|
|
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [PROPOSAL] Cluster MS-2002a - 47 candidates
I am proposing cluster MS-2002a for review and voting by the Editorial Board. Name: MS-2002a Description: CANs from Microsoft advisories from Aug 2002 to Feb 2003 Size: 47 You may vote on candidates by modifying this email ballot and sending it back to me, or by using the CVE voting web site. The candidates are listed in order of priority. Priority 1 and Priority 2 candidates both deal with varying levels of vendor confirmation, so they should be easy to review and it can be trusted that the problems are real. Summary of votes to use (in ascending order of "severity") ---------------------------------------------------------- ACCEPT - voter accepts the candidate as proposed NOOP - voter has no opinion on the candidate MODIFY - voter wants to change some MINOR detail (e.g. reference/description) REVIEWING - voter is reviewing/researching the candidate, or needs more info RECAST - candidate must be significantly modified, e.g. split or merged REJECT - candidate is "not a vulnerability", or a duplicate, etc. 1) Please write your vote on the line that starts with "VOTE: ". If you want to add comments or details, add them to lines after the VOTE: line. 2) If you see any missing references, please mention them so that they can be included. References help greatly during mapping. 3) Note that a "MODIFY" is treated as an "ACCEPT" when counting votes. So if you don't have sufficient information for a candidate but you don't want to NOOP, use a REVIEWING. ********** NOTE ********** NOTE ********** NOTE ********** NOTE ********** Please keep in mind that your vote and comments will be recorded and publicly viewable in the mailing list archives or in other formats. ====================================================== Candidate: CAN-2002-0692 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0692 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20020712 Category: SF Reference: MISC:http://lists.netsys.com/pipermail/full-disclosure/2002-September/002252.html Reference: MS:MS02-053 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-053.asp Reference: XF:fpse-smarthtml-interpreter-dos(10194) Reference: URL:http://www.iss.net/security_center/static/10194.php Reference: XF:fpse-smarthtml-interpreter-bo(10195) Reference: URL:http://www.iss.net/security_center/static/10195.php Reference: BID:5804 Reference: URL:http://www.securityfocus.com/bid/5804 Buffer overflow in SmartHTML Interpreter (shtml.dll) in Microsoft FrontPage Server Extensions (FPSE) 2000 and 2002 allows remote attackers to cause a denial of service (CPU consumption) or run arbitrary code, respectively, via a certain type of web file request. Analysis ---------------- ED_PRI CAN-2002-0692 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0694 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0694 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20020712 Category: SF Reference: MS:MS02-055 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-055.asp Reference: XF:win-chm-code-execution(10254) Reference: URL:http://www.iss.net/security_center/static/10254.php The HTML Help facility in Microsoft Windows 98, 98 Second Edition, Millennium Edition, NT 4.0, NT 4.0 Terminal Server Edition, Windows 2000, and Windows XP uses the Local Computer Security Zone when opening .chm files from the Temporary Internet Files folder, which allows remote attackers to execute arbitrary code via HTML mail that references or inserts a malicious .chm file containing shortcuts that can be executed, aka "Code Execution via Compiled HTML Help File." Analysis ---------------- ED_PRI CAN-2002-0694 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0696 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0696 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20020712 Category: SF Reference: MS:MS02-049 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-049.asp Reference: XF:ms-foxpro-app-execution(10035) Reference: URL:http://www.iss.net/security_center/static/10035.php Reference: BID:5633 Reference: URL:http://www.securityfocus.com/bid/5633 Microsoft Visual FoxPro 6.0 does not register its associated files with Internet Explorer, which allows remote attackers to execute Visual FoxPro applications without warning via HTML that references specially-crafted filenames. Analysis ---------------- ED_PRI CAN-2002-0696 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0864 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0864 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20020815 Category: SF Reference: BUGTRAQ:20020916 Microsoft Windows XP Remote Desktop denial of service vulnerability Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103235745116592&w=2 Reference: BUGTRAQ:20020918 Microsoft Windows Terminal Services vulnerabilities Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103236181522253&w=2 Reference: MS:MS02-051 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-051.asp Reference: XF:winxp-remote-desktop-dos(10120) Reference: URL:http://www.iss.net/security_center/static/10120.php Reference: BID:5713 Reference: URL:http://www.securityfocus.com/bid/5713 The Remote Data Protocol (RDP) version 5.1 in Microsoft Windows XP allows remote attackers to cause a denial of service (crash) when Remote Desktop is enabled via a PDU Confirm Active data packet that does not set the Pattern BLT command, aka "Denial of Service in Remote Desktop." Analysis ---------------- ED_PRI CAN-2002-0864 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0865 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0865 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20020815 Category: SF/CF/MP/SA/AN/unknown Reference: MS:MS02-052 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-052.asp Reference: XF:msvm-xml-methods-access(10135) Reference: URL:http://www.iss.net/security_center/static/10135.php Reference: BID:5752 Reference: URL:http://online.securityfocus.com/bid/5752 A certain class that supports XML (Extensible Markup Language) in Microsoft Virtual Machine (VM) 5.0.3805 and earlier exposes certain unsafe methods, which allows remote attackers to execute unsafe code via a Java applet, aka "Inappropriate Methods Exposed in XML Support Classes." Analysis ---------------- ED_PRI CAN-2002-0865 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0866 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0866 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20020815 Category: SF Reference: BUGTRAQ:20020923 Technical information about the vulnerabilities fixed by MS-02-52 Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-09/0271.html Reference: MS:MS02-052 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-052.asp Reference: XF:msvm-jdbc-dll-execution(10133) Reference: URL:http://www.iss.net/security_center/static/10133.php Reference: BID:5751 Reference: URL:http://online.securityfocus.com/bid/5751 Java Database Connectivity (JDBC) classes in Microsoft Virtual Machine (VM) up to and including 5.0.3805 allow remote attackers to load and execute DLLs (dynamic link libraries) via a Java applet that calls the constructor for com.ms.jdbc.odbc.JdbcOdbc with the desired DLL terminated by a null string, aka "DLL Execution via JDBC Classes." Analysis ---------------- ED_PRI CAN-2002-0866 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0867 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0867 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20020815 Category: SF Reference: MS:MS02-052 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-052.asp Reference: XF:msvm-jdbc-ie-dos(10134) Reference: URL:http://www.iss.net/security_center/static/10134.php Microsoft Virtual Machine (VM) up to and including build 5.0.3805 allows remote attackers to cause a denial of service (crash) in Internet Explorer via invalid handle data in a Java applet, aka "Handle Validation Flaw." Analysis ---------------- ED_PRI CAN-2002-0867 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1123 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1123 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20020911 Category: SF Reference: BUGTRAQ:20020806 SPIKE 2.5 and associated vulns Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102865925419469&w=2 Reference: BUGTRAQ:20020807 MS SQL Server Hello Overflow NASL script Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102873609025020&w=2 Reference: MS:MS02-056 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-056.asp Reference: XF:mssql-preauth-bo(9788) Reference: URL:http://www.iss.net/security_center/static/9788.php Reference: BID:5411 Reference: URL:http://online.securityfocus.com/bid/5411 Reference: XF:mssql-preauth-bo(9788) Reference: URL:http://www.iss.net/security_center/static/9788.php Buffer overflow in the authentication function for Microsoft SQL Server 2000 and Microsoft Desktop Engine (MSDE) 2000 allows remote attackers to execute arbitrary code via a long request to TCP port 1433, aka the "Hello" overflow. Analysis ---------------- ED_PRI CAN-2002-1123 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1137 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1137 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20020923 Category: SF Reference: MISC:http://www.scan-associates.net/papers/foxpro.txt Reference: MS:MS02-056 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-056.asp Buffer overflow in the Database Console Command (DBCC) that handles user inputs in Microsoft SQL Server 7.0 and 2000, including Microsoft Data Engine (MSDE) 1.0 and Microsoft Desktop Engine (MSDE) 2000, allows attackers to execute arbitrary code via a long SourceDB argument in a "non-SQL OLEDB data source" such as FoxPro, a variant of CAN-2002-0644. Analysis ---------------- ED_PRI CAN-2002-1137 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1138 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1138 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20020923 Category: SF Reference: MS:MS02-056 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-056.asp Reference: XF:mssql-agent-create-files(10257) Reference: URL:http://www.iss.net/security_center/static/10257.php Microsoft SQL Server 7.0 and 2000, including Microsoft Data Engine (MSDE) 1.0 and Microsoft Desktop Engine (MSDE) 2000, writes output files for scheduled jobs under its own privileges instead of the entity that launched it, which allows attackers to overwrite system files, aka "Flaw in Output File Handling for Scheduled Jobs." Analysis ---------------- ED_PRI CAN-2002-1138 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1139 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1139 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20020923 Category: SF Reference: MS:MS02-054 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-054.asp Reference: XF:win-zip-incorrect-path(10252) Reference: URL:http://www.iss.net/security_center/static/10252.php Reference: BID:5876 Reference: URL:http://www.securityfocus.com/bid/5876 The Compressed Folders feature in Microsoft Windows 98 with Plus! Pack, Windows Me, and Windows XP does not properly check the destination folder during the decompression of ZIP files, which allows attackers to place an executable file in a known location on a user's system, aka "Incorrect Target Path for Zipped File Decompression." Analysis ---------------- ED_PRI CAN-2002-1139 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1140 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1140 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20020923 Category: SF Reference: MS:MS02-057 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-057.asp Reference: XF:sfu-rpc-parameter-bo(10258) Reference: URL:http://www.iss.net/security_center/static/10258.php Reference: BID:5879 Reference: URL:http://www.securityfocus.com/bid/5879 The Sun Microsystems RPC library Services for Unix 3.0 Interix SD, as implemented on Microsoft Windows NT4, 2000, and XP, allows remote attackers to cause a denial of service (service hang) via malformed packet fragments, aka "Improper parameter size check leading to denial of service." Analysis ---------------- ED_PRI CAN-2002-1140 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1141 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1141 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20020923 Category: SF Reference: MS:MS02-057 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-057.asp Reference: XF:sfu-invalid-rpc-dos(10259) Reference: URL:http://www.iss.net/security_center/static/10259.php Reference: BID:5880 Reference: URL:http://www.securityfocus.com/bid/5880 An input validation error in the Sun Microsystems RPC library Services for Unix 3.0 Interix SD, as implemented on Microsoft Windows NT4, 2000, and XP, allows remote attackers to cause a denial of service via malformed fragmented RPC client packets, aka "Denial of service by sending an invalid RPC request." Analysis ---------------- ED_PRI CAN-2002-1141 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1142 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1142 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20020923 Category: SF Reference: MS:MS02-065 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-065.asp Heap-based buffer overflow in the Remote Data Services (RDS) component of Microsoft Data Access Components (MDAC) 2.1 through 2.6, and Internet Explorer 5.01 through 6.0, allows remote attackers to execute code via a malformed HTTP request to the Data Stub. Analysis ---------------- ED_PRI CAN-2002-1142 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1179 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1179 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20021004 Category: SF Reference: NTBUGTRAQ:20021010 Outlook Express Remote Code Execution in Preview Pane (S/MIME) Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=103429637822920&w=2 Reference: NTBUGTRAQ:20021010 Re: Problems applying MS02-058 Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=103429681123297&w=2 Reference: BUGTRAQ:20021010 Outlook Express Remote Code Execution in Preview Pane (S/MIME) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103435413105661&w=2 Reference: MS:MS02-058 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-058.asp Reference: XF:outlook-smime-bo(10338) Reference: URL:http://www.iss.net/security_center/static/10338.php Reference: BID:5944 Reference: URL:http://www.securityfocus.com/bid/5944 Buffer overflow in the S/MIME Parsing capability in Microsoft Outlook Express 5.5 and 6.0 allows remote attackers to execute arbitrary code via a digitally signed email with a long "From" address, which triggers the overflow when the user views or previews the message. Analysis ---------------- ED_PRI CAN-2002-1179 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1180 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1180 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20021004 Category: SF Reference: MS:MS02-062 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-062.asp Reference: XF:iis-script-source-access-bypass(10504) Reference: URL:http://www.iss.net/security_center/static/10504.php A typographical error in the script source access permissions for Internet Information Server (IIS) 5.0 does not properly exclude .COM files, which allows attackers with only write permissions to upload malicious .COM files, aka "Script Source Access Vulnerability." Analysis ---------------- ED_PRI CAN-2002-1180 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1182 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1182 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20021004 Category: SF Reference: VULNWATCH:20021031 Microsoft Internet Information Server 5/5.1 Denial of Service (#NISR31102002) Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0048.html Reference: MS:MS02-062 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-062.asp IIS 5.0 and 5.1 allows remote attackers to cause a denial of service (crash) via malformed WebDAV requests that cause a large amount of memory to be assigned. Analysis ---------------- ED_PRI CAN-2002-1182 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1183 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1183 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20021004 Category: SF Reference: MS:MS02-050 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-050.asp Microsoft Windows 98 and Windows NT 4.0 do not properly verify the Basic Constraints of digital certificates, allowing remote attackers to execute code, aka "New Variant of Certificate Validation Flaw Could Enable Identity Spoofing" (CAN-2002-0862). Analysis ---------------- ED_PRI CAN-2002-1183 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1184 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1184 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20021004 Category: CF Reference: MS:MS02-064 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-064.asp The system root folder of Microsoft Windows 2000 has default permissions of Everyone group with Full access (Everyone:F) and is in the search path when locating programs during login or application launch from the desktop, which could allow attackers to gain privileges as other users via Trojan horse programs. Analysis ---------------- ED_PRI CAN-2002-1184 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1185 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1185 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20021004 Category: SF Reference: VULNWATCH:20021211 PNG (Portable Network Graphics) Deflate Heap Corruption Vulnerability Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0105.html Reference: BUGTRAQ:20021212 PNG (Portable Network Graphics) Deflate Heap Corruption Vulnerability Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103970996205091&w=2 Reference: MS:MS02-066 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-066.asp Reference: XF:ie-png-bo(10662) Reference: URL:http://www.iss.net/security_center/static/10662.php Reference: BID:6216 Reference: URL:http://online.securityfocus.com/bid/6216 Internet Explorer 5.01 through 6.0 does not properly check certain parameters of a PNG file when opening it, which allows remote attackers to cause a denial of service (crash) by triggering a heap-based buffer overflow using invalid length codes during decompression, aka "Malformed PNG Image File Failure." Analysis ---------------- ED_PRI CAN-2002-1185 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1186 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1186 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20021004 Category: SF Reference: BUGTRAQ:20020903 MSIEv6 % encoding causes a problem again Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-09/0018.html Reference: MS:MS02-066 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-066.asp Reference: XF:ie-sameoriginpolicy-bypass(10039) Reference: URL:http://www.iss.net/security_center/static/10039.php Reference: BID:5610 Reference: URL:http://online.securityfocus.com/bid/5610 Internet Explorer 5.01 through 6.0 does not properly perform security checks on certain encoded characters within a URL, which allows a remote attacker to steal potentially sensitive information from a user by redirecting the user to another site that has that information, aka "Encoded Characters Information Disclosure." Analysis ---------------- ED_PRI CAN-2002-1186 1 Vendor Acknowledgement: yes advisory ACCURACY: Microsoft confirmed via email that this item addresses the specified Bugtraq post. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1187 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1187 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20021004 Category: SF Reference: BUGTRAQ:20020909 Who framed Internet Explorer (GM#010-IE) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103158601431054&w=2 Reference: MS:MS02-066 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-066.asp Reference: XF:ie-frame-script-execution (10066) Reference: URL:http://www.iss.net/security_center/static/10066.php Reference: BID:5672 Reference: URL:http://online.securityfocus.com/bid/5672 Cross-site scripting vulnerability (XSS) in Internet Explorer 5.01 through 6.0 allows remote attackers to read and execute files on the local system via web pages using the <frame> or <iframe> element and javascript, aka "Frames Cross Site Scripting," as demonstrated using the PrivacyPolicy.dlg resource. Analysis ---------------- ED_PRI CAN-2002-1187 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1188 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1188 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20021004 Category: SF Reference: BUGTRAQ:20020912 LEVERAGING CROSS-PROTOCOL SCRIPTING IN MSIE Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103184415307193&w=2 Reference: MS:MS02-066 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-066.asp Reference: XF:ie-object-read-tif(10665) Reference: URL:http://www.iss.net/security_center/static/10665.php Internet Explorer 5.01 through 6.0 allows remote attackers to identify the path to the Temporary Internet Files folder and obtain user information such as cookies via certain uses of the OBJECT tag, which are not subjected to the proper security checks, aka "Temporary Internet Files folders Name Reading." Analysis ---------------- ED_PRI CAN-2002-1188 1 Vendor Acknowledgement: yes advisory ACCURACY: Microsoft confirmed via email that this item addresses the specified Bugtraq post. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1214 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1214 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20021014 Category: SF Reference: BUGTRAQ:20020926 Microsoft PPTP Server and Client remote vulnerability Reference: URL:http://online.securityfocus.com/archive/1/293146 Reference: MS:MS02-063 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-063.asp Reference: XF:win-pptp-packet-bo (10199) Reference: URL:http://www.iss.net/security_center/static/10199.php Reference: BID:5807 Reference: URL:http://online.securityfocus.com/bid/5807 Buffer overflow in Microsoft PPTP Service on Windows XP and Windows 2000 allows remote attackers to cause a denial of service (hang) and possibly execute arbitrary code via a certain PPTP packet with malformed control data. Analysis ---------------- ED_PRI CAN-2002-1214 1 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1230 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1230 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20021021 Category: SF Reference: MISC:http://getad.chat.ru/ Reference: MISC:http://www.packetstormsecurity.nl/filedesc/GetAd.c.html Reference: MS:MS02-071 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-071.asp Reference: BID:5927 Reference: URL:http://online.securityfocus.com/bid/5927 Reference: XF:win-netdde-gain-privileges(10343) Reference: URL:http://www.iss.net/security_center/static/10343.php NetDDE Agent on Windows NT 4.0, 4.0 Terminal Server Edition, Windows 2000, and Windows XP allows local users to execute arbitrary code as LocalSystem via "shatter" style attack by sending a WM_COPYDATA message followed by a WM_TIMER message, as demonstrated by GetAd, aka "Flaw in Windows WM_TIMER Message Handling Could Enable Privilege Elevation." Analysis ---------------- ED_PRI CAN-2002-1230 1 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1255 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1255 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20021104 Category: SF Reference: MS:MS02-067 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-067.asp Microsoft Outlook 2002 allows remote attackers to cause a denial of service (repeated failure) via an email message with a certain invalid header field that is accessed using POP3, IMAP, or WebDAV, aka "E-mail Header Processing Flaw Could Cause Outlook 2002 to Fail." Analysis ---------------- ED_PRI CAN-2002-1255 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1256 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1256 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20021104 Category: SF Reference: MS:MS02-070 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-070.asp The SMB signing capability in the Server Message Block (SMB) protocol in Microsoft Windows 2000 and Windows XP allows attackers to disable the digital signing settings in an SMB session to force the data to be sent unsigned, then inject data into the session without detection, e.g. by modifying group policy information sent from a domain controller. Analysis ---------------- ED_PRI CAN-2002-1256 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1257 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1257 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20021104 Category: SF Reference: MS:MS02-069 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-069.asp Microsoft Virtual Machine (VM) up to and including build 5.0.3805 allows remote attackers to execute arbitrary code by including a Java applet that invokes COM (Component Object Model) objects in a web site or an HTML mail. Analysis ---------------- ED_PRI CAN-2002-1257 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1260 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1260 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20021104 Category: SF Reference: MS:MS02-069 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-069.asp The Java Database Connectivity (JDBC) APIs in Microsoft Virtual Machine (VM) 5.0.3805 and earlier allow remote attackers to bypass security checks and access database contents via an untrusted Java applet. Analysis ---------------- ED_PRI CAN-2002-1260 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1262 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1262 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20021104 Category: SF Reference: BUGTRAQ:20021125 RE: MS02-066 - fixes, gaps and incorrect statements Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103825484331857&w=2 Reference: NTBUGTRAQ:20021125 Re: MS02-066 - fixes, gaps and incorrect statements Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=103824668621672&w=2 Reference: MS:MS02-068 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-068.asp Reference: BUGTRAQ:20021205 Notes on MS02-068, extensive downplaying of severity Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103910416824172&w=2 Reference: NTBUGTRAQ:20021205 Notes on MS02-068, extensive downplaying of severity Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=103909877717345&w=2 Internet Explorer 5.5 and 6.0 does not perform complete security checks on external caching, which allows remote attackers to read arbitrary files. Analysis ---------------- ED_PRI CAN-2002-1262 1 Vendor Acknowledgement: yes advisory ACCURACY: While the advisory is vague, Microsoft has confirmed that it addresses the external caching problem. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1292 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1292 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20021113 Category: SF Reference: BUGTRAQ:20021108 Technical information about unpatched MS Java vulnerabilities Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103682630823080&w=2 Reference: NTBUGTRAQ:20021108 Technical information about unpatched MS Java vulnerabilities Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=103684360031565&w=2 Reference: MS:MS02-069 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-069.asp The Microsoft Java virtual machine (VM) build 5.0.3805 and earlier, as used in Internet Explorer, allows remote attackers to extend the Standard Security Manager (SSM) class (com.ms.security.StandardSecurityManager) and bypass intended StandardSecurityManager restrictions by modifying the (1) deniedDefinitionPackages or (2) deniedAccessPackages settings, causing a denial of service by adding Java applets to the list of applets that are prevented from running. Analysis ---------------- ED_PRI CAN-2002-1292 1 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1295 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1295 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20021113 Category: SF Reference: BUGTRAQ:20021108 Technical information about unpatched MS Java vulnerabilities Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103682630823080&w=2 Reference: NTBUGTRAQ:20021108 Technical information about unpatched MS Java vulnerabilities Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=103684360031565&w=2 Reference: MS:MS02-069 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-069.asp The Microsoft Java implementation, as used in Internet Explorer, allows remote attackers to cause a denial of service (crash) and possibly conduct other unauthorized activities via applet tags in HTML that bypass Java class restrictions (such as private constructors) by providing the class name in the code parameter, aka "Incomplete Java Object Instantiation Vulnerability." Analysis ---------------- ED_PRI CAN-2002-1295 1 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1325 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1325 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20021126 Category: SF Reference: MS:MS02-069 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-069.asp Reference: BID:6380 Reference: URL:http://online.securityfocus.com/bid/6380 Microsoft Virtual Machine (VM) build 5.0.3805 and earlier allows remote attackers to determine a local user's username via a Java applet that accesses the user.dir system property, aka "User.dir Exposure Vulnerability." Analysis ---------------- ED_PRI CAN-2002-1325 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2003-0002 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0002 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20030102 Category: SF Reference: BUGTRAQ:20021007 CSS on Microsoft Content Management Server Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103417794800719&w=2 Reference: MS:MS03-002 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms03-002.asp Reference: BID:5922 Reference: URL:http://online.securityfocus.com/bid/5922 Reference: XF:mcms-manuallogin-reasontxt-xss (10318) Reference: URL:http://www.iss.net/security_center/static/10318.php Cross-site scripting vulnerability (XSS) in ManualLogin.asp script for Microsoft Content Management Server (MCMS) 2001 allows remote attackers to execute arbitrary script via the REASONTXT parameter. Analysis ---------------- ED_PRI CAN-2003-0002 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2003-0004 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0004 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20030102 Category: SF Reference: MS:MS03-005 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms03-005.asp Reference: XF:winxp-windows-redirector-bo(11260) Reference: URL:http://www.iss.net/security_center/static/11260.php Buffer overflow in the Windows Redirector function in Microsoft Windows XP allows local users to execute arbitrary code via a long parameter. Analysis ---------------- ED_PRI CAN-2003-0004 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2003-0007 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0007 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20030102 Category: SF Reference: MS:MS03-003 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms03-003.asp Microsoft Outlook 2002 does not properly handle requests to encrypt email messages with V1 Exchange Server Security certificates, which causes Outlook to send the email in plaintext, aka "Flaw in how Outlook 2002 handles V1 Exchange Server Security Certificates could lead to Information Disclosure." Analysis ---------------- ED_PRI CAN-2003-0007 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2003-0009 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0009 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20030102 Category: SF Reference: MS:MS03-006 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms03-006.asp Reference: BUGTRAQ:20030227 MS-Windows ME IE/Outlook/HelpCenter critical vulnerability Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=104636383018686&w=2 Reference: XF:winme-hsc-hcp-bo(11425) Reference: URL:http://www.iss.net/security_center/static/11425.php Cross-site scripting (XSS) vulnerability in Help and Support Center for Microsoft Windows Me allows remote attackers to execute arbitrary script in the Local Computer security context via an hcp:// URL with the malicious script in the topic parameter. Analysis ---------------- ED_PRI CAN-2003-0009 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2003-1326 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-1326 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20030206 Category: SF Reference: MS:MS03-004 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms03-004.asp Reference: XF:ie-dialog-zone-bypass(11258) Reference: URL:http://www.iss.net/security_center/static/11258.php Microsoft Internet Explorer 5.01, 5.5, and 6.0 allows remote attackers to bypass the cross-domain security model to run malicious script or arbitrary programs via dialog boxes, aka "Improper Cross Domain Security Validation with dialog box." Analysis ---------------- ED_PRI CAN-2003-1326 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2003-1328 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-1328 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20030206 Category: SF Reference: MS:MS03-004 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms03-004.asp Reference: XF:ie-showhelp-zone-bypass(11259) Reference: URL:http://www.iss.net/security_center/static/11259.php The showHelp() function in Microsoft Internet Explorer 5.5 and 6.0 supports certain types of pluggable protocols that allow remote attackers to bypass the cross-domain security model and execute arbitrary code, aka "Improper Cross Domain Security Validation with ShowHelp functionality." Analysis ---------------- ED_PRI CAN-2003-1328 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0693 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0693 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20020712 Category: SF Reference: BUGTRAQ:20021003 Buffer Overflow in IE/Outlook HTML Help Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103365849505409&w=2 Reference: BUGTRAQ:20021009 Thor Larholm security advisory TL#004 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103419115517344&w=2 Reference: BUGTRAQ:20021010 prover of concept code of windows help overflow Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103435279404182&w=2 Reference: MS:MS02-055 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-055.asp Reference: XF:win-html-help-bo(10253) Reference: URL:http://www.iss.net/security_center/static/10253.php Reference: BID:5874 Reference: URL:http://www.securityfocus.com/bid/5874 Buffer overflow in the HTML Help ActiveX Control (hhctrl.ocx) in Microsoft Windows 98, 98 Second Edition, Millennium Edition, NT 4.0, NT 4.0 Terminal Server Edition, Windows 2000, and Windows XP allows remote attackers to execute code via (1) a long parameter to the Alink function, or (2) script containing a long argument to the showHelp function. Analysis ---------------- ED_PRI CAN-2002-0693 3 Vendor Acknowledgement: yes advisory Content Decisions: SF-LOC ABSTRACTION: Microsoft stated via e-mail that both issues are fixed and they trace to the same vulnerable code. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0862 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0862 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20020815 Category: SF Reference: BUGTRAQ:20020805 IE SSL Vulnerability Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102866120821995&w=2 Reference: BUGTRAQ:20020812 IE SSL Exploit Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102918200405308&w=2 Reference: BUGTRAQ:20020819 Insufficient Verification of Client Certificates in IIS 5.0 pre sp3 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102976967730450&w=2 Reference: MS:MS02-050 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-050.asp The (1) CertGetCertificateChain, (2) CertVerifyCertificateChainPolicy, and (3) WinVerifyTrust APIs within the CryptoAPI for Microsoft products including Microsoft Windows 98 through XP, Office for Mac, Internet Explorer for Mac, and Outlook Express for Mac, do not properly verify the Basic Constraints of intermediate CA-signed X.509 certificates, which allows remote attackers to spoof the certificates of trusted sites via a man-in-the-middle attack for SSL sessions, as originally reported for Internet Explorer and IIS. Analysis ---------------- ED_PRI CAN-2002-0862 3 Vendor Acknowledgement: yes advisory Content Decisions: SF-LOC ABSTRACTION: CAN-2002-0828 is an early report of this issue (due to non-coordinated discovery). Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0863 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0863 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20020815 Category: SF Reference: BUGTRAQ:20020916 Microsoft Windows Remote Desktop Protocol checksum and keystroke Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103235960119404&w=2 Reference: BUGTRAQ:20020918 Microsoft Windows Terminal Services vulnerabilities Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103236181522253&w=2 Reference: MS:MS02-051 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-051.asp Reference: XF:win-rdp-checksum-leak(10121) Reference: URL:http://www.iss.net/security_center/static/10121.php Remote Data Protocol (RDP) version 5.0 in Microsoft Windows 2000 and RDP 5.1 in Windows XP does not encrypt the checksums of plaintext session data, which could allow a remote attacker to determine the contents of encrypted sessions via sniffing, aka "Weak Encryption in RDP Protocol." Analysis ---------------- ED_PRI CAN-2002-0863 3 Vendor Acknowledgement: yes advisory Content Decisions: DESIGN-WEAK-ENCRYPTION Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0869 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0869 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20020815 Category: SF Reference: MISC:http://www.li0n.pe.kr/eng/advisory/ms/iis_impersonation.txt Reference: VULNWATCH:20021104 [A3SC] MS IIS out of process privilege elevation vulnerability(A3CR@K-Vul-2002-06-002) Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0059.html Reference: BUGTRAQ:20021104 [A3SC] MS IIS out of process privilege elevation vulnerability(A3CR@K-Vul-2002-06-002) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103642839205574&w=2 Reference: MS:MS02-062 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-062.asp Reference: XF:iis-outofprocess-privilege-elevation(10502) Reference: URL:http://www.iss.net/security_center/static/10502.php Unknown vulnerability in the hosting process (dllhost.exe) for Microsoft Internet Information Server (IIS) 4.0 through 5.1 allows remote attackers to gain privileges by executing an out of process application that acquires LocalSystem privileges, aka "Out of Process Privilege Elevation." Analysis ---------------- ED_PRI CAN-2002-0869 3 Vendor Acknowledgement: yes advisory Content Decisions: VAGUE Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1145 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1145 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20020923 Category: SF Reference: BUGTRAQ:20021017 Microsoft SQL Server Webtasks privilege upgrade (#NISR17102002) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103487044122900&w=2 Reference: NTBUGTRAQ:20021017 Microsoft SQL Server Webtasks privilege upgrade (#NISR17102002) Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=103486356413404&w=2 Reference: MISC:http://www.nextgenss.com/advisories/mssql-webtasks.txt Reference: MS:MS02-061 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-061.asp Reference: XF:mssql-webtask-gain-privileges(10388) Reference: URL:http://www.iss.net/security_center/static/10388.php Reference: BID:5980 Reference: URL:http://www.securityfocus.com/bid/5980 The xp_runwebtask stored procedure in the Web Tasks component of Microsoft SQL Server 7.0 and 2000, Microsoft Data Engine (MSDE) 1.0, and Microsoft Desktop Engine (MSDE) 2000 can be executed by PUBLIC, which allows an attacker to gain privileges by updating a webtask that is owned by the database owner through the msdb.dbo.mswebtasks table, which does not have strong permissions. Analysis ---------------- ED_PRI CAN-2002-1145 3 Vendor Acknowledgement: yes advisory Content Decisions: SF-LOC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1181 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1181 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20021004 Category: SF Reference: BUGTRAQ:20021105 [SNS Advisory No.58] Microsoft IIS Local Cross-site Scripting Vulnerability Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103651224215736&w=2 Reference: MISC:http://www.lac.co.jp/security/intelligence/SNSAdvisory/58.html Reference: MS:MS02-062 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-062.asp Reference: XF:iis-admin-pages-xss(10501) Reference: URL:http://www.iss.net/security_center/static/10501.php Multiple cross-site scripting (XSS) vulnerabilities in the administrative web pages for Microsoft Internet Information Server (IIS) 4.0 through 5.1 allow remote attackers to execute HTML script as other users through (1) a certain ASP file in the IISHELP virtual directory, or (2) possibly other unknown attack vectors. Analysis ---------------- ED_PRI CAN-2002-1181 3 Vendor Acknowledgement: yes advisory Content Decisions: SF-LOC ABSTRACTION/ACCURACY: The Microsoft advisory alludes to multiple XSS issues, but the SNS advisory only gives one particular attack vector. Due to the lack of details in the Microsoft advisory, it is not clear whether other pages or attack vectors exist. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1254 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1254 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20021104 Category: SF Reference: BUGTRAQ:20021022 Vulnerable cached objects in IE (9 advisories in 1) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103530131201191&w=2 Reference: MISC:http://security.greymagic.com/adv/gm012-ie/ Reference: MS:MS02-066 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-066.asp Internet Explorer 5.5 and 6.0 allows remote attackers to bypass the cross-domain security model and access information on the local system or in other domains, and possibly execute code, via cached methods and objects, aka "Cross Domain Verification via Cached Methods." Analysis ---------------- ED_PRI CAN-2002-1254 3 Vendor Acknowledgement: yes advisory Content Decisions: VAGUE ACCURACY: Microsoft confirmed via email that this item addresses the specified Bugtraq post. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1258 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1258 Final-Decision: Interim-Decision: Modified: Proposed: 20030317 Assigned: 20021104 Category: SF Reference: MS:MS02-069 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms02-069.asp Two vulnerabilities in Microsoft Virtual Machine (VM) up to and including build 5.0.3805, as used in Internet Explorer and other applications, allow remote attackers to read files via a Java applet with a spoofed location in the CODEBASE parameter in the APPLET tag, possibly due to a parsing error. Analysis ---------------- ED_PRI CAN-2002-1258 3 Vendor Acknowledgement: yes advisory Content Decisions: SF-LOC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS:
|
||||
