Page 29 of 317 results (0.032 seconds)

CVSS: 5.0EPSS: 92%CPEs: 43EXPL: 0

Two vulnerabilities in Microsoft Virtual Machine (VM) up to and including build 5.0.3805, as used in Internet Explorer and other applications, allow remote attackers to read files via a Java applet with a spoofed location in the CODEBASE parameter in the APPLET tag, possibly due to a parsing error. Dos vulnerabilidades en la Máquina Virtual de Microsoft (VM) hasta 5.0.3805 inclusive, como la usada en Internet Explorer y otras aplicaciones, permite a atacantes remotos leer ficheros mediante un applet Java con una localización falsificada en el parámetro CODEBASE de la etiqueta APPLET, posiblemente debido a un error de procesado. • https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-069 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A582 •

CVSS: 7.5EPSS: 52%CPEs: 3EXPL: 2

Microsoft Windows 98 and Windows NT 4.0 do not properly verify the Basic Constraints of digital certificates, allowing remote attackers to execute code, aka "New Variant of Certificate Validation Flaw Could Enable Identity Spoofing" (CAN-2002-0862). Microsoft Windows 98 y Windows NT 4.0 no verifican las Restricciones Básicas de certificados digitales, permitiendo a atacantes remotos ejecutar código, también conocida como "Nueva Variante de Fallo en Validación de Certificado Podría Permitir Suplantación de Identidad" (CAN-2002-0862). • https://www.exploit-db.com/exploits/21692 http://www.securityfocus.com/bid/5410 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-050 https://exchange.xforce.ibmcloud.com/vulnerabilities/9776 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1059 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1455 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2108 •

CVSS: 4.6EPSS: 0%CPEs: 28EXPL: 0

The system root folder of Microsoft Windows 2000 has default permissions of Everyone group with Full access (Everyone:F) and is in the search path when locating programs during login or application launch from the desktop, which could allow attackers to gain privileges as other users via Trojan horse programs. La carpeta raíz de sistema de Microsoft Windows 2000 tienen permisos por defecto de accesso total para todos los usuarios, y está en el camino de búsqueda cuando se localizan programas durante el inicio de sesión o el lanzamiento de aplicaciones desde el escritorio, lo que puede permitir a atacantes ganar privilegios de otros usuarios mediante programas tipo caballo de Troya. • http://www.securityfocus.com/bid/5415 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-064 https://exchange.xforce.ibmcloud.com/vulnerabilities/9779 •

CVSS: 7.5EPSS: 4%CPEs: 46EXPL: 0

The HTML Help facility in Microsoft Windows 98, 98 Second Edition, Millennium Edition, NT 4.0, NT 4.0 Terminal Server Edition, Windows 2000, and Windows XP uses the Local Computer Security Zone when opening .chm files from the Temporary Internet Files folder, which allows remote attackers to execute arbitrary code via HTML mail that references or inserts a malicious .chm file containing shortcuts that can be executed, aka "Code Execution via Compiled HTML Help File." • http://www.iss.net/security_center/static/10254.php https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-055 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A403 •

CVSS: 7.5EPSS: 88%CPEs: 46EXPL: 1

Buffer overflow in the HTML Help ActiveX Control (hhctrl.ocx) in Microsoft Windows 98, 98 Second Edition, Millennium Edition, NT 4.0, NT 4.0 Terminal Server Edition, Windows 2000, and Windows XP allows remote attackers to execute code via (1) a long parameter to the Alink function, or (2) script containing a long argument to the showHelp function. Desbordamiento de búfer en el control ActiveX de ayuda HTML (hhctrl.ocx) en Microsoft Windows 98, 98 SE, Me, NT4, 2000 y XP, permite a atacantes remotos ejecutar código arbitrario mediante un parámetro largo en la función Alink. • https://www.exploit-db.com/exploits/21902 http://marc.info/?l=bugtraq&m=103365849505409&w=2 http://marc.info/?l=bugtraq&m=103419115517344&w=2 http://marc.info/?l=bugtraq&m=103435279404182&w=2 http://www.iss.net/security_center/static/10253.php http://www.securityfocus.com/bid/5874 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-055 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A374 •