24 matches found
w3who.dll overflow and XSS
The Windows 2000 Resource Kit ships with a DLL that displays the browser client context. It lists security identifiers, privileges and $ENV variables. OpenVAS has determined that this file is installed on the remote host. The w3who.dll ISAPI may allow an attacker to execute arbitrary commands on...
CVE-2005-0065
The original design of TCP does not check that the TCP sequence number in an ICMP error message is within the range of sequence numbers for data that has been sent but not acknowledged aka "TCP sequence number checking", which makes it easier for attackers to forge ICMP error messages for specifi...
MS02-001: Trusted Domain SID Remote Privilege Escalation (311401)
Trust relationships are created between Windows NT or Windows 2000 domains to allow users in one domain to access resources in other domains without requiring them to authenticate separately to each domain. When a user in a trusted domain requests access to a resource in a trusting domain, the...
Security Bulletin MS02-001
Title: Trusting Domains Do Not Verify Domain Membership of SIDs in Authorization Data Date: 30 January 2002 Software: Windows NT 4.0, Windows 2000 Impact: Privilege Elevation Max Risk: Moderate Bulletin: MS02-001 Microsoft encourages customers to review the Security Bulletin at:...