CVE-2002-1705
published 2002-12-31CVE-2002-1705: Microsoft Internet Explorer 5.5 through 6.0 allows remote attackers to cause a denial of service (crash) via a Cascading Style Sheet (CSS) with the p{cssText}…
PriorityP411medium5CVSS 2.0
AVNACLAuNCNINAP
EXPLOIT
EPSS
17.63%
96.8th percentile
Microsoft Internet Explorer 5.5 through 6.0 allows remote attackers to cause a denial of service (crash) via a Cascading Style Sheet (CSS) with the p{cssText} element declared and a bold font weight.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | internet_explorer | — | — |
| microsoft | internet_explorer | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Microsoft Internet Explorer 5/6 - CSSText Bold Font Denial of Service
exploitdb·2002-06-15
CVE-2002-1705 Microsoft Internet Explorer 5/6 - CSSText Bold Font Denial of Service
Microsoft Internet Explorer 5/6 - CSSText Bold Font Denial of Service
---
source: https://www.securityfocus.com/bid/5027/info
A problem with Microsoft Internet Explorer may make it possible to deny service to users of the browser. The problem is in the handling of certain types of stylesheet input.
It may be possible to crash IE. When IE encounters a style sheet with the p{cssText} element declared, and a font weight of bold is specified, the browser crashes. This could be used as a denial of service attack.
p{cssText: font-weight: bold;}
Exploit-DB
Cisco Secure ACS for Windows NT 2.42 - Remote Buffer Overflow
exploitdb·2000-09-21
CVE-2000-1054 Cisco Secure ACS for Windows NT 2.42 - Remote Buffer Overflow
Cisco Secure ACS for Windows NT 2.42 - Remote Buffer Overflow
---
source: https://www.securityfocus.com/bid/1705/info
Depending on the data entered, CiscoSecure ACS for Windows NT can be made to crash or arbitrary code execution can be made possible if an unusually long packet is sent to port 2002.
If the application were to crash due to an oversized packet, the CSadmin Module would automatically restart after one minute in versions 2.3x and higher. Existing sessions would re-establish although they would need to be authenticated again. In prior versions, a restart is required in order to regain normal functionality.
#!/usr/bin/perl
##
# Cisco Global Exploiter
#
# Legal notes :
# The BlackAngels staff refuse all responsabilities
# for an incorrect or illegal use of this software
# or
No writeups or analysis indexed.
http://online.securityfocus.com/archive/1/277133http://online.securityfocus.com/archive/1/277140/2002-12-07/2002-12-13/2http://www.securityfocus.com/bid/5027https://exchange.xforce.ibmcloud.com/vulnerabilities/9367http://online.securityfocus.com/archive/1/277133http://online.securityfocus.com/archive/1/277140/2002-12-07/2002-12-13/2http://www.securityfocus.com/bid/5027https://exchange.xforce.ibmcloud.com/vulnerabilities/9367
2002-12-31
Published