CVE-2002-0057
https://notcve.org/view.php?id=CVE-2002-0057
XMLHTTP control in Microsoft XML Core Services 2.6 and later does not properly handle IE Security Zone settings, which allows remote attackers to read arbitrary files by specifying a local file as an XML Data Source. El control XMLHTTP en Microsoft XML Core Services 2.6 y versiones posteriores no manejan adecuadamente el establecimiento de valores de la Zona de Seguridad del IE, lo cual permite a atacantes remotos la lectura arbitraria de ficheros especificando un fichero local como una fuente de datos XML. • http://archives.neohapsis.com/archives/bugtraq/2001-12/0152.html http://marc.info/?l=bugtraq&m=101366383408821&w=2 http://www.osvdb.org/3032 http://www.securityfocus.com/bid/3699 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-008 https://exchange.xforce.ibmcloud.com/vulnerabilities/7712 •
CVE-2002-0056
https://notcve.org/view.php?id=CVE-2002-0056
Buffer overflow in SQL Server 7.0 and 2000 allows remote attackers to execute arbitrary code via a long OLE DB provider name to (1) OpenDataSource or (2) OpenRowset in an ad hoc connection. Desbordamiento de búfer enSQL Server 7.0 y 2000 permite a atacantes remotos ejecutar código arbitrario mediante un nombre largo de proveedor OLE DB a: (1) OpenDataSource o(2) OpenRowset en una conexión ad hoc. • http://marc.info/?l=bugtraq&m=101422555428036&w=2 http://marc.info/?l=vuln-dev&m=101413924631329&w=2 http://www.kb.cert.org/vuls/id/619707 http://www.securityfocus.com/bid/4135 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-007 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A271 •
CVE-2001-0542
https://notcve.org/view.php?id=CVE-2001-0542
Buffer overflows in Microsoft SQL Server 7.0 and 2000 allow attackers with access to SQL Server to execute arbitrary code through the functions (1) raiserror, (2) formatmessage, or (3) xp_sprintf. NOTE: the C runtime format string vulnerability reported in MS01-060 is identified by CVE-2001-0879. Desbordamiento de buffer en MS SQL Server 7.0 y 2000 permite a atacantes con acceso al servidor SQL ejecutar código arbitrario por medio de las funciones 1) raiserror, (2) formatmessage, o (3) xp_sprintf. • http://marc.info/?l=bugtraq&m=100891252317406&w=2 http://www.atstake.com/research/advisories/2001/a122001-1.txt http://www.kb.cert.org/vuls/id/700575 http://www.securityfocus.com/bid/3733 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-060 https://exchange.xforce.ibmcloud.com/vulnerabilities/7724 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A83 •
CVE-2001-0879
https://notcve.org/view.php?id=CVE-2001-0879
Format string vulnerability in the C runtime functions in SQL Server 7.0 and 2000 allows attackers to cause a denial of service. Vulnerabilidad de cadena formateada en las funciones de ejecución C en SQL Server 7.0 y 2000 permite a atacantes remotos provocar una denegación de servicio. • http://marc.info/?l=bugtraq&m=100891252317406&w=2 http://www.atstake.com/research/advisories/2001/a122001-1.txt http://www.securityfocus.com/bid/3732 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-060 https://exchange.xforce.ibmcloud.com/vulnerabilities/7725 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A253 •
CVE-2001-0509
https://notcve.org/view.php?id=CVE-2001-0509
Vulnerabilities in RPC servers in (1) Microsoft Exchange Server 2000 and earlier, (2) Microsoft SQL Server 2000 and earlier, (3) Windows NT 4.0, and (4) Windows 2000 allow remote attackers to cause a denial of service via malformed inputs. • https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-041 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A82 • CWE-20: Improper Input Validation •