Vulnerabilities (CVE)

Filtered by vendor Microsoft Subscribe
Total 19844 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2001-1219 1 Microsoft 1 Internet Explorer 2024-02-28 5.0 MEDIUM N/A
Microsoft Internet Explorer 6.0 and earlier allows malicious website operators to cause a denial of service (client crash) via JavaScript that continually refreshes the window via self.location.
CVE-1999-1217 1 Microsoft 1 Windows Nt 2024-02-28 4.6 MEDIUM N/A
The PATH in Windows NT includes the current working directory (.), which could allow local users to gain privileges by placing Trojan horse programs with the same name as commonly used system programs into certain directories.
CVE-1999-0717 1 Microsoft 5 Excel, Windows 2000, Windows 95 and 2 more 2024-02-28 2.6 LOW N/A
A remote attacker can disable the virus warning mechanism in Microsoft Excel 97.
CVE-2002-1137 1 Microsoft 2 Data Engine, Sql Server 2024-02-28 7.5 HIGH N/A
Buffer overflow in the Database Console Command (DBCC) that handles user inputs in Microsoft SQL Server 7.0 and 2000, including Microsoft Data Engine (MSDE) 1.0 and Microsoft Desktop Engine (MSDE) 2000, allows attackers to execute arbitrary code via a long SourceDB argument in a "non-SQL OLEDB data source" such as FoxPro, a variant of CAN-2002-0644.
CVE-2000-0202 1 Microsoft 2 Data Engine, Sql Server 2024-02-28 7.5 HIGH N/A
Microsoft SQL Server 7.0 and Microsoft Data Engine (MSDE) 1.0 allow remote attackers to gain privileges via a malformed Select statement in an SQL query.
CVE-2002-1145 1 Microsoft 2 Data Engine, Sql Server 2024-02-28 10.0 HIGH N/A
The xp_runwebtask stored procedure in the Web Tasks component of Microsoft SQL Server 7.0 and 2000, Microsoft Data Engine (MSDE) 1.0, and Microsoft Desktop Engine (MSDE) 2000 can be executed by PUBLIC, which allows an attacker to gain privileges by updating a webtask that is owned by the database owner through the msdb.dbo.mswebtasks table, which does not have strong permissions.
CVE-2000-1084 1 Microsoft 2 Data Engine, Sql Server 2024-02-28 4.6 MEDIUM N/A
The xp_updatecolvbm function in SQL Server and Microsoft SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP), which allows an attacker to cause a denial of service or execute arbitrary commands, aka the "Extended Stored Procedure Parameter Parsing" vulnerability.
CVE-2000-1085 1 Microsoft 2 Data Engine, Sql Server 2024-02-28 4.6 MEDIUM N/A
The xp_peekqueue function in Microsoft SQL Server 2000 and SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP), which allows an attacker to cause a denial of service or execute arbitrary commands, aka the "Extended Stored Procedure Parameter Parsing" vulnerability.
CVE-2003-0113 1 Microsoft 2 Ie, Internet Explorer 2024-02-28 7.5 HIGH N/A
Buffer overflow in URLMON.DLL in Microsoft Internet Explorer 5.01, 5.5 and 6.0 allows remote attackers to execute arbitrary code via an HTTP response containing long values in (1) Content-type and (2) Content-encoding fields.
CVE-1999-0876 1 Microsoft 2 Ie, Internet Explorer 2024-02-28 10.0 HIGH N/A
Buffer overflow in Internet Explorer 4.0 via EMBED tag.
CVE-2001-0281 1 Microsoft 1 Windows Nt 2024-02-28 7.2 HIGH N/A
Format string vulnerability in DbgPrint function, used in debug messages for some Windows NT drivers (possibly when called through DebugMessage), may allow local users to gain privileges.
CVE-2002-1287 1 Microsoft 1 Java Virtual Machine 2024-02-28 5.0 MEDIUM N/A
Stack-based buffer overflow in the Microsoft Java implementation, as used in Internet Explorer, allows remote attackers to cause a denial of service via a long class name through (1) Class.forName or (2) ClassLoader.loadClass.
CVE-1999-0917 1 Microsoft 1 Internet Explorer 2024-02-28 5.1 MEDIUM N/A
The Preloader ActiveX control used by Internet Explorer allows remote attackers to read arbitrary files.
CVE-2001-0504 1 Microsoft 1 Windows 2000 2024-02-28 7.5 HIGH N/A
Vulnerability in authentication process for SMTP service in Microsoft Windows 2000 allows remote attackers to use incorrect credentials to gain privileges and conduct activities such as mail relaying.
CVE-2000-0304 1 Microsoft 2 Internet Information Server, Internet Information Services 2024-02-28 5.0 MEDIUM N/A
Microsoft IIS 4.0 and 5.0 with the IISADMPWD virtual directory installed allows a remote attacker to cause a denial of service via a malformed request to the inetinfo.exe program, aka the "Undelimited .HTR Request" vulnerability.
CVE-1999-0899 1 Microsoft 1 Windows Nt 2024-02-28 7.2 HIGH N/A
The Windows NT 4.0 print spooler allows a local user to execute arbitrary commands due to inappropriate permissions that allow the user to specify an alternate print provider.
CVE-1999-0793 1 Microsoft 1 Internet Explorer 2024-02-28 2.6 LOW N/A
Internet Explorer allows remote attackers to read files by redirecting data to a Javascript applet.
CVE-2003-1342 2 Microsoft, Trend Micro 2 Internet Information Server, Virus Control System 2024-02-28 5.0 MEDIUM N/A
Trend Micro Virus Control System (TVCS) 1.8 running with IIS allows remote attackers to cause a denial of service (memory consumption) in IIS via multiple URL requests for ActiveSupport.exe.
CVE-2000-1083 1 Microsoft 2 Data Engine, Sql Server 2024-02-28 2.1 LOW N/A
The xp_showcolv function in SQL Server and Microsoft SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP), which allows an attacker to cause a denial of service or execute arbitrary commands, aka the "Extended Stored Procedure Parameter Parsing" vulnerability.
CVE-2002-1716 1 Microsoft 1 Office 2024-02-28 5.0 MEDIUM N/A
The Host() function in the Microsoft spreadsheet component on Microsoft Office XP allows remote attackers to create arbitrary files using the SaveAs capability.