Vulnerabilities > Microsoft > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2002-12-31 | CVE-2002-1844 | Incorrect Default Permissions vulnerability in Microsoft Windows Media Player 6.3 Microsoft Windows Media Player (WMP) 6.3, when installed on Solaris, installs executables with world-writable permissions, which allows local users to delete or modify the executables to gain privileges. | 7.8 |
| 2002-12-31 | CVE-2002-1749 | Unspecified vulnerability in Microsoft Windows 2000 Windows 2000 Terminal Services, when using the disconnect feature of the client, does not properly lock itself if it is left idle until the screen saver activates and the user disconnects, which could allow attackers to gain administrator privileges. | 7.2 |
| 2002-12-31 | CVE-2002-1745 | Off-by-one Error vulnerability in Microsoft Internet Information Services 5.0 Off-by-one error in the CodeBrws.asp sample script in Microsoft IIS 5.0 allows remote attackers to view the source code for files with extensions containing with one additional character after .html, .htm, .asp, or .inc, such as .aspx files. | 7.5 |
| 2002-12-26 | CVE-2002-1327 | Buffer Overrun vulnerability in Microsoft Windows XP WMA/MP3 Attributes Buffer overflow in the Windows Shell function in Microsoft Windows XP allows remote attackers to execute arbitrary code via an .MP3 or .WMA audio file with a corrupt custom attribute, aka "Unchecked Buffer in Windows Shell Could Enable System Compromise." | 7.5 |
| 2002-12-23 | CVE-2002-1260 | Unspecified vulnerability in Microsoft products The Java Database Connectivity (JDBC) APIs in Microsoft Virtual Machine (VM) 5.0.3805 and earlier allow remote attackers to bypass security checks and access database contents via an untrusted Java applet. | 7.5 |
| 2002-12-18 | CVE-2002-1262 | Unspecified vulnerability in Microsoft Internet Explorer 5.5/6.0 Internet Explorer 5.5 and 6.0 does not perform complete security checks on external caching, which allows remote attackers to read arbitrary files. | 7.5 |
| 2002-12-11 | CVE-2002-1254 | Unspecified vulnerability in Microsoft IE and Internet Explorer Internet Explorer 5.5 and 6.0 allows remote attackers to bypass the cross-domain security model and access information on the local system or in other domains, and possibly execute code, via cached methods and objects, aka "Cross Domain Verification via Cached Methods." | 7.5 |
| 2002-12-11 | CVE-2002-1183 | Unspecified vulnerability in Microsoft Windows 98, Windows 98Se and Windows NT Microsoft Windows 98 and Windows NT 4.0 do not properly verify the Basic Constraints of digital certificates, allowing remote attackers to execute code, aka "New Variant of Certificate Validation Flaw Could Enable Identity Spoofing" (CAN-2002-0862). | 7.5 |
| 2002-11-29 | CVE-2002-1295 | Unspecified vulnerability in Microsoft Java Virtual Machine 1.1 The Microsoft Java implementation, as used in Internet Explorer, allows remote attackers to cause a denial of service (crash) and possibly conduct other unauthorized activities via applet tags in HTML that bypass Java class restrictions (such as private constructors) by providing the class name in the code parameter, aka "Incomplete Java Object Instantiation Vulnerability." | 7.5 |
| 2002-11-29 | CVE-2002-1294 | Denial Of Service vulnerability in Microsoft Java Virtual Machine 1.1 The Microsoft Java implementation, as used in Internet Explorer, can provide HTML object references to applets via Javascript, which allows remote attackers to cause a denial of service (crash due to illegal memory accesses) and possibly conduct other unauthorized activities via an applet that uses those references to access proprietary Microsoft methods. | 7.5 |