CVE-2003-0714 – Microsoft Exchange Server 2000 - XEXCH50 Heap Overflow (PoC) (MS03-046)
https://notcve.org/view.php?id=CVE-2003-0714
The Internet Mail Service in Exchange Server 5.5 and Exchange 2000 allows remote attackers to cause a denial of service (memory exhaustion) by directly connecting to the SMTP service and sending a certain extended verb request, possibly triggering a buffer overflow in Exchange 2000. El servicio de correo de Internet en Exchange Server 5.5 y Exchange 2000 permite a atacantes remotos causar una denegación de servicio (consumición de memoria) conectándose directamente al servicio SMTP y enviando una cierta petición, posiblemente disparando un desbordamiento de búfer en Exchange 2000. • https://www.exploit-db.com/exploits/113 https://www.exploit-db.com/exploits/16820 http://marc.info/?l=bugtraq&m=106682909006586&w=2 http://www.cert.org/advisories/CA-2003-27.html http://www.kb.cert.org/vuls/id/422156 http://www.securityfocus.com/bid/8838 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-046 • CWE-400: Uncontrolled Resource Consumption •
CVE-2002-1790 – Microsoft IIS 4.0/5.0 - SMTP Service Encapsulated SMTP Address (MS99-027)
https://notcve.org/view.php?id=CVE-2002-1790
The SMTP service in Microsoft Internet Information Services (IIS) 4.0 and 5.0 allows remote attackers to bypass anti-relaying rules and send spam or spoofed messages via encapsulated SMTP addresses, a similar vulnerability to CVE-1999-0682. • https://www.exploit-db.com/exploits/21613 http://online.securityfocus.com/archive/1/281914 http://www.iss.net/security_center/static/9580.php http://www.securityfocus.com/bid/5213 •
CVE-2002-0698
https://notcve.org/view.php?id=CVE-2002-0698
Buffer overflow in Internet Mail Connector (IMC) for Microsoft Exchange Server 5.5 allows remote attackers to execute arbitrary code via an EHLO request from a system with a long name as obtained through a reverse DNS lookup, which triggers the overflow in IMC's hello response. Desbordamiento de búfer en Internet Mail Connector (IMC) para Microsoft Exchange Server 5.5 permite que atacantes remotos ejecuten código arbitrario por medio de una petición EHLO desde un sistema con un nombre largo obtenido por búsqueda DNS inversa, lo cual provoca el desbordamiento de búfer en la respuesta de IMC. • http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=20759 http://support.microsoft.com/default.aspx?scid=kb%3B%5BLN%5D%3BQ326322 http://www.iss.net/security_center/static/9658.php http://www.securityfocus.com/bid/5306 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-037 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVE-2002-0507
https://notcve.org/view.php?id=CVE-2002-0507
An interaction between Microsoft Outlook Web Access (OWA) with RSA SecurID allows local users to bypass the SecurID authentication for a previous user via several submissions of an OWA Authentication request with the proper OWA password for the previous user, which is eventually accepted by OWA. Una interacción entre Microsoft Outlook Web Access (OWA) con RSA SecurID permite a usuarios locales evitar la autenticación SecurID para un usuario anterior mediante varios envios de una petición de autenticación OWA con la contraseña adecuada del usuario anterior, que es acaba siendo aceptada por OWA. • http://online.securityfocus.com/archive/1/264705 http://www.iss.net/security_center/static/8681.php http://www.securityfocus.com/bid/4390 • CWE-287: Improper Authentication •
CVE-2002-0054
https://notcve.org/view.php?id=CVE-2002-0054
SMTP service in (1) Microsoft Windows 2000 and (2) Internet Mail Connector (IMC) in Exchange Server 5.5 does not properly handle responses to NTLM authentication, which allows remote attackers to perform mail relaying via an SMTP AUTH command using null session credentials. El servicio SMTP enMicrosoft Windows 2000 y Internet Mail Connector (IMC) en Exchange Server 5.5no maneja adecuadamente respuestas a autenticación NTLM, lo que permite a atacantes remotos hacer reenvío de correo mediante el servidor. • http://marc.info/?l=bugtraq&m=101501580409373&w=2 http://www.securityfocus.com/bid/4205 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-011 • CWE-294: Authentication Bypass by Capture-replay •