CVSS: 6.8EPSS: 15%CPEs: 11EXPL: 1CVE-2002-0862 – Microsoft Internet Explorer 5/6 / Konqueror 2.2.2/3.0 / Weblogic Server 5/6/7 - Invalid X.509 Certificate Chain
https://notcve.org/view.php?id=CVE-2002-0862
The (1) CertGetCertificateChain, (2) CertVerifyCertificateChainPolicy, and (3) WinVerifyTrust APIs within the CryptoAPI for Microsoft products including Microsoft Windows 98 through XP, Office for Mac, Internet Explorer for Mac, and Outlook Express for Mac, do not properly verify the Basic Constraints of intermediate CA-signed X.509 certificates, which allows remote attackers to spoof the certificates of trusted sites via a man-in-the-middle attack for SSL sessions, as originally reported for Internet Explorer and IIS. Las APIs (Application Programming Interface) CertGetCertificateChain CertVerifyCertificateChainPolicy WinVerifyTrust en la CriptoAPI de productos de Microsoft, incluyendo Microsoft Windows 98 a XP, Office para Mac, Internet Explorer para Mac, y Outlook Express para Mac, no verifican adecuadamente las restricciones básicas de certificados X.509 firmados por CAs (Autoridad Certificadora) intermedias, lo que permite a atacantes remotos falsear los certificados de sitios de confianza mediante un ataque tipo hombre-en-el-medio en sesiones SSL, como se informó anteriormente para Internet Explorer e IIS. • https://www.exploit-db.com/exploits/21692 http://marc.info/?l=bugtraq&m=102866120821995&w=2 http://marc.info/?l=bugtraq&m=102918200405308&w=2 http://marc.info/?l=bugtraq&m=102976967730450&w=2 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-050 https://exchange.xforce.ibmcloud.com/vulnerabilities/9776 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1056 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg& • CWE-295: Improper Certificate Validation •
CVSS: 7.5EPSS: 1%CPEs: 2EXPL: 0CVE-2002-0285
https://notcve.org/view.php?id=CVE-2002-0285
Outlook Express 5.5 and 6.0 on Windows treats a carriage return ("CR") in a message header as if it were a valid carriage return/line feed combination (CR/LF), which could allow remote attackers to bypass virus protection and or other filtering mechanisms via a mail message with headers that only contain the CR, which causes Outlook to create separate headers. Outlook Express 5.5 y 6.0 en Windows trata un retorno de carro (CR) en una cabecera de mensaje como si fuera una combinación válida retorno de carro/avance de línea (CR/LF), lo que podría permitir a atacantes remotos evitar la protección contra virus y/o otros mecanismos de filtrado mediante correos con cabeceras que sólo contienen el CR, lo que hace que Outlook cree cabeceras separadas. • http://marc.info/?l=bugtraq&m=101362077701164&w=2 http://www.iss.net/security_center/static/8198.php http://www.securityfocus.com/bid/4092 •
CVSS: 7.5EPSS: 4%CPEs: 15EXPL: 0CVE-2002-0152
https://notcve.org/view.php?id=CVE-2002-0152
Buffer overflow in various Microsoft applications for Macintosh allows remote attackers to cause a denial of service (crash) or execute arbitrary code by invoking the file:// directive with a large number of / characters, which affects Internet Explorer 5.1, Outlook Express 5.0 through 5.0.2, Entourage v. X and 2001, PowerPoint v. X, 2001, and 98, and Excel v. X and 2001 for Macintosh. Desbordamiento de buffer en varias aplicaciones de Microsoft para Macintosht permite a atacantes remotos causar una denegación de servicio (caída) o ejecutar código arbitrario invocando la directiva file:// con un número grande de caracteres /. • http://marc.info/?l=bugtraq&m=101897994314015&w=2 http://www.iss.net/security_center/static/8850.php http://www.osvdb.org/5357 http://www.securityfocus.com/bid/4517 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-019 •
CVSS: 7.5EPSS: 5%CPEs: 1EXPL: 0CVE-2001-1547
https://notcve.org/view.php?id=CVE-2001-1547
Outlook Express 6.0, with "Do not allow attachments to be saved or opened that could potentially be a virus" enabled, does not block email attachments from forwarded messages, which could allow remote attackers to execute arbitrary code. • http://www.iss.net/security_center/static/7670.php http://www.securityfocus.com/archive/1/243869 http://www.windows-help.net/microsoft/oe6-attach.html •
CVSS: 5.0EPSS: 2%CPEs: 3EXPL: 0CVE-2001-0945
https://notcve.org/view.php?id=CVE-2001-0945
Buffer overflow in Outlook Express 5.0 through 5.02 for Macintosh allows remote attackers to cause a denial of service via an e-mail message that contains a long line. • http://marc.info/?l=bugtraq&m=100741295502017&w=2 http://www.iss.net/security_center/static/7648.php http://www.securityfocus.com/bid/3611 •