CVE-2000-0979 : Détail

Le modèle EPSS produit un score de probabilité compris entre 0 et 1 (0 et 100 %). Plus la note est élevée, plus la probabilité qu'une vulnérabilité soit exploitée est grande.

Le percentile est utilisé pour classer les CVE en fonction de leur score EPSS. Par exemple, une CVE dans le 95e percentile selon son score EPSS est plus susceptible d'être exploitée que 95 % des autres CVE. Ainsi, le percentile sert à comparer le score EPSS d'une CVE par rapport à d'autres CVE.

source: https://www.securityfocus.com/bid/1780/info Share level password protection for the File and Print Sharing service in Windows 95/98/ME can be bypassed. Share level access provides peer to peer networking capabilities in the Windows 9x/ME environment. It depends on password protection in order to grant or deny access to resources. Due to a flaw in the implementation of File and Print Sharing security, a remote intruder could access share level protected resources without entering a complete password by programatically modifying the data length of the password. The flaw is due to the NetBIOS implementation in the password verification scheme share level access utilizes. The password length is compared to the length of data sent during the password verification process. If the password was programatically set to be 1 byte, then only the first byte would be verified. If a remote attacker was able to correctly guess the value of the first byte of the password on the target machine, access would be granted to the share level protected resource. Windows 9x remote administration is also affected by this vulnerability because it uses the same authentication scheme. Successful exploitation of this vulnerability could lead to the retrieval, modification, addition, and deletion of files residing on a file or print share. https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/20283.zip

source: https://www.securityfocus.com/bid/1780/info Share level password protection for the File and Print Sharing service in Windows 95/98/ME can be bypassed. Share level access provides peer to peer networking capabilities in the Windows 9x/ME environment. It depends on password protection in order to grant or deny access to resources. Due to a flaw in the implementation of File and Print Sharing security, a remote intruder could access share level protected resources without entering a complete password by programatically modifying the data length of the password. The flaw is due to the NetBIOS implementation in the password verification scheme share level access utilizes. The password length is compared to the length of data sent during the password verification process. If the password was programatically set to be 1 byte, then only the first byte would be verified. If a remote attacker was able to correctly guess the value of the first byte of the password on the target machine, access would be granted to the share level protected resource. Windows 9x remote administration is also affected by this vulnerability because it uses the same authentication scheme. Successful exploitation of this vulnerability could lead to the retrieval, modification, addition, and deletion of files residing on a file or print share. https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/20284.tar.gz