All the vulnerabilites related to microsoft - systems_management_server
cve-2004-0728
Vulnerability from cvelistv5
Published
2004-07-23 04:00
Modified
2024-08-08 00:24
Severity ?
EPSS score ?
Summary
The Remote Control Client service in Microsoft's Systems Management Server (SMS) 2.50.2726.0 allows remote attackers to cause a denial of service (crash) via a data packet to TCP port 2702 that causes the server to read or write to an invalid memory address.
References
| ▼ | URL | Tags |
|---|---|---|
| http://marc.info/?l=bugtraq&m=108983763710315&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/16696 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:24:27.148Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20040714 [HV-MED] DoS in Microsoft SMS Client",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=108983763710315\u0026w=2"
},
{
"name": "sms-remote-service-dos(16696)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16696"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-07-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Remote Control Client service in Microsoft\u0027s Systems Management Server (SMS) 2.50.2726.0 allows remote attackers to cause a denial of service (crash) via a data packet to TCP port 2702 that causes the server to read or write to an invalid memory address."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20040714 [HV-MED] DoS in Microsoft SMS Client",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=108983763710315\u0026w=2"
},
{
"name": "sms-remote-service-dos(16696)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16696"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-0728",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Remote Control Client service in Microsoft\u0027s Systems Management Server (SMS) 2.50.2726.0 allows remote attackers to cause a denial of service (crash) via a data packet to TCP port 2702 that causes the server to read or write to an invalid memory address."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20040714 [HV-MED] DoS in Microsoft SMS Client",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=108983763710315\u0026w=2"
},
{
"name": "sms-remote-service-dos(16696)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16696"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-0728",
"datePublished": "2004-07-23T04:00:00",
"dateReserved": "2004-07-22T00:00:00",
"dateUpdated": "2024-08-08T00:24:27.148Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2000-0885
Vulnerability from cvelistv5
Published
2000-11-29 05:00
Modified
2024-08-08 05:37
Severity ?
EPSS score ?
Summary
Buffer overflows in Microsoft Network Monitor (Netmon) allow remote attackers to execute arbitrary commands via a long Browser Name in a CIFS Browse Frame, a long SNMP community name, or a long username or filename in an SMB session, aka the "Netmon Protocol Parsing" vulnerability. NOTE: It is highly likely that this candidate will be split into multiple candidates.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/5399 | vdb-entry, x_refsource_XF | |
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-083 | vendor-advisory, x_refsource_MS |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T05:37:31.515Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "network-monitor-bo(5399)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5399"
},
{
"name": "MS00-083",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-083"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2000-11-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflows in Microsoft Network Monitor (Netmon) allow remote attackers to execute arbitrary commands via a long Browser Name in a CIFS Browse Frame, a long SNMP community name, or a long username or filename in an SMB session, aka the \"Netmon Protocol Parsing\" vulnerability. NOTE: It is highly likely that this candidate will be split into multiple candidates."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "network-monitor-bo(5399)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5399"
},
{
"name": "MS00-083",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-083"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2000-0885",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflows in Microsoft Network Monitor (Netmon) allow remote attackers to execute arbitrary commands via a long Browser Name in a CIFS Browse Frame, a long SNMP community name, or a long username or filename in an SMB session, aka the \"Netmon Protocol Parsing\" vulnerability. NOTE: It is highly likely that this candidate will be split into multiple candidates."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "network-monitor-bo(5399)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5399"
},
{
"name": "MS00-083",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-083"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2000-0885",
"datePublished": "2000-11-29T05:00:00",
"dateReserved": "2000-10-28T00:00:00",
"dateUpdated": "2024-08-08T05:37:31.515Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2000-0100
Vulnerability from cvelistv5
Published
2000-04-18 04:00
Modified
2024-08-08 05:05
Severity ?
EPSS score ?
Summary
The SMS Remote Control program is installed with insecure permissions, which allows local users to gain privileges by modifying or replacing the program.
References
| ▼ | URL | Tags |
|---|---|---|
| http://archives.neohapsis.com/archives/ntbugtraq/current/0045.html | mailing-list, x_refsource_NTBUGTRAQ | |
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-012 | vendor-advisory, x_refsource_MS |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T05:05:53.732Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20000115 Security Vulnerability with SMS 2.0 Remote Control",
"tags": [
"mailing-list",
"x_refsource_NTBUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/ntbugtraq/current/0045.html"
},
{
"name": "MS00-012",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-012"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2000-01-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The SMS Remote Control program is installed with insecure permissions, which allows local users to gain privileges by modifying or replacing the program."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-11-02T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20000115 Security Vulnerability with SMS 2.0 Remote Control",
"tags": [
"mailing-list",
"x_refsource_NTBUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/ntbugtraq/current/0045.html"
},
{
"name": "MS00-012",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-012"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2000-0100",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The SMS Remote Control program is installed with insecure permissions, which allows local users to gain privileges by modifying or replacing the program."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20000115 Security Vulnerability with SMS 2.0 Remote Control",
"refsource": "NTBUGTRAQ",
"url": "http://archives.neohapsis.com/archives/ntbugtraq/current/0045.html"
},
{
"name": "MS00-012",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-012"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2000-0100",
"datePublished": "2000-04-18T04:00:00",
"dateReserved": "2000-02-02T00:00:00",
"dateUpdated": "2024-08-08T05:05:53.732Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-2536
Vulnerability from cvelistv5
Published
2012-09-11 18:00
Modified
2024-08-06 19:34
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in Microsoft Systems Management Server 2003 SP3 and System Center Configuration Manager 2007 SP2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Reflected XSS Vulnerability."
References
| ▼ | URL | Tags |
|---|---|---|
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15781 | vdb-entry, signature, x_refsource_OVAL | |
| http://www.us-cert.gov/cas/techalerts/TA12-255A.html | third-party-advisory, x_refsource_CERT | |
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-062 | vendor-advisory, x_refsource_MS | |
| http://www.securityfocus.com/bid/55430 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:34:25.827Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "oval:org.mitre.oval:def:15781",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15781"
},
{
"name": "TA12-255A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA12-255A.html"
},
{
"name": "MS12-062",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-062"
},
{
"name": "55430",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/55430"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-09-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Microsoft Systems Management Server 2003 SP3 and System Center Configuration Manager 2007 SP2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka \"Reflected XSS Vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "oval:org.mitre.oval:def:15781",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15781"
},
{
"name": "TA12-255A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA12-255A.html"
},
{
"name": "MS12-062",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-062"
},
{
"name": "55430",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/55430"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2012-2536",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Microsoft Systems Management Server 2003 SP3 and System Center Configuration Manager 2007 SP2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka \"Reflected XSS Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "oval:org.mitre.oval:def:15781",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15781"
},
{
"name": "TA12-255A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA12-255A.html"
},
{
"name": "MS12-062",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-062"
},
{
"name": "55430",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/55430"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2012-2536",
"datePublished": "2012-09-11T18:00:00",
"dateReserved": "2012-05-09T00:00:00",
"dateUpdated": "2024-08-06T19:34:25.827Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2012-09-11 18:55
Modified
2024-11-21 01:39
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in Microsoft Systems Management Server 2003 SP3 and System Center Configuration Manager 2007 SP2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Reflected XSS Vulnerability."
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | system_center_configuration_manager | 2007 | |
| microsoft | systems_management_server | 2003 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:system_center_configuration_manager:2007:sp2:*:*:*:*:*:*",
"matchCriteriaId": "83CF27A5-BE0C-4F3C-8650-A8984E14F0D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:systems_management_server:2003:sp2:*:*:*:*:*:*",
"matchCriteriaId": "F8ED204E-F7ED-497F-883C-C8F0C7ACE632",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Microsoft Systems Management Server 2003 SP3 and System Center Configuration Manager 2007 SP2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka \"Reflected XSS Vulnerability.\""
},
{
"lang": "es",
"value": "Una vulnerabilidad de ejecuci\u00f3n de comandos en sitios cruzados (XSS) en Microsoft Systems Management Server 2003 Service Pack 3 y System Center Configuration Manager 2007 SP2 permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s de vectores no especificados. Se trata de un problema tambi\u00e9n conocido como \"Vulnerabilidad XSS reflejado\".\r\n"
}
],
"id": "CVE-2012-2536",
"lastModified": "2024-11-21T01:39:12.203",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2012-09-11T18:55:01.050",
"references": [
{
"source": "secure@microsoft.com",
"url": "http://www.securityfocus.com/bid/55430"
},
{
"source": "secure@microsoft.com",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA12-255A.html"
},
{
"source": "secure@microsoft.com",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-062"
},
{
"source": "secure@microsoft.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15781"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/55430"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA12-255A.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-062"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15781"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2000-12-19 05:00
Modified
2024-11-20 23:33
Severity ?
Summary
Buffer overflows in Microsoft Network Monitor (Netmon) allow remote attackers to execute arbitrary commands via a long Browser Name in a CIFS Browse Frame, a long SNMP community name, or a long username or filename in an SMB session, aka the "Netmon Protocol Parsing" vulnerability. NOTE: It is highly likely that this candidate will be split into multiple candidates.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | systems_management_server | 1.2 | |
| microsoft | systems_management_server | 2.0 | |
| microsoft | windows_2000 | * | |
| microsoft | windows_nt | 4.0 | |
| microsoft | windows_nt | 4.0 | |
| microsoft | windows_nt | 4.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:systems_management_server:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F714FC20-0412-472D-B4A3-EA548EE14E81",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:systems_management_server:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "43E8A8EF-B54F-4413-9BC8-A6A479951313",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_2000:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4E545C63-FE9C-4CA1-AF0F-D999D84D2AFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_nt:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E53CDA8E-50A8-4509-B070-CCA5604FFB21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_nt:4.0:*:terminal_server:*:*:*:*:*",
"matchCriteriaId": "6E7E6AD3-5418-4FEA-84B5-833059CA880D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_nt:4.0:sp1:enterprise:*:*:*:*:*",
"matchCriteriaId": "BBD9C514-5AF7-4849-A535-F0F3C9339051",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflows in Microsoft Network Monitor (Netmon) allow remote attackers to execute arbitrary commands via a long Browser Name in a CIFS Browse Frame, a long SNMP community name, or a long username or filename in an SMB session, aka the \"Netmon Protocol Parsing\" vulnerability. NOTE: It is highly likely that this candidate will be split into multiple candidates."
}
],
"id": "CVE-2000-0885",
"lastModified": "2024-11-20T23:33:29.800",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2000-12-19T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-083"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5399"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-083"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5399"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2004-07-27 04:00
Modified
2024-11-20 23:49
Severity ?
Summary
The Remote Control Client service in Microsoft's Systems Management Server (SMS) 2.50.2726.0 allows remote attackers to cause a denial of service (crash) via a data packet to TCP port 2702 that causes the server to read or write to an invalid memory address.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | systems_management_server | 1.2 | |
| microsoft | systems_management_server | 1.2 | |
| microsoft | systems_management_server | 1.2 | |
| microsoft | systems_management_server | 1.2 | |
| microsoft | systems_management_server | 1.2 | |
| microsoft | systems_management_server | 2.0 | |
| microsoft | systems_management_server | 2.0 | |
| microsoft | systems_management_server | 2.50.2726 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:systems_management_server:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F714FC20-0412-472D-B4A3-EA548EE14E81",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:systems_management_server:1.2:sp1:*:*:*:*:*:*",
"matchCriteriaId": "DCC15CE2-708F-4BB2-A4A5-A055B9541C12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:systems_management_server:1.2:sp2:*:*:*:*:*:*",
"matchCriteriaId": "7D334FC1-DA2E-4A78-98A6-81C36713F977",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:systems_management_server:1.2:sp3:*:*:*:*:*:*",
"matchCriteriaId": "2E75A5E5-3C2A-4182-B5C4-FD58579587EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:systems_management_server:1.2:sp4:*:*:*:*:*:*",
"matchCriteriaId": "CCD1E3C3-B7AC-411B-8600-A51E2264409B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:systems_management_server:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "43E8A8EF-B54F-4413-9BC8-A6A479951313",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:systems_management_server:2.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "9B010774-CFB9-43F9-B5C4-2FE489B1FBE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:systems_management_server:2.50.2726:*:*:*:*:*:*:*",
"matchCriteriaId": "E5081CEE-911E-447A-9457-A5AAF34A8A9F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Remote Control Client service in Microsoft\u0027s Systems Management Server (SMS) 2.50.2726.0 allows remote attackers to cause a denial of service (crash) via a data packet to TCP port 2702 that causes the server to read or write to an invalid memory address."
},
{
"lang": "es",
"value": "El servicio de Cliente de Control Remoto de Microsoft\u0027s Systems Management Server (SMS) 2.50.2726.0 permite a atacantes remotos causar una denegaci\u00f3n de servicio (ca\u00edda) mediante un paquete de datos al puerto TCP 2702 que causa que el servidor lea o escriba de una direcci\u00f3n de memoria inv\u00e1lida."
}
],
"id": "CVE-2004-0728",
"lastModified": "2024-11-20T23:49:16.100",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-07-27T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=108983763710315\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16696"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=108983763710315\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16696"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
1999-12-29 05:00
Modified
2024-11-20 23:31
Severity ?
Summary
The SMS Remote Control program is installed with insecure permissions, which allows local users to gain privileges by modifying or replacing the program.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | systems_management_server | 2.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:systems_management_server:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "43E8A8EF-B54F-4413-9BC8-A6A479951313",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The SMS Remote Control program is installed with insecure permissions, which allows local users to gain privileges by modifying or replacing the program."
}
],
"id": "CVE-2000-0100",
"lastModified": "2024-11-20T23:31:43.283",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "1999-12-29T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://archives.neohapsis.com/archives/ntbugtraq/current/0045.html"
},
{
"source": "cve@mitre.org",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-012"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/ntbugtraq/current/0045.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-012"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}