VYPR

Windows 98

by Microsoft

CVEs (93)

  • CVE-1999-1593Jan 15, 2009
    risk 0.01cvss epss 0.18

    Windows Internet Naming Service (WINS) allows remote attackers to cause a denial of service (connectivity loss) or steal credentials via a 1Ch registration that causes WINS to change the domain controller to point to a malicious server. NOTE: this problem may be limited when…

  • CVE-2005-1214Jun 14, 2005
    risk 0.01cvss epss 0.13

    Microsoft Agent allows remote attackers to spoof trusted Internet content and execute arbitrary code by disguising security prompts on a malicious Web page.

  • CVE-2005-1793Jun 1, 2005
    risk 0.01cvss epss 0.07

    User32.DLL in Microsoft Windows 98SE, and possibly other operating systems, allows local and remote attackers to cause a denial of service (crash) via an icon (.ico) bitmap file with large width and height values.

  • CVE-2003-0813Nov 17, 2003
    risk 0.01cvss epss 0.15

    A multi-threaded race condition in the Windows RPC DCOM functionality with the MS03-039 patch installed allows remote attackers to cause a denial of service (crash or reboot) by causing two threads to process the same RPC request, which causes one thread to use memory after it…

  • CVE-2002-1258Dec 23, 2002
    risk 0.01cvss epss 0.15

    Two vulnerabilities in Microsoft Virtual Machine (VM) up to and including build 5.0.3805, as used in Internet Explorer and other applications, allow remote attackers to read files via a Java applet with a spoofed location in the CODEBASE parameter in the APPLET tag, possibly due…

  • CVE-2002-1257Dec 23, 2002
    risk 0.01cvss epss 0.15

    Microsoft Virtual Machine (VM) up to and including build 5.0.3805 allows remote attackers to execute arbitrary code by including a Java applet that invokes COM (Component Object Model) objects in a web site or an HTML mail.

  • CVE-2002-1325Dec 23, 2002
    risk 0.01cvss epss 0.14

    Microsoft Virtual Machine (VM) build 5.0.3805 and earlier allows remote attackers to determine a local user's username via a Java applet that accesses the user.dir system property, aka "User.dir Exposure Vulnerability."

  • CVE-2002-1260Dec 23, 2002
    risk 0.01cvss epss 0.15

    The Java Database Connectivity (JDBC) APIs in Microsoft Virtual Machine (VM) 5.0.3805 and earlier allow remote attackers to bypass security checks and access database contents via an untrusted Java applet.

  • CVE-2002-0694Oct 10, 2002
    risk 0.01cvss epss 0.14

    The HTML Help facility in Microsoft Windows 98, 98 Second Edition, Millennium Edition, NT 4.0, NT 4.0 Terminal Server Edition, Windows 2000, and Windows XP uses the Local Computer Security Zone when opening .chm files from the Temporary Internet Files folder, which allows remote…

  • CVE-2002-0699Oct 4, 2002
    risk 0.01cvss epss 0.07

    Unknown vulnerability in the Certificate Enrollment ActiveX Control in Microsoft Windows 98, Windows 98 Second Edition, Windows Millennium, Windows NT 4.0, Windows 2000, and Windows XP allow remote attackers to delete digital certificates on a user's system via HTML.

  • CVE-2002-0070Mar 15, 2002
    risk 0.01cvss epss 0.20

    Buffer overflow in Windows Shell (used as the Windows Desktop) allows local and possibly remote attackers to execute arbitrary code via a custom URL handler that has not been removed for an application that has been improperly uninstalled.

  • CVE-2001-0721Dec 6, 2001
    risk 0.01cvss epss 0.17

    Universal Plug and Play (UPnP) in Windows 98, 98SE, ME, and XP allows remote attackers to cause a denial of service (memory consumption or crash) via a malformed UPnP request.

  • CVE-2001-0238Jul 2, 2001
    risk 0.01cvss epss 0.16

    Microsoft Data Access Component Internet Publishing Provider 8.103.2519.0 and earlier allows remote attackers to bypass Security Zone restrictions via WebDAV requests.

  • CVE-2000-0980Dec 19, 2000
    risk 0.01cvss epss 0.13

    NMPI (Name Management Protocol on IPX) listener in Microsoft NWLink does not properly filter packets from a broadcast address, which allows remote attackers to cause a broadcast storm and flood the network.

  • CVE-2000-1003Dec 11, 2000
    risk 0.01cvss epss 0.13

    NETBIOS client in Windows 95 and Windows 98 allows a remote attacker to cause a denial of service by changing a file sharing service to return an unknown driver type, which causes the client to crash.

  • CVE-2000-1079Aug 29, 2000
    risk 0.01cvss epss 0.18

    Interactions between the CIFS Browser Protocol and NetBIOS as implemented in Microsoft Windows 95, 98, NT, and 2000 allow remote attackers to modify dynamic NetBIOS name cache entries via a spoofed Browse Frame Request in a unicast or UDP broadcast datagram.

  • CVE-2000-0612Jun 29, 2000
    risk 0.01cvss epss 0.09

    Windows 95 and Windows 98 do not properly process spoofed ARP packets, which allows remote attackers to overwrite static entries in the cache table.

  • CVE-2000-0404May 25, 2000
    risk 0.01cvss epss 0.20

    The CIFS Computer Browser service allows remote attackers to cause a denial of service by sending a ResetBrowser frame to the Master Browser, aka the "ResetBrowser Frame" vulnerability.

  • CVE-1999-0387Nov 29, 1999
    risk 0.01cvss epss 0.08

    A legacy credential caching mechanism used in Windows 95 and Windows 98 systems allows attackers to read plaintext network passwords.

  • CVE-1999-0909Sep 20, 1999
    risk 0.01cvss epss 0.12

    Multihomed Windows systems allow a remote attacker to bypass IP source routing restrictions via a malformed packet with IP options, aka the "Spoofed Route Pointer" vulnerability.

Page 4 of 5