CVE-2003-0010
https://notcve.org/view.php?id=CVE-2003-0010
Integer overflow in JsArrayFunctionHeapSort function used by Windows Script Engine for JScript (JScript.dll) on various Windows operating system allows remote attackers to execute arbitrary code via a malicious web page or HTML e-mail that uses a large array index value that enables a heap-based buffer overflow attack. Desbordamiento de enteros en JsArrayFunctionHeapSort usado en el Motor de script Windows de JScript (JScript.dll) en varios sistemas operativos Windows permite a atacantes remotos ejecutar código arbitrario mediante una página web maliciosao un correo electrónico HTML que usa un valor de índice de array largo que permite un ataque de desbordamiento de búfer basado en el montón (heap). • http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0139.html http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=26 http://marc.info/?l=bugtraq&m=104812108307645&w=2 http://www.securityfocus.com/bid/7146 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-008 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A134 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A200 https:/ •
CVE-2003-0003 – Microsoft Windows 2000/NT 4 - RPC Locator Service Remote Overflow
https://notcve.org/view.php?id=CVE-2003-0003
Buffer overflow in the RPC Locator service for Microsoft Windows NT 4.0, Windows NT 4.0 Terminal Server Edition, Windows 2000, and Windows XP allows local users to execute arbitrary code via an RPC call to the service containing certain parameter information. Desbordamiento de búfer en el servicio Localizador de Windows NT 4.0, Windows NT 4.0 Terminal server Edition, Windows 2000, y Windows XP permite a usuarios locales ejecutar código arbitrario mediante una llamada RPC al servicio conteniendo cierta información de parámetros. • https://www.exploit-db.com/exploits/5 https://www.exploit-db.com/exploits/22194 http://marc.info/?l=bugtraq&m=104394414713415&w=2 http://marc.info/?l=ntbugtraq&m=104393588232166&w=2 http://www.cert.org/advisories/CA-2003-03.html http://www.kb.cert.org/vuls/id/610986 http://www.securityfocus.com/bid/6666 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-001 https://exchange.xforce.ibmcloud.com/vulnerabilities/11132 https://oval.cisecurit •
CVE-2002-2401
https://notcve.org/view.php?id=CVE-2002-2401
NT Virtual DOS Machine (NTVDM.EXE) in Windows 2000, NT and XP does not verify user execution permissions for 16-bit executable files, which allows local users to bypass the loader and execute arbitrary programs. NT Virtual DOS Machine (NTVDM.EXE) en Windows 2000, NT y XP no verifica los permisos de ejecución del usuario para archivos ejecutables de 16 bits, lo que permite a los usuarios locales pasar por alto el cargador y ejecutar programas arbitrarios. • http://archives.neohapsis.com/archives/bugtraq/2002-09/0211.html http://support.microsoft.com/default.aspx?scid=kb%3B%5BLN%5D%3B319458 http://www.abtrusion.com/msexe16.asp http://www.iss.net/security_center/static/10132.php http://www.securityfocus.com/bid/5740 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2002-1712 – Microsoft Windows NT 4.0/2000 - TCP Stack Denial of Service
https://notcve.org/view.php?id=CVE-2002-1712
Microsoft Windows 2000 allows remote attackers to cause a denial of service (memory consumption) by sending a flood of empty TCP/IP packets with the ACK and FIN bits set to the NetBIOS port (TCP/139), as demonstrated by stream3. • https://www.exploit-db.com/exploits/21246 https://www.exploit-db.com/exploits/21245 http://online.securityfocus.com/archive/1/252616 http://support.microsoft.com/default.aspx?scid=kb%3BEN-US%3Bq280446 http://www.securityfocus.com/bid/3967 https://exchange.xforce.ibmcloud.com/vulnerabilities/8037 •
CVE-2002-2073 – Microsoft Site Server 3.0 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2002-2073
Cross-site scripting (XSS) vulnerability in the default ASP pages on Microsoft Site Server 3.0 on Windows NT 4.0 allows remote attackers to inject arbitrary web script or HTML via the (1) ctr parameter in Default.asp and (2) the query string to formslogin.asp. • https://www.exploit-db.com/exploits/21260 http://marc.info/?l=vulnwatch&m=101235440104716&w=2 http://www.iss.net/security_center/static/8050.php http://www.securityfocus.com/bid/3999 •