Weekly Vulnerabilities Reports > August 2 to 8, 2004
Overview
3 new vulnerabilities reported during this period, including 1 critical vulnerabilities and 2 high severity vulnerabilities. This weekly summary report vulnerabilities in 10 products from 2 vendors including Microsoft, and Oracle. Vulnerabilities are notably categorized as "Missing Authentication for Critical Function", "Incorrect Calculation of Buffer Size", and "Classic Buffer Overflow".
- 1 reported vulnerabilities are remotely exploitables.
- 1 reported vulnerabilities are exploitable by an anonymous user.
- Microsoft has the most reported vulnerabilities, with 2 reported vulnerabilities.
- Oracle has the most reported critical vulnerabilities, with 1 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
1 Critical Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2004-08-04 | CVE-2004-1363 | Oracle | Incorrect Calculation of Buffer Size vulnerability in Oracle products Buffer overflow in extproc in Oracle 10g allows remote attackers to execute arbitrary code via environment variables in the library name, which are expanded after the length check is performed. | 9.8 |
2 High Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2004-08-06 | CVE-2004-0213 | Microsoft | Missing Authentication for Critical Function vulnerability in Microsoft Windows 2000 Utility Manager in Windows 2000 launches winhlp32.exe while Utility Manager is running with raised privileges, which allows local users to gain system privileges via a "Shatter" style attack that sends a Windows message to cause Utility Manager to launch winhlp32 by directly accessing the context sensitive help and bypassing the GUI, then sending another message to winhlp32 in order to open a user-selected file, a different vulnerability than CVE-2003-0908. | 7.8 |
| 2004-08-06 | CVE-2004-0210 | Microsoft | Classic Buffer Overflow vulnerability in Microsoft Interix, Windows 2000 and Windows NT The POSIX component of Microsoft Windows NT and Windows 2000 allows local users to execute arbitrary code via certain parameters, possibly by modifying message length values and causing a buffer overflow. | 7.8 |
0 Medium Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|
0 Low Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|