VYPR

Windows 98

by Microsoft

CVEs (93)

  • CVE-2005-0057May 2, 2005
    risk 0.03cvss epss 0.41

    The Hyperlink Object Library for Windows 98, 2000, XP, and Server 2003 allows remote attackers to execute arbitrary code via a crafted link that triggers an "unchecked buffer" in the library, possibly due to a buffer overflow.

  • CVE-2005-0044May 2, 2005
    risk 0.03cvss epss 0.33

    The OLE component in Windows 98, 2000, XP, and Server 2003, and Exchange Server 5.0 through 2003, does not properly validate the lengths of messages for certain OLE data, which allows remote attackers to execute arbitrary code, aka the "Input Validation Vulnerability."

  • CVE-2004-0901Jan 10, 2005
    risk 0.03cvss epss 0.31

    Microsoft Word for Windows 6.0 Converter (MSWRD632.WPC), as used in WordPad, does not properly validate certain data lengths, which allows remote attackers to execute arbitrary code via a .wri, .rtf, and .doc file sent by email or malicious web site, aka "Font Conversion…

  • CVE-2004-0839Aug 18, 2004
    risk 0.03cvss epss 0.33

    Internet Explorer in Windows XP SP2, and other versions including 5.01 and 5.5, allows remote attackers to install arbitrary programs via a web page that uses certain styles and the AnchorClick behavior, popup windows, and drag-and-drop capabilities to drop the program in the…

  • CVE-2002-0053Mar 8, 2002
    risk 0.03cvss epss 0.38

    Buffer overflow in SNMP agent service in Windows 95/98/98SE, Windows NT 4.0, Windows 2000, and Windows XP allows remote attackers to cause a denial of service or execute arbitrary code via a malformed management request. NOTE: this candidate may be split or merged with other…

  • CVE-2001-0877Dec 20, 2001
    risk 0.03cvss epss 0.44

    Universal Plug and Play (UPnP) on Windows 98, 98SE, ME, and XP allows remote attackers to cause a denial of service via (1) a spoofed SSDP advertisement that causes the client to connect to a service on another machine that generates a large amount of traffic (e.g., chargen), or…

  • CVE-2000-0155Feb 18, 2000
    risk 0.03cvss epss 0.04

    Windows NT Autorun executes the autorun.inf file on non-removable media, which allows local attackers to specify an alternate program to execute when other users access a drive.

  • CVE-2000-0129Feb 4, 2000
    risk 0.03cvss epss 0.04

    Buffer overflow in the SHGetPathFromIDList function of the Serv-U FTP server allows attackers to cause a denial of service by performing a LIST command on a malformed .lnk file.

  • CVE-1999-0975Dec 10, 1999
    risk 0.03cvss epss 0.03

    The Windows help system can allow a local user to execute commands as another user by editing a table of contents metafile with a .CNT extension and modifying the topic action to include the commands to be executed when the .hlp file is accessed.

  • CVE-2006-1313Jun 13, 2006
    risk 0.02cvss epss 0.29

    Microsoft JScript 5.1, 5.5, and 5.6 on Windows 2000 SP4, and 5.6 on Windows XP, Server 2003, Windows 98 and Windows Me, will "release objects early" in certain cases, which results in memory corruption and allows remote attackers to execute arbitrary code.

  • CVE-2006-0012Apr 12, 2006
    risk 0.02cvss epss 0.24

    Unspecified vulnerability in Windows Explorer in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allows remote attackers to execute arbitrary code via attack vectors involving COM objects and "crafted files and directories," aka the "Windows Shell Vulnerability."

  • CVE-2006-0020Jan 10, 2006
    risk 0.02cvss epss 0.18

    An unspecified Microsoft WMF parsing application, as used in Internet Explorer 5.01 SP4 on Windows 2000 SP4, and 5.5 SP2 on Windows Millennium, and possibly other versions, allows attackers to cause a denial of service (crash) and possibly execute code via a crafted WMF file…

  • CVE-2005-1212Jun 14, 2005
    risk 0.02cvss epss 0.25

    Buffer overflow in Microsoft Step-by-Step Interactive Training (orun32.exe) allows remote attackers to execute arbitrary code via a bookmark link file (.cbo, cbl, or .cbm extension) with a long User field.

  • CVE-2004-0571Jan 10, 2005
    risk 0.02cvss epss 0.31

    Microsoft Word for Windows 6.0 Converter does not properly validate certain data lengths, which allows remote attackers to execute arbitrary code via a .wri, .rtf, and .doc file sent by email or malicious web site, aka "Table Conversion Vulnerability," a different vulnerability…

  • CVE-2004-1319Dec 15, 2004
    risk 0.02cvss epss 0.26

    The DHTML Edit Control (dhtmled.ocx) allows remote attackers to inject arbitrary web script into other domains by setting a name for a window, opening a child page whose target is the window with the given name, then injecting the script from the parent into the child using…

  • CVE-2004-0202Aug 6, 2004
    risk 0.02cvss epss 0.26

    IDirectPlay4 Application Programming Interface (API) of Microsoft DirectPlay 7.0a thru 9.0b, as used in Windows Server 2003 and earlier allows remote attackers to cause a denial of service (application crash) via a malformed packet.

  • CVE-2004-0123Jun 1, 2004
    risk 0.02cvss epss 0.30

    Double free vulnerability in the ASN.1 library as used in Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003, allows remote attackers to cause a denial of service and possibly execute arbitrary code.

  • CVE-2004-0117Jun 1, 2004
    risk 0.02cvss epss 0.26

    Unknown vulnerability in the H.323 protocol implementation in Windows 98, Windows 2000, Windows XP, and Windows Server 2003 allows remote attackers to execute arbitrary code.

  • CVE-2003-0010Mar 24, 2003
    risk 0.02cvss epss 0.24

    Integer overflow in JsArrayFunctionHeapSort function used by Windows Script Engine for JScript (JScript.dll) on various Windows operating system allows remote attackers to execute arbitrary code via a malicious web page or HTML e-mail that uses a large array index value that…

  • CVE-2000-0742Oct 20, 2000
    risk 0.02cvss epss 0.19

    The IPX protocol implementation in Microsoft Windows 95 and 98 allows remote attackers to cause a denial of service by sending a ping packet with a source IP address that is a broadcast address, aka the "Malformed IPX Ping Packet" vulnerability.