Weekly Vulnerabilities Reports > September 15 to 21, 2003
Overview
17 new vulnerabilities reported during this period, including 2 critical vulnerabilities and 9 high severity vulnerabilities. This weekly summary report vulnerabilities in 17 products from 13 vendors including Microsoft, Kismac, Nicolas Boullis, Squished Mosquito, and Gnome. Vulnerabilities are notably categorized as .
- 15 reported vulnerabilities are remotely exploitables.
- 17 reported vulnerabilities are exploitable by an anonymous user.
- Microsoft has the most reported vulnerabilities, with 2 reported vulnerabilities.
- Microsoft has the most reported critical vulnerabilities, with 2 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
2 Critical Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2003-09-17 | CVE-2003-0715 | Microsoft | Unspecified vulnerability in Microsoft products Heap-based buffer overflow in the Distributed Component Object Model (DCOM) interface in the RPCSS Service allows remote attackers to execute arbitrary code via a malformed DCERPC DCOM object activation request packet with modified length fields, a different vulnerability than CVE-2003-0352 (Blaster/Nachi) and CVE-2003-0528. | 10.0 |
| 2003-09-17 | CVE-2003-0528 | Microsoft | Unspecified vulnerability in Microsoft products Heap-based buffer overflow in the Distributed Component Object Model (DCOM) interface in the RPCSS Service allows remote attackers to execute arbitrary code via a malformed RPC request with a long filename parameter, a different vulnerability than CVE-2003-0352 (Blaster/Nachi) and CVE-2003-0715. | 10.0 |
9 High Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2003-09-17 | CVE-2003-0767 | Gamespy | Denial-Of-Service vulnerability in Gamespy products Buffer overflow in RogerWilco graphical server 1.4.1.6 and earlier, dedicated server 0.32a and earlier for Windows, and 0.27 and earlier for Linux and BSD, allows remote attackers to cause a denial of service and execute arbitrary code via a client request with a large length value. | 7.5 |
| 2003-09-17 | CVE-2003-0766 | FTP Desktop | Remote Security vulnerability in FTP Desktop FTP Desktop 3.5 Multiple heap-based buffer overflows in FTP Desktop client 3.5, and possibly earlier versions, allow remote malicious servers to execute arbitrary code via (1) a long FTP banner, (2) a long response to a USER command, or (3) a long response to a PASS command. | 7.5 |
| 2003-09-17 | CVE-2003-0765 | Nullsoft | Remote Security vulnerability in Winamp The IN_MIDI.DLL plugin 3.01 and earlier, as used in Winamp 2.91, allows remote attackers to execute arbitrary code via a MIDI file with a large "Track data size" value. | 7.5 |
| 2003-09-17 | CVE-2003-0762 | Foxweb | Remote Security vulnerability in Foxweb 2.5 Buffer overflow in (1) foxweb.dll and (2) foxweb.exe of Foxweb 2.5 allows remote attackers to execute arbitrary code via a long URL (PATH_INFO value). | 7.5 |
| 2003-09-17 | CVE-2003-0761 | Digium | Remote Security vulnerability in Digium Asterisk 1.2.13 Buffer overflow in the get_msg_text of chan_sip.c in the Session Initiation Protocol (SIP) protocol implementation for Asterisk releases before August 15, 2003, allows remote attackers to execute arbitrary code via certain (1) MESSAGE or (2) INFO requests. | 7.5 |
| 2003-09-17 | CVE-2003-0720 | University OF Washington | Unspecified vulnerability in University of Washington Pine Buffer overflow in PINE before 4.58 allows remote attackers to execute arbitrary code via a malformed message/external-body MIME type. | 7.5 |
| 2003-09-17 | CVE-2003-0705 | Nicolas Boullis | Unspecified vulnerability in Nicolas Boullis Mah-Jong 1.4 Buffer overflow in mah-jong 1.5.6 and earlier allows remote attackers to execute arbitrary code. | 7.5 |
| 2003-09-17 | CVE-2003-0704 | Kismac | Local Privilege Escalation vulnerability in Kismac 0.05D KisMAC before 0.05d trusts user-supplied variables when chown'ing files or directories, which allows local users to gain privileges via the $DRIVER_KEXT environment variable in (1) viha_driver.sh, (2) macjack_load.sh, (3) airojack_load.sh, (4) setuid_enable.sh, (5) setuid_disable.sh, and using a "similar technique" for (6) viha_prep.sh and (7) viha_unprep.sh. | 7.2 |
| 2003-09-17 | CVE-2003-0703 | Kismac | Local Privilege Escalation vulnerability in Kismac 0.05D KisMAC before 0.05d trusts user-supplied variables to load arbitrary kernels or kernel modules, which allows local users to gain privileges via the $DRIVER_KEXT environment variable as used in (1) viha_driver.sh, (2) macjack_load.sh, or (3) airojack_load.sh, or (4) via "similar techniques" using exchangeKernel.sh. | 7.2 |
6 Medium Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2003-09-17 | CVE-2003-0764 | Squished Mosquito | Remote Security vulnerability in Escapade Escapade Scripting Engine (ESP) allows remote attackers to obtain sensitive path information via a malformed request, which leaks the information in an error message, as demonstrated using the PAGE parameter. | 5.0 |
| 2003-09-17 | CVE-2003-0760 | Optisoft | Remote Denial of Service vulnerability in Optisoft Blubster 2.5 Blubster 2.5 allows remote attackers to cause a denial of service (crash) via a flood of connections to UDP port 701. | 5.0 |
| 2003-09-17 | CVE-2003-0706 | Nicolas Boullis | Unspecified vulnerability in Nicolas Boullis Mah-Jong 1.4 Unknown vulnerability in mah-jong 1.5.6 and earlier allows remote attackers to cause a denial of service (tight loop). | 5.0 |
| 2003-09-17 | CVE-2003-0541 | Gnome | Unspecified vulnerability in Gnome Gtkhtml gtkhtml before 1.1.10, as used in Evolution, allows remote attackers to cause a denial of service (crash) via a malformed message that causes a null pointer dereference. | 5.0 |
| 2003-09-17 | CVE-2002-1352 | PER Magne Knutsen | Denial-Of-Service vulnerability in PER Magne Knutsen Cartman 1.04 Per Magne Knutsen's CartMan shopping cart (cartman.php) 1.04 and earlier allows remote attackers to modify product prices by changing the price parameter. | 5.0 |
| 2003-09-17 | CVE-2003-0763 | Squished Mosquito | Cross-Site Scripting vulnerability in Escapade Cross-site scripting (XSS) vulnerability in Escapade Scripting Engine (ESP) allows remote attackers to inject arbitrary script via the method parameter, as demonstrated using the PAGE parameter. | 4.3 |
0 Low Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|