Filtered by vendor Microsoft
Subscribe
Total
19961 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2002-0373 | 1 Microsoft | 1 Windows Media Player | 2024-02-28 | 7.2 HIGH | N/A |
The Windows Media Device Manager (WMDM) Service in Microsoft Windows Media Player 7.1 on Windows 2000 systems allows local users to obtain LocalSystem rights via a program that calls the WMDM service to connect to an invalid local storage device, aka "Privilege Elevation through Windows Media Device Manager Service". | |||||
CVE-2004-0121 | 1 Microsoft | 2 Office, Outlook | 2024-02-28 | 7.5 HIGH | N/A |
Argument injection vulnerability in Microsoft Outlook 2002 does not sufficiently filter parameters of mailto: URLs when using them as arguments when calling OUTLOOK.EXE, which allows remote attackers to use script code in the Local Machine zone and execute arbitrary programs. | |||||
CVE-1999-0999 | 1 Microsoft | 1 Sql Server | 2024-02-28 | 4.3 MEDIUM | N/A |
Microsoft SQL 7.0 server allows a remote attacker to cause a denial of service via a malformed TDS packet. | |||||
CVE-2004-2179 | 1 Microsoft | 2 Frontpage, Ie | 2024-02-28 | 5.0 MEDIUM | N/A |
asycpict.dll, as used in Microsoft products such as Front Page 97 and 98, allows remote attackers to cause a denial of service (hang) via a JPEG image with maximum height and width values. | |||||
CVE-2000-0886 | 1 Microsoft | 2 Internet Information Server, Internet Information Services | 2024-02-28 | 7.5 HIGH | N/A |
IIS 5.0 allows remote attackers to execute arbitrary commands via a malformed request for an executable file whose name is appended with operating system commands, aka the "Web Server File Request Parsing" vulnerability. | |||||
CVE-2003-0604 | 1 Microsoft | 1 Windows Media Player | 2024-02-28 | 7.5 HIGH | N/A |
Windows Media Player (WMP) 7 and 8, as running on Internet Explorer and possibly other Microsoft products that process HTML, allows remote attackers to bypass zone restrictions and access or execute arbitrary files via an IFRAME tag pointing to an ASF file whose Content-location contains a File:// URL. | |||||
CVE-2003-1275 | 1 Microsoft | 1 Pocket Ie | 2024-02-28 | 5.0 MEDIUM | N/A |
Pocket Internet Explorer (PIE) 3.0 allows remote attackers to cause a denial of service (crash) via a Javascript function that uses the object.innerHTML function to recursively call that function. | |||||
CVE-2001-0147 | 1 Microsoft | 1 Windows 2000 | 2024-02-28 | 10.0 HIGH | N/A |
Buffer overflow in Windows 2000 event viewer snap-in allows attackers to execute arbitrary commands via a malformed field that is improperly handled during the detailed view of event records. | |||||
CVE-2002-2185 | 6 Debian, Mandrakesoft, Microsoft and 3 more | 11 Debian Linux, Mandrake Linux, Windows 98 and 8 more | 2024-02-28 | 4.9 MEDIUM | N/A |
The Internet Group Management Protocol (IGMP) allows local users to cause a denial of service via an IGMP membership report to a target's Ethernet address instead of the Multicast group address, which causes the target to stop sending reports to the router and effectively disconnect the group from the network. | |||||
CVE-2001-0500 | 1 Microsoft | 3 Index Server, Indexing Service, Internet Information Server | 2024-02-28 | 10.0 HIGH | N/A |
Buffer overflow in ISAPI extension (idq.dll) in Index Server 2.0 and Indexing Service 2000 in IIS 6.0 beta and earlier allows remote attackers to execute arbitrary commands via a long argument to Internet Data Administration (.ida) and Internet Data Query (.idq) files such as default.ida, as commonly exploited by Code Red. | |||||
CVE-2002-1933 | 1 Microsoft | 1 Windows 2000 Terminal Services | 2024-02-28 | 7.2 HIGH | N/A |
The terminal services screensaver for Microsoft Windows 2000 does not automatically lock the terminal window if the window is minimized, which could allow local users to gain access to the terminal server window. | |||||
CVE-1999-0524 | 11 Apple, Cisco, Hp and 8 more | 14 Mac Os X, Macos, Ios and 11 more | 2024-02-28 | 2.1 LOW | N/A |
ICMP information such as (1) netmask and (2) timestamp is allowed from arbitrary hosts. | |||||
CVE-2004-1173 | 1 Microsoft | 1 Internet Explorer | 2024-02-28 | 7.5 HIGH | N/A |
Internet Explorer 6 allows remote attackers to bypass the popup blocker via the document object model (DOM) methods in the DHTML Dynamic HTML (DHTML) Editing Component (DEC) and Javascript that calls showModalDialog. | |||||
CVE-1999-1093 | 1 Microsoft | 1 Internet Explorer | 2024-02-28 | 5.1 MEDIUM | N/A |
Buffer overflow in the Window.External function in the JScript Scripting Engine in Internet Explorer 4.01 SP1 and earlier allows remote attackers to execute arbitrary commands via a malicious web page. | |||||
CVE-2000-0325 | 1 Microsoft | 1 Jet | 2024-02-28 | 7.2 HIGH | N/A |
The Microsoft Jet database engine allows an attacker to execute commands via a database query, aka the "VBA Shell" vulnerability. | |||||
CVE-2000-0851 | 1 Microsoft | 1 Windows 2000 | 2024-02-28 | 4.6 MEDIUM | N/A |
Buffer overflow in the Still Image Service in Windows 2000 allows local users to gain additional privileges via a long WM_USER message, aka the "Still Image Service Privilege Escalation" vulnerability. | |||||
CVE-1999-1520 | 1 Microsoft | 1 Site Server | 2024-02-28 | 5.0 MEDIUM | N/A |
A configuration problem in the Ad Server Sample directory (AdSamples) in Microsoft Site Server 3.0 allows an attacker to obtain the SITE.CSC file, which exposes sensitive SQL database information. | |||||
CVE-2002-1705 | 1 Microsoft | 1 Internet Explorer | 2024-02-28 | 5.0 MEDIUM | N/A |
Microsoft Internet Explorer 5.5 through 6.0 allows remote attackers to cause a denial of service (crash) via a Cascading Style Sheet (CSS) with the p{cssText} element declared and a bold font weight. | |||||
CVE-2000-0298 | 1 Microsoft | 1 Windows 2000 | 2024-02-28 | 7.2 HIGH | N/A |
The unattended installation of Windows 2000 with the OEMPreinstall option sets insecure permissions for the All Users and Default Users directories. | |||||
CVE-1999-1367 | 1 Microsoft | 1 Internet Explorer | 2024-02-28 | 4.6 MEDIUM | N/A |
Internet Explorer 5.0 does not properly reset the username/password cache for Web sites that do not use standard cache controls, which could allow users on the same system to access restricted web sites that were visited by other users. |