NT Virtual DOS Machine (NTVDM.EXE) in Windows 2000, NT and XP does not verify user execution permissions for 16-bit executable files, which allows local users to bypass the loader and execute arbitrary programs.
Max CVSS
3.6
EPSS Score
0.07%
Published
2002-12-31
Updated
2019-04-30
Active Directory in Windows 2000, when supporting Kerberos V authentication and GSSAPI, allows remote attackers to cause a denial of service (hang) via an LDAP client that sets the page length to zero during a large request.
Max CVSS
7.1
EPSS Score
76.31%
Published
2002-12-31
Updated
2019-04-30
The Internet Group Management Protocol (IGMP) allows local users to cause a denial of service via an IGMP membership report to a target's Ethernet address instead of the Multicast group address, which causes the target to stop sending reports to the router and effectively disconnect the group from the network.
Max CVSS
4.9
EPSS Score
0.22%
Published
2002-12-31
Updated
2018-10-19
Buffer overflow in Microsoft Outlook Express 5.0, 5.5, and 6.0 allows remote attackers to cause a denial of service (crash) via a long <A HREF> link.
Max CVSS
5.0
EPSS Score
22.92%
Published
2002-12-31
Updated
2008-09-05
Microsoft Windows XP allows remote attackers to cause a denial of service (CPU consumption) by flooding UDP port 500 (ISAKMP).
Max CVSS
5.0
EPSS Score
0.56%
Published
2002-12-31
Updated
2008-09-05
cphost.dll in Microsoft Site Server 3.0 allows remote attackers to cause a denial of service (disk consumption) via an HTTP POST of a file with a long TargetURL parameter, which causes Site Server to abort and leaves the uploaded file in c:\temp.
Max CVSS
5.0
EPSS Score
3.49%
Published
2002-12-31
Updated
2008-09-05
Microsoft Internet Explorer 5.0.1 through 6.0 on Windows 2000 or Windows XP allows remote attackers to cause a denial of service (crash) via an OBJECT tag that contains a crafted CLASSID (CLSID) value of "CLSID:00022613-0000-0000-C000-000000000046".
Max CVSS
5.0
EPSS Score
0.71%
Published
2002-12-31
Updated
2021-07-23
Buffer overflow in CHttpServer::OnParseError in the ISAPI extension (Isapi.cpp) when built using Microsoft Foundation Class (MFC) static libraries in Visual C++ 5.0, and 6.0 before SP3, as used in multiple products including BadBlue, allows remote attackers to cause a denial of service (access violation and crash) and possibly execute arbitrary code via a long query string that causes a parsing error.
Max CVSS
7.5
EPSS Score
14.87%
Published
2002-12-31
Updated
2018-08-13
Microsoft IIS 5.0 and 5.1 allows remote attackers to cause a denial of service (CPU consumption) via an HTTP request with a Host header that contains a large number of "/" (forward slash) characters.
Max CVSS
5.0
EPSS Score
0.72%
Published
2002-12-31
Updated
2020-11-23
Microsoft Exchange 2000, when used with Microsoft Remote Procedure Call (MSRPC), allows remote attackers to cause a denial of service (crash or memory consumption) via malformed MSRPC calls.
Max CVSS
5.0
EPSS Score
0.95%
Published
2002-12-31
Updated
2020-04-09
Microsoft MSN Messenger Service 1.0 through 4.6 allows remote attackers to cause a denial of service (crash) via an invite request that contains hex-encoded spaces (%20) in the Invitation-Cookie field.
Max CVSS
5.0
EPSS Score
26.60%
Published
2002-12-31
Updated
2008-09-05
Microsoft Internet Explorer 5.0 through 6.0 allows remote attackers to cause a denial of service (crash) via an object of type "text/html" with the DATA field that identifies the HTML document that contains the object, which may cause infinite recursion.
Max CVSS
5.0
EPSS Score
18.76%
Published
2002-12-31
Updated
2021-07-23
Microsoft Windows 2000 allows remote attackers to cause a denial of service (memory consumption) by sending a flood of empty TCP/IP packets with the ACK and FIN bits set to the NetBIOS port (TCP/139), as demonstrated by stream3.
Max CVSS
5.0
EPSS Score
9.48%
Published
2002-12-31
Updated
2019-04-30
Microsoft Internet Explorer 5.5 through 6.0 allows remote attackers to cause a denial of service (crash) via a Cascading Style Sheet (CSS) with the p{cssText} element declared and a bold font weight.
Max CVSS
5.0
EPSS Score
31.29%
Published
2002-12-31
Updated
2021-07-23
Buffer overflow in Microsoft MSN Messenger Service 1.0 through 4.6 allows remote attackers to cause a denial of service (crash) via a long FN (font) argument in the message header.
Max CVSS
5.0
EPSS Score
2.04%
Published
2002-12-31
Updated
2017-07-11
The Microsoft Java implementation, as used in Internet Explorer, allows remote attackers to cause a denial of service (crash) and possibly conduct other unauthorized activities via applet tags in HTML that bypass Java class restrictions (such as private constructors) by providing the class name in the code parameter, aka "Incomplete Java Object Instantiation Vulnerability."
Max CVSS
7.5
EPSS Score
0.59%
Published
2002-11-29
Updated
2018-10-12
The Microsoft Java implementation, as used in Internet Explorer, can provide HTML object references to applets via Javascript, which allows remote attackers to cause a denial of service (crash due to illegal memory accesses) and possibly conduct other unauthorized activities via an applet that uses those references to access proprietary Microsoft methods.
Max CVSS
7.5
EPSS Score
5.69%
Published
2002-11-29
Updated
2016-10-18
The Microsoft Java virtual machine (VM) build 5.0.3805 and earlier, as used in Internet Explorer, allows remote attackers to extend the Standard Security Manager (SSM) class (com.ms.security.StandardSecurityManager) and bypass intended StandardSecurityManager restrictions by modifying the (1) deniedDefinitionPackages or (2) deniedAccessPackages settings, causing a denial of service by adding Java applets to the list of applets that are prevented from running.
Max CVSS
7.5
EPSS Score
1.58%
Published
2002-11-29
Updated
2018-10-12
The Microsoft Java implementation, as used in Internet Explorer, allows remote attackers to read restricted process memory, cause a denial of service (crash), and possibly execute arbitrary code via the getNativeServices function, which creates an instance of the com.ms.awt.peer.INativeServices (INativeServices) class, whose methods do not verify the memory addresses that are passed as parameters.
Max CVSS
7.5
EPSS Score
4.49%
Published
2002-11-29
Updated
2016-10-18
Stack-based buffer overflow in the Microsoft Java implementation, as used in Internet Explorer, allows remote attackers to cause a denial of service via a long class name through (1) Class.forName or (2) ClassLoader.loadClass.
Max CVSS
5.0
EPSS Score
82.66%
Published
2002-11-29
Updated
2016-10-18
Microsoft Outlook 2002 allows remote attackers to cause a denial of service (repeated failure) via an email message with a certain invalid header field that is accessed using POP3, IMAP, or WebDAV, aka "E-mail Header Processing Flaw Could Cause Outlook 2002 to Fail."
Max CVSS
5.0
EPSS Score
2.26%
Published
2002-12-18
Updated
2018-10-12

CVE-2002-1214

Public exploit
Buffer overflow in Microsoft PPTP Service on Windows XP and Windows 2000 allows remote attackers to cause a denial of service (hang) and possibly execute arbitrary code via a certain PPTP packet with malformed control data.
Max CVSS
7.5
EPSS Score
96.77%
Published
2002-10-28
Updated
2019-04-30
Internet Explorer 5.01 through 6.0 does not properly check certain parameters of a PNG file when opening it, which allows remote attackers to cause a denial of service (crash) by triggering a heap-based buffer overflow using invalid length codes during decompression, aka "Malformed PNG Image File Failure."
Max CVSS
5.0
EPSS Score
17.20%
Published
2002-12-11
Updated
2021-07-23
IIS 5.0 and 5.1 allows remote attackers to cause a denial of service (crash) via malformed WebDAV requests that cause a large amount of memory to be assigned.
Max CVSS
5.0
EPSS Score
9.78%
Published
2002-11-12
Updated
2020-11-23
An input validation error in the Sun Microsystems RPC library Services for Unix 3.0 Interix SD, as implemented on Microsoft Windows NT4, 2000, and XP, allows remote attackers to cause a denial of service via malformed fragmented RPC client packets, aka "Denial of service by sending an invalid RPC request."
Max CVSS
5.0
EPSS Score
0.90%
Published
2002-10-11
Updated
2018-10-12
56 vulnerabilities found
1 2 3
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!