CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Microsoft : Security Vulnerabilities Published In 2002 (Overflow)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2002-2164 DoS Overflow 2002-12-31 2008-09-05
5.0
None Remote Low Not required None None Partial
Buffer overflow in Microsoft Outlook Express 5.0, 5.5, and 6.0 allows remote attackers to cause a denial of service (crash) via a long <A HREF> link.
2 CVE-2002-1973 DoS Exec Code Overflow 2002-12-31 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
Buffer overflow in CHttpServer::OnParseError in the ISAPI extension (Isapi.cpp) when built using Microsoft Foundation Class (MFC) static libraries in Visual C++ 5.0, and 6.0 before SP3, as used in multiple products including BadBlue, allows remote attackers to cause a denial of service (access violation and crash) and possibly execute arbitrary code via a long query string that causes a parsing error.
3 CVE-2002-1918 Overflow 2002-12-31 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in Microsoft Active Data Objects (ADO) in Microsoft MDAC 2.5 through 2.7 allows remote attackers to have unknown impact with unknown attack vectors. NOTE: due to the lack of details available regarding this issue, perhaps it should be REJECTED.
4 CVE-2002-1847 Exec Code Overflow 2002-12-31 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Buffer overflow in mplay32.exe of Microsoft Windows Media Player (WMP) 6.3 through 7.1 allows remote attackers to execute arbitrary commands via a long mp3 filename command line argument. NOTE: since the only known attack vector requires command line access, this may not be a vulnerability.
5 CVE-2002-1698 DoS Overflow 2002-12-31 2008-09-05
5.0
None Remote Low Not required None None Partial
Buffer overflow in Microsoft MSN Messenger Service 1.0 through 4.6 allows remote attackers to cause a denial of service (crash) via a long FN (font) argument in the message header.
6 CVE-2002-1692 Exec Code Overflow 2002-12-31 2008-09-05
3.6
None Local Low Not required None Partial Partial
Buffer overflow in backup utility of Microsoft Windows 95 allows attackers to execute arbitrary code by causing a filename with a long extension to be placed in a folder to be backed up.
7 CVE-2002-1327 Exec Code Overflow 2002-12-26 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
Buffer overflow in the Windows Shell function in Microsoft Windows XP allows remote attackers to execute arbitrary code via an .MP3 or .WMA audio file with a corrupt custom attribute, aka "Unchecked Buffer in Windows Shell Could Enable System Compromise."
8 CVE-2002-1287 DoS Overflow 2002-11-29 2008-09-05
5.0
None Remote Low Not required None None Partial
Stack-based buffer overflow in the Microsoft Java implementation, as used in Internet Explorer, allows remote attackers to cause a denial of service via a long class name through (1) Class.forName or (2) ClassLoader.loadClass.
9 CVE-2002-1214 DoS Exec Code Overflow 2002-10-28 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
Buffer overflow in Microsoft PPTP Service on Windows XP and Windows 2000 allows remote attackers to cause a denial of service (hang) and possibly execute arbitrary code via a certain PPTP packet with malformed control data.
10 CVE-2002-1185 DoS Overflow 2002-12-11 2008-09-10
5.0
None Remote Low Not required None None Partial
Internet Explorer 5.01 through 6.0 does not properly check certain parameters of a PNG file when opening it, which allows remote attackers to cause a denial of service (crash) by triggering a heap-based buffer overflow using invalid length codes during decompression, aka "Malformed PNG Image File Failure."
11 CVE-2002-1179 Exec Code Overflow 2002-10-28 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
Buffer overflow in the S/MIME Parsing capability in Microsoft Outlook Express 5.5 and 6.0 allows remote attackers to execute arbitrary code via a digitally signed email with a long "From" address, which triggers the overflow when the user views or previews the message.
12 CVE-2002-1142 Exec Code Overflow 2002-11-29 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
Heap-based buffer overflow in the Remote Data Services (RDS) component of Microsoft Data Access Components (MDAC) 2.1 through 2.6, and Internet Explorer 5.01 through 6.0, allows remote attackers to execute code via a malformed HTTP request to the Data Stub.
13 CVE-2002-1137 Exec Code Overflow 2002-10-11 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Buffer overflow in the Database Console Command (DBCC) that handles user inputs in Microsoft SQL Server 7.0 and 2000, including Microsoft Data Engine (MSDE) 1.0 and Microsoft Desktop Engine (MSDE) 2000, allows attackers to execute arbitrary code via a long SourceDB argument in a "non-SQL OLEDB data source" such as FoxPro, a variant of CAN-2002-0644.
14 CVE-2002-1123 Exec Code Overflow 2002-09-24 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
Buffer overflow in the authentication function for Microsoft SQL Server 2000 and Microsoft Desktop Engine (MSDE) 2000 allows remote attackers to execute arbitrary code via a long request to TCP port 1433, aka the "Hello" overflow.
15 CVE-2002-0977 Exec Code Overflow 2002-09-24 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
Buffer overflow in Microsoft File Transfer Manager (FTM) ActiveX control before 4.0 allows remote attackers to execute arbitrary code via a long TS value.
16 CVE-2002-0975 Overflow 2002-09-24 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
Buffer overflow in Microsoft DirectX Files Viewer ActiveX control (xweb.ocx) 2.0.6.15 and earlier allows remote attackers to execute arbitrary via a long File parameter.
17 CVE-2002-0859 Exec Code Overflow 2002-09-05 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
Buffer overflow in the OpenDataSource function of the Jet engine on Microsoft SQL Server 2000 allows remote attackers to execute arbitrary code.
18 CVE-2002-0823 Exec Code Overflow 2002-08-12 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Buffer overflow in Winhlp32.exe allows remote attackers to execute arbitrary code via an HTML document that calls the HTML Help ActiveX control (HHCtrl.ocx) with a long pathname in the Item parameter.
19 CVE-2002-0726 Exec Code Overflow 2002-09-24 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
Buffer overflow in Microsoft Terminal Services Advanced Client (TSAC) ActiveX control allows remote attackers to execute arbitrary code via a long server name field.
20 CVE-2002-0724 DoS Overflow 2002-09-24 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
Buffer overflow in SMB (Server Message Block) protocol in Microsoft Windows NT, Windows 2000, and Windows XP allows attackers to cause a denial of service (crash) via a SMB_COM_TRANSACTION packet with a request for the (1) NetShareEnum, (2) NetServerEnum2, or (3) NetServerEnum3, aka "Unchecked Buffer in Network Share Provider Can Lead to Denial of Service".
21 CVE-2002-0700 Exec Code Overflow 2002-08-12 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
Buffer overflow in a system function that performs user authentication for Microsoft Content Management Server (MCMS) 2001 allows attackers to execute code in the Local System context by authenticating to a web page that calls the function, aka "Unchecked Buffer in MDAC Function Could Enable SQL Server Compromise."
22 CVE-2002-0698 Exec Code Overflow 2002-08-12 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
Buffer overflow in Internet Mail Connector (IMC) for Microsoft Exchange Server 5.5 allows remote attackers to execute arbitrary code via an EHLO request from a system with a long name as obtained through a reverse DNS lookup, which triggers the overflow in IMC's hello response.
23 CVE-2002-0695 Exec Code Overflow 2002-08-12 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
Buffer overflow in the Transact-SQL (T-SQL) OpenRowSet component of Microsoft Data Access Components (MDAC) 2.5 through 2.7 for SQL Server 7.0 or 2000 allows remote attackers to execute arbitrary code via a query that calls the OpenRowSet command.
24 CVE-2002-0693 Exec Code Overflow 2002-10-10 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
Buffer overflow in the HTML Help ActiveX Control (hhctrl.ocx) in Microsoft Windows 98, 98 Second Edition, Millennium Edition, NT 4.0, NT 4.0 Terminal Server Edition, Windows 2000, and Windows XP allows remote attackers to execute code via (1) a long parameter to the Alink function, or (2) script containing a long argument to the showHelp function.
25 CVE-2002-0692 DoS Overflow 2002-10-10 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
Buffer overflow in SmartHTML Interpreter (shtml.dll) in Microsoft FrontPage Server Extensions (FPSE) 2000 and 2002 allows remote attackers to cause a denial of service (CPU consumption) or run arbitrary code, respectively, via a certain type of web file request.
26 CVE-2002-0649 119 DoS Exec Code Overflow 2002-08-12 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
Multiple buffer overflows in the Resolution Service for Microsoft SQL Server 2000 and Microsoft Desktop Engine 2000 (MSDE) allow remote attackers to cause a denial of service or execute arbitrary code via UDP packets to port 1434 in which (1) a 0x04 byte that causes the SQL Monitor thread to generate a long registry key name, or (2) a 0x08 byte with a long string causes heap corruption, as exploited by the Slammer/Sapphire worm.
27 CVE-2002-0647 Exec Code Overflow 2002-09-24 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
Buffer overflow in a legacy ActiveX control used to display specially formatted text in Microsoft Internet Explorer 5.01, 5.5, and 6.0 allows remote attackers to execute arbitrary code, aka "Buffer Overrun in Legacy Text Formatting ActiveX Control".
28 CVE-2002-0644 Exec Code Overflow 2002-08-12 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Buffer overflow in several Database Consistency Checkers (DBCCs) for Microsoft SQL Server 2000 and Microsoft Desktop Engine (MSDE) 2000 allows members of the db_owner and db_ddladmin roles to execute arbitrary code.
29 CVE-2002-0641 Exec Code Overflow 2002-07-23 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
Buffer overflow in bulk insert procedure of Microsoft SQL Server 2000, including Microsoft SQL Server Desktop Engine (MSDE) 2000, allows attackers with database administration privileges to execute arbitrary code via a long filename in the BULK INSERT query.
30 CVE-2002-0624 Exec Code Overflow 2002-07-23 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
Buffer overflow in the password encryption function of Microsoft SQL Server 2000, including Microsoft SQL Server Desktop Engine (MSDE) 2000, allows remote attackers to gain control of the database and execute arbitrary code via SQL Server Authentication, aka "Unchecked Buffer in Password Encryption Procedure."
31 CVE-2002-0623 Exec Code Overflow 2002-07-03 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Buffer overflow in AuthFilter ISAPI filter on Microsoft Commerce Server 2000 and 2002 allows remote attackers to execute arbitrary code via long authentication data, aka "New Variant of the ISAPI Filter Buffer Overrun".
32 CVE-2002-0621 Overflow 2002-07-03 2008-09-10
5.0
None Remote Low Not required None None Partial
Buffer overflow in the Office Web Components (OWC) package installer used by Microsoft Commerce Server 2000 allows remote attackers to cause the process to fail or run arbitrary code in the LocalSystem security context via certain input to the OWC package installer.
33 CVE-2002-0620 Overflow 2002-07-03 2008-09-10
5.0
None Remote Low Not required None None Partial
Buffer overflow in the Profile Service of Microsoft Commerce Server 2000 allows remote attackers to cause the server to fail or run arbitrary code in the LocalSystem security context via an input field using an affected API.
34 CVE-2002-0371 Exec Code Overflow 2002-07-03 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
Buffer overflow in gopher client for Microsoft Internet Explorer 5.1 through 6.0, Proxy Server 2.0, or ISA Server 2000 allows remote attackers to execute arbitrary code via a gopher:// URL that redirects the user to a real or simulated gopher server that sends a long response.
35 CVE-2002-0370 DoS Exec Code Overflow 2002-10-10 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Buffer overflow in the ZIP capability for multiple products allows remote attackers to cause a denial of service or execute arbitrary code via ZIP files containing entries with long filenames, including (1) Microsoft Windows 98 with Plus! Pack, (2) Windows XP, (3) Windows ME, (4) Lotus Notes R4 through R6 (pre-gold), (5) Verity KeyView, and (6) Stuffit Expander before 7.0.
36 CVE-2002-0369 DoS Exec Code Overflow 2002-07-26 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in ASP.NET Worker Process allows remote attackers to cause a denial of service (restart) and possibly execute arbitrary code via a routine that processes cookies while in StateServer mode.
37 CVE-2002-0366 Exec Code Overflow 2002-07-03 2008-09-05
7.2
Admin Local Low Not required Complete Complete Complete
Buffer overflow in Remote Access Service (RAS) phonebook for Windows NT 4.0, 2000, XP, and Routing and Remote Access Server (RRAS) allows local users to execute arbitrary code by modifying the rasphone.pbk file to use a long dial-up entry.
38 CVE-2002-0364 Exec Code Overflow 2002-07-03 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
Buffer overflow in the chunked encoding transfer mechanism in IIS 4.0 and 5.0 allows attackers to execute arbitrary code via the processing of HTR request sessions, aka "Heap Overrun in HTR Chunked Encoding Could Enable Web Server Compromise."
39 CVE-2002-0186 Exec Code Overflow 2002-07-03 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
Buffer overflow in the SQLXML ISAPI extension of Microsoft SQL Server 2000 allows remote attackers to execute arbitrary code via data queries with a long content-type parameter, aka "Unchecked Buffer in SQLXML ISAPI Extension."
40 CVE-2002-0155 Exec Code Overflow 2002-05-29 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
Buffer overflow in Microsoft MSN Chat ActiveX Control, as used in MSN Messenger 4.5 and 4.6, and Exchange Instant Messenger 4.5 and 4.6, allows remote attackers to execute arbitrary code via a long ResDLL parameter in the MSNChat OCX.
41 CVE-2002-0154 DoS Exec Code Overflow 2002-05-16 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
Buffer overflows in extended stored procedures for Microsoft SQL Server 7.0 and 2000 allow remote attackers to cause a denial of service or execute arbitrary code via a database query with certain long arguments.
42 CVE-2002-0152 DoS Exec Code Overflow 2002-04-22 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
Buffer overflow in various Microsoft applications for Macintosh allows remote attackers to cause a denial of service (crash) or execute arbitrary code by invoking the file:// directive with a large number of / characters, which affects Internet Explorer 5.1, Outlook Express 5.0 through 5.0.2, Entourage v. X and 2001, PowerPoint v. X, 2001, and 98, and Excel v. X and 2001 for Macintosh.
43 CVE-2002-0151 DoS Overflow +Priv 2002-04-04 2008-09-05
7.2
Admin Local Low Not required Complete Complete Complete
Buffer overflow in Multiple UNC Provider (MUP) in Microsoft Windows operating systems allows local users to cause a denial of service or possibly gain SYSTEM privileges via a long UNC request.
44 CVE-2002-0150 DoS Exec Code Overflow 2002-04-22 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
Buffer overflow in Internet Information Server (IIS) 4.0, 5.0, and 5.1 allows remote attackers to spoof the safety check for HTTP headers and cause a denial of service or execute arbitrary code via HTTP header field values.
45 CVE-2002-0149 DoS Exec Code Overflow 2002-04-22 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
Buffer overflow in ASP Server-Side Include Function in IIS 4.0, 5.0 and 5.1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via long file names.
46 CVE-2002-0147 DoS Exec Code Overflow 2002-04-22 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
Buffer overflow in the ASP data transfer mechanism in Internet Information Server (IIS) 4.0, 5.0, and 5.1 allows remote attackers to cause a denial of service or execute code, aka "Microsoft-discovered variant of Chunked Encoding buffer overrun."
47 CVE-2002-0079 DoS Exec Code Overflow 2002-04-22 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Buffer overflow in the chunked encoding transfer mechanism in Internet Information Server (IIS) 4.0 and 5.0 Active Server Pages allows attackers to cause a denial of service or execute arbitrary code.
48 CVE-2002-0071 DoS Exec Code Overflow 2002-04-22 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
Buffer overflow in the ism.dll ISAPI extension that implements HTR scripting in Internet Information Server (IIS) 4.0 and 5.0 allows attackers to cause a denial of service or execute arbitrary code via HTR requests with long variable names.
49 CVE-2002-0070 119 Exec Code Overflow 2002-03-15 2008-09-05
7.6
Admin Remote High Not required Complete Complete Complete
Buffer overflow in Windows Shell (used as the Windows Desktop) allows local and possibly remote attackers to execute arbitrary code via a custom URL handler that has not been removed for an application that has been improperly uninstalled.
50 CVE-2002-0056 Exec Code Overflow 2002-03-08 2008-09-10
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in SQL Server 7.0 and 2000 allows remote attackers to execute arbitrary code via a long OLE DB provider name to (1) OpenDataSource or (2) OpenRowset in an ad hoc connection.
Total number of vulnerabilities : 54   Page : 1 (This Page)2
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.