Filtered by vendor Microsoft
Subscribe
Total
19568 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2003-0814 | 1 Microsoft | 2 Ie, Internet Explorer | 2024-02-28 | 7.5 HIGH | N/A |
| Internet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions and execute Javascript by setting the window's "href" to the malicious Javascript, then calling execCommand("Refresh") to refresh the page, aka BodyRefreshLoadsJPU or the "ExecCommand Cross Domain" vulnerability. | |||||
| CVE-2002-0617 | 1 Microsoft | 2 Excel, Office | 2024-02-28 | 5.1 MEDIUM | N/A |
| The Macro Security Model in Microsoft Excel 2000 and 2002 for Windows allows remote attackers to execute code by creating a hyperlink on a drawing shape in a source workbook that points to a destination workbook containing an autoexecute macro, aka "Hyperlinked Excel Workbook Macro Bypass." | |||||
| CVE-1999-0870 | 1 Microsoft | 1 Internet Explorer | 2024-02-28 | 2.6 LOW | N/A |
| Internet Explorer 4.01 allows remote attackers to read arbitrary files by pasting a file name into the file upload control, aka untrusted scripted paste. | |||||
| CVE-2002-0974 | 1 Microsoft | 1 Windows Xp | 2024-02-28 | 5.0 MEDIUM | N/A |
| Help and Support Center for Windows XP allows remote attackers to delete arbitrary files via a link to the hcp: protocol that accesses uplddrvinfo.htm. | |||||
| CVE-2003-0838 | 1 Microsoft | 2 Ie, Internet Explorer | 2024-02-28 | 7.5 HIGH | N/A |
| Internet Explorer allows remote attackers to bypass zone restrictions to inject and execute arbitrary programs by creating a popup window and inserting ActiveX object code with a "data" tag pointing to the malicious code, which Internet Explorer treats as HTML or Javascript, but later executes as an HTA application, a different vulnerability than CVE-2003-0532, and as exploited using the QHosts Trojan horse (aka Trojan.Qhosts, QHosts-1, VBS.QHOSTS, or aolfix.exe). | |||||
| CVE-2000-0328 | 1 Microsoft | 1 Windows Nt | 2024-02-28 | 5.0 MEDIUM | N/A |
| Windows NT 4.0 generates predictable random TCP initial sequence numbers (ISN), which allows remote attackers to perform spoofing and session hijacking. | |||||
| CVE-2000-0662 | 1 Microsoft | 1 Internet Explorer | 2024-02-28 | 5.0 MEDIUM | N/A |
| Internet Explorer 5.x and Microsoft Outlook allows remote attackers to read arbitrary files by redirecting the contents of an IFRAME using the DHTML Edit Control (DHTMLED). | |||||
| CVE-2000-0673 | 1 Microsoft | 2 Windows 2000, Windows Nt | 2024-02-28 | 5.0 MEDIUM | N/A |
| The NetBIOS Name Server (NBNS) protocol does not perform authentication, which allows remote attackers to cause a denial of service by sending a spoofed Name Conflict or Name Release datagram, aka the "NetBIOS Name Server Protocol Spoofing" vulnerability. | |||||
| CVE-2002-0700 | 1 Microsoft | 1 Content Management Server | 2024-02-28 | 7.5 HIGH | N/A |
| Buffer overflow in a system function that performs user authentication for Microsoft Content Management Server (MCMS) 2001 allows attackers to execute code in the Local System context by authenticating to a web page that calls the function, aka "Unchecked Buffer in MDAC Function Could Enable SQL Server Compromise." | |||||
| CVE-2004-0203 | 1 Microsoft | 1 Exchange Server | 2024-02-28 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Outlook Web Access for Exchange Server 5.5 Service Pack 4 allows remote attackers to insert arbitrary script and spoof content in HTML email or web caches via an HTML redirect query. | |||||
| CVE-2000-1149 | 1 Microsoft | 1 Windows Nt | 2024-02-28 | 7.5 HIGH | N/A |
| Buffer overflow in RegAPI.DLL used by Windows NT 4.0 Terminal Server allows remote attackers to execute arbitrary commands via a long username, aka the "Terminal Server Login Buffer Overflow" vulnerability. | |||||
| CVE-2002-1824 | 1 Microsoft | 2 Ie, Internet Explorer | 2024-02-28 | 5.0 MEDIUM | N/A |
| Microsoft Internet Explorer 6.0, when handling an expired CA-CERT in a webserver's certificate chain during a SSL/TLS handshake, does not prompt the user before searching for and finding a newer certificate, which may allow attackers to perform a man-in-the-middle attack. NOTE: it is not clear whether this poses a vulnerability. | |||||
| CVE-1999-0585 | 1 Microsoft | 2 Windows 2000, Windows Nt | 2024-02-28 | 2.1 LOW | N/A |
| A Windows NT administrator account has the default name of Administrator. | |||||
| CVE-2003-0906 | 1 Microsoft | 3 Windows 2000, Windows Nt, Windows Xp | 2024-02-28 | 7.6 HIGH | N/A |
| Buffer overflow in the rendering for (1) Windows Metafile (WMF) or (2) Enhanced Metafile (EMF) image formats in Microsoft Windows NT 4.0 SP6a, 2000 SP2 through SP4, and XP SP1 allows remote attackers to execute arbitrary code via a malformed WMF or EMF image. | |||||
| CVE-1999-1360 | 1 Microsoft | 1 Windows Nt | 2024-02-28 | 2.1 LOW | N/A |
| Windows NT 4.0 allows local users to cause a denial of service via a user mode application that closes a handle that was opened in kernel mode, which causes a crash when the kernel attempts to close the handle. | |||||
| CVE-2000-0711 | 2 Microsoft, Netscape | 2 Virtual Machine, Communicator | 2024-02-28 | 7.5 HIGH | N/A |
| Netscape Communicator does not properly prevent a ServerSocket object from being created by untrusted entities, which allows remote attackers to create a server on the victim's system via a malicious applet, as demonstrated by Brown Orifice. | |||||
| CVE-2001-0336 | 1 Microsoft | 1 Internet Information Server | 2024-02-28 | 5.0 MEDIUM | N/A |
| The Microsoft MS00-060 patch for IIS 5.0 and earlier introduces an error which allows attackers to cause a denial of service via a malformed request. | |||||
| CVE-1999-0802 | 1 Microsoft | 1 Internet Explorer | 2024-02-28 | 7.6 HIGH | N/A |
| Buffer overflow in Internet Explorer 5 allows remote attackers to execute commands via a malformed Favorites icon. | |||||
| CVE-2002-0285 | 1 Microsoft | 1 Outlook Express | 2024-02-28 | 7.5 HIGH | N/A |
| Outlook Express 5.5 and 6.0 on Windows treats a carriage return ("CR") in a message header as if it were a valid carriage return/line feed combination (CR/LF), which could allow remote attackers to bypass virus protection and or other filtering mechanisms via a mail message with headers that only contain the CR, which causes Outlook to create separate headers. | |||||
| CVE-2003-0001 | 4 Freebsd, Linux, Microsoft and 1 more | 5 Freebsd, Linux Kernel, Windows 2000 and 2 more | 2024-02-28 | 5.0 MEDIUM | N/A |
| Multiple ethernet Network Interface Card (NIC) device drivers do not pad frames with null bytes, which allows remote attackers to obtain information from previous packets or kernel memory by using malformed packets, as demonstrated by Etherleak. | |||||