- Buffer Overrun in Gopher Protocol Handler (CAN-2002-0646) (Note: Details on this candidate hadn't been posted on the CVE list at the time of this writing.)
- Buffer Overrun in Legacy Text Formatting ActiveX Control (CAN-2002-0647)
- XML File Reading via Redirect (CAN-2002-0648)
- File Origin Spoofing (CAN-2002-0722)
- Cross-Domain Verification in Object Tag (CAN-2002-0723)
- Variant of Cross-Site Scripting in Local HTML Resource (CAN-2002-0691)
This problem affects Windows 98, NT4, and all later versions of Windows. Cumulative IE Patch
This patch affects Internet Explorer versions 5.01, 5.5, and 6.0. All of the vulnerabilities apply to nearly all of these versions. Buffer Overrun in TSAC
To learn if this component is installed on your system(s), check out the detailed procedure in MS02-046. See the mitigating factors below for some more details about what is affected. Unchecked Buffer in Network Share Provider
This problem affects:
- Windows NT 4.0 Workstation, Server, and Terminal Server Edition.
- Windows 2000 Professional, Server, and Advanced Server.
- Windows XP Professional.
Affected software includes Microsoft Office Web Components 2000 and Office Web Components 2002. These are available by download but are already included with:
- BackOffice Server 2000
- BizTalk Server 2000
- BizTalk Server 2002
- Commerce Server 2000
- Commerce Server 2002
- Internet Security and Acceleration Server 2000
- Money 2002
- Money 2003
- Office 2000
- Office XP
- Project 2002
- Project Server 2002
- Small Business Server 2000
- Digital certificate deletion -- Critical for client systems, low for servers
- Cumulative Patch for Internet Explorer -- Critical for many of the vulnerabilities
- Buffer Overrun in TSAC -- Low for servers, moderate for clients
- Unchecked Buffer in Network Share Provider -- Low for all Internet servers, moderate for all intranet servers and client systems
- Unsafe Functions in Office Web Components -- Critical for clients, low to moderate for servers
