Weekly Vulnerabilities Reports > May 3 to 9, 1999

Overview

13 new vulnerabilities reported during this period, including 1 critical vulnerabilities and 0 high severity vulnerabilities. This weekly summary report vulnerabilities in 14 products from 7 vendors including Microsoft, IBM, Intel, HP, and Netscape. Vulnerabilities are notably categorized as .

  • 11 reported vulnerabilities are remotely exploitables.
  • 13 reported vulnerabilities are exploitable by an anonymous user.
  • Microsoft has the most reported vulnerabilities, with 8 reported vulnerabilities.
  • Microsoft has the most reported critical vulnerabilities, with 1 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

1 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
1999-05-06 CVE-1999-1241 Microsoft Unspecified vulnerability in Microsoft Internet Explorer 6.0.2900

Internet Explorer, with a security setting below Medium, allows remote attackers to execute arbitrary commands via a malicious web page that uses the FileSystemObject ActiveX object.

10.0

0 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS

11 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
1999-05-04 CVE-1999-1097 Microsoft Unspecified vulnerability in Microsoft Netmeeting 2.1

Microsoft NetMeeting 2.1 allows one client to read the contents of another client's clipboard via a CTRL-C in the chat box when the box is empty.

6.4
1999-05-05 CVE-1999-1195 Network Associates Unspecified vulnerability in Network Associates Virusscan 4.0.2

NAI VirusScan NT 4.0.2 does not properly modify the scan.dat virus definition file during an update via FTP, but it reports that the update was successful, which could cause a system administrator to believe that the definitions have been updated correctly.

5.1
1999-05-08 CVE-1999-1566 Intel Unspecified vulnerability in Intel Iparty 1.2

Buffer overflow in iParty server 1.2 and earlier allows remote attackers to cause a denial of service (crash) by connecting to default port 6004 and sending repeated extended characters.

5.0
1999-05-07 CVE-1999-0739 Microsoft Unspecified vulnerability in Microsoft Internet Information Server 4.0

The codebrws.asp sample file in IIS and Site Server allows remote attackers to read arbitrary files.

5.0
1999-05-07 CVE-1999-0738 Microsoft Unspecified vulnerability in Microsoft Internet Information Server 4.0

The code.asp sample file in IIS and Site Server allows remote attackers to read arbitrary files.

5.0
1999-05-07 CVE-1999-0737 Microsoft Unspecified vulnerability in Microsoft Internet Information Server 4.0

The viewcode.asp sample file in IIS and Site Server allows remote attackers to read arbitrary files.

5.0
1999-05-07 CVE-1999-0736 Microsoft Unspecified vulnerability in Microsoft Internet Information Server 4.0

The showcode.asp sample file in IIS and Site Server allows remote attackers to read arbitrary files.

5.0
1999-05-07 CVE-1999-0686 Netscape
HP
Denial of service in Netscape Enterprise Server (NES) in HP Virtual Vault (VVOS) via a long URL.
5.0
1999-05-04 CVE-1999-1012 Lotus Denial of Service vulnerability in Lotus Domino 4.6.1

SMTP component of Lotus Domino 4.6.1 on AS/400, and possibly other operating systems, allows a remote attacker to crash the mail server via a long string.

5.0
1999-05-06 CVE-1999-1367 Microsoft Unspecified vulnerability in Microsoft Internet Explorer 5.0

Internet Explorer 5.0 does not properly reset the username/password cache for Web sites that do not use standard cache controls, which could allow users on the same system to access restricted web sites that were visited by other users.

4.6
1999-05-06 CVE-1999-1079 IBM Unspecified vulnerability in IBM AIX

Vulnerability in ptrace in AIX 4.3 allows local users to gain privileges by attaching to a setgid program.

4.6

1 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
1999-05-07 CVE-1999-0717 Microsoft Unspecified vulnerability in Microsoft products

A remote attacker can disable the virus warning mechanism in Microsoft Excel 97.

2.6