CVSS: 7.5EPSS: 96%CPEs: 4EXPL: 2CVE-2001-0876 – Microsoft Windows 98/XP/ME - UPnP NOTIFY Buffer Overflow
https://notcve.org/view.php?id=CVE-2001-0876
Buffer overflow in Universal Plug and Play (UPnP) on Windows 98, 98SE, ME, and XP allows remote attackers to execute arbitrary code via a NOTIFY directive with a long Location URL. Desbordamiento de buffer en UPnP (Universal Plug and Play) en Windows 98, 98E, Me y XP permite a atacantes remotos ejecutar código arbitrario por medio de una directiva NOTIFY con una URL muy larga. • https://www.exploit-db.com/exploits/21188 https://www.exploit-db.com/exploits/21189 http://marc.info/?l=bugtraq&m=100887440810532&w=2 http://marc.info/?l=ntbugtraq&m=100887271006313&w=2 http://www.cert.org/advisories/CA-2001-37.html http://www.ciac.org/ciac/bulletins/m-030.shtml http://www.kb.cert.org/vuls/id/951555 http://www.securityfocus.com/bid/3723 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-059 https://exchange.xfor •
CVSS: 5.0EPSS: 97%CPEs: 4EXPL: 0CVE-2001-0877
https://notcve.org/view.php?id=CVE-2001-0877
Universal Plug and Play (UPnP) on Windows 98, 98SE, ME, and XP allows remote attackers to cause a denial of service via (1) a spoofed SSDP advertisement that causes the client to connect to a service on another machine that generates a large amount of traffic (e.g., chargen), or (2) via a spoofed SSDP announcement to broadcast or multicast addresses, which could cause all UPnP clients to send traffic to a single target system. Desbordamiento de buffer en UPnP (Universal Plug and Play) en Windows 98, 98E, Me y XP permite a atacantes remotos ejecutar código arbitrario por medio de (1) un anuncio SSDP malicioso que insta al cliente a conectarse a una máquina que ya tiene una enorme cantidad de tráfico, o (2) un anuncio SSDP malicioso a direcciones de broadcast o multicast, lo que podría causar que todos los clientes UPnP enviasen tráfico a un único sistema objetivo. • http://marc.info/?l=bugtraq&m=100887440810532&w=2 http://marc.info/?l=ntbugtraq&m=100887271006313&w=2 http://www.cert.org/advisories/CA-2001-37.html http://www.ciac.org/ciac/bulletins/m-030.shtml http://www.kb.cert.org/vuls/id/411059 http://www.securityfocus.com/archive/1/249238 http://www.securityfocus.com/bid/3724 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-059 https://exchange.xforce.ibmcloud.com/vulnerabilities/7722 •
CVSS: 5.0EPSS: 3%CPEs: 4EXPL: 0CVE-2001-0721
https://notcve.org/view.php?id=CVE-2001-0721
Universal Plug and Play (UPnP) in Windows 98, 98SE, ME, and XP allows remote attackers to cause a denial of service (memory consumption or crash) via a malformed UPnP request. • http://marc.info/?l=bugtraq&m=100467787323377&w=2 http://marc.info/?l=bugtraq&m=100528449024158&w=2 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-054 •
CVSS: 7.5EPSS: 1%CPEs: 6EXPL: 0CVE-2001-0238
https://notcve.org/view.php?id=CVE-2001-0238
Microsoft Data Access Component Internet Publishing Provider 8.103.2519.0 and earlier allows remote attackers to bypass Security Zone restrictions via WebDAV requests. • http://www.ciac.org/ciac/bulletins/l-074.shtml https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-022 https://exchange.xforce.ibmcloud.com/vulnerabilities/6405 •
CVSS: 5.0EPSS: 0%CPEs: 4EXPL: 0CVE-2001-0003
https://notcve.org/view.php?id=CVE-2001-0003
Web Extender Client (WEC) in Microsoft Office 2000, Windows 2000, and Windows Me does not properly process Internet Explorer security settings for NTLM authentication, which allows attackers to obtain NTLM credentials and possibly obtain the password, aka the "Web Client NTLM Authentication" vulnerability. • http://www.securityfocus.com/bid/2199 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-001 https://exchange.xforce.ibmcloud.com/vulnerabilities/5920 •