Weekly Vulnerabilities Reports > April 3 to 9, 2000

Overview

12 new vulnerabilities reported during this period, including 1 critical vulnerabilities and 2 high severity vulnerabilities. This weekly summary report vulnerabilities in 12 products from 10 vendors including Microsoft, Symantec, Apple, HP, and Ipswitch. Vulnerabilities are notably categorized as and "7PK - Security Features".

  • 10 reported vulnerabilities are remotely exploitables.
  • 12 reported vulnerabilities are exploitable by an anonymous user.
  • Microsoft has the most reported vulnerabilities, with 2 reported vulnerabilities.
  • Symantec has the most reported critical vulnerabilities, with 1 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

1 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2000-04-06 CVE-2000-0300 Symantec Unspecified vulnerability in Symantec Pcanywhere 9.0

The default encryption method of PcAnywhere 9.x uses weak encryption, which allows remote attackers to sniff and decrypt PcAnywhere or NT domain accounts.

10.0

2 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2000-04-07 CVE-2000-0298 Microsoft Unspecified vulnerability in Microsoft Windows 2000

The unattended installation of Windows 2000 with the OEMPreinstall option sets insecure permissions for the All Users and Default Users directories.

7.2
2000-04-03 CVE-2000-0277 Microsoft 7PK - Security Features vulnerability in Microsoft Excel 2000/97

Microsoft Excel 97 and 2000 does not warn the user when executing Excel Macro Language (XLM) macros in external text files, which could allow an attacker to execute a macro virus, aka the "XLM Text Macro" vulnerability.

7.2

8 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2000-04-03 CVE-2000-0297 Allaire Unspecified vulnerability in Allaire Forums 2.0.5

Allaire Forums 2.0.5 allows remote attackers to bypass access restrictions to secure conferences via the rightAccessAllForums or rightModerateAllForums variables.

6.4
2000-04-09 CVE-2000-0273 Symantec Unspecified vulnerability in Symantec Pcanywhere 8.0/9.0

PCAnywhere allows remote attackers to cause a denial of service by terminating the connection before PCAnywhere provides a login prompt.

5.0
2000-04-07 CVE-2000-0279 BE Unspecified vulnerability in BE Beos 4.0/4.5/5.0

BeOS allows remote attackers to cause a denial of service via malformed packets whose length field is less than the length of the headers.

5.0
2000-04-06 CVE-2000-0301 Ipswitch Unspecified vulnerability in Ipswitch Imail

Ipswitch IMAIL server 6.02 and earlier allows remote attackers to cause a denial of service via the AUTH CRAM-MD5 command.

5.0
2000-04-06 CVE-2000-0251 HP Unspecified vulnerability in HP Hp-Ux and Vvos

HP-UX 11.04 VirtualVault (VVOS) sends data to unprivileged processes via an interface that has multiple aliased IP addresses.

5.0
2000-04-05 CVE-2000-0255 Nbase Xyplex Unspecified vulnerability in Nbase-Xyplex Edgeblaster 1.0

The Nbase-Xyplex EdgeBlaster router allows remote attackers to cause a denial of service via a scan for the FormMail CGI program.

5.0
2000-04-04 CVE-2000-0299 Apple Unspecified vulnerability in Apple Webobjects 4.5

Buffer overflow in WebObjects.exe in the WebObjects Developer 4.5 package allows remote attackers to cause a denial of service via an HTTP request with long headers such as Accept.

5.0
2000-04-03 CVE-2000-0634 Stalker Unspecified vulnerability in Stalker Communigate PRO 3.2.4

The web administration interface for CommuniGate Pro 3.2.5 and earlier allows remote attackers to read arbitrary files via a ..

5.0

1 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2000-04-03 CVE-2000-0280 Realnetworks Buffer Overflow vulnerability in Real Networks RealPlayer 6/7 Location

Buffer overflow in the RealNetworks RealPlayer client versions 6 and 7 allows remote attackers to cause a denial of service via a long Location URL.

2.6