Weekly Vulnerabilities Reports > September 15 to 21, 2003

Overview

18 new vulnerabilities reported during this period, including 2 critical vulnerabilities and 10 high severity vulnerabilities. This weekly summary report vulnerabilities in 17 products from 13 vendors including Microsoft, University OF Washington, Kismac, Nicolas Boullis, and Squished Mosquito. Vulnerabilities are notably categorized as .

  • 16 reported vulnerabilities are remotely exploitables.
  • 18 reported vulnerabilities are exploitable by an anonymous user.
  • Microsoft has the most reported vulnerabilities, with 2 reported vulnerabilities.
  • Microsoft has the most reported critical vulnerabilities, with 2 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

2 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2003-09-17 CVE-2003-0715 Microsoft Unspecified vulnerability in Microsoft products

Heap-based buffer overflow in the Distributed Component Object Model (DCOM) interface in the RPCSS Service allows remote attackers to execute arbitrary code via a malformed DCERPC DCOM object activation request packet with modified length fields, a different vulnerability than CVE-2003-0352 (Blaster/Nachi) and CVE-2003-0528.

10.0
2003-09-17 CVE-2003-0528 Microsoft Unspecified vulnerability in Microsoft products

Heap-based buffer overflow in the Distributed Component Object Model (DCOM) interface in the RPCSS Service allows remote attackers to execute arbitrary code via a malformed RPC request with a long filename parameter, a different vulnerability than CVE-2003-0352 (Blaster/Nachi) and CVE-2003-0715.

10.0

10 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2003-09-17 CVE-2003-0767 Gamespy Denial-Of-Service vulnerability in Gamespy products

Buffer overflow in RogerWilco graphical server 1.4.1.6 and earlier, dedicated server 0.32a and earlier for Windows, and 0.27 and earlier for Linux and BSD, allows remote attackers to cause a denial of service and execute arbitrary code via a client request with a large length value.

7.5
2003-09-17 CVE-2003-0766 FTP Desktop Remote Security vulnerability in FTP Desktop FTP Desktop 3.5

Multiple heap-based buffer overflows in FTP Desktop client 3.5, and possibly earlier versions, allow remote malicious servers to execute arbitrary code via (1) a long FTP banner, (2) a long response to a USER command, or (3) a long response to a PASS command.

7.5
2003-09-17 CVE-2003-0765 Nullsoft Remote Security vulnerability in Winamp

The IN_MIDI.DLL plugin 3.01 and earlier, as used in Winamp 2.91, allows remote attackers to execute arbitrary code via a MIDI file with a large "Track data size" value.

7.5
2003-09-17 CVE-2003-0762 Foxweb Remote Security vulnerability in Foxweb 2.5

Buffer overflow in (1) foxweb.dll and (2) foxweb.exe of Foxweb 2.5 allows remote attackers to execute arbitrary code via a long URL (PATH_INFO value).

7.5
2003-09-17 CVE-2003-0761 Digium Remote Security vulnerability in Digium Asterisk 1.2.13

Buffer overflow in the get_msg_text of chan_sip.c in the Session Initiation Protocol (SIP) protocol implementation for Asterisk releases before August 15, 2003, allows remote attackers to execute arbitrary code via certain (1) MESSAGE or (2) INFO requests.

7.5
2003-09-17 CVE-2003-0721 University OF Washington Unspecified vulnerability in University of Washington Pine

Integer signedness error in rfc2231_get_param from strings.c in PINE before 4.58 allows remote attackers to execute arbitrary code via an email that causes an out-of-bounds array access using a negative number.

7.5
2003-09-17 CVE-2003-0720 University OF Washington Unspecified vulnerability in University of Washington Pine

Buffer overflow in PINE before 4.58 allows remote attackers to execute arbitrary code via a malformed message/external-body MIME type.

7.5
2003-09-17 CVE-2003-0705 Nicolas Boullis Unspecified vulnerability in Nicolas Boullis Mah-Jong 1.4

Buffer overflow in mah-jong 1.5.6 and earlier allows remote attackers to execute arbitrary code.

7.5
2003-09-17 CVE-2003-0704 Kismac Local Privilege Escalation vulnerability in Kismac 0.05D

KisMAC before 0.05d trusts user-supplied variables when chown'ing files or directories, which allows local users to gain privileges via the $DRIVER_KEXT environment variable in (1) viha_driver.sh, (2) macjack_load.sh, (3) airojack_load.sh, (4) setuid_enable.sh, (5) setuid_disable.sh, and using a "similar technique" for (6) viha_prep.sh and (7) viha_unprep.sh.

7.2
2003-09-17 CVE-2003-0703 Kismac Local Privilege Escalation vulnerability in Kismac 0.05D

KisMAC before 0.05d trusts user-supplied variables to load arbitrary kernels or kernel modules, which allows local users to gain privileges via the $DRIVER_KEXT environment variable as used in (1) viha_driver.sh, (2) macjack_load.sh, or (3) airojack_load.sh, or (4) via "similar techniques" using exchangeKernel.sh.

7.2

6 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2003-09-17 CVE-2003-0764 Squished Mosquito Remote Security vulnerability in Escapade

Escapade Scripting Engine (ESP) allows remote attackers to obtain sensitive path information via a malformed request, which leaks the information in an error message, as demonstrated using the PAGE parameter.

5.0
2003-09-17 CVE-2003-0760 Optisoft Remote Denial of Service vulnerability in Optisoft Blubster 2.5

Blubster 2.5 allows remote attackers to cause a denial of service (crash) via a flood of connections to UDP port 701.

5.0
2003-09-17 CVE-2003-0706 Nicolas Boullis Unspecified vulnerability in Nicolas Boullis Mah-Jong 1.4

Unknown vulnerability in mah-jong 1.5.6 and earlier allows remote attackers to cause a denial of service (tight loop).

5.0
2003-09-17 CVE-2003-0541 Gnome Unspecified vulnerability in Gnome Gtkhtml

gtkhtml before 1.1.10, as used in Evolution, allows remote attackers to cause a denial of service (crash) via a malformed message that causes a null pointer dereference.

5.0
2003-09-17 CVE-2002-1352 PER Magne Knutsen Denial-Of-Service vulnerability in PER Magne Knutsen Cartman 1.04

Per Magne Knutsen's CartMan shopping cart (cartman.php) 1.04 and earlier allows remote attackers to modify product prices by changing the price parameter.

5.0
2003-09-17 CVE-2003-0763 Squished Mosquito Cross-Site Scripting vulnerability in Escapade

Cross-site scripting (XSS) vulnerability in Escapade Scripting Engine (ESP) allows remote attackers to inject arbitrary script via the method parameter, as demonstrated using the PAGE parameter.

4.3

0 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS