Filtered by vendor Microsoft
Subscriptions
Total
23185 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2000-0114 | 1 Microsoft | 1 Internet Information Server | 2025-04-03 | N/A |
| Frontpage Server Extensions allows remote attackers to determine the name of the anonymous account via an RPC POST request to shtml.dll in the /_vti_bin/ virtual directory. | ||||
| CVE-2000-0126 | 1 Microsoft | 1 Internet Information Server | 2025-04-03 | N/A |
| Sample Internet Data Query (IDQ) scripts in IIS 3 and 4 allow remote attackers to read files via a .. (dot dot) attack. | ||||
| CVE-2002-0077 | 1 Microsoft | 1 Internet Explorer | 2025-04-03 | N/A |
| Microsoft Internet Explorer 5.01, 5.5 and 6.0 treats objects invoked on an HTML page with the codebase property as part of Local Computer zone, which allows remote attackers to invoke executables present on the local system through objects such as the popup object, aka the "Local Executable Invocation via Object tag" vulnerability. | ||||
| CVE-2001-1238 | 1 Microsoft | 1 Windows 2000 | 2025-04-03 | 7.8 High |
| Task Manager in Windows 2000 does not allow local users to end processes with uppercase letters named (1) winlogon.exe, (2) csrss.exe, (3) smss.exe and (4) services.exe via the Process tab which could allow local users to install Trojan horses that cannot be stopped with the Task Manager. | ||||
| CVE-2006-3605 | 1 Microsoft | 1 Internet Explorer | 2025-04-03 | N/A |
| Microsoft Internet Explorer 6 allows remote attackers to cause a denial of service (crash) by setting the Transition property on an uninitialized DXImageTransform.Microsoft.RevealTrans.1 ActiveX Object, which triggers a null dereference. | ||||
| CVE-2006-3898 | 1 Microsoft | 1 Internet Explorer | 2025-04-03 | N/A |
| Microsoft Internet Explorer 6.0 on Windows XP SP2 allows remote attackers to cause a denial of service (application crash) by calling the Click method of the Internet.HHCtrl.1 ActiveX object before initializing the URL, which triggers a null dereference. | ||||
| CVE-2006-3880 | 1 Microsoft | 3 Windows 2000, Windows 2003 Server, Windows Xp | 2025-04-03 | N/A |
| Microsoft Windows NT 4.0, Windows 2000, Windows XP, and Windows Small Business Server 2003 allow remote attackers to cause a denial of service (IP stack hang) via a continuous stream of packets on TCP port 135 that have incorrect TCP header checksums and random numbers in certain TCP header fields, as demonstrated by the Achilles Windows Attack Tool. NOTE: the researcher reports that the Microsoft Security Response Center has stated "Our investigation which has included code review, review of the TCPDump, and attempts on reproing the issue on multiple fresh installs of various Windows Operating Systems have all resulted in non confirmation. | ||||
| CVE-2000-0216 | 1 Microsoft | 3 Exchange Server, Outlook, Windows Messaging | 2025-04-03 | N/A |
| Microsoft email clients in Outlook, Exchange, and Windows Messaging automatically respond to Read Receipt and Delivery Receipt tags, which could allow an attacker to flood a mail system with responses by forging a Read Receipt request that is redirected to a large distribution list. | ||||
| CVE-2000-0226 | 1 Microsoft | 1 Internet Information Server | 2025-04-03 | N/A |
| IIS 4.0 allows attackers to cause a denial of service by requesting a large buffer in a POST or PUT command which consumes memory, aka the "Chunked Transfer Encoding Buffer Overflow Vulnerability." | ||||
| CVE-2006-1511 | 1 Microsoft | 1 .net Framework | 2025-04-03 | N/A |
| Buffer overflow in the ILASM assembler in the Microsoft .NET 1.0 and 1.1 Framework might allow user-assisted attackers to execute arbitrary code via a .il file that calls a function with a long name. | ||||
| CVE-2006-0935 | 1 Microsoft | 1 Word | 2025-04-03 | N/A |
| Microsoft Word 2003 allows remote attackers to cause a denial of service (application crash) via a crafted file, as demonstrated by 101_filefuzz. | ||||
| CVE-2006-0001 | 1 Microsoft | 2 Office, Publisher | 2025-04-03 | N/A |
| Stack-based buffer overflow in Microsoft Publisher 2000 through 2003 allows user-assisted remote attackers to execute arbitrary code via a crafted PUB file, which causes an overflow when parsing fonts. | ||||
| CVE-2003-0533 | 1 Microsoft | 7 Netmeeting, Windows 2000, Windows 2003 Server and 4 more | 2025-04-03 | N/A |
| Stack-based buffer overflow in certain Active Directory service functions in LSASRV.DLL of the Local Security Authority Subsystem Service (LSASS) in Microsoft Windows NT 4.0 SP6a, 2000 SP2 through SP4, XP SP1, Server 2003, NetMeeting, Windows 98, and Windows ME, allows remote attackers to execute arbitrary code via a packet that causes the DsRolerUpgradeDownlevelServer function to create long debug entries for the DCPROMO.LOG log file, as exploited by the Sasser worm. | ||||
| CVE-1999-1055 | 1 Microsoft | 1 Excel | 2025-04-03 | N/A |
| Microsoft Excel 97 does not warn the user before executing worksheet functions, which could allow attackers to execute arbitrary commands by using the CALL function to execute a malicious DLL, aka the Excel "CALL Vulnerability." | ||||
| CVE-2005-2830 | 1 Microsoft | 2 Ie, Internet Explorer | 2025-04-03 | N/A |
| Microsoft Internet Explorer 5.01, 5.5, and 6, when using an HTTPS proxy server that requires Basic Authentication, sends URLs in cleartext, which allows remote attackers to obtain sensitive information, aka "HTTPS Proxy Vulnerability." | ||||
| CVE-2002-2132 | 1 Microsoft | 2 Windows 2000, Windows Xp | 2025-04-03 | N/A |
| Windows File Protection (WFP) in Windows 2000 and XP does not remove old security catalog .CAT files, which could allow local users to replace new files with vulnerable old files that have valid hash codes. | ||||
| CVE-2006-0057 | 1 Microsoft | 2 Ie, Internet Explorer | 2025-04-03 | N/A |
| Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to bypass the Kill bit settings for dangerous ActiveX controls via unknown vectors involving crafted HTML, which can expose the browser to attacks that would otherwise be prevented by the Kill bit setting. NOTE: CERT/CC claims that MS05-054 fixes this issue, but it is not described in MS05-054. | ||||
| CVE-2005-1907 | 1 Microsoft | 1 Isa Server | 2025-04-03 | N/A |
| The ISA Firewall service in Microsoft Internet Security and Acceleration (ISA) Server 2000 allows remote attackers to cause a denial of service (Wspsrv.exe crash) via a large amount of SecureNAT network traffic. | ||||
| CVE-2005-1683 | 1 Microsoft | 1 Word | 2025-04-03 | N/A |
| Buffer overflow in winword.exe 10.2627.6714 and earlier in Microsoft Word for the Macintosh, before SP3 for Word 2002, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted mcw file. | ||||
| CVE-2005-2274 | 1 Microsoft | 1 Internet Explorer | 2025-04-03 | N/A |
| Microsoft Internet Explorer 6.0 does not clearly associate a Javascript dialog box with the web page that generated it, which allows remote attackers to spoof a dialog box from a trusted site and facilitates phishing attacks, aka the "Dialog Origin Spoofing Vulnerability." | ||||