Filtered by vendor Microsoft
Subscribe
Total
19962 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2002-0368 | 1 Microsoft | 1 Exchange Server | 2024-11-20 | 5.0 MEDIUM | N/A |
| The Store Service in Microsoft Exchange 2000 allows remote attackers to cause a denial of service (CPU consumption) via a mail message with a malformed RFC message attribute, aka "Malformed Mail Attribute can Cause Exchange 2000 to Exhaust CPU Resources." | |||||
| CVE-2002-0367 | 1 Microsoft | 2 Windows 2000, Windows Nt | 2024-11-20 | 7.2 HIGH | 7.8 HIGH |
| smss.exe debugging subsystem in Windows NT and Windows 2000 does not properly authenticate programs that connect to other programs, which allows local users to gain administrator or SYSTEM privileges by duplicating a handle to a privileged process, as demonstrated by DebPloit. | |||||
| CVE-2002-0366 | 1 Microsoft | 3 Windows 2000, Windows Nt, Windows Xp | 2024-11-20 | 7.2 HIGH | N/A |
| Buffer overflow in Remote Access Service (RAS) phonebook for Windows NT 4.0, 2000, XP, and Routing and Remote Access Server (RRAS) allows local users to execute arbitrary code by modifying the rasphone.pbk file to use a long dial-up entry. | |||||
| CVE-2002-0364 | 1 Microsoft | 2 Internet Information Server, Internet Information Services | 2024-11-20 | 7.5 HIGH | N/A |
| Buffer overflow in the chunked encoding transfer mechanism in IIS 4.0 and 5.0 allows attackers to execute arbitrary code via the processing of HTR request sessions, aka "Heap Overrun in HTR Chunked Encoding Could Enable Web Server Compromise." | |||||
| CVE-2002-0340 | 1 Microsoft | 1 Windows Media Player | 2024-11-20 | 7.5 HIGH | N/A |
| Windows Media Player (WMP) 8.00.00.4477, and possibly other versions, automatically detects and executes .wmf and other content, even when the file's extension or content type does not specify .wmf, which could make it easier for attackers to conduct unauthorized activities via Trojan horse files containing .wmf content. | |||||
| CVE-2002-0285 | 1 Microsoft | 1 Outlook Express | 2024-11-20 | 7.5 HIGH | N/A |
| Outlook Express 5.5 and 6.0 on Windows treats a carriage return ("CR") in a message header as if it were a valid carriage return/line feed combination (CR/LF), which could allow remote attackers to bypass virus protection and or other filtering mechanisms via a mail message with headers that only contain the CR, which causes Outlook to create separate headers. | |||||
| CVE-2002-0283 | 1 Microsoft | 1 Windows Xp | 2024-11-20 | 5.0 MEDIUM | N/A |
| Windows XP with port 445 open allows remote attackers to cause a denial of service (CPU consumption) via a flood of TCP SYN packets containing possibly malformed data. | |||||
| CVE-2002-0269 | 1 Microsoft | 1 Internet Explorer | 2024-11-20 | 7.5 HIGH | N/A |
| Internet Explorer 5.x and 6 interprets an object as an HTML document even when its MIME Content-Type is text/plain, which could allow remote attackers to execute arbitrary script in documents that the user does not expect, possibly through web applications that use a text/plain type to prevent cross-site scripting attacks. | |||||
| CVE-2002-0242 | 1 Microsoft | 1 Internet Explorer | 2024-11-20 | 7.5 HIGH | N/A |
| Cross-site scripting vulnerability in Internet Explorer 6 earlier allows remote attackers to execute arbitrary script via an Extended HTML Form, whose output from the remote server is not properly cleansed. | |||||
| CVE-2002-0228 | 1 Microsoft | 1 Msn Messenger | 2024-11-20 | 5.0 MEDIUM | N/A |
| Microsoft MSN Messenger allows remote attackers to use Javascript that references an ActiveX object to obtain sensitive information such as display names and web site navigation, and possibly more when the user is connected to certain Microsoft sites (or DNS-spoofed sites). | |||||
| CVE-2002-0224 | 1 Microsoft | 3 Internet Information Services, Sql Server, Windows 2000 | 2024-11-20 | 5.0 MEDIUM | N/A |
| The MSDTC (Microsoft Distributed Transaction Service Coordinator) for Microsoft Windows 2000, Microsoft IIS 5.0 and SQL Server 6.5 through SQL 2000 0.0 allows remote attackers to cause a denial of service (crash or hang) via malformed (random) input. | |||||
| CVE-2002-0193 | 1 Microsoft | 1 Internet Explorer | 2024-11-20 | 7.5 HIGH | N/A |
| Microsoft Internet Explorer 5.01 and 6.0 allow remote attackers to execute arbitrary code via malformed Content-Disposition and Content-Type header fields that cause the application for the spoofed file type to pass the file back to the operating system for handling rather than raise an error message, aka the first variant of the "Content Disposition" vulnerability. | |||||
| CVE-2002-0191 | 1 Microsoft | 1 Internet Explorer | 2024-11-20 | 5.0 MEDIUM | N/A |
| Microsoft Internet Explorer 5.01, 5.5 and 6.0 allows remote attackers to view arbitrary files that contain the "{" character via script containing the cssText property of the stylesheet object, aka "Local Information Disclosure through HTML Object" vulnerability. | |||||
| CVE-2002-0190 | 1 Microsoft | 1 Internet Explorer | 2024-11-20 | 7.5 HIGH | N/A |
| Microsoft Internet Explorer 5.01, 5.5 and 6.0 allows remote attackers to execute arbitrary code under fewer security restrictions via a malformed web page that requires NetBIOS connectivity, aka "Zone Spoofing through Malformed Web Page" vulnerability. | |||||
| CVE-2002-0189 | 1 Microsoft | 1 Internet Explorer | 2024-11-20 | 7.5 HIGH | N/A |
| Cross-site scripting vulnerability in Internet Explorer 6.0 allows remote attackers to execute scripts in the Local Computer zone via a URL that exploits a local HTML resource file, aka the "Cross-Site Scripting in Local HTML Resource" vulnerability. | |||||
| CVE-2002-0188 | 1 Microsoft | 1 Internet Explorer | 2024-11-20 | 7.5 HIGH | N/A |
| Microsoft Internet Explorer 5.01 and 6.0 allow remote attackers to execute arbitrary code via malformed Content-Disposition and Content-Type header fields that cause the application for the spoofed file type to pass the file back to the operating system for handling rather than raise an error message, aka the second variant of the "Content Disposition" vulnerability. | |||||
| CVE-2002-0187 | 1 Microsoft | 1 Sql Server | 2024-11-20 | 7.5 HIGH | N/A |
| Cross-site scripting vulnerability in the SQLXML component of Microsoft SQL Server 2000 allows an attacker to execute arbitrary script via the root parameter as part of an XML SQL query, aka "Script Injection via XML Tag." | |||||
| CVE-2002-0186 | 1 Microsoft | 1 Sql Server | 2024-11-20 | 7.5 HIGH | N/A |
| Buffer overflow in the SQLXML ISAPI extension of Microsoft SQL Server 2000 allows remote attackers to execute arbitrary code via data queries with a long content-type parameter, aka "Unchecked Buffer in SQLXML ISAPI Extension." | |||||
| CVE-2002-0155 | 1 Microsoft | 3 Msn Chat Control, Msn Messenger, Msn Messenger Service For Exchange | 2024-11-20 | 7.5 HIGH | N/A |
| Buffer overflow in Microsoft MSN Chat ActiveX Control, as used in MSN Messenger 4.5 and 4.6, and Exchange Instant Messenger 4.5 and 4.6, allows remote attackers to execute arbitrary code via a long ResDLL parameter in the MSNChat OCX. | |||||
| CVE-2002-0154 | 1 Microsoft | 1 Sql Server | 2024-11-20 | 7.5 HIGH | N/A |
| Buffer overflows in extended stored procedures for Microsoft SQL Server 7.0 and 2000 allow remote attackers to cause a denial of service or execute arbitrary code via a database query with certain long arguments. | |||||