Filtered by vendor Microsoft
Subscribe
Total
19962 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-2766 | 1 Microsoft | 2 Ie, Internet Explorer | 2024-11-21 | 2.6 LOW | N/A |
| Buffer overflow in INETCOMM.DLL, as used in Microsoft Internet Explorer 6.0 through 6.0 SP2, Windows Explorer, Outlook Express 6, and possibly other programs, allows remote user-assisted attackers to cause a denial of service (application crash) via a long mhtml URI in the URL value in a URL file. | |||||
| CVE-2006-2492 | 1 Microsoft | 2 Office, Works Suite | 2024-11-21 | 7.6 HIGH | 8.8 HIGH |
| Buffer overflow in Microsoft Word in Office 2000 SP3, Office XP SP3, Office 2003 Sp1 and SP2, and Microsoft Works Suites through 2006, allows user-assisted attackers to execute arbitrary code via a malformed object pointer, as originally reported by ISC on 20060519 for a zero-day attack. | |||||
| CVE-2006-2389 | 1 Microsoft | 1 Office | 2024-11-21 | 9.3 HIGH | N/A |
| Unspecified vulnerability in Microsoft Office 2003 SP1 and SP2, Office XP SP3, Office 2000 SP3, and other products, allows user-assisted attackers to execute arbitrary code via an Office file with a malformed property that triggers memory corruption related to record lengths, aka "Microsoft Office Property Vulnerability," a different vulnerability than CVE-2006-1316. | |||||
| CVE-2006-2388 | 1 Microsoft | 2 Excel, Excel Viewer | 2024-11-21 | 9.3 HIGH | N/A |
| Microsoft Office Excel 2000 through 2004 allows user-assisted attackers to execute arbitrary code via malformed cell comments, which lead to modification of "critical data offsets" during the rebuilding process. | |||||
| CVE-2006-2387 | 1 Microsoft | 1 Office | 2024-11-21 | 5.1 MEDIUM | N/A |
| Unspecified vulnerability in Microsoft Excel 2000, 2002, 2003, 2004 for Mac, v.X for Mac, Excel Viewer 2003, and Microsoft Works Suite 2004 through 2006 allows user-assisted attackers to execute arbitrary code via a crafted DATETIME record in an XLS file, a different vulnerability than CVE-2006-3867 and CVE-2006-3875. | |||||
| CVE-2006-2386 | 1 Microsoft | 1 Outlook Express | 2024-11-21 | 6.8 MEDIUM | N/A |
| Unspecified vulnerability in Microsoft Outlook Express 6 and earlier allows remote attackers to execute arbitrary code via a crafted contact record in a Windows Address Book (WAB) file. | |||||
| CVE-2006-2385 | 1 Microsoft | 2 Ie, Internet Explorer | 2024-11-21 | 7.6 HIGH | N/A |
| Unspecified vulnerability in Microsoft Internet Explorer 5.01 SP4 and 6 SP1 and earlier allows user-assisted remote attackers to execute arbitrary code via a crafted web page that triggers memory corruption when it is saved as a multipart HTML (.mht) file. | |||||
| CVE-2006-2384 | 1 Microsoft | 1 Internet Explorer | 2024-11-21 | 4.3 MEDIUM | N/A |
| Microsoft Internet Explorer 5.01 SP4 and 6 SP1 and earlier allows remote attackers to conduct spoofing and phishing attacks by using a modal browser window in a way that preserves the original address bar and trusted UI of a trusted site, even after the browser has been navigated to a malicious site, aka the "Address Bar Spoofing Vulnerability." | |||||
| CVE-2006-2383 | 1 Microsoft | 1 Internet Explorer | 2024-11-21 | 9.3 HIGH | N/A |
| Unspecified vulnerability in Microsoft Internet Explorer 5.01 SP4 and 6 SP1 and earlier allows remote attackers to execute arbitrary code via "unexpected data" related to "parameter validation" in the DXImageTransform.Microsoft.Light ActiveX control, which causes Internet Explorer to crash in a way that enables the code execution. | |||||
| CVE-2006-2382 | 1 Microsoft | 1 Internet Explorer | 2024-11-21 | 10.0 HIGH | N/A |
| Heap-based buffer overflow in Microsoft Internet Explorer 5.01 SP4 and 6 SP1 and earlier allows remote attackers to execute arbitrary code via crafted UTF-8 encoded HTML that results in size discrepancies during conversion to Unicode, aka "HTML Decoding Memory Corruption Vulnerability." | |||||
| CVE-2006-2380 | 1 Microsoft | 1 Windows 2000 | 2024-11-21 | 4.3 MEDIUM | N/A |
| Microsoft Windows 2000 SP4 does not properly validate an RPC server during mutual authentication over SSL, which allows remote attackers to spoof an RPC server, aka the "RPC Mutual Authentication Vulnerability." | |||||
| CVE-2006-2379 | 1 Microsoft | 4 Windows 2000, Windows 2003 Server, Windows Nt and 1 more | 2024-11-21 | 9.3 HIGH | N/A |
| Buffer overflow in the TCP/IP Protocol driver in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows remote attackers to execute arbitrary code via unknown vectors related to IP source routing. | |||||
| CVE-2006-2378 | 1 Microsoft | 4 Ie, Internet Explorer, Windows 2003 Server and 1 more | 2024-11-21 | 6.8 MEDIUM | N/A |
| Buffer overflow in the ART Image Rendering component (jgdw400.dll) in Microsoft Windows XP SP1 and Sp2, Server 2003 SP1 and earlier, and Windows 98 and Me allows remote attackers to execute arbitrary code via a crafted ART image that causes heap corruption. | |||||
| CVE-2006-2376 | 1 Microsoft | 3 Windows 98, Windows 98se, Windows Me | 2024-11-21 | 7.5 HIGH | N/A |
| Integer overflow in the PolyPolygon function in Graphics Rendering Engine on Microsoft Windows 98 and Me allows remote attackers to execute arbitrary code via a Windows Metafile (WMF) or EMF image with a sum of entries in the vertext counts array and number of polygons that triggers a heap-based buffer overflow. | |||||
| CVE-2006-2374 | 1 Microsoft | 3 Windows 2000, Windows 2003 Server, Windows Xp | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| The Server Message Block (SMB) driver (MRXSMB.SYS) in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows local users to cause a denial of service (hang) by calling the MrxSmbCscIoctlCloseForCopyChunk with the file handle of the shadow device, which results in a deadlock, aka the "SMB Invalid Handle Vulnerability." | |||||
| CVE-2006-2373 | 1 Microsoft | 3 Windows 2000, Windows Server 2003, Windows Xp | 2024-11-21 | 10.0 HIGH | N/A |
| The Server Message Block (SMB) driver (MRXSMB.SYS) in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows local users to execute arbitrary code by calling the MrxSmbCscIoctlOpenForCopyChunk function with the METHOD_NEITHER method flag and an arbitrary address, possibly for kernel memory, aka the "SMB Driver Elevation of Privilege Vulnerability." | |||||
| CVE-2006-2372 | 1 Microsoft | 1 Dhcp Client Service | 2024-11-21 | 10.0 HIGH | N/A |
| Buffer overflow in the DHCP Client service for Microsoft Windows 2000 SP4, Windows XP SP1 and SP2, and Server 2003 up to SP1 allows remote attackers to execute arbitrary code via a crafted DHCP response. | |||||
| CVE-2006-2371 | 1 Microsoft | 3 Windows 2000, Windows 2003 Server, Windows Xp | 2024-11-21 | 7.5 HIGH | N/A |
| Buffer overflow in the Remote Access Connection Manager service (RASMAN) service in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows remote unauthenticated or authenticated attackers to execute arbitrary code via certain crafted "RPC related requests," that lead to registry corruption and stack corruption, aka the "RASMAN Registry Corruption Vulnerability." | |||||
| CVE-2006-2370 | 1 Microsoft | 3 Windows 2000, Windows 2003 Server, Windows Xp | 2024-11-21 | 7.5 HIGH | N/A |
| Buffer overflow in the Routing and Remote Access service (RRAS) in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows remote unauthenticated or authenticated attackers to execute arbitrary code via certain crafted "RPC related requests," aka the "RRAS Memory Corruption Vulnerability." | |||||
| CVE-2006-2334 | 1 Microsoft | 2 Windows 2000, Windows Xp | 2024-11-21 | 2.1 LOW | N/A |
| The RtlDosPathNameToNtPathName_U API function in NTDLL.DLL in Microsoft Windows 2000 SP4 and XP SP2 does not properly convert DOS style paths with trailing spaces into NT style paths, which allows context-dependent attackers to create files that cannot be accessed through the expected DOS path or prevent access to other similarly named files in the same directory, which prevents those files from being detected or disinfected by certain anti-virus and anti-spyware software. | |||||