Microsoft : Security Vulnerabilities Published In 2002 (Denial of service)
NT Virtual DOS Machine (NTVDM.EXE) in Windows 2000, NT and XP does not verify user execution permissions for 16-bit executable files, which allows local users to bypass the loader and execute arbitrary programs.
Max Base Score
3.6
Published
2002-12-31
Updated
2019-04-30
EPSS
0.04%
Active Directory in Windows 2000, when supporting Kerberos V authentication and GSSAPI, allows remote attackers to cause a denial of service (hang) via an LDAP client that sets the page length to zero during a large request.
Max Base Score
7.1
Published
2002-12-31
Updated
2019-04-30
EPSS
3.47%
The Internet Group Management Protocol (IGMP) allows local users to cause a denial of service via an IGMP membership report to a target's Ethernet address instead of the Multicast group address, which causes the target to stop sending reports to the router and effectively disconnect the group from the network.
Max Base Score
4.9
Published
2002-12-31
Updated
2018-10-19
EPSS
0.21%
Buffer overflow in Microsoft Outlook Express 5.0, 5.5, and 6.0 allows remote attackers to cause a denial of service (crash) via a long <A HREF> link.
Max Base Score
5.0
Published
2002-12-31
Updated
2008-09-05
EPSS
10.91%
Microsoft Windows XP allows remote attackers to cause a denial of service (CPU consumption) by flooding UDP port 500 (ISAKMP).
Max Base Score
5.0
Published
2002-12-31
Updated
2008-09-05
EPSS
0.42%
cphost.dll in Microsoft Site Server 3.0 allows remote attackers to cause a denial of service (disk consumption) via an HTTP POST of a file with a long TargetURL parameter, which causes Site Server to abort and leaves the uploaded file in c:\temp.
Max Base Score
5.0
Published
2002-12-31
Updated
2008-09-05
EPSS
2.04%
Microsoft Internet Explorer 5.0.1 through 6.0 on Windows 2000 or Windows XP allows remote attackers to cause a denial of service (crash) via an OBJECT tag that contains a crafted CLASSID (CLSID) value of "CLSID:00022613-0000-0000-C000-000000000046".
Max Base Score
5.0
Published
2002-12-31
Updated
2021-07-23
EPSS
0.40%
Buffer overflow in CHttpServer::OnParseError in the ISAPI extension (Isapi.cpp) when built using Microsoft Foundation Class (MFC) static libraries in Visual C++ 5.0, and 6.0 before SP3, as used in multiple products including BadBlue, allows remote attackers to cause a denial of service (access violation and crash) and possibly execute arbitrary code via a long query string that causes a parsing error.
Max Base Score
7.5
Published
2002-12-31
Updated
2018-08-13
EPSS
14.87%
Microsoft IIS 5.0 and 5.1 allows remote attackers to cause a denial of service (CPU consumption) via an HTTP request with a Host header that contains a large number of "/" (forward slash) characters.
Max Base Score
5.0
Published
2002-12-31
Updated
2020-11-23
EPSS
0.83%
Microsoft Exchange 2000 allows remote authenticated attackers to cause a denial of service via a large number of rapid requests, which consumes all of the licenses that are granted to Exchange by IIS.
Max Base Score
2.1
Published
2002-12-31
Updated
2020-04-09
EPSS
0.31%
Microsoft Exchange 2000, when used with Microsoft Remote Procedure Call (MSRPC), allows remote attackers to cause a denial of service (crash or memory consumption) via malformed MSRPC calls.
Max Base Score
5.0
Published
2002-12-31
Updated
2020-04-09
EPSS
0.92%
Microsoft MSN Messenger Service 1.0 through 4.6 allows remote attackers to cause a denial of service (crash) via an invite request that contains hex-encoded spaces (%20) in the Invitation-Cookie field.
Max Base Score
5.0
Published
2002-12-31
Updated
2008-09-05
EPSS
8.39%
Microsoft Internet Explorer 5.0 through 6.0 allows remote attackers to cause a denial of service (crash) via an object of type "text/html" with the DATA field that identifies the HTML document that contains the object, which may cause infinite recursion.
Max Base Score
5.0
Published
2002-12-31
Updated
2021-07-23
EPSS
18.76%
Microsoft Windows 2000 allows remote attackers to cause a denial of service (memory consumption) by sending a flood of empty TCP/IP packets with the ACK and FIN bits set to the NetBIOS port (TCP/139), as demonstrated by stream3.
Max Base Score
5.0
Published
2002-12-31
Updated
2019-04-30
EPSS
9.48%
Microsoft Internet Explorer 5.5 through 6.0 allows remote attackers to cause a denial of service (crash) via a Cascading Style Sheet (CSS) with the p{cssText} element declared and a bold font weight.
Max Base Score
5.0
Published
2002-12-31
Updated
2021-07-23
EPSS
31.29%
Buffer overflow in Microsoft MSN Messenger Service 1.0 through 4.6 allows remote attackers to cause a denial of service (crash) via a long FN (font) argument in the message header.
Max Base Score
5.0
Published
2002-12-31
Updated
2017-07-11
EPSS
2.04%
The Google toolbar 1.1.60, when running on Internet Explorer 5.5 and 6.0, allows remote attackers to cause a denial of service (crash with an exception in oleaut32.dll) via malicious HTML, possibly related to small width and height parameters or an incorrect call to the Google.Search() function.
Max Base Score
2.6
Published
2002-08-15
Updated
2021-07-23
EPSS
5.41%
The Microsoft Java implementation, as used in Internet Explorer, allows remote attackers to cause a denial of service (crash) and possibly conduct other unauthorized activities via applet tags in HTML that bypass Java class restrictions (such as private constructors) by providing the class name in the code parameter, aka "Incomplete Java Object Instantiation Vulnerability."
Max Base Score
7.5
Published
2002-11-29
Updated
2018-10-12
EPSS
0.59%
The Microsoft Java implementation, as used in Internet Explorer, can provide HTML object references to applets via Javascript, which allows remote attackers to cause a denial of service (crash due to illegal memory accesses) and possibly conduct other unauthorized activities via an applet that uses those references to access proprietary Microsoft methods.
Max Base Score
7.5
Published
2002-11-29
Updated
2016-10-18
EPSS
2.10%
The Microsoft Java virtual machine (VM) build 5.0.3805 and earlier, as used in Internet Explorer, allows remote attackers to extend the Standard Security Manager (SSM) class (com.ms.security.StandardSecurityManager) and bypass intended StandardSecurityManager restrictions by modifying the (1) deniedDefinitionPackages or (2) deniedAccessPackages settings, causing a denial of service by adding Java applets to the list of applets that are prevented from running.
Max Base Score
7.5
Published
2002-11-29
Updated
2018-10-12
EPSS
1.58%
The Microsoft Java implementation, as used in Internet Explorer, allows remote attackers to read restricted process memory, cause a denial of service (crash), and possibly execute arbitrary code via the getNativeServices function, which creates an instance of the com.ms.awt.peer.INativeServices (INativeServices) class, whose methods do not verify the memory addresses that are passed as parameters.
Max Base Score
7.5
Published
2002-11-29
Updated
2016-10-18
EPSS
4.49%
Stack-based buffer overflow in the Microsoft Java implementation, as used in Internet Explorer, allows remote attackers to cause a denial of service via a long class name through (1) Class.forName or (2) ClassLoader.loadClass.
Max Base Score
5.0
Published
2002-11-29
Updated
2016-10-18
EPSS
18.45%
Microsoft Outlook 2002 allows remote attackers to cause a denial of service (repeated failure) via an email message with a certain invalid header field that is accessed using POP3, IMAP, or WebDAV, aka "E-mail Header Processing Flaw Could Cause Outlook 2002 to Fail."
Max Base Score
5.0
Published
2002-12-18
Updated
2018-10-12
EPSS
2.26%
CVE-2002-1214
Public exploit exists
Buffer overflow in Microsoft PPTP Service on Windows XP and Windows 2000 allows remote attackers to cause a denial of service (hang) and possibly execute arbitrary code via a certain PPTP packet with malformed control data.
Max Base Score
7.5
Published
2002-10-28
Updated
2019-04-30
EPSS
96.77%
Internet Explorer 5.01 through 6.0 does not properly check certain parameters of a PNG file when opening it, which allows remote attackers to cause a denial of service (crash) by triggering a heap-based buffer overflow using invalid length codes during decompression, aka "Malformed PNG Image File Failure."
Max Base Score
5.0
Published
2002-12-11
Updated
2021-07-23
EPSS
15.40%