Exploit the possiblities
Showing 1 - 25 of 313 RSS Feed

Files

ms04-037.html
Posted Oct 24, 2004
Site microsoft.com

Microsoft Security Bulletin MS04-037 - Vulnerability in Windows Shell Could Allow Remote Code Execution (841356). If a user is logged on with administrative privileges, an attacker who successfully exploited the most severe of these vulnerabilities could take complete control of an affected system, including installing programs; viewing, changing, or deleting data; or creating new accounts with full privileges. Users whose accounts are configured to have fewer privileges on the system would be at less risk than users who operate with administrative privileges. However, user interaction is required to exploit these vulnerabilities.

tags | remote, shell, vulnerability, code execution
systems | windows
advisories | CVE-2004-0214, CVE-2004-0572
MD5 | cb3cea374391fa1542ce8c7fa77a340c
ms04-031.html
Posted Oct 24, 2004
Site microsoft.com

Microsoft Security Bulletin MS04-031 - Vulnerability in NetDDE Could Allow Remote Code Execution (841533). An attacker who successfully exploited this vulnerability could take complete control of an affected system, including installing programs; viewing, changing, or deleting data; or creating new accounts that have full privileges. However, the NetDDE services are not started by default and would have to be manually started, or started by an application that requires NetDDE, for an attacker to attempt to remotely exploit this vulnerability.

tags | remote, code execution
advisories | CVE-2004-0206
MD5 | 53f73d829b0edfd99e99aecae01963b1
ms04-031.html
Posted Oct 24, 2004
Site microsoft.com

Microsoft Security Bulletin MS04-031 - Vulnerability in NetDDE Could Allow Remote Code Execution (841533). An attacker who successfully exploited this vulnerability could take complete control of an affected system, including installing programs; viewing, changing, or deleting data; or creating new accounts that have full privileges. However, the NetDDE services are not started by default and would have to be manually started, or started by an application that requires NetDDE, for an attacker to attempt to remotely exploit this vulnerability.

tags | remote, code execution
advisories | CVE-2004-0206
MD5 | c80c0983d55d9cf746606e9cacef44ce
ms03-007
Posted Mar 17, 2003
Site microsoft.com

Microsoft Security Advisory MS03-007 - A critical buffer overflow vulnerability in Windows 2000's WebDAV protocol allows remote code execution via IIS as the LocalSystem user. This vulnerability is being exploited in the wild. URLScan, a part of the IIS Lockdown Tool, will block this attack.

tags | remote, overflow, code execution, protocol
systems | windows, 2k
MD5 | 716653576a0bc2485d09891a4b25d8ea
ms02-071
Posted Feb 12, 2003
Site microsoft.com

Microsoft Security Advisory MS02-071 Version 2.0 - The Windows message WM_TIMER allows local users to execute code with LocalSystem privileges, giving the attacker complete control over the system.

tags | local
systems | windows
MD5 | a09df1050447d4d156db00d262389874
ms03-005
Posted Feb 5, 2003
Site microsoft.com

Microsoft Security Advisory MS03-005 - A buffer overflow in the Windows XP Windows Redirector allows local users to gain increased privileges provided they are able to log onto the system interactively.

tags | overflow, local
systems | windows, xp
MD5 | 78f0295e6e6ad6aa0de1b4c680d50c02
ms03-004
Posted Feb 5, 2003
Site microsoft.com

Microsoft Security Advisory MS03-004 - A large patch for IE 5.01, 5.5, 6.0 has been released which fixes two newly discovered vulnerabilities, one of which allows malicious web sites to execute remote code on client browsers by misusing a dialog box. A cross-domain vulnerability in Internet Explorer's showHelp() functionality can be tricked into invoking executables already present on a user's local system, downloading malicious code onto a user's local system, and allowing attackers to download users data.

tags | remote, web, local, vulnerability
MD5 | bb8eb75183744c1d902928d181c05d7b
ms03-003
Posted Jan 27, 2003
Site microsoft.com

Microsoft Security Advisory MS03-003 - A flaw in how Outlook 2002 handles V1 Exchange Server Certificates causes Outlook to sometimes accidently sends messages in plain text even though it tells the user it has been sent encrypted.

MD5 | 44f5e08b3a8642a5b150ebbedabc7f84
ms03-001
Posted Jan 25, 2003
Site microsoft.com

Microsoft Security Advisory MS03-001 - A buffer overflow in the Microsoft Windows Locator Service in Windows NT, 2000, and XP allows remote attackers to execute commands on Windows 2000 and NT domain controllers by default, and any other server which has the locator service enabled.

tags | remote, overflow
systems | windows, 2k, nt
MD5 | ba89547e50972948dbd1b7f18d0770b3
ms02-072
Posted Dec 24, 2002
Site microsoft.com

Microsoft Security Advisory MS02-072 - The Windows Shell has a serious buffer overflow in the routine that extracts attribute information from audio files which allows remote attackers to execute code with privileges of the user if you move your mouse pointer over an evil mp3 or wma file on a website, HTML email, or windows share. An HTML email could cause the vulnerable code to be invoked when a user opened or previewed the email.

tags | remote, overflow, shell
systems | windows
MD5 | dbdd34a9a4d287e5729ad6111853f2e8
ms02-070
Posted Dec 12, 2002
Site microsoft.com

Microsoft Security Advisory MS02-070 - A flaw in the implementation of SMB Signing in Windows 2000 and Windows XP enables attackers to silently downgrade the SMB Signing settings on an affected system, causing either or both systems to send unsigned data regardless of the signing policy the administrator had set. Although this vulnerability could be exploited to expose any SMB session to tampering, the most serious case would involve changing group policy information as it was being disseminated from a Windows 2000 domain controller to a newly logged-on network client. Doing this, the attacker can take actions such as adding users to the local Administrators group or installing and running code of his choice on the system.

tags | local
systems | windows, 2k, xp
MD5 | da6c975cbb1d5506d4f053a695e0cbfd
ms02-069
Posted Dec 12, 2002
Site microsoft.com

Microsoft Security Advisory MS02-069 - Eight serious vulnerabilities were discovered in Microsoft VM which allow remote code execution via HTML email and malicious web pages.

tags | remote, web, vulnerability, code execution
MD5 | 9390888d1c41c0098e03a89e8ebb0612
ms02-068
Posted Dec 5, 2002
Site microsoft.com

Microsoft Security Advisory MS02-068 - This is a cumulative patch for Internet Explorer 5.5 and 6.0 which includes all previous patches and a new one to fix a flaw in Internet Explorer's cross-domain security model which allows a website in one domain to access information in another, including the user's local system. Exploiting the vulnerability could enable an attacker to read any file on the users computer. In addition, the attacker could invoke an executable already present on the system. This vulnerability can be exploited via email or web page.

tags | web, local
MD5 | ccfe200f6d1493877477b7006a67ab88
ms02-067
Posted Dec 5, 2002
Site microsoft.com

Microsoft Security Advisory MS02-067 - A vulnerability exists in Outlook 2002 in its processing of e-mail headers allows remote attackers to crash the mail reader. The Outlook 2002 client would continue to fail so long as the specially malformed e-mail message remained on the e-mail server.

tags | remote
MD5 | 48590a16acd53177e0beaaf2436e8b5b
ms02-066
Posted Nov 30, 2002
Site microsoft.com

Microsoft Security Advisory MS02-066 - Six new vulnerabilities were discovered in IE 5.01, 5.5 and 6.0 including a three bugs that allow remote attackers to view any file on the system or run executables, a PNG buffer overrun, information disclosure, read temp files with cookie info.

tags | remote, overflow, vulnerability, info disclosure
MD5 | 70dcd68a4c3da75be7889b9317b4f921
ms02-65
Posted Nov 24, 2002
Site microsoft.com

Microsoft Security Advisory - Buffer Overrun in Microsoft Data Access Components Could Lead to Code Execution. Both web servers and web clients are at risk from the vulnerability: Web servers are at risk if a vulnerable version of MDAC is installed and running on the server. To exploit the vulnerability against such a web server, an attacker would need to establish a connection with the server and then send a specially malformed HTTP request to it, that would have the effect of overrunning the buffer with the attacker's chosen data. The code would run in the security context of the IIS service (which, by default, runs in the LocalSystem context). Web clients are at risk in almost every case, as the RDS Data Stub is included with all current versions of Internet Explorer and there is no option to disable it. To exploit the vulnerability against a client, an attacker would need to host a web page that, when opened, would send an HTTP reply to the user's system and overrun the buffer with the attacker's chosen data. The web page could be hosted on a web site or sent directly to users as an HTML Mail. The code would run in the security context of the user.

tags | web, overflow, code execution
MD5 | c3a1c2ea24effd53e4df7b5d1f1fec07
ms02-063
Posted Oct 31, 2002
Site microsoft.com

Microsoft Security Advisory MS02-063 - A buffer overflow in all versions of Windows PPTP are vulnerable to remote denial of service attacks.

tags | remote, denial of service, overflow
systems | windows
MD5 | 12df39a1c7cd9a401d4ad1228a4aedad
ms02-062
Posted Oct 31, 2002
Site microsoft.com

Microsoft Security Advisory MS02-062 - Four vulnerabilities have been found in Microsoft IIS 4.0, 5.0, and 5.1 which allow privilege elevation, denial of service, bypass upload permissions, and cross site scripting on the admin page.

tags | denial of service, vulnerability, xss
MD5 | f6dffc6a55ea2807476bf2f27f3d4418
ms02-064
Posted Oct 31, 2002

Microsoft Security Advisory MS02-064 - On Windows 2000, the default permissions provide the Everyone group with Full access on the system root folder (typically, C:\). In most cases, the system root is not in the search path. However, under certain conditions - for instance, during logon or when applications are invoked directly from the Windows desktop via Start | Run - it can be, allowing users to make trojans that other users execute.

tags | root, trojan
systems | windows, 2k
MD5 | d8346b72f3f02539a5cfe8cdc2eabd78
ms02-061
Posted Oct 17, 2002
Site microsoft.com

Microsoft Security Advisory MS02-061 - Microsoft SQL Server 7.0 and 2000 contain stored procedures which allow low privileged users who are able to authenticate to a SQL server to delete, insert or update all the web tasks created by other users. In addition, the attacker can run already created web tasks in the context of the creator of the web task, usually the SQL Server Agent service account.

tags | web
MD5 | edb34d5075cd5ac966532d295b24d64d
ms02-060
Posted Oct 17, 2002
Site microsoft.com

Microsoft Security Advisory MS02-060 - A security vulnerability is present in the Windows XP version of Help and Support Center allows attackers to construct web pages that, when opened, deletes files on the users hard drive.

tags | web
systems | windows, xp
MD5 | e512b9a09d139f194db010bd6faf631e
ms02-059
Posted Oct 17, 2002
Site microsoft.com

Microsoft Security Advisory MS02-059 - A flaw in Microsoft Word and Excel's external updates can lead to information disclosure. A vulnerability exists because it is possible to maliciously use field codes and external updates to steal information from a user without the user being aware. Certain events can trigger field code and external update to be updated, such as saving a document or by the user manually updating the links. A specially crafted field code or external update can be used to trigger an update without any indication to the user, allowing attackers to create documents that, when opened, would update themselves to include the contents of a file from the user's local computer.

tags | local, info disclosure
MD5 | ddaf7611572bea3ba618c96ecb231dc9
ms02-058
Posted Oct 17, 2002
Site microsoft.com

Microsoft Security Advisory MS02-058 - A vulnerability in S/MIME parsing allows Outlook Express to run code of the attackers choice. While creating a digitally signed email and editing it to introduce specific data, then sending it to another user, an attacker can exploit the bug.

MD5 | 5bfe2ea65ae93101314ea18a05e5bf3f
ms02-057
Posted Oct 4, 2002
Site microsoft.com

Microsoft Security Advisory MS02-057 - The Sun Microsystems RPC library in Microsoft's Services for UNIX (SFU) 3.0 on the Interix SDK contains three vulnerabilities, some of which allow remote code execution.

tags | remote, vulnerability, code execution
systems | unix
MD5 | 4ea50825becfd8bdf9bb93bfacf0dbc5
ms02-056
Posted Oct 4, 2002
Site microsoft.com

Microsoft Security Advisory MS02-056 - A Cumulative Patch for SQL Server 7.0, Microsoft Data Engine (MSDE) 1.0, Microsoft SQL Server 2000, and Microsoft Desktop Engine (MSDE) 2000 fix four vulnerabilities, some of which allow attackers to take complete control over the system.

tags | vulnerability
MD5 | b3ebf99637127e2f050aa485b95af6fd
Page 1 of 13
Back12345Next

Top Authors In Last 30 Days

Recent News

News RSS Feed
Germany Urges Parents To Destroy Snooping Smartwatches
Posted Nov 20, 2017

tags | headline, privacy, germany
Drone Maker Makes Hacking Accusations
Posted Nov 20, 2017

tags | headline, hacker, flaw
DNS Resolver 9.9.9.9 Will Check Requests Against IBM Threat Database
Posted Nov 20, 2017

tags | headline, malware, dns
F5 DROWNing, Not Waving, In Crypto Fail
Posted Nov 20, 2017

tags | headline, flaw, cryptography
Cap'n Crunch Booted From Conferences Due To Sexual Misconduct Claims
Posted Nov 18, 2017

tags | headline, hacker, phone, conference
3 More Android Malware Families Invade Google Play Store
Posted Nov 18, 2017

tags | headline, malware, phone, google
Shamed TLS/SSL Cert Authority StartCom To Shut Up Shop
Posted Nov 18, 2017

tags | headline, privacy, data loss, flaw, cryptography
Massive US Military Social Media Spying Archive Left Wide Open In AWS S3 Buckets
Posted Nov 18, 2017

tags | headline, government, privacy, usa, amazon, data loss, flaw, spyware, social
NYPD Cops Need A Warrant To Snoop On Your Phone
Posted Nov 17, 2017

tags | headline, government, privacy, usa, phone
Oracle Scrambles To Fix Security Flaws In Tuxedo
Posted Nov 17, 2017

tags | headline, database, flaw, oracle
View More News →
packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close