Vulnerabilities (CVE)

Filtered by vendor Microsoft Subscribe
Total 19143 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2006-6901 1 Microsoft 1 Windows 2003 Server 2023-12-10 10.0 HIGH N/A
Unspecified vulnerability in the Bluetooth stack in Microsoft Windows allows remote attackers to gain administrative access (aka Remote Root) via unspecified vectors.
CVE-2007-6534 1 Microsoft 1 Publisher 2023-12-10 6.8 MEDIUM N/A
Multiple unspecified vulnerabilities in Microsoft Office Publisher allow user-assisted remote attackers to cause a denial of service (application crash) via a crafted PUB file, possibly involving wordart.
CVE-2008-0296 2 Microsoft, Videolan 2 Windows, Vlc Media Player 2023-12-10 10.0 HIGH N/A
Heap-based buffer overflow in the libaccess_realrtsp plugin in VideoLAN VLC Media Player 0.8.6d and earlier on Windows might allow remote RTSP servers to cause a denial of service (application crash) or execute arbitrary code via a long string.
CVE-2007-3109 1 Microsoft 2 Frontpage, Office 2023-12-10 6.4 MEDIUM N/A
The CERN Image Map Dispatcher (htimage.exe) in Microsoft FrontPage allows remote attackers to determine the existence, and possibly partial contents, of arbitrary files under the web root via a relative pathname in the PATH_INFO.
CVE-2006-2380 1 Microsoft 1 Windows 2000 2023-12-10 4.3 MEDIUM N/A
Microsoft Windows 2000 SP4 does not properly validate an RPC server during mutual authentication over SSL, which allows remote attackers to spoof an RPC server, aka the "RPC Mutual Authentication Vulnerability."
CVE-2005-2118 1 Microsoft 3 Windows 2000, Windows 2003 Server, Windows Xp 2023-12-10 5.1 MEDIUM N/A
Windows Shell for Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 allows remote user-assisted attackers to execute arbitrary commands via a crafted shortcut (.lnk) file with long font properties that lead to a buffer overflow when the user views the file's properties using Windows Explorer, a different vulnerability than CVE-2005-2122.
CVE-2006-3059 1 Microsoft 2 Excel, Excel Viewer 2023-12-10 9.3 HIGH N/A
Unspecified vulnerability in Microsoft Excel 2000 through 2004 allows remote user-assisted attackers to execute arbitrary code via unspecified vectors. NOTE: this is a different vulnerability than CVE-2006-3086.
CVE-2004-1133 1 Microsoft 1 W3who.dll 2023-12-10 6.8 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in Microsoft W3Who ISAPI (w3who.dll) allow remote attackers to inject arbitrary HTML and web script via (1) HTTP headers such as "Connection" or (2) invalid parameters whose values are echoed in the resulting error message.
CVE-2005-1792 1 Microsoft 1 Windows Xp 2023-12-10 5.0 MEDIUM N/A
Memory leak in Windows Management Instrumentation (WMI) service allows attackers to cause a denial of service (memory consumption and crash) by creating security contexts more quickly than they can be cleared from the RPC cache.
CVE-2006-3280 1 Microsoft 1 Internet Explorer 2023-12-10 7.5 HIGH N/A
Cross-domain vulnerability in Microsoft Internet Explorer 6.0 allows remote attackers to access restricted information from other domains via an object tag with a data parameter that references a link on the attacker's originating site that specifies a Location HTTP header that references the target site, which then makes that content available through the outerHTML attribute of the object, aka "Redirect Cross-Domain Information Disclosure Vulnerability."
CVE-2006-1626 1 Microsoft 2 Internet Explorer, Windows Xp 2023-12-10 4.3 MEDIUM N/A
Internet Explorer 6 for Windows XP SP2 and earlier allows remote attackers to spoof the address bar and possibly conduct phishing attacks by re-opening the window to a malicious Shockwave Flash application, then changing the window location back to a trusted URL while the Flash application is still loading. NOTE: this is a different vulnerability than CVE-2006-1192.
CVE-2005-2087 1 Microsoft 2 Ie, Internet Explorer 2023-12-10 5.0 MEDIUM N/A
Internet Explorer 5.01 SP4 up to 6 on various Windows operating systems, including IE 6.0.2900.2180 on Windows XP, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a web page with embedded CLSIDs that reference certain COM objects that are not ActiveX controls, as demonstrated using the JVIEW Profiler (Javaprxy.dll). NOTE: the researcher says that the vendor could not reproduce this problem.
CVE-2005-0049 1 Microsoft 2 Sharepoint Portal Server, Sharepoint Team Services 2023-12-10 4.3 MEDIUM N/A
Windows SharePoint Services and SharePoint Team Services for Windows Server 2003 does not properly validate an HTTP redirection query, which allows remote attackers to inject arbitrary HTML and web script via a cross-site scripting (XSS) attack, or to spoof the web cache.
CVE-2006-0010 1 Microsoft 7 Windows 2000, Windows 2003 Server, Windows 98 and 4 more 2023-12-10 9.3 HIGH N/A
Heap-based buffer overflow in T2EMBED.DLL in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 up to SP1, Windows 98, and Windows ME allows remote attackers to execute arbitrary code via an e-mail message or web page with a crafted Embedded Open Type (EOT) web font that triggers the overflow during decompression.
CVE-2006-3659 1 Microsoft 2 Ie, Internet Explorer 2023-12-10 5.0 MEDIUM N/A
Microsoft Internet Explorer 6 allows remote attackers to cause a denial of service (crash) by setting the location or URL property of a MHTMLFile ActiveX object.
CVE-2006-2373 1 Microsoft 3 Windows 2000, Windows Server 2003, Windows Xp 2023-12-10 10.0 HIGH N/A
The Server Message Block (SMB) driver (MRXSMB.SYS) in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows local users to execute arbitrary code by calling the MrxSmbCscIoctlOpenForCopyChunk function with the METHOD_NEITHER method flag and an arbitrary address, possibly for kernel memory, aka the "SMB Driver Elevation of Privilege Vulnerability."
CVE-2004-2289 1 Microsoft 1 Windows Xp 2023-12-10 10.0 HIGH N/A
Microsoft Windows XP Explorer allows local users to execute arbitrary code via a system folder with a Desktop.ini file containing a .ShellClassInfo specifier with a CLSID value that is associated with an executable file.
CVE-2005-0550 1 Microsoft 3 Windows 2000, Windows 2003 Server, Windows Xp 2023-12-10 2.1 LOW N/A
Buffer overflow in Microsoft Windows 2000, Windows XP SP1 and SP2, and Windows Server 2003 allows local users to cause a denial of service (i.e., system crash) via a malformed request, aka "Object Management Vulnerability".
CVE-2005-0921 1 Microsoft 1 Outlook Connector 2023-12-10 4.6 MEDIUM N/A
Microsoft Outlook 2002 Connector for IBM Lotus Domino 2.0 allows local users to save passwords and login credentials locally, even when password caching is disabled by a group policy.
CVE-2006-0935 1 Microsoft 1 Word 2023-12-10 2.6 LOW N/A
Microsoft Word 2003 allows remote attackers to cause a denial of service (application crash) via a crafted file, as demonstrated by 101_filefuzz.