68 matches found
EUVD-2002-1168
Malware in sbrugna...
EUVD-2000-0419
Malware in sbrugna...
EUVD-2001-1283
Malware in sbrugna...
EUVD-2000-1199
Malware in sbrugna...
CVE-2002-1933
The terminal services screensaver for Microsoft Windows 2000 does not automatically lock the terminal window if the window is minimized, which could allow local users to gain access to the terminal server window...
CVE-2005-0545
Microsoft Windows XP Pro SP2 and Windows 2000 Server SP4 running Active Directory allow local users to bypass group policies that restrict access to hidden drives by using the browse feature in Office 10 applications such as Word or Excel, or using a flash drive. NOTE: this issue has been dispute...
CVE-2002-1184
The system root folder of Microsoft Windows 2000 has default permissions of Everyone group with Full access Everyone:F and is in the search path when locating programs during login or application launch from the desktop, which could allow attackers to gain privileges as other users via Trojan hor...
What Win2k SP4 doesn't fix (security), but says it does...
In my testing these security bulleints aren't fixed in Win2k SP4, but are documented that they are at this link: http://www.microsoft.com/technet/treeview/default.asp? url=/technet/security/news/w2kSP4.asp 1. MS02-053. It fixes the FPSE 2000 vulnerability, but not FPSE 2002. 2. MS03-019. It updat...
CVE-2002-2077
The DCOM client in Windows 2000 before SP3 does not properly clear memory before sending an "alter context" request, which may allow remote attackers to obtain sensitive information by sniffing the session...
Microsoft Security Bulletin MS02-064: Windows 2000 Default Permissions Could Allow Trojan Horse Program (Q327522)
-----BEGIN PGP SIGNED MESSAGE----- - ---------------------------------------------------------------------- Title: Windows 2000 Default Permissions Could Allow Trojan Horse Program Q327522 Date: 30 October 2002 Software: Windows 2000 Impact: Trojan Horse program execution Max Risk: Moderate...
CVE-2001-1238
Task Manager in Windows 2000 does not allow local users to end processes with uppercase letters named 1 winlogon.exe, 2 csrss.exe, 3 smss.exe and 4 services.exe via the Process tab which could allow local users to install Trojan horses that cannot be stopped with the Task Manager...
iis.asp.overflow.txt
Windows 2000 and NT4 IIS .ASP Remote Buffer Overflow Release Date: 00/00/2002 Severity: High Remote code execution IWAMMACHINE Privilege Level Systems Affected: Microsoft Windows NT 4.0 Internet Information Services 4.0 Microsoft Windows 2000 Internet Information Services 5.0 Description: A...
Windows 2000 SIDHistory Escalation Attack
Russ, I know that this topic was brought up a few weeks ago, but we have been doing some research internally on this issue and have reached some disturbing conclusions. First of all, when Microsoft introduced the Windows 2000 domains within a forest structure, the domains were introduced as...
CVE-2001-1517
RunAs runas.exe in Windows 2000 stores cleartext authentication information in memory, which could allow attackers to obtain usernames and passwords by executing a process that is allocated the same memory page after termination of a RunAs command. NOTE: the vendor disputes this issue, saying tha...
Security Bulletin MS00-077 (version 2.0)
---------------------------------------------------------------------- Title: Patch Available for "NetMeeting Desktop Sharing" Vulnerability Released: 13 October 2000 Revised: 21 June 2001 version 2.0 Software: Netmeeting Impact: Denial of service Bulletin: MS00-077 Microsoft encourages customers...
Security Bulletin MS01-023
---------------------------------------------------------------------- Title: Unchecked Buffer in ISAPI Extension Could Enable Compromise of IIS 5.0 Server Date: 01 May 2001 Software: Windows 2000 Server Windows 2000 Advanced Server Windows 2000 Datacenter Server Impact: Run code of attacker's...
MS01-011 / MS01-036: LDAP over SSL Arbitrary User Password Modification (287397 / 299687)
The remote version of Windows 2000 contains a bug in its LDAP implementation that fails to validate the permissions of a user requesting to change the password of a third-party user. An attacker may exploit this vulnerability to gain unauthorized access to the remote host. C Tenable Network...
Microsoft Windows Server 2000 - Named Pipes Predictability
source: https://www.securityfocus.com/bid/1535/info The Service Control Manager SCM is an administrative tool in Windows 2000 which handles the creation and modification of system services such as Server, Workstation, Alerter, and ClipBook. A server-side named pipe is created before each service ...
Лазейка в службе Terminal Services, открывающая доступ к ресурсам подключенных к ней клиентов Windows 95/98
Здравствуйте , Лазейка в службе Terminal Services, открывающая доступ к ресурсам подключенных к ней клиентов Windows 95/98 Network World http://www.nwfusion.com Если Вы работаете на сервере Windows 2000 с установленным терминальным сервисом Terminal Services, то должны знать о его потенциальной...
All Users startup folder left open if unattended install and OEMP reinstall=1
About a month ago I posted the following to the win2ksecadvice list. However, I received no response. I thought I'd try again since I consider this problem to be pretty serious since it will allow any user to introduce a code stream on another user. I recently noticed a problem with Windows 2000...