Filtered by vendor Microsoft
Subscribe
Total
19158 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-0054 | 1 Microsoft | 2 Ie, Internet Explorer | 2023-12-10 | 5.1 MEDIUM | N/A |
| Internet Explorer 5.01, 5.5, and 6 allows remote attackers to spoof a less restrictive security zone and execute arbitrary code via an HTML page containing URLs that contain hostnames that have been double hex encoded, which are decoded twice to generate a malicious hostname, aka the "URL Decoding Zone Spoofing Vulnerability." | |||||
| CVE-2006-3649 | 1 Microsoft | 1 Visual Basic | 2023-12-10 | 5.1 MEDIUM | N/A |
| Buffer overflow in Microsoft Visual Basic for Applications (VBA) SDK 6.0 through 6.4, as used by Microsoft Office 2000 SP3, Office XP SP3, Project 2000 SR1, Project 2002 SP1, Access 2000 Runtime SP3, Visio 2002 SP2, and Works Suite 2004 through 2006, allows user-assisted attackers to execute arbitrary code via unspecified document properties that are not verified when VBA is invoked to open documents. | |||||
| CVE-2006-0488 | 1 Microsoft | 3 Windows 2000, Windows 2003 Server, Windows Xp | 2023-12-10 | 2.1 LOW | N/A |
| The VDM (Virtual DOS Machine) emulation environment for MS-DOS applications in Windows 2000, Windows XP SP2, and Windows Server 2003 allows local users to read the first megabyte of memory and possibly obtain sensitive information, as demonstrated by dumper.asm. | |||||
| CVE-2004-0894 | 1 Microsoft | 3 Windows 2000, Windows 2003 Server, Windows Xp | 2023-12-10 | 7.2 HIGH | N/A |
| LSASS (Local Security Authority Subsystem Service) of Windows 2000 Server and Windows Server 2003 does not properly validate connection information, which allows local users to gain privileges via a specially-designed program. | |||||
| CVE-2006-1189 | 1 Microsoft | 1 Internet Explorer | 2023-12-10 | 10.0 HIGH | N/A |
| Buffer overflow in URLMON.DLL in Microsoft Internet Explorer 5.01 through 6 allows remote attackers to execute arbitrary code via a crafted URL with an International Domain Name (IDN) using double-byte character sets (DBCS), aka the "Double Byte Character Parsing Memory Corruption Vulnerability." | |||||
| CVE-2006-4219 | 1 Microsoft | 1 Ie | 2023-12-10 | 7.5 HIGH | N/A |
| The Terminal Services COM object (tsuserex.dll) allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by instantiating it as an ActiveX object in Internet Explorer 6.0 SP1 on Microsoft Windows 2003 EE SP1 CN. | |||||
| CVE-2006-0005 | 1 Microsoft | 7 Windows-nt, Windows 2000, Windows 2000 Advanced Server and 4 more | 2023-12-10 | 9.3 HIGH | N/A |
| Buffer overflow in the plug-in for Microsoft Windows Media Player (WMP) 9 and 10, when used in browsers other than Internet Explorer and set as the default application to handle media files, allows remote attackers to execute arbitrary code via HTML with an EMBED element containing a long src attribute. | |||||
| CVE-2005-3483 | 2 Graphon, Microsoft | 2 Go-global, Windows | 2023-12-10 | 7.5 HIGH | N/A |
| Buffer overflow in GO-Global for Windows 3.1.0.3270 and earlier allows remote attackers to execute arbitrary code via a data block that is longer than the specified data block size. | |||||
| CVE-2005-0045 | 1 Microsoft | 4 Windows 2000, Windows 2003 Server, Windows Nt and 1 more | 2023-12-10 | 7.5 HIGH | N/A |
| The Server Message Block (SMB) implementation for Windows NT 4.0, 2000, XP, and Server 2003 does not properly validate certain SMB packets, which allows remote attackers to execute arbitrary code via Transaction responses containing (1) Trans or (2) Trans2 commands, aka the "Server Message Block Vulnerability," and as demonstrated using Trans2 FIND_FIRST2 responses with large file name length fields. | |||||
| CVE-2005-1184 | 1 Microsoft | 5 Windows 2000, Windows 2003 Server, Windows 98se and 2 more | 2023-12-10 | 5.0 MEDIUM | N/A |
| The TCP/IP stack in multiple operating systems allows remote attackers to cause a denial of service (CPU consumption) via a TCP packet with the correct sequence number but the wrong Acknowledgement number, which generates a large number of "keep alive" packets. NOTE: some followups indicate that this issue could not be replicated. | |||||
| CVE-2006-4066 | 1 Microsoft | 1 Windows Xp | 2023-12-10 | 2.6 LOW | N/A |
| The Graphical Device Interface Plus library (gdiplus.dll) in Microsoft Windows XP SP2 allows context-dependent attackers to cause a denial of service (application crash) via certain images that trigger a divide-by-zero error, as demonstrated by a (1) .ico file, (2) .png file that crashes MSN Messenger, and (3) .jpg file that crashes Internet Explorer. NOTE: another researcher has not been able to reproduce this issue. | |||||
| CVE-2005-4842 | 1 Microsoft | 1 Internet Explorer | 2023-12-10 | 7.1 HIGH | N/A |
| The System Monitor Source Properties control allows remote attackers to cause a denial of service (Internet Explorer crash) by creating a COM object of the class associated with the control's CLSID, which is not intended for use within Internet Explorer. | |||||
| CVE-2005-1218 | 1 Microsoft | 3 Windows 2000, Windows 2003 Server, Windows Xp | 2023-12-10 | 5.0 MEDIUM | N/A |
| The Microsoft Windows kernel in Microsoft Windows 2000 Server, Windows XP, and Windows Server 2003 allows remote attackers to cause a denial of service (crash) via crafted Remote Desktop Protocol (RDP) requests. | |||||
| CVE-2004-0571 | 1 Microsoft | 7 Windows 2000, Windows 2003 Server, Windows 98 and 4 more | 2023-12-10 | 10.0 HIGH | N/A |
| Microsoft Word for Windows 6.0 Converter does not properly validate certain data lengths, which allows remote attackers to execute arbitrary code via a .wri, .rtf, and .doc file sent by email or malicious web site, aka "Table Conversion Vulnerability," a different vulnerability than CVE-2004-0901. | |||||
| CVE-2005-0551 | 1 Microsoft | 3 Windows 2000, Windows 2003 Server, Windows Xp | 2023-12-10 | 10.0 HIGH | N/A |
| Stack-based buffer overflow in WINSRV.DLL in the Client Server Runtime System (CSRSS) process of Microsoft Windows 2000, Windows XP SP1 and SP2, and Windows Server 2003 allows local users to gain privileges via a specially-designed application that provides console window information with a long FaceName value. | |||||
| CVE-2005-0050 | 1 Microsoft | 3 Windows 2000, Windows 2003 Server, Windows Nt | 2023-12-10 | 10.0 HIGH | N/A |
| The License Logging service for Windows NT Server, Windows 2000 Server, and Windows Server 2003 does not properly validate the length of messages, which leads to an "unchecked buffer" and allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, aka the "License Logging Service Vulnerability." | |||||
| CVE-2005-2940 | 1 Microsoft | 1 Antispyware | 2023-12-10 | 7.2 HIGH | N/A |
| Unquoted Windows search path vulnerability in Microsoft Antispyware 1.0.509 (Beta 1) might allow local users to gain privileges via a malicious "program.exe" file in the C: folder, involving the programs (1) GIANTAntiSpywareMain.exe, (2) gcASNotice.exe, (3) gcasServ.exe, (4) gcasSWUpdater.exe, or (5) GIANTAntiSpywareUpdater.exe. NOTE: it is not clear whether this overlaps CVE-2005-2935. | |||||
| CVE-2004-0978 | 1 Microsoft | 7 Internet Explorer, Windows 2000, Windows 98se and 4 more | 2023-12-10 | 10.0 HIGH | N/A |
| Heap-based buffer overflow in the Hrtbeat.ocx (Heartbeat) ActiveX control for Internet Explorer 5.01 through 6, when users who visit online gaming sites that are associated with MSN, allows remote attackers to execute arbitrary code via the SetupData parameter. | |||||
| CVE-2004-2365 | 1 Microsoft | 2 Windows 2003 Server, Windows Xp | 2023-12-10 | 2.1 LOW | N/A |
| Memory leak in Microsoft Windows XP and Windows Server 2003 allows local users to cause a denial of service (memory exhaustion) by repeatedly creating and deleting directories using a non-standard tool such as smbmount. | |||||
| CVE-2006-2370 | 1 Microsoft | 3 Windows 2000, Windows 2003 Server, Windows Xp | 2023-12-10 | 7.5 HIGH | N/A |
| Buffer overflow in the Routing and Remote Access service (RRAS) in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows remote unauthenticated or authenticated attackers to execute arbitrary code via certain crafted "RPC related requests," aka the "RRAS Memory Corruption Vulnerability." | |||||