Red Hat Linux 9 Mutt Jay Beale 2003-0140 Corrected syntax errors in sql verion of the definition. INTERIM ACCEPTED Buffer overflow in Mutt 1.4.0 and possibly earlier versions, 1.5.x up to 1.5.3, and other programs that use Mutt code such as Balsa before 2.0.10, allows a remote malicious IMAP server to cause a denial of service (crash) and possibly execute arbitrary code via a crafted folder ACCEPTED 1 Red Hat Linux 9 CUPS Jay Beale 2003-0195 Corrected syntax errors in sql verion of the definition. INTERIM ACCEPTED CUPS before 1.1.19 allows remote attackers to cause a denial of service via a partial printing request to the IPP port (631), which does not time out ACCEPTED 1 Sun Solaris 8 kcms_configure David Proulx 2001-0594 kcms_configure as included with Solaris 7 and 8 allows a local attacker to gain additional privileges via a buffer overflow in a command line argument ACCEPTED 1 Sun Solaris 8 libnsl David Proulx 2002-0391 Integer overflow in xdr_array function in RPC servers for operating systems that use libc, glibc, or other code based on SunRPC including dietlibc, allows remote attackers to execute arbitrary code by passing a large number of arguments to xdr_array through RPC services such as rpc.cmsd and dmispd ACCEPTED 1 Sun Solaris 8 xlock David Proulx 2001-0652 Heap overflow in xlock in Solaris 2.6 through 8 allows local users to gain root privileges via a long (1) XFILESEARCHPATH or (2) XUSERFILESEARCHPATH environmental variable ACCEPTED 1 Sun Solaris 8 snmpdx David Proulx 2002-0796 Format string vulnerability in the logging component of snmpdx for Solaris 5.6 through 8 allows remote attackers to gain root privileges ACCEPTED 1 Microsoft Windows 2000 Internet Explorer 5.5 Service Pack 2 David Proulx David Proulx 2002-0026 Internet Explorer 5.5 and 6.0 allows remote attackers to bypass restrictions for executing scripts via an object that processes asynchronous events after the initial security checks have been made ACCEPTED 3 Sun Solaris 8 Xsun David Proulx 2002-0158 Buffer overflow in Xsun on Solaris 2.6 through 8 allows local users to gain root privileges via a long -co (color database) command line argument ACCEPTED 1 Sun Solaris 8 CDE David Proulx 2002-0677 CDE ToolTalk database server (ttdbserver) allows remote attackers to overwrite arbitrary memory locations with a zero, and possibly gain privileges, via a file descriptor argument in an AUTH_UNIX procedure call, which is used as a table index by the _TT_ISCLOSE procedure ACCEPTED 1 Microsoft Windows NT Internet Information Server 4.0 Tiffany Bergeron Tiffany Bergeron 2002-0079 ACCEPTED Buffer overflow in the chunked encoding transfer mechanism in Internet Information Server (IIS) 4.0 and 5.0 Active Server Pages allows attackers to cause a denial of service or execute arbitrary code ACCEPTED 3 Microsoft Windows 2000 Internet Explorer 6.0 David Proulx David Proulx 2002-0023 Internet Explorer 5.01, 5.5 and 6.0 allows remote attackers to read arbitrary files via malformed requests to the GetObject function, which bypass some of GetObject's security checks ACCEPTED 3 Microsoft Windows NT Windows Shell Matthew Burton 2002-0070 Completing an initial submission. done DRAFT INTERIM ACCEPTED Buffer overflow in Windows Shell (used as the Windows Desktop) allows local and possibly remote attackers to execute arbitrary code via a custom URL handler that has not been removed for an application that has been improperly uninstalled ACCEPTED 1 Microsoft Windows 2000 Internet Explorer 6.0 Andrew Buttner Andrew Buttner 2002-0189 Cross-site scripting vulnerability in Internet Explorer 6.0 allows remote attackers to execute scripts in the Local Computer zone via a URL that exploits a local HTML resource file, aka the "Cross-Site Scripting in Local HTML Resource" vulnerability ACCEPTED 3 Microsoft Windows 2000 Christine Walzer 2003-0715 DRAFT INTERIM ACCEPTED Heap-based buffer overflow in the Distributed Component Object Model (DCOM) interface in the RPCSS Service allows remote attackers to execute arbitrary code via a malformed DCERPC DCOM object activation request packet with modified length fields, a different vulnerability than CAN-2003-0352 (Blaster/Nachi) and CAN-2003-0528 ACCEPTED 1 Microsoft Windows 2000 Internet Information Server 5.0 Andrew Buttner Andrew Buttner 2002-0147 ACCEPTED Buffer overflow in the ASP data transfer mechanism in Internet Information Server (IIS) 4.0, 5.0, and 5.1 allows remote attackers to cause a denial of service or execute code, aka "Microsoft-discovered variant of Chunked Encoding buffer overrun. ACCEPTED 4 Microsoft Windows 2000 Internet Explorer 5.5 or Internet Explorer 5.5 Service Pack 1 David Proulx David Proulx 2002-0026 Internet Explorer 5.5 and 6.0 allows remote attackers to bypass restrictions for executing scripts via an object that processes asynchronous events after the initial security checks have been made ACCEPTED 3 Microsoft Windows NT FTP Tiffany Bergeron Tiffany Bergeron 2002-0073 The FTP service in Internet Information Server (IIS) 4.0, 5.0 and 5.1 allows attackers who have established an FTP session to cause a denial of service via a specially crafted status request containing glob characters ACCEPTED 3 Microsoft Windows 2000 Internet Information Server 5.0 Tiffany Bergeron Tiffany Bergeron 2002-0079 ACCEPTED Buffer overflow in the chunked encoding transfer mechanism in Internet Information Server (IIS) 4.0 and 5.0 Active Server Pages allows attackers to cause a denial of service or execute arbitrary code ACCEPTED 3 Microsoft Windows 2000 Network Connection Manager (NCM) Christine Walzer Christine Walzer 2002-0720 A handler routine for the Network Connection Manager (NCM) in Windows 2000 allows local users to gain privileges via a complex attack that causes the handler to run in the LocalSystem context with user-specified code ACCEPTED 1 Microsoft Windows 2000 Internet Explorer 5.01 Tiffany Bergeron Tiffany Bergeron 2002-0193 Microsoft Internet Explorer 5.01 and 6.0 allow remote attackers to execute arbitrary code via malformed Content-Disposition and Content-Type header fields that cause the application for the spoofed file type to pass the file back to the operating system for handling rather than raise an error message, aka the first variant of the "Content Disposition" vulnerability ACCEPTED 2 Red Hat Linux 9 skk Jay Beale 2003-0539 Corrected syntax errors in sql verion of the definition. INTERIM ACCEPTED skk (Simple Kana to Kanji conversion program) 12.1 and earlier, and the ddskk package which is based on skk, creates temporary files insecurely, which allows local users to overwrite arbitrary files ACCEPTED 1 Microsoft Windows 2000 Internet Information Server 5.0 Tiffany Bergeron Tiffany Bergeron 2002-0364 ACCEPTED Buffer overflow in the chunked encoding transfer mechanism in IIS 4.0 and 5.0 allows attackers to execute arbitrary code via the processing of HTR request sessions, aka "Heap Overrun in HTR Chunked Encoding Could Enable Web Server Compromise. ACCEPTED 4 Microsoft Windows 2000 SMTP Tiffany Bergeron Andrew Buttner 2002-0055 Changed the registry key in question for the SMTP enabled check to SMTPSVC from SMTP. SMTP service in Microsoft Windows 2000, Windows XP Professional, and Exchange 2000 to cause a denial of service via a command with a malformed data transfer (BDAT) request ACCEPTED 3 Sun Solaris 8 cachefsd David Proulx 2002-0033 Heap-based buffer overflow in cfsd_calloc function of Solaris cachefsd allows remote attackers to execute arbitrary code via a request with a long directory and cache name ACCEPTED 2 Microsoft Windows 2000 Internet Explorer 6.0 David Proulx David Proulx 2002-0026 Internet Explorer 5.5 and 6.0 allows remote attackers to bypass restrictions for executing scripts via an object that processes asynchronous events after the initial security checks have been made ACCEPTED 3 Sun Solaris 7 Xsun David Proulx 2002-0158 Buffer overflow in Xsun on Solaris 2.6 through 8 allows local users to gain root privileges via a long -co (color database) command line argument ACCEPTED 1 Sun Solaris 7 whodo David Proulx 2001-1076 Buffer overflow in whodo in Solaris SunOS 5.5.1 through 5.8 allows local users to execute arbitrary code via a long (1) SOR or (2) CFIME environment variable ACCEPTED 1 Microsoft Windows 2000 FTP Tiffany Bergeron Tiffany Bergeron 2002-0073 The FTP service in Internet Information Server (IIS) 4.0, 5.0 and 5.1 allows attackers who have established an FTP session to cause a denial of service via a specially crafted status request containing glob characters ACCEPTED 4 Microsoft Windows NT Internet Information Server 4.0 Tiffany Bergeron Tiffany Bergeron 2001-0333 Directory traversal vulnerability in IIS 5.0 and earlier allows remote attackers to execute arbitrary commands by encoding .. (dot dot) and "\" characters twice ACCEPTED 2 Microsoft Windows 2000 Windows 2000 Tiffany Bergeron 2002-0051 Windows 2000 allows local users to prevent the application of new group policy settings by opening Group Policy files with exclusive-read access ACCEPTED 2 Microsoft Windows 2000 Internet Information Server 5.0 Tiffany Bergeron Tiffany Bergeron 2002-0150 ACCEPTED Buffer overflow in Internet Information Server (IIS) 4.0, 5.0, and 5.1 allows remote attackers to spoof the safety check for HTTP headers and cause a denial of service or execute arbitrary code via HTTP header field values ACCEPTED 3 Microsoft Windows 2000 Internet Explorer 5.5 Service Pack 2 David Proulx David Proulx 2002-0023 Internet Explorer 5.01, 5.5 and 6.0 allows remote attackers to read arbitrary files via malformed requests to the GetObject function, which bypass some of GetObject's security checks ACCEPTED 3 Sun Solaris 7 rpc.rwalld David Proulx 2002-0573 Format string vulnerability in RPC wall daemon (rpc.rwalld) for Solaris 2.5.1 through 8 allows remote attackers to execute arbitrary code via format strings in a message that is not properly provided to the syslog function when the wall command cannot be executed ACCEPTED 1 Sun Solaris 7 libnsl David Proulx 2002-0391 Integer overflow in xdr_array function in RPC servers for operating systems that use libc, glibc, or other code based on SunRPC including dietlibc, allows remote attackers to execute arbitrary code by passing a large number of arguments to xdr_array through RPC services such as rpc.cmsd and dmispd ACCEPTED 1 Sun Solaris 7 cachefsd David Proulx 2002-0084 Buffer overflow in the fscache_setup function of cachefsd in Solaris 2.6, 7, and 8 allows local users to gain root privileges via a long mount argument ACCEPTED 1 Microsoft Windows 2000 Internet Information Server 5.0 Tiffany Bergeron Tiffany Bergeron 2000-0884 IIS 4.0 and 5.0 allows remote attackers to read documents outside of the web root, and possibly execute arbitrary commands, via malformed URLs that contain UNICODE encoded characters, aka the "Web Server Folder Traversal" vulnerability ACCEPTED 2 Microsoft Windows NT Internet Information Server 4.0 Tiffany Bergeron Tiffany Bergeron 2002-0071 ACCEPTED Buffer overflow in the ism.dll ISAPI extension that implements HTR scripting in Internet Information Server (IIS) 4.0 and 5.0 allows attackers to cause a denial of service or execute arbitrary code via HTR requests with long variable names ACCEPTED 3 Microsoft Windows 2000 Internet Information Server 5.0 Tiffany Bergeron Tiffany Bergeron 2002-0074 Cross-site scripting vulnerability in Help File search facility for Internet Information Server (IIS) 4.0, 5.0 and 5.1 allows remote attackers to embed scripts into another user's session ACCEPTED 2 Sun Solaris 8 whodo David Proulx 2001-1076 Buffer overflow in whodo in Solaris SunOS 5.5.1 through 5.8 allows local users to execute arbitrary code via a long (1) SOR or (2) CFIME environment variable ACCEPTED 1 Sun Solaris 7 admintool David Proulx 2002-0088 Buffer overflow in admintool in Solaris 2.6, 7, and 8 allows local users to gain root privileges via a long media installation path ACCEPTED 1 Microsoft Windows 2000 Internet Explorer 5.01 David Proulx David Proulx 2003-1326 Microsoft Internet Explorer 5.5 and 6.0 allows remote attackers to bypass the cross-domain security model to run malicious script or arbitrary programs via dialog boxes, aka "Improper Cross Domain Security Validation with dialog box. ACCEPTED 2 Microsoft Windows 2000 Internet Explorer 5.01, Internet Explorer 5.01 Service Pack 1, or Internet Explorer 5.01 Service Pack 2 David Proulx David Proulx 2002-0023 Internet Explorer 5.01, 5.5 and 6.0 allows remote attackers to read arbitrary files via malformed requests to the GetObject function, which bypass some of GetObject's security checks ACCEPTED 3 Red Hat Linux 9 EOG Jay Beale 2003-0165 Corrected syntax errors in sql verion of the definition. INTERIM ACCEPTED Format string vulnerability in Eye Of Gnome (EOG) allows attackers to execute arbitrary code via format string specifiers in a command line argument for the file to display ACCEPTED 1 Red Hat Linux 9 Ethereal Jay Beale 2003-0081 Corrected syntax errors in sql verion of the definition. INTERIM ACCEPTED Format string vulnerability in packet-socks.c of the SOCKS dissector for Ethereal 0.8.7 through 0.9.9 allows remote attackers to execute arbitrary code via SOCKS packets containing format string specifiers ACCEPTED 1 Red Hat Linux 9 Ethereal Jay Beale 2003-0159 Corrected syntax errors in sql verion of the definition. INTERIM ACCEPTED Heap-based buffer overflow in the NTLMSSP code for Ethereal 0.9.9 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code ACCEPTED 1 Sun Solaris 8 rpc.yppasswdd David Proulx 2001-0779 Buffer overflow in rpc.yppasswdd (yppasswd server) in Solaris 2.6, 7 and 8 allows remote attackers to gain root access via a long username ACCEPTED 1 Microsoft Windows 2000 Internet Explorer 6.0 David Proulx David Proulx 2003-1328 The showHelp() function in Microsoft Internet Explorer 5.01, 5.5, and 6.0 supports certain types of pluggable protocols that allow remote attackers to bypass the cross-domain security model and execute arbitrary code, aka "Improper Cross Domain Security Validation with ShowHelp functionality. ACCEPTED 2 Microsoft Windows NT Internet Information Server 4.0 Tiffany Bergeron Tiffany Bergeron 2002-0075 Cross-site scripting vulnerability for Internet Information Server (IIS) 4.0, 5.0 and 5.1 allows remote attackers to execute arbitrary script as other web users via the error message used in a URL redirect (""302 Object Moved") message ACCEPTED 1 Microsoft Windows 2000 Remote Procedure Call (RPC) Tiffany Bergeron Tiffany Bergeron 2002-1561 The RPC component in Windows 2000, Windows NT 4.0, and Windows XP allows remote attackers to cause a denial of service (disabled RPC service) via a malformed packet to the RPC Endpoint Mapper at TCP port 135, which triggers a null pointer dereference ACCEPTED 1 Sun Solaris 8 admintool David Proulx 2002-0088 Buffer overflow in admintool in Solaris 2.6, 7, and 8 allows local users to gain root privileges via a long media installation path ACCEPTED 1 Microsoft Windows NT Remote Access Service (RAS) Tiffany Bergeron 2002-0366 Buffer overflow in Remote Access Service (RAS) phonebook for Windows NT 4.0, 2000, XP, and Routing and Remote Access Server (RRAS) allows local users to execute arbitrary code by modifying the rasphone.pbk file to use a long dial-up entry ACCEPTED 1 Sun Solaris 7 mibiisa David Proulx 2002-0797 Buffer overflow in the MIB parsing component of mibiisa for Solaris 5.6 through 8 allows remote attackers to gain root privileges ACCEPTED 1 Microsoft Windows 2000 Remote Access Service (RAS) Tiffany Bergeron 2002-0366 Buffer overflow in Remote Access Service (RAS) phonebook for Windows NT 4.0, 2000, XP, and Routing and Remote Access Server (RRAS) allows local users to execute arbitrary code by modifying the rasphone.pbk file to use a long dial-up entry ACCEPTED 2 Microsoft Windows 2000 Windows 2000 Tiffany Bergeron 2002-0018 ACCEPTED INTERIM ACCEPTED In Microsoft Windows NT and Windows 2000, a trusting domain that receives authorization information from a trusted domain does not verify that the trusted domain is authoritative for all listed SIDs, which could allows remote attackers to gain Domain Administrator privileges on the trusting domain by injecting SIDs from untrusted domains into the authorization data that comes from from the trusted domain ACCEPTED 3 Sun Solaris 7 kcms_configure David Proulx 2001-0594 kcms_configure as included with Solaris 7 and 8 allows a local attacker to gain additional privileges via a buffer overflow in a command line argument ACCEPTED 1 Microsoft Windows 2000 Internet Information Server 5.0 David Proulx David Proulx 2003-0223 Cross-site scripting vulnerability (XSS) in the ASP function responsible for redirection in Microsoft Internet Information Server (IIS) 4.0, 5.0, and 5.1 allows remote attackers to embed a URL containing script in a redirection message ACCEPTED 1 Sun Solaris 8 admintool David Proulx 2002-0089 Buffer overflow in admintool in Solaris 2.5 through 8 allows local users to gain root privileges via long arguments to (1) the -d command line option, or (2) the PRODVERS argument in the .cdtoc file ACCEPTED 1 Sun Solaris 7 admintool David Proulx 2002-0089 Buffer overflow in admintool in Solaris 2.5 through 8 allows local users to gain root privileges via long arguments to (1) the -d command line option, or (2) the PRODVERS argument in the .cdtoc file ACCEPTED 1 Red Hat Linux 9 Ethereal Jay Beale Jay Beale 2003-0356 Corrected syntax errors in sql verion of the definition. INTERIM ACCEPTED Multiple off-by-one vulnerabilities in Ethereal 0.9.11 and earlier allow remote attackers to cause a denial of service and possibly execute arbitrary code via the (1) AIM, (2) GIOP Gryphon, (3) OSPF, (4) PPTP, (5) Quake, (6) Quake2, (7) Quake3, (8) Rsync, (9) SMB, (10) SMPP, and (11) TSP dissectors, which do not properly use the tvb_get_nstringz and tvb_get_nstringz0 functions ACCEPTED 1 Sun Solaris 8 dtspcd David Proulx 2001-0803 Buffer overflow in the client connection routine of libDtSvc.so.1 in CDE Subprocess Control Service (dtspcd) allows remote attackers to execute arbitrary command ACCEPTED 1 Microsoft Windows 2000 Microsoft SQL Server 2000 Yi-Fang Koh 2001-0344 ACCEPTED An SQL query method in Microsoft SQL Server 2000 Gold and 7.0 using Mixed Mode allows local database users to gain privileges by reusing a cached connection of the sa administrator account ACCEPTED 1 Microsoft Windows NT Internet Information Server 4.0 Tiffany Bergeron Tiffany Bergeron 2002-0147 ACCEPTED Buffer overflow in the ASP data transfer mechanism in Internet Information Server (IIS) 4.0, 5.0, and 5.1 allows remote attackers to cause a denial of service or execute code, aka "Microsoft-discovered variant of Chunked Encoding buffer overrun. ACCEPTED 3 Red Hat Linux 9 Ethereal Jay Beale Jay Beale 2003-0357 Corrected syntax errors in sql verion of the definition. INTERIM ACCEPTED Multiple integer overflow vulnerabilities in Ethereal 0.9.11 and earlier allow remote attackers to cause a denial of service and possibly execute arbitrary code via the (1) Mount and (2) PPP dissectors ACCEPTED 1 Sun Solaris 7 dtspcd David Proulx 2001-0803 Buffer overflow in the client connection routine of libDtSvc.so.1 in CDE Subprocess Control Service (dtspcd) allows remote attackers to execute arbitrary command ACCEPTED 1 Red Hat Linux 9 Ethereal Jay Beale Jay Beale 2003-0428 Corrected syntax errors in sql verion of the definition. INTERIM ACCEPTED Unknown vulnerability in the DCERPC dissector in Ethereal 0.9.12 and earlier allows remote attackers to cause a denial of service (memory consumption) via a certain NDR string ACCEPTED 1 Microsoft Windows 2000 Windows 2000 Tiffany Bergeron 2002-0367 smss.exe debugging subsystem in Windows NT and Windows 2000 does not properly authenticate programs that connect to other programs, which allows local users to gain administrator or SYSTEM privileges by duplicating a handle to a privileged process, as demonstrated by DebPloit ACCEPTED 2 Microsoft Windows 2000 Internet Explorer 5.5 or Internet Explorer 5.5 Service Pack 1 David Proulx David Proulx 2002-0023 Internet Explorer 5.01, 5.5 and 6.0 allows remote attackers to read arbitrary files via malformed requests to the GetObject function, which bypass some of GetObject's security checks ACCEPTED 3 Microsoft Windows 2000 Internet Information Server 5.0 Tiffany Bergeron Tiffany Bergeron 2001-0333 ACCEPTED INTERIM ACCEPTED Directory traversal vulnerability in IIS 5.0 and earlier allows remote attackers to execute arbitrary commands by encoding .. (dot dot) and "\" characters twice ACCEPTED 3 Sun Solaris 8 rpc.rwalld David Proulx 2002-0573 Format string vulnerability in RPC wall daemon (rpc.rwalld) for Solaris 2.5.1 through 8 allows remote attackers to execute arbitrary code via format strings in a message that is not properly provided to the syslog function when the wall command cannot be executed ACCEPTED 1 Sun Solaris 7 CDE David Proulx 2002-0678 CDE ToolTalk database server (ttdbserver) allows local users to overwrite arbitrary files via a symlink attack on the transaction log file used by the _TT_TRANSACTION RPC procedure ACCEPTED 1 Microsoft Windows NT Internet Information Server 4.0 Tiffany Bergeron Tiffany Bergeron 2002-0148 Cross-site scripting vulnerability in Internet Information Server (IIS) 4.0, 5.0 and 5.1 allows remote attackers to execute arbitrary script as other users via an HTTP error page ACCEPTED 1 Microsoft Windows 2000 Microsoft SQL Server 2000 Tiffany Bergeron 2001-0509 Vulnerabilities in RPC servers in (1) Microsoft Exchange Server 2000 and earlier, (2) Microsoft SQL Server 2000 and earlier, (3) Windows NT 4.0, and (4) Windows 2000 allow remote attackers to cause a denial of service via malformed inputs ACCEPTED 1 Microsoft Windows 2000 Microsoft SQL Server Yi-Fang Koh Yi-Fang Koh 2001-0542 Buffer overflows in Microsoft SQL Server 7.0 and 2000 allow attackers with access to SQL Server to execute arbitrary code through the functions (1) raiserror, (2) formatmessage, or (3) xp_sprintf. NOTE: the C runtime format string vulnerability reported in MS01-060 is identified by CAN-2001-0879 ACCEPTED 1 Red Hat Linux 9 Ethereal Jay Beale Jay Beale 2003-0429 Corrected syntax errors in sql verion of the definition. INTERIM ACCEPTED The OSI dissector in Ethereal 0.9.12 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via invalid IPv4 or IPv6 prefix lengths, possibly triggering a buffer overflow ACCEPTED 1 Sun Solaris 8 lbxproxy David Proulx 2002-0090 Buffer overflow in Low BandWidth X proxy (lbxproxy) in Solaris 8 allows local users to execute arbitrary code via a long display command line option ACCEPTED 1 Microsoft Windows NT Simple Network Management Protocol (SNMP) Harvey Rubinovitz Harvey Rubinovitz 2002-0013 Vulnerabilities in the SNMPv1 request handling of a large number of SNMP implementations allow remote attackers to cause a denial of service or gain privileges via (1) GetRequest, (2) GetNextRequest, and (3) SetRequest messages, as demonstrated by the PROTOS c06-SNMPv1 test suite. NOTE: It is highly likely that this candidate will be SPLIT into multiple candidates, one or more for each vendor. This and other SNMP-related candidates will be updated when more accurate information is available ACCEPTED 1 Red Hat Linux 9 Ethereal Jay Beale Jay Beale 2003-0430 Corrected syntax errors in sql verion of the definition. INTERIM ACCEPTED The SPNEGO dissector in Ethereal 0.9.12 and earlier allows remote attackers to cause a denial of service (crash) via an invalid ASN.1 value ACCEPTED 1 Microsoft Windows 2000 Multiple UNC Provider (MUP) Tiffany Bergeron 2002-0151 Buffer overflow in Multiple UNC Provider (MUP) in Microsoft Windows operating systems allows local users to cause a denial of service or possibly gain SYSTEM privileges via a long UNC request ACCEPTED 2 Microsoft Windows 2000 Internet Information Server 5.0 Tiffany Bergeron Tiffany Bergeron Ingrid Skoog 2001-0151 corrected configuration criterion INTERIM ACCEPTED IIS 5.0 allows remote attackers to cause a denial of service via a series of malformed WebDAV requests ACCEPTED 3 Sun Solaris 7 CDE David Proulx 2002-0677 CDE ToolTalk database server (ttdbserver) allows remote attackers to overwrite arbitrary memory locations with a zero, and possibly gain privileges, via a file descriptor argument in an AUTH_UNIX procedure call, which is used as a table index by the _TT_ISCLOSE procedure ACCEPTED 1 Microsoft Windows 2000 Internet Information Server 5.0 Harvey Rubinovitz Harvey Rubinovitz 2002-0148 Cross-site scripting vulnerability in Internet Information Server (IIS) 4.0, 5.0 and 5.1 allows remote attackers to execute arbitrary script as other users via an HTTP error page ACCEPTED 1 Sun Solaris 8 mibiisa David Proulx 2002-0797 Buffer overflow in the MIB parsing component of mibiisa for Solaris 5.6 through 8 allows remote attackers to gain root privileges ACCEPTED 1 Microsoft Windows 2000 Internet Information Server 5.0 Tiffany Bergeron Tiffany Bergeron 2002-0149 ACCEPTED Buffer overflow in ASP Server-Side Include Function in IIS 4.0, 5.0 and 5.1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via long file names ACCEPTED 3 Microsoft Windows 2000 Internet Explorer 6.0 Andrew Buttner Andrew Buttner 2002-0078 Added the configuration check to see if cookies are enabled by the current user when local machine settings are not in use. INTERIM ACCEPTED The zone determination function in Microsoft Internet Explorer 5.5 and 6.0 allows remote attackers to run scripts in the Local Computer zone by embedding the script in a cookie, aka the "Cookie-based Script Execution" vulnerability ACCEPTED 4 Sun Solaris 8 cachefsd David Proulx 2002-0084 Buffer overflow in the fscache_setup function of cachefsd in Solaris 2.6, 7, and 8 allows local users to gain root privileges via a long mount argument ACCEPTED 1 Microsoft Windows 2000 Internet Explorer 6.0 David Proulx David Proulx 2002-0371 Buffer overflow in gopher client for Microsoft Internet Explorer 5.1 through 6.0, Proxy Server 2.0, or ISA Server 2000 allows remote attackers to execute arbitrary code via a gopher:// URL that redirects the user to a real or simulated gopher server that sends a long response ACCEPTED 2 Microsoft Windows 2000 Internet Explorer 6.0 Andrew Buttner Andrew Buttner 2002-0193 Microsoft Internet Explorer 5.01 and 6.0 allow remote attackers to execute arbitrary code via malformed Content-Disposition and Content-Type header fields that cause the application for the spoofed file type to pass the file back to the operating system for handling rather than raise an error message, aka the first variant of the "Content Disposition" vulnerability ACCEPTED 3 Red Hat Linux 9 Ethereal Jay Beale Jay Beale 2003-0431 Corrected syntax errors in sql verion of the definition. INTERIM ACCEPTED The tvb_get_nstringz0 function in Ethereal 0.9.12 and earlier does not properly handle a zero-length buffer size, with unknown consequences ACCEPTED 1 Sun Solaris 7 rpc.yppasswdd David Proulx 2001-0779