Microsoft : Security Vulnerabilities Published In 2002 (Overflow)
Buffer overflow in Microsoft Outlook Express 5.0, 5.5, and 6.0 allows remote attackers to cause a denial of service (crash) via a long <A HREF> link.
Max Base Score | 5.0 |
Published | 2002-12-31 |
Updated | 2008-09-05 |
EPSS | 10.91% |
Buffer overflow in CHttpServer::OnParseError in the ISAPI extension (Isapi.cpp) when built using Microsoft Foundation Class (MFC) static libraries in Visual C++ 5.0, and 6.0 before SP3, as used in multiple products including BadBlue, allows remote attackers to cause a denial of service (access violation and crash) and possibly execute arbitrary code via a long query string that causes a parsing error.
Max Base Score | 7.5 |
Published | 2002-12-31 |
Updated | 2018-08-13 |
EPSS | 14.87% |
Buffer overflow in Microsoft Active Data Objects (ADO) in Microsoft MDAC 2.5 through 2.7 allows remote attackers to have unknown impact with unknown attack vectors. NOTE: due to the lack of details available regarding this issue, perhaps it should be REJECTED.
Max Base Score | 10.0 |
Published | 2002-12-31 |
Updated | 2017-07-11 |
EPSS | 2.13% |
Buffer overflow in mplay32.exe of Microsoft Windows Media Player (WMP) 6.3 through 7.1 allows remote attackers to execute arbitrary commands via a long mp3 filename command line argument. NOTE: since the only known attack vector requires command line access, this may not be a vulnerability.
Max Base Score | 7.5 |
Published | 2002-12-31 |
Updated | 2021-06-15 |
EPSS | 2.52% |
Buffer overflow in Microsoft MSN Messenger Service 1.0 through 4.6 allows remote attackers to cause a denial of service (crash) via a long FN (font) argument in the message header.
Max Base Score | 5.0 |
Published | 2002-12-31 |
Updated | 2017-07-11 |
EPSS | 3.06% |
Buffer overflow in backup utility of Microsoft Windows 95 allows attackers to execute arbitrary code by causing a filename with a long extension to be placed in a folder to be backed up.
Max Base Score | 3.6 |
Published | 2002-12-31 |
Updated | 2017-07-11 |
EPSS | 0.08% |
Buffer overflow in the Windows Shell function in Microsoft Windows XP allows remote attackers to execute arbitrary code via an .MP3 or .WMA audio file with a corrupt custom attribute, aka "Unchecked Buffer in Windows Shell Could Enable System Compromise."
Max Base Score | 7.5 |
Published | 2002-12-26 |
Updated | 2018-10-12 |
EPSS | 10.02% |
Stack-based buffer overflow in the Microsoft Java implementation, as used in Internet Explorer, allows remote attackers to cause a denial of service via a long class name through (1) Class.forName or (2) ClassLoader.loadClass.
Max Base Score | 5.0 |
Published | 2002-11-29 |
Updated | 2016-10-18 |
EPSS | 18.45% |
Buffer overflow in Microsoft PPTP Service on Windows XP and Windows 2000 allows remote attackers to cause a denial of service (hang) and possibly execute arbitrary code via a certain PPTP packet with malformed control data.
Max Base Score | 7.5 |
Published | 2002-10-28 |
Updated | 2019-04-30 |
EPSS | 96.77% |
Internet Explorer 5.01 through 6.0 does not properly check certain parameters of a PNG file when opening it, which allows remote attackers to cause a denial of service (crash) by triggering a heap-based buffer overflow using invalid length codes during decompression, aka "Malformed PNG Image File Failure."
Max Base Score | 5.0 |
Published | 2002-12-11 |
Updated | 2021-07-23 |
EPSS | 15.40% |
Buffer overflow in the S/MIME Parsing capability in Microsoft Outlook Express 5.5 and 6.0 allows remote attackers to execute arbitrary code via a digitally signed email with a long "From" address, which triggers the overflow when the user views or previews the message.
Max Base Score | 7.5 |
Published | 2002-10-28 |
Updated | 2018-10-12 |
EPSS | 59.75% |
CVE-2002-1142
Public exploit exists
Heap-based buffer overflow in the Remote Data Services (RDS) component of Microsoft Data Access Components (MDAC) 2.1 through 2.6, and Internet Explorer 5.01 through 6.0, allows remote attackers to execute code via a malformed HTTP request to the Data Stub.
Max Base Score | 7.5 |
Published | 2002-11-29 |
Updated | 2021-07-23 |
EPSS | 85.27% |
Buffer overflow in the Database Console Command (DBCC) that handles user inputs in Microsoft SQL Server 7.0 and 2000, including Microsoft Data Engine (MSDE) 1.0 and Microsoft Desktop Engine (MSDE) 2000, allows attackers to execute arbitrary code via a long SourceDB argument in a "non-SQL OLEDB data source" such as FoxPro, a variant of CAN-2002-0644.
Max Base Score | 7.5 |
Published | 2002-10-11 |
Updated | 2018-10-12 |
EPSS | 1.44% |
CVE-2002-1123
Public exploit exists
Buffer overflow in the authentication function for Microsoft SQL Server 2000 and Microsoft Desktop Engine (MSDE) 2000 allows remote attackers to execute arbitrary code via a long request to TCP port 1433, aka the "Hello" overflow.
Max Base Score | 7.5 |
Published | 2002-09-24 |
Updated | 2018-10-12 |
EPSS | 95.94% |
Buffer overflow in Microsoft File Transfer Manager (FTM) ActiveX control before 4.0 allows remote attackers to execute arbitrary code via a long TS value.
Max Base Score | 7.5 |
Published | 2002-09-24 |
Updated | 2008-09-10 |
EPSS | 1.50% |
Buffer overflow in Microsoft DirectX Files Viewer ActiveX control (xweb.ocx) 2.0.6.15 and earlier allows remote attackers to execute arbitrary via a long File parameter.
Max Base Score | 7.5 |
Published | 2002-09-24 |
Updated | 2016-10-18 |
EPSS | 1.72% |
Buffer overflow in the OpenDataSource function of the Jet engine on Microsoft SQL Server 2000 allows remote attackers to execute arbitrary code.
Max Base Score | 7.5 |
Published | 2002-09-05 |
Updated | 2018-08-13 |
EPSS | 18.32% |
Buffer overflow in Winhlp32.exe allows remote attackers to execute arbitrary code via an HTML document that calls the HTML Help ActiveX control (HHCtrl.ocx) with a long pathname in the Item parameter.
Max Base Score | 7.5 |
Published | 2002-08-12 |
Updated | 2019-04-30 |
EPSS | 89.82% |
Buffer overflow in Microsoft Terminal Services Advanced Client (TSAC) ActiveX control allows remote attackers to execute arbitrary code via a long server name field.
Max Base Score | 7.5 |
Published | 2002-09-24 |
Updated | 2018-10-12 |
EPSS | 5.08% |
Buffer overflow in SMB (Server Message Block) protocol in Microsoft Windows NT, Windows 2000, and Windows XP allows attackers to cause a denial of service (crash) via a SMB_COM_TRANSACTION packet with a request for the (1) NetShareEnum, (2) NetServerEnum2, or (3) NetServerEnum3, aka "Unchecked Buffer in Network Share Provider Can Lead to Denial of Service".
Max Base Score | 7.5 |
Published | 2002-09-24 |
Updated | 2019-04-30 |
EPSS | 10.55% |
Buffer overflow in a system function that performs user authentication for Microsoft Content Management Server (MCMS) 2001 allows attackers to execute code in the Local System context by authenticating to a web page that calls the function, aka "Unchecked Buffer in MDAC Function Could Enable SQL Server Compromise."
Max Base Score | 7.5 |
Published | 2002-08-12 |
Updated | 2018-10-12 |
EPSS | 1.27% |
Buffer overflow in Internet Mail Connector (IMC) for Microsoft Exchange Server 5.5 allows remote attackers to execute arbitrary code via an EHLO request from a system with a long name as obtained through a reverse DNS lookup, which triggers the overflow in IMC's hello response.
Max Base Score | 7.5 |
Published | 2002-08-12 |
Updated | 2020-04-02 |
EPSS | 7.54% |
Buffer overflow in the Transact-SQL (T-SQL) OpenRowSet component of Microsoft Data Access Components (MDAC) 2.5 through 2.7 for SQL Server 7.0 or 2000 allows remote attackers to execute arbitrary code via a query that calls the OpenRowSet command.
Max Base Score | 7.5 |
Published | 2002-08-12 |
Updated | 2018-10-12 |
EPSS | 7.38% |
Buffer overflow in the HTML Help ActiveX Control (hhctrl.ocx) in Microsoft Windows 98, 98 Second Edition, Millennium Edition, NT 4.0, NT 4.0 Terminal Server Edition, Windows 2000, and Windows XP allows remote attackers to execute code via (1) a long parameter to the Alink function, or (2) script containing a long argument to the showHelp function.
Max Base Score | 7.5 |
Published | 2002-10-10 |
Updated | 2019-04-30 |
EPSS | 88.90% |
Buffer overflow in SmartHTML Interpreter (shtml.dll) in Microsoft FrontPage Server Extensions (FPSE) 2000 and 2002 allows remote attackers to cause a denial of service (CPU consumption) or run arbitrary code, respectively, via a certain type of web file request.
Max Base Score | 7.5 |
Published | 2002-10-10 |
Updated | 2019-04-30 |
EPSS | 3.16% |