CVE-2002-1248
published 2002-11-12CVE-2002-1248: Northern Solutions Xeneo Web Server 2.1.0.0, 2.0.759.6, and other versions before 2.1.5 allows remote attackers to cause a denial of service (crash) via a GET…
PriorityP416medium5CVSS 2.0
AVNACLAuNCNINAP
EXPLOIT
EPSS
3.24%
86.7th percentile
Northern Solutions Xeneo Web Server 2.1.0.0, 2.0.759.6, and other versions before 2.1.5 allows remote attackers to cause a denial of service (crash) via a GET request for a "%" URI.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| northern_solutions | xeneo_web_server | — | — |
| northern_solutions | xeneo_web_server | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Microsoft Excel - WOPT Record Parsing Heap Memory Corruption
exploitdb·2010-09-21·CVSS 9.3
CVE-2010-1248 [CRITICAL] Microsoft Excel - WOPT Record Parsing Heap Memory Corruption
Microsoft Excel - WOPT Record Parsing Heap Memory Corruption
---
'''
__ __ ____ _ _ ____
| \/ |/ __ \ /\ | | | | _ \
| \ / | | | | / \ | | | | |_) |
| |\/| | | | |/ /\ \| | | | _ < (day 21 binary analysis)
| | | | |__| / ____ \ |__| | |_) |
|_| |_|\____/_/ \_\____/|____/
'''
Title : Microsoft Excel WOPT Record Parsing Heap Memory Corruption
Version : Excel 2002 SP3
Analysis : http://www.abysssec.com
Vendor : http://www.microsoft.com
Impact : High
Contact : shahin [at] abysssec.com , info [at] abysssec.com
Twitter : @abysssec
CVE : CVE-2010-1248
here is BA : http://www.exploit-db.com/moaub-21-microsoft-excel-wopt-record-parsing-heap-memory-corruption/
here is the PoC : https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/15065.rar (moaub-21-exploit.rar)
Exploit-DB
Microsoft Excel - HFPicture Record Parsing Remote Code Execution
exploitdb·2010-09-16·CVSS 9.3
CVE-2010-1248 [CRITICAL] Microsoft Excel - HFPicture Record Parsing Remote Code Execution
Microsoft Excel - HFPicture Record Parsing Remote Code Execution
---
'''
__ __ ____ _ _ ____
| \/ |/ __ \ /\ | | | | _ \
| \ / | | | | / \ | | | | |_) |
| |\/| | | | |/ /\ \| | | | _ < (day 16 binary anlysis)
| | | | |__| / ____ \ |__| | |_) |
|_| |_|\____/_/ \_\____/|____/
'''
Title : Microsoft Excel HFPicture Record Parsing Remote Code Execution Vulnerability
Version : Excel 2002 SP3
Analysis : http://www.abysssec.com
Vendor : http://www.microsoft.com
Impact : High
Contact : shahin [at] abysssec.com , info [at] abysssec.com
Twitter : @abysssec
CVE : CVE-2010-1248
here is BA : http://www.exploit-db.com/maoub-16-microsoft-excel-hfpicture-record-parsing-remote-code-execution-vulnerability/
here is the PoC : https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploit
Exploit-DB
Northern Solutions Xeneo Web Server 2.1/2.2 - Denial of Service
exploitdb·2002-11-04
CVE-2002-1248 Northern Solutions Xeneo Web Server 2.1/2.2 - Denial of Service
Northern Solutions Xeneo Web Server 2.1/2.2 - Denial of Service
---
source: https://www.securityfocus.com/bid/6098/info
A denial of service vulnerability has been reported for Xeneo web server. When the web server processes a malformed HTTP request, it will crash and lead to the denial of service condition.
http://www.example.com/%
http://www.example.com/%A
No writeups or analysis indexed.
http://marc.info/?l=bugtraq&m=103642597302308&w=2http://www.idefense.com/advisory/11.04.02b.txthttp://www.iss.net/security_center/static/10534.phphttp://www.securityfocus.com/bid/6098http://marc.info/?l=bugtraq&m=103642597302308&w=2http://www.idefense.com/advisory/11.04.02b.txthttp://www.iss.net/security_center/static/10534.phphttp://www.securityfocus.com/bid/6098
2002-11-12
Published