Frontpage
by Microsoft
CVEs (28)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2007-0671 | Hig | 0.73 | 8.8 | 0.42 | KEV | Feb 3, 2007 | Unspecified vulnerability in Microsoft Excel 2000, XP, 2003, and 2004 for Mac, and possibly other Office products, allows remote user-assisted attackers to execute arbitrary code via unknown attack vectors, as demonstrated by Exploit-MSExcel.h in targeted zero-day attacks. | |
| CVE-1999-0012 | Hig | 0.47 | 7.0 | 0.18 | Feb 6, 1998 | Some web servers under Microsoft Windows allow remote attackers to bypass access restrictions for files with long file names. | ||
| CVE-2008-4255 | 0.07 | — | 0.54 | Dec 10, 2008 | Heap-based buffer overflow in mscomct2.ocx (aka Windows Common ActiveX control or Microsoft Animation ActiveX control) in Microsoft Visual Basic 6.0, Visual Studio .NET 2002 SP1 and 2003 SP1, Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2, and Office Project 2003 SP3 and 2007 Gold… | |||
| CVE-2004-0200 | 0.07 | — | 0.49 | Sep 28, 2004 | Buffer overflow in the JPEG (JPG) parsing engine in the Microsoft Graphic Device Interface Plus (GDI+) component, GDIPlus.dll, allows remote attackers to execute arbitrary code via a JPEG image with a small JPEG COM field length that is normalized to a large integer length… | |||
| CVE-2000-0413 | 0.07 | — | 0.44 | May 6, 2000 | The shtml.exe program in the FrontPage extensions package of IIS 4.0 and 5.0 allows remote attackers to determine the physical path of HTML, HTM, ASP, and SHTML files by requesting a file that does not exist, which generates an error message that reveals the path. | |||
| CVE-1999-0681 | 0.05 | — | 0.20 | Mar 12, 2001 | Buffer overflow in Microsoft FrontPage Server Extensions (PWS) 3.0.2.926 on Windows 95, and possibly other versions, allows remote attackers to cause a denial of service via a long URL. | |||
| CVE-1999-0386 | 0.05 | — | 0.19 | Mar 1, 1999 | Microsoft Personal Web Server and FrontPage Personal Web Server in some Windows systems allows a remote attacker to read files on the server by using a nonstandard URL. | |||
| CVE-2000-0256 | 0.04 | — | 0.12 | Apr 19, 2000 | Buffer overflows in htimage.exe and Imagemap.exe in FrontPage 97 and 98 Server Extensions allow a user to conduct activities that are not otherwise available through the web site, aka the "Server-Side Image Map Components" vulnerability. | |||
| CVE-2000-0260 | 0.04 | — | 0.14 | Apr 14, 2000 | Buffer overflow in the dvwssr.dll DLL in Microsoft Visual Interdev 1.0 allows users to cause a denial of service or execute commands, aka the "Link View Server-Side Component" vulnerability. | |||
| CVE-1999-1016 | 0.04 | — | 0.08 | Aug 27, 1999 | Microsoft HTML control as used in (1) Internet Explorer 5.0, (2) FrontPage Express, (3) Outlook Express 5, and (4) Eudora, and possibly others, allows remote malicious web site or HTML emails to cause a denial of service (100% CPU consumption) via large HTML form fields such as… | |||
| CVE-2013-3137 | 0.03 | — | 0.32 | Sep 11, 2013 | Microsoft FrontPage 2003 SP3 does not properly parse DTDs, which allows remote attackers to obtain sensitive information via crafted XML data in a FrontPage document, aka "XML Disclosure Vulnerability." | |||
| CVE-2004-0573 | 0.03 | — | 0.42 | Sep 28, 2004 | Buffer overflow in the converter for Microsoft WordPerfect 5.x on Office 2000, Office XP, Office 2003, and Works Suites 2001 through 2004 allows remote attackers to execute arbitrary code via a malicious document or website. | |||
| CVE-2008-4256 | 0.02 | — | 0.21 | Dec 10, 2008 | The Charts ActiveX control in Microsoft Visual Basic 6.0, Visual Studio .NET 2002 SP1 and 2003 SP1, and Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2 does not properly handle errors during access to incorrectly initialized objects, which allows remote attackers to execute arbitrary… | |||
| CVE-2008-4254 | 0.02 | — | 0.22 | Dec 10, 2008 | Multiple integer overflows in the Hierarchical FlexGrid ActiveX control (mshflxgd.ocx) in Microsoft Visual Basic 6.0 and Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2 allow remote attackers to execute arbitrary code via crafted (1) Rows and (2) Cols properties to the (a) ExpandAll… | |||
| CVE-2008-4253 | 0.02 | — | 0.21 | Dec 10, 2008 | The FlexGrid ActiveX control in Microsoft Visual Basic 6.0, Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2, Office FrontPage 2002 SP3, and Office Project 2003 SP3 does not properly handle errors during access to incorrectly initialized objects, which allows remote attackers to… | |||
| CVE-2008-4252 | 0.02 | — | 0.21 | Dec 10, 2008 | The DataGrid ActiveX control in Microsoft Visual Basic 6.0 and Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2 does not properly handle errors during access to incorrectly initialized objects, which allows remote attackers to execute arbitrary code via a crafted HTML document, related… | |||
| CVE-2000-0709 | 0.02 | — | 0.25 | Oct 20, 2000 | The shtml.exe component of Microsoft FrontPage 2000 Server Extensions 1.1 allows remote attackers to cause a denial of service in some components by requesting a URL whose name includes a standard DOS device name. | |||
| CVE-2000-0710 | 0.02 | — | 0.26 | Oct 20, 2000 | The shtml.exe component of Microsoft FrontPage 2000 Server Extensions 1.1 allows remote attackers to determine the physical path of the server components by requesting an invalid URL whose name includes a standard DOS device name. | |||
| CVE-2000-0419 | 0.02 | — | 0.21 | May 11, 2000 | The Office 2000 UA ActiveX Control is marked as "safe for scripting," which allows remote attackers to conduct unauthorized activities via the "Show Me" function in Office Help, aka the "Office 2000 UA Control" vulnerability. | |||
| CVE-2000-0122 | 0.02 | — | 0.21 | Feb 3, 2000 | Frontpage Server Extensions allows remote attackers to determine the physical path of a virtual directory via a GET request to the htimage.exe CGI program. |
- risk 0.73cvss 8.8epss 0.42
Unspecified vulnerability in Microsoft Excel 2000, XP, 2003, and 2004 for Mac, and possibly other Office products, allows remote user-assisted attackers to execute arbitrary code via unknown attack vectors, as demonstrated by Exploit-MSExcel.h in targeted zero-day attacks.
- risk 0.47cvss 7.0epss 0.18
Some web servers under Microsoft Windows allow remote attackers to bypass access restrictions for files with long file names.
- CVE-2008-4255Dec 10, 2008risk 0.07cvss —epss 0.54
Heap-based buffer overflow in mscomct2.ocx (aka Windows Common ActiveX control or Microsoft Animation ActiveX control) in Microsoft Visual Basic 6.0, Visual Studio .NET 2002 SP1 and 2003 SP1, Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2, and Office Project 2003 SP3 and 2007 Gold…
- CVE-2004-0200Sep 28, 2004risk 0.07cvss —epss 0.49
Buffer overflow in the JPEG (JPG) parsing engine in the Microsoft Graphic Device Interface Plus (GDI+) component, GDIPlus.dll, allows remote attackers to execute arbitrary code via a JPEG image with a small JPEG COM field length that is normalized to a large integer length…
- CVE-2000-0413May 6, 2000risk 0.07cvss —epss 0.44
The shtml.exe program in the FrontPage extensions package of IIS 4.0 and 5.0 allows remote attackers to determine the physical path of HTML, HTM, ASP, and SHTML files by requesting a file that does not exist, which generates an error message that reveals the path.
- CVE-1999-0681Mar 12, 2001risk 0.05cvss —epss 0.20
Buffer overflow in Microsoft FrontPage Server Extensions (PWS) 3.0.2.926 on Windows 95, and possibly other versions, allows remote attackers to cause a denial of service via a long URL.
- CVE-1999-0386Mar 1, 1999risk 0.05cvss —epss 0.19
Microsoft Personal Web Server and FrontPage Personal Web Server in some Windows systems allows a remote attacker to read files on the server by using a nonstandard URL.
- CVE-2000-0256Apr 19, 2000risk 0.04cvss —epss 0.12
Buffer overflows in htimage.exe and Imagemap.exe in FrontPage 97 and 98 Server Extensions allow a user to conduct activities that are not otherwise available through the web site, aka the "Server-Side Image Map Components" vulnerability.
- CVE-2000-0260Apr 14, 2000risk 0.04cvss —epss 0.14
Buffer overflow in the dvwssr.dll DLL in Microsoft Visual Interdev 1.0 allows users to cause a denial of service or execute commands, aka the "Link View Server-Side Component" vulnerability.
- CVE-1999-1016Aug 27, 1999risk 0.04cvss —epss 0.08
Microsoft HTML control as used in (1) Internet Explorer 5.0, (2) FrontPage Express, (3) Outlook Express 5, and (4) Eudora, and possibly others, allows remote malicious web site or HTML emails to cause a denial of service (100% CPU consumption) via large HTML form fields such as…
- CVE-2013-3137Sep 11, 2013risk 0.03cvss —epss 0.32
Microsoft FrontPage 2003 SP3 does not properly parse DTDs, which allows remote attackers to obtain sensitive information via crafted XML data in a FrontPage document, aka "XML Disclosure Vulnerability."
- CVE-2004-0573Sep 28, 2004risk 0.03cvss —epss 0.42
Buffer overflow in the converter for Microsoft WordPerfect 5.x on Office 2000, Office XP, Office 2003, and Works Suites 2001 through 2004 allows remote attackers to execute arbitrary code via a malicious document or website.
- CVE-2008-4256Dec 10, 2008risk 0.02cvss —epss 0.21
The Charts ActiveX control in Microsoft Visual Basic 6.0, Visual Studio .NET 2002 SP1 and 2003 SP1, and Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2 does not properly handle errors during access to incorrectly initialized objects, which allows remote attackers to execute arbitrary…
- CVE-2008-4254Dec 10, 2008risk 0.02cvss —epss 0.22
Multiple integer overflows in the Hierarchical FlexGrid ActiveX control (mshflxgd.ocx) in Microsoft Visual Basic 6.0 and Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2 allow remote attackers to execute arbitrary code via crafted (1) Rows and (2) Cols properties to the (a) ExpandAll…
- CVE-2008-4253Dec 10, 2008risk 0.02cvss —epss 0.21
The FlexGrid ActiveX control in Microsoft Visual Basic 6.0, Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2, Office FrontPage 2002 SP3, and Office Project 2003 SP3 does not properly handle errors during access to incorrectly initialized objects, which allows remote attackers to…
- CVE-2008-4252Dec 10, 2008risk 0.02cvss —epss 0.21
The DataGrid ActiveX control in Microsoft Visual Basic 6.0 and Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2 does not properly handle errors during access to incorrectly initialized objects, which allows remote attackers to execute arbitrary code via a crafted HTML document, related…
- CVE-2000-0709Oct 20, 2000risk 0.02cvss —epss 0.25
The shtml.exe component of Microsoft FrontPage 2000 Server Extensions 1.1 allows remote attackers to cause a denial of service in some components by requesting a URL whose name includes a standard DOS device name.
- CVE-2000-0710Oct 20, 2000risk 0.02cvss —epss 0.26
The shtml.exe component of Microsoft FrontPage 2000 Server Extensions 1.1 allows remote attackers to determine the physical path of the server components by requesting an invalid URL whose name includes a standard DOS device name.
- CVE-2000-0419May 11, 2000risk 0.02cvss —epss 0.21
The Office 2000 UA ActiveX Control is marked as "safe for scripting," which allows remote attackers to conduct unauthorized activities via the "Show Me" function in Office Help, aka the "Office 2000 UA Control" vulnerability.
- CVE-2000-0122Feb 3, 2000risk 0.02cvss —epss 0.21
Frontpage Server Extensions allows remote attackers to determine the physical path of a virtual directory via a GET request to the htimage.exe CGI program.
Page 1 of 2