58 matches found
CVE-2002-0370
CVE-2002-0370 refers to a buffer overflow/unchecked buffer in ZIP decompression in Windows ZIP handling affecting Windows 98 with Plus! Pack, XP, ME, Lotus Notes R4–R6, Verity KeyView, and StuffIt Expander before 7.0. OpenVAS and Nessus entries corroborate the MS02-054 fix. The vulnerability can ...
CVE-2003-0533
The CVE-2003-0533 issue is a stack-based buffer overflow in LSASS (LSASRV.DLL) affecting multiple Windows platforms (NT 4.0 SP6a, 2000 SP2–SP4, XP SP1, Server 2003) and related products. The underlying flaw is in the DS RolerUpgradeDownlevelServer function invoked via DCERPC, which can cause an o...
CVE-2006-0010
CVE-2006-0010 describes a heap-based buffer overflow in T2EMBED.DLL on Windows platforms (Windows 98/ME, Windows 2000 SP4, Windows XP SP1/SP2, Windows Server 2003 up to SP1). The overflow is triggered while Windows decompresses Embedded Open Type (EOT) fonts referenced by web pages or email, allo...
CVE-2004-0597
CVE-2004-0597 describes multiple buffer overflows in libpng 1.2.5 and earlier caused by insufficient bounds checks in png_handle_tRNS, png_handle_sBIT, and png_handle_hIST. This allows remote attackers to execute arbitrary code via crafted PNG images. Connected sources note that some advisories p...
CVE-2004-0790
CVE-2004-0790 describes a denial-of-service condition caused by spoofed ICMP error messages that disrupt TCP connections. In published connected materials, the vulnerability is tied to BIG-IP products, notably FastL4 accelerated virtual servers on ePVA-equipped platforms (e.g., VIPRION blades and...
CVE-2002-0862
CVE-2002-0862 concerns the CryptoAPI in Microsoft products (Windows 98 through XP; Office for Mac; IE for Mac; Outlook Express for Mac). The issue: the CertGetCertificateChain, CertVerifyCertificateChainPolicy, and WinVerifyTrust APIs fail to properly verify the Basic Constraints of intermediate ...
CVE-2004-0117
The CVE-2004-0117 entry maps to a buffer-overflow in the Microsoft H.323 implementation that enables remote code execution. The connected MS04-0117 data clarifies that NetMeeting (and other H.323‑using components such as TAPI‑based H.323 apps, ICF, Routing and Remote Access) can be affected on Wi...
CVE-2001-0876
CVE-2001-0876 describes a buffer overflow in the UPnP NOTIFY handling on Windows XP, ME, 98/98SE, exploitable via a long Location URL in NOTIFY directives. OpenVAS and CERT/CC advisories corroborate a remote-code-execution risk with SYSTEM privileges on XP (and similar impacts on ME/98/98SE); a s...
CVE-2003-0717
CVE-2003-0717 describes a buffer overflow in the Windows Messenger Service (NT through Server 2003). The root cause is improper validation of message length before writing to the allocated buffer, enabling remote code execution with the target’s privileges. Public sources (MS03-043) identify affe...
CVE-2003-0719
CVE-2003-0719 is a buffer overflow in the Microsoft SSL library’s Private Communications Transport (PCT) implementation. The vulnerability allows remote code execution via crafted PCT 1.0 handshake packets on affected Windows family systems (NT 4.0 SP6a, 2000 SP2–SP4, XP SP1, Server 2003, NetMeet...
CVE-2004-0901
CVE-2004-0901 (Font Conversion Vulnerability) affects WordPad’s Word for Windows 6.0 Converter (MSWRD632.WPC) used by WordPad. A crafted Word/RTF/WRI/ DOC file can trigger a buffer/length-check flaw, leading to remote code execution when opened by WordPad. Public advisories (MS04-041) document tw...
CVE-2004-0201
The CVE-2004-0201 entry documents a heap-based buffer overflow in the HTML Help viewer hh.exe used by HTML Help (.chm) on Windows platforms (Windows 98, Me, NT 4.0, 2000, XP, and Server 2003). The vulnerability allows remote code execution via a .CHM file with a large length field, enabling an at...
CVE-2002-1257
The CVE-2002-1257 issue affects Microsoft Virtual Machine (VM) up to and including build 5.0.3805. A remote attacker could deliver a Java applet that invokes COM objects on a web page or HTML email, allowing arbitrary code execution on the affected host. The vulnerability is severity high/critica...
CVE-2004-0571
CVE-2004-0571 describes a remote code execution vulnerability in the Word for Windows 6.0 Converter used by WordPad. A crafted Word 6.0 document could trigger an unchecked data length/buffer handling in the converter, enabling an attacker to execute arbitrary code on a vulnerable system when the ...
CVE-2005-0416
CVE-2005-0416 describes a stack-based buffer overflow in the Windows Animated Cursor (ANI) handling. The vulnerability affects Windows NT, Windows 2000 (SP4), Windows XP (SP1), and Windows 2003, where a crafted AnimationHeaderBlock length field can lead to remote code execution or memory corrupti...
CVE-2001-0877
CVE-2001-0877 describes an unchecked buffer in Windows UPnP NOTIFY handling that can allow remote attackers to cause denial of service or execute code with SYSTEM privileges on Windows XP (and related UPnP-enabled Windows 98/ME). Exploitation via specially malformed NOTIFY messages (SSDP) can tri...
CVE-2006-2376
A remote code execution vulnerability exists in Microsoft Windows’ Graphics Rendering Engine due to an integer overflow in the WMF/EMF PolyPolygon handling. The heap-based overflow is triggered when the sum of vertex counts and the number of polygons is added and multiplied without 32-bit overflo...
CVE-2000-1039
CVE-2000-1039 (Naptha) describes DoS in various TCP/IP stacks and network apps where remote attackers flood a target with TCP connection attempts and complete the TCP handshake without maintaining state, exhausting resources and causing partial availability impact. Connected documents confirm the...
CVE-2004-0214
CVE-2004-0214 is a remote code execution vulnerability in the Windows Shell (Shell32) that stems from an unchecked/buffered input condition in the Shell’s handling of messages when launching applications. An attacker could entice a user to visit a malicious Web page or open a crafted file, potent...
CVE-2003-0469
CVE-2003-0469 describes a buffer-overflow in the HTML Converter (html32.cnv) used by Windows applications (via IE and other components). The flaw can be triggered during a cut‑and‑paste operation with a crafted HR tag (align attribute), potentially allowing remote code execution with the privileg...
CVE-2005-0053
Summary of CAN-2005-0053 (CVE-2005-0053) : In Internet Explorer 5.01, 5.5, and 6, drag-and-drop events can be exploited to write arbitrary files or execute code on the local system via malicious drag-and-drop content. Microsoft’s fix is delivered in two security updates: MS05-014 (CVE CAN-2005-00...
CVE-2002-1325
CVE-2002-1325 affects Microsoft Virtual Machine (VM) versions up to build 5.0.3805. A Java applet that accesses the user.dir system property can disclose the local user’s username to a remote attacker, via a crafted page or email. CERT notes the vulnerability could leak the user’s system path and...
CVE-2004-0202
CVE-2004-0202 concerns a denial-of-service vulnerability in the DirectPlay API, specifically the IDirectPlay4 interfaces of DirectPlay within Microsoft DirectX. The issue arises from insufficient input/packet validation of incoming network data, enabling a remote attacker to crash a DirectPlay-ba...
CVE-2005-0044
CVE-2005-0044 is the Input Validation Vulnerability in the Windows OLE component that could allow remote code execution. The NVD/NVD-derived data unify that the issue affects Windows 98, 2000, XP, and Server 2003, as well as Exchange Server 5.0–2003, caused by improper validation of message lengt...
CVE-2003-1048
CVE-2003-1048 describes a double-free vulnerability in Internet Explorer’s GIF handling via mshtml.dll. The flaw affects IE6 and related builds where processing GIFs could allow a remote attacker to crash the application or, in some scenarios, execute arbitrary code. Public advisories (MS04-025) ...
CVE-2005-0063
The CVE-2005-0063 issue stems from Windows Shell/MSHTA handling of file associations. A remote code execution vulnerability exists when a user opens a specially crafted OLE2 document (e.g., Word) whose CLSID is manipulated to invoke HTML Application Host (MSHTA) to process the file. Exploitation ...
CVE-2002-0693
The CVE-2002-0693 issue affects multiple Windows platforms (Windows 98, 98 SE, Millennium, NT 4.0 and Terminal Server, Windows 2000, Windows XP) through the HTML Help ActiveX control (hhctrl.ocx). The root cause is an unchecked/buffer overflow in the HTML Help facility ActiveX module that could b...
CVE-2002-1260
The CVE-2002-1260 vulnerability affects Microsoft Virtual Machine (VM) 5.0.3805 and earlier, where the JDBC APIs can be exploited by an untrusted Java applet to bypass security checks and access database contents. This is a remote, network‑vector issue that allows partial confidentiality/integrit...
CVE-2004-1319
The CVE-2004-1319 issue concerns the DHTML Editing Component ActiveX control (dhtmled.ocx) used by Internet Explorer. The vulnerability is cross-domain in nature and could allow remote code execution or information disclosure by exploiting the control from a malicious page, potentially granting a...
CVE-2003-0010
The CVE-2003-0010 issue is a heap-based overflow in the Windows Script Engine (JsArrayFunctionHeapSort in JScript.dll) that can allow remote code execution via a malicious web page or HTML e-mail. Affected component is Windows Script Engine/JScript.dll; exploit arises from handling large array in...
CVE-2004-1305
CVE-2004-1305 refers to a denial-of-service vulnerability in the Windows kernel related to how animated cursor and icon formats are processed. The weakness, described in MS05-002 and related CERT advisories, can be triggered by specially crafted cursor/icon/ani files viewed via Web pages or email...
CVE-2005-0058
CVE-2005-0058 describes a buffer overflow in the Windows Telephony API (TAPI) that can allow either remote code execution or local privilege elevation, depending on OS/version and configuration. Affected platforms include Windows 98/98 SE/ME, Windows 2000, Windows XP, and Windows Server 2003. The...
CVE-2006-0012
CVE-2006-0012 is a Windows Shell vulnerability in which Windows Explorer could incorrectly handle COM objects, enabling remote code execution if a user visits a malicious Web site or opens crafted files/directories. Affected products include Windows 2000 SP4, XP SP1/SP2, and Windows Server 2003 S...
CVE-2003-0711
CVE-2003-0711 describes a stack-based buffer overflow in the PCHealth-HSC (Help and Support Center) HCP URL handling on Windows XP and Windows Server 2003. The unchecked buffer in the HCP protocol-handling file allows remote code execution with SYSTEM/Local privileges when a user clicks a crafted...
CVE-2006-1313
CVE-2006-1313 is the Microsoft JScript memory corruption remote code execution vulnerability documented in MS06-023. It affects JScript in Windows 98/Me, Windows 2000 SP4, Windows XP (incl. SP1/SP2), and Windows Server 2003 families, including x64/Itanium variants, where JScript may release objec...
CVE-2002-1258
CVE-2002-1258 affects Microsoft Virtual Machine (VM) up to build 5.0.3805, as used in Internet Explorer and other applications. The vulnerability allows remote attackers to read files via a Java applet whose CODEBASE parameter in the APPLET tag is spoofed, likely due to a parsing error. Documents...
CVE-2001-0721
The CVE-2001-0721 entry concerns Universal Plug and Play (UPnP) in Windows 98, 98SE, ME, and XP. The flaw allows remote attackers to cause a denial of service (memory consumption or crash) by sending a malformed UPnP request. The affected stack is UPnP handling in Windows, with NETWORK attack vec...
CVE-2004-0123
CVE-2004-0123 (ASN.1 “Double Free”) affects Windows platforms including NT 4.0, Windows 2000, Windows XP, and Windows Server 2003. The issue is a potential memory-management error caused by a possible double-free condition in the Microsoft ASN.1 Library, which could lead to memory corruption and,...
CVE-2001-0238
The CVE-2001-0238 entry concerns Microsoft Data Access Component Internet Publishing Provider (ID 8.103.2519.0 and earlier). The available connected documents describe that remote attackers can bypass Security Zone restrictions through WebDAV requests. The root cause details are not explicitly st...
CVE-2002-0694
The CVE-2002-0694 issue is tied to an unchecked buffer in Windows Help (Q323255) that affected Windows 98, 98 Second Edition, Millennium Edition, NT 4.0, NT 4.0 Terminal Server Edition, Windows 2000, and Windows XP. Root cause: a vulnerability in the HTML Help facility could allow a remote attack...
CVE-2004-0839
CVE-2004-0839 is the IE Drag-and-Drop Vulnerability. The connected docs show it as a publicly disclosed CAN-2005-0053 vulnerability, which was addressed by Microsoft security updates MS05-014 and related MS05-008. The vulnerability arises from Internet Explorer handling drag-and-drop events, allo...
CVE-2005-0061
CVE-2005-0061 (Windows kernel elevation of privilege) is a local privilege-elevation vulnerability in the Windows kernel (Windows 2000, XP SP1/SP2, Windows Server 2003) caused by the way the kernel processes certain access requests. An attacker with valid logon credentials and local access could ...
CVE-2006-0006
CVE-2006-0006 is a heap-based buffer overflow in Windows Media Player’s bitmap processing. A crafted BMP can trigger an overflow when the file declares a size of 0, allowing remote code execution. Affected products/versions include Windows Media Player 7.1 on Windows 2000 SP4, Media Player 9 on W...
CVE-2005-0057
Microsoft’s MS05-015 fixes a remote code execution flaw in the Hyperlink Object Library (Hlink.dll) affecting Windows 98, 2000, XP, and Server 2003. The vulnerability arises from an unchecked buffer when handling hyperlinks, potentially allowing arbitrary code execution if a user clicks a crafted...
CVE-2006-0020
CVE-2006-0020 describes a WMF parsing memory corruption affecting Internet Explorer on Windows platforms (e.g., IE 5.01 SP4 on 2000 SP4; 5.5 SP2 on Millennium) where a crafted WMF file with manipulated header size (potential integer overflow) can crash the process and may allow code execution. Th...
CVE-2000-0979
CVE-2000-0979 affects Windows 95/98/Me File and Print Sharing. The service does not properly enforce file-share passwords, allowing a remote attacker to bypass access controls by sending a 1‑byte password that matches the first character of the real password. The documented impact is partial conf...
CVE-2003-0009
CVE-2003-0009 is an XSS vulnerability in the Help and Support Center (HSC) of Windows Me (and XP) where hcp:// URIs pass arbitrary script in the topic parameter. The CERT/CC entry and CERT/CC notes explain that HSC does not adequately validate hcp:// URI parameters, allowing an attacker to cause ...
CVE-2002-0699
The CVE-2002-0699 issue affects the Certificate Enrollment ActiveX Control used by Windows 98/98SE/Millennium/NT 4.0/2000/XP. The root cause is a flaw in the Certificate Enrollment Control that allows remote attackers to delete digital certificates on a user’s system via HTML. OpenVAS entries cor...
CVE-2002-1139
The CVE-2002-1139 issue affects Microsoft Windows 98 with Plus! Pack, Windows Me, and Windows XP under the Compressed Folders feature. The root cause is that the destination folder is not properly validated during ZIP decompression, allowing an attacker to place an executable in a known location ...
CVE-2005-0060
CVE-2005-0060 is a local privilege-elevation vulnerability in the Windows font-processing subsystem caused by an unchecked buffer when handling certain fonts. A logged-on user could gain full control of an affected system by running a specially crafted application. Affected platforms include Wind...