CVSS: 7.5EPSS: 1%CPEs: 43EXPL: 0CVE-2002-1258
https://notcve.org/view.php?id=CVE-2002-1258
17 Dec 2002 — Two vulnerabilities in Microsoft Virtual Machine (VM) up to and including build 5.0.3805, as used in Internet Explorer and other applications, allow remote attackers to read files via a Java applet with a spoofed location in the CODEBASE parameter in the APPLET tag, possibly due to a parsing error. Dos vulnerabilidades en la Máquina Virtual de Microsoft (VM) hasta 5.0.3805 inclusive, como la usada en Internet Explorer y otras aplicaciones, permite a atacantes remotos leer ficheros mediante un applet Java co... • https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-069 •
CVSS: 9.8EPSS: 11%CPEs: 3EXPL: 2CVE-2002-1183 – Microsoft Internet Explorer 5/6 / Konqueror 2.2.2/3.0 / Weblogic Server 5/6/7 - Invalid X.509 Certificate Chain
https://notcve.org/view.php?id=CVE-2002-1183
11 Dec 2002 — Microsoft Windows 98 and Windows NT 4.0 do not properly verify the Basic Constraints of digital certificates, allowing remote attackers to execute code, aka "New Variant of Certificate Validation Flaw Could Enable Identity Spoofing" (CAN-2002-0862). Microsoft Windows 98 y Windows NT 4.0 no verifican las Restricciones Básicas de certificados digitales, permitiendo a atacantes remotos ejecutar código, también conocida como "Nueva Variante de Fallo en Validación de Certificado Podría Permitir Suplantación de I... • https://www.exploit-db.com/exploits/21692 •
CVSS: 7.8EPSS: 0%CPEs: 28EXPL: 0CVE-2002-1184
https://notcve.org/view.php?id=CVE-2002-1184
12 Nov 2002 — The system root folder of Microsoft Windows 2000 has default permissions of Everyone group with Full access (Everyone:F) and is in the search path when locating programs during login or application launch from the desktop, which could allow attackers to gain privileges as other users via Trojan horse programs. La carpeta raíz de sistema de Microsoft Windows 2000 tienen permisos por defecto de accesso total para todos los usuarios, y está en el camino de búsqueda cuando se localizan programas durante el inic... • http://www.securityfocus.com/bid/5415 •
CVSS: 7.8EPSS: 21%CPEs: 46EXPL: 0CVE-2002-0694
https://notcve.org/view.php?id=CVE-2002-0694
10 Oct 2002 — The HTML Help facility in Microsoft Windows 98, 98 Second Edition, Millennium Edition, NT 4.0, NT 4.0 Terminal Server Edition, Windows 2000, and Windows XP uses the Local Computer Security Zone when opening .chm files from the Temporary Internet Files folder, which allows remote attackers to execute arbitrary code via HTML mail that references or inserts a malicious .chm file containing shortcuts that can be executed, aka "Code Execution via Compiled HTML Help File." • http://www.iss.net/security_center/static/10254.php •
CVSS: 9.8EPSS: 50%CPEs: 46EXPL: 1CVE-2002-0693 – Microsoft Windows XP/2000/NT 4.0 - Help Facility ActiveX Control Buffer Overflow
https://notcve.org/view.php?id=CVE-2002-0693
05 Oct 2002 — Buffer overflow in the HTML Help ActiveX Control (hhctrl.ocx) in Microsoft Windows 98, 98 Second Edition, Millennium Edition, NT 4.0, NT 4.0 Terminal Server Edition, Windows 2000, and Windows XP allows remote attackers to execute code via (1) a long parameter to the Alink function, or (2) script containing a long argument to the showHelp function. Desbordamiento de búfer en el control ActiveX de ayuda HTML (hhctrl.ocx) en Microsoft Windows 98, 98 SE, Me, NT4, 2000 y XP, permite a atacantes remotos ejecutar ... • https://www.exploit-db.com/exploits/21902 •
CVSS: 7.5EPSS: 8%CPEs: 22EXPL: 0CVE-2002-0863
https://notcve.org/view.php?id=CVE-2002-0863
01 Oct 2002 — Remote Data Protocol (RDP) version 5.0 in Microsoft Windows 2000 and RDP 5.1 in Windows XP does not encrypt the checksums of plaintext session data, which could allow a remote attacker to determine the contents of encrypted sessions via sniffing, aka "Weak Encryption in RDP Protocol." • http://marc.info/?l=bugtraq&m=103235960119404&w=2 •
CVSS: 6.8EPSS: 20%CPEs: 11EXPL: 1CVE-2002-0862 – Microsoft Internet Explorer 5/6 / Konqueror 2.2.2/3.0 / Weblogic Server 5/6/7 - Invalid X.509 Certificate Chain
https://notcve.org/view.php?id=CVE-2002-0862
10 Sep 2002 — The (1) CertGetCertificateChain, (2) CertVerifyCertificateChainPolicy, and (3) WinVerifyTrust APIs within the CryptoAPI for Microsoft products including Microsoft Windows 98 through XP, Office for Mac, Internet Explorer for Mac, and Outlook Express for Mac, do not properly verify the Basic Constraints of intermediate CA-signed X.509 certificates, which allows remote attackers to spoof the certificates of trusted sites via a man-in-the-middle attack for SSL sessions, as originally reported for Internet Explo... • https://www.exploit-db.com/exploits/21692 • CWE-295: Improper Certificate Validation •
CVSS: 7.5EPSS: 4%CPEs: 6EXPL: 0CVE-2002-0699
https://notcve.org/view.php?id=CVE-2002-0699
31 Aug 2002 — Unknown vulnerability in the Certificate Enrollment ActiveX Control in Microsoft Windows 98, Windows 98 Second Edition, Windows Millennium, Windows NT 4.0, Windows 2000, and Windows XP allow remote attackers to delete digital certificates on a user's system via HTML. Vulnerabilidad desconocida en el Control ActiveX de Enrolamiento de Certificados (Certificate Enrollment) en Microsoft Windows 98, Windows 98 Segunda Edición, Windows Millenium, Windows NT 4.0, Windows 2000 y Windows XP, permite a atacantes rem... • https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-048 •
CVSS: 7.5EPSS: 44%CPEs: 30EXPL: 2CVE-2002-0724 – Microsoft Windows XP/2000/NT 4.0 - Network Share Provider SMB Request Buffer Overflow
https://notcve.org/view.php?id=CVE-2002-0724
24 Aug 2002 — Buffer overflow in SMB (Server Message Block) protocol in Microsoft Windows NT, Windows 2000, and Windows XP allows attackers to cause a denial of service (crash) via a SMB_COM_TRANSACTION packet with a request for the (1) NetShareEnum, (2) NetServerEnum2, or (3) NetServerEnum3, aka "Unchecked Buffer in Network Share Provider Can Lead to Denial of Service". • https://www.exploit-db.com/exploits/21746 •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2002-0725
https://notcve.org/view.php?id=CVE-2002-0725
20 Aug 2002 — NTFS file system in Windows NT 4.0 and Windows 2000 SP2 allows local attackers to hide file usage activities via a hard link to the target file, which causes the link to be recorded in the audit trail instead of the target file. El sistema de archivos NTFS en Windows NT4.0 y Windows 2000 SP2 permite a atacantes locales ocultar las actividades de uso de ficheros mediante un enlace duro al fichero objetivo, lo que causa la auditoría se haga sobre el enlace y no sobre el fichero objetivo. • http://www.atstake.com/research/advisories/2000/a081602-1.txt • CWE-59: Improper Link Resolution Before File Access ('Link Following') •