" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A76" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List" ], "url": "http://marc.info/?l=ntbugtraq\u0026m=101614320402695\u0026w=2" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link", "Patch", "Vendor Advisory" ], "url": "http://www.iss.net/security_center/static/8462.php" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link", "Exploit", "Patch", "Third Party Advisory", "VDB Entry", "Vendor Advisory" ], "url": "http://www.securityfocus.com/archive/1/262074" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link", "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/archive/1/264441" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link", "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/archive/1/264927" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link", "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/bid/4287" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-024" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A158" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A76" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-noinfo" } ], "source": "nvd@nist.gov", "type": "Primary" }, { "description": [ { "lang": "en", "value": "CWE-269" } ], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] }
Vulnerability from fkie_nvd
Published
2008-04-08 23:05
Modified
2024-11-21 00:41
Severity ?
Summary
The DNS client in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, and Vista uses predictable DNS transaction IDs, which allows remote attackers to spoof DNS responses.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
microsoft | windows_2000 | - | |
microsoft | windows_server_2003 | - | |
microsoft | windows_server_2003 | - | |
microsoft | windows_vista | - | |
microsoft | windows_xp | - | |
microsoft | windows_xp | - | |
microsoft | windows_xp | - |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:microsoft:windows_2000:-:sp4:*:*:*:*:*:*", "matchCriteriaId": "CA2CBE65-F4B6-49AF-983C-D3CF6C172CC5", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_server_2003:-:sp1:*:*:*:*:*:*", "matchCriteriaId": "43D64F8D-975A-4A5B-BEDF-D27D65C96A29", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_server_2003:-:sp2:*:*:*:*:*:*", "matchCriteriaId": "1D929AA2-EE0B-4AA1-805D-69BCCA11B77F", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_vista:-:*:*:*:*:*:*:*", "matchCriteriaId": "7CAEEA81-5037-4B68-98D9-83AAEBC98E20", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_xp:-:-:*:*:professional:*:x64:*", "matchCriteriaId": "4902A7BD-0645-4CAC-8EA8-24BD2D8B893A", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_xp:-:sp2:*:*:*:*:*:*", "matchCriteriaId": "34DF3B5E-F17F-49B4-9DC8-06749F3C9CC3", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_xp:-:sp2:*:*:professional:*:x64:*", "matchCriteriaId": "C6109348-BC79-4ED3-8D41-EA546A540C79", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "The DNS client in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, and Vista uses predictable DNS transaction IDs, which allows remote attackers to spoof DNS responses." }, { "lang": "es", "value": "El cliente de DNS en Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 y SP2, y Vista, emplea IDs de transacciones de DNS predecibles, lo que permite a atacantes remotos falsificar respuestas DNS." } ], "id": "CVE-2008-0087", "lastModified": "2024-11-21T00:41:08.393", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 8.8, "confidentialityImpact": "NONE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:C/A:C", "version": "2.0" }, "exploitabilityScore": 8.6, "impactScore": 9.2, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2008-04-08T23:05:00.000", "references": [ { "source": "secure@microsoft.com", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://marc.info/?l=bugtraq\u0026m=120845064910729\u0026w=2" }, { "source": "secure@microsoft.com", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://marc.info/?l=bugtraq\u0026m=120845064910729\u0026w=2" }, { "source": "secure@microsoft.com", "tags": [ "Broken Link", "Third Party Advisory" ], "url": "http://secunia.com/advisories/29696" }, { "source": "secure@microsoft.com", "tags": [ "Broken Link", "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/archive/1/490575/100/0/threaded" }, { "source": "secure@microsoft.com", "tags": [ "Broken Link", "Patch", "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/bid/28553" }, { "source": "secure@microsoft.com", "tags": [ "Broken Link", "Third Party Advisory", "VDB Entry" ], "url": "http://www.securitytracker.com/id?1019802" }, { "source": "secure@microsoft.com", "tags": [ "Broken Link" ], "url": "http://www.trusteer.com/docs/windowsresolver.html" }, { "source": "secure@microsoft.com", "tags": [ "Broken Link", "Third Party Advisory", "US Government Resource" ], "url": "http://www.us-cert.gov/cas/techalerts/TA08-099A.html" }, { "source": "secure@microsoft.com", "tags": [ "Broken Link" ], "url": "http://www.vupen.com/english/advisories/2008/1144/references" }, { "source": "secure@microsoft.com", "tags": [ "Patch", "Vendor Advisory" ], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-020" }, { "source": "secure@microsoft.com", "tags": [ "Broken Link", "Third Party Advisory" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5314" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://marc.info/?l=bugtraq\u0026m=120845064910729\u0026w=2" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://marc.info/?l=bugtraq\u0026m=120845064910729\u0026w=2" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link", "Third Party Advisory" ], "url": "http://secunia.com/advisories/29696" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link", "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/archive/1/490575/100/0/threaded" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link", "Patch", "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/bid/28553" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link", "Third Party Advisory", "VDB Entry" ], "url": "http://www.securitytracker.com/id?1019802" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link" ], "url": "http://www.trusteer.com/docs/windowsresolver.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link", "Third Party Advisory", "US Government Resource" ], "url": "http://www.us-cert.gov/cas/techalerts/TA08-099A.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link" ], "url": "http://www.vupen.com/english/advisories/2008/1144/references" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-020" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link", "Third Party Advisory" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5314" } ], "sourceIdentifier": "secure@microsoft.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-330" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2009-10-14 10:30
Modified
2024-11-21 01:05
Severity ?
Summary
Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a crafted WMF image file, aka "GDI+ WMF Integer Overflow Vulnerability."
References
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:microsoft:windows_2003_server:*:sp2:*:*:*:*:*:*", "matchCriteriaId": "2978BF86-5A1A-438E-B81F-F360D0E30C9C", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_2003_server:*:sp2:itanium:*:*:*:*:*", "matchCriteriaId": "F7EFB032-47F4-4497-B16B-CB9126EAC9DF", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_2003_server:*:sp2:x64:*:*:*:*:*", "matchCriteriaId": "6881476D-81A2-4DFD-AC77-82A8D08A0568", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_server_2008:*:*:itanium:*:*:*:*:*", "matchCriteriaId": "7F6EA111-A4E6-4963-A0C8-F9336C605B6E", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_server_2008:*:*:x32:*:*:*:*:*", "matchCriteriaId": "9CFB1A97-8042-4497-A45D-C014B5E240AB", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_server_2008:*:*:x64:*:*:*:*:*", "matchCriteriaId": "7F9C7616-658D-409D-8B53-AC00DC55602A", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_vista:*:*:*:*:*:*:*:*", "matchCriteriaId": "3852BB02-47A1-40B3-8E32-8D8891A53114", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_vista:*:*:x64:*:*:*:*:*", "matchCriteriaId": "1DD1D5ED-FE7C-4ADF-B3AF-1F13E51B4FB5", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_vista:*:sp1:*:*:*:*:*:*", "matchCriteriaId": "C162FFF0-1E8F-4DCF-A08F-6C6E324ED878", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*", "matchCriteriaId": "9B339C33-8896-4896-88FF-88E74FDBC543", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:professional_x64:*:*:*:*:*", "matchCriteriaId": "1AB9988B-5A9C-4F6D-BCCC-4D03AC6E4CF9", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp3:*:*:*:*:*:*", "matchCriteriaId": "CE477A73-4EE4-41E9-8694-5A3D5DC88656", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*", "matchCriteriaId": "83E7C4A0-78CF-4B56-82BF-EC932BDD8ADF", "vulnerable": false } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:.net_framework:1.1:sp1:*:*:*:*:*:*", "matchCriteriaId": "0BF6AE15-EAC3-4100-A742-211026C79CCC", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:.net_framework:2.0:sp1:*:*:*:*:*:*", "matchCriteriaId": "F97EB992-2DC1-4E31-A298-072D8313130B", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:.net_framework:2.0:sp2:*:*:*:*:*:*", "matchCriteriaId": "42A6DF09-B8E1-414D-97E7-453566055279", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6:sp1:*:*:*:*:*:*", "matchCriteriaId": "D47247A3-7CD7-4D67-9D9B-A94A504DA1BE", "vulnerable": true } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:report_viewer:2005:sp1:redistributable_package:*:*:*:*:*", "matchCriteriaId": "86B3074F-1673-4439-8582-F2786D0ED54D", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:report_viewer:2008:*:redistributable_package:*:*:*:*:*", "matchCriteriaId": "28A57C4D-A305-4FF4-B9AC-853CAF7E30AC", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:report_viewer:2008:sp1:redistributable_package:*:*:*:*:*", "matchCriteriaId": "16FD5898-64D7-4F4F-A4C5-5E7BDF340E28", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:sql_server:2005:sp2:*:*:*:*:*:*", "matchCriteriaId": "26423C70-4475-4D7E-8CC0-D8CFADE16B26", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:sql_server:2005:sp2:itanium:*:*:*:*:*", "matchCriteriaId": "F7EF6C51-17EA-43E4-84BA-08CE705C2D55", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:sql_server:2005:sp2:x64:*:*:*:*:*", "matchCriteriaId": "7ADB520B-B847-4855-95B1-6CEA36D66C07", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:sql_server:2005:sp3:*:*:*:*:*:*", "matchCriteriaId": "93B86335-EF14-4E4F-B192-2A5323A47D31", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:sql_server:2005:sp3:itanium:*:*:*:*:*", "matchCriteriaId": "AA80EDC4-4E84-40BE-86D5-1825AFA85390", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:sql_server:2005:sp3:x64:*:*:*:*:*", "matchCriteriaId": "0F3BF09C-04D2-4367-BE58-72AD396B4110", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:sql_server_reporting_services:2000:sp2:*:*:*:*:*:*", "matchCriteriaId": "377777D4-0649-4732-9E38-E4074056C561", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:excel_viewer:2003:*:*:*:*:*:*:*", "matchCriteriaId": "FDB0020C-A804-4003-B411-1AC7A6E7193E", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:excel_viewer:2003:sp3:*:*:*:*:*:*", "matchCriteriaId": "AE2F0B8B-0600-4324-93A9-07DBE97E1BB8", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:expression_web:*:*:*:*:*:*:*:*", "matchCriteriaId": "2876FC23-21A0-4F56-B0D9-11187173F7D7", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:expression_web:2:*:*:*:*:*:*:*", "matchCriteriaId": "F6761A1C-EC1C-4B00-8126-D58DAB51267A", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:office:2003:sp3:*:*:*:*:*:*", "matchCriteriaId": "A332D04D-CC8C-4F68-A261-BA2F2D8EAD1E", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:office:2007:sp1:*:*:*:*:*:*", "matchCriteriaId": "69E6B9EB-D3F7-4C57-BF2F-61664E5C2C7D", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:office:2007:sp2:*:*:*:*:*:*", "matchCriteriaId": "08AF794A-435D-4171-9DBB-EB7FAED96DBA", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:office:xp:*:*:*:*:*:*:*", "matchCriteriaId": "34FA62BE-D804-402D-9BDD-68BC70ECCD76", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:2007:sp1:*:*:*:*:*:*", "matchCriteriaId": "C5C94F2C-786B-45E4-B80A-FC668D917014", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:2007:sp2:*:*:*:*:*:*", "matchCriteriaId": "A4B44889-AEEB-4713-A047-C27B802DB257", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:office_excel_viewer:*:*:*:*:*:*:*:*", "matchCriteriaId": "4A2613CE-C469-43AE-A590-87CE1FAADA8B", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:office_groove:2007:*:*:*:*:*:*:*", "matchCriteriaId": "828A3CB6-EB0A-4CCD-B786-7316564EE40A", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:office_groove:2007:sp1:*:*:*:*:*:*", "matchCriteriaId": "F646992A-D3B7-4474-8E0B-65B99086D844", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:office_powerpoint_viewer:*:*:*:*:*:*:*:*", "matchCriteriaId": "70B39422-2E91-4F2C-8338-8A9292956260", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:office_powerpoint_viewer:2007:sp1:*:*:*:*:*:*", "matchCriteriaId": "7F9C3119-B118-41E2-9622-FD40C6CC4B6C", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:office_powerpoint_viewer:2007:sp2:*:*:*:*:*:*", "matchCriteriaId": "B55849C3-649E-487B-B702-E2F4B25ECAB5", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:office_word_viewer:*:*:*:*:*:*:*:*", "matchCriteriaId": "E647A7B3-7A92-4584-BDA7-81752FF59411", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:project:2002:sp1:*:*:*:*:*:*", "matchCriteriaId": "9B14AE8E-1BFF-4458-87CC-357957F18F8A", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:visio:2002:sp2:*:*:*:*:*:*", "matchCriteriaId": "D0D2C5C3-225C-49DC-B9C7-C5BC05900F2E", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:word_viewer:2003:*:*:*:*:*:*:*", "matchCriteriaId": "1889A686-9565-4958-99BB-2EC24ABDF272", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:word_viewer:2003:sp3:*:*:*:*:*:*", "matchCriteriaId": "5D7B01AE-F457-45C1-8A37-7ED65CAF8638", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:works:8.5:*:*:*:*:*:*:*", "matchCriteriaId": "83EE0CCD-69AD-4705-9BB0-24688F7957F1", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:platform_sdk:*:*:redistrutable_gdi\\+:*:*:*:*:*", "matchCriteriaId": "5E9AC6E2-D6C2-48E1-87C5-86470AC622DD", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:report_viewer:2005:sp1:redistributable_package:*:*:*:*:*", "matchCriteriaId": "86B3074F-1673-4439-8582-F2786D0ED54D", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:report_viewer:2008:*:redistributable_package:*:*:*:*:*", "matchCriteriaId": "28A57C4D-A305-4FF4-B9AC-853CAF7E30AC", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:report_viewer:2008:sp1:redistributable_package:*:*:*:*:*", "matchCriteriaId": "16FD5898-64D7-4F4F-A4C5-5E7BDF340E28", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:visual_studio:2008:*:*:*:*:*:*:*", "matchCriteriaId": "ED077FFC-EBCC-4CD9-BF0E-0286B99C1965", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:visual_studio:2008:sp1:*:*:*:*:*:*", "matchCriteriaId": "9AB2C8C4-7E86-4736-9CE4-2E65E4EDBF02", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:visual_studio_.net:2003:sp1:*:*:*:*:*:*", "matchCriteriaId": "85959AEB-2FE5-4A25-B298-F8223CE260D6", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:visual_studio_.net:2005:sp1:*:*:*:*:*:*", "matchCriteriaId": "F40C30AF-7D70-4FE8-B7D1-F4734F791664", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:forefront_client_security:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "578221F3-4C20-4A3F-A286-5A4680E8785D", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:visual_foxpro:8.0:sp1:*:*:*:*:*:*", "matchCriteriaId": "E5DE8B76-FA09-4EA2-9535-758C56C4C099", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:visual_foxpro:9.0:sp2:*:*:*:*:*:*", "matchCriteriaId": "5E711CC3-9094-4C54-A794-9C7A3E7F4AFA", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*", "matchCriteriaId": "83E7C4A0-78CF-4B56-82BF-EC932BDD8ADF", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a crafted WMF image file, aka \"GDI+ WMF Integer Overflow Vulnerability.\"" }, { "lang": "es", "value": "Desbordamiento de entero en GDI+ en Microsoft Internet Explorer v6 SP1, Windows XP SP2 y SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 y SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold y SP3, Office Excel Viewer 2003 Gold y SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, y SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 y SP2, Expression Web, Expression Web 2, Groove 2007 Gold y SP1, Works v8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold y SP1, y Forefront Client Security v1.0 permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de un fichero de imagen WMF, tambi\u00e9n conocido como \"Vulnerabilidad de desbordamiento de entero GDI+ WMF\"" } ], "id": "CVE-2009-2500", "lastModified": "2024-11-21T01:05:01.630", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0" }, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true } ] }, "published": "2009-10-14T10:30:01.327", "references": [ { "source": "secure@microsoft.com", "tags": [ "US Government Resource" ], "url": "http://www.us-cert.gov/cas/techalerts/TA09-286A.html" }, { "source": "secure@microsoft.com", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-062" }, { "source": "secure@microsoft.com", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5967" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "US Government Resource" ], "url": "http://www.us-cert.gov/cas/techalerts/TA09-286A.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-062" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5967" } ], "sourceIdentifier": "secure@microsoft.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-189" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2009-10-14 10:30
Modified
2024-11-21 00:59
Severity ?
Summary
Microsoft .NET Framework 1.0 SP3, 1.1 SP1, and 2.0 SP1 does not properly validate .NET verifiable code, which allows remote attackers to obtain unintended access to stack memory, and execute arbitrary code, via (1) a crafted XAML browser application (XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka "Microsoft .NET Framework Pointer Verification Vulnerability."
References
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*", "matchCriteriaId": "83E7C4A0-78CF-4B56-82BF-EC932BDD8ADF", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:.net_framework:1.1:sp1:*:*:*:*:*:*", "matchCriteriaId": "0BF6AE15-EAC3-4100-A742-211026C79CCC", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:.net_framework:2.0:sp1:*:*:*:*:*:*", "matchCriteriaId": "F97EB992-2DC1-4E31-A298-072D8313130B", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:.net_framework:2.0:sp2:*:*:*:*:*:*", "matchCriteriaId": "42A6DF09-B8E1-414D-97E7-453566055279", "vulnerable": true } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:microsoft:windows_server_2003:*:sp2:*:*:*:*:*:*", "matchCriteriaId": "4D3B5E4F-56A6-4696-BBB4-19DF3613D020", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_server_2008:*:*:itanium:*:*:*:*:*", "matchCriteriaId": "7F6EA111-A4E6-4963-A0C8-F9336C605B6E", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_server_2008:*:*:x32:*:*:*:*:*", "matchCriteriaId": "9CFB1A97-8042-4497-A45D-C014B5E240AB", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_server_2008:*:*:x64:*:*:*:*:*", "matchCriteriaId": "7F9C7616-658D-409D-8B53-AC00DC55602A", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_server_2008:*:sp2:itanium:*:*:*:*:*", "matchCriteriaId": "7C684420-1614-4DAE-9BD9-F1FE9102A50F", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_server_2008:*:sp2:x64:*:*:*:*:*", "matchCriteriaId": "FFF81F4B-7D92-4398-8658-84530FB8F518", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "matchCriteriaId": "5F422A8C-2C4E-42C8-B420-E0728037E15C", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:x86:*:*:*:*:*", "matchCriteriaId": "BA99C751-91CB-43D4-93FF-1C12342CAF1E", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:.net_framework:1.1:sp1:*:*:*:*:*:*", "matchCriteriaId": "0BF6AE15-EAC3-4100-A742-211026C79CCC", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:.net_framework:2.0:sp1:*:*:*:*:*:*", "matchCriteriaId": "F97EB992-2DC1-4E31-A298-072D8313130B", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:.net_framework:2.0:sp2:*:*:*:*:*:*", "matchCriteriaId": "42A6DF09-B8E1-414D-97E7-453566055279", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:.net_framework:3.5:*:*:*:*:*:*:*", "matchCriteriaId": "E039CE1F-B988-4741-AE2E-5B36E2AF9688", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:.net_framework:3.5:sp1:*:*:*:*:*:*", "matchCriteriaId": "0C610747-93E5-4014-8ED2-47F333174832", "vulnerable": true } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:microsoft:windows_vista:*:*:*:*:*:*:*:*", "matchCriteriaId": "3852BB02-47A1-40B3-8E32-8D8891A53114", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_vista:*:*:x64:*:*:*:*:*", "matchCriteriaId": "1DD1D5ED-FE7C-4ADF-B3AF-1F13E51B4FB5", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_vista:*:sp1:*:*:*:*:*:*", "matchCriteriaId": "C162FFF0-1E8F-4DCF-A08F-6C6E324ED878", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_vista:*:sp2:*:*:*:*:*:*", "matchCriteriaId": "0A0D2704-C058-420B-B368-372D1129E914", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:.net_framework:1.1:sp1:*:*:*:*:*:*", "matchCriteriaId": "0BF6AE15-EAC3-4100-A742-211026C79CCC", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:.net_framework:2.0:*:*:*:*:*:*:*", "matchCriteriaId": "A419F50E-F32C-461C-95D0-978C5351FBAA", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:.net_framework:2.0:sp1:*:*:*:*:*:*", "matchCriteriaId": "F97EB992-2DC1-4E31-A298-072D8313130B", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:.net_framework:2.0:sp2:*:*:*:*:*:*", "matchCriteriaId": "42A6DF09-B8E1-414D-97E7-453566055279", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:.net_framework:3.5:*:*:*:*:*:*:*", "matchCriteriaId": "E039CE1F-B988-4741-AE2E-5B36E2AF9688", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:.net_framework:3.5:sp1:*:*:*:*:*:*", "matchCriteriaId": "0C610747-93E5-4014-8ED2-47F333174832", "vulnerable": true } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:.net_framework:1.1:sp1:*:*:*:*:*:*", "matchCriteriaId": "0BF6AE15-EAC3-4100-A742-211026C79CCC", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:o:microsoft:windows_7:-:*:*:*:*:*:*:*", "matchCriteriaId": "E33796DB-4523-4F04-B564-ADF030553D51", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_server_2008:*:r2:itanium:*:*:*:*:*", "matchCriteriaId": "B2B19826-5516-4899-9599-F95D0A03FBCD", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_server_2008:*:r2:x64:*:*:*:*:*", "matchCriteriaId": "4945F25F-2828-4D03-930B-A109BA73E00C", "vulnerable": true } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:.net_framework:1.0:sp3:*:*:*:*:*:*", "matchCriteriaId": "B4B659D4-6EDD-4A31-A7CC-70B12EBEB4D8", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:.net_framework:1.1:sp1:*:*:*:*:*:*", "matchCriteriaId": "0BF6AE15-EAC3-4100-A742-211026C79CCC", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:.net_framework:2.0:sp1:*:*:*:*:*:*", "matchCriteriaId": "F97EB992-2DC1-4E31-A298-072D8313130B", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:.net_framework:2.0:sp2:*:*:*:*:*:*", "matchCriteriaId": "42A6DF09-B8E1-414D-97E7-453566055279", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:.net_framework:3.5:*:*:*:*:*:*:*", "matchCriteriaId": "E039CE1F-B988-4741-AE2E-5B36E2AF9688", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:.net_framework:3.5:sp1:*:*:*:*:*:*", "matchCriteriaId": "0C610747-93E5-4014-8ED2-47F333174832", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*", "matchCriteriaId": "9B339C33-8896-4896-88FF-88E74FDBC543", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp3:*:*:*:*:*:*", "matchCriteriaId": "CE477A73-4EE4-41E9-8694-5A3D5DC88656", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_xp:-:sp2:x64:*:*:*:*:*", "matchCriteriaId": "FFAC3F90-77BF-4F56-A89B-8A3D2D1FC6D6", "vulnerable": true } ], "negate": false, "operator": "OR" } ], "operator": "AND" } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Microsoft .NET Framework 1.0 SP3, 1.1 SP1, and 2.0 SP1 does not properly validate .NET verifiable code, which allows remote attackers to obtain unintended access to stack memory, and execute arbitrary code, via (1) a crafted XAML browser application (XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka \"Microsoft .NET Framework Pointer Verification Vulnerability.\"" }, { "lang": "es", "value": "Microsoft .NET Framework v1.0 SP3, v1.1 SP1, y v2.0 SP1 no valida adecuadamente el c\u00f3digo de .NET, lo que permite a atacantes remotos obtener accesos no previstos a la memoria de la pila y ejecutar c\u00f3digo arbitrario a trav\u00e9s de (1) una aplicaci\u00f3n de navegador XAML (XBAP), (2) una aplicaci\u00f3n ASP.NET manipulada, o (3) una aplicaci\u00f3n .NET Framework manipulada, tambi\u00e9n conocido como \"Vulnerabilidad de verificaci\u00f3n de puntero de Microsoft .NET Framework\"." } ], "id": "CVE-2009-0090", "lastModified": "2024-11-21T00:59:02.000", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0" }, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true } ] }, "published": "2009-10-14T10:30:00.420", "references": [ { "source": "secure@microsoft.com", "tags": [ "US Government Resource" ], "url": "http://www.us-cert.gov/cas/techalerts/TA09-286A.html" }, { "source": "secure@microsoft.com", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-061" }, { "source": "secure@microsoft.com", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5716" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "US Government Resource" ], "url": "http://www.us-cert.gov/cas/techalerts/TA09-286A.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-061" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5716" } ], "sourceIdentifier": "secure@microsoft.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-264" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2007-02-13 22:28
Modified
2024-11-21 00:25
Severity ?
Summary
The wininet.dll FTP client code in Microsoft Internet Explorer 5.01 and 6 might allow remote attackers to execute arbitrary code via an FTP server response of a specific length that causes a terminating null byte to be written outside of a buffer, which causes heap corruption.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
microsoft | windows_2000 | * | |
microsoft | internet_explorer | 5.01 | |
microsoft | windows_2000 | * | |
microsoft | ie | 6.0 | |
microsoft | windows_2003_server | gold | |
microsoft | windows_2003_server | gold | |
microsoft | windows_2003_server | gold | |
microsoft | windows_2003_server | sp1 | |
microsoft | windows_2003_server | sp1 | |
microsoft | windows_xp | * | |
microsoft | windows_xp | * | |
microsoft | internet_explorer | 6.0 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*", "matchCriteriaId": "83E7C4A0-78CF-4B56-82BF-EC932BDD8ADF", "vulnerable": false } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.01:sp4:*:*:*:*:*:*", "matchCriteriaId": "F3F2A51E-2675-4993-B9C2-F2D176A92857", "vulnerable": true } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*", "matchCriteriaId": "83E7C4A0-78CF-4B56-82BF-EC932BDD8ADF", "vulnerable": false } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*", "matchCriteriaId": "24DF2AB3-DEAB-4D70-986E-FFBB7E64B96A", "vulnerable": true } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:microsoft:windows_2003_server:gold:*:*:*:*:*:*:*", "matchCriteriaId": "B058588A-88F3-4789-8EA9-0D37447B08CA", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_2003_server:gold:*:itanium:*:*:*:*:*", "matchCriteriaId": "3C9649DB-D417-4CCC-9F61-685ECB355AD7", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_2003_server:gold:*:x64:*:*:*:*:*", "matchCriteriaId": "722526B1-12E3-42E7-95ED-84A86D0C189A", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_2003_server:sp1:*:*:*:*:*:*:*", "matchCriteriaId": "644E2E89-F3E3-4383-B460-424D724EE62F", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_2003_server:sp1:*:itanium:*:*:*:*:*", "matchCriteriaId": "7D11FC8D-59DD-4CAC-B4D3-DABB7A9903F1", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*", "matchCriteriaId": "9B339C33-8896-4896-88FF-88E74FDBC543", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:professional_x64:*:*:*:*:*", "matchCriteriaId": "1AB9988B-5A9C-4F6D-BCCC-4D03AC6E4CF9", "vulnerable": false } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "A19F6133-25D1-44A5-B6B9-354703436783", "vulnerable": true } ], "negate": false, "operator": "OR" } ], "operator": "AND" } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "The wininet.dll FTP client code in Microsoft Internet Explorer 5.01 and 6 might allow remote attackers to execute arbitrary code via an FTP server response of a specific length that causes a terminating null byte to be written outside of a buffer, which causes heap corruption." }, { "lang": "es", "value": "El c\u00f3digo del cliente FTP wininet.dll en Microsoft Internet Explorer 5.01 y 6 podr\u00eda permitir a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n mediante una respuesta FTP del servidor de una longitud espec\u00edfica que provoca que el byte nulo de terminaci\u00f3n sea escrito fuera del b\u00fafer, lo cual provoca la corrupci\u00f3n de la pila." } ], "id": "CVE-2007-0217", "lastModified": "2024-11-21T00:25:16.220", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2007-02-13T22:28:00.000", "references": [ { "source": "secure@microsoft.com", "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=473" }, { "source": "secure@microsoft.com", "url": "http://secunia.com/advisories/24156" }, { "source": "secure@microsoft.com", "tags": [ "US Government Resource" ], "url": "http://www.kb.cert.org/vuls/id/613564" }, { "source": "secure@microsoft.com", "url": "http://www.osvdb.org/31892" }, { "source": "secure@microsoft.com", "url": "http://www.securityfocus.com/archive/1/462303/100/0/threaded" }, { "source": "secure@microsoft.com", "url": "http://www.securityfocus.com/bid/22489" }, { "source": "secure@microsoft.com", "url": "http://www.securitytracker.com/id?1017642" }, { "source": "secure@microsoft.com", "tags": [ "US Government Resource" ], "url": "http://www.us-cert.gov/cas/techalerts/TA07-044A.html" }, { "source": "secure@microsoft.com", "url": "http://www.vupen.com/english/advisories/2007/0584" }, { "source": "secure@microsoft.com", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-016" }, { "source": "secure@microsoft.com", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1141" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=473" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/24156" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "US Government Resource" ], "url": "http://www.kb.cert.org/vuls/id/613564" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.osvdb.org/31892" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/462303/100/0/threaded" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/22489" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id?1017642" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "US Government Resource" ], "url": "http://www.us-cert.gov/cas/techalerts/TA07-044A.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2007/0584" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-016" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1141" } ], "sourceIdentifier": "secure@microsoft.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
1999-05-20 04:00
Modified
2024-11-20 23:29
Severity ?
Summary
Buffer overflow in Remote Access Service (RAS) client allows an attacker to execute commands or cause a denial of service via a malformed phonebook entry.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
microsoft | windows_2000 | * | |
microsoft | windows_nt | * | |
microsoft | windows_nt | 4.0 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:microsoft:windows_2000:*:*:*:*:*:*:*:*", "matchCriteriaId": "4E545C63-FE9C-4CA1-AF0F-D999D84D2AFD", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_nt:*:*:*:*:*:*:*:*", "matchCriteriaId": "ED27882B-A02A-4D5F-9117-A47976C676E0", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_nt:4.0:*:*:*:*:*:*:*", "matchCriteriaId": "E53CDA8E-50A8-4509-B070-CCA5604FFB21", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Buffer overflow in Remote Access Service (RAS) client allows an attacker to execute commands or cause a denial of service via a malformed phonebook entry." } ], "id": "CVE-1999-0715", "lastModified": "2024-11-20T23:29:17.997", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 3.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": true, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "1999-05-20T04:00:00.000", "references": [ { "source": "cve@mitre.org", "url": "http://support.microsoft.com/default.aspx?scid=kb%3B%5BLN%5D%3BQ230677" }, { "source": "cve@mitre.org", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/1999/ms99-016" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://support.microsoft.com/default.aspx?scid=kb%3B%5BLN%5D%3BQ230677" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/1999/ms99-016" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2001-05-24 04:00
Modified
2024-11-20 23:37
Severity ?
Summary
Windows 2000 allows local users to cause a denial of service and possibly gain privileges by setting a hardware breakpoint that is handled using global debug registers, which could cause other processes to terminate due to an exception, and allow hijacking of resources such as named pipes.
References
▼ | URL | Tags | |
---|---|---|---|
cve@mitre.org | http://archives.neohapsis.com/archives/bugtraq/2001-05/0232.html | ||
cve@mitre.org | http://www.iss.net/security_center/static/6590.php | Patch, Vendor Advisory | |
cve@mitre.org | http://www.securityfocus.com/bid/2764 | Exploit, Patch, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://archives.neohapsis.com/archives/bugtraq/2001-05/0232.html | ||
af854a3a-2127-422b-91ae-364da2661108 | http://www.iss.net/security_center/static/6590.php | Patch, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/2764 | Exploit, Patch, Vendor Advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
microsoft | windows_2000 | * | |
microsoft | windows_2000 | * |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:microsoft:windows_2000:*:*:*:*:*:*:*:*", "matchCriteriaId": "4E545C63-FE9C-4CA1-AF0F-D999D84D2AFD", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_2000:*:sp1:*:*:*:*:*:*", "matchCriteriaId": "294EBA01-147B-4DA0-937E-ACBB655EDE53", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Windows 2000 allows local users to cause a denial of service and possibly gain privileges by setting a hardware breakpoint that is handled using global debug registers, which could cause other processes to terminate due to an exception, and allow hijacking of resources such as named pipes." } ], "id": "CVE-2001-1347", "lastModified": "2024-11-20T23:37:28.477", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 3.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": true, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2001-05-24T04:00:00.000", "references": [ { "source": "cve@mitre.org", "url": "http://archives.neohapsis.com/archives/bugtraq/2001-05/0232.html" }, { "source": "cve@mitre.org", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.iss.net/security_center/static/6590.php" }, { "source": "cve@mitre.org", "tags": [ "Exploit", "Patch", "Vendor Advisory" ], "url": "http://www.securityfocus.com/bid/2764" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://archives.neohapsis.com/archives/bugtraq/2001-05/0232.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.iss.net/security_center/static/6590.php" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit", "Patch", "Vendor Advisory" ], "url": "http://www.securityfocus.com/bid/2764" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2009-07-15 15:30
Modified
2024-11-21 01:02
Severity ?
Summary
The QuickTime Movie Parser Filter in quartz.dll in DirectShow in Microsoft DirectX 7.0 through 9.0c on Windows 2000 SP4, Windows XP SP2 and SP3, and Windows Server 2003 SP2 does not properly validate unspecified size fields in QuickTime media files, which allows remote attackers to execute arbitrary code via a crafted file, aka "DirectX Size Validation Vulnerability."
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
microsoft | directx | 7.0 | |
microsoft | windows_2000 | - | |
microsoft | directx | 8.1 | |
microsoft | windows_2000 | - | |
microsoft | directx | 9.0 | |
microsoft | windows_2000 | - | |
microsoft | windows_server_2003 | * | |
microsoft | windows_xp | - | |
microsoft | windows_xp | - | |
microsoft | windows_xp | - |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:directx:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "2BFE77B9-6C2A-45D3-A4B5-2679CC4B0DA2", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:o:microsoft:windows_2000:-:sp4:*:*:*:*:*:*", "matchCriteriaId": "CA2CBE65-F4B6-49AF-983C-D3CF6C172CC5", "vulnerable": true } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:directx:8.1:*:*:*:*:*:*:*", "matchCriteriaId": "8FF0278F-AFA7-48BA-8762-5569EC174AEE", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:o:microsoft:windows_2000:-:sp4:*:*:*:*:*:*", "matchCriteriaId": "CA2CBE65-F4B6-49AF-983C-D3CF6C172CC5", "vulnerable": true } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:directx:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "2936E9C2-65E6-4D26-A277-FF2AE13A3FEC", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:o:microsoft:windows_2000:-:sp4:*:*:*:*:*:*", "matchCriteriaId": "CA2CBE65-F4B6-49AF-983C-D3CF6C172CC5", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_server_2003:*:sp2:*:*:*:*:*:*", "matchCriteriaId": "4D3B5E4F-56A6-4696-BBB4-19DF3613D020", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_xp:-:sp2:*:*:*:*:*:*", "matchCriteriaId": "34DF3B5E-F17F-49B4-9DC8-06749F3C9CC3", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_xp:-:sp2:x64:*:*:*:*:*", "matchCriteriaId": "FFAC3F90-77BF-4F56-A89B-8A3D2D1FC6D6", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_xp:-:sp3:*:*:*:*:*:*", "matchCriteriaId": "C9392D35-7BF5-48E9-879B-BBDE9A9E9AB9", "vulnerable": true } ], "negate": false, "operator": "OR" } ], "operator": "AND" } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "The QuickTime Movie Parser Filter in quartz.dll in DirectShow in Microsoft DirectX 7.0 through 9.0c on Windows 2000 SP4, Windows XP SP2 and SP3, and Windows Server 2003 SP2 does not properly validate unspecified size fields in QuickTime media files, which allows remote attackers to execute arbitrary code via a crafted file, aka \"DirectX Size Validation Vulnerability.\"" }, { "lang": "es", "value": "EL QuickTime Movie Parser Filter en quartz.dll en DirectShow en Microsoft DirectX v7.0 a la v9.0c sobre Windows 2000 SP4, Windows XP SP2 y SP3, y Windows Server 2003 SP2, no valida adecuadamente el tama\u00f1o sin especificar de los campos en los archivos \"Quicktime media\", lo que permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de un archivo manipulado, tambi\u00e9n conocido como \"Vulnerabilidad de validaci\u00f3n de tama\u00f1o en DirectX\"." } ], "id": "CVE-2009-1539", "lastModified": "2024-11-21T01:02:44.150", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0" }, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true } ] }, "published": "2009-07-15T15:30:01.407", "references": [ { "source": "secure@microsoft.com", "url": "http://osvdb.org/55845" }, { "source": "secure@microsoft.com", "tags": [ "US Government Resource" ], "url": "http://www.us-cert.gov/cas/techalerts/TA09-195A.html" }, { "source": "secure@microsoft.com", "url": "http://www.vupen.com/english/advisories/2009/1886" }, { "source": "secure@microsoft.com", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-028" }, { "source": "secure@microsoft.com", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6341" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://osvdb.org/55845" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "US Government Resource" ], "url": "http://www.us-cert.gov/cas/techalerts/TA09-195A.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2009/1886" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-028" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6341" } ], "sourceIdentifier": "secure@microsoft.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-94" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
1999-01-05 05:00
Modified
2024-11-20 23:28
Severity ?
Summary
The cryptographic challenge of SMB authentication in Windows 95 and Windows 98 can be reused, allowing an attacker to replay the response and impersonate a user.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
microsoft | terminal_server | * | |
microsoft | windows_2000 | * | |
microsoft | windows_nt | 3.5.1 | |
microsoft | windows_nt | 3.5.1 | |
microsoft | windows_nt | 3.5.1 | |
microsoft | windows_nt | 3.5.1 | |
microsoft | windows_nt | 3.5.1 | |
microsoft | windows_nt | 4.0 | |
microsoft | windows_nt | 4.0 | |
microsoft | windows_nt | 4.0 | |
microsoft | windows_nt | 4.0 | |
microsoft | windows_nt | 4.0 | |
microsoft | windows_nt | 4.0 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:terminal_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "40242161-D5AD-4314-AB95-E61292C49DF2", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:microsoft:windows_2000:*:*:*:*:*:*:*:*", "matchCriteriaId": "4E545C63-FE9C-4CA1-AF0F-D999D84D2AFD", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_nt:3.5.1:sp1:*:*:*:*:*:*", "matchCriteriaId": "EF8BECF6-3C33-4D8C-B54E-A0D2F3295E81", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_nt:3.5.1:sp2:*:*:*:*:*:*", "matchCriteriaId": "828B4519-24D8-45A7-8448-D5FF6C83A2C3", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_nt:3.5.1:sp3:*:*:*:*:*:*", "matchCriteriaId": "F495AF7A-CC31-4045-BACC-902950C80ABF", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_nt:3.5.1:sp4:*:*:*:*:*:*", "matchCriteriaId": "68DFA54C-3DB9-4A94-A446-CF28671FE4F6", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_nt:3.5.1:sp5:*:*:*:*:*:*", "matchCriteriaId": "55A2AC4C-6B85-4B60-BFE1-C9588C5973B0", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_nt:4.0:*:*:*:*:*:*:*", "matchCriteriaId": "E53CDA8E-50A8-4509-B070-CCA5604FFB21", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_nt:4.0:sp1:*:*:*:*:*:*", "matchCriteriaId": "5BDCBCB8-DAA3-465F-ADDE-9143B8251989", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_nt:4.0:sp2:*:*:*:*:*:*", "matchCriteriaId": "B86E0671-ED68-4549-B3AC-FD8BD79B0860", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_nt:4.0:sp3:*:*:*:*:*:*", "matchCriteriaId": "BB76E7EC-C396-4537-9065-4E815DA7097C", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_nt:4.0:sp4:*:*:*:*:*:*", "matchCriteriaId": "4CD026E2-B073-40A6-AD4A-8C76B9169B01", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_nt:4.0:sp5:*:*:*:*:*:*", "matchCriteriaId": "DBFB3E49-3FB5-4947-856D-727CBFFBA543", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "The cryptographic challenge of SMB authentication in Windows 95 and Windows 98 can be reused, allowing an attacker to replay the response and impersonate a user." } ], "id": "CVE-1999-0391", "lastModified": "2024-11-20T23:28:37.747", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": true, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "1999-01-05T05:00:00.000", "references": [ { "source": "cve@mitre.org", "url": "https://marc.info/?l=bugtraq\u0026m=91552769809542\u0026w=2" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://marc.info/?l=bugtraq\u0026m=91552769809542\u0026w=2" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2004-06-01 04:00
Modified
2024-11-20 23:47
Severity ?
Summary
The Microsoft Secure Sockets Layer (SSL) library, as used in Windows 2000, Windows XP, and Windows Server 2003, allows remote attackers to cause a denial of service via malformed SSL messages.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
microsoft | windows_2000 | * | |
microsoft | windows_2003_server | r2 | |
microsoft | windows_xp | * |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:microsoft:windows_2000:*:*:*:*:*:*:*:*", "matchCriteriaId": "4E545C63-FE9C-4CA1-AF0F-D999D84D2AFD", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_2003_server:r2:*:*:*:*:*:*:*", "matchCriteriaId": "4E7FD818-322D-4089-A644-360C33943D29", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_xp:*:gold:*:*:*:*:*:*", "matchCriteriaId": "580B0C9B-DD85-40FA-9D37-BAC0C96D57FC", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "The Microsoft Secure Sockets Layer (SSL) library, as used in Windows 2000, Windows XP, and Windows Server 2003, allows remote attackers to cause a denial of service via malformed SSL messages." }, { "lang": "es", "value": "La librer\u00eda Microsoft Secure Sockets Layer (SSL), usada en Windows 2000, Windows XP y Windows Server 2003, permite a atacantes remotos causar una denegaci\u00f3n de servicio mediante mensajes SSL malformados." } ], "id": "CVE-2004-0120", "lastModified": "2024-11-20T23:47:48.833", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2004-06-01T04:00:00.000", "references": [ { "source": "cve@mitre.org", "url": "http://www.ciac.org/ciac/bulletins/o-114.shtml" }, { "source": "cve@mitre.org", "tags": [ "Patch", "Third Party Advisory", "US Government Resource" ], "url": "http://www.kb.cert.org/vuls/id/150236" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/10115" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory", "US Government Resource" ], "url": "http://www.us-cert.gov/cas/techalerts/TA04-104A.html" }, { "source": "cve@mitre.org", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-011" }, { "source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15712" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A885" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A886" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A892" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.ciac.org/ciac/bulletins/o-114.shtml" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Third Party Advisory", "US Government Resource" ], "url": "http://www.kb.cert.org/vuls/id/150236" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/10115" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory", "US Government Resource" ], "url": "http://www.us-cert.gov/cas/techalerts/TA04-104A.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-011" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15712" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A885" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A886" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A892" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2001-09-20 04:00
Modified
2024-11-20 23:35
Severity ?
Summary
Vulnerabilities in RPC servers in (1) Microsoft Exchange Server 2000 and earlier, (2) Microsoft SQL Server 2000 and earlier, (3) Windows NT 4.0, and (4) Windows 2000 allow remote attackers to cause a denial of service via malformed inputs.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
microsoft | exchange_server | 5.0 | |
microsoft | exchange_server | 5.5 | |
microsoft | exchange_server | 2000 | |
microsoft | sql_server | 7.0 | |
microsoft | sql_server | 2000 | |
microsoft | windows_nt | 4.0 | |
microsoft | windows_2000 | - | |
microsoft | windows_2000 | * | |
microsoft | windows_nt | 4.0 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:exchange_server:5.0:-:*:*:*:*:*:*", "matchCriteriaId": "D823C88E-8560-469B-8655-4755E0484F14", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:exchange_server:5.5:-:*:*:*:*:*:*", "matchCriteriaId": "B4F9C143-4734-4E5D-9281-F51513C5CAAF", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:exchange_server:2000:-:*:*:*:*:*:*", "matchCriteriaId": "FF429469-1B63-4BF3-A59F-F8180226BB6D", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:sql_server:7.0:-:*:*:*:*:*:*", "matchCriteriaId": "EFD9D0A0-5403-4C8F-8614-2F7F2703C454", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:sql_server:2000:-:*:*:*:*:*:*", "matchCriteriaId": "1EBF27CA-A9DC-4539-ABE9-DC59D63572E6", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:windows_nt:4.0:*:*:*:*:*:*:*", "matchCriteriaId": "8EBF51EB-AE3F-48AA-8AA9-99884F91CC76", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_2000:-:-:*:*:*:*:*:*", "matchCriteriaId": "EAA6977C-182F-4537-9140-7F33AC027C39", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:microsoft:windows_2000:*:*:*:*:*:*:*:*", "matchCriteriaId": "4E545C63-FE9C-4CA1-AF0F-D999D84D2AFD", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_nt:4.0:*:*:*:*:*:*:*", "matchCriteriaId": "E53CDA8E-50A8-4509-B070-CCA5604FFB21", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Vulnerabilities in RPC servers in (1) Microsoft Exchange Server 2000 and earlier, (2) Microsoft SQL Server 2000 and earlier, (3) Windows NT 4.0, and (4) Windows 2000 allow remote attackers to cause a denial of service via malformed inputs." } ], "id": "CVE-2001-0509", "lastModified": "2024-11-20T23:35:32.467", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2001-09-20T04:00:00.000", "references": [ { "source": "cve@mitre.org", "tags": [ "Patch", "Vendor Advisory" ], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-041" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A82" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-041" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A82" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-20" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2007-07-10 22:30
Modified
2024-11-21 00:24
Severity ?
Summary
The LDAP service in Windows Active Directory in Microsoft Windows 2000 Server SP4, Server 2003 SP1 and SP2, Server 2003 x64 Edition and SP2, and Server 2003 for Itanium-based Systems SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted LDAP request with an unspecified number of "convertible attributes."
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
microsoft | windows_2000 | * | |
microsoft | windows_2003_server | * | |
microsoft | windows_2003_server | * | |
microsoft | windows_2003_server | * | |
microsoft | windows_2003_server | * | |
microsoft | windows_2003_server | * |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*", "matchCriteriaId": "83E7C4A0-78CF-4B56-82BF-EC932BDD8ADF", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_2003_server:*:*:x64:*:*:*:*:*", "matchCriteriaId": "CD264C73-360E-414D-BE22-192F92E5A0A3", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_2003_server:*:sp1:*:*:*:*:*:*", "matchCriteriaId": "FE8F4276-4D97-480D-A542-FE9982FFD765", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_2003_server:*:sp1:itanium:*:*:*:*:*", "matchCriteriaId": "972ADDBC-5D6E-48D5-9DB7-44FE0539807D", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_2003_server:*:sp2:*:*:*:*:*:*", "matchCriteriaId": "2978BF86-5A1A-438E-B81F-F360D0E30C9C", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_2003_server:*:sp2:x64:*:*:*:*:*", "matchCriteriaId": "6881476D-81A2-4DFD-AC77-82A8D08A0568", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "The LDAP service in Windows Active Directory in Microsoft Windows 2000 Server SP4, Server 2003 SP1 and SP2, Server 2003 x64 Edition and SP2, and Server 2003 for Itanium-based Systems SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted LDAP request with an unspecified number of \"convertible attributes.\"" }, { "lang": "es", "value": "El servicio LDAP en Windows Active Directory de Microsoft Windows 2000 Server SP4, Server 2003 SP1 y SP2, Server 2003 x64 Edition y SP2, y Server 2003 para Sistemas Itanium SP1 y SP2 permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n mediante una petici\u00f3n LDAP con un n\u00famero no especificado de \"atributos convertibles\"." } ], "id": "CVE-2007-0040", "lastModified": "2024-11-21T00:24:49.573", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2007-07-10T22:30:00.000", "references": [ { "source": "secure@microsoft.com", "url": "http://archive.cert.uni-stuttgart.de/bugtraq/2007/07/msg00254.html" }, { "source": "secure@microsoft.com", "url": "http://osvdb.org/35960" }, { "source": "secure@microsoft.com", "url": "http://secunia.com/advisories/26002" }, { "source": "secure@microsoft.com", "url": "http://www.iss.net/threats/267.html" }, { "source": "secure@microsoft.com", "tags": [ "US Government Resource" ], "url": "http://www.kb.cert.org/vuls/id/487905" }, { "source": "secure@microsoft.com", "url": "http://www.securityfocus.com/bid/24800" }, { "source": "secure@microsoft.com", "url": "http://www.securitytracker.com/id?1018355" }, { "source": "secure@microsoft.com", "tags": [ "US Government Resource" ], "url": "http://www.us-cert.gov/cas/techalerts/TA07-191A.html" }, { "source": "secure@microsoft.com", "url": "http://www.vupen.com/english/advisories/2007/2481" }, { "source": "secure@microsoft.com", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-039" }, { "source": "secure@microsoft.com", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2012" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://archive.cert.uni-stuttgart.de/bugtraq/2007/07/msg00254.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://osvdb.org/35960" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/26002" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.iss.net/threats/267.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "US Government Resource" ], "url": "http://www.kb.cert.org/vuls/id/487905" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/24800" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id?1018355" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "US Government Resource" ], "url": "http://www.us-cert.gov/cas/techalerts/TA07-191A.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2007/2481" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-039" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2012" } ], "sourceIdentifier": "secure@microsoft.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2009-06-10 18:00
Modified
2024-11-21 01:00
Severity ?
Summary
The RPC Marshalling Engine (aka NDR) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 does not properly maintain its internal state, which allows remote attackers to overwrite arbitrary memory locations via a crafted RPC message that triggers incorrect pointer reading, related to "IDL interfaces containing a non-conformant varying array" and FC_SMVARRAY, FC_LGVARRAY, FC_VARIABLE_REPEAT, and FC_VARIABLE_OFFSET, aka "RPC Marshalling Engine Vulnerability."
References
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*", "matchCriteriaId": "83E7C4A0-78CF-4B56-82BF-EC932BDD8ADF", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_2003_server:*:sp2:*:*:*:*:*:*", "matchCriteriaId": "2978BF86-5A1A-438E-B81F-F360D0E30C9C", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_2003_server:*:sp2:*:*:*:*:itanium:*", "matchCriteriaId": "39F303CD-DB64-4FE6-AB4F-461E5E8AFB83", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_2003_server:*:sp2:*:*:*:*:x64:*", "matchCriteriaId": "17804445-2C63-4381-A721-7F3BB3DC645F", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_server:2008:*:*:*:*:*:itanium:*", "matchCriteriaId": "EF19CAA4-DAF7-4237-9F1F-153E28E19A01", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_server:2008:*:sp2:*:*:*:itanium:*", "matchCriteriaId": "E8C46066-5DDF-4FB1-8EEC-CDFA8D588DB6", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_server_2008:*:*:*:*:*:*:x64:*", "matchCriteriaId": "BAB70FD5-09F3-4215-99C4-299EDE8D26DB", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_server_2008:*:*:*:*:*:*:x86:*", "matchCriteriaId": "283F5DF4-B68A-4C1D-822A-1C0EB67C2C35", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_server_2008:*:sp2:*:*:*:*:x64:*", "matchCriteriaId": "F8216946-5F76-48B9-91CC-207F657D7D3C", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_server_2008:*:sp2:*:*:*:*:x86:*", "matchCriteriaId": "B36BFDA7-596B-45EA-AACE-F8A796CECDBB", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_vista:*:*:*:*:*:*:*:*", "matchCriteriaId": "3852BB02-47A1-40B3-8E32-8D8891A53114", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_vista:*:*:*:*:*:*:x64:*", "matchCriteriaId": "06E7E0F7-AA6F-477C-AAA7-C0419CD2F3BC", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_vista:*:sp1:*:*:*:*:*:*", "matchCriteriaId": "C162FFF0-1E8F-4DCF-A08F-6C6E324ED878", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_vista:*:sp2:*:*:*:*:*:*", "matchCriteriaId": "0A0D2704-C058-420B-B368-372D1129E914", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_vista:-:*:*:*:*:*:*:*", "matchCriteriaId": "7CAEEA81-5037-4B68-98D9-83AAEBC98E20", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*", "matchCriteriaId": "9B339C33-8896-4896-88FF-88E74FDBC543", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:x64:*", "matchCriteriaId": "ABBA5D64-4184-4420-B7D0-A4E41359AA5A", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp3:*:*:*:*:*:*", "matchCriteriaId": "CE477A73-4EE4-41E9-8694-5A3D5DC88656", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "The RPC Marshalling Engine (aka NDR) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 does not properly maintain its internal state, which allows remote attackers to overwrite arbitrary memory locations via a crafted RPC message that triggers incorrect pointer reading, related to \"IDL interfaces containing a non-conformant varying array\" and FC_SMVARRAY, FC_LGVARRAY, FC_VARIABLE_REPEAT, and FC_VARIABLE_OFFSET, aka \"RPC Marshalling Engine Vulnerability.\"" }, { "lang": "es", "value": "El motor RPC Marshalling (tambi\u00e9n conocido como NDR) en Microsoft Windows 2000 SP4, XP SP2 y SP3, Server 2003 SP2, Vista Gold, SP1, y SP2, y Server 2008 SP2 no mantiene de forma adecuada su estado interno, lo que permite a atacantes remotos sobrescribir posiciones de memoria de su elecci\u00f3n a trav\u00e9s de un mensaje RPC manipulado que provoca una lectura de puntero incorrecta, relativo a \"Interfaces IDL que contienen una tabla variable no conforme\" y FC_SMVARRAY, FC_LGVARRAY, FC_VARIABLE_REPEAT, y FC_VARIABLE_OFFSET, tambien conocido como \"Vulnerabilidad dl motor RPC Marshalling\"" } ], "id": "CVE-2009-0568", "lastModified": "2024-11-21T01:00:20.327", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2009-06-10T18:00:00.360", "references": [ { "source": "secure@microsoft.com", "tags": [ "Vendor Advisory" ], "url": "http://blogs.technet.com/srd/archive/2009/06/09/ms09-026-how-a-developer-can-know-if-their-rpc-interface-is-affected.aspx" }, { "source": "secure@microsoft.com", "tags": [ "Broken Link" ], "url": "http://osvdb.org/54936" }, { "source": "secure@microsoft.com", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/bid/35219" }, { "source": "secure@microsoft.com", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securitytracker.com/id?1022357" }, { "source": "secure@microsoft.com", "tags": [ "Third Party Advisory", "US Government Resource" ], "url": "http://www.us-cert.gov/cas/techalerts/TA09-160A.html" }, { "source": "secure@microsoft.com", "tags": [ "Third Party Advisory" ], "url": "http://www.vupen.com/english/advisories/2009/1545" }, { "source": "secure@microsoft.com", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-026" }, { "source": "secure@microsoft.com", "tags": [ "Third Party Advisory" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6227" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://blogs.technet.com/srd/archive/2009/06/09/ms09-026-how-a-developer-can-know-if-their-rpc-interface-is-affected.aspx" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link" ], "url": "http://osvdb.org/54936" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/bid/35219" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securitytracker.com/id?1022357" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory", "US Government Resource" ], "url": "http://www.us-cert.gov/cas/techalerts/TA09-160A.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://www.vupen.com/english/advisories/2009/1545" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-026" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6227" } ], "sourceIdentifier": "secure@microsoft.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-264" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2007-05-16 22:30
Modified
2024-11-21 00:29
Severity ?
Summary
formmail.php in Jetbox CMS 2.1 allows remote attackers to send arbitrary e-mails (spam) via modified recipient, _SETTINGS[allowed_email_hosts][], and subject parameters.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
apple | mac_os_x | * | |
hp | hp-ux | * | |
hp | tru64 | * | |
linux | linux_kernel | * | |
microsoft | windows_2000 | * | |
microsoft | windows_2003_server | * | |
microsoft | windows_95 | * | |
microsoft | windows_98 | * | |
microsoft | windows_98se | * | |
microsoft | windows_me | * | |
microsoft | windows_nt | 4.0 | |
microsoft | windows_xp | * | |
santa_cruz_operation | sco_unix | * | |
sun | solaris | * | |
windriver | bsdos | * | |
jetbox | jetbox_cms | 2.1 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*", "matchCriteriaId": "0FF5999A-9D12-4CDD-8DE9-A89C10B2D574", "vulnerable": false }, { "criteria": "cpe:2.3:o:hp:hp-ux:*:*:*:*:*:*:*:*", "matchCriteriaId": "61A4F116-1FEE-450E-99AE-6AD9ACDDE570", "vulnerable": false }, { "criteria": "cpe:2.3:o:hp:tru64:*:*:*:*:*:*:*:*", "matchCriteriaId": "1FE64F3F-48F6-493F-A81E-2B106FF73AC1", "vulnerable": false }, { "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "155AD4FB-E527-4103-BCEF-801B653DEA37", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_2000:*:*:*:*:*:*:*:*", "matchCriteriaId": "4E545C63-FE9C-4CA1-AF0F-D999D84D2AFD", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_2003_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "60EC86B8-5C8C-4873-B364-FB1F8EFE1CFF", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_95:*:*:*:*:*:*:*:*", "matchCriteriaId": "82F7322B-8022-4D0B-ADB3-D0F5B6F20309", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_98:*:gold:*:*:*:*:*:*", "matchCriteriaId": "2D3B703C-79B2-4FA2-9E12-713AB977A880", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_98se:*:*:*:*:*:*:*:*", "matchCriteriaId": "AA733AD2-D948-46A0-A063-D29081A56F1F", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_me:*:*:*:*:*:*:*:*", "matchCriteriaId": "799DA395-C7F8-477C-8BC7-5B4B88FB7503", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_nt:4.0:*:*:*:*:*:*:*", "matchCriteriaId": "E53CDA8E-50A8-4509-B070-CCA5604FFB21", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_xp:*:*:*:*:*:*:*:*", "matchCriteriaId": "E61F1C9B-44AF-4B35-A7B2-948EEF7639BD", "vulnerable": false }, { "criteria": "cpe:2.3:o:santa_cruz_operation:sco_unix:*:*:*:*:*:*:*:*", "matchCriteriaId": "ECCBDA43-9C75-4B36-8C90-EF26B8CD777D", "vulnerable": false }, { "criteria": "cpe:2.3:o:sun:solaris:*:*:*:*:*:*:*:*", "matchCriteriaId": "469B74F2-4B89-42B8-8638-731E92D463B9", "vulnerable": false }, { "criteria": "cpe:2.3:o:windriver:bsdos:*:*:*:*:*:*:*:*", "matchCriteriaId": "60ACA374-1434-4C02-8327-17BC9C000B65", "vulnerable": false } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:a:jetbox:jetbox_cms:2.1:*:*:*:*:*:*:*", "matchCriteriaId": "0916DF3D-71ED-423F-A2F4-842EE706ADDC", "vulnerable": true } ], "negate": false, "operator": "OR" } ], "operator": "AND" } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "formmail.php in Jetbox CMS 2.1 allows remote attackers to send arbitrary e-mails (spam) via modified recipient, _SETTINGS[allowed_email_hosts][], and subject parameters." }, { "lang": "es", "value": "formmail.php en Jetbox CMS 2.1 permite a atacantes remotos env\u00edar e-mails de su elecci\u00f3n a trav\u00e9s de recipientes modificados, a trav\u00e9s de los par\u00e1metros _SETTINGS[allowed_email_hosts][], y subject." } ], "id": "CVE-2007-1898", "lastModified": "2024-11-21T00:29:25.010", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0" }, "exploitabilityScore": 8.6, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2007-05-16T22:30:00.000", "references": [ { "source": "cve@mitre.org", "url": "http://securityreason.com/securityalert/2710" }, { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "http://www.netvigilance.com/advisory0026" }, { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "http://www.osvdb.org/34088" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/468644/100/0/threaded" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/23989" }, { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "http://www.securitytracker.com/id?1018063" }, { "source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2007/1831" }, { "source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34292" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securityreason.com/securityalert/2710" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://www.netvigilance.com/advisory0026" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://www.osvdb.org/34088" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/468644/100/0/threaded" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/23989" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://www.securitytracker.com/id?1018063" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2007/1831" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34292" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2002-03-08 05:00
Modified
2024-11-20 23:38
Severity ?
Summary
SMTP service in (1) Microsoft Windows 2000 and (2) Internet Mail Connector (IMC) in Exchange Server 5.5 does not properly handle responses to NTLM authentication, which allows remote attackers to perform mail relaying via an SMTP AUTH command using null session credentials.
References
▼ | URL | Tags | |
---|---|---|---|
cve@mitre.org | http://marc.info/?l=bugtraq&m=101501580409373&w=2 | Mailing List, Third Party Advisory | |
cve@mitre.org | http://www.securityfocus.com/bid/4205 | Patch, Third Party Advisory, VDB Entry | |
cve@mitre.org | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-011 | Patch, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://marc.info/?l=bugtraq&m=101501580409373&w=2 | Mailing List, Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/4205 | Patch, Third Party Advisory, VDB Entry | |
af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-011 | Patch, Vendor Advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
microsoft | exchange_server | 5.5 | |
microsoft | exchange_server | 5.5 | |
microsoft | exchange_server | 5.5 | |
microsoft | exchange_server | 5.5 | |
microsoft | exchange_server | 5.5 | |
microsoft | windows_2000 | - | |
microsoft | windows_2000 | - | |
microsoft | windows_2000 | - |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:exchange_server:5.5:-:*:*:*:*:*:*", "matchCriteriaId": "B4F9C143-4734-4E5D-9281-F51513C5CAAF", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:exchange_server:5.5:sp1:*:*:*:*:*:*", "matchCriteriaId": "AD3E2F18-A369-4767-ACEF-38DB40EEC6D4", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:exchange_server:5.5:sp2:*:*:*:*:*:*", "matchCriteriaId": "EC01670D-4550-4034-86A5-7879B6334241", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:exchange_server:5.5:sp3:*:*:*:*:*:*", "matchCriteriaId": "B80A57A1-7B9F-4C07-ADAA-DBC4687F1EFC", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:exchange_server:5.5:sp4:*:*:*:*:*:*", "matchCriteriaId": "E3983529-F4E3-4883-97AF-5BFC87AC3E86", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:microsoft:windows_2000:-:*:*:*:*:*:*:*", "matchCriteriaId": "685F1981-EA61-4A00-89F8-A748A88962F8", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_2000:-:sp1:*:*:*:*:*:*", "matchCriteriaId": "A23A90DA-6E38-4479-926A-BD29F438F602", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_2000:-:sp2:*:*:*:*:*:*", "matchCriteriaId": "FF99A17F-9469-4937-A23B-FD5C8B37087B", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "SMTP service in (1) Microsoft Windows 2000 and (2) Internet Mail Connector (IMC) in Exchange Server 5.5 does not properly handle responses to NTLM authentication, which allows remote attackers to perform mail relaying via an SMTP AUTH command using null session credentials." }, { "lang": "es", "value": "El servicio SMTP enMicrosoft Windows 2000 y Internet Mail Connector (IMC) en Exchange Server 5.5no maneja adecuadamente respuestas a autenticaci\u00f3n NTLM, lo que permite a atacantes remotos hacer reenv\u00edo de correo mediante el servidor." } ], "id": "CVE-2002-0054", "lastModified": "2024-11-20T23:38:11.507", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": true, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2002-03-08T05:00:00.000", "references": [ { "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://marc.info/?l=bugtraq\u0026m=101501580409373\u0026w=2" }, { "source": "cve@mitre.org", "tags": [ "Patch", "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/bid/4205" }, { "source": "cve@mitre.org", "tags": [ "Patch", "Vendor Advisory" ], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-011" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://marc.info/?l=bugtraq\u0026m=101501580409373\u0026w=2" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/bid/4205" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-011" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-294" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2002-03-08 05:00
Modified
2024-11-20 23:38
Severity ?
Summary
SMTP service in Microsoft Windows 2000, Windows XP Professional, and Exchange 2000 allows remote attackers to cause a denial of service via a command with a malformed data transfer (BDAT) request.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
microsoft | exchange_server | 2000 | |
microsoft | exchange_server | 2000 | |
microsoft | exchange_server | 2000 | |
microsoft | windows_2000 | - | |
microsoft | windows_2000 | - | |
microsoft | windows_2000 | - | |
microsoft | windows_xp | * |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:exchange_server:2000:-:*:*:*:*:*:*", "matchCriteriaId": "FF429469-1B63-4BF3-A59F-F8180226BB6D", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:exchange_server:2000:sp1:*:*:*:*:*:*", "matchCriteriaId": "34300FD4-EC3B-4206-B6C0-1345F17EC5EA", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:exchange_server:2000:sp2:*:*:*:*:*:*", "matchCriteriaId": "47132D0D-7691-40A3-A4BF-37D2ACE580C3", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:microsoft:windows_2000:-:*:*:*:*:*:*:*", "matchCriteriaId": "685F1981-EA61-4A00-89F8-A748A88962F8", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_2000:-:sp1:*:*:*:*:*:*", "matchCriteriaId": "A23A90DA-6E38-4479-926A-BD29F438F602", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_2000:-:sp2:*:*:*:*:*:*", "matchCriteriaId": "FF99A17F-9469-4937-A23B-FD5C8B37087B", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_xp:*:gold:*:*:professional:*:*:*", "matchCriteriaId": "1D003AE4-9788-46EB-9D0E-2B20F11BAC64", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "SMTP service in Microsoft Windows 2000, Windows XP Professional, and Exchange 2000 allows remote attackers to cause a denial of service via a command with a malformed data transfer (BDAT) request." }, { "lang": "es", "value": "El servicio SMTP en Windows 2000/XP Professional y Exchange 2000 permite a atacantes remotos provocar denegaci\u00f3n de servico mediante un comando con una petici\u00f3n transferencia de datos malformada." } ], "id": "CVE-2002-0055", "lastModified": "2024-11-20T23:38:11.667", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2002-03-08T05:00:00.000", "references": [ { "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://marc.info/?l=bugtraq\u0026m=101558498401274\u0026w=2" }, { "source": "cve@mitre.org", "tags": [ "Broken Link" ], "url": "http://www.iss.net/security_center/static/8307.php" }, { "source": "cve@mitre.org", "tags": [ "Patch", "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/bid/4204" }, { "source": "cve@mitre.org", "tags": [ "Patch", "Vendor Advisory" ], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-012" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A30" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://marc.info/?l=bugtraq\u0026m=101558498401274\u0026w=2" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link" ], "url": "http://www.iss.net/security_center/static/8307.php" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/bid/4204" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-012" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A30" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-669" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2006-09-19 19:07
Modified
2024-11-21 00:16
Severity ?
Summary
Stack-based buffer overflow in the Vector Graphics Rendering engine (vgx.dll), as used in Microsoft Outlook and Internet Explorer 6.0 on Windows XP SP2, and possibly other versions, allows remote attackers to execute arbitrary code via a Vector Markup Language (VML) file with a long fill parameter within a rect tag.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
microsoft | windows_2000 | * | |
microsoft | windows_2003_server | * | |
microsoft | windows_2003_server | * | |
microsoft | windows_2003_server | * | |
microsoft | windows_2003_server | * | |
microsoft | windows_2003_server | * | |
microsoft | windows_xp | * | |
microsoft | windows_xp | * | |
microsoft | windows_xp | * | |
microsoft | internet_explorer | 6.0 | |
microsoft | outlook | 2003 | |
microsoft | windows_2000 | * | |
microsoft | internet_explorer | 5.0.1 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*", "matchCriteriaId": "83E7C4A0-78CF-4B56-82BF-EC932BDD8ADF", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_2003_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "60EC86B8-5C8C-4873-B364-FB1F8EFE1CFF", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_2003_server:*:*:itanium:*:*:*:*:*", "matchCriteriaId": "580632FB-7EB8-4DC6-A372-742D4523BF79", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_2003_server:*:*:x64:*:*:*:*:*", "matchCriteriaId": "CD264C73-360E-414D-BE22-192F92E5A0A3", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_2003_server:*:gold:*:*:*:*:*:*", "matchCriteriaId": "6F3C557A-71D8-47F9-9E12-CE938F301E66", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_2003_server:*:sp1:*:*:*:*:*:*", "matchCriteriaId": "FE8F4276-4D97-480D-A542-FE9982FFD765", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_xp:*:*:*:*:*:*:*:*", "matchCriteriaId": "E61F1C9B-44AF-4B35-A7B2-948EEF7639BD", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp1:*:*:*:*:*:*", "matchCriteriaId": "A74985B6-BCA5-49E3-878B-77D7FA43070C", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*", "matchCriteriaId": "9B339C33-8896-4896-88FF-88E74FDBC543", "vulnerable": false } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "A19F6133-25D1-44A5-B6B9-354703436783", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:outlook:2003:*:*:*:*:*:*:*", "matchCriteriaId": "C3189982-F780-4AC2-9663-E6D4DF9DD319", "vulnerable": true } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*", "matchCriteriaId": "83E7C4A0-78CF-4B56-82BF-EC932BDD8ADF", "vulnerable": false } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp4:*:*:*:*:*:*", "matchCriteriaId": "2EB39B99-91A0-4B70-B12A-BA37F6AFBA83", "vulnerable": true } ], "negate": false, "operator": "OR" } ], "operator": "AND" } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Stack-based buffer overflow in the Vector Graphics Rendering engine (vgx.dll), as used in Microsoft Outlook and Internet Explorer 6.0 on Windows XP SP2, and possibly other versions, allows remote attackers to execute arbitrary code via a Vector Markup Language (VML) file with a long fill parameter within a rect tag." }, { "lang": "es", "value": "Desbordamiento de b\u00fafer basado en el motor Vector Graphics Rendering (vgx.dll), tal y como se usa en Microsoft Outlook e Internet Explorer 6.0 en Windows XP SP2 y posiblemente otras versiones permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n mediante un fichero Vector Markup Language (VML) con un par\u00e1metro \"fill\" largo dentro de una etiqueta \"rect\"." } ], "id": "CVE-2006-4868", "lastModified": "2024-11-21T00:16:56.087", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0" }, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true } ] }, "published": "2006-09-19T19:07:00.000", "references": [ { "source": "cve@mitre.org", "url": "http://blogs.securiteam.com/index.php/archives/624" }, { "source": "cve@mitre.org", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://secunia.com/advisories/21989" }, { "source": "cve@mitre.org", "url": "http://securitytracker.com/id?1016879" }, { "source": "cve@mitre.org", "url": "http://sunbeltblog.blogspot.com/2006/09/seen-in-wild-zero-day-exploit-being.html" }, { "source": "cve@mitre.org", "url": "http://support.microsoft.com/kb/925486" }, { "source": "cve@mitre.org", "tags": [ "US Government Resource" ], "url": "http://www.kb.cert.org/vuls/id/416092" }, { "source": "cve@mitre.org", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.microsoft.com/technet/security/advisory/925568.mspx" }, { "source": "cve@mitre.org", "url": "http://www.osvdb.org/28946" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/446378/100/0/threaded" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/446505/100/0/threaded" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/446523/100/0/threaded" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/446528/100/0/threaded" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/446881/100/200/threaded" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/447070/100/0/threaded" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/448552/100/0/threaded" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/448552/100/0/threaded" }, { "source": "cve@mitre.org", "tags": [ "Exploit", "Patch" ], "url": "http://www.securityfocus.com/bid/20096" }, { "source": "cve@mitre.org", "tags": [ "Patch", "US Government Resource" ], "url": "http://www.us-cert.gov/cas/techalerts/TA06-262A.html" }, { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "http://www.vupen.com/english/advisories/2006/3679" }, { "source": "cve@mitre.org", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-055" }, { "source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29004" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://blogs.securiteam.com/index.php/archives/624" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://secunia.com/advisories/21989" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securitytracker.com/id?1016879" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://sunbeltblog.blogspot.com/2006/09/seen-in-wild-zero-day-exploit-being.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://support.microsoft.com/kb/925486" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "US Government Resource" ], "url": "http://www.kb.cert.org/vuls/id/416092" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.microsoft.com/technet/security/advisory/925568.mspx" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.osvdb.org/28946" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/446378/100/0/threaded" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/446505/100/0/threaded" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/446523/100/0/threaded" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/446528/100/0/threaded" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/446881/100/200/threaded" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/447070/100/0/threaded" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/448552/100/0/threaded" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/448552/100/0/threaded" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit", "Patch" ], "url": "http://www.securityfocus.com/bid/20096" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "US Government Resource" ], "url": "http://www.us-cert.gov/cas/techalerts/TA06-262A.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://www.vupen.com/english/advisories/2006/3679" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-055" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29004" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-119" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2008-10-15 00:12
Modified
2024-11-21 00:49
Severity ?
Summary
Microsoft Excel 2000 SP3, 2002 SP3, and 2003 SP2 and SP3 does not properly validate data in the VBA Performance Cache when processing an Office document with an embedded object, which allows remote attackers to execute arbitrary code via an Excel file containing a crafted value, leading to heap-based buffer overflows, integer overflows, array index errors, and memory corruption, aka "Calendar Object Validation Vulnerability."
References
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.01:sp4:*:*:*:*:*:*", "matchCriteriaId": "F3F2A51E-2675-4993-B9C2-F2D176A92857", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*", "matchCriteriaId": "83E7C4A0-78CF-4B56-82BF-EC932BDD8ADF", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6:*:*:*:*:*:*:*", "matchCriteriaId": "693D3C1C-E3E4-49DB-9A13-44ADDFF82507", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:o:microsoft:windows_server_2003:*:sp1:*:*:*:*:*:*", "matchCriteriaId": "DA778424-6F70-4AB6-ADD5-5D4664DFE463", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_server_2003:*:sp1:itanium:*:*:*:*:*", "matchCriteriaId": "BCE2197B-7C58-4693-B9BB-0B31EABB6B66", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_server_2003:*:sp1:x64:*:*:*:*:*", "matchCriteriaId": "8D91FC0B-92FA-4182-9B87-A462850BD510", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_server_2003:*:sp2:*:*:*:*:*:*", "matchCriteriaId": "4D3B5E4F-56A6-4696-BBB4-19DF3613D020", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_xp:*:gold:professional_x64:*:*:*:*:*", "matchCriteriaId": "74EE55A2-6020-4591-9F15-80E57D19207C", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*", "matchCriteriaId": "9B339C33-8896-4896-88FF-88E74FDBC543", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:professional_x64:*:*:*:*:*", "matchCriteriaId": "1AB9988B-5A9C-4F6D-BCCC-4D03AC6E4CF9", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp3:*:*:*:*:*:*", "matchCriteriaId": "CE477A73-4EE4-41E9-8694-5A3D5DC88656", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6:sp1:*:*:*:*:*:*", "matchCriteriaId": "D47247A3-7CD7-4D67-9D9B-A94A504DA1BE", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*", "matchCriteriaId": "83E7C4A0-78CF-4B56-82BF-EC932BDD8ADF", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:internet_explorer:7:*:*:*:*:*:*:*", "matchCriteriaId": "1A33FA7F-BB2A-4C66-B608-72997A2BD1DB", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:o:microsoft:windows_server_2003:*:sp1:*:*:*:*:*:*", "matchCriteriaId": "DA778424-6F70-4AB6-ADD5-5D4664DFE463", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_server_2003:*:sp1:itanium:*:*:*:*:*", "matchCriteriaId": "BCE2197B-7C58-4693-B9BB-0B31EABB6B66", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_server_2003:*:sp1:x64:*:*:*:*:*", "matchCriteriaId": "8D91FC0B-92FA-4182-9B87-A462850BD510", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_server_2003:*:sp2:*:*:*:*:*:*", "matchCriteriaId": "4D3B5E4F-56A6-4696-BBB4-19DF3613D020", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_server_2008:*:*:itanium:*:*:*:*:*", "matchCriteriaId": "7F6EA111-A4E6-4963-A0C8-F9336C605B6E", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_server_2008:*:*:x32:*:*:*:*:*", "matchCriteriaId": "9CFB1A97-8042-4497-A45D-C014B5E240AB", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_server_2008:*:*:x64:*:*:*:*:*", "matchCriteriaId": "7F9C7616-658D-409D-8B53-AC00DC55602A", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_vista:*:gold:*:*:*:*:*:*", "matchCriteriaId": "D34A558F-A656-43EB-AC52-C3710F77CDD8", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_vista:*:gold:x64:*:*:*:*:*", "matchCriteriaId": "F9DC56EB-EDC4-4DFE-BA9B-B17FF4A91734", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_vista:*:sp1:*:*:*:*:*:*", "matchCriteriaId": "C162FFF0-1E8F-4DCF-A08F-6C6E324ED878", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_xp:*:gold:professional_x64:*:*:*:*:*", "matchCriteriaId": "74EE55A2-6020-4591-9F15-80E57D19207C", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*", "matchCriteriaId": "9B339C33-8896-4896-88FF-88E74FDBC543", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:professional_x64:*:*:*:*:*", "matchCriteriaId": "1AB9988B-5A9C-4F6D-BCCC-4D03AC6E4CF9", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp3:*:*:*:*:*:*", "matchCriteriaId": "CE477A73-4EE4-41E9-8694-5A3D5DC88656", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Microsoft Excel 2000 SP3, 2002 SP3, and 2003 SP2 and SP3 does not properly validate data in the VBA Performance Cache when processing an Office document with an embedded object, which allows remote attackers to execute arbitrary code via an Excel file containing a crafted value, leading to heap-based buffer overflows, integer overflows, array index errors, and memory corruption, aka \"Calendar Object Validation Vulnerability.\"" }, { "lang": "es", "value": "Microsoft Excel 2000 SP3, 2002 SP3 y 2003 SP2 y SP3 no valida correctamente los datos en la cach\u00e9 VBA Performance, lo que permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n mediante un archivo Excel manipulado, tambi\u00e9n conocida como \"Calendar Object Validation Vulnerability (Vulnerabilidad de Validaci\u00f3n de Objeto Calendario)\"." } ], "id": "CVE-2008-3477", "lastModified": "2024-11-21T00:49:20.177", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0" }, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true } ] }, "published": "2008-10-15T00:12:15.880", "references": [ { "source": "secure@microsoft.com", "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=746" }, { "source": "secure@microsoft.com", "url": "http://marc.info/?l=bugtraq\u0026m=122479227205998\u0026w=2" }, { "source": "secure@microsoft.com", "url": "http://marc.info/?l=bugtraq\u0026m=122479227205998\u0026w=2" }, { "source": "secure@microsoft.com", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://secunia.com/advisories/32211" }, { "source": "secure@microsoft.com", "tags": [ "Patch" ], "url": "http://www.securityfocus.com/bid/31702" }, { "source": "secure@microsoft.com", "url": "http://www.securitytracker.com/id?1021044" }, { "source": "secure@microsoft.com", "tags": [ "US Government Resource" ], "url": "http://www.us-cert.gov/cas/techalerts/TA08-288A.html" }, { "source": "secure@microsoft.com", "url": "http://www.vupen.com/english/advisories/2008/2808" }, { "source": "secure@microsoft.com", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-057" }, { "source": "secure@microsoft.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45566" }, { "source": "secure@microsoft.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45581" }, { "source": "secure@microsoft.com", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5870" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=746" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=bugtraq\u0026m=122479227205998\u0026w=2" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=bugtraq\u0026m=122479227205998\u0026w=2" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://secunia.com/advisories/32211" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch" ], "url": "http://www.securityfocus.com/bid/31702" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id?1021044" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "US Government Resource" ], "url": "http://www.us-cert.gov/cas/techalerts/TA08-288A.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2008/2808" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-057" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45566" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45581" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5870" } ], "sourceIdentifier": "secure@microsoft.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-399" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2006-10-27 16:07
Modified
2024-11-21 00:19
Severity ?
Summary
The Execute method in the ADODB.Connection 2.7 and 2.8 ActiveX control objects (ADODB.Connection.2.7 and ADODB.Connection.2.8) in the Microsoft Data Access Components (MDAC) 2.5 SP3, 2.7 SP1, 2.8, and 2.8 SP1 does not properly track freed memory when the second argument is a BSTR, which allows remote attackers to cause a denial of service (Internet Explorer crash) and possibly execute arbitrary code via certain strings in the second and third arguments.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
microsoft | windows_2000 | * | |
microsoft | data_access_components | 2.5 | |
microsoft | windows_xp | * | |
microsoft | data_access_components | 2.8 | |
microsoft | windows_2003_server | * | |
microsoft | windows_2003_server | itanium | |
microsoft | data_access_components | 2.8 | |
microsoft | windows_2000 | * | |
microsoft | data_access_components | 2.7 | |
microsoft | windows_2000 | * | |
microsoft | data_access_components | 2.8 | |
microsoft | windows_2000 | * | |
microsoft | data_access_components | 2.8 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*", "matchCriteriaId": "83E7C4A0-78CF-4B56-82BF-EC932BDD8ADF", "vulnerable": false } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:data_access_components:2.5:sp3:*:*:*:*:*:*", "matchCriteriaId": "B901D0A6-2F68-4CAC-B985-6A2BA0A1705B", "vulnerable": true } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*", "matchCriteriaId": "9B339C33-8896-4896-88FF-88E74FDBC543", "vulnerable": false } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:data_access_components:2.8:sp1:*:*:*:*:*:*", "matchCriteriaId": "036C836C-6387-4DAC-96B2-94C979D236E8", "vulnerable": true } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:microsoft:windows_2003_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "60EC86B8-5C8C-4873-B364-FB1F8EFE1CFF", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_2003_server:itanium:*:*:*:*:*:*:*", "matchCriteriaId": "0808041A-CE1A-433A-9C2B-019097CCFB0C", "vulnerable": false } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:data_access_components:2.8:*:*:*:*:*:*:*", "matchCriteriaId": "1F233914-2763-42E8-BCB9-E0D1186783E8", "vulnerable": true } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*", "matchCriteriaId": "83E7C4A0-78CF-4B56-82BF-EC932BDD8ADF", "vulnerable": false } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:data_access_components:2.7:sp1:*:*:*:*:*:*", "matchCriteriaId": "819DDAAF-D9A3-4540-B467-2A7233D36038", "vulnerable": true } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*", "matchCriteriaId": "83E7C4A0-78CF-4B56-82BF-EC932BDD8ADF", "vulnerable": false } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:data_access_components:2.8:*:*:*:*:*:*:*", "matchCriteriaId": "1F233914-2763-42E8-BCB9-E0D1186783E8", "vulnerable": true } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*", "matchCriteriaId": "83E7C4A0-78CF-4B56-82BF-EC932BDD8ADF", "vulnerable": false } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:data_access_components:2.8:sp1:*:*:*:*:*:*", "matchCriteriaId": "036C836C-6387-4DAC-96B2-94C979D236E8", "vulnerable": true } ], "negate": false, "operator": "OR" } ], "operator": "AND" } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "The Execute method in the ADODB.Connection 2.7 and 2.8 ActiveX control objects (ADODB.Connection.2.7 and ADODB.Connection.2.8) in the Microsoft Data Access Components (MDAC) 2.5 SP3, 2.7 SP1, 2.8, and 2.8 SP1 does not properly track freed memory when the second argument is a BSTR, which allows remote attackers to cause a denial of service (Internet Explorer crash) and possibly execute arbitrary code via certain strings in the second and third arguments." }, { "lang": "es", "value": "El objeto de control ActiveX ADODB.Connection 2.7 (ADODB.Connection.2.7) permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda de Internet Explorer) mediante argumentos largos para la funci\u00f3n Execute." } ], "evaluatorImpact": "Failed exploit attempts will likely result in an application level denial-of-service condition.", "id": "CVE-2006-5559", "lastModified": "2024-11-21T00:19:43.753", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0" }, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true } ] }, "published": "2006-10-27T16:07:00.000", "references": [ { "source": "cve@mitre.org", "url": "http://blogs.technet.com/msrc/archive/2006/10/27/adodb-connection-poc-published.aspx" }, { "source": "cve@mitre.org", "tags": [ "Patch" ], "url": "http://research.eeye.com/html/alerts/zeroday/20061027.html" }, { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/22452" }, { "source": "cve@mitre.org", "tags": [ "Exploit", "Patch", "Vendor Advisory" ], "url": "http://securitytracker.com/id?1017127" }, { "source": "cve@mitre.org", "tags": [ "Patch", "US Government Resource" ], "url": "http://www.kb.cert.org/vuls/id/589272" }, { "source": "cve@mitre.org", "url": "http://www.osvdb.org/31882" }, { "source": "cve@mitre.org", "tags": [ "Exploit", "Patch" ], "url": "http://www.securityfocus.com/bid/20704" }, { "source": "cve@mitre.org", "tags": [ "US Government Resource" ], "url": "http://www.us-cert.gov/cas/techalerts/TA07-044A.html" }, { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "http://www.vupen.com/english/advisories/2007/0578" }, { "source": "cve@mitre.org", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-009" }, { "source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29837" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A214" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://blogs.technet.com/msrc/archive/2006/10/27/adodb-connection-poc-published.aspx" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch" ], "url": "http://research.eeye.com/html/alerts/zeroday/20061027.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/22452" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit", "Patch", "Vendor Advisory" ], "url": "http://securitytracker.com/id?1017127" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "US Government Resource" ], "url": "http://www.kb.cert.org/vuls/id/589272" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.osvdb.org/31882" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit", "Patch" ], "url": "http://www.securityfocus.com/bid/20704" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "US Government Resource" ], "url": "http://www.us-cert.gov/cas/techalerts/TA07-044A.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://www.vupen.com/english/advisories/2007/0578" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-009" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29837" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A214" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-20" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2000-04-20 04:00
Modified
2024-11-20 23:32
Severity ?
Summary
The Windows 2000 domain controller allows a malicious user to modify Active Directory information by modifying an unprotected attribute, aka the "Mixed Object Access" vulnerability.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
microsoft | windows_2000 | * |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:microsoft:windows_2000:*:*:*:*:*:*:*:*", "matchCriteriaId": "4E545C63-FE9C-4CA1-AF0F-D999D84D2AFD", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "The Windows 2000 domain controller allows a malicious user to modify Active Directory information by modifying an unprotected attribute, aka the \"Mixed Object Access\" vulnerability." } ], "id": "CVE-2000-0311", "lastModified": "2024-11-20T23:32:12.660", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "LOW", "cvssData": { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.1, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0" }, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2000-04-20T04:00:00.000", "references": [ { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/1145" }, { "source": "cve@mitre.org", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-026" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/1145" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-026" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
1999-06-23 04:00
Modified
2024-11-20 23:29
Severity ?
Summary
The Windows NT Client Server Runtime Subsystem (CSRSS) can be subjected to a denial of service when all worker threads are waiting for user input.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
microsoft | windows_2000 | * | |
microsoft | windows_nt | * | |
microsoft | windows_nt | 4.0 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:microsoft:windows_2000:*:*:*:*:*:*:*:*", "matchCriteriaId": "4E545C63-FE9C-4CA1-AF0F-D999D84D2AFD", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_nt:*:*:*:*:*:*:*:*", "matchCriteriaId": "ED27882B-A02A-4D5F-9117-A47976C676E0", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_nt:4.0:sp5:*:*:*:*:*:*", "matchCriteriaId": "DBFB3E49-3FB5-4947-856D-727CBFFBA543", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "The Windows NT Client Server Runtime Subsystem (CSRSS) can be subjected to a denial of service when all worker threads are waiting for user input." } ], "id": "CVE-1999-0723", "lastModified": "2024-11-20T23:29:19.117", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.1, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0" }, "exploitabilityScore": 8.6, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "1999-06-23T04:00:00.000", "references": [ { "source": "cve@mitre.org", "url": "http://support.microsoft.com/default.aspx?scid=kb%3B%5BLN%5D%3BQ233323" }, { "source": "cve@mitre.org", "url": "http://www.ciac.org/ciac/bulletins/j-049.shtml" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/478" }, { "source": "cve@mitre.org", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/1999/ms99-021" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://support.microsoft.com/default.aspx?scid=kb%3B%5BLN%5D%3BQ233323" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.ciac.org/ciac/bulletins/j-049.shtml" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/478" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/1999/ms99-021" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
1997-01-01 05:00
Modified
2024-11-20 23:28
Severity ?
Summary
A Windows NT local user or administrator account has a default, null, blank, or missing password.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
microsoft | windows_2000 | * | |
microsoft | windows_nt | * |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:microsoft:windows_2000:*:*:*:*:*:*:*:*", "matchCriteriaId": "4E545C63-FE9C-4CA1-AF0F-D999D84D2AFD", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_nt:*:*:*:*:*:*:*:*", "matchCriteriaId": "ED27882B-A02A-4D5F-9117-A47976C676E0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "A Windows NT local user or administrator account has a default, null, blank, or missing password." } ], "id": "CVE-1999-0504", "lastModified": "2024-11-20T23:28:53.580", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": true, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "1997-01-01T05:00:00.000", "references": [ { "source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0504" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0504" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2005-08-10 04:00
Modified
2024-11-20 23:58
Severity ?
Summary
Buffer overflow in the Print Spooler service (Spoolsv.exe) for Microsoft Windows 2000, Windows XP, and Windows Server 2003 allows remote attackers to execute arbitrary code via a malicious message.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
microsoft | windows_2000 | * | |
microsoft | windows_2003_server | r2 | |
microsoft | windows_xp | * | |
microsoft | windows_xp | * |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:microsoft:windows_2000:*:sp4:*:fr:*:*:*:*", "matchCriteriaId": "330B6798-5380-44AD-9B52-DF5955FA832C", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_2003_server:r2:*:*:*:*:*:*:*", "matchCriteriaId": "4E7FD818-322D-4089-A644-360C33943D29", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp1:tablet_pc:*:*:*:*:*", "matchCriteriaId": "B9687E6C-EDE9-42E4-93D0-C4144FEC917A", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:tablet_pc:*:*:*:*:*", "matchCriteriaId": "FB2BE2DE-7B06-47ED-A674-15D45448F357", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Buffer overflow in the Print Spooler service (Spoolsv.exe) for Microsoft Windows 2000, Windows XP, and Windows Server 2003 allows remote attackers to execute arbitrary code via a malicious message." } ], "id": "CVE-2005-1984", "lastModified": "2024-11-20T23:58:33.103", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": true, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2005-08-10T04:00:00.000", "references": [ { "source": "secure@microsoft.com", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://secunia.com/advisories/16356/" }, { "source": "secure@microsoft.com", "url": "http://securitytracker.com/id?1014638" }, { "source": "secure@microsoft.com", "tags": [ "US Government Resource" ], "url": "http://www.kb.cert.org/vuls/id/220821" }, { "source": "secure@microsoft.com", "url": "http://www.securityfocus.com/bid/14514" }, { "source": "secure@microsoft.com", "tags": [ "Patch", "US Government Resource" ], "url": "http://www.us-cert.gov/cas/techalerts/TA05-221A.html" }, { "source": "secure@microsoft.com", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-043" }, { "source": "secure@microsoft.com", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100077" }, { "source": "secure@microsoft.com", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1045" }, { "source": "secure@microsoft.com", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1405" }, { "source": "secure@microsoft.com", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A256" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://secunia.com/advisories/16356/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securitytracker.com/id?1014638" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "US Government Resource" ], "url": "http://www.kb.cert.org/vuls/id/220821" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/14514" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "US Government Resource" ], "url": "http://www.us-cert.gov/cas/techalerts/TA05-221A.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-043" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100077" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1045" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1405" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A256" } ], "sourceIdentifier": "secure@microsoft.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2001-02-16 05:00
Modified
2024-11-20 23:34
Severity ?
Summary
The default permissions for the SNMP Parameters registry key in Windows NT 4.0 allows remote attackers to read and possibly modify the SNMP community strings to obtain sensitive information or modify network configuration, aka one of the "Registry Permissions" vulnerabilities.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
microsoft | windows_2000 | * | |
microsoft | windows_nt | 4.0 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:microsoft:windows_2000:*:*:*:*:*:*:*:*", "matchCriteriaId": "4E545C63-FE9C-4CA1-AF0F-D999D84D2AFD", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_nt:4.0:*:*:*:*:*:*:*", "matchCriteriaId": "E53CDA8E-50A8-4509-B070-CCA5604FFB21", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "The default permissions for the SNMP Parameters registry key in Windows NT 4.0 allows remote attackers to read and possibly modify the SNMP community strings to obtain sensitive information or modify network configuration, aka one of the \"Registry Permissions\" vulnerabilities." } ], "id": "CVE-2001-0046", "lastModified": "2024-11-20T23:34:28.317", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 3.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2001-02-16T05:00:00.000", "references": [ { "source": "cve@mitre.org", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.securityfocus.com/bid/2066" }, { "source": "cve@mitre.org", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-095" }, { "source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5672" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A139" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.securityfocus.com/bid/2066" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-095" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5672" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A139" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2001-12-06 05:00
Modified
2024-11-20 23:35
Severity ?
Summary
Terminal Server in Windows NT and Windows 2000 allows remote attackers to cause a denial of service via a sequence of invalid Remote Desktop Protocol (RDP) packets.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
microsoft | windows_2000 | * | |
microsoft | windows_nt | 4.0 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:microsoft:windows_2000:*:*:*:*:*:*:*:*", "matchCriteriaId": "4E545C63-FE9C-4CA1-AF0F-D999D84D2AFD", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_nt:4.0:*:*:*:*:*:*:*", "matchCriteriaId": "E53CDA8E-50A8-4509-B070-CCA5604FFB21", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Terminal Server in Windows NT and Windows 2000 allows remote attackers to cause a denial of service via a sequence of invalid Remote Desktop Protocol (RDP) packets." } ], "id": "CVE-2001-0663", "lastModified": "2024-11-20T23:35:52.047", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2001-12-06T05:00:00.000", "references": [ { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/3445" }, { "source": "cve@mitre.org", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-052" }, { "source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7302" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/3445" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-052" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7302" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2007-04-10 23:19
Modified
2024-11-21 00:29
Severity ?
Summary
Heap-based buffer overflow in Microsoft Windows allows user-assisted remote attackers to have an unknown impact via a crafted .HLP file.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
microsoft | windows_2000 | * | |
microsoft | windows_2003_server | * | |
microsoft | windows_nt | * | |
microsoft | windows_xp | * |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:microsoft:windows_2000:*:*:*:*:*:*:*:*", "matchCriteriaId": "4E545C63-FE9C-4CA1-AF0F-D999D84D2AFD", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_2003_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "60EC86B8-5C8C-4873-B364-FB1F8EFE1CFF", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_nt:*:*:*:*:*:*:*:*", "matchCriteriaId": "ED27882B-A02A-4D5F-9117-A47976C676E0", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_xp:*:*:*:*:*:*:*:*", "matchCriteriaId": "E61F1C9B-44AF-4B35-A7B2-948EEF7639BD", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Heap-based buffer overflow in Microsoft Windows allows user-assisted remote attackers to have an unknown impact via a crafted .HLP file." }, { "lang": "es", "value": "Desbordamiento de b\u00fafer basado en pila en Microsoft Windows permite a atacantes remotos con la intervenci\u00f3n del usuario tiene un impacto desconocido a trav\u00e9s de archivos manipulados .HLP\r\n" } ], "id": "CVE-2007-1912", "lastModified": "2024-11-21T00:29:26.943", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": true, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true } ] }, "published": "2007-04-10T23:19:00.000", "references": [ { "source": "cve@mitre.org", "tags": [ "Exploit", "Vendor Advisory" ], "url": "http://www.securityfocus.com/bid/23382" }, { "source": "cve@mitre.org", "url": "http://www.securitytracker.com/id?1017901" }, { "source": "cve@mitre.org", "url": "https://www.exploit-db.com/exploits/3693" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit", "Vendor Advisory" ], "url": "http://www.securityfocus.com/bid/23382" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id?1017901" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.exploit-db.com/exploits/3693" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2004-12-31 05:00
Modified
2025-01-16 20:15
Severity ?
Summary
Microsoft Windows 2000, XP, and possibly 2003 allows local users with the SeDebugPrivilege privilege to execute arbitrary code as kernel and read or write kernel memory via the NtSystemDebugControl function, which does not verify its pointer arguments. Note: this issue has been disputed, since Administrator privileges are typically required to exploit this issue, thus privilege boundaries are not crossed
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
microsoft | windows_2000 | * | |
microsoft | windows_2003_server | r2 | |
microsoft | windows_xp | * |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:microsoft:windows_2000:*:*:*:*:*:*:*:*", "matchCriteriaId": "4E545C63-FE9C-4CA1-AF0F-D999D84D2AFD", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_2003_server:r2:*:*:*:*:*:*:*", "matchCriteriaId": "4E7FD818-322D-4089-A644-360C33943D29", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_xp:*:gold:*:*:*:*:*:*", "matchCriteriaId": "580B0C9B-DD85-40FA-9D37-BAC0C96D57FC", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [ { "sourceIdentifier": "cve@mitre.org", "tags": [ "disputed" ] } ], "descriptions": [ { "lang": "en", "value": "Microsoft Windows 2000, XP, and possibly 2003 allows local users with the SeDebugPrivilege privilege to execute arbitrary code as kernel and read or write kernel memory via the NtSystemDebugControl function, which does not verify its pointer arguments. Note: this issue has been disputed, since Administrator privileges are typically required to exploit this issue, thus privilege boundaries are not crossed" } ], "id": "CVE-2004-2339", "lastModified": "2025-01-16T20:15:27.997", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0" }, "exploitabilityScore": 3.9, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 2.5, "impactScore": 5.9, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] }, "published": "2004-12-31T05:00:00.000", "references": [ { "source": "cve@mitre.org", "url": "http://archives.neohapsis.com/archives/bugtraq/2004-02/0529.html" }, { "source": "cve@mitre.org", "url": "http://archives.neohapsis.com/archives/bugtraq/2004-02/0530.html" }, { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "http://www.securityfocus.com/archive/1/354392" }, { "source": "cve@mitre.org", "url": "http://www.securitytracker.com/id?1009128" }, { "source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15263" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://archives.neohapsis.com/archives/bugtraq/2004-02/0529.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://archives.neohapsis.com/archives/bugtraq/2004-02/0530.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://www.securityfocus.com/archive/1/354392" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id?1009128" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15263" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2001-07-21 04:00
Modified
2024-11-20 23:35
Severity ?
Summary
Microsoft Windows 2000 telnet service allows a local user to make a certain system call that allows the user to terminate a Telnet session and cause a denial of service.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
microsoft | windows_2000 | * |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:microsoft:windows_2000:*:*:*:*:*:*:*:*", "matchCriteriaId": "4E545C63-FE9C-4CA1-AF0F-D999D84D2AFD", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Microsoft Windows 2000 telnet service allows a local user to make a certain system call that allows the user to terminate a Telnet session and cause a denial of service." } ], "id": "CVE-2001-0351", "lastModified": "2024-11-20T23:35:10.740", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "LOW", "cvssData": { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 2.1, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2001-07-21T04:00:00.000", "references": [ { "source": "cve@mitre.org", "url": "http://www.ciac.org/ciac/bulletins/l-092.shtml" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/2846" }, { "source": "cve@mitre.org", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-031" }, { "source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6669" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.ciac.org/ciac/bulletins/l-092.shtml" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/2846" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-031" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6669" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
1999-08-11 04:00
Modified
2024-11-20 23:29
Severity ?
Summary
DHCP clients with ICMP Router Discovery Protocol (IRDP) enabled allow remote attackers to modify their default routes.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
microsoft | windows_2000 | * | |
microsoft | windows_95 | 0a | |
microsoft | windows_95 | 0b | |
microsoft | windows_98se | * | |
sun | solaris | 2.6 | |
sun | sunos | - |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:microsoft:windows_2000:*:*:*:*:*:*:*:*", "matchCriteriaId": "4E545C63-FE9C-4CA1-AF0F-D999D84D2AFD", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_95:0a:*:*:*:*:*:*:*", "matchCriteriaId": "8429C080-F550-4D03-A87A-4546273712AE", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_95:0b:*:*:*:*:*:*:*", "matchCriteriaId": "5D153766-0C57-46F4-8865-6F1ED597B53C", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_98se:*:*:*:*:*:*:*:*", "matchCriteriaId": "AA733AD2-D948-46A0-A063-D29081A56F1F", "vulnerable": true }, { "criteria": "cpe:2.3:o:sun:solaris:2.6:*:*:*:*:*:*:*", "matchCriteriaId": "34EBF074-78C8-41AF-88F1-DA6726E56F8B", "vulnerable": true }, { "criteria": "cpe:2.3:o:sun:sunos:-:*:*:*:*:*:*:*", "matchCriteriaId": "369207B4-96FA-4324-9445-98FAE8ECF5DB", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "DHCP clients with ICMP Router Discovery Protocol (IRDP) enabled allow remote attackers to modify their default routes." } ], "id": "CVE-1999-0875", "lastModified": "2024-11-20T23:29:44.767", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "1999-08-11T04:00:00.000", "references": [ { "source": "cve@mitre.org", "url": "http://support.microsoft.com/default.aspx?scid=kb%3B%5BLN%5D%3BQ216141" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/578" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://support.microsoft.com/default.aspx?scid=kb%3B%5BLN%5D%3BQ216141" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/578" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-16" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2002-12-31 05:00
Modified
2024-11-20 23:42
Severity ?
Summary
Microsoft Windows XP and Windows 2000, when configured to send administrative alerts and the "Do not overwrite events (clear log manually)" option is set, does not notify the administrator when the log reaches its maximum size, which allows local users and remote attackers to avoid detection.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
microsoft | windows_2000 | * | |
microsoft | windows_2000 | * | |
microsoft | windows_2000 | * | |
microsoft | windows_xp | * | |
microsoft | windows_xp | * |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:microsoft:windows_2000:*:*:*:*:*:*:*:*", "matchCriteriaId": "4E545C63-FE9C-4CA1-AF0F-D999D84D2AFD", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_2000:*:sp1:*:*:*:*:*:*", "matchCriteriaId": "294EBA01-147B-4DA0-937E-ACBB655EDE53", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_2000:*:sp2:*:*:*:*:*:*", "matchCriteriaId": "4E8B7346-F2AA-434C-A048-7463EC1BB117", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_xp:*:*:home:*:*:*:*:*", "matchCriteriaId": "BC176BB0-1655-4BEA-A841-C4158167CC9B", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_xp:*:gold:professional:*:*:*:*:*", "matchCriteriaId": "4BF263CB-4239-4DB0-867C-9069ED02CAD7", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Microsoft Windows XP and Windows 2000, when configured to send administrative alerts and the \"Do not overwrite events (clear log manually)\" option is set, does not notify the administrator when the log reaches its maximum size, which allows local users and remote attackers to avoid detection." } ], "id": "CVE-2002-1932", "lastModified": "2024-11-20T23:42:27.770", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2002-12-31T05:00:00.000", "references": [ { "source": "cve@mitre.org", "url": "http://online.securityfocus.com/archive/1/295341" }, { "source": "cve@mitre.org", "url": "http://support.microsoft.com/default.aspx?scid=kb%3B%5BLN%5D%3B329350" }, { "source": "cve@mitre.org", "tags": [ "Patch" ], "url": "http://www.iss.net/security_center/static/10377.php" }, { "source": "cve@mitre.org", "tags": [ "Patch" ], "url": "http://www.securityfocus.com/bid/5972" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://online.securityfocus.com/archive/1/295341" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://support.microsoft.com/default.aspx?scid=kb%3B%5BLN%5D%3B329350" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch" ], "url": "http://www.iss.net/security_center/static/10377.php" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch" ], "url": "http://www.securityfocus.com/bid/5972" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2010-03-03 19:30
Modified
2024-11-21 01:13
Severity ?
Summary
Stack-based buffer overflow in VBScript in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2, when Internet Explorer is used, might allow user-assisted remote attackers to execute arbitrary code via a long string in the fourth argument (aka helpfile argument) to the MsgBox function, leading to code execution when the F1 key is pressed, a different vulnerability than CVE-2010-0483.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
microsoft | windows_2000 | * | |
microsoft | windows_2003_server | * | |
microsoft | windows_2003_server | * | |
microsoft | windows_server_2003 | * | |
microsoft | windows_xp | * | |
microsoft | windows_xp | * | |
microsoft | windows_xp | - | |
microsoft | internet_explorer | 6 | |
microsoft | internet_explorer | 7 | |
microsoft | internet_explorer | 8 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*", "matchCriteriaId": "83E7C4A0-78CF-4B56-82BF-EC932BDD8ADF", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_2003_server:*:sp2:*:*:*:*:*:*", "matchCriteriaId": "2978BF86-5A1A-438E-B81F-F360D0E30C9C", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_2003_server:*:sp2:itanium:*:*:*:*:*", "matchCriteriaId": "F7EFB032-47F4-4497-B16B-CB9126EAC9DF", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_server_2003:*:sp2:*:*:*:*:*:*", "matchCriteriaId": "4D3B5E4F-56A6-4696-BBB4-19DF3613D020", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*", "matchCriteriaId": "9B339C33-8896-4896-88FF-88E74FDBC543", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp3:*:*:*:*:*:*", "matchCriteriaId": "CE477A73-4EE4-41E9-8694-5A3D5DC88656", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_xp:-:sp2:x64:*:*:*:*:*", "matchCriteriaId": "FFAC3F90-77BF-4F56-A89B-8A3D2D1FC6D6", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6:*:*:*:*:*:*:*", "matchCriteriaId": "693D3C1C-E3E4-49DB-9A13-44ADDFF82507", "vulnerable": false }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:7:*:*:*:*:*:*:*", "matchCriteriaId": "1A33FA7F-BB2A-4C66-B608-72997A2BD1DB", "vulnerable": false }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:8:*:*:*:*:*:*:*", "matchCriteriaId": "A52E757F-9B41-43B4-9D67-3FEDACA71283", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Stack-based buffer overflow in VBScript in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2, when Internet Explorer is used, might allow user-assisted remote attackers to execute arbitrary code via a long string in the fourth argument (aka helpfile argument) to the MsgBox function, leading to code execution when the F1 key is pressed, a different vulnerability than CVE-2010-0483." }, { "lang": "es", "value": "Desbordamiento de b\u00fafer basado en pila en VBScript en Microsoft Windows 2000 SP4, XP SP2 y SP3 y Server 2003 SP2, al usar Internet Explorer, puede permitir a atacantes remotos asistidos por el usuario ejecutar c\u00f3digo de su elecci\u00f3n mediante una cadena larga en el cuarto argumento (alias argumento helpfile) para una funci\u00f3n MsgBox, que conduce a la ejecuci\u00f3n de c\u00f3digo cuando se pulsa la tecla F1, una vulnerabilidad diferente a CVE-2010-0483." } ], "id": "CVE-2010-0917", "lastModified": "2024-11-21T01:13:12.373", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.6, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0" }, "exploitabilityScore": 4.9, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true } ] }, "published": "2010-03-03T19:30:00.667", "references": [ { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "http://blogs.technet.com/msrc/archive/2010/03/01/security-advisory-981169-released.aspx" }, { "source": "cve@mitre.org", "tags": [ "Exploit" ], "url": "http://isec.pl/vulnerabilities/isec-0027-msgbox-helpfile-ie.txt" }, { "source": "cve@mitre.org", "tags": [ "Exploit" ], "url": "http://isec.pl/vulnerabilities10.html" }, { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "http://www.microsoft.com/technet/security/advisory/981169.mspx" }, { "source": "cve@mitre.org", "tags": [ "Exploit" ], "url": "http://www.securityfocus.com/bid/38473" }, { "source": "cve@mitre.org", "url": "http://www.theregister.co.uk/2010/03/01/ie_code_execution_bug/" }, { "source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56560" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://blogs.technet.com/msrc/archive/2010/03/01/security-advisory-981169-released.aspx" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit" ], "url": "http://isec.pl/vulnerabilities/isec-0027-msgbox-helpfile-ie.txt" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit" ], "url": "http://isec.pl/vulnerabilities10.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://www.microsoft.com/technet/security/advisory/981169.mspx" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit" ], "url": "http://www.securityfocus.com/bid/38473" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.theregister.co.uk/2010/03/01/ie_code_execution_bug/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56560" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-119" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2001-06-27 04:00
Modified
2024-11-20 23:34
Severity ?
Summary
Buffer overflow in Internet Printing ISAPI extension in Windows 2000 allows remote attackers to gain root privileges via a long print request that is passed to the extension through IIS 5.0.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
microsoft | windows_2000 | * |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:microsoft:windows_2000:*:*:*:*:*:*:*:*", "matchCriteriaId": "4E545C63-FE9C-4CA1-AF0F-D999D84D2AFD", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Buffer overflow in Internet Printing ISAPI extension in Windows 2000 allows remote attackers to gain root privileges via a long print request that is passed to the extension through IIS 5.0." }, { "lang": "es", "value": "Buffer overflow en la extensi\u00f3n ISAPI de Internet Printing en Windows 2000 permite a los atacantes remotos obtener privilegios de root a trav\u00e9s de una larga solicitud de impresi\u00f3n que se pasa a la extensi\u00f3n a trav\u00e9s de IIS 5.0." } ], "id": "CVE-2001-0241", "lastModified": "2024-11-20T23:34:55.383", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2001-06-27T04:00:00.000", "references": [ { "source": "cve@mitre.org", "url": "http://marc.info/?l=bugtraq\u0026m=98874912915948\u0026w=2" }, { "source": "cve@mitre.org", "tags": [ "US Government Resource" ], "url": "http://www.cert.org/advisories/CA-2001-10.html" }, { "source": "cve@mitre.org", "url": "http://www.osvdb.org/3323" }, { "source": "cve@mitre.org", "tags": [ "Exploit", "Patch", "Vendor Advisory" ], "url": "http://www.securityfocus.com/bid/2674" }, { "source": "cve@mitre.org", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-023" }, { "source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6485" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1068" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=bugtraq\u0026m=98874912915948\u0026w=2" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "US Government Resource" ], "url": "http://www.cert.org/advisories/CA-2001-10.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.osvdb.org/3323" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit", "Patch", "Vendor Advisory" ], "url": "http://www.securityfocus.com/bid/2674" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-023" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6485" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1068" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
1999-12-31 05:00
Modified
2024-11-20 23:30
Severity ?
Summary
When an administrator in Windows NT or Windows 2000 changes a user policy, the policy is not properly updated if the local ntconfig.pol is not writable by the user, which could allow local users to bypass restrictions that would otherwise be enforced by the policy, possibly by changing the policy file to be read-only.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
microsoft | windows_2000 | * | |
microsoft | windows_nt | * |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:microsoft:windows_2000:*:*:*:*:*:*:*:*", "matchCriteriaId": "4E545C63-FE9C-4CA1-AF0F-D999D84D2AFD", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_nt:*:*:*:*:*:*:*:*", "matchCriteriaId": "ED27882B-A02A-4D5F-9117-A47976C676E0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "When an administrator in Windows NT or Windows 2000 changes a user policy, the policy is not properly updated if the local ntconfig.pol is not writable by the user, which could allow local users to bypass restrictions that would otherwise be enforced by the policy, possibly by changing the policy file to be read-only." } ], "id": "CVE-1999-1358", "lastModified": "2024-11-20T23:30:55.533", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 3.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "1999-12-31T05:00:00.000", "references": [ { "source": "cve@mitre.org", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://support.microsoft.com/support/kb/articles/q157/6/73.asp" }, { "source": "cve@mitre.org", "url": "http://www.iss.net/security_center/static/7400.php" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://support.microsoft.com/support/kb/articles/q157/6/73.asp" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.iss.net/security_center/static/7400.php" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2010-07-02 12:43
Modified
2024-11-21 01:16
Severity ?
Summary
Multiple cross-site request forgery (CSRF) vulnerabilities in the web management interface in InterSect Alliance Snare Agent 3.2.3 and earlier on Solaris, Snare Agent 3.1.7 and earlier on Windows, Snare Agent 1.5.0 and earlier on Linux and AIX, Snare Agent 1.4 and earlier on IRIX, Snare Epilog 1.5.3 and earlier on Windows, and Snare Epilog 1.2 and earlier on UNIX allow remote attackers to hijack the authentication of administrators for requests that (1) change the password or (2) change the listening port.
References
▼ | URL | Tags | |
---|---|---|---|
cve@mitre.org | http://holisticinfosec.org/content/view/144/45/ | Third Party Advisory | |
cve@mitre.org | http://secunia.com/advisories/39562 | Broken Link | |
cve@mitre.org | http://www.kb.cert.org/vuls/id/173009 | Third Party Advisory, US Government Resource | |
cve@mitre.org | http://www.securityfocus.com/bid/41226 | Third Party Advisory, VDB Entry | |
af854a3a-2127-422b-91ae-364da2661108 | http://holisticinfosec.org/content/view/144/45/ | Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/39562 | Broken Link | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.kb.cert.org/vuls/id/173009 | Third Party Advisory, US Government Resource | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/41226 | Third Party Advisory, VDB Entry |
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:intersect_alliance:snare_agent:*:*:*:*:*:*:*:*", "matchCriteriaId": "89C72256-1076-4ADE-99FD-3211D4210571", "versionEndIncluding": "3.2.3", "vulnerable": true }, { "criteria": "cpe:2.3:a:intersect_alliance:snare_agent:2.0:*:*:*:*:*:*:*", "matchCriteriaId": "52F1E105-8DD0-4A70-B776-118C0AD297CD", "vulnerable": true }, { "criteria": "cpe:2.3:a:intersect_alliance:snare_agent:2.1:*:*:*:*:*:*:*", "matchCriteriaId": "90D62C11-8F19-4EA2-B69A-4AD59A285DC6", "vulnerable": true }, { "criteria": "cpe:2.3:a:intersect_alliance:snare_agent:2.3:*:*:*:*:*:*:*", "matchCriteriaId": "9C12A8C4-BF04-4B1B-8B50-EF6E9BDB14F2", "vulnerable": true }, { "criteria": "cpe:2.3:a:intersect_alliance:snare_agent:2.4:*:*:*:*:*:*:*", "matchCriteriaId": "08EE9563-7416-4572-9B73-8D67F82DD2BC", "vulnerable": true }, { "criteria": "cpe:2.3:a:intersect_alliance:snare_agent:2.5:*:*:*:*:*:*:*", "matchCriteriaId": "36F767D0-6ACB-40AC-8260-0F43E1CB7332", "vulnerable": true }, { "criteria": "cpe:2.3:a:intersect_alliance:snare_agent:2.5.2:*:*:*:*:*:*:*", "matchCriteriaId": "A2432243-5B6A-49B7-A18D-BF902872880B", "vulnerable": true }, { "criteria": "cpe:2.3:a:intersect_alliance:snare_agent:2.5.3:*:*:*:*:*:*:*", "matchCriteriaId": "776ADA38-8323-44FC-BB85-823BB31E0FE7", "vulnerable": true }, { "criteria": "cpe:2.3:a:intersect_alliance:snare_agent:2.5.4:*:*:*:*:*:*:*", "matchCriteriaId": "0C74F35D-5B2B-413B-8297-4F8EA65A0CC8", "vulnerable": true }, { "criteria": "cpe:2.3:a:intersect_alliance:snare_agent:2.5.6:*:*:*:*:*:*:*", "matchCriteriaId": "DDF910EF-2A69-4B43-B487-EF476412BFF7", "vulnerable": true }, { "criteria": "cpe:2.3:a:intersect_alliance:snare_agent:2.5.7:*:*:*:*:*:*:*", "matchCriteriaId": "316DADD7-21E6-4729-AE75-87DD21977E1E", "vulnerable": true }, { "criteria": "cpe:2.3:a:intersect_alliance:snare_agent:3.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "23ED0D79-6929-4E77-96EB-3A4DA40E3E2A", "vulnerable": true }, { "criteria": "cpe:2.3:a:intersect_alliance:snare_agent:3.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "55318889-CE1E-4C38-BC61-7A31F4C4502C", "vulnerable": true }, { "criteria": "cpe:2.3:a:intersect_alliance:snare_agent:3.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "2B22AFA6-E731-49E4-91B7-8659B156D63A", "vulnerable": true }, { "criteria": "cpe:2.3:a:intersect_alliance:snare_agent:3.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "526D1EBD-BBFA-42C7-96D6-5B24E447D6C5", "vulnerable": true }, { "criteria": "cpe:2.3:a:intersect_alliance:snare_agent:3.2.2:*:*:*:*:*:*:*", "matchCriteriaId": "5C0B63D1-6D64-4640-A0DA-4A0603456057", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:o:sun:solaris:*:*:*:*:*:*:*:*", "matchCriteriaId": "469B74F2-4B89-42B8-8638-731E92D463B9", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:intersect_alliance:snare_agent:*:*:*:*:*:*:*:*", "matchCriteriaId": "E64BBC83-2C9E-4B35-ACF5-E4A0DD4CACB9", "versionEndIncluding": "3.1.7", "vulnerable": true }, { "criteria": "cpe:2.3:a:intersect_alliance:snare_agent:3.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "23ED0D79-6929-4E77-96EB-3A4DA40E3E2A", "vulnerable": true }, { "criteria": "cpe:2.3:a:intersect_alliance:snare_agent:3.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "55318889-CE1E-4C38-BC61-7A31F4C4502C", "vulnerable": true }, { "criteria": "cpe:2.3:a:intersect_alliance:snare_agent:3.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "CE0B343C-3313-480E-AD50-8844C5EE3107", "vulnerable": true }, { "criteria": "cpe:2.3:a:intersect_alliance:snare_agent:3.1.3:*:*:*:*:*:*:*", "matchCriteriaId": "78246ED3-92E1-4036-B46E-391F398FD05D", "vulnerable": true }, { "criteria": "cpe:2.3:a:intersect_alliance:snare_agent:3.1.4:*:*:*:*:*:*:*", "matchCriteriaId": "307FF903-7722-4AE3-B36B-5ED492A0115E", "vulnerable": true }, { "criteria": "cpe:2.3:a:intersect_alliance:snare_agent:3.1.5:*:*:*:*:*:*:*", "matchCriteriaId": "AB68669D-D718-482A-BA8D-8231E9AA6D50", "vulnerable": true }, { "criteria": "cpe:2.3:a:intersect_alliance:snare_agent:3.1.6:*:*:*:*:*:*:*", "matchCriteriaId": "29DC5182-860C-4D2D-8427-E00A3D0B05F3", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:o:microsoft:windows_2000:*:*:*:*:*:*:*:*", "matchCriteriaId": "4E545C63-FE9C-4CA1-AF0F-D999D84D2AFD", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_2003_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "60EC86B8-5C8C-4873-B364-FB1F8EFE1CFF", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_xp:*:*:*:*:*:*:*:*", "matchCriteriaId": "E61F1C9B-44AF-4B35-A7B2-948EEF7639BD", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:intersect_alliance:snare_agent:*:*:*:*:*:*:*:*", "matchCriteriaId": "0259B24D-3DB9-4A77-BF45-E392A548F4E9", "versionEndIncluding": "1.5.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:intersect_alliance:snare_agent:0.9.2:*:*:*:*:*:*:*", "matchCriteriaId": "D25BE641-7C32-4A45-9B3A-8517923B72ED", "vulnerable": true }, { "criteria": "cpe:2.3:a:intersect_alliance:snare_agent:0.9.6:*:*:*:*:*:*:*", "matchCriteriaId": "86A81EDD-98C2-41FA-B3ED-E846E4E287D0", "vulnerable": true }, { "criteria": "cpe:2.3:a:intersect_alliance:snare_agent:0.9.7:*:*:*:*:*:*:*", "matchCriteriaId": "ADE10B2C-41B5-47D3-AE56-874198DFE8EF", "vulnerable": true }, { "criteria": "cpe:2.3:a:intersect_alliance:snare_agent:0.9.7a:*:*:*:*:*:*:*", "matchCriteriaId": "FC197C77-DD26-43B2-9147-90B476E45891", "vulnerable": true }, { "criteria": "cpe:2.3:a:intersect_alliance:snare_agent:0.9.8:*:*:*:*:*:*:*", "matchCriteriaId": "94641156-1C85-42AB-B201-CE81432274BF", "vulnerable": true }, { "criteria": "cpe:2.3:a:intersect_alliance:snare_agent:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "B9D6CCDA-376C-402B-AC90-5578374B5461", "vulnerable": true }, { "criteria": "cpe:2.3:a:intersect_alliance:snare_agent:1.1:*:*:*:*:*:*:*", "matchCriteriaId": "43FC0A2E-F5F4-4334-8D76-AC097F7BA29B", "vulnerable": true }, { "criteria": "cpe:2.3:a:intersect_alliance:snare_agent:1.2:*:*:*:*:*:*:*", "matchCriteriaId": "A301F579-FC14-4FF0-8383-A0E12B2D461F", "vulnerable": true }, { "criteria": "cpe:2.3:a:intersect_alliance:snare_agent:1.3:*:*:*:*:*:*:*", "matchCriteriaId": "2B093131-CABA-4B30-8A2F-E11F3E3D3E51", "vulnerable": true }, { "criteria": "cpe:2.3:a:intersect_alliance:snare_agent:1.4:*:*:*:*:*:*:*", "matchCriteriaId": "673EE9E4-8465-4659-B65E-5215B09732B8", "vulnerable": true }, { "criteria": "cpe:2.3:a:intersect_alliance:snare_agent:1.4.1:*:*:*:*:*:*:*", "matchCriteriaId": "0AB364B9-E2DB-4FEF-B53F-D3F014B48BDD", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:intersect_alliance:snare_agent:*:*:*:*:*:*:*:*", "matchCriteriaId": "2A0A0446-6190-44B7-BE90-1B07A3A650D9", "versionEndIncluding": "1.4", "vulnerable": true }, { "criteria": "cpe:2.3:a:intersect_alliance:snare_agent:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "B9D6CCDA-376C-402B-AC90-5578374B5461", "vulnerable": true }, { "criteria": "cpe:2.3:a:intersect_alliance:snare_agent:1.2:*:*:*:*:*:*:*", "matchCriteriaId": "A301F579-FC14-4FF0-8383-A0E12B2D461F", "vulnerable": true }, { "criteria": "cpe:2.3:a:intersect_alliance:snare_agent:1.3:*:*:*:*:*:*:*", "matchCriteriaId": "2B093131-CABA-4B30-8A2F-E11F3E3D3E51", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:o:sgi:irix:*:*:*:*:*:*:*:*", "matchCriteriaId": "056B3397-81A9-4128-9F49-ECEBE1743EE8", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:intersect_alliance:snare_epilog:*:*:*:*:*:*:*:*", "matchCriteriaId": "DDBAE0DE-4F29-45D5-9B9E-8C9D4D02BD31", "versionEndIncluding": "1.5.3", "vulnerable": true }, { "criteria": "cpe:2.3:a:intersect_alliance:snare_epilog:1.1:*:*:*:*:*:*:*", "matchCriteriaId": "49A8709F-5400-4946-B08E-7FF0812DB679", "vulnerable": true }, { "criteria": "cpe:2.3:a:intersect_alliance:snare_epilog:1.2:*:*:*:*:*:*:*", "matchCriteriaId": "8D1BF5FF-6148-49E1-B58B-E46EA24F7953", "vulnerable": true }, { "criteria": "cpe:2.3:a:intersect_alliance:snare_epilog:1.3:*:*:*:*:*:*:*", "matchCriteriaId": "883D033D-F5D4-4FFD-85F8-CE4054470362", "vulnerable": true }, { "criteria": "cpe:2.3:a:intersect_alliance:snare_epilog:1.3.1:*:*:*:*:*:*:*", "matchCriteriaId": "B7231A15-25B7-4D09-B19E-676B2A8F98D0", "vulnerable": true }, { "criteria": "cpe:2.3:a:intersect_alliance:snare_epilog:1.3.3:*:*:*:*:*:*:*", "matchCriteriaId": "CBE17A5C-4ED8-4E9A-8E41-730F70D709E9", "vulnerable": true }, { "criteria": "cpe:2.3:a:intersect_alliance:snare_epilog:1.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "9552E0E7-6E7D-4807-9D9E-AF4956C47C61", "vulnerable": true }, { "criteria": "cpe:2.3:a:intersect_alliance:snare_epilog:1.5.0:*:*:*:*:*:*:*", "matchCriteriaId": "52003973-A127-4E33-899A-5533035CF445", "vulnerable": true }, { "criteria": "cpe:2.3:a:intersect_alliance:snare_epilog:1.5.1:*:*:*:*:*:*:*", "matchCriteriaId": "C3F842B9-11DE-44DB-B49D-9927E28FE571", "vulnerable": true }, { "criteria": "cpe:2.3:a:intersect_alliance:snare_epilog:1.5.2:*:*:*:*:*:*:*", "matchCriteriaId": "3749470D-5AFD-4391-9CBD-B346CDF76B15", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*", "matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:intersect_alliance:snare_epilog:*:*:*:*:*:*:*:*", "matchCriteriaId": "2D371D01-1212-43AD-807A-871FDBC64C9E", "versionEndIncluding": "1.2", "vulnerable": true }, { "criteria": "cpe:2.3:a:intersect_alliance:snare_epilog:1.1:*:*:*:*:*:*:*", "matchCriteriaId": "49A8709F-5400-4946-B08E-7FF0812DB679", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:o:unix:unix:*:*:*:*:*:*:*:*", "matchCriteriaId": "F7A7C398-5356-45D6-AA5C-53E63BC88DCA", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:intersect_alliance:snare_agent:*:*:*:*:*:*:*:*", "matchCriteriaId": "0259B24D-3DB9-4A77-BF45-E392A548F4E9", "versionEndIncluding": "1.5.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:intersect_alliance:snare_agent:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "B9D6CCDA-376C-402B-AC90-5578374B5461", "vulnerable": true }, { "criteria": "cpe:2.3:a:intersect_alliance:snare_agent:1.2:*:*:*:*:*:*:*", "matchCriteriaId": "A301F579-FC14-4FF0-8383-A0E12B2D461F", "vulnerable": true }, { "criteria": "cpe:2.3:a:intersect_alliance:snare_agent:1.3:*:*:*:*:*:*:*", "matchCriteriaId": "2B093131-CABA-4B30-8A2F-E11F3E3D3E51", "vulnerable": true }, { "criteria": "cpe:2.3:a:intersect_alliance:snare_agent:1.4:*:*:*:*:*:*:*", "matchCriteriaId": "673EE9E4-8465-4659-B65E-5215B09732B8", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:o:ibm:aix:*:*:*:*:*:*:*:*", "matchCriteriaId": "F7F01A55-7C37-4BAF-A4D4-61E8AC54FF79", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:intersect_alliance:snare_agent:*:*:*:*:*:*:*:*", "matchCriteriaId": "BFC2625D-4978-4D3E-930F-7A4E1AE97832", "versionEndIncluding": "1.1.4", "vulnerable": true }, { "criteria": "cpe:2.3:a:intersect_alliance:snare_agent:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "B9D6CCDA-376C-402B-AC90-5578374B5461", "vulnerable": true }, { "criteria": "cpe:2.3:a:intersect_alliance:snare_agent:1.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "C3104865-CA72-4EA6-B12F-C1866B838C74", "vulnerable": true }, { "criteria": "cpe:2.3:a:intersect_alliance:snare_agent:1.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "F7BA01B6-7ABB-4A61-8349-CDF81B38016C", "vulnerable": true }, { "criteria": "cpe:2.3:a:intersect_alliance:snare_agent:1.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "6D9262BE-6BD7-48D5-BE9E-66404F6B4C02", "vulnerable": true }, { "criteria": "cpe:2.3:a:intersect_alliance:snare_agent:1.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "4BC22219-2F56-4562-B409-1F504A734064", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:o:microsoft:windows_7:*:*:*:*:*:*:*:*", "matchCriteriaId": "D56B932B-9593-44E2-B610-E4EB2143EB21", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:*:*:*:*:*:*:*", "matchCriteriaId": "32623D48-7000-4C7D-823F-7D2A9841D88C", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_vista:*:*:*:*:*:*:*:*", "matchCriteriaId": "3852BB02-47A1-40B3-8E32-8D8891A53114", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Multiple cross-site request forgery (CSRF) vulnerabilities in the web management interface in InterSect Alliance Snare Agent 3.2.3 and earlier on Solaris, Snare Agent 3.1.7 and earlier on Windows, Snare Agent 1.5.0 and earlier on Linux and AIX, Snare Agent 1.4 and earlier on IRIX, Snare Epilog 1.5.3 and earlier on Windows, and Snare Epilog 1.2 and earlier on UNIX allow remote attackers to hijack the authentication of administrators for requests that (1) change the password or (2) change the listening port." }, { "lang": "es", "value": "M\u00faltiples vulnerabilidades de falsificaci\u00f3n de petici\u00f3n en sitios cruzados (CSRF) en la interfaz de gesti\u00f3n Web de InterSect Alliance Snare Agent v3.2.3 y anteriores en Solaris, Snare Agent v3.1.7 y anteriores en Windows, Snare Agent v1.5.0 y anteriores en Linux y AIX, Snare Agent v1.4 y anteriores en IRIX, Snare Epilog v1.5.3 y anteriores en Windows, y Snare Epilog v1.2 y anteriores en UNIX permiten a atacantes remotos secuestrar la autenticaci\u00f3n de los administradores para solicitudes que (1) modifiquen la contrase\u00f1a o (2) cambien el puerto de escucha." } ], "id": "CVE-2010-2594", "lastModified": "2024-11-21T01:16:57.990", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true } ] }, "published": "2010-07-02T12:43:52.970", "references": [ { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "http://holisticinfosec.org/content/view/144/45/" }, { "source": "cve@mitre.org", "tags": [ "Broken Link" ], "url": "http://secunia.com/advisories/39562" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory", "US Government Resource" ], "url": "http://www.kb.cert.org/vuls/id/173009" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/bid/41226" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://holisticinfosec.org/content/view/144/45/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link" ], "url": "http://secunia.com/advisories/39562" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory", "US Government Resource" ], "url": "http://www.kb.cert.org/vuls/id/173009" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/bid/41226" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-352" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2005-01-10 05:00
Modified
2024-11-20 23:49
Severity ?
Summary
LSASS (Local Security Authority Subsystem Service) of Windows 2000 Server and Windows Server 2003 does not properly validate connection information, which allows local users to gain privileges via a specially-designed program.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
microsoft | windows_2000 | * | |
microsoft | windows_2000 | * | |
microsoft | windows_2000 | * | |
microsoft | windows_2000 | * | |
microsoft | windows_2000 | * | |
microsoft | windows_2003_server | datacenter_64-bit | |
microsoft | windows_2003_server | enterprise | |
microsoft | windows_2003_server | enterprise | |
microsoft | windows_2003_server | enterprise_64-bit | |
microsoft | windows_2003_server | enterprise_64-bit | |
microsoft | windows_2003_server | r2 | |
microsoft | windows_2003_server | r2 | |
microsoft | windows_2003_server | r2 | |
microsoft | windows_2003_server | standard | |
microsoft | windows_2003_server | standard | |
microsoft | windows_2003_server | web | |
microsoft | windows_2003_server | web | |
microsoft | windows_xp | * | |
microsoft | windows_xp | * | |
microsoft | windows_xp | * | |
microsoft | windows_xp | * | |
microsoft | windows_xp | * | |
microsoft | windows_xp | * | |
microsoft | windows_xp | * | |
microsoft | windows_xp | * | |
microsoft | windows_xp | * |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:microsoft:windows_2000:*:*:*:*:*:*:*:*", "matchCriteriaId": "4E545C63-FE9C-4CA1-AF0F-D999D84D2AFD", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_2000:*:sp1:*:*:*:*:*:*", "matchCriteriaId": "294EBA01-147B-4DA0-937E-ACBB655EDE53", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_2000:*:sp2:*:*:*:*:*:*", "matchCriteriaId": "4E8B7346-F2AA-434C-A048-7463EC1BB117", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_2000:*:sp3:*:*:*:*:*:*", "matchCriteriaId": "BE1A6107-DE00-4A1C-87FC-9E4015165B5B", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*", "matchCriteriaId": "83E7C4A0-78CF-4B56-82BF-EC932BDD8ADF", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_2003_server:datacenter_64-bit:sp1_beta_1:*:*:*:*:*:*", "matchCriteriaId": "207B8A6E-5158-4636-91D8-38021B91CB42", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_2003_server:enterprise:*:64-bit:*:*:*:*:*", "matchCriteriaId": "E69D0E21-8C62-403E-8097-2CA403CBBB1B", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_2003_server:enterprise:sp1_beta_1:*:*:*:*:*:*", "matchCriteriaId": "EAB2E520-56D9-4B3F-99BA-EBC04AC30E4F", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_2003_server:enterprise_64-bit:*:*:*:*:*:*:*", "matchCriteriaId": "B127407D-AE50-4AFE-A780-D85B5AF44A2D", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_2003_server:enterprise_64-bit:sp1_beta_1:*:*:*:*:*:*", "matchCriteriaId": "61E9C554-757E-4912-A3F6-6F1DB17483AD", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_2003_server:r2:*:64-bit:*:*:*:*:*", "matchCriteriaId": "5D42E51C-740A-4441-8BAF-D073111B984C", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_2003_server:r2:*:datacenter_64-bit:*:*:*:*:*", "matchCriteriaId": "34ACB544-87DD-4D9A-99F0-A10F48C1EE05", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_2003_server:r2:sp1_beta_1:*:*:*:*:*:*", "matchCriteriaId": "EEAFE154-7058-40A1-9806-22476A7DF0BA", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_2003_server:standard:*:64-bit:*:*:*:*:*", "matchCriteriaId": "74AD256D-4BCE-41FB-AD73-C5C63A59A06D", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_2003_server:standard:sp1_beta_1:*:*:*:*:*:*", "matchCriteriaId": "394F16B8-C29F-445A-AA47-AA82F78CFA20", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_2003_server:web:*:*:*:*:*:*:*", "matchCriteriaId": "B518E945-5FDE-4A37-878D-6946653C91F7", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_2003_server:web:sp1_beta_1:*:*:*:*:*:*", "matchCriteriaId": "A2A2852D-64BE-40B1-8811-02EBDC1E044E", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_xp:*:*:64-bit:*:*:*:*:*", "matchCriteriaId": "91D6D065-A28D-49DA-B7F4-38421FF86498", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_xp:*:*:home:*:*:*:*:*", "matchCriteriaId": "BC176BB0-1655-4BEA-A841-C4158167CC9B", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_xp:*:*:media_center:*:*:*:*:*", "matchCriteriaId": "403945FA-8676-4D98-B903-48452B46F48F", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_xp:*:gold:professional:*:*:*:*:*", "matchCriteriaId": "4BF263CB-4239-4DB0-867C-9069ED02CAD7", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp1:64-bit:*:*:*:*:*", "matchCriteriaId": "B3BBBB2E-1699-4E1E-81BB-7A394DD6B31D", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp1:home:*:*:*:*:*", "matchCriteriaId": "49693FA0-BF34-438B-AFF2-75ACC8A6D2E6", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp1:media_center:*:*:*:*:*", "matchCriteriaId": "6A05337E-18A5-4939-85A0-69583D9B5AD9", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:home:*:*:*:*:*", "matchCriteriaId": "E43BBC5A-057F-4BE2-B4BB-6791DDB0B9C1", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:media_center:*:*:*:*:*", "matchCriteriaId": "7E439FA5-78BF-41B1-BAEC-C1C94CE86F2E", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "LSASS (Local Security Authority Subsystem Service) of Windows 2000 Server and Windows Server 2003 does not properly validate connection information, which allows local users to gain privileges via a specially-designed program." }, { "lang": "es", "value": "El Servicio del Subsistema de la Autoridad de Seguridad Local (LSASS) de Windows 2000 Server and Windows Server 2003 no valida adecuadamente la informaci\u00f3n de conexi\u00f3n, lo que permite a usuarios locales ganar privilegios mediante un programa especialmente dise\u00f1ado." } ], "id": "CVE-2004-0894", "lastModified": "2024-11-20T23:49:37.730", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0" }, "exploitabilityScore": 3.9, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2005-01-10T05:00:00.000", "references": [ { "source": "cve@mitre.org", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-044" }, { "source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18340" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1888" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2062" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3312" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3325" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4368" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A778" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-044" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18340" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1888" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2062" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3312" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3325" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4368" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A778" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2010-02-26 19:30
Modified
2024-11-21 01:12
Severity ?
Summary
An unspecified API in Microsoft Windows 2000, Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, and Windows 7 does not validate arguments, which allows local users to cause a denial of service (system crash) via a crafted application.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
microsoft | windows_2000 | * | |
microsoft | windows_2003_server | * | |
microsoft | windows_7 | * | |
microsoft | windows_server_2008 | - | |
microsoft | windows_server_2008 | - | |
microsoft | windows_vista | * | |
microsoft | windows_xp | * |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:microsoft:windows_2000:*:*:*:*:*:*:*:*", "matchCriteriaId": "4E545C63-FE9C-4CA1-AF0F-D999D84D2AFD", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_2003_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "60EC86B8-5C8C-4873-B364-FB1F8EFE1CFF", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_7:*:*:*:*:*:*:*:*", "matchCriteriaId": "D56B932B-9593-44E2-B610-E4EB2143EB21", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:*:*:*:*:*:*:*", "matchCriteriaId": "32623D48-7000-4C7D-823F-7D2A9841D88C", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:gold:*:*:*:*:*:*", "matchCriteriaId": "E717FA11-732B-46D3-98AD-556346FDEBCA", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_vista:*:*:*:*:*:*:*:*", "matchCriteriaId": "3852BB02-47A1-40B3-8E32-8D8891A53114", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_xp:*:*:*:*:*:*:*:*", "matchCriteriaId": "E61F1C9B-44AF-4B35-A7B2-948EEF7639BD", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "An unspecified API in Microsoft Windows 2000, Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, and Windows 7 does not validate arguments, which allows local users to cause a denial of service (system crash) via a crafted application." }, { "lang": "es", "value": "Una API no especificada de Microsoft Windows 2000, Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008 y Windows 7 no valida los argumentos, lo que permite a usuarios locales provocar una denegaci\u00f3n de servicios (ca\u00edda del sistema) a trav\u00e9s de una aplicaci\u00f3n manipulada. \r\n" } ], "id": "CVE-2010-0719", "lastModified": "2024-11-21T01:12:49.240", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 4.7, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:L/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0" }, "exploitabilityScore": 3.4, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true } ] }, "published": "2010-02-26T19:30:00.900", "references": [ { "source": "cve@mitre.org", "url": "http://osvdb.org/62660" }, { "source": "cve@mitre.org", "url": "http://securitytracker.com/id?1023656" }, { "source": "cve@mitre.org", "url": "http://www.scmagazineus.com/malta-researchers-find-windows-bug-that-crashes-pcs/article/164439/" }, { "source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56591" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://osvdb.org/62660" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securitytracker.com/id?1023656" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.scmagazineus.com/malta-researchers-find-windows-bug-that-crashes-pcs/article/164439/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56591" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-20" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2008-02-12 23:00
Modified
2024-11-21 00:41
Severity ?
Summary
Use-after-free vulnerability in Microsoft Internet Explorer 6 SP1, 6 SP2, and and 7 allows remote attackers to execute arbitrary code by assigning malformed values to certain properties, as demonstrated using the by property of an animateMotion SVG element, aka "Property Memory Corruption Vulnerability."
References
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6:sp1:*:*:*:*:*:*", "matchCriteriaId": "D47247A3-7CD7-4D67-9D9B-A94A504DA1BE", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:o:microsoft:windows_2000:-:sp4:*:*:*:*:*:*", "matchCriteriaId": "CA2CBE65-F4B6-49AF-983C-D3CF6C172CC5", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6:*:*:*:*:*:*:*", "matchCriteriaId": "693D3C1C-E3E4-49DB-9A13-44ADDFF82507", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:o:microsoft:windows_2003_server:*:sp1:itanium:*:*:*:*:*", "matchCriteriaId": "972ADDBC-5D6E-48D5-9DB7-44FE0539807D", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_2003_server:*:sp2:*:*:*:*:*:*", "matchCriteriaId": "2978BF86-5A1A-438E-B81F-F360D0E30C9C", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_2003_server:*:sp2:itanium:*:*:*:*:*", "matchCriteriaId": "F7EFB032-47F4-4497-B16B-CB9126EAC9DF", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_2003_server:-:sp1:*:*:*:*:*:*", "matchCriteriaId": "2A0607E7-B416-4AF8-ADF6-6E503627DD29", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_server_2003:*:*:*:*:*:*:*:*", "matchCriteriaId": "31A64C69-D182-4BEC-BA8A-7B405F5B2FC0", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_server_2003:*:sp2:*:*:*:*:*:*", "matchCriteriaId": "4D3B5E4F-56A6-4696-BBB4-19DF3613D020", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*", "matchCriteriaId": "9B339C33-8896-4896-88FF-88E74FDBC543", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_xp:-:gold:x64:*:*:*:*:*", "matchCriteriaId": "135FCE5E-4296-4D8C-AF7B-84D20CD275EB", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_xp:-:sp2:x64:*:*:*:*:*", "matchCriteriaId": "FFAC3F90-77BF-4F56-A89B-8A3D2D1FC6D6", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:internet_explorer:7:*:*:*:*:*:*:*", "matchCriteriaId": "1A33FA7F-BB2A-4C66-B608-72997A2BD1DB", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:o:microsoft:windows_2003_server:*:sp1:*:*:*:*:*:*", "matchCriteriaId": "FE8F4276-4D97-480D-A542-FE9982FFD765", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_2003_server:*:sp1:itanium:*:*:*:*:*", "matchCriteriaId": "972ADDBC-5D6E-48D5-9DB7-44FE0539807D", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_2003_server:*:sp2:*:*:*:*:*:*", "matchCriteriaId": "2978BF86-5A1A-438E-B81F-F360D0E30C9C", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_2003_server:*:sp2:itanium:*:*:*:*:*", "matchCriteriaId": "F7EFB032-47F4-4497-B16B-CB9126EAC9DF", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_vista:*:*:*:*:*:*:*:*", "matchCriteriaId": "3852BB02-47A1-40B3-8E32-8D8891A53114", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_vista:*:*:x64:*:*:*:*:*", "matchCriteriaId": "1DD1D5ED-FE7C-4ADF-B3AF-1F13E51B4FB5", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*", "matchCriteriaId": "9B339C33-8896-4896-88FF-88E74FDBC543", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_xp:-:gold:x64:*:*:*:*:*", "matchCriteriaId": "135FCE5E-4296-4D8C-AF7B-84D20CD275EB", "vulnerable": false }, { "criteria": "cpe:2.3:o:microsoft:windows_xp:-:sp2:x64:*:*:*:*:*", "matchCriteriaId": "FFAC3F90-77BF-4F56-A89B-8A3D2D1FC6D6", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Use-after-free vulnerability in Microsoft Internet Explorer 6 SP1, 6 SP2, and and 7 allows remote attackers to execute arbitrary code by assigning malformed values to certain properties, as demonstrated using the by property of an animateMotion SVG element, aka \"Property Memory Corruption Vulnerability.\"" }, { "lang": "es", "value": "La vulnerabilidad de Uso de la Memoria Previamente Liberada en Microsoft Internet Explorer versiones 6 SP1, 6 SP2 y 7 permite a los atacantes remotos ejecutar c\u00f3digo arbitrario por la asignaci\u00f3n de valores malformados a determinadas propiedades, como se demuestra mediante la propiedad de un elemento de animateMotion SVG, tambi\u00e9n se conoce como \"Property Memory Corruption Vulnerability\"" } ], "id": "CVE-2008-0077", "lastModified": "2024-11-21T00:41:07.050", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0" }, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2008-02-12T23:00:00.000", "references": [ { "source": "secure@microsoft.com", "tags": [ "Broken Link" ], "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=661" }, { "source": "secure@microsoft.com", "tags": [ "Mailing List" ], "url": "http://marc.info/?l=bugtraq\u0026m=120361015026386\u0026w=2" }, { "source": "secure@microsoft.com", "tags": [ "Mailing List" ], "url": "http://marc.info/?l=bugtraq\u0026m=120361015026386\u0026w=2" }, { "source": "secure@microsoft.com", "tags": [ "Broken Link", "Vendor Advisory" ], "url": "http://secunia.com/advisories/28903" }, { "source": "secure@microsoft.com", "tags": [ "Third Party Advisory", "US Government Resource" ], "url": "http://www.kb.cert.org/vuls/id/228569" }, { "source": "secure@microsoft.com", "tags": [ "Broken Link", "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/archive/1/488048/100/0/threaded" }, { "source": "secure@microsoft.com", "tags": [ "Broken Link", "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/bid/27666" }, { "source": "secure@microsoft.com", "tags": [ "Broken Link", "Third Party Advisory", "VDB Entry" ], "url": "http://www.securitytracker.com/id?1019380" }, { "source": "secure@microsoft.com", "tags": [ "Broken Link", "Third Party Advisory", "US Government Resource" ], "url": "http://www.us-cert.gov/cas/techalerts/TA08-043C.html" }, { "source": "secure@microsoft.com", "tags": [ "Broken Link", "Vendor Advisory" ], "url": "http://www.vupen.com/english/advisories/2008/0512/references" }, { "source": "secure@microsoft.com", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.zerodayinitiative.com/advisories/ZDI-08-006.html" }, { "source": "secure@microsoft.com", "tags": [ "Patch", "Vendor Advisory" ], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-010" }, { "source": "secure@microsoft.com", "tags": [ "Broken Link" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5396" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link" ], "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=661" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List" ], "url": "http://marc.info/?l=bugtraq\u0026m=120361015026386\u0026w=2" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List" ], "url": "http://marc.info/?l=bugtraq\u0026m=120361015026386\u0026w=2" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link", "Vendor Advisory" ], "url": "http://secunia.com/advisories/28903" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory", "US Government Resource" ], "url": "http://www.kb.cert.org/vuls/id/228569" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link", "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/archive/1/488048/100/0/threaded" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link", "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/bid/27666" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link", "Third Party Advisory", "VDB Entry" ], "url": "http://www.securitytracker.com/id?1019380" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link", "Third Party Advisory", "US Government Resource" ], "url": "http://www.us-cert.gov/cas/techalerts/TA08-043C.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link", "Vendor Advisory" ], "url": "http://www.vupen.com/english/advisories/2008/0512/references" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.zerodayinitiative.com/advisories/ZDI-08-006.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-010" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5396" } ], "sourceIdentifier": "secure@microsoft.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-416" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2010-02-10 18:30
Modified
2024-11-21 01:11
Severity ?
Summary
The Key Distribution Center (KDC) in Kerberos in Microsoft Windows 2000 SP4, Server 2003 SP2, and Server 2008 Gold and SP2, when a trust relationship with a non-Windows Kerberos realm exists, allows remote authenticated users to cause a denial of service (NULL pointer dereference and domain controller outage) via a crafted Ticket Granting Ticket (TGT) renewal request, aka "Kerberos Null Pointer Dereference Vulnerability."
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
microsoft | windows_2000 | * | |
microsoft | windows_server_2003 | * | |
microsoft | windows_server_2008 | * | |
microsoft | windows_server_2008 | * |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*", "matchCriteriaId": "83E7C4A0-78CF-4B56-82BF-EC932BDD8ADF", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_server_2003:*:sp2:*:*:*:*:*:*", "matchCriteriaId": "4D3B5E4F-56A6-4696-BBB4-19DF3613D020", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_server_2008:*:*:x64:*:*:*:*:*", "matchCriteriaId": "7F9C7616-658D-409D-8B53-AC00DC55602A", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_server_2008:*:sp2:x64:*:*:*:*:*", "matchCriteriaId": "FFF81F4B-7D92-4398-8658-84530FB8F518", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "The Key Distribution Center (KDC) in Kerberos in Microsoft Windows 2000 SP4, Server 2003 SP2, and Server 2008 Gold and SP2, when a trust relationship with a non-Windows Kerberos realm exists, allows remote authenticated users to cause a denial of service (NULL pointer dereference and domain controller outage) via a crafted Ticket Granting Ticket (TGT) renewal request, aka \"Kerberos Null Pointer Dereference Vulnerability.\"" }, { "lang": "es", "value": "El Key Distribution Center (KDC) en Kerberos Microsoft Windows 2000 SP4, Server 2003 SP2, y Server 2008 Gold y SP2, cuando existe una relaci\u00f3n de confianza con un no-Windows Kerberos, permite a usuarios autenticados remotamente provocar una denegaci\u00f3n de servicio (deferencia a puntero nulo y una ca\u00edda del controlador de dominio) a trav\u00e9s de una renovaci\u00f3n de petici\u00f3n Ticket Granting Ticket (TGT) modificada. Tambi\u00e9n conocida como \"Vulnerabilidad de deferencia a puntero nulo\"." } ], "evaluatorImpact": "Per: http://www.microsoft.com/technet/security/Bulletin/MS10-014.mspx\r\n\r\n\r\n\"This vulnerability only affects domain controllers. Servers that do not perform the role of domain controllers are not affected.\"", "id": "CVE-2010-0035", "lastModified": "2024-11-21T01:11:22.970", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "COMPLETE", "baseScore": 6.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:S/C:N/I:N/A:C", "version": "2.0" }, "exploitabilityScore": 6.8, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2010-02-10T18:30:01.347", "references": [ { "source": "secure@microsoft.com", "tags": [ "US Government Resource" ], "url": "http://www.us-cert.gov/cas/techalerts/TA10-040A.html" }, { "source": "secure@microsoft.com", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-014" }, { "source": "secure@microsoft.com", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8428" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "US Government Resource" ], "url": "http://www.us-cert.gov/cas/techalerts/TA10-040A.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-014" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8428" } ], "sourceIdentifier": "secure@microsoft.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2007-02-13 20:28
Modified
2024-11-21 00:08
Severity ?
Summary
The RichEdit component in Microsoft Windows 2000 SP4, XP SP2, and 2003 SP1; Office 2000 SP3, XP SP3, 2003 SP2, and Office 2004 for Mac; and Learning Essentials for Microsoft Office 1.0, 1.1, and 1.5 allows user-assisted remote attackers to execute arbitrary code via a malformed OLE object in an RTF file, which triggers memory corruption.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
microsoft | learning_essentials | 1.0 | |
microsoft | learning_essentials | 1.1 | |
microsoft | learning_essentials | 1.5 | |
microsoft | office | * | |
microsoft | office | 2000 | |
microsoft | office | 2003 | |
microsoft | office | xp | |
microsoft | windows_2000 | * | |
microsoft | windows_2003_server | sp1 | |
microsoft | windows_xp | * |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:learning_essentials:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "556AEEE8-2801-4B4A-AEC1-22BF8FFC7489", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:learning_essentials:1.1:*:*:*:*:*:*:*", "matchCriteriaId": "1DE325B7-0EDA-4807-9EA1-BCB4EAD5850D", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:learning_essentials:1.5:*:*:*:*:*:*:*", "matchCriteriaId": "43C727FE-979A-4B67-B995-F5298C570A83", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:office:*:*:*:*:*:*:*:*", "matchCriteriaId": "49AD45BF-8A91-4C87-AF15-D38D8468A4C5", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:office:2000:sp3:*:*:*:*:*:*", "matchCriteriaId": "4891122F-AD7F-45E6-98C6-833227916F6B", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:office:2003:sp2:*:*:*:*:*:*", "matchCriteriaId": "07D3F3E4-93FB-481A-94D9-075E726697C4", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:office:xp:sp3:*:*:*:*:*:*", "matchCriteriaId": "79BA1175-7F02-4435-AEA6-1BA8AADEB7EF", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:microsoft:windows_2000:*:sp4:*:fr:*:*:*:*", "matchCriteriaId": "330B6798-5380-44AD-9B52-DF5955FA832C", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_2003_server:sp1:*:*:*:*:*:*:*", "matchCriteriaId": "644E2E89-F3E3-4383-B460-424D724EE62F", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:tablet_pc:*:*:*:*:*", "matchCriteriaId": "FB2BE2DE-7B06-47ED-A674-15D45448F357", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "The RichEdit component in Microsoft Windows 2000 SP4, XP SP2, and 2003 SP1; Office 2000 SP3, XP SP3, 2003 SP2, and Office 2004 for Mac; and Learning Essentials for Microsoft Office 1.0, 1.1, and 1.5 allows user-assisted remote attackers to execute arbitrary code via a malformed OLE object in an RTF file, which triggers memory corruption." }, { "lang": "es", "value": "El componente RichEdit en Microsoft Windows 2000 SP4, XP SP2, y 2003 SP1; Office 2000 SP3, XP SP3, 2003 SP2, y Office 2004 para Mac; y Learning Essentials para Microsoft Office 1.0, 1.1, y 1.5 permite a atacantes remotos con la complicidad del usuario ejecutar c\u00f3digo de su elecci\u00f3n mediante un objeto OLE mal formado en un fichero RTF, lo cual provoca una corrupci\u00f3n de memoria." } ], "id": "CVE-2006-1311", "lastModified": "2024-11-21T00:08:33.537", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0" }, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true } ] }, "published": "2007-02-13T20:28:00.000", "references": [ { "source": "secure@microsoft.com", "url": "http://secunia.com/advisories/24152" }, { "source": "secure@microsoft.com", "tags": [ "US Government Resource" ], "url": "http://www.kb.cert.org/vuls/id/368132" }, { "source": "secure@microsoft.com", "url": "http://www.osvdb.org/31886" }, { "source": "secure@microsoft.com", "url": "http://www.securityfocus.com/bid/21876" }, { "source": "secure@microsoft.com", "url": "http://www.securitytracker.com/id?1017640" }, { "source": "secure@microsoft.com", "url": "http://www.securitytracker.com/id?1017641" }, { "source": "secure@microsoft.com", "tags": [ "US Government Resource" ], "url": "http://www.us-cert.gov/cas/techalerts/TA07-044A.html" }, { "source": "secure@microsoft.com", "url": "http://www.vupen.com/english/advisories/2007/0582" }, { "source": "secure@microsoft.com", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-013" }, { "source": "secure@microsoft.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30592" }, { "source": "secure@microsoft.com", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1090" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/24152" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "US Government Resource" ], "url": "http://www.kb.cert.org/vuls/id/368132" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.osvdb.org/31886" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/21876" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id?1017640" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id?1017641" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "US Government Resource" ], "url": "http://www.us-cert.gov/cas/techalerts/TA07-044A.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2007/0582" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-013" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30592" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1090" } ], "sourceIdentifier": "secure@microsoft.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2010-05-06 12:47
Modified
2024-11-21 01:15
Severity ?
Summary
The SfnLOGONNOTIFY function in win32k.sys in the kernel in Microsoft Windows 2000, XP, and Server 2003 allows local users to cause a denial of service (system crash) via a 0x4c value in the second argument (aka the Msg argument) of a PostMessage function call for the DDEMLEvent window.
References
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:microsoft:windows_2000:*:-:*:*:*:*:*:*", "matchCriteriaId": "37BC01F4-DC65-47D9-A893-EBF76116A434", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_2000:*:beta3:*:*:*:*:*:*", "matchCriteriaId": "FE5BA84E-5CC1-41BC-B1CE-ED35AFA42EA8", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_2000:*:gold:*:*:*:*:*:*", "matchCriteriaId": "7FA4B3F6-3677-49D7-838C-132C9FB16EC4", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_2000:*:rc1:*:*:*:*:*:*", "matchCriteriaId": "2D7C895B-C48D-44E9-B598-E105EA1E32E6", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_2000:*:rc2:*:*:*:*:*:*", "matchCriteriaId": "3DE92EA6-F598-446C-BDC5-726D807FF2E7", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_2000:*:sp1:*:*:*:*:*:*", "matchCriteriaId": "294EBA01-147B-4DA0-937E-ACBB655EDE53", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_2000:*:sp2:*:*:*:*:*:*", "matchCriteriaId": "4E8B7346-F2AA-434C-A048-7463EC1BB117", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_2000:*:sp3:*:*:*:*:*:*", "matchCriteriaId": "BE1A6107-DE00-4A1C-87FC-9E4015165B5B", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*", "matchCriteriaId": "83E7C4A0-78CF-4B56-82BF-EC932BDD8ADF", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_2000:-:*:*:*:*:*:*:*", "matchCriteriaId": "685F1981-EA61-4A00-89F8-A748A88962F8", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_2003_server:*:gold:*:*:*:*:*:*", "matchCriteriaId": "6F3C557A-71D8-47F9-9E12-CE938F301E66", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_2003_server:*:gold:itanium:*:*:*:*:*", "matchCriteriaId": "81C8959A-915B-472F-B043-A57BA11FDB93", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_2003_server:*:gold:x64:*:*:*:*:*", "matchCriteriaId": "B92137A3-71F9-466B-87CA-F3E9EF53AE4B", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_2003_server:*:r2:x64:*:*:*:*:*", "matchCriteriaId": "0A8D49FA-C8F8-4B59-BBCB-924CC105B371", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_2003_server:*:sp1:*:*:*:*:*:*", "matchCriteriaId": "FE8F4276-4D97-480D-A542-FE9982FFD765", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_2003_server:*:sp2:*:*:*:*:*:*", "matchCriteriaId": "2978BF86-5A1A-438E-B81F-F360D0E30C9C", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_2003_server:*:sp2:itanium:*:*:*:*:*", "matchCriteriaId": "F7EFB032-47F4-4497-B16B-CB9126EAC9DF", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_server_2003:*:-:*:*:*:*:*:*", "matchCriteriaId": "D826455B-E635-4FB2-9428-81028E10D98F", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_server_2003:*:sp1:*:*:*:*:*:*", "matchCriteriaId": "DA778424-6F70-4AB6-ADD5-5D4664DFE463", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_server_2003:*:sp2:*:*:*:*:*:*", "matchCriteriaId": "4D3B5E4F-56A6-4696-BBB4-19DF3613D020", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_xp:*:*:x86:*:*:*:*:*", "matchCriteriaId": "C0BCF740-17F9-4E44-AA24-B25CDABFA5E8", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_xp:*:gold:*:*:*:*:*:*", "matchCriteriaId": "580B0C9B-DD85-40FA-9D37-BAC0C96D57FC", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_xp:*:gold:embedded:*:*:*:*:*", "matchCriteriaId": "6F874274-760A-4544-BA19-0DB4F051FBB4", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_xp:*:gold:media_center:*:*:*:*:*", "matchCriteriaId": "F3D392C5-7158-459B-B8F4-DB8A89442587", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_xp:*:gold:professional:*:*:*:*:*", "matchCriteriaId": "4BF263CB-4239-4DB0-867C-9069ED02CAD7", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_xp:*:gold:tablet_pc:*:*:*:*:*", "matchCriteriaId": "8A6EDD65-D857-49A4-89FF-8DDF0D016613", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp1:*:*:*:*:*:*", "matchCriteriaId": "A74985B6-BCA5-49E3-878B-77D7FA43070C", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp1:embedded:*:*:*:*:*", "matchCriteriaId": "ADEBB882-1C55-4B7B-B4CF-F1B23502FD90", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp1:media_center:*:*:*:*:*", "matchCriteriaId": "6A05337E-18A5-4939-85A0-69583D9B5AD9", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp1:professional:*:*:*:*:*", "matchCriteriaId": "279F8E64-F499-4189-997D-8DA748516A85", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp1:tablet_pc:*:*:*:*:*", "matchCriteriaId": "B9687E6C-EDE9-42E4-93D0-C4144FEC917A", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*", "matchCriteriaId": "9B339C33-8896-4896-88FF-88E74FDBC543", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:embedded:*:*:*:*:*", "matchCriteriaId": "B6031BA1-2F87-4556-A205-1E1B7661DFCF", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:media_center:*:*:*:*:*", "matchCriteriaId": "7E439FA5-78BF-41B1-BAEC-C1C94CE86F2E", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:professional:*:*:*:*:*", "matchCriteriaId": "C29F02ED-85FC-4D22-A6DE-5F9C77ECCD70", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:tablet_pc:*:*:*:*:*", "matchCriteriaId": "FB2BE2DE-7B06-47ED-A674-15D45448F357", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:x86:*:*:*:*:*", "matchCriteriaId": "5B057984-EB55-42E8-B34D-E644E9D5DB04", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp3:*:*:*:*:*:*", "matchCriteriaId": "CE477A73-4EE4-41E9-8694-5A3D5DC88656", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp3:x86:*:*:*:*:*", "matchCriteriaId": "7C6F35C9-526E-4E10-96F7-921F0509EE43", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_xp:-:*:*:*:*:*:*:*", "matchCriteriaId": "B47EBFCC-1828-45AB-BC6D-FB980929A81A", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_xp:-:gold:64-bit-2002:*:*:*:*:*", "matchCriteriaId": "97080724-3E69-41F8-A24F-FA47E5D813B8", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_xp:-:gold:64-bit-2003:*:*:*:*:*", "matchCriteriaId": "F51D11C1-0C1E-4062-96B9-80D2D409160B", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_xp:-:gold:home:*:*:*:*:*", "matchCriteriaId": "4FBE976D-F5F0-4BE0-84D4-5534B460792C", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_xp:-:gold:x64:*:*:*:*:*", "matchCriteriaId": "135FCE5E-4296-4D8C-AF7B-84D20CD275EB", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_xp:-:sp1:home:*:*:*:*:*", "matchCriteriaId": "52FFB338-1972-47ED-9659-341E5187BBB8", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_xp:-:sp2:home:*:*:*:*:*", "matchCriteriaId": "A1B0FA50-529D-4D33-9B6E-F32AF0A8FD90", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_xp:-:sp2:x64:*:*:*:*:*", "matchCriteriaId": "FFAC3F90-77BF-4F56-A89B-8A3D2D1FC6D6", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_xp:-:sp3:*:*:*:*:*:*", "matchCriteriaId": "C9392D35-7BF5-48E9-879B-BBDE9A9E9AB9", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_xp:-:sp3:embedded:*:*:*:*:*", "matchCriteriaId": "CA7D63F4-C373-4B7E-AA56-2D62B9CAF849", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_xp:-:sp3:home:*:*:*:*:*", "matchCriteriaId": "D586C749-9D00-4546-9941-CCFBD41BAABA", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_xp:-:sp3:media_center:*:*:*:*:*", "matchCriteriaId": "72AF15F9-4AE2-40FE-A598-1284BA3A06D3", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_xp:-:sp3:professional:*:*:*:*:*", "matchCriteriaId": "471B4ADA-8627-48BC-B13F-FF5F38F55C9D", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_xp:-:sp3:tablet_pc:*:*:*:*:*", "matchCriteriaId": "21BCA9B5-A8B0-4273-8C5E-665E118695DA", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_xp:sp3:*:*:*:*:*:*:*", "matchCriteriaId": "E69F8C21-5996-4083-A02A-F04AE948CEA9", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_xp:sp3:unknown:english:*:*:*:*:*", "matchCriteriaId": "78995D27-1EE0-4983-A6A4-BB89B49475E0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "The SfnLOGONNOTIFY function in win32k.sys in the kernel in Microsoft Windows 2000, XP, and Server 2003 allows local users to cause a denial of service (system crash) via a 0x4c value in the second argument (aka the Msg argument) of a PostMessage function call for the DDEMLEvent window." }, { "lang": "es", "value": "La funci\u00f3n SfnLOGONNOTIFY en win32k.sys en el kernel de Microsoft Windows 2000, XP, y Server 2003 permite a usuarios locales causar una denegaci\u00f3n de servicio (ca\u00edda sistema) a trav\u00e9s de un valor 0x4c en el segundo argumento (conocido como argumento MSG) de una funci\u00f3n de llamada PostMessage para la ventana DDEMLEvent." } ], "id": "CVE-2010-1735", "lastModified": "2024-11-21T01:15:05.440", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 4.9, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0" }, "exploitabilityScore": 3.9, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2010-05-06T12:47:23.863", "references": [ { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/39456" }, { "source": "cve@mitre.org", "tags": [ "Exploit" ], "url": "http://vigilance.fr/vulnerability/Windows-denials-of-service-of-win32k-sys-9607" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/510884/100/0/threaded" }, { "source": "cve@mitre.org", "tags": [ "Exploit" ], "url": "http://www.securityfocus.com/bid/39630" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/39456" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit" ], "url": "http://vigilance.fr/vulnerability/Windows-denials-of-service-of-win32k-sys-9607" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/510884/100/0/threaded" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit" ], "url": "http://www.securityfocus.com/bid/39630" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-20" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2006-06-13 19:06
Modified
2024-11-21 00:11
Severity ?
Summary
The Server Message Block (SMB) driver (MRXSMB.SYS) in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows local users to execute arbitrary code by calling the MrxSmbCscIoctlOpenForCopyChunk function with the METHOD_NEITHER method flag and an arbitrary address, possibly for kernel memory, aka the "SMB Driver Elevation of Privilege Vulnerability."
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
microsoft | windows_2000 | - | |
microsoft | windows_server_2003 | - | |
microsoft | windows_server_2003 | - | |
microsoft | windows_server_2003 | - | |
microsoft | windows_xp | - | |
microsoft | windows_xp | - | |
microsoft | windows_xp | - |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:microsoft:windows_2000:-:sp4:*:*:*:*:*:*", "matchCriteriaId": "CA2CBE65-F4B6-49AF-983C-D3CF6C172CC5", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_server_2003:-:-:*:*:*:*:*:*", "matchCriteriaId": "D8EAA5F2-20F2-4BE1-A41E-5FAFE69015C8", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_server_2003:-:sp1:*:*:*:*:itanium:*", "matchCriteriaId": "72CC2D03-538A-4603-B4FF-C6930F9D7E20", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_server_2003:-:sp1:*:*:*:*:x86:*", "matchCriteriaId": "F8B8E932-AA36-416B-88F5-C0AC6FF3D1A3", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_xp:-:-:*:*:professional:*:x64:*", "matchCriteriaId": "4902A7BD-0645-4CAC-8EA8-24BD2D8B893A", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_xp:-:sp1:*:*:*:*:*:*", "matchCriteriaId": "2572F7E5-75A3-4C11-866B-A4E9ADBD8D08", "vulnerable": true }, { "criteria": "cpe:2.3:o:microsoft:windows_xp:-:sp2:*:*:*:*:*:*", "matchCriteriaId": "34DF3B5E-F17F-49B4-9DC8-06749F3C9CC3", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "The Server Message Block (SMB) driver (MRXSMB.SYS) in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows local users to execute arbitrary code by calling the MrxSmbCscIoctlOpenForCopyChunk function with the METHOD_NEITHER method flag and an arbitrary address, possibly for kernel memory, aka the \"SMB Driver Elevation of Privilege Vulnerability.\"" } ], "id": "CVE-2006-2373", "lastModified": "2024-11-21T00:11:10.813", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2006-06-13T19:06:00.000", "references": [ { "source": "secure@microsoft.com", "tags": [ "Third Party Advisory" ], "url": "http://secunia.com/advisories/20635" }, { "source": "secure@microsoft.com", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://securitytracker.com/id?1016288" }, { "source": "secure@microsoft.com", "tags": [ "Third Party Advisory" ], "url": "http://www.idefense.com/intelligence/vulnerabilities/display.php?id=408" }, { "source": "secure@microsoft.com", "tags": [ "Broken Link" ], "url": "http://www.osvdb.org/26440" }, { "source": "secure@microsoft.com", "tags": [ "Patch", "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/bid/18356" }, { "source": "secure@microsoft.com", "tags": [ "Vendor Advisory" ], "url": "http://www.vupen.com/english/advisories/2006/2327" }, { "source": "secure@microsoft.com", "tags": [ "Patch", "Vendor Advisory" ], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-030" }, { "source": "secure@microsoft.com", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26828" }, { "source": "secure@microsoft.com", "tags": [ "Third Party Advisory" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1137" }, { "source": "secure@microsoft.com", "tags": [ "Third Party Advisory" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1730" }, { "source": "secure@microsoft.com", "tags": [ "Third Party Advisory" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1792" }, { "source": "secure@microsoft.com", "tags": [ "Third Party Advisory" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1904" }, { "source": "secure@microsoft.com", "tags": [ "Third Party Advisory" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1942" }, { "source": "secure@microsoft.com", "tags": [ "Third Party Advisory" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2007" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://secunia.com/advisories/20635" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://securitytracker.com/id?1016288" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://www.idefense.com/intelligence/vulnerabilities/display.php?id=408" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link" ], "url": "http://www.osvdb.org/26440" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/bid/18356" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://www.vupen.com/english/advisories/2006/2327" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-030" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26828" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1137" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1730" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1792" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1904" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1942" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2007" } ], "sourceIdentifier": "secure@microsoft.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-264" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2003-06-30 04:00
Modified
2024-11-20 23:44
Severity ?
Summary
Sun ONE Application Server 7.0 for Windows 2000/XP allows remote attackers to obtain JSP source code via a request that uses the uppercase ".JSP" extension instead of the lowercase .jsp extension.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
oracle | sun_one_application_server | 7.0 | |
microsoft | windows_2000 | - | |
microsoft |