CVSS: 6.8EPSS: 15%CPEs: 11EXPL: 1CVE-2002-0862 – Microsoft Internet Explorer 5/6 / Konqueror 2.2.2/3.0 / Weblogic Server 5/6/7 - Invalid X.509 Certificate Chain
https://notcve.org/view.php?id=CVE-2002-0862
The (1) CertGetCertificateChain, (2) CertVerifyCertificateChainPolicy, and (3) WinVerifyTrust APIs within the CryptoAPI for Microsoft products including Microsoft Windows 98 through XP, Office for Mac, Internet Explorer for Mac, and Outlook Express for Mac, do not properly verify the Basic Constraints of intermediate CA-signed X.509 certificates, which allows remote attackers to spoof the certificates of trusted sites via a man-in-the-middle attack for SSL sessions, as originally reported for Internet Explorer and IIS. Las APIs (Application Programming Interface) CertGetCertificateChain CertVerifyCertificateChainPolicy WinVerifyTrust en la CriptoAPI de productos de Microsoft, incluyendo Microsoft Windows 98 a XP, Office para Mac, Internet Explorer para Mac, y Outlook Express para Mac, no verifican adecuadamente las restricciones básicas de certificados X.509 firmados por CAs (Autoridad Certificadora) intermedias, lo que permite a atacantes remotos falsear los certificados de sitios de confianza mediante un ataque tipo hombre-en-el-medio en sesiones SSL, como se informó anteriormente para Internet Explorer e IIS. • https://www.exploit-db.com/exploits/21692 http://marc.info/?l=bugtraq&m=102866120821995&w=2 http://marc.info/?l=bugtraq&m=102918200405308&w=2 http://marc.info/?l=bugtraq&m=102976967730450&w=2 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-050 https://exchange.xforce.ibmcloud.com/vulnerabilities/9776 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1056 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg& • CWE-295: Improper Certificate Validation •
CVSS: 7.2EPSS: 0%CPEs: 8EXPL: 0CVE-2002-0720
https://notcve.org/view.php?id=CVE-2002-0720
A handler routine for the Network Connection Manager (NCM) in Windows 2000 allows local users to gain privileges via a complex attack that causes the handler to run in the LocalSystem context with user-specified code. Una rutina manejadora en el Network Connection Manager (NCM) permite a usuarios locales ganar privilegios mediante un complejo ataque que hace que el manejador corra en el contexto LocalSystem con código especificado por el usuario. • http://www.iss.net/security_center/static/9856.php http://www.securityfocus.com/bid/5480 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-042 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A26 •
CVSS: 5.0EPSS: 3%CPEs: 6EXPL: 0CVE-2002-0699
https://notcve.org/view.php?id=CVE-2002-0699
Unknown vulnerability in the Certificate Enrollment ActiveX Control in Microsoft Windows 98, Windows 98 Second Edition, Windows Millennium, Windows NT 4.0, Windows 2000, and Windows XP allow remote attackers to delete digital certificates on a user's system via HTML. Vulnerabilidad desconocida en el Control ActiveX de Enrolamiento de Certificados (Certificate Enrollment) en Microsoft Windows 98, Windows 98 Segunda Edición, Windows Millenium, Windows NT 4.0, Windows 2000 y Windows XP, permite a atacantes remotos borrar certificados digitales en el sistema de un usuario mediante HTML. • https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-048 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A190 •
CVSS: 7.5EPSS: 9%CPEs: 30EXPL: 2CVE-2002-0724 – Microsoft Windows XP/2000/NT 4.0 - Network Share Provider SMB Request Buffer Overflow
https://notcve.org/view.php?id=CVE-2002-0724
Buffer overflow in SMB (Server Message Block) protocol in Microsoft Windows NT, Windows 2000, and Windows XP allows attackers to cause a denial of service (crash) via a SMB_COM_TRANSACTION packet with a request for the (1) NetShareEnum, (2) NetServerEnum2, or (3) NetServerEnum3, aka "Unchecked Buffer in Network Share Provider Can Lead to Denial of Service". • https://www.exploit-db.com/exploits/21746 https://www.exploit-db.com/exploits/21747 http://marc.info/?l=bugtraq&m=103011556323184&w=2 http://www.kb.cert.org/vuls/id/250635 http://www.kb.cert.org/vuls/id/311619 http://www.kb.cert.org/vuls/id/342243 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-045 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A189 •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2002-0725
https://notcve.org/view.php?id=CVE-2002-0725
NTFS file system in Windows NT 4.0 and Windows 2000 SP2 allows local attackers to hide file usage activities via a hard link to the target file, which causes the link to be recorded in the audit trail instead of the target file. El sistema de archivos NTFS en Windows NT4.0 y Windows 2000 SP2 permite a atacantes locales ocultar las actividades de uso de ficheros mediante un enlace duro al fichero objetivo, lo que causa la auditoría se haga sobre el enlace y no sobre el fichero objetivo. • http://www.atstake.com/research/advisories/2000/a081602-1.txt http://www.iss.net/security_center/static/9869.php http://www.securityfocus.com/bid/5484 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •