CVSS: 5.0EPSS: 30%CPEs: 43EXPL: 0CVE-2002-1258
https://notcve.org/view.php?id=CVE-2002-1258
Two vulnerabilities in Microsoft Virtual Machine (VM) up to and including build 5.0.3805, as used in Internet Explorer and other applications, allow remote attackers to read files via a Java applet with a spoofed location in the CODEBASE parameter in the APPLET tag, possibly due to a parsing error. Dos vulnerabilidades en la Máquina Virtual de Microsoft (VM) hasta 5.0.3805 inclusive, como la usada en Internet Explorer y otras aplicaciones, permite a atacantes remotos leer ficheros mediante un applet Java con una localización falsificada en el parámetro CODEBASE de la etiqueta APPLET, posiblemente debido a un error de procesado. • https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-069 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A582 •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2002-1180
https://notcve.org/view.php?id=CVE-2002-1180
A typographical error in the script source access permissions for Internet Information Server (IIS) 5.0 does not properly exclude .COM files, which allows attackers with only write permissions to upload malicious .COM files, aka "Script Source Access Vulnerability." Un error tipográfico en los permisos de acceso a fuentes de scripts en Internet Information Server (IIS) 5.0 no excluye adecuadamente ficheros .COM, lo que permite a atacantes con sólo permisos de escritura cargar ficheros .COM, también conocida como "Vulnerabilidad de Acceso a Fuente de Scripts" • http://www.ciac.org/ciac/bulletins/n-011.shtml http://www.iss.net/security_center/static/10504.php http://www.securityfocus.com/bid/6068 http://www.securityfocus.com/bid/6071 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-062 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A931 •
CVSS: 5.0EPSS: 12%CPEs: 1EXPL: 0CVE-2002-1182
https://notcve.org/view.php?id=CVE-2002-1182
IIS 5.0 and 5.1 allows remote attackers to cause a denial of service (crash) via malformed WebDAV requests that cause a large amount of memory to be assigned. IIS 5.0 Y 5.1 permiten a atacantes remotso causar una denegación de servicio (caída) mediante peticiones WebDAV malformadas que hacen que sea asignada mucha memoria. • http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0048.html http://www.ciac.org/ciac/bulletins/n-011.shtml http://www.nextgenss.com/advisories/ms-iisdos.txt http://www.nextgenss.com/vna/ms-iisdos.txt http://www.securityfocus.com/bid/4846 http://www.securityfocus.com/bid/6068 http://www.securityfocus.com/bid/6070 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-062 https://exchange.xforce.ibmcloud.com/vulnerabilities/10184 https://exchange.x •
CVSS: 4.6EPSS: 0%CPEs: 8EXPL: 10CVE-2002-1230 – Microsoft Windows XP/2000/NT 4.0 - NetDDE Privilege Escalation
https://notcve.org/view.php?id=CVE-2002-1230
NetDDE Agent on Windows NT 4.0, 4.0 Terminal Server Edition, Windows 2000, and Windows XP allows local users to execute arbitrary code as LocalSystem via "shatter" style attack by sending a WM_COPYDATA message followed by a WM_TIMER message, as demonstrated by GetAd, aka "Flaw in Windows WM_TIMER Message Handling Could Enable Privilege Elevation." El Agente NetDDE en sistemas Windows permite a usuarios locales ejecutar código arbitrario mediante un mensaje WM_COPYDATA usando un ataque de estilo "destrozar" (shatter) • https://www.exploit-db.com/exploits/21922 https://www.exploit-db.com/exploits/21923 https://www.exploit-db.com/exploits/21684 https://www.exploit-db.com/exploits/21685 https://www.exploit-db.com/exploits/21686 https://www.exploit-db.com/exploits/21687 https://www.exploit-db.com/exploits/21688 https://www.exploit-db.com/exploits/21689 https://www.exploit-db.com/exploits/21690 https://www.exploit-db.com/exploits/21691 http://getad.chat.ru http://www.ciac •
CVSS: 7.5EPSS: 7%CPEs: 2EXPL: 0CVE-2002-0869
https://notcve.org/view.php?id=CVE-2002-0869
Unknown vulnerability in the hosting process (dllhost.exe) for Microsoft Internet Information Server (IIS) 4.0 through 5.1 allows remote attackers to gain privileges by executing an out of process application that acquires LocalSystem privileges, aka "Out of Process Privilege Elevation." Vulnerabilidad desconocida en el proceso de anfitrión (dllhost.exe) en Microsoft Internet Information Server (IIS) 4.0 a 5.1 permite a atacantes remotos ganar privilegios ejecutando una aplicación fuera de proceso que adquiere privilegios de LocalSystem, también conocida como "Elevación de Privilegios Fuera de Proceso". • http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0059.html http://marc.info/?l=bugtraq&m=103642839205574&w=2 http://www.ciac.org/ciac/bulletins/n-011.shtml http://www.iss.net/security_center/static/10502.php http://www.li0n.pe.kr/eng/advisory/ms/iis_impersonation.txt https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-062 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A929 https://oval.cisecurity.org/reposi •