Weekly Vulnerabilities Reports > December 16 to 22, 2002

Overview

14 new vulnerabilities reported during this period, including 0 critical vulnerabilities and 5 high severity vulnerabilities. This weekly summary report vulnerabilities in 13 products from 10 vendors including Microsoft, Canna, GNU, Realnetworks, and SUN. Vulnerabilities are notably categorized as .

  • 12 reported vulnerabilities are remotely exploitables.
  • 14 reported vulnerabilities are exploitable by an anonymous user.
  • Microsoft has the most reported vulnerabilities, with 5 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

0 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS

5 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2002-12-19 CVE-2002-1643 Realnetworks Buffer Overflow vulnerability in RealNetworks Helix Universal Server RTSP Transport

Multiple buffer overflows in RealNetworks Helix Universal Server 9.0 (9.0.2.768) allow remote attackers to execute arbitrary code via (1) a long Transport field in a SETUP RTSP request, (2) a DESCRIBE RTSP request with a long URL argument, or (3) two simultaneous HTTP GET requests with long arguments.

7.5
2002-12-18 CVE-2002-1347 Cyrus Unspecified vulnerability in Cyrus Sasl

Multiple buffer overflows in Cyrus SASL library 2.1.9 and earlier allow remote attackers to cause a denial of service and possibly execute arbitrary code via (1) long inputs during user name canonicalization, (2) characters that need to be escaped during LDAP authentication using saslauthd, or (3) an off-by-one error in the log writer, which does not allocate space for the null character that terminates a string.

7.5
2002-12-18 CVE-2002-1342 Smb2Www Remote Command Execution vulnerability in SMB2WWW

Unknown vulnerability in smb2www 980804-16 and earlier allows remote attackers to execute arbitrary commands.

7.5
2002-12-18 CVE-2002-1262 Microsoft Unspecified vulnerability in Microsoft Internet Explorer 5.5/6.0

Internet Explorer 5.5 and 6.0 does not perform complete security checks on external caching, which allows remote attackers to read arbitrary files.

7.5
2002-12-18 CVE-2002-1158 Canna Local Buffer Overflow vulnerability in Canna Server

Buffer overflow in the irw_through function for Canna 3.5b2 and earlier allows local users to execute arbitrary code as the bin user.

7.2

9 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2002-12-18 CVE-2002-1341 Squirrelmail Cross-Site Scripting vulnerability in SquirrelMail read_body.php

Cross-site scripting (XSS) vulnerability in read_body.php for SquirrelMail 1.2.10, 1.2.9, and earlier allows remote attackers to insert script and HTML via the (1) mailbox and (2) passed_id parameters.

6.8
2002-12-18 CVE-2002-1159 Canna Denial Of Service vulnerability in Canna 3.5B2/3.6

Canna 3.6 and earlier does not properly validate requests, which allows remote attackers to cause a denial of service or information leak.

6.4
2002-12-18 CVE-2002-1354 Typsoft Directory Traversal vulnerability in TYPSoft FTP Server

Directory traversal vulnerability in TYPSoft FTP Server 0.99.8 allows local users to list the contents of arbitrary directories via a ...

5.0
2002-12-18 CVE-2002-1344 GNU
SUN
Directory traversal vulnerability in wget before 1.8.2-4 allows a remote FTP server to create or overwrite files as the wget user via filenames containing (1) /absolute/path or (2) ..
5.0
2002-12-18 CVE-2002-1340 Microsoft Remote Security vulnerability in Microsoft Office web Components 2002

The "ConnectionFile" property in the DataSourceControl component in Office Web Components (OWC) 10 allows remote attackers to determine the existence of local files by detecting an exception.

5.0
2002-12-18 CVE-2002-1339 Microsoft Remote Security vulnerability in Microsoft Office web Components 2002

The "XMLURL" property in the Spreadsheet component of Office Web Components (OWC) 10 follows redirections, which allows remote attackers to determine the existence of local files based on exceptions, or to read WorkSheet XML files.

5.0
2002-12-18 CVE-2002-1338 Microsoft Local File Existence Disclosure vulnerability in Microsoft Office web Components 2002

The Load method in the Chart component of Office Web Components (OWC) 9 and 10 generates an exception when a specified file does not exist, which allows remote attackers to determine the existence of local files.

5.0
2002-12-18 CVE-2002-1255 Microsoft Denial of Service vulnerability in Microsoft Outlook 2002

Microsoft Outlook 2002 allows remote attackers to cause a denial of service (repeated failure) via an email message with a certain invalid header field that is accessed using POP3, IMAP, or WebDAV, aka "E-mail Header Processing Flaw Could Cause Outlook 2002 to Fail."

5.0
2002-12-18 CVE-2002-1349 Trend Micro Buffer Overflow vulnerability in Trend Micro PC-cillin Mail Scanner

Buffer overflow in pop3trap.exe for PC-cillin 2000, 2002, and 2003 allows local users to execute arbitrary code via a long input string to TCP port 110 (POP3).

4.6

0 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS