Filtered by vendor Microsoft
Subscribe
Total
22989 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2000-0199 | 1 Microsoft | 1 Sql Server | 2025-04-03 | 7.2 HIGH | N/A |
|
When a new SQL Server is registered in Enterprise Manager for Microsoft SQL Server 7.0 and the "Always prompt for login name and password" option is not set, then the Enterprise Manager uses weak encryption to store the login ID and password.
|
|||||
| CVE-2006-0143 | 1 Microsoft | 6 Windows 2000, Windows 2003 Server, Windows 98 and 3 more | 2025-04-03 | 7.5 HIGH | N/A |
|
Microsoft Windows Graphics Rendering Engine (GRE) allows remote attackers to corrupt memory and cause a denial of service (crash) via a WMF file containing (1) ExtCreateRegion or (2) ExtEscape function calls with arguments with inconsistent lengths.
|
|||||
| CVE-2005-1212 | 1 Microsoft | 7 Windows 2000, Windows 2000 Terminal Services, Windows 2003 Server and 4 more | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in Microsoft Step-by-Step Interactive Training (orun32.exe) allows remote attackers to execute arbitrary code via a bookmark link file (.cbo, cbl, or .cbm extension) with a long User field.
|
|||||
| CVE-2000-0258 | 1 Microsoft | 2 Internet Information Server, Internet Information Services | 2025-04-03 | 5.0 MEDIUM | 7.5 HIGH |
|
IIS 4.0 and 5.0 allows remote attackers to cause a denial of service by sending many URLs with a large number of escaped characters, aka the "Myriad Escaped Characters" Vulnerability.
|
|||||
| CVE-2006-4494 | 1 Microsoft | 1 Visual Studio | 2025-04-03 | 7.5 HIGH | N/A |
|
Microsoft Visual Studio 6.0 allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code by instantiating certain Visual Studio 6.0 ActiveX COM Objects in Internet Explorer, including (1) tcprops.dll, (2) fp30wec.dll, (3) mdt2db.dll, (4) mdt2qd.dll, and (5) vi30aut.dll.
|
|||||
| CVE-2001-1547 | 1 Microsoft | 1 Outlook Express | 2025-04-03 | 7.5 HIGH | N/A |
|
Outlook Express 6.0, with "Do not allow attachments to be saved or opened that could potentially be a virus" enabled, does not block email attachments from forwarded messages, which could allow remote attackers to execute arbitrary code.
|
|||||
| CVE-1999-0867 | 1 Microsoft | 3 Commercial Internet System, Internet Information Server, Site Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Denial of service in IIS 4.0 via a flood of HTTP requests with malformed headers.
|
|||||
| CVE-2003-0003 | 1 Microsoft | 4 Windows 2000, Windows 2000 Terminal Services, Windows Nt and 1 more | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in the RPC Locator service for Microsoft Windows NT 4.0, Windows NT 4.0 Terminal Server Edition, Windows 2000, and Windows XP allows local users to execute arbitrary code via an RPC call to the service containing certain parameter information.
|
|||||
| CVE-1999-0348 | 1 Microsoft | 1 Internet Information Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
IIS ASP caching problem releases sensitive information when two virtual servers share the same physical directory.
|
|||||
| CVE-2001-0373 | 1 Microsoft | 2 Windows 2000, Windows Nt | 2025-04-03 | 2.1 LOW | N/A |
|
The default configuration of the Dr. Watson program in Windows NT and Windows 2000 generates user.dmp crash dump files with world-readable permissions, which could allow a local user to gain access to sensitive information.
|
|||||
| CVE-2004-2383 | 1 Microsoft | 2 Ie, Internet Explorer | 2025-04-03 | 5.1 MEDIUM | N/A |
|
Microsoft Internet Explorer 5.0 through 6.0 allows remote attackers to bypass cross-frame scripting restrictions and capture keyboard events from other domains via an HTML document with Javascript that is outside a frameset that includes the target domain, then forcing the frameset to maintain focus. NOTE: the discloser claimed that the vendor does not categorize this as a vulnerability, but it can be used in a spoofing scenario; the discloser provides alternate scenarios. Spoofing scenarios ar ...
Show More |
|||||
| CVE-1999-1520 | 1 Microsoft | 1 Site Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
A configuration problem in the Ad Server Sample directory (AdSamples) in Microsoft Site Server 3.0 allows an attacker to obtain the SITE.CSC file, which exposes sensitive SQL database information.
|
|||||
| CVE-2005-0562 | 1 Microsoft | 1 Msn Messenger | 2025-04-03 | 7.5 HIGH | N/A |
|
GIF file validation error in MSN Messenger 6.2 allows remote attackers in a user's contact list to execute arbitrary code via a GIF image with an improper height and width.
|
|||||
| CVE-2004-0899 | 1 Microsoft | 1 Windows Nt | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The DHCP Server service for Microsoft Windows NT 4.0 Server and Terminal Server Edition, with DHCP logging enabled, does not properly validate the length of certain messages, which allows remote attackers to cause a denial of service (application crash) via a malformed DHCP message, aka "Logging Vulnerability."
|
|||||
| CVE-2001-0660 | 1 Microsoft | 1 Exchange Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Outlook Web Access (OWA) in Microsoft Exchange 5.5, SP4 and earlier, allows remote attackers to identify valid user email addresses by directly accessing a back-end function that processes the global address list (GAL).
|
|||||
| CVE-2001-0538 | 1 Microsoft | 1 Outlook | 2025-04-03 | 10.0 HIGH | N/A |
|
Microsoft Outlook View ActiveX Control in Microsoft Outlook 2002 and earlier allows remote attackers to execute arbitrary commands via a malicious HTML e-mail message or web page.
|
|||||
| CVE-2002-1698 | 1 Microsoft | 1 Msn Messenger | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Buffer overflow in Microsoft MSN Messenger Service 1.0 through 4.6 allows remote attackers to cause a denial of service (crash) via a long FN (font) argument in the message header.
|
|||||
| CVE-1999-1452 | 1 Microsoft | 1 Windows Nt | 2025-04-03 | 2.1 LOW | N/A |
|
GINA in Windows NT 4.0 allows attackers with physical access to display a portion of the clipboard of the user who has locked the workstation by pasting (CTRL-V) the contents into the username prompt.
|
|||||
| CVE-1999-1363 | 1 Microsoft | 1 Windows Nt | 2025-04-03 | 2.1 LOW | N/A |
|
Windows NT 3.51 and 4.0 allow local users to cause a denial of service (crash) by running a program that creates a large number of locks on a file, which exhausts the NonPagedPool.
|
|||||
| CVE-2005-0420 | 1 Microsoft | 1 Exchange Server | 2025-04-03 | 5.8 MEDIUM | N/A |
|
Microsoft Outlook Web Access (OWA), when used with Exchange, allows remote attackers to redirect users to arbitrary URLs for login via a link to the owalogon.asp application.
|
|||||
| CVE-1999-0077 | 1 Microsoft | 1 Windows Nt | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Predictable TCP sequence numbers allow spoofing.
|
|||||
| CVE-2003-1472 | 2 3d-ftp, Microsoft | 2 3d-ftp, All Windows | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Buffer overflow in 3D-FTP client 4.0 allows remote FTP servers to cause a denial of service (crash) and possibly execute arbitrary code via a long banner.
|
|||||
| CVE-2006-2094 | 1 Microsoft | 2 Ie, Internet Explorer | 2025-04-03 | 5.1 MEDIUM | N/A |
|
Microsoft Internet Explorer before Windows XP Service Pack 2 and Windows Server 2003 Service Pack 1, when Prompt is configured in Security Settings, uses modal dialogs to verify that a user wishes to run an ActiveX control or perform other risky actions, which allows user-assisted remote attackers to construct a race condition that tricks a user into clicking an object or pressing keys that are actually applied to a "Yes" approval for executing the control.
|
|||||
| CVE-2004-0118 | 1 Microsoft | 2 Windows 2000, Windows Nt | 2025-04-03 | 7.2 HIGH | N/A |
|
The component for the Virtual DOS Machine (VDM) subsystem in Windows NT 4.0 and Windows 2000 does not properly validate system structures, which allows local users to access protected kernel memory and execute arbitrary code.
|
|||||
| CVE-2005-3240 | 1 Microsoft | 2 Ie, Internet Explorer | 2025-04-03 | 5.1 MEDIUM | N/A |
|
Race condition in Microsoft Internet Explorer allows user-assisted attackers to overwrite arbitrary files and possibly execute code by tricking a user into performing a drag-and-drop action from certain objects, such as file objects within a folder view, then predicting the drag action, and re-focusing to a malicious window.
|
|||||
| CVE-2005-0059 | 1 Microsoft | 4 Windows 2000, Windows 98, Windows 98se and 1 more | 2025-04-03 | 10.0 HIGH | N/A |
|
Buffer overflow in the Message Queuing component of Microsoft Windows 2000 and Windows XP SP1 allows remote attackers to execute arbitrary code via a crafted message.
|
|||||
| CVE-2006-1192 | 2 Canon, Microsoft | 3 Network Camera Server Vb101, Ie, Internet Explorer | 2025-04-03 | 2.6 LOW | N/A |
|
Microsoft Internet Explorer 5.01 through 6 allows remote attackers to conduct phishing attacks by spoofing the address bar and other parts of the trust UI via unknown methods that allow "window content to persist" after the user has navigated to another site, aka the "Address Bar Spoofing Vulnerability." NOTE: this is a different vulnerability than CVE-2006-1626.
|
|||||
| CVE-2005-4842 | 1 Microsoft | 1 Internet Explorer | 2025-04-03 | 7.1 HIGH | N/A |
|
The System Monitor Source Properties control allows remote attackers to cause a denial of service (Internet Explorer crash) by creating a COM object of the class associated with the control's CLSID, which is not intended for use within Internet Explorer.
|
|||||
| CVE-2005-1665 | 1 Microsoft | 1 Asp.net | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The __VIEWSTATE functionality in Microsoft ASP.NET 1.x, when not cryptographically signed, allows remote attackers to cause a denial of service (CPU consumption) via deeply nested markup.
|
|||||
| CVE-2000-1104 | 1 Microsoft | 2 Internet Information Server, Internet Information Services | 2025-04-03 | 7.5 HIGH | N/A |
|
Variant of the "IIS Cross-Site Scripting" vulnerability as originally discussed in MS:MS00-060 (CVE-2000-0746) allows a malicious web site operator to embed scripts in a link to a trusted site, which are returned without quoting in an error message back to the client. The client then executes those scripts in the same context as the trusted site.
|
|||||
| CVE-1999-0577 | 1 Microsoft | 1 Windows Nt | 2025-04-03 | 10.0 HIGH | N/A |
|
A Windows NT system's file audit policy does not log an event success or failure for non-critical files or directories.
|
|||||
| CVE-1999-1362 | 1 Microsoft | 1 Windows Nt | 2025-04-03 | 2.1 LOW | N/A |
|
Win32k.sys in Windows NT 4.0 before SP2 allows local users to cause a denial of service (crash) by calling certain WIN32K functions with incorrect parameters.
|
|||||
| CVE-2006-0009 | 1 Microsoft | 2 Office, Works | 2025-04-03 | 5.1 MEDIUM | N/A |
|
Buffer overflow in Microsoft Office 2000 SP3, XP SP3, and other versions and packages, allows user-assisted attackers to execute arbitrary code via a routing slip that is longer than specified by the provided length field, as exploited by malware such as TROJ_MDROPPER.BH and Trojan.PPDropper.E in attacks against PowerPoint.
|
|||||
| CVE-2002-1230 | 1 Microsoft | 2 Windows 2000, Windows 2000 Terminal Services | 2025-04-03 | 4.6 MEDIUM | N/A |
|
NetDDE Agent on Windows NT 4.0, 4.0 Terminal Server Edition, Windows 2000, and Windows XP allows local users to execute arbitrary code as LocalSystem via "shatter" style attack by sending a WM_COPYDATA message followed by a WM_TIMER message, as demonstrated by GetAd, aka "Flaw in Windows WM_TIMER Message Handling Could Enable Privilege Elevation."
|
|||||
| CVE-1999-0993 | 1 Microsoft | 1 Exchange Server | 2025-04-03 | 7.5 HIGH | N/A |
|
Modifications to ACLs (Access Control Lists) in Microsoft Exchange 5.5 do not take effect until the directory store cache is refreshed.
|
|||||
| CVE-2002-1056 | 1 Microsoft | 2 Outlook, Word | 2025-04-03 | 7.5 HIGH | N/A |
|
Microsoft Outlook 2000 and 2002, when configured to use Microsoft Word as the email editor, does not block scripts that are used while editing email messages in HTML or Rich Text Format (RTF), which could allow remote attackers to execute arbitrary scripts via an email that the user forwards or replies to.
|
|||||
| CVE-2001-0005 | 1 Microsoft | 1 Powerpoint | 2025-04-03 | 6.2 MEDIUM | N/A |
|
Buffer overflow in the parsing mechanism of the file loader in Microsoft PowerPoint 2000 allows attackers to execute arbitrary commands.
|
|||||
| CVE-2006-0029 | 1 Microsoft | 2 Excel, Office | 2025-04-03 | 5.1 MEDIUM | N/A |
|
Unspecified vulnerability in Microsoft Excel 2000, 2002, and 2003, in Microsoft Office 2000 SP3 and other packages, allows user-assisted attackers to execute arbitrary code via an Excel file with a malformed description, which leads to memory corruption.
|
|||||
| CVE-2002-0617 | 1 Microsoft | 2 Excel, Office | 2025-04-03 | 5.1 MEDIUM | N/A |
|
The Macro Security Model in Microsoft Excel 2000 and 2002 for Windows allows remote attackers to execute code by creating a hyperlink on a drawing shape in a source workbook that points to a destination workbook containing an autoexecute macro, aka "Hyperlinked Excel Workbook Macro Bypass."
|
|||||
| CVE-2002-0859 | 1 Microsoft | 2 Jet, Sql Server | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in the OpenDataSource function of the Jet engine on Microsoft SQL Server 2000 allows remote attackers to execute arbitrary code.
|
|||||