Vulnerabilities (CVE)

Filtered by vendor Microsoft Subscribe
Total 19843 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-1999-1254 1 Microsoft 3 Windows 95, Windows 98, Windows Nt 2024-02-28 5.0 MEDIUM N/A
Windows 95, 98, and NT 4.0 allow remote attackers to cause a denial of service by spoofing ICMP redirect messages from a router, which causes Windows to change its routing tables.
CVE-2002-1292 1 Microsoft 1 Java Virtual Machine 2024-02-28 7.5 HIGH N/A
The Microsoft Java virtual machine (VM) build 5.0.3805 and earlier, as used in Internet Explorer, allows remote attackers to extend the Standard Security Manager (SSM) class (com.ms.security.StandardSecurityManager) and bypass intended StandardSecurityManager restrictions by modifying the (1) deniedDefinitionPackages or (2) deniedAccessPackages settings, causing a denial of service by adding Java applets to the list of applets that are prevented from running.
CVE-2002-0373 1 Microsoft 1 Windows Media Player 2024-02-28 7.2 HIGH N/A
The Windows Media Device Manager (WMDM) Service in Microsoft Windows Media Player 7.1 on Windows 2000 systems allows local users to obtain LocalSystem rights via a program that calls the WMDM service to connect to an invalid local storage device, aka "Privilege Elevation through Windows Media Device Manager Service".
CVE-2004-0121 1 Microsoft 2 Office, Outlook 2024-02-28 7.5 HIGH N/A
Argument injection vulnerability in Microsoft Outlook 2002 does not sufficiently filter parameters of mailto: URLs when using them as arguments when calling OUTLOOK.EXE, which allows remote attackers to use script code in the Local Machine zone and execute arbitrary programs.
CVE-1999-0999 1 Microsoft 1 Sql Server 2024-02-28 4.3 MEDIUM N/A
Microsoft SQL 7.0 server allows a remote attacker to cause a denial of service via a malformed TDS packet.
CVE-2004-2179 1 Microsoft 2 Frontpage, Ie 2024-02-28 5.0 MEDIUM N/A
asycpict.dll, as used in Microsoft products such as Front Page 97 and 98, allows remote attackers to cause a denial of service (hang) via a JPEG image with maximum height and width values.
CVE-2000-0886 1 Microsoft 2 Internet Information Server, Internet Information Services 2024-02-28 7.5 HIGH N/A
IIS 5.0 allows remote attackers to execute arbitrary commands via a malformed request for an executable file whose name is appended with operating system commands, aka the "Web Server File Request Parsing" vulnerability.
CVE-2003-0604 1 Microsoft 1 Windows Media Player 2024-02-28 7.5 HIGH N/A
Windows Media Player (WMP) 7 and 8, as running on Internet Explorer and possibly other Microsoft products that process HTML, allows remote attackers to bypass zone restrictions and access or execute arbitrary files via an IFRAME tag pointing to an ASF file whose Content-location contains a File:// URL.
CVE-2003-1275 1 Microsoft 1 Pocket Ie 2024-02-28 5.0 MEDIUM N/A
Pocket Internet Explorer (PIE) 3.0 allows remote attackers to cause a denial of service (crash) via a Javascript function that uses the object.innerHTML function to recursively call that function.
CVE-2001-0147 1 Microsoft 1 Windows 2000 2024-02-28 10.0 HIGH N/A
Buffer overflow in Windows 2000 event viewer snap-in allows attackers to execute arbitrary commands via a malformed field that is improperly handled during the detailed view of event records.
CVE-2002-2185 6 Debian, Mandrakesoft, Microsoft and 3 more 11 Debian Linux, Mandrake Linux, Windows 98 and 8 more 2024-02-28 4.9 MEDIUM N/A
The Internet Group Management Protocol (IGMP) allows local users to cause a denial of service via an IGMP membership report to a target's Ethernet address instead of the Multicast group address, which causes the target to stop sending reports to the router and effectively disconnect the group from the network.
CVE-2001-0500 1 Microsoft 3 Index Server, Indexing Service, Internet Information Server 2024-02-28 10.0 HIGH N/A
Buffer overflow in ISAPI extension (idq.dll) in Index Server 2.0 and Indexing Service 2000 in IIS 6.0 beta and earlier allows remote attackers to execute arbitrary commands via a long argument to Internet Data Administration (.ida) and Internet Data Query (.idq) files such as default.ida, as commonly exploited by Code Red.
CVE-2002-1933 1 Microsoft 1 Windows 2000 Terminal Services 2024-02-28 7.2 HIGH N/A
The terminal services screensaver for Microsoft Windows 2000 does not automatically lock the terminal window if the window is minimized, which could allow local users to gain access to the terminal server window.
CVE-1999-0524 11 Apple, Cisco, Hp and 8 more 14 Mac Os X, Macos, Ios and 11 more 2024-02-28 2.1 LOW N/A
ICMP information such as (1) netmask and (2) timestamp is allowed from arbitrary hosts.
CVE-2004-1173 1 Microsoft 1 Internet Explorer 2024-02-28 7.5 HIGH N/A
Internet Explorer 6 allows remote attackers to bypass the popup blocker via the document object model (DOM) methods in the DHTML Dynamic HTML (DHTML) Editing Component (DEC) and Javascript that calls showModalDialog.
CVE-1999-1093 1 Microsoft 1 Internet Explorer 2024-02-28 5.1 MEDIUM N/A
Buffer overflow in the Window.External function in the JScript Scripting Engine in Internet Explorer 4.01 SP1 and earlier allows remote attackers to execute arbitrary commands via a malicious web page.
CVE-2000-0325 1 Microsoft 1 Jet 2024-02-28 7.2 HIGH N/A
The Microsoft Jet database engine allows an attacker to execute commands via a database query, aka the "VBA Shell" vulnerability.
CVE-2000-0851 1 Microsoft 1 Windows 2000 2024-02-28 4.6 MEDIUM N/A
Buffer overflow in the Still Image Service in Windows 2000 allows local users to gain additional privileges via a long WM_USER message, aka the "Still Image Service Privilege Escalation" vulnerability.
CVE-1999-1520 1 Microsoft 1 Site Server 2024-02-28 5.0 MEDIUM N/A
A configuration problem in the Ad Server Sample directory (AdSamples) in Microsoft Site Server 3.0 allows an attacker to obtain the SITE.CSC file, which exposes sensitive SQL database information.
CVE-2002-1705 1 Microsoft 1 Internet Explorer 2024-02-28 5.0 MEDIUM N/A
Microsoft Internet Explorer 5.5 through 6.0 allows remote attackers to cause a denial of service (crash) via a Cascading Style Sheet (CSS) with the p{cssText} element declared and a bold font weight.