CVE-2002-1561 – Microsoft Windows XP/2000/NT 4.0 - RPC Service Denial of Service
https://notcve.org/view.php?id=CVE-2002-1561
The RPC component in Windows 2000, Windows NT 4.0, and Windows XP allows remote attackers to cause a denial of service (disabled RPC service) via a malformed packet to the RPC Endpoint Mapper at TCP port 135, which triggers a null pointer dereference. La pila DCE-RPC en Windows 2000 y otros sistemas operativos permite a atacantes remotos causar una denegación de servicio (desactivar el servico RCP) mediante un paquete malformado al puerto TCP 135, que dispara una desreferencia a un puntero nulo. • https://www.exploit-db.com/exploits/21951 https://www.exploit-db.com/exploits/21953 https://www.exploit-db.com/exploits/21954 https://www.exploit-db.com/exploits/21952 http://www.kb.cert.org/vuls/id/261537 http://www.securityfocus.com/archive/1/296114/2002-10-14/2002-10-20/0 http://www.securityfocus.com/bid/6005 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-010 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre. •
CVE-2003-0010
https://notcve.org/view.php?id=CVE-2003-0010
Integer overflow in JsArrayFunctionHeapSort function used by Windows Script Engine for JScript (JScript.dll) on various Windows operating system allows remote attackers to execute arbitrary code via a malicious web page or HTML e-mail that uses a large array index value that enables a heap-based buffer overflow attack. Desbordamiento de enteros en JsArrayFunctionHeapSort usado en el Motor de script Windows de JScript (JScript.dll) en varios sistemas operativos Windows permite a atacantes remotos ejecutar código arbitrario mediante una página web maliciosao un correo electrónico HTML que usa un valor de índice de array largo que permite un ataque de desbordamiento de búfer basado en el montón (heap). • http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0139.html http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=26 http://marc.info/?l=bugtraq&m=104812108307645&w=2 http://www.securityfocus.com/bid/7146 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-008 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A134 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A200 https:/ •
CVE-2003-0109 – Microsoft IIS - WebDAV 'ntdll.dll' Remote Overflow
https://notcve.org/view.php?id=CVE-2003-0109
Buffer overflow in ntdll.dll on Microsoft Windows NT 4.0, Windows NT 4.0 Terminal Server Edition, Windows 2000, and Windows XP allows remote attackers to execute arbitrary code, as demonstrated via a WebDAV request to IIS 5.0. • https://www.exploit-db.com/exploits/1 https://www.exploit-db.com/exploits/22365 https://www.exploit-db.com/exploits/22366 https://www.exploit-db.com/exploits/22367 https://www.exploit-db.com/exploits/22368 https://www.exploit-db.com/exploits/16470 https://www.exploit-db.com/exploits/2 https://www.exploit-db.com/exploits/51 https://www.exploit-db.com/exploits/36 http://marc.info/?l=bugtraq&m=104826476427372&w=2 http://marc.info/?l=bugtraq&m=104861 •
CVE-2003-0003 – Microsoft Windows 2000/NT 4 - RPC Locator Service Remote Overflow
https://notcve.org/view.php?id=CVE-2003-0003
Buffer overflow in the RPC Locator service for Microsoft Windows NT 4.0, Windows NT 4.0 Terminal Server Edition, Windows 2000, and Windows XP allows local users to execute arbitrary code via an RPC call to the service containing certain parameter information. Desbordamiento de búfer en el servicio Localizador de Windows NT 4.0, Windows NT 4.0 Terminal server Edition, Windows 2000, y Windows XP permite a usuarios locales ejecutar código arbitrario mediante una llamada RPC al servicio conteniendo cierta información de parámetros. • https://www.exploit-db.com/exploits/5 https://www.exploit-db.com/exploits/22194 http://marc.info/?l=bugtraq&m=104394414713415&w=2 http://marc.info/?l=ntbugtraq&m=104393588232166&w=2 http://www.cert.org/advisories/CA-2003-03.html http://www.kb.cert.org/vuls/id/610986 http://www.securityfocus.com/bid/6666 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-001 https://exchange.xforce.ibmcloud.com/vulnerabilities/11132 https://oval.cisecurit •
CVE-2003-0001 – Linux Kernel 2.0.x/2.2.x/2.4.x (FreeBSD 4.x) - Network Device Driver Frame Padding Information Disclosure
https://notcve.org/view.php?id=CVE-2003-0001
Multiple ethernet Network Interface Card (NIC) device drivers do not pad frames with null bytes, which allows remote attackers to obtain information from previous packets or kernel memory by using malformed packets, as demonstrated by Etherleak. Múltiples controladores de dispositivo (device drivers) de Tarjetas de Interfaz de Red (Network Interface Card - NIC) Ethernet no rellenan las tramas con bytes nulos, lo que permite a atacantes remotos obtener información de paquetes anteriores o memoria del kernel usando paquetes malformados, como ha sido demostrado por Etherleak. • https://www.exploit-db.com/exploits/22131 https://www.exploit-db.com/exploits/26076 https://www.exploit-db.com/exploits/3555 http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0016.html http://marc.info/?l=bugtraq&m=104222046632243&w=2 http://secunia.com/advisories/7996 http://www.atstake.com/research/advisories/2003/a010603-1.txt http://www.atstake.com/research/advisories/2003/atstake_etherleak_report.pdf http://www.kb.cert.org/vuls/id/412115 http://www.ora • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •