CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Microsoft : Security Vulnerabilities Published In 2002 (Bypass)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2002-2401 264 Bypass 2002-12-31 2008-09-10
3.6
None Local Low Not required Partial Partial None
NT Virtual DOS Machine (NTVDM.EXE) in Windows 2000, NT and XP does not verify user execution permissions for 16-bit executable files, which allows local users to bypass the loader and execute arbitrary programs.
2 CVE-2002-2100 Bypass 2002-12-31 2008-09-05
5.0
None Remote Low Not required None Partial None
Microsoft Outlook 2002 allows remote attackers to embed bypass the file download restrictions for attachments via an HTML email message that uses an IFRAME to reference malicious content.
3 CVE-2002-1790 Bypass 2002-12-31 2008-09-05
5.0
None Remote Low Not required None Partial None
The SMTP service in Microsoft Internet Information Services (IIS) 4.0 and 5.0 allows remote attackers to bypass anti-relaying rules and send spam or spoofed messages via encapsulated SMTP addresses, a similar vulnerability to CVE-1999-0682.
4 CVE-2002-1295 DoS Bypass 2002-11-29 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
The Microsoft Java implementation, as used in Internet Explorer, allows remote attackers to cause a denial of service (crash) and possibly conduct other unauthorized activities via applet tags in HTML that bypass Java class restrictions (such as private constructors) by providing the class name in the code parameter, aka "Incomplete Java Object Instantiation Vulnerability."
5 CVE-2002-1293 Bypass 2002-11-29 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
The Microsoft Java implementation, as used in Internet Explorer, provides a public load0() method for the CabCracker class (com.ms.vm.loader.CabCracker), which allows remote attackers to bypass the security checks that are performed by the load() method.
6 CVE-2002-1292 DoS Bypass 2002-11-29 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
The Microsoft Java virtual machine (VM) build 5.0.3805 and earlier, as used in Internet Explorer, allows remote attackers to extend the Standard Security Manager (SSM) class (com.ms.security.StandardSecurityManager) and bypass intended StandardSecurityManager restrictions by modifying the (1) deniedDefinitionPackages or (2) deniedAccessPackages settings, causing a denial of service by adding Java applets to the list of applets that are prevented from running.
7 CVE-2002-1260 Bypass 2002-12-23 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
The Java Database Connectivity (JDBC) APIs in Microsoft Virtual Machine (VM) 5.0.3805 and earlier allow remote attackers to bypass security checks and access database contents via an untrusted Java applet.
8 CVE-2002-1254 Exec Code Bypass 2002-12-11 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
Internet Explorer 5.5 and 6.0 allows remote attackers to bypass the cross-domain security model and access information on the local system or in other domains, and possibly execute code, via cached methods and objects, aka "Cross Domain Verification via Cached Methods."
9 CVE-2002-1217 Exec Code Bypass 2002-10-28 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
Cross-Frame scripting vulnerability in the WebBrowser control as used in Internet Explorer 5.5 and 6.0 allows remote attackers to execute arbitrary code, read arbitrary files, or conduct other unauthorized activities via script that accesses the Document property, which bypasses <frame> and <iframe> domain restrictions.
10 CVE-2002-0861 Bypass 2002-09-24 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
Microsoft Office Web Components (OWC) 2000 and 2002 allows remote attackers to bypass the "Allow paste operations via script" setting, even when it is disabled, via the (1) Copy method of the Cell object or (2) the Paste method of the Range object.
11 CVE-2002-0832 Bypass 2002-08-12 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Internet Explorer 5, 5.6, and 6 allows remote attackers to bypass cookie privacy settings and store information across browser sessions via the userData (storeuserData) feature.
12 CVE-2002-0736 Bypass 2002-08-12 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
Microsoft BackOffice 4.0 and 4.5, when configured to be accessible by other systems, allows remote attackers to bypass authentication and access the administrative ASP pages via an HTTP request with an authorization type (auth_type) that is not blank.
13 CVE-2002-0697 Bypass 2002-08-12 2008-09-10
10.0
Admin Remote Low Not required Complete Complete Complete
Microsoft Metadirectory Services (MMS) 2.2 allows remote attackers to bypass authentication and modify sensitive data by using an LDAP client to directly connect to MMS and bypass the checks for MMS credentials.
14 CVE-2002-0622 Exec Code Bypass 2002-07-03 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
The Office Web Components (OWC) package installer for Microsoft Commerce Server 2000 allows remote attackers to execute commands by passing the commands as input to the OWC package installer, aka "OWC Package Command Execution".
15 CVE-2002-0617 Exec Code Bypass 2002-08-12 2008-09-05
5.1
User Remote High Not required Partial Partial Partial
The Macro Security Model in Microsoft Excel 2000 and 2002 for Windows allows remote attackers to execute code by creating a hyperlink on a drawing shape in a source workbook that points to a destination workbook containing an autoexecute macro, aka "Hyperlinked Excel Workbook Macro Bypass."
16 CVE-2002-0507 Bypass 2002-08-12 2008-09-05
2.1
None Local Low Not required None Partial None
An interaction between Microsoft Outlook Web Access (OWA) with RSA SecurID allows local users to bypass the SecurID authentication for a previous user via several submissions of an OWA Authentication request with the proper OWA password for the previous user, which is eventually accepted by OWA.
17 CVE-2002-0481 Bypass 2002-08-12 2008-09-05
5.1
User Remote High Not required Partial Partial Partial
An interaction between Windows Media Player (WMP) and Outlook 2002 allows remote attackers to bypass Outlook security settings and execute Javascript via an IFRAME in an HTML email message that references .WMS (Windows Media Skin) or other WMP media files, whose onload handlers execute the player.LaunchURL() Javascript function.
18 CVE-2002-0444 Bypass 2002-07-26 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Microsoft Windows 2000 running the Terminal Server 90-day trial version, and possibly other versions, does not apply group policies to incoming users when the number of connections to the SYSVOL share exceeds the maximum, e.g. with a maximum number of licenses, which can allow remote authenticated users to bypass group policies.
19 CVE-2002-0443 Bypass 2002-07-26 2008-09-05
4.6
User Local Low Not required Partial Partial Partial
Microsoft Windows 2000 allows local users to bypass the policy that prohibits reusing old passwords by changing the current password before it expires, which does not enable the check for previous passwords.
20 CVE-2002-0421 Bypass 2002-08-12 2008-09-05
5.0
None Remote Low Not required None Partial None
IIS 4.0 allows local users to bypass the "User cannot change password" policy for Windows NT by directly calling .htr password changing programs in the /iisadmpwd directory, including (1) aexp2.htr, (2) aexp2b.htr, (3) aexp3.htr , or (4) aexp4.htr.
21 CVE-2002-0372 Bypass 2002-07-03 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
Microsoft Windows Media Player versions 6.4 and 7.1 and Media Player for Windows XP allow remote attackers to bypass Internet Explorer's (IE) security mechanisms and run code via an executable .wma media file with a license installation requirement stored in the IE cache, aka the "Cache Path Disclosure via Windows Media Player".
22 CVE-2002-0285 Bypass 2002-05-31 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
Outlook Express 5.5 and 6.0 on Windows treats a carriage return ("CR") in a message header as if it were a valid carriage return/line feed combination (CR/LF), which could allow remote attackers to bypass virus protection and or other filtering mechanisms via a mail message with headers that only contain the CR, which causes Outlook to create separate headers.
23 CVE-2002-0153 Bypass 2002-04-22 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
Internet Explorer 5.1 for Macintosh allows remote attackers to bypass security checks and invoke local AppleScripts within a specific HTML element, aka the "Local Applescript Invocation" vulnerability.
24 CVE-2002-0026 Bypass 2002-03-08 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
Internet Explorer 5.5 and 6.0 allows remote attackers to bypass restrictions for executing scripts via an object that processes asynchronous events after the initial security checks have been made.
25 CVE-2002-0023 Bypass 2002-03-08 2008-09-05
5.0
None Remote Low Not required Partial None None
Internet Explorer 5.01, 5.5 and 6.0 allows remote attackers to read arbitrary files via malformed requests to the GetObject function, which bypass some of GetObject's security checks.
Total number of vulnerabilities : 25   Page : 1 (This Page)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.