Filtered by vendor Microsoft
Subscribe
Total
22989 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2003-1028 | 1 Microsoft | 2 Ie, Internet Explorer | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The download function of Internet Explorer 6 SP1 allows remote attackers to obtain the cache directory name via an HTTP response with an invalid ContentType and a .htm file, which could allow remote attackers to bypass security mechanisms that rely on random names, as demonstrated by threadid10008.
|
|||||
| CVE-2005-4841 | 1 Microsoft | 1 Internet Explorer | 2025-04-03 | 7.1 HIGH | N/A |
|
The Outlook Progress Ctl control allows remote attackers to cause a denial of service (Internet Explorer crash) by creating a COM object of the class associated with the control's CLSID, which is not intended for use within Internet Explorer.
|
|||||
| CVE-2002-1795 | 1 Microsoft | 1 Tsac Activex Control | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in connect.asp in Microsoft Terminal Services Advanced Client (TSAC) ActiveX control allows remote attackers to inject arbitrary web script or HTML via unknown vectors.
|
|||||
| CVE-2005-3595 | 1 Microsoft | 1 Windows Xp | 2025-04-03 | 10.0 HIGH | N/A |
|
By default Microsoft Windows XP Home Edition installs with a blank password for the Administrator account, which allows remote attackers to gain control of the computer.
|
|||||
| CVE-1999-0119 | 1 Microsoft | 1 Windows Nt | 2025-04-03 | 10.0 HIGH | N/A |
|
Windows NT 4.0 beta allows users to read and delete shares.
|
|||||
| CVE-2000-0028 | 1 Microsoft | 2 Ie, Internet Explorer | 2025-04-03 | 2.6 LOW | N/A |
|
Internet Explorer 5.0 and 5.01 allows remote attackers to bypass the cross frame security policy and read files via the external.NavigateAndFind function.
|
|||||
| CVE-2006-0007 | 1 Microsoft | 1 Office | 2025-04-03 | 9.3 HIGH | N/A |
|
Buffer overflow in GIFIMP32.FLT, as used in Microsoft Office 2003 SP1 and SP2, Office XP SP3, Office 2000 SP3, and other products, allows user-assisted attackers to execute arbitrary code via a crafted GIF image that triggers memory corruption when it is parsed.
|
|||||
| CVE-2001-0807 | 1 Microsoft | 1 Internet Explorer | 2025-04-03 | 2.6 LOW | N/A |
|
Internet Explorer 5.0, and possibly other versions, may allow remote attackers (malicious web pages) to read known text files from a client's hard drive via a SCRIPT tag with a SRC value that points to the text file.
|
|||||
| CVE-2006-2380 | 1 Microsoft | 1 Windows 2000 | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Microsoft Windows 2000 SP4 does not properly validate an RPC server during mutual authentication over SSL, which allows remote attackers to spoof an RPC server, aka the "RPC Mutual Authentication Vulnerability."
|
|||||
| CVE-1999-0877 | 1 Microsoft | 1 Internet Explorer | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Internet Explorer 5 allows remote attackers to read files via an ExecCommand method called on an IFRAME.
|
|||||
| CVE-2002-1692 | 1 Microsoft | 1 Windows 95 | 2025-04-03 | 3.6 LOW | N/A |
|
Buffer overflow in backup utility of Microsoft Windows 95 allows attackers to execute arbitrary code by causing a filename with a long extension to be placed in a folder to be backed up.
|
|||||
| CVE-2005-0560 | 1 Microsoft | 1 Exchange Server | 2025-04-03 | 7.5 HIGH | N/A |
|
Heap-based buffer overflow in the SvrAppendReceivedChunk function in xlsasink.dll in the SMTP service of Exchange Server 2000 and 2003 allows remote attackers to execute arbitrary code via a crafted X-LINK2STATE extended verb request to the SMTP port.
|
|||||
| CVE-2005-0416 | 1 Microsoft | 7 Windows 2000, Windows 2003 Server, Windows 98 and 4 more | 2025-04-03 | 7.5 HIGH | N/A |
|
The Windows Animated Cursor (ANI) capability in Windows NT, Windows 2000 through SP4, Windows XP through SP1, and Windows 2003 allows remote attackers to execute arbitrary code via the AnimationHeaderBlock length field, which leads to a stack-based buffer overflow.
|
|||||
| CVE-2005-1211 | 1 Microsoft | 1 Internet Explorer | 2025-04-03 | 5.1 MEDIUM | N/A |
|
Buffer overflow in the PNG image rendering component of Microsoft Internet Explorer allows remote attackers to execute arbitrary code via a crafted PNG file.
|
|||||
| CVE-1999-0344 | 1 Microsoft | 1 Windows Nt | 2025-04-03 | 7.2 HIGH | N/A |
|
NT users can gain debug-level access on a system process using the Sechole exploit.
|
|||||
| CVE-2003-1437 | 6 Bea, Hp, Ibm and 3 more | 8 Weblogic Server, Hp-ux, Aix and 5 more | 2025-04-03 | 2.1 LOW | N/A |
|
BEA WebLogic Express and WebLogic Server 7.0 and 7.0.0.1, stores passwords in plaintext when a keystore is used to store a private key or trust certificate authorities, which allows local users to gain access.
|
|||||
| CVE-1999-0682 | 1 Microsoft | 1 Exchange Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Microsoft Exchange 5.5 allows a remote attacker to relay email (i.e. spam) using encapsulated SMTP addresses, even if the anti-relaying features are enabled.
|
|||||
| CVE-2000-0851 | 1 Microsoft | 1 Windows 2000 | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Buffer overflow in the Still Image Service in Windows 2000 allows local users to gain additional privileges via a long WM_USER message, aka the "Still Image Service Privilege Escalation" vulnerability.
|
|||||
| CVE-2000-0612 | 1 Microsoft | 2 Windows 95, Windows 98 | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Windows 95 and Windows 98 do not properly process spoofed ARP packets, which allows remote attackers to overwrite static entries in the cache table.
|
|||||
| CVE-2006-2384 | 1 Microsoft | 1 Internet Explorer | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Microsoft Internet Explorer 5.01 SP4 and 6 SP1 and earlier allows remote attackers to conduct spoofing and phishing attacks by using a modal browser window in a way that preserves the original address bar and trusted UI of a trusted site, even after the browser has been navigated to a malicious site, aka the "Address Bar Spoofing Vulnerability."
|
|||||
| CVE-2004-0719 | 1 Microsoft | 2 Ie, Internet Explorer | 2025-04-03 | 7.5 HIGH | N/A |
|
Internet Explorer for Mac 5.2.3, Internet Explorer 6 on Windows XP, and possibly other versions, does not properly prevent a frame in one domain from injecting content into a frame that belongs to another domain, which facilitates web site spoofing and other attacks, aka the frame injection vulnerability.
|
|||||
| CVE-2002-1718 | 1 Microsoft | 1 Internet Information Services | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Microsoft Internet Information Server (IIS) 5.1 may allow remote attackers to view the contents of a Frontpage Server Extension (FPSE) file, as claimed using an HTTP request for colegal.htm that contains .. (dot dot) sequences.
|
|||||
| CVE-2006-4066 | 1 Microsoft | 1 Windows Xp | 2025-04-03 | 2.6 LOW | N/A |
|
The Graphical Device Interface Plus library (gdiplus.dll) in Microsoft Windows XP SP2 allows context-dependent attackers to cause a denial of service (application crash) via certain images that trigger a divide-by-zero error, as demonstrated by a (1) .ico file, (2) .png file that crashes MSN Messenger, and (3) .jpg file that crashes Internet Explorer. NOTE: another researcher has not been able to reproduce this issue.
|
|||||
| CVE-1999-0827 | 2 Microsoft, Netscape | 3 Ie, Internet Explorer, Navigator | 2025-04-03 | 2.6 LOW | N/A |
|
By default, Internet Explorer 5.0 and other versions enables the "Navigate sub-frames across different domains" option, which allows frame spoofing.
|
|||||
| CVE-2006-1308 | 1 Microsoft | 2 Excel, Excel Viewer | 2025-04-03 | 9.3 HIGH | N/A |
|
Unspecified vulnerability in Microsoft Excel 2000 through 2004 allows user-assisted attackers to execute arbitrary code via a .xls file with a crafted FNGROUPCOUNT value.
|
|||||
| CVE-2003-0350 | 1 Microsoft | 1 Windows 2000 | 2025-04-03 | 4.6 MEDIUM | N/A |
|
The control for listing accessibility options in the Accessibility Utility Manager on Windows 2000 (ListView) does not properly handle Windows messages, which allows local users to execute arbitrary code via a "Shatter" style message to the Utility Manager that references a user-controlled callback function.
|
|||||
| CVE-2004-0842 | 2 Avaya, Microsoft | 7 Definity One Media Server, Ip600 Media Servers, Modular Messaging Message Storage Server and 4 more | 2025-04-03 | 7.5 HIGH | N/A |
|
Internet Explorer 6.0 SP1 and earlier, and possibly other versions, allows remote attackers to cause a denial of service (application crash from "memory corruption") via certain malformed Cascading Style Sheet (CSS) elements that trigger heap-based buffer overflows, as demonstrated using the "<STYLE>@;/*" string, possibly due to a missing comment terminator that may cause an invalid length to trigger a large memory copy operation, aka the "CSS Heap Memory Corruption Vulnerability."
|
|||||
| CVE-2000-0457 | 1 Microsoft | 2 Internet Information Server, Internet Information Services | 2025-04-03 | 7.5 HIGH | N/A |
|
ISM.DLL in IIS 4.0 and 5.0 allows remote attackers to read file contents by requesting the file and appending a large number of encoded spaces (%20) and terminated with a .htr extension, aka the ".HTR File Fragment Reading" or "File Fragment Reading via .HTR" vulnerability.
|
|||||
| CVE-2003-0659 | 1 Microsoft | 4 Windows 2000, Windows 2003 Server, Windows Nt and 1 more | 2025-04-03 | 7.2 HIGH | N/A |
|
Buffer overflow in a function in User32.dll on Windows NT through Server 2003 allows local users to execute arbitrary code via long (1) LB_DIR messages to ListBox or (2) CB_DIR messages to ComboBox controls in a privileged application.
|
|||||
| CVE-2004-0117 | 1 Microsoft | 6 Netmeeting, Windows 2000, Windows 2003 Server and 3 more | 2025-04-03 | 7.5 HIGH | N/A |
|
Unknown vulnerability in the H.323 protocol implementation in Windows 98, Windows 2000, Windows XP, and Windows Server 2003 allows remote attackers to execute arbitrary code.
|
|||||
| CVE-2003-0519 | 1 Microsoft | 1 Internet Explorer | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Certain versions of Internet Explorer 5 and 6, in certain Windows environments, allow remote attackers to cause a denial of service (freeze) via a URL to C:\aux (MS-DOS device name) and possibly other devices.
|
|||||
| CVE-2001-0347 | 1 Microsoft | 1 Windows 2000 | 2025-04-03 | 7.5 HIGH | N/A |
|
Information disclosure vulnerability in Microsoft Windows 2000 telnet service allows remote attackers to determine the existence of user accounts such as Guest, or log in to the server without specifying the domain name, via a malformed userid.
|
|||||
| CVE-2002-0025 | 1 Microsoft | 1 Internet Explorer | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Internet Explorer 5.01, 5.5 and 6.0 does not properly handle the Content-Type HTML header field, which allows remote attackers to modify which application is used to process a document.
|
|||||
| CVE-2001-0149 | 1 Microsoft | 1 Internet Explorer | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Windows Scripting Host in Internet Explorer 5.5 and earlier allows remote attackers to read arbitrary files via the GetObject Javascript function and the htmlfile ActiveX object.
|
|||||
| CVE-2005-1987 | 1 Microsoft | 4 Exchange Server, Windows 2000, Windows Server 2003 and 1 more | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in Collaboration Data Objects (CDO), as used in Microsoft Windows and Microsoft Exchange Server, allows remote attackers to execute arbitrary code when CDOSYS or CDOEX processes an e-mail message with a large header name, as demonstrated using the "Content-Type" string.
|
|||||
| CVE-2001-0951 | 1 Microsoft | 1 Windows 2000 | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Windows 2000 allows remote attackers to cause a denial of service (CPU consumption) by flooding Internet Key Exchange (IKE) UDP port 500 with packets that contain a large number of dot characters.
|
|||||
| CVE-2004-0575 | 1 Microsoft | 2 Windows 2003 Server, Windows Xp | 2025-04-03 | 10.0 HIGH | N/A |
|
Integer overflow in DUNZIP32.DLL for Microsoft Windows XP, Windows XP 64-bit Edition, Windows Server 2003, and Windows Server 2003 64-bit Edition allows remote attackers to execute arbitrary code via compressed (zipped) folders that involve an "unchecked buffer" and improper length validation.
|
|||||
| CVE-2006-3649 | 1 Microsoft | 1 Visual Basic | 2025-04-03 | 5.1 MEDIUM | N/A |
|
Buffer overflow in Microsoft Visual Basic for Applications (VBA) SDK 6.0 through 6.4, as used by Microsoft Office 2000 SP3, Office XP SP3, Project 2000 SR1, Project 2002 SP1, Access 2000 Runtime SP3, Visio 2002 SP2, and Works Suite 2004 through 2006, allows user-assisted attackers to execute arbitrary code via unspecified document properties that are not verified when VBA is invoked to open documents.
|
|||||
| CVE-2003-0348 | 1 Microsoft | 1 Windows Media Player | 2025-04-03 | 6.4 MEDIUM | N/A |
|
A certain Microsoft Windows Media Player 9 Series ActiveX control allows remote attackers to view and manipulate the Media Library on the local system via HTML script.
|
|||||
| CVE-2001-0245 | 1 Microsoft | 2 Index Server, Indexing Service | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Microsoft Index Server 2.0 in Windows NT 4.0, and Indexing Service in Windows 2000, allows remote attackers to read server-side include files via a malformed search request, aka a new variant of the "Malformed Hit-Highlighting" vulnerability.
|
|||||