Page 18 of 214 results (0.002 seconds)

CVSS: 7.5EPSS: 52%CPEs: 3EXPL: 2

Microsoft Windows 98 and Windows NT 4.0 do not properly verify the Basic Constraints of digital certificates, allowing remote attackers to execute code, aka "New Variant of Certificate Validation Flaw Could Enable Identity Spoofing" (CAN-2002-0862). Microsoft Windows 98 y Windows NT 4.0 no verifican las Restricciones Básicas de certificados digitales, permitiendo a atacantes remotos ejecutar código, también conocida como "Nueva Variante de Fallo en Validación de Certificado Podría Permitir Suplantación de Identidad" (CAN-2002-0862). • https://www.exploit-db.com/exploits/21692 http://www.securityfocus.com/bid/5410 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-050 https://exchange.xforce.ibmcloud.com/vulnerabilities/9776 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1059 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1455 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2108 •

CVSS: 4.6EPSS: 0%CPEs: 28EXPL: 0

The system root folder of Microsoft Windows 2000 has default permissions of Everyone group with Full access (Everyone:F) and is in the search path when locating programs during login or application launch from the desktop, which could allow attackers to gain privileges as other users via Trojan horse programs. La carpeta raíz de sistema de Microsoft Windows 2000 tienen permisos por defecto de accesso total para todos los usuarios, y está en el camino de búsqueda cuando se localizan programas durante el inicio de sesión o el lanzamiento de aplicaciones desde el escritorio, lo que puede permitir a atacantes ganar privilegios de otros usuarios mediante programas tipo caballo de Troya. • http://www.securityfocus.com/bid/5415 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-064 https://exchange.xforce.ibmcloud.com/vulnerabilities/9779 •

CVSS: 7.5EPSS: 4%CPEs: 46EXPL: 0

The HTML Help facility in Microsoft Windows 98, 98 Second Edition, Millennium Edition, NT 4.0, NT 4.0 Terminal Server Edition, Windows 2000, and Windows XP uses the Local Computer Security Zone when opening .chm files from the Temporary Internet Files folder, which allows remote attackers to execute arbitrary code via HTML mail that references or inserts a malicious .chm file containing shortcuts that can be executed, aka "Code Execution via Compiled HTML Help File." • http://www.iss.net/security_center/static/10254.php https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-055 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A403 •

CVSS: 7.5EPSS: 88%CPEs: 46EXPL: 1

Buffer overflow in the HTML Help ActiveX Control (hhctrl.ocx) in Microsoft Windows 98, 98 Second Edition, Millennium Edition, NT 4.0, NT 4.0 Terminal Server Edition, Windows 2000, and Windows XP allows remote attackers to execute code via (1) a long parameter to the Alink function, or (2) script containing a long argument to the showHelp function. Desbordamiento de búfer en el control ActiveX de ayuda HTML (hhctrl.ocx) en Microsoft Windows 98, 98 SE, Me, NT4, 2000 y XP, permite a atacantes remotos ejecutar código arbitrario mediante un parámetro largo en la función Alink. • https://www.exploit-db.com/exploits/21902 http://marc.info/?l=bugtraq&m=103365849505409&w=2 http://marc.info/?l=bugtraq&m=103419115517344&w=2 http://marc.info/?l=bugtraq&m=103435279404182&w=2 http://www.iss.net/security_center/static/10253.php http://www.securityfocus.com/bid/5874 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-055 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A374 •

CVSS: 5.0EPSS: 2%CPEs: 22EXPL: 0

Remote Data Protocol (RDP) version 5.0 in Microsoft Windows 2000 and RDP 5.1 in Windows XP does not encrypt the checksums of plaintext session data, which could allow a remote attacker to determine the contents of encrypted sessions via sniffing, aka "Weak Encryption in RDP Protocol." • http://marc.info/?l=bugtraq&m=103235960119404&w=2 http://marc.info/?l=bugtraq&m=103236181522253&w=2 http://www.iss.net/security_center/static/10121.php http://www.iss.net/security_center/static/10122.php http://www.kb.cert.org/vuls/id/865833 http://www.securityfocus.com/bid/5711 http://www.securityfocus.com/bid/5712 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-051 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mi •