Page 20 of 213 results (0.019 seconds)

CVSS: 7.2EPSS: 0%CPEs: 38EXPL: 0

Buffer overflow in Remote Access Service (RAS) phonebook for Windows NT 4.0, 2000, XP, and Routing and Remote Access Server (RRAS) allows local users to execute arbitrary code by modifying the rasphone.pbk file to use a long dial-up entry. • http://online.securityfocus.com/archive/1/276776 http://online.securityfocus.com/archive/1/278145 http://www.nextgenss.com/vna/ms-ras.txt http://www.securityfocus.com/bid/4852 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-029 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A61 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A63 •

CVSS: 7.2EPSS: 2%CPEs: 2EXPL: 2

smss.exe debugging subsystem in Windows NT and Windows 2000 does not properly authenticate programs that connect to other programs, which allows local users to gain administrator or SYSTEM privileges by duplicating a handle to a privileged process, as demonstrated by DebPloit. smss.exe debugging subsystem in Microsoft Windows does not properly authenticate programs that connect to other programs, which allows local users to gain administrator or SYSTEM privileges. • https://www.exploit-db.com/exploits/21344 http://marc.info/?l=ntbugtraq&m=101614320402695&w=2 http://www.iss.net/security_center/static/8462.php http://www.securityfocus.com/archive/1/262074 http://www.securityfocus.com/archive/1/264441 http://www.securityfocus.com/archive/1/264927 http://www.securityfocus.com/bid/4287 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-024 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval •

CVSS: 5.0EPSS: 97%CPEs: 8EXPL: 0

IIS 4.0 allows local users to bypass the "User cannot change password" policy for Windows NT by directly calling .htr password changing programs in the /iisadmpwd directory, including (1) aexp2.htr, (2) aexp2b.htr, (3) aexp3.htr , or (4) aexp4.htr. IIS 4.0 permite a usuarios locales eludir la restricción de "Los usuarios no pueden cambiar la contraseña" (User cannot change password) para Windows NT invocando directamente los programas de cambio de conrtaseña .htr del directorio /iisadmpwd, incluyendo: aexp2.htr aexp2b.htr aexp3.htr aexp4.htr • http://online.securityfocus.com/archive/1/259963 http://www.iss.net/security_center/static/8388.php http://www.securityfocus.com/bid/4236 •

CVSS: 7.2EPSS: 0%CPEs: 6EXPL: 0

Buffer overflow in Multiple UNC Provider (MUP) in Microsoft Windows operating systems allows local users to cause a denial of service or possibly gain SYSTEM privileges via a long UNC request. Desbordamiento de buffer en el proveedor múltiple de UNC (MUP) en sistemas operativos Microsoft Windows permite a usuarios locales provocar una denegación de servicio y posiblemente ganar privilegios de SYSTEM mediante una petición UNC larga. • http://marc.info/?l=bugtraq&m=101793727306282&w=2 http://www.iss.net/security_center/static/8752.php http://www.securityfocus.com/bid/4426 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-017 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A145 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A89 •

CVSS: 7.6EPSS: 7%CPEs: 5EXPL: 0

Buffer overflow in Windows Shell (used as the Windows Desktop) allows local and possibly remote attackers to execute arbitrary code via a custom URL handler that has not been removed for an application that has been improperly uninstalled. El desbordamiento del búfer en el Windows Shell (usado como escritorio de Windows) permite a atacantes locales y posibles atacantes remotos, la ejecución de código arbitrario mediante un manejador de URL que no ha sido eliminado de una aplicación defectuosamente desinstalada. • http://marc.info/?l=bugtraq&m=101594127017290&w=2 http://www.iss.net/security_center/static/8384.php http://www.ntbugtraq.com/default.asp?pid=36&sid=1&A2=ind0203&L=ntbugtraq&F=P&S=&P=2404 http://www.securityfocus.com/bid/4248 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-014 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A147 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •