Microsoft Proxy Server vulnerabilities

5 known vulnerabilities affecting microsoft/proxy_server.

Total CVEs

5

CISA KEV

0

Public exploits

2

Exploited in wild

0

Severity breakdown

CRITICAL1HIGH2MEDIUM2

Vulnerabilities

Page 1 of 1

CVE-2004-0892HIGHCVSS 7.5v2.02005-01-27

CVE-2004-0892 [HIGH] CVE-2004-0892: Microsoft Proxy Server 2.0 and Microsoft ISA Server 2000 (which is included in Small Business Server Microsoft Proxy Server 2.0 and Microsoft ISA Server 2000 (which is included in Small Business Server 2000 and Small Business Server 2003 Premium Edition) allows remote attackers to spoof trusted Internet content on a specially crafted webpage via spoofed reverse DNS lookup results.

CVE-2003-0819CRITICALCVSS 10.0v2.02004-02-17

CVE-2003-0819 [CRITICAL] CWE-119 CVE-2003-0819: Buffer overflow in the H.323 filter of Microsoft Internet Security and Acceleration Server 2000 allo Buffer overflow in the H.323 filter of Microsoft Internet Security and Acceleration Server 2000 allows remote attackers to execute arbitrary code in the Microsoft Firewall Service via certain H.323 traffic, as demonstrated by the NISCC/OUSPG PROTOS test suite for the H.225 protocol.

CVE-2003-0110MEDIUMCVSS 5.0v2.02003-05-05

CVE-2003-0110 [MEDIUM] CVE-2003-0110: The Winsock Proxy service in Microsoft Proxy Server 2.0 and the Microsoft Firewall service in Intern The Winsock Proxy service in Microsoft Proxy Server 2.0 and the Microsoft Firewall service in Internet Security and Acceleration (ISA) Server 2000 allow remote attackers to cause a denial of service (CPU consumption or packet storm) via a spoofed, malformed packet to UDP port 1745.

CVE-2002-0371HIGHCVSS 7.5PoCv2.02002-07-03

CVE-2002-0371 [HIGH] CVE-2002-0371: Buffer overflow in gopher client for Microsoft Internet Explorer 5.1 through 6.0, Proxy Server 2.0, Buffer overflow in gopher client for Microsoft Internet Explorer 5.1 through 6.0, Proxy Server 2.0, or ISA Server 2000 allows remote attackers to execute arbitrary code via a gopher:// URL that redirects the user to a real or simulated gopher server that sends a long response.

CVE-2000-0246MEDIUMCVSS 5.0PoCv2.02000-03-30

CVE-2000-0246 [MEDIUM] CVE-2000-0246: IIS 4.0 and 5.0 does not properly perform ISAPI extension processing if a virtual directory is mappe IIS 4.0 and 5.0 does not properly perform ISAPI extension processing if a virtual directory is mapped to a UNC share, which allows remote attackers to read the source code of ASP and other files, aka the "Virtualized UNC Share" vulnerability.