Microsoft Baseline Security Analyzer Vulnerability Exposing Sensitive Data
CVE-2002-1762

Currently unrated

Key Information:

Vendor: Microsoft
Status: Baseline Security Analyzer
Vendor: CVE Published:; 31 December 2002

Summary

Microsoft Baseline Security Analyzer (MBSA) 1.0 is susceptible to a vulnerability that allows sensitive system information to be stored in plaintext within the directory C:\Documents and Settings\username\SecurityScans. This exposure can be exploited by remote attackers using malicious active content, such as ActiveX controls or Java, enabling them to access the stored sensitive data. Proper security measures should be implemented to protect against unauthorized access to these security scan results to mitigate potential risks.

References

http://www.securityfocus.com/bid/4594

vdb-entryx_refsource_BID

http://online.securityfocus.com/archive/1/269408

mailing-listx_refsource_BUGTRAQ

https://exchange.xforce.ibmcloud.com/vulnerabilities/8947

vdb-entryx_refsource_XF

EPSS Score

7% chance of being exploited in the next 30 days.

Timeline

Vulnerability Reserved
Jun 21, 2005
Vulnerability published
Dec 31, 2002