Weekly Vulnerabilities Reports > December 16 to 22, 2002
Overview
14 new vulnerabilities reported during this period, including 0 critical vulnerabilities and 5 high severity vulnerabilities. This weekly summary report vulnerabilities in 13 products from 10 vendors including Microsoft, Canna, GNU, Realnetworks, and SUN. Vulnerabilities are notably categorized as .
- 12 reported vulnerabilities are remotely exploitables.
- 14 reported vulnerabilities are exploitable by an anonymous user.
- Microsoft has the most reported vulnerabilities, with 5 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
0 Critical Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|
5 High Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2002-12-19 | CVE-2002-1643 | Realnetworks | Buffer Overflow vulnerability in RealNetworks Helix Universal Server RTSP Transport Multiple buffer overflows in RealNetworks Helix Universal Server 9.0 (9.0.2.768) allow remote attackers to execute arbitrary code via (1) a long Transport field in a SETUP RTSP request, (2) a DESCRIBE RTSP request with a long URL argument, or (3) two simultaneous HTTP GET requests with long arguments. | 7.5 |
| 2002-12-18 | CVE-2002-1347 | Cyrus | Unspecified vulnerability in Cyrus Sasl Multiple buffer overflows in Cyrus SASL library 2.1.9 and earlier allow remote attackers to cause a denial of service and possibly execute arbitrary code via (1) long inputs during user name canonicalization, (2) characters that need to be escaped during LDAP authentication using saslauthd, or (3) an off-by-one error in the log writer, which does not allocate space for the null character that terminates a string. | 7.5 |
| 2002-12-18 | CVE-2002-1342 | Smb2Www | Remote Command Execution vulnerability in SMB2WWW Unknown vulnerability in smb2www 980804-16 and earlier allows remote attackers to execute arbitrary commands. | 7.5 |
| 2002-12-18 | CVE-2002-1262 | Microsoft | Unspecified vulnerability in Microsoft Internet Explorer 5.5/6.0 Internet Explorer 5.5 and 6.0 does not perform complete security checks on external caching, which allows remote attackers to read arbitrary files. | 7.5 |
| 2002-12-18 | CVE-2002-1158 | Canna | Local Buffer Overflow vulnerability in Canna Server Buffer overflow in the irw_through function for Canna 3.5b2 and earlier allows local users to execute arbitrary code as the bin user. | 7.2 |
9 Medium Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2002-12-18 | CVE-2002-1341 | Squirrelmail | Cross-Site Scripting vulnerability in SquirrelMail read_body.php Cross-site scripting (XSS) vulnerability in read_body.php for SquirrelMail 1.2.10, 1.2.9, and earlier allows remote attackers to insert script and HTML via the (1) mailbox and (2) passed_id parameters. | 6.8 |
| 2002-12-18 | CVE-2002-1159 | Canna | Denial Of Service vulnerability in Canna 3.5B2/3.6 Canna 3.6 and earlier does not properly validate requests, which allows remote attackers to cause a denial of service or information leak. | 6.4 |
| 2002-12-18 | CVE-2002-1354 | Typsoft | Directory Traversal vulnerability in TYPSoft FTP Server Directory traversal vulnerability in TYPSoft FTP Server 0.99.8 allows local users to list the contents of arbitrary directories via a ... | 5.0 |
| 2002-12-18 | CVE-2002-1344 | GNU SUN | Directory traversal vulnerability in wget before 1.8.2-4 allows a remote FTP server to create or overwrite files as the wget user via filenames containing (1) /absolute/path or (2) .. | 5.0 |
| 2002-12-18 | CVE-2002-1340 | Microsoft | Remote Security vulnerability in Microsoft Office web Components 2002 The "ConnectionFile" property in the DataSourceControl component in Office Web Components (OWC) 10 allows remote attackers to determine the existence of local files by detecting an exception. | 5.0 |
| 2002-12-18 | CVE-2002-1339 | Microsoft | Remote Security vulnerability in Microsoft Office web Components 2002 The "XMLURL" property in the Spreadsheet component of Office Web Components (OWC) 10 follows redirections, which allows remote attackers to determine the existence of local files based on exceptions, or to read WorkSheet XML files. | 5.0 |
| 2002-12-18 | CVE-2002-1338 | Microsoft | Local File Existence Disclosure vulnerability in Microsoft Office web Components 2002 The Load method in the Chart component of Office Web Components (OWC) 9 and 10 generates an exception when a specified file does not exist, which allows remote attackers to determine the existence of local files. | 5.0 |
| 2002-12-18 | CVE-2002-1255 | Microsoft | Denial of Service vulnerability in Microsoft Outlook 2002 Microsoft Outlook 2002 allows remote attackers to cause a denial of service (repeated failure) via an email message with a certain invalid header field that is accessed using POP3, IMAP, or WebDAV, aka "E-mail Header Processing Flaw Could Cause Outlook 2002 to Fail." | 5.0 |
| 2002-12-18 | CVE-2002-1349 | Trend Micro | Buffer Overflow vulnerability in Trend Micro PC-cillin Mail Scanner Buffer overflow in pop3trap.exe for PC-cillin 2000, 2002, and 2003 allows local users to execute arbitrary code via a long input string to TCP port 110 (POP3). | 4.6 |
0 Low Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|