Filtered by vendor Microsoft
Subscribe
Total
19159 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2002-0615 | 1 Microsoft | 2 Excel, Office | 2023-12-10 | 7.5 HIGH | N/A |
| The Windows Media Active Playlist in Microsoft Windows Media Player 7.1 stores information in a well known location on the local file system, allowing attackers to execute HTML scripts in the Local Computer zone, aka "Media Playback Script Invocation". | |||||
| CVE-1999-1011 | 1 Microsoft | 4 Data Access Components, Index Server, Internet Information Server and 1 more | 2023-12-10 | 10.0 HIGH | N/A |
| The Remote Data Service (RDS) DataFactory component of Microsoft Data Access Components (MDAC) in IIS 3.x and 4.x exposes unsafe methods, which allows remote attackers to execute arbitrary commands. | |||||
| CVE-2001-0017 | 1 Microsoft | 1 Windows Nt | 2023-12-10 | 5.0 MEDIUM | N/A |
| Memory leak in PPTP server in Windows NT 4.0 allows remote attackers to cause a denial of service via a malformed data packet, aka the "Malformed PPTP Packet Stream" vulnerability. | |||||
| CVE-2002-0147 | 1 Microsoft | 2 Internet Information Server, Internet Information Services | 2023-12-10 | 7.5 HIGH | N/A |
| Buffer overflow in the ASP data transfer mechanism in Internet Information Server (IIS) 4.0, 5.0, and 5.1 allows remote attackers to cause a denial of service or execute code, aka "Microsoft-discovered variant of Chunked Encoding buffer overrun." | |||||
| CVE-2000-0464 | 1 Microsoft | 1 Internet Explorer | 2023-12-10 | 7.6 HIGH | N/A |
| Internet Explorer 4.x and 5.x allows remote attackers to execute arbitrary commands via a buffer overflow in the ActiveX parameter parsing capability, aka the "Malformed Component Attribute" vulnerability. | |||||
| CVE-2002-0155 | 1 Microsoft | 3 Msn Chat Control, Msn Messenger, Msn Messenger Service For Exchange | 2023-12-10 | 7.5 HIGH | N/A |
| Buffer overflow in Microsoft MSN Chat ActiveX Control, as used in MSN Messenger 4.5 and 4.6, and Exchange Instant Messenger 4.5 and 4.6, allows remote attackers to execute arbitrary code via a long ResDLL parameter in the MSNChat OCX. | |||||
| CVE-1999-0725 | 1 Microsoft | 1 Internet Information Server | 2023-12-10 | 7.1 HIGH | N/A |
| When IIS is run with a default language of Chinese, Korean, or Japanese, it allows a remote attacker to view the source code of certain files, a.k.a. "Double Byte Code Page". | |||||
| CVE-2004-0118 | 1 Microsoft | 2 Windows 2000, Windows Nt | 2023-12-10 | 7.2 HIGH | N/A |
| The component for the Virtual DOS Machine (VDM) subsystem in Windows NT 4.0 and Windows 2000 does not properly validate system structures, which allows local users to access protected kernel memory and execute arbitrary code. | |||||
| CVE-1999-1365 | 1 Microsoft | 1 Windows Nt | 2023-12-10 | 7.2 HIGH | N/A |
| Windows NT searches a user's home directory (%systemroot% by default) before other directories to find critical programs such as NDDEAGNT.EXE, EXPLORER.EXE, USERINIT.EXE or TASKMGR.EXE, which could allow local users to bypass access restrictions or gain privileges by placing a Trojan horse program into the root directory, which is writable by default. | |||||
| CVE-2002-2189 | 2 Activxperts Software, Microsoft | 2 Activwebserver, Windows 2003 Server | 2023-12-10 | 5.1 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in ActiveXperts Software ActiveWebserver allows remote attackers to execute arbitrary web script via a link. | |||||
| CVE-2003-1026 | 1 Microsoft | 2 Ie, Internet Explorer | 2023-12-10 | 9.3 HIGH | N/A |
| Internet Explorer 5.01 through 6 SP1 allows remote attackers to bypass zone restrictions via a javascript protocol URL in a sub-frame, which is added to the history list and executed in the top window's zone when the history.back (back) function is called, as demonstrated by BackToFramedJpu, aka the "Travel Log Cross Domain Vulnerability." | |||||
| CVE-1999-1094 | 1 Microsoft | 1 Internet Explorer | 2023-12-10 | 7.5 HIGH | N/A |
| Buffer overflow in Internet Explorer 4.01 and earlier allows remote attackers to execute arbitrary commands via a long URL with the "mk:" protocol, aka the "MK Overrun security issue." | |||||
| CVE-1999-0917 | 1 Microsoft | 1 Internet Explorer | 2023-12-10 | 5.1 MEDIUM | N/A |
| The Preloader ActiveX control used by Internet Explorer allows remote attackers to read arbitrary files. | |||||
| CVE-2002-0136 | 1 Microsoft | 1 Internet Explorer | 2023-12-10 | 5.0 MEDIUM | N/A |
| Microsoft Internet Explorer 5.5 on Windows 98 allows remote web pages to cause a denial of service (hang) via extremely long values for form fields such as INPUT and TEXTAREA, which can be automatically filled via Javascript. | |||||
| CVE-2002-1139 | 1 Microsoft | 3 Windows 98 Plus Pack, Windows Me, Windows Xp | 2023-12-10 | 5.0 MEDIUM | N/A |
| The Compressed Folders feature in Microsoft Windows 98 with Plus! Pack, Windows Me, and Windows XP does not properly check the destination folder during the decompression of ZIP files, which allows attackers to place an executable file in a known location on a user's system, aka "Incorrect Target Path for Zipped File Decompression." | |||||
| CVE-2003-0663 | 1 Microsoft | 1 Windows 2000 | 2023-12-10 | 5.0 MEDIUM | N/A |
| Unknown vulnerability in the Local Security Authority Subsystem Service (LSASS) in Windows 2000 domain controllers allows remote attackers to cause a denial of service via a crafted LDAP message. | |||||
| CVE-2000-1088 | 1 Microsoft | 2 Data Engine, Sql Server | 2023-12-10 | 4.6 MEDIUM | N/A |
| The xp_SetSQLSecurity function in Microsoft SQL Server 2000 and SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP), which allows an attacker to cause a denial of service or execute arbitrary commands, aka the "Extended Stored Procedure Parameter Parsing" vulnerability. | |||||
| CVE-1999-1093 | 1 Microsoft | 1 Internet Explorer | 2023-12-10 | 5.1 MEDIUM | N/A |
| Buffer overflow in the Window.External function in the JScript Scripting Engine in Internet Explorer 4.01 SP1 and earlier allows remote attackers to execute arbitrary commands via a malicious web page. | |||||
| CVE-1999-0739 | 1 Microsoft | 1 Internet Information Server | 2023-12-10 | 5.0 MEDIUM | N/A |
| The codebrws.asp sample file in IIS and Site Server allows remote attackers to read arbitrary files. | |||||
| CVE-2000-1003 | 1 Microsoft | 3 Windows 95, Windows 98, Windows 98se | 2023-12-10 | 2.6 LOW | N/A |
| NETBIOS client in Windows 95 and Windows 98 allows a remote attacker to cause a denial of service by changing a file sharing service to return an unknown driver type, which causes the client to crash. | |||||