Vulnerabilities (CVE)

Filtered by vendor Microsoft Subscribe
Total 19961 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2003-0300 8 Microsoft, Mozilla, Mutt and 5 more 8 Outlook Express, Mozilla, Mutt and 5 more 2024-02-28 5.0 MEDIUM N/A
The IMAP Client for Sylpheed 0.8.11 allows remote malicious IMAP servers to cause a denial of service (crash) via certain large literal size values that cause either integer signedness errors or integer overflow errors.
CVE-2000-0581 1 Microsoft 1 Windows 2000 2024-02-28 5.0 MEDIUM N/A
Windows 2000 Telnet Server allows remote attackers to cause a denial of service by sending a continuous stream of binary zeros, which causes the server to crash.
CVE-2004-1324 1 Microsoft 1 Windows Media Player 2024-02-28 2.6 LOW N/A
The Microsoft Windows Media Player 9.0 ActiveX control may allow remote attackers to execute arbitrary web script in the Local computer zone via the (1) artist or (2) song fields of a music file, if the file is processed using Internet Explorer.
CVE-2002-2028 1 Microsoft 3 Windows 2000, Windows Nt, Windows Xp 2024-02-28 2.1 LOW N/A
The screensaver on Windows NT 4.0, 2000, XP, and 2002 does not verify if a domain account has already been locked when a valid password is provided, which makes it easier for users with physical access to conduct brute force password guessing.
CVE-2002-2062 1 Microsoft 1 Internet Explorer 2024-02-28 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in ftp.htt in Internet Explorer 5.5 and 6.0, when running on Windows 2000 with "Enable folder view for FTP sites" and "Enable Web content in folders" selected, allows remote attackers to inject arbitrary web script or HTML via the hostname portion of an FTP URL.
CVE-2000-0753 1 Microsoft 1 Outlook 2024-02-28 5.0 MEDIUM N/A
The Microsoft Outlook mail client identifies the physical path of the sender's machine within a winmail.dat attachment to Rich Text Format (RTF) files.
CVE-2004-0122 1 Microsoft 1 Msn Messenger 2024-02-28 5.0 MEDIUM N/A
Microsoft MSN Messenger 6.0 and 6.1 does not properly handle certain requests, which allows remote attackers to read arbitrary files.
CVE-2000-0742 1 Microsoft 2 Windows 95, Windows 98 2024-02-28 5.0 MEDIUM N/A
The IPX protocol implementation in Microsoft Windows 95 and 98 allows remote attackers to cause a denial of service by sending a ping packet with a source IP address that is a broadcast address, aka the "Malformed IPX Ping Packet" vulnerability.
CVE-2004-0717 3 Linux, Microsoft, Opera 3 Linux Kernel, Windows, Opera Browser 2024-02-28 7.5 HIGH N/A
Opera 7.51 for Windows and 7.50 for Linux does not properly prevent a frame in one domain from injecting content into a frame that belongs to another domain, which facilitates web site spoofing and other attacks, aka the frame injection vulnerability.
CVE-2002-0622 1 Microsoft 1 Commerce Server 2024-02-28 7.5 HIGH N/A
The Office Web Components (OWC) package installer for Microsoft Commerce Server 2000 allows remote attackers to execute commands by passing the commands as input to the OWC package installer, aka "OWC Package Command Execution".
CVE-2000-1209 2 Compaq, Microsoft 4 Insight Manager, Insight Manager Xe, Data Engine and 1 more 2024-02-28 10.0 HIGH N/A
The "sa" account is installed with a default null password on (1) Microsoft SQL Server 2000, (2) SQL Server 7.0, and (3) Data Engine (MSDE) 1.0, including third party packages that use these products such as (4) Tumbleweed Secure Mail (MMS) (5) Compaq Insight Manager, and (6) Visio 2000, which allows remote attackers to gain privileges, as exploited by worms such as Voyager Alpha Force and Spida.
CVE-2002-0057 1 Microsoft 4 Internet Explorer, Sql Server, Windows Xp and 1 more 2024-02-28 5.0 MEDIUM N/A
XMLHTTP control in Microsoft XML Core Services 2.6 and later does not properly handle IE Security Zone settings, which allows remote attackers to read arbitrary files by specifying a local file as an XML Data Source.
CVE-2003-0348 1 Microsoft 1 Windows Media Player 2024-02-28 6.4 MEDIUM N/A
A certain Microsoft Windows Media Player 9 Series ActiveX control allows remote attackers to view and manipulate the Media Library on the local system via HTML script.
CVE-2000-0071 1 Microsoft 2 Internet Information Server, Internet Information Services 2024-02-28 5.0 MEDIUM N/A
IIS 4.0 allows a remote attacker to obtain the real pathname of the document root by requesting non-existent files with .ida or .idq extensions.
CVE-1999-0233 1 Microsoft 1 Internet Information Services 2024-02-28 10.0 HIGH N/A
IIS 1.0 allows users to execute arbitrary commands using .bat or .cmd files.
CVE-2002-0023 1 Microsoft 1 Internet Explorer 2024-02-28 5.0 MEDIUM N/A
Internet Explorer 5.01, 5.5 and 6.0 allows remote attackers to read arbitrary files via malformed requests to the GetObject function, which bypass some of GetObject's security checks.
CVE-2000-0970 1 Microsoft 2 Internet Information Server, Internet Information Services 2024-02-28 7.5 HIGH N/A
IIS 4.0 and 5.0 .ASP pages send the same Session ID cookie for secure and insecure web sessions, which could allow remote attackers to hijack the secure web session of the user if that user moves to an insecure session, aka the "Session ID Cookie Marking" vulnerability.
CVE-2001-1219 1 Microsoft 1 Internet Explorer 2024-02-28 5.0 MEDIUM N/A
Microsoft Internet Explorer 6.0 and earlier allows malicious website operators to cause a denial of service (client crash) via JavaScript that continually refreshes the window via self.location.
CVE-1999-1217 1 Microsoft 1 Windows Nt 2024-02-28 4.6 MEDIUM N/A
The PATH in Windows NT includes the current working directory (.), which could allow local users to gain privileges by placing Trojan horse programs with the same name as commonly used system programs into certain directories.
CVE-1999-0717 1 Microsoft 5 Excel, Windows 2000, Windows 95 and 2 more 2024-02-28 2.6 LOW N/A
A remote attacker can disable the virus warning mechanism in Microsoft Excel 97.