Internet Explorer 4.x or 5.x with Word 97 allows arbitrary execution of Visual Basic programs to the IE client through the Word 97 template, which doesn't warn the user that the template contains executable content. Also applies to Outlook when the client views a malicious email message.

rpc.pcnfsd in HP gives remote root access by changing the permissions on the main printer spool directory.

ControlIT 4.5 and earlier (aka Remotely Possible) has weak password encryption.

FTP PASV "Pizza Thief" denial of service and unauthorized data access. Attackers can steal data by connecting to a port that was intended for use by a client.

Race condition in the db_loader program in ClearCase gives local users root access by setting SUID bits.

A buffer overflow in the FTP list (ls) command in IIS allows remote attackers to conduct a denial of service and, in some cases, execute arbitrary commands.

IIS ASP caching problem releases sensitive information when two virtual servers share the same physical directory.

Internet Explorer 4.01 allows remote attackers to read local files and spoof web pages via a "%01" character in an "about:" Javascript URL, which causes Internet Explorer to use the domain specified after the character.

CGI PHP mlog script allows an attacker to read any file on the target server.

Jolt ICMP attack causes a denial of service in Windows 95 and Windows NT systems.

NT users can gain debug-level access on a system process using the Sechole exploit.

A malicious Palace server can force a client to execute arbitrary programs.

Linux PAM modules allow local users to gain root access using temporary files.

Buffer overflow in the Linux mail program "deliver" allows local users to gain root access.

Buffer overflow in Linux Slackware crond program allows local users to gain root access.

Buffer overflow in the libauth library in Solaris allows local users to gain additional privileges, possibly root access.

AIX Licensed Program Product performance tools allow local users to gain root access.

AIX batch queue (bsh) allows local and remote users to gain additional privileges when network printing is enabled.

Buffer overflow in mstm in HP-UX allows local users to gain root access.

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-1999-0032. Reason: This candidate is a duplicate of CVE-1999-0032. Notes: All CVE users should reference CVE-1999-0032 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage