Filtered by vendor Microsoft
Subscribe
Total
19372 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2003-0525 | 1 Microsoft | 1 Windows Nt | 2024-02-04 | 5.0 MEDIUM | N/A |
| The getCanonicalPath function in Windows NT 4.0 may free memory that it does not own and cause heap corruption, which allows attackers to cause a denial of service (crash) via requests that cause a long file name to be passed to getCanonicalPath, as demonstrated on the IBM JVM using a long string to the java.io.getCanonicalPath Java method. | |||||
| CVE-2002-0472 | 1 Microsoft | 1 Msn Messenger | 2024-02-04 | 5.0 MEDIUM | N/A |
| MSN Messenger Service 3.6, and possibly other versions, uses weak authentication when exchanging messages between clients, which allows remote attackers to spoof messages from other users. | |||||
| CVE-2003-0350 | 1 Microsoft | 1 Windows 2000 | 2024-02-04 | 4.6 MEDIUM | N/A |
| The control for listing accessibility options in the Accessibility Utility Manager on Windows 2000 (ListView) does not properly handle Windows messages, which allows local users to execute arbitrary code via a "Shatter" style message to the Utility Manager that references a user-controlled callback function. | |||||
| CVE-2000-0024 | 1 Microsoft | 3 Internet Information Server, Site Server, Site Server Commerce | 2024-02-04 | 6.4 MEDIUM | N/A |
| IIS does not properly canonicalize URLs, potentially allowing remote attackers to bypass access restrictions in third-party software via escape characters, aka the "Escape Character Parsing" vulnerability. | |||||
| CVE-2002-0034 | 1 Microsoft | 2 Windows 2000, Windows Xp | 2024-02-04 | 4.6 MEDIUM | N/A |
| The Microsoft CONVERT.EXE program, when used on Windows 2000 and Windows XP systems, does not apply the default NTFS permissions when converting a FAT32 file system, which could cause the conversion to produce a file system with less secure permissions than expected. | |||||
| CVE-2000-0942 | 1 Microsoft | 1 Indexing Service | 2024-02-04 | 5.1 MEDIUM | N/A |
| The CiWebHitsFile component in Microsoft Indexing Services for Windows 2000 allows remote attackers to conduct a cross site scripting (CSS) attack via a CiRestriction parameter in a .htw request, aka the "Indexing Services Cross Site Scripting" vulnerability. | |||||
| CVE-2003-0231 | 1 Microsoft | 2 Data Engine, Sql Server | 2024-02-04 | 5.0 MEDIUM | N/A |
| Microsoft SQL Server 7, 2000, and MSDE allows local or remote authenticated users to cause a denial of service (crash or hang) via a long request to a named pipe. | |||||
| CVE-2003-0664 | 1 Microsoft | 2 Word, Works | 2024-02-04 | 7.5 HIGH | N/A |
| Microsoft Word 2002, 2000, 97, and 98(J) does not properly check certain properties of a document, which allows attackers to bypass the macro security model and automatically execute arbitrary macros via a malicious document. | |||||
| CVE-2003-0114 | 1 Microsoft | 2 Ie, Internet Explorer | 2024-02-04 | 5.0 MEDIUM | N/A |
| The file upload control in Microsoft Internet Explorer 5.01, 5.5, and 6.0 allows remote attackers to automatically upload files from the local system via a web page containing a script to upload the files. | |||||
| CVE-2004-0502 | 1 Microsoft | 1 Outlook | 2024-02-04 | 5.0 MEDIUM | N/A |
| Outlook 2003, when replying to an e-mail message, stores certain files in a predictable location for the "src" of an img tag of the original message, which allows remote attackers to bypass zone restrictions and exploit other issues that rely on predictable locations, as demonstrated using a shell: URI. | |||||
| CVE-2001-0348 | 1 Microsoft | 1 Windows 2000 | 2024-02-04 | 5.0 MEDIUM | N/A |
| Microsoft Windows 2000 telnet service allows attackers to cause a denial of service (crash) via a long logon command that contains a backspace. | |||||
| CVE-2003-0666 | 1 Microsoft | 1 Wordperfect Converter | 2024-02-04 | 7.5 HIGH | N/A |
| Buffer overflow in Microsoft Wordperfect Converter allows remote attackers to execute arbitrary code via modified data offset and data size parameters in a Corel WordPerfect file. | |||||
| CVE-1999-0372 | 1 Microsoft | 3 Backoffice, Windows 2000, Windows Nt | 2024-02-04 | 2.1 LOW | N/A |
| The installer for BackOffice Server includes account names and passwords in a setup file (reboot.ini) which is not deleted. | |||||
| CVE-2000-0580 | 1 Microsoft | 1 Windows 2000 | 2024-02-04 | 5.0 MEDIUM | N/A |
| Windows 2000 Server allows remote attackers to cause a denial of service by sending a continuous stream of binary zeros to various TCP and UDP ports, which significantly increases the CPU utilization. | |||||
| CVE-2000-0211 | 1 Microsoft | 1 Windows Media Services | 2024-02-04 | 5.0 MEDIUM | N/A |
| The Windows Media server allows remote attackers to cause a denial of service via a series of client handshake packets that are sent in an improper sequence, aka the "Misordered Windows Media Services Handshake" vulnerability. | |||||
| CVE-1999-0280 | 1 Microsoft | 1 Internet Explorer | 2024-02-04 | 7.5 HIGH | N/A |
| Remote command execution in Microsoft Internet Explorer using .lnk and .url files. | |||||
| CVE-2002-0020 | 1 Microsoft | 2 Interix, Windows 2000 | 2024-02-04 | 7.5 HIGH | N/A |
| Buffer overflow in telnet server in Windows 2000 and Interix 2.2 allows remote attackers to execute arbitrary code via malformed protocol options. | |||||
| CVE-2002-0136 | 1 Microsoft | 1 Internet Explorer | 2024-02-04 | 5.0 MEDIUM | N/A |
| Microsoft Internet Explorer 5.5 on Windows 98 allows remote web pages to cause a denial of service (hang) via extremely long values for form fields such as INPUT and TEXTAREA, which can be automatically filled via Javascript. | |||||
| CVE-1999-0593 | 1 Microsoft | 1 Windows Nt | 2024-02-04 | 4.9 MEDIUM | N/A |
| The default setting for the Winlogon key entry ShutdownWithoutLogon in Windows NT allows users with physical access to shut down a Windows NT system without logging in. | |||||
| CVE-2000-1039 | 1 Microsoft | 5 Windows 95, Windows 98, Windows 98se and 2 more | 2024-02-04 | 5.0 MEDIUM | N/A |
| Various TCP/IP stacks and network applications allow remote attackers to cause a denial of service by flooding a target host with TCP connection attempts and completing the TCP/IP handshake without maintaining the connection state on the attacker host, aka the "NAPTHA" class of vulnerabilities. NOTE: this candidate may change significantly as the security community discusses the technical nature of NAPTHA and learns more about the affected applications. This candidate is at a higher level of abstraction than is typical for CVE. | |||||