Systems Management Server
by Microsoft
CVEs (4)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2004-0728 | 0.06 | — | 0.38 | Jul 27, 2004 | The Remote Control Client service in Microsoft's Systems Management Server (SMS) 2.50.2726.0 allows remote attackers to cause a denial of service (crash) via a data packet to TCP port 2702 that causes the server to read or write to an invalid memory address. | |||
| CVE-2012-2536 | 0.04 | — | 0.44 | Sep 11, 2012 | Cross-site scripting (XSS) vulnerability in Microsoft Systems Management Server 2003 SP3 and System Center Configuration Manager 2007 SP2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Reflected XSS Vulnerability." | |||
| CVE-2000-0100 | 0.03 | — | 0.01 | Dec 29, 1999 | The SMS Remote Control program is installed with insecure permissions, which allows local users to gain privileges by modifying or replacing the program. | |||
| CVE-2000-0885 | 0.02 | — | 0.25 | Dec 19, 2000 | Buffer overflows in Microsoft Network Monitor (Netmon) allow remote attackers to execute arbitrary commands via a long Browser Name in a CIFS Browse Frame, a long SNMP community name, or a long username or filename in an SMB session, aka the "Netmon Protocol Parsing" vulnerability. NOTE: It is highly likely that this candidate will be split into multiple candidates. |
- CVE-2004-0728Jul 27, 2004risk 0.06cvss —epss 0.38
The Remote Control Client service in Microsoft's Systems Management Server (SMS) 2.50.2726.0 allows remote attackers to cause a denial of service (crash) via a data packet to TCP port 2702 that causes the server to read or write to an invalid memory address.
- CVE-2012-2536Sep 11, 2012risk 0.04cvss —epss 0.44
Cross-site scripting (XSS) vulnerability in Microsoft Systems Management Server 2003 SP3 and System Center Configuration Manager 2007 SP2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Reflected XSS Vulnerability."
- CVE-2000-0100Dec 29, 1999risk 0.03cvss —epss 0.01
The SMS Remote Control program is installed with insecure permissions, which allows local users to gain privileges by modifying or replacing the program.
- CVE-2000-0885Dec 19, 2000risk 0.02cvss —epss 0.25
Buffer overflows in Microsoft Network Monitor (Netmon) allow remote attackers to execute arbitrary commands via a long Browser Name in a CIFS Browse Frame, a long SNMP community name, or a long username or filename in an SMB session, aka the "Netmon Protocol Parsing" vulnerability. NOTE: It is highly likely that this candidate will be split into multiple candidates.