Vulnerabilities > Microsoft
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2002-12-31 | CVE-2002-1908 | Unspecified vulnerability in Microsoft Internet Information Services 5.0 Microsoft IIS 5.0 and 5.1 allows remote attackers to cause a denial of service (CPU consumption) via an HTTP request with a Host header that contains a large number of "/" (forward slash) characters. | 5.0 |
2002-12-31 | CVE-2002-1876 | Resource Exhaustion vulnerability in Microsoft Exchange Server 2000 Microsoft Exchange 2000 allows remote authenticated attackers to cause a denial of service via a large number of rapid requests, which consumes all of the licenses that are granted to Exchange by IIS. | 2.1 |
2002-12-31 | CVE-2002-1873 | Resource Exhaustion vulnerability in Microsoft Exchange Server 2000 Microsoft Exchange 2000, when used with Microsoft Remote Procedure Call (MSRPC), allows remote attackers to cause a denial of service (crash or memory consumption) via malformed MSRPC calls. | 5.0 |
2002-12-31 | CVE-2002-1872 | Inadequate Encryption Strength vulnerability in Microsoft SQL Server Microsoft SQL Server 6.0 through 2000, with SQL Authentication enabled, uses weak password encryption (XOR), which allows remote attackers to sniff and decrypt the password. | 7.5 |
2002-12-31 | CVE-2002-1847 | Unspecified vulnerability in Microsoft Windows Media Player Buffer overflow in mplay32.exe of Microsoft Windows Media Player (WMP) 6.3 through 7.1 allows remote attackers to execute arbitrary commands via a long mp3 filename command line argument. | 7.5 |
2002-12-31 | CVE-2002-1844 | Incorrect Default Permissions vulnerability in Microsoft Windows Media Player 6.3 Microsoft Windows Media Player (WMP) 6.3, when installed on Solaris, installs executables with world-writable permissions, which allows local users to delete or modify the executables to gain privileges. | 7.8 |
2002-12-31 | CVE-2002-1831 | Unspecified vulnerability in Microsoft MSN Messenger Microsoft MSN Messenger Service 1.0 through 4.6 allows remote attackers to cause a denial of service (crash) via an invite request that contains hex-encoded spaces (%20) in the Invitation-Cookie field. | 5.0 |
2002-12-31 | CVE-2002-1824 | Unspecified vulnerability in Microsoft IE and Internet Explorer Microsoft Internet Explorer 6.0, when handling an expired CA-CERT in a webserver's certificate chain during a SSL/TLS handshake, does not prompt the user before searching for and finding a newer certificate, which may allow attackers to perform a man-in-the-middle attack. | 5.0 |
2002-12-31 | CVE-2002-1795 | Cross-Site Scripting vulnerability in Microsoft TSAC ActiveX Control Cross-site scripting (XSS) vulnerability in connect.asp in Microsoft Terminal Services Advanced Client (TSAC) ActiveX control allows remote attackers to inject arbitrary web script or HTML via unknown vectors. network microsoft | 4.3 |
2002-12-31 | CVE-2002-1790 | Unspecified vulnerability in Microsoft products The SMTP service in Microsoft Internet Information Services (IIS) 4.0 and 5.0 allows remote attackers to bypass anti-relaying rules and send spam or spoofed messages via encapsulated SMTP addresses, a similar vulnerability to CVE-1999-0682. | 5.0 |