Filtered by vendor Microsoft
Subscribe
Total
19962 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-0143 | 1 Microsoft | 6 Windows 2000, Windows 2003 Server, Windows 98 and 3 more | 2024-11-21 | 7.5 HIGH | N/A |
| Microsoft Windows Graphics Rendering Engine (GRE) allows remote attackers to corrupt memory and cause a denial of service (crash) via a WMF file containing (1) ExtCreateRegion or (2) ExtEscape function calls with arguments with inconsistent lengths. | |||||
| CVE-2006-0057 | 1 Microsoft | 2 Ie, Internet Explorer | 2024-11-21 | 7.5 HIGH | N/A |
| Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to bypass the Kill bit settings for dangerous ActiveX controls via unknown vectors involving crafted HTML, which can expose the browser to attacks that would otherwise be prevented by the Kill bit setting. NOTE: CERT/CC claims that MS05-054 fixes this issue, but it is not described in MS05-054. | |||||
| CVE-2006-0034 | 1 Microsoft | 5 Distributed Transaction Coordinator, Windows 2000, Windows 2003 Server and 2 more | 2024-11-21 | 7.5 HIGH | N/A |
| Heap-based buffer overflow in the CRpcIoManagerServer::BuildContext function in msdtcprx.dll for Microsoft Distributed Transaction Coordinator (MSDTC) for Windows NT 4.0 and Windows 2000 SP2 and SP3 allows remote attackers to execute arbitrary code via a long fifth argument to the BuildContextW or BuildContext opcode, which triggers a bug in the NdrAllocate function, aka the MSDTC Invalid Memory Access Vulnerability. | |||||
| CVE-2006-0033 | 1 Microsoft | 1 Office | 2024-11-21 | 9.3 HIGH | N/A |
| Unspecified vulnerability in Microsoft Office 2003 SP1 and SP2, Office XP SP3, Office 2000 SP3, and other products, allows user-assisted attackers to execute arbitrary code via a crafted PNG image that triggers memory corruption when it is parsed. | |||||
| CVE-2006-0032 | 1 Microsoft | 3 Windows 2000, Windows 2003 Server, Windows Xp | 2024-11-21 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Indexing Service in Microsoft Windows 2000, XP, and Server 2003, when the Encoding option is set to Auto Select, allows remote attackers to inject arbitrary web script or HTML via a UTF-7 encoded URL, which is injected into an error message whose charset is set to UTF-7. | |||||
| CVE-2006-0031 | 1 Microsoft | 1 Office | 2024-11-21 | 5.1 MEDIUM | N/A |
| Stack-based buffer overflow in Microsoft Excel 2000, 2002, and 2003, in Microsoft Office 2000 SP3 and other packages, allows user-assisted attackers to execute arbitrary code via an Excel file with a malformed record with a modified length value, which leads to memory corruption. | |||||
| CVE-2006-0030 | 1 Microsoft | 2 Excel, Office | 2024-11-21 | 5.1 MEDIUM | N/A |
| Unspecified vulnerability in Microsoft Excel 2000, 2002, and 2003, in Microsoft Office 2000 SP3 and other packages, allows user-assisted attackers to execute arbitrary code via an Excel file with a malformed graphic, which leads to memory corruption. | |||||
| CVE-2006-0029 | 1 Microsoft | 2 Excel, Office | 2024-11-21 | 5.1 MEDIUM | N/A |
| Unspecified vulnerability in Microsoft Excel 2000, 2002, and 2003, in Microsoft Office 2000 SP3 and other packages, allows user-assisted attackers to execute arbitrary code via an Excel file with a malformed description, which leads to memory corruption. | |||||
| CVE-2006-0028 | 1 Microsoft | 2 Excel, Office | 2024-11-21 | 5.1 MEDIUM | N/A |
| Unspecified vulnerability in Microsoft Excel 2000, 2002, and 2003, in Microsoft Office 2000 SP3 and other packages, allows user-assisted attackers to execute arbitrary code via a BIFF parsing format file containing malformed BOOLERR records that lead to memory corruption, probably involving invalid pointers. | |||||
| CVE-2006-0027 | 1 Microsoft | 1 Exchange Server | 2024-11-21 | 7.5 HIGH | N/A |
| Unspecified vulnerability in Microsoft Exchange allows remote attackers to execute arbitrary code via e-mail messages with crafted (1) vCal or (2) iCal Calendar properties. | |||||
| CVE-2006-0026 | 1 Microsoft | 2 Internet Information Server, Internet Information Services | 2024-11-21 | 6.5 MEDIUM | N/A |
| Buffer overflow in Microsoft Internet Information Services (IIS) 5.0, 5.1, and 6.0 allows local and possibly remote attackers to execute arbitrary code via crafted Active Server Pages (ASP). | |||||
| CVE-2006-0025 | 1 Microsoft | 1 Windows Media Player | 2024-11-21 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in Microsoft Windows Media Player 9 and 10 allows remote attackers to execute arbitrary code via a PNG image with a large chunk size. | |||||
| CVE-2006-0023 | 1 Microsoft | 1 Windows Xp | 2024-11-21 | 4.3 MEDIUM | N/A |
| Microsoft Windows XP SP1 and SP2 before August 2004, and possibly other operating systems and versions, uses insecure default ACLs that allow the Authenticated Users group to gain privileges by modifying critical configuration information for the (1) Simple Service Discovery Protocol (SSDP), (2) Universal Plug and Play Device Host (UPnP), (3) NetBT, (4) SCardSvr, (5) DHCP, and (6) DnsCache services, aka "Permissive Windows Services DACLs." NOTE: the NetBT, SCardSvr, DHCP, DnsCache already require privileged access to exploit. | |||||
| CVE-2006-0022 | 1 Microsoft | 1 Powerpoint | 2024-11-21 | 7.6 HIGH | N/A |
| Unspecified vulnerability in Microsoft PowerPoint in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP1 and SP2, Office 2004 for Mac, and v. X for Mac allows user-assisted attackers to execute arbitrary code via a PowerPoint document with a malformed record, which triggers memory corruption. | |||||
| CVE-2006-0021 | 1 Microsoft | 2 Windows 2003 Server, Windows Xp | 2024-11-21 | 7.8 HIGH | N/A |
| Microsoft Windows XP SP1 and SP2, and Server 2003 up to SP1, allows remote attackers to cause a denial of service (hang) via an IGMP packet with an invalid IP option, aka the "IGMP v3 DoS Vulnerability." | |||||
| CVE-2006-0020 | 1 Microsoft | 6 Windows 2000, Windows 2003 Server, Windows 98 and 3 more | 2024-11-21 | 9.3 HIGH | N/A |
| An unspecified Microsoft WMF parsing application, as used in Internet Explorer 5.01 SP4 on Windows 2000 SP4, and 5.5 SP2 on Windows Millennium, and possibly other versions, allows attackers to cause a denial of service (crash) and possibly execute code via a crafted WMF file with a manipulated WMF header size, possibly involving an integer overflow, a different vulnerability than CVE-2005-4560, and aka "WMF Image Parsing Memory Corruption Vulnerability." | |||||
| CVE-2006-0015 | 1 Microsoft | 2 Frontpage Server Extensions, Sharepoint Team Services | 2024-11-21 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in _vti_bin/_vti_adm/fpadmdll.dll in Microsoft FrontPage Server Extensions 2002 and SharePoint Team Services allows remote attackers to inject arbitrary web script or HTML, then leverage the attack to execute arbitrary programs or create new accounts, via the (1) operation, (2) command, and (3) name parameters. | |||||
| CVE-2006-0014 | 1 Microsoft | 1 Outlook Express | 2024-11-21 | 5.1 MEDIUM | N/A |
| Buffer overflow in Microsoft Outlook Express 5.5 and 6 allows remote attackers to execute arbitrary code via a crafted Windows Address Book (WAB) file containing "certain Unicode strings" and modified length values. | |||||
| CVE-2006-0013 | 1 Microsoft | 2 Windows 2003 Server, Windows Xp | 2024-11-21 | 6.5 MEDIUM | N/A |
| Buffer overflow in the Web Client service (WebClnt.dll) for Microsoft Windows XP SP1 and SP2, and Server 2003 up to SP1, allows remote authenticated users or Guests to execute arbitrary code via crafted RPC requests, a different vulnerability than CVE-2005-1207. | |||||
| CVE-2006-0012 | 1 Microsoft | 6 Windows 2000, Windows 2003 Server, Windows 98 and 3 more | 2024-11-21 | 5.1 MEDIUM | N/A |
| Unspecified vulnerability in Windows Explorer in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allows remote attackers to execute arbitrary code via attack vectors involving COM objects and "crafted files and directories," aka the "Windows Shell Vulnerability." | |||||