Microsoft : Security Vulnerabilities Published In 2002
NT Virtual DOS Machine (NTVDM.EXE) in Windows 2000, NT and XP does not verify user execution permissions for 16-bit executable files, which allows local users to bypass the loader and execute arbitrary programs.
Max Base Score
3.6
Published
2002-12-31
Updated
2019-04-30
EPSS
0.04%
NetDSL ADSL Modem 800 with Microsoft Network firmware 5.5.11 allows remote attackers to gain access to configuration menus by sniffing undocumented usernames and passwords from network traffic.
Max Base Score
6.4
Published
2002-12-31
Updated
2008-09-05
EPSS
0.63%
Active Directory in Windows 2000, when supporting Kerberos V authentication and GSSAPI, allows remote attackers to cause a denial of service (hang) via an LDAP client that sets the page length to zero during a large request.
Max Base Score
7.1
Published
2002-12-31
Updated
2019-04-30
EPSS
3.47%
The "System Restore" directory and subdirectories, and possibly other subdirectories in the "System Volume Information" directory on Windows XP Professional, have insecure access control list (ACL) permissions, which allows local users to access restricted files and modify registry settings.
Max Base Score
7.2
Published
2002-12-31
Updated
2008-09-05
EPSS
0.04%
Microsoft Internet Explorer 6.0 and possibly others allows remote attackers to upload arbitrary file contents when users press a key corresponding to the JavaScript (1) event.ctrlKey or (2) event.shiftKey onkeydown event contained in a webpage. NOTE: it was reported that the vendor has disputed the severity of this issue.
Max Base Score
6.4
Published
2002-12-31
Updated
2021-07-23
EPSS
0.49%
Microsoft Windows XP with Fast User Switching (FUS) enabled does not remove the "show processes from all users" privilege when the user is removed from the administrator group, which allows that user to view processes of other users.
Max Base Score
1.9
Published
2002-12-31
Updated
2017-08-17
EPSS
0.09%
Outlook Express 6.0 does not delete messages from dbx files, even when a user empties the Deleted items folder, which allows local users to read other users email.
Max Base Score
3.8
Published
2002-12-31
Updated
2008-09-05
EPSS
0.05%
Cross-site scripting (XSS) vulnerability in ActiveXperts Software ActiveWebserver allows remote attackers to execute arbitrary web script via a link.
Max Base Score
5.1
Published
2002-12-31
Updated
2008-09-05
EPSS
0.42%
The Internet Group Management Protocol (IGMP) allows local users to cause a denial of service via an IGMP membership report to a target's Ethernet address instead of the Multicast group address, which causes the target to stop sending reports to the router and effectively disconnect the group from the network.
Max Base Score
4.9
Published
2002-12-31
Updated
2018-10-19
EPSS
0.21%
Buffer overflow in Microsoft Outlook Express 5.0, 5.5, and 6.0 allows remote attackers to cause a denial of service (crash) via a long <A HREF> link.
Max Base Score
5.0
Published
2002-12-31
Updated
2008-09-05
EPSS
10.91%
Windows File Protection (WFP) in Windows 2000 and XP does not remove old security catalog .CAT files, which could allow local users to replace new files with vulnerable old files that have valid hash codes.
Max Base Score
2.1
Published
2002-12-31
Updated
2017-11-21
EPSS
0.06%
Internet Explorer 6.0 does not warn users when an expired certificate authority (CA) certificate is submitted to the user and a newer CA certificate is in the user's local repository, which could allow remote attackers to decrypt web sessions via a man-in-the-middle (MITM) attack.
Max Base Score
6.4
Published
2002-12-31
Updated
2021-07-23
EPSS
0.33%
Microsoft Windows XP allows remote attackers to cause a denial of service (CPU consumption) by flooding UDP port 500 (ISAKMP).
Max Base Score
5.0
Published
2002-12-31
Updated
2008-09-05
EPSS
0.42%
Microsoft Windows XP allows local users to prevent the system from booting via a corrupt explorer.exe.manifest file.
Max Base Score
2.1
Published
2002-12-31
Updated
2017-12-19
EPSS
0.04%
Microsoft Outlook 2002 allows remote attackers to execute arbitrary JavaScript code, even when scripting is disabled, via an "about:" or "javascript:" URI in the href attribute of an "a" tag.
Max Base Score
7.5
Published
2002-12-31
Updated
2008-09-05
EPSS
0.85%
Microsoft Outlook 2002 allows remote attackers to embed bypass the file download restrictions for attachments via an HTML email message that uses an IFRAME to reference malicious content.
Max Base Score
5.0
Published
2002-12-31
Updated
2008-09-05
EPSS
0.69%
cphost.dll in Microsoft Site Server 3.0 allows remote attackers to cause a denial of service (disk consumption) via an HTTP POST of a file with a long TargetURL parameter, which causes Site Server to abort and leaves the uploaded file in c:\temp.
Max Base Score
5.0
Published
2002-12-31
Updated
2008-09-05
EPSS
2.04%
The DCOM client in Windows 2000 before SP3 does not properly clear memory before sending an "alter context" request, which may allow remote attackers to obtain sensitive information by sniffing the session.
Max Base Score
5.0
Published
2002-12-31
Updated
2019-04-30
EPSS
3.43%
Cross-site scripting (XSS) vulnerability in the default ASP pages on Microsoft Site Server 3.0 on Windows NT 4.0 allows remote attackers to inject arbitrary web script or HTML via the (1) ctr parameter in Default.asp and (2) the query string to formslogin.asp.
Max Base Score
4.3
Published
2002-12-31
Updated
2016-10-18
EPSS
1.53%
Cross-site scripting (XSS) vulnerability in ftp.htt in Internet Explorer 5.5 and 6.0, when running on Windows 2000 with "Enable folder view for FTP sites" and "Enable Web content in folders" selected, allows remote attackers to inject arbitrary web script or HTML via the hostname portion of an FTP URL.
Max Base Score
4.3
Published
2002-12-31
Updated
2021-07-23
EPSS
94.24%
Internet Explorer 5.0, 5.0.1 and 5.5 with JavaScript execution enabled allows remote attackers to determine the existence of arbitrary files via a script tag with a src parameter that references a non-JavaScript file, then using the onError event handler to monitor the results.
Max Base Score
5.0
Published
2002-12-31
Updated
2021-07-23
EPSS
2.45%
The screensaver on Windows NT 4.0, 2000, XP, and 2002 does not verify if a domain account has already been locked when a valid password is provided, which makes it easier for users with physical access to conduct brute force password guessing.
Max Base Score
2.1
Published
2002-12-31
Updated
2019-04-30
EPSS
0.38%
Microsoft Internet Explorer 5.0.1 through 6.0 on Windows 2000 or Windows XP allows remote attackers to cause a denial of service (crash) via an OBJECT tag that contains a crafted CLASSID (CLSID) value of "CLSID:00022613-0000-0000-C000-000000000046".
Max Base Score
5.0
Published
2002-12-31
Updated
2021-07-23
EPSS
0.40%
Microsoft SQL Server 2000 through SQL Server 2000 SP2 allows the "public" role to execute the (1) sp_MSSetServerProperties or (2) sp_MSsetalertinfo stored procedures, which allows attackers to modify configuration including SQL server startup and alert settings.
Max Base Score
5.0
Published
2002-12-31
Updated
2008-09-05
EPSS
0.49%
Buffer overflow in CHttpServer::OnParseError in the ISAPI extension (Isapi.cpp) when built using Microsoft Foundation Class (MFC) static libraries in Visual C++ 5.0, and 6.0 before SP3, as used in multiple products including BadBlue, allows remote attackers to cause a denial of service (access violation and crash) and possibly execute arbitrary code via a long query string that causes a parsing error.
Max Base Score
7.5
Published
2002-12-31
Updated
2018-08-13
EPSS
14.87%