CVE-2002-0862 – Microsoft Internet Explorer 5/6 / Konqueror 2.2.2/3.0 / Weblogic Server 5/6/7 - Invalid X.509 Certificate Chain
https://notcve.org/view.php?id=CVE-2002-0862
The (1) CertGetCertificateChain, (2) CertVerifyCertificateChainPolicy, and (3) WinVerifyTrust APIs within the CryptoAPI for Microsoft products including Microsoft Windows 98 through XP, Office for Mac, Internet Explorer for Mac, and Outlook Express for Mac, do not properly verify the Basic Constraints of intermediate CA-signed X.509 certificates, which allows remote attackers to spoof the certificates of trusted sites via a man-in-the-middle attack for SSL sessions, as originally reported for Internet Explorer and IIS. Las APIs (Application Programming Interface) CertGetCertificateChain CertVerifyCertificateChainPolicy WinVerifyTrust en la CriptoAPI de productos de Microsoft, incluyendo Microsoft Windows 98 a XP, Office para Mac, Internet Explorer para Mac, y Outlook Express para Mac, no verifican adecuadamente las restricciones básicas de certificados X.509 firmados por CAs (Autoridad Certificadora) intermedias, lo que permite a atacantes remotos falsear los certificados de sitios de confianza mediante un ataque tipo hombre-en-el-medio en sesiones SSL, como se informó anteriormente para Internet Explorer e IIS. • https://www.exploit-db.com/exploits/21692 http://marc.info/?l=bugtraq&m=102866120821995&w=2 http://marc.info/?l=bugtraq&m=102918200405308&w=2 http://marc.info/?l=bugtraq&m=102976967730450&w=2 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-050 https://exchange.xforce.ibmcloud.com/vulnerabilities/9776 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1056 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg& • CWE-295: Improper Certificate Validation •
CVE-2002-0699
https://notcve.org/view.php?id=CVE-2002-0699
Unknown vulnerability in the Certificate Enrollment ActiveX Control in Microsoft Windows 98, Windows 98 Second Edition, Windows Millennium, Windows NT 4.0, Windows 2000, and Windows XP allow remote attackers to delete digital certificates on a user's system via HTML. Vulnerabilidad desconocida en el Control ActiveX de Enrolamiento de Certificados (Certificate Enrollment) en Microsoft Windows 98, Windows 98 Segunda Edición, Windows Millenium, Windows NT 4.0, Windows 2000 y Windows XP, permite a atacantes remotos borrar certificados digitales en el sistema de un usuario mediante HTML. • https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-048 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A190 •
CVE-2002-0070
https://notcve.org/view.php?id=CVE-2002-0070
Buffer overflow in Windows Shell (used as the Windows Desktop) allows local and possibly remote attackers to execute arbitrary code via a custom URL handler that has not been removed for an application that has been improperly uninstalled. El desbordamiento del búfer en el Windows Shell (usado como escritorio de Windows) permite a atacantes locales y posibles atacantes remotos, la ejecución de código arbitrario mediante un manejador de URL que no ha sido eliminado de una aplicación defectuosamente desinstalada. • http://marc.info/?l=bugtraq&m=101594127017290&w=2 http://www.iss.net/security_center/static/8384.php http://www.ntbugtraq.com/default.asp?pid=36&sid=1&A2=ind0203&L=ntbugtraq&F=P&S=&P=2404 http://www.securityfocus.com/bid/4248 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-014 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A147 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2002-0053
https://notcve.org/view.php?id=CVE-2002-0053
Buffer overflow in SNMP agent service in Windows 95/98/98SE, Windows NT 4.0, Windows 2000, and Windows XP allows remote attackers to cause a denial of service or execute arbitrary code via a malformed management request. NOTE: this candidate may be split or merged with other candidates. This and other PROTOS-related candidates, especially CVE-2002-0012 and CVE-2002-0013, will be updated when more accurate information is available. Desbordamiento de buffer en el agente del servicio SNMP en Windows 95/98/98SE, y Windows NT4/2000/XP permite a atacantes remotos causar una denegación de servicio o ejecutar código arbitrario mediante una petición de administración malformada. NOTA: Esta candidata puede ser separada o mezclada con otras candidatas. • http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0012 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0013 http://www.cert.org/advisories/CA-2002-03.html http://www.ee.oulu.fi/research/ouspg/protos/testing/c06/snmpv1/index.html http://www.kb.cert.org/vuls/id/107186 http://www.kb.cert.org/vuls/id/854306 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-006 https://oval.cisecurity.org/repository/search/definition/oval%3Ao • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2001-0876 – Microsoft Windows 98/XP/ME - UPnP NOTIFY Buffer Overflow
https://notcve.org/view.php?id=CVE-2001-0876
Buffer overflow in Universal Plug and Play (UPnP) on Windows 98, 98SE, ME, and XP allows remote attackers to execute arbitrary code via a NOTIFY directive with a long Location URL. Desbordamiento de buffer en UPnP (Universal Plug and Play) en Windows 98, 98E, Me y XP permite a atacantes remotos ejecutar código arbitrario por medio de una directiva NOTIFY con una URL muy larga. • https://www.exploit-db.com/exploits/21188 https://www.exploit-db.com/exploits/21189 http://marc.info/?l=bugtraq&m=100887440810532&w=2 http://marc.info/?l=ntbugtraq&m=100887271006313&w=2 http://www.cert.org/advisories/CA-2001-37.html http://www.ciac.org/ciac/bulletins/m-030.shtml http://www.kb.cert.org/vuls/id/951555 http://www.securityfocus.com/bid/3723 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-059 https://exchange.xfor •