- EPSS 15.79%
- Veröffentlicht 31.12.2002 05:00:00
- Zuletzt bearbeitet 16.06.2026 22:00:36
The DCOM client in Windows 2000 before SP3 does not properly clear memory before sending an "alter context" request, which may allow remote attackers to obtain sensitive information by sniffing the session.
CVE-2002-2132
- EPSS 1.74%
- Veröffentlicht 31.12.2002 05:00:00
- Zuletzt bearbeitet 16.06.2026 22:00:42
Windows File Protection (WFP) in Windows 2000 and XP does not remove old security catalog .CAT files, which could allow local users to replace new files with vulnerable old files that have valid hash codes.
CVE-2002-2328
- EPSS 16.63%
- Veröffentlicht 31.12.2002 05:00:00
- Zuletzt bearbeitet 16.06.2026 22:01:06
Active Directory in Windows 2000, when supporting Kerberos V authentication and GSSAPI, allows remote attackers to cause a denial of service (hang) via an LDAP client that sets the page length to zero during a large request.
CVE-2002-2401
- EPSS 1.81%
- Veröffentlicht 31.12.2002 05:00:00
- Zuletzt bearbeitet 16.06.2026 22:01:14
NT Virtual DOS Machine (NTVDM.EXE) in Windows 2000, NT and XP does not verify user execution permissions for 16-bit executable files, which allows local users to bypass the loader and execute arbitrary programs.
- EPSS 5.39%
- Veröffentlicht 23.12.2002 05:00:00
- Zuletzt bearbeitet 16.06.2026 21:59:00
The SMB signing capability in the Server Message Block (SMB) protocol in Microsoft Windows 2000 and Windows XP allows attackers to disable the digital signing settings in an SMB session to force the data to be sent unsigned, then inject data into the...
- EPSS 15.3%
- Veröffentlicht 23.12.2002 05:00:00
- Zuletzt bearbeitet 16.06.2026 21:59:00
Microsoft Virtual Machine (VM) up to and including build 5.0.3805 allows remote attackers to execute arbitrary code by including a Java applet that invokes COM (Component Object Model) objects in a web site or an HTML mail.
- EPSS 15.3%
- Veröffentlicht 23.12.2002 05:00:00
- Zuletzt bearbeitet 16.06.2026 21:59:01
Two vulnerabilities in Microsoft Virtual Machine (VM) up to and including build 5.0.3805, as used in Internet Explorer and other applications, allow remote attackers to read files via a Java applet with a spoofed location in the CODEBASE parameter in...
CVE-2002-1260
- EPSS 15.44%
- Veröffentlicht 23.12.2002 05:00:00
- Zuletzt bearbeitet 16.06.2026 21:59:01
The Java Database Connectivity (JDBC) APIs in Microsoft Virtual Machine (VM) 5.0.3805 and earlier allow remote attackers to bypass security checks and access database contents via an untrusted Java applet.
- EPSS 13.86%
- Veröffentlicht 23.12.2002 05:00:00
- Zuletzt bearbeitet 16.06.2026 21:59:07
Microsoft Virtual Machine (VM) build 5.0.3805 and earlier allows remote attackers to determine a local user's username via a Java applet that accesses the user.dir system property, aka "User.dir Exposure Vulnerability."
CVE-2002-1184
- EPSS 1.89%
- Veröffentlicht 12.11.2002 05:00:00
- Zuletzt bearbeitet 16.06.2026 21:58:53
The system root folder of Microsoft Windows 2000 has default permissions of Everyone group with Full access (Everyone:F) and is in the search path when locating programs during login or application launch from the desktop, which could allow attackers...