Vulnerabilities (CVE)

Filtered by vendor Microsoft Subscribe
Total 19327 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2006-0008 1 Microsoft 3 Office, Windows 2003 Server, Windows Xp 2024-02-04 7.2 HIGH N/A
The ShellAbout API call in Korean Input Method Editor (IME) in Korean versions of Microsoft Windows XP SP1 and SP2, Windows Server 2003 up to SP1, and Office 2003, allows local users to gain privileges by launching the "shell about dialog box" and clicking the "End-User License Agreement" link, which executes Notepad with the privileges of the program that displays the about box.
CVE-2005-0688 1 Microsoft 2 Windows 2003 Server, Windows Xp 2024-02-04 5.0 MEDIUM N/A
Windows Server 2003 and XP SP2, with Windows Firewall turned off, allows remote attackers to cause a denial of service (CPU consumption) via a TCP packet with the SYN flag set and the same destination and source address and port, aka a reoccurrence of the "Land" vulnerability (CVE-1999-0016).
CVE-2006-2388 1 Microsoft 2 Excel, Excel Viewer 2024-02-04 9.3 HIGH N/A
Microsoft Office Excel 2000 through 2004 allows user-assisted attackers to execute arbitrary code via malformed cell comments, which lead to modification of "critical data offsets" during the rebuilding process.
CVE-2006-4219 1 Microsoft 1 Ie 2024-02-04 7.5 HIGH N/A
The Terminal Services COM object (tsuserex.dll) allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by instantiating it as an ActiveX object in Internet Explorer 6.0 SP1 on Microsoft Windows 2003 EE SP1 CN.
CVE-2005-1664 1 Microsoft 1 Asp.net 2024-02-04 6.4 MEDIUM N/A
The __VIEWSTATE functionality in Microsoft ASP.NET 1.x allows remote attackers to conduct replay attacks to (1) apply a ViewState generated from one view to a different view, (2) reuse ViewState information after the application's state has changed, or (3) use the ViewState to conduct attacks or expose content to third parties.
CVE-2005-0048 1 Microsoft 2 Windows 2000, Windows Xp 2024-02-04 7.5 HIGH N/A
Microsoft Windows XP SP2 and earlier, 2000 SP3 and SP4, Server 2003, and older operating systems allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted IP packets with malformed options, aka the "IP Validation Vulnerability."
CVE-2005-0059 1 Microsoft 4 Windows 2000, Windows 98, Windows 98se and 1 more 2024-02-04 10.0 HIGH N/A
Buffer overflow in the Message Queuing component of Microsoft Windows 2000 and Windows XP SP1 allows remote attackers to execute arbitrary code via a crafted message.
CVE-2006-3074 2 Kaspersky, Microsoft 4 Kaspersky Anti-virus, Kaspersky Internet Security, Windows and 1 more 2024-02-04 5.0 MEDIUM N/A
klif.sys in Kaspersky Internet Security 6.0 and 7.0, Kaspersky Anti-Virus (KAV) 6.0 and 7.0, KAV 6.0 for Windows Workstations, and KAV 6.0 for Windows Servers does not validate certain parameters to the (1) NtCreateKey, (2) NtCreateProcess, (3) NtCreateProcessEx, (4) NtCreateSection, (5) NtCreateSymbolicLinkObject, (6) NtCreateThread, (7) NtDeleteValueKey, (8) NtLoadKey2, (9) NtOpenKey, (10) NtOpenProcess, (11) NtOpenSection, and (12) NtQueryValueKey hooked system calls, which allows local users to cause a denial of service (reboot) via an invalid parameter, as demonstrated by the ClientId parameter to NtOpenProcess.
CVE-2006-3450 1 Microsoft 2 Ie, Internet Explorer 2024-02-04 7.5 HIGH N/A
Microsoft Internet Explorer 6 allows remote attackers to execute arbitrary code by using the document.getElementByID Javascript function to access crafted Cascading Style Sheet (CSS) elements, and possibly other unspecified vectors involving certain layout positioning combinations in an HTML file.
CVE-2005-1981 1 Microsoft 2 Windows 2000, Windows 2003 Server 2024-02-04 2.1 LOW N/A
Unknown vulnerability in Microsoft Windows 2000 Server and Windows Server 2003 domain controllers allows remote authenticated users to cause a denial of service (system crash) via a crafted Kerberos message.
CVE-2006-4627 1 Microsoft 1 System Information Activex Control 2024-02-04 5.0 MEDIUM N/A
System Information ActiveX control (msinfo.dll), when accessed via Microsoft Internet Explorer, allows remote attackers to cause a denial of service (crash) via a SaveFile function with a long (1) computer and possibly (2) filename and (3) category argument.
CVE-2006-3640 1 Microsoft 2 Ie, Internet Explorer 2024-02-04 5.0 MEDIUM N/A
Microsoft Internet Explorer 5.01 and 6 allows certain script to persist across navigations between pages, which allows remote attackers to obtain the window location of visited web pages in other domains or zones, aka "Window Location Information Disclosure Vulnerability."
CVE-2004-2383 1 Microsoft 2 Ie, Internet Explorer 2024-02-04 5.1 MEDIUM N/A
Microsoft Internet Explorer 5.0 through 6.0 allows remote attackers to bypass cross-frame scripting restrictions and capture keyboard events from other domains via an HTML document with Javascript that is outside a frameset that includes the target domain, then forcing the frameset to maintain focus. NOTE: the discloser claimed that the vendor does not categorize this as a vulnerability, but it can be used in a spoofing scenario; the discloser provides alternate scenarios. Spoofing scenarios are currently included in CVE.
CVE-2006-0057 1 Microsoft 2 Ie, Internet Explorer 2024-02-04 7.5 HIGH N/A
Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to bypass the Kill bit settings for dangerous ActiveX controls via unknown vectors involving crafted HTML, which can expose the browser to attacks that would otherwise be prevented by the Kill bit setting. NOTE: CERT/CC claims that MS05-054 fixes this issue, but it is not described in MS05-054.
CVE-2006-0753 1 Microsoft 1 Ie 2024-02-04 2.6 LOW N/A
Memory leak in Microsoft Internet Explorer 6 for Windows XP Service Pack 2 allows remote attackers to cause a denial of service (memory consumption) via JavaScript that uses setInterval to repeatedly call a function to set the value of window.status.
CVE-2006-3493 1 Microsoft 1 Office 2024-02-04 5.1 MEDIUM N/A
Buffer overflow in LsCreateLine function (mso_203) in mso.dll and mso9.dll, as used by Microsoft Word and possibly other products in Microsoft Office 2003, 2002, and 2000, allows remote user-assisted attackers to cause a denial of service (crash) via a crafted Word DOC or other Office file type. NOTE: this issue was originally reported to allow code execution, but on 20060710 Microsoft stated that code execution is not possible, and the original researcher agrees.
CVE-2005-3483 2 Graphon, Microsoft 2 Go-global, Windows 2024-02-04 7.5 HIGH N/A
Buffer overflow in GO-Global for Windows 3.1.0.3270 and earlier allows remote attackers to execute arbitrary code via a data block that is longer than the specified data block size.
CVE-2005-1219 1 Microsoft 1 Image Color Management 2024-02-04 7.5 HIGH N/A
Buffer overflow in the Microsoft Color Management Module for Windows allows remote attackers to execute arbitrary code via an image with crafted ICC profile format tags.
CVE-2005-0738 1 Microsoft 1 Exchange Server 2024-02-04 5.0 MEDIUM N/A
Stack consumption vulnerability in Microsoft Exchange Server 2003 SP1 allows users to cause a denial of service (hang) by deleting or moving a folder with deeply nested subfolders, which causes Microsoft Exchange Information Store service (Store.exe) to hang as a result of a large number of recursive calls.
CVE-2006-3354 2 Canon, Microsoft 3 Network Camera Server Vb101, Ie, Internet Explorer 2024-02-04 5.0 MEDIUM N/A
Microsoft Internet Explorer 6 allows remote attackers to cause a denial of service (crash) by setting the Filter property of an ADODB.Recordset ActiveX object to certain values multiple times, which triggers a null dereference.