Microsoft : Security Vulnerabilities Published In 2003 (Information Leak)
Microsoft Internet Explorer 5.22, and other 5 through 6 SP1 versions, sends Referer headers containing https:// URLs in requests for http:// URLs, which allows remote attackers to obtain potentially sensitive information by reading Referer log data.
| Max Base Score | 5.0 |
| Published | 2003-12-31 |
| Updated | 2021-07-23 |
| EPSS | 2.13% |
Microsoft Outlook 2002 does not properly handle requests to encrypt email messages with V1 Exchange Server Security certificates, which causes Outlook to send the email in plaintext, aka "Flaw in how Outlook 2002 handles V1 Exchange Server Security Certificates could lead to Information Disclosure."
| Max Base Score | 5.0 |
| Published | 2003-02-07 |
| Updated | 2018-10-12 |
| EPSS | 0.31% |
Multiple ethernet Network Interface Card (NIC) device drivers do not pad frames with null bytes, which allows remote attackers to obtain information from previous packets or kernel memory by using malformed packets, as demonstrated by Etherleak.
| Max Base Score | 5.0 |
| Published | 2003-01-17 |
| Updated | 2019-04-30 |
| EPSS | 2.33% |
Microsoft Word and Excel allow remote attackers to steal sensitive information via certain field codes that insert the information when the document is returned to the attacker, as demonstrated in Word using (1) INCLUDETEXT or (2) INCLUDEPICTURE, aka "Flaw in Word Fields and Excel External Updates Could Lead to Information Disclosure."
| Max Base Score | 5.0 |
| Published | 2003-04-11 |
| Updated | 2018-10-12 |
| EPSS | 3.41% |
4 vulnerabilities found