Vendor CVEs
Microsoft
All CVEs
14,318 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2003-0822 | 0.10 | — | 0.83 | Dec 15, 2003 | Buffer overflow in the debug functionality in fp30reg.dll of Microsoft FrontPage Server Extensions (FPSE) 2000 and 2002 allows remote attackers to execute arbitrary code via a crafted chunked encoded request. | |||
| CVE-2003-0349 | 0.10 | — | 0.83 | Jul 24, 2003 | Buffer overflow in the streaming media component for logging multicast requests in the ISAPI for the logging capability of Microsoft Windows Media Services (nsiislog.dll), as installed in IIS 5.0, allows remote attackers to execute arbitrary code via a large POST request to… | |||
| CVE-2003-0344 | 0.10 | — | 0.81 | Jun 16, 2003 | Buffer overflow in Microsoft Internet Explorer 5.01, 5.5, and 6.0 allows remote attackers to execute arbitrary code via / (slash) characters in the Type property of an Object tag in a web page. | |||
| CVE-2003-0109 | 0.10 | — | 0.86 | Mar 31, 2003 | Buffer overflow in ntdll.dll on Microsoft Windows NT 4.0, Windows NT 4.0 Terminal Server Edition, Windows 2000, and Windows XP allows remote attackers to execute arbitrary code, as demonstrated via a WebDAV request to IIS 5.0. | |||
| CVE-2002-0649 | 0.10 | — | 0.85 | Aug 12, 2002 | Multiple buffer overflows in the Resolution Service for Microsoft SQL Server 2000 and Microsoft Desktop Engine 2000 (MSDE) allow remote attackers to cause a denial of service or execute arbitrary code via UDP packets to port 1434 in which (1) a 0x04 byte that causes the SQL… | |||
| CVE-2000-1209 | 0.10 | — | 0.87 | Aug 12, 2002 | The "sa" account is installed with a default null password on (1) Microsoft SQL Server 2000, (2) SQL Server 7.0, and (3) Data Engine (MSDE) 1.0, including third party packages that use these products such as (4) Tumbleweed Secure Mail (MMS) (5) Compaq Insight Manager, and (6)… | |||
| CVE-2001-0241 | 0.10 | — | 0.87 | Jun 27, 2001 | Buffer overflow in Internet Printing ISAPI extension in Windows 2000 allows remote attackers to gain root privileges via a long print request that is passed to the extension through IIS 5.0. | |||
| CVE-2001-0333 | 0.10 | — | 0.91 | Jun 27, 2001 | Directory traversal vulnerability in IIS 5.0 and earlier allows remote attackers to execute arbitrary commands by encoding .. (dot dot) and "\" characters twice. | |||
| CVE-2000-0778 | 0.10 | — | 0.87 | Oct 20, 2000 | IIS 5.0 allows remote attackers to obtain source code for .ASP files and other scripts via an HTTP GET request with a "Translate: f" header, aka the "Specialized Header" vulnerability. | |||
| CVE-2000-0402 | 0.10 | — | 0.91 | May 30, 2000 | The Mixed Mode authentication capability in Microsoft SQL Server 7.0 stores the System Administrator (sa) account in plaintext in a log file which is readable by any user, aka the "SQL Server 7.0 Service Pack Password" vulnerability. | |||
| CVE-2015-2509 | 0.09 | — | 0.71 | Sep 9, 2015 | Windows Media Center in Microsoft Windows Vista SP2, Windows 7 SP1, Windows 8, and Windows 8.1 allows user-assisted remote attackers to execute arbitrary code via a crafted Media Center link (mcl) file, aka "Windows Media Center RCE Vulnerability." | |||
| CVE-2015-0096 | 0.09 | — | 0.71 | Mar 11, 2015 | Untrusted search path vulnerability in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a Trojan… | |||
| CVE-2015-0072 | 0.09 | — | 0.72 | Feb 7, 2015 | Cross-site scripting (XSS) vulnerability in Microsoft Internet Explorer 9 through 11 allows remote attackers to bypass the Same Origin Policy and inject arbitrary web script or HTML via vectors involving an IFRAME element that triggers a redirect, a second IFRAME element that… | |||
| CVE-2014-1762 | 0.09 | — | 0.71 | Apr 27, 2014 | Unspecified vulnerability in Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code with medium-integrity privileges and bypass a sandbox protection mechanism via unknown vectors, as demonstrated by ZDI during a Pwn4Fun competition at… | |||
| CVE-2014-0307 | 0.09 | — | 0.72 | Mar 12, 2014 | Use-after-free vulnerability in Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a certain sequence of manipulations of a TextRange element, aka "Internet Explorer Memory Corruption… | |||
| CVE-2014-0257 | 0.09 | — | 0.70 | Feb 12, 2014 | Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, 4.5, and 4.5.1 does not properly determine whether it is safe to execute a method, which allows remote attackers to execute arbitrary code via (1) a crafted web site or (2) a crafted .NET Framework application… | |||
| CVE-2012-0002 | 0.09 | — | 0.74 | Mar 13, 2012 | The Remote Desktop Protocol (RDP) implementation in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly process packets in memory, which allows remote attackers to… | |||
| CVE-2012-0013 | 0.09 | — | 0.74 | Jan 10, 2012 | Incomplete blacklist vulnerability in the Windows Packager configuration in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a… | |||
| CVE-2011-3400 | 0.09 | — | 0.72 | Dec 14, 2011 | Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 do not properly handle OLE objects in memory, which allows remote attackers to execute arbitrary code via a crafted object in a file, aka "OLE Property Vulnerability." | |||
| CVE-2011-3389 | 0.09 | — | 0.73 | Sep 6, 2011 | The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to… | |||
| CVE-2011-0105 | 0.09 | — | 0.71 | Apr 13, 2011 | Microsoft Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac obtain a certain length value from an uninitialized memory location, which allows remote attackers to trigger a buffer overflow and execute arbitrary code via a crafted Excel file,… | |||
| CVE-2010-3973 | 0.09 | — | 0.72 | Dec 23, 2010 | The WMITools ActiveX control in WBEMSingleView.ocx 1.50.1131.0 in Microsoft WMI Administrative Tools 1.1 and earlier in Microsoft Windows XP SP2 and SP3 allows remote attackers to execute arbitrary code via a crafted argument to the AddContextRef method, possibly an untrusted… | |||
| CVE-2010-2729 | 0.09 | — | 0.76 | Sep 15, 2010 | The Print Spooler service in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7, when printer sharing is enabled, does not properly validate spooler access permissions, which allows remote… | |||
| CVE-2010-2550 | 0.09 | — | 0.76 | Aug 11, 2010 | The SMB Server in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate fields in an SMB request, which allows remote attackers to execute arbitrary code via a crafted… | |||
| CVE-2010-1885 | 0.09 | — | 0.75 | Jun 15, 2010 | The MPC::HexToNum function in helpctr.exe in Microsoft Windows Help and Support Center in Windows XP and Windows Server 2003 does not properly handle malformed escape sequences, which allows remote attackers to bypass the trusted documents whitelist (fromHCP option) and execute… | |||
| CVE-2010-0822 | 0.09 | — | 0.70 | Jun 8, 2010 | Stack-based buffer overflow in Microsoft Office Excel 2002 SP3, Office 2004 for Mac, Office 2008 for Mac, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via an Excel file with a crafted OBJ (0x5D) record, aka "Excel Object Stack… | |||
| CVE-2010-0805 | 0.09 | — | 0.81 | Mar 31, 2010 | The Tabular Data Control (TDC) ActiveX control in Microsoft Internet Explorer 5.01 SP4, 6 on Windows XP SP2 and SP3, and 6 SP1 allows remote attackers to execute arbitrary code via a long URL (DataURL parameter) that triggers memory corruption in the… | |||
| CVE-2009-3672 | 0.09 | — | 0.72 | Dec 2, 2009 | Microsoft Internet Explorer 6 and 7 does not properly handle objects in memory that (1) were not properly initialized or (2) are deleted, which allows remote attackers to execute arbitrary code via vectors involving a call to the getElementsByTagName method for the STYLE tag… | |||
| CVE-2008-3466 | 0.09 | — | 0.78 | Oct 15, 2008 | Microsoft Host Integration Server (HIS) 2000, 2004, and 2006 does not limit RPC access to administrative functions, which allows remote attackers to bypass authentication and execute arbitrary programs via a crafted SNA RPC message using opcode 1 or 6 to call the CreateProcess… | |||
| CVE-2008-0927 | 0.09 | — | 0.70 | Apr 14, 2008 | dhost.exe in Novell eDirectory 8.7.3 before sp10 and 8.8.2 allows remote attackers to cause a denial of service (CPU consumption) via an HTTP request with (1) multiple Connection headers or (2) a Connection header with multiple comma-separated values. NOTE: this might be… | |||
| CVE-2007-3039 | 0.09 | — | 0.69 | Dec 12, 2007 | Stack-based buffer overflow in the Microsoft Message Queuing (MSMQ) service in Microsoft Windows 2000 Server SP4, Windows 2000 Professional SP4, and Windows XP SP2 allows attackers to execute arbitrary code via a long string in an opnum 0x06 RPC call to port 2103. NOTE: this is… | |||
| CVE-2007-0042 | 0.09 | — | 0.78 | Jul 10, 2007 | Interpretation conflict in ASP.NET in Microsoft .NET Framework 1.0, 1.1, and 2.0 for Windows 2000, XP, Server 2003, and Vista allows remote attackers to access configuration files and obtain sensitive information, and possibly bypass security mechanisms that try to constrain the… | |||
| CVE-2007-2815 | 0.09 | — | 0.73 | May 22, 2007 | The "hit-highlighting" functionality in webhits.dll in Microsoft Internet Information Services (IIS) Web Server 5.0 only uses Windows NT ACL configuration, which allows remote attackers to bypass NTLM and basic authentication mechanisms and access private web directories via the… | |||
| CVE-2007-1748 | 0.09 | — | 0.79 | Apr 13, 2007 | Stack-based buffer overflow in the RPC interface in the Domain Name System (DNS) Server Service in Microsoft Windows 2000 Server SP 4, Server 2003 SP 1, and Server 2003 SP 2 allows remote attackers to execute arbitrary code via a long zone name containing character constants… | |||
| CVE-2007-0038 | 0.09 | — | 0.73 | Mar 30, 2007 | Stack-based buffer overflow in the animated cursor code in Microsoft Windows 2000 SP4 through Vista allows remote attackers to execute arbitrary code or cause a denial of service (persistent reboot) via a large length value in the second (or later) anih block of a RIFF .ANI,… | |||
| CVE-2006-4688 | 0.09 | — | 0.77 | Nov 14, 2006 | Buffer overflow in Client Service for NetWare (CSNW) in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 up to SP1 allows remote attackers to execute arbitrary code via crafted messages, aka "Client Service for NetWare Memory Corruption Vulnerability." | |||
| CVE-2006-4691 | 0.09 | — | 0.80 | Nov 14, 2006 | Stack-based buffer overflow in the NetpManageIPCConnect function in the Workstation service (wkssvc.dll) in Microsoft Windows 2000 SP4 and XP SP2 allows remote attackers to execute arbitrary code via NetrJoinDomain2 RPC messages with a long hostname. | |||
| CVE-2006-5745 | 0.09 | — | 0.76 | Nov 6, 2006 | Unspecified vulnerability in the setRequestHeader method in the XMLHTTP (XML HTTP) ActiveX Control 4.0 in Microsoft XML Core Services 4.0 on Windows, when accessed by Internet Explorer, allows remote attackers to execute arbitrary code via crafted arguments that lead to memory… | |||
| CVE-2006-5614 | 0.09 | — | 0.79 | Oct 31, 2006 | Microsoft Windows NAT Helper Components (ipnathlp.dll) on Windows XP SP2, when Internet Connection Sharing is enabled, allows remote attackers to cause a denial of service (svchost.exe crash) via a malformed DNS query, which results in a null pointer dereference. | |||
| CVE-2006-4777 | 0.09 | — | 0.79 | Sep 14, 2006 | Heap-based buffer overflow in the DirectAnimation Path Control (DirectAnimation.PathControl) COM object (daxctle.ocx) for Internet Explorer 6.0 SP1, on Chinese and possibly other Windows distributions, allows remote attackers to execute arbitrary code via unknown manipulations… | |||
| CVE-2006-3942 | 0.09 | — | 0.76 | Jul 31, 2006 | The server driver (srv.sys) in Microsoft Windows NT 4.0, 2000, XP, and Server 2003 allows remote attackers to cause a denial of service (system crash) via an SMB_COM_TRANSACTION SMB message that contains a string without null character termination, which leads to a NULL… | |||
| CVE-2006-2370 | 0.09 | — | 0.73 | Jun 13, 2006 | Buffer overflow in the Routing and Remote Access service (RRAS) in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows remote unauthenticated or authenticated attackers to execute arbitrary code via certain crafted "RPC related requests," aka the… | |||
| CVE-2006-0027 | 0.09 | — | 0.79 | May 10, 2006 | Unspecified vulnerability in Microsoft Exchange allows remote attackers to execute arbitrary code via e-mail messages with crafted (1) vCal or (2) iCal Calendar properties. | |||
| CVE-2006-1185 | 0.09 | — | 0.70 | Apr 11, 2006 | Unspecified vulnerability in Microsoft Internet Explorer 5.01 through 6 allows remote attackers to execute arbitrary code via certain invalid HTML that causes memory corruption. | |||
| CVE-2006-0564 | 0.09 | — | 0.71 | Feb 6, 2006 | Stack-based buffer overflow in Microsoft HTML Help Workshop 4.74.8702.0, and possibly earlier versions, and as included in the Microsoft HTML Help 1.4 SDK, allows context-dependent attackers to execute arbitrary code via a .hhp file with a long Contents file field. | |||
| CVE-2005-1213 | 0.09 | — | 0.74 | Jun 14, 2005 | Stack-based buffer overflow in the news reader for Microsoft Outlook Express (MSOE.DLL) 5.5 SP2, 6, and 6 SP1 allows remote malicious NNTP servers to execute arbitrary code via a LIST response with a long second field. | |||
| CVE-2005-0560 | 0.09 | — | 0.69 | May 2, 2005 | Heap-based buffer overflow in the SvrAppendReceivedChunk function in xlsasink.dll in the SMTP service of Exchange Server 2000 and 2003 allows remote attackers to execute arbitrary code via a crafted X-LINK2STATE extended verb request to the SMTP port. | |||
| CVE-2005-0059 | 0.09 | — | 0.77 | May 2, 2005 | Buffer overflow in the Message Queuing component of Microsoft Windows 2000 and Windows XP SP1 allows remote attackers to execute arbitrary code via a crafted message. | |||
| CVE-2005-0045 | 0.09 | — | 0.73 | May 2, 2005 | The Server Message Block (SMB) implementation for Windows NT 4.0, 2000, XP, and Server 2003 does not properly validate certain SMB packets, which allows remote attackers to execute arbitrary code via Transaction responses containing (1) Trans or (2) Trans2 commands, aka the… | |||
| CVE-2005-0803 | 0.09 | — | 0.71 | May 2, 2005 | The GetEnhMetaFilePaletteEntries API in GDI32.DLL in Windows 2000 allows remote attackers to cause a denial of service (application crash) via a crafted Enhanced Metafile (EMF) file that causes invalid (1) end, (2) emreof, or (3) palent offsets to be used, aka "Enhanced Metafile… |
- CVE-2003-0822Dec 15, 2003risk 0.10cvss —epss 0.83
Buffer overflow in the debug functionality in fp30reg.dll of Microsoft FrontPage Server Extensions (FPSE) 2000 and 2002 allows remote attackers to execute arbitrary code via a crafted chunked encoded request.
- CVE-2003-0349Jul 24, 2003risk 0.10cvss —epss 0.83
Buffer overflow in the streaming media component for logging multicast requests in the ISAPI for the logging capability of Microsoft Windows Media Services (nsiislog.dll), as installed in IIS 5.0, allows remote attackers to execute arbitrary code via a large POST request to…
- CVE-2003-0344Jun 16, 2003risk 0.10cvss —epss 0.81
Buffer overflow in Microsoft Internet Explorer 5.01, 5.5, and 6.0 allows remote attackers to execute arbitrary code via / (slash) characters in the Type property of an Object tag in a web page.
- CVE-2003-0109Mar 31, 2003risk 0.10cvss —epss 0.86
Buffer overflow in ntdll.dll on Microsoft Windows NT 4.0, Windows NT 4.0 Terminal Server Edition, Windows 2000, and Windows XP allows remote attackers to execute arbitrary code, as demonstrated via a WebDAV request to IIS 5.0.
- CVE-2002-0649Aug 12, 2002risk 0.10cvss —epss 0.85
Multiple buffer overflows in the Resolution Service for Microsoft SQL Server 2000 and Microsoft Desktop Engine 2000 (MSDE) allow remote attackers to cause a denial of service or execute arbitrary code via UDP packets to port 1434 in which (1) a 0x04 byte that causes the SQL…
- CVE-2000-1209Aug 12, 2002risk 0.10cvss —epss 0.87
The "sa" account is installed with a default null password on (1) Microsoft SQL Server 2000, (2) SQL Server 7.0, and (3) Data Engine (MSDE) 1.0, including third party packages that use these products such as (4) Tumbleweed Secure Mail (MMS) (5) Compaq Insight Manager, and (6)…
- CVE-2001-0241Jun 27, 2001risk 0.10cvss —epss 0.87
Buffer overflow in Internet Printing ISAPI extension in Windows 2000 allows remote attackers to gain root privileges via a long print request that is passed to the extension through IIS 5.0.
- CVE-2001-0333Jun 27, 2001risk 0.10cvss —epss 0.91
Directory traversal vulnerability in IIS 5.0 and earlier allows remote attackers to execute arbitrary commands by encoding .. (dot dot) and "\" characters twice.
- CVE-2000-0778Oct 20, 2000risk 0.10cvss —epss 0.87
IIS 5.0 allows remote attackers to obtain source code for .ASP files and other scripts via an HTTP GET request with a "Translate: f" header, aka the "Specialized Header" vulnerability.
- CVE-2000-0402May 30, 2000risk 0.10cvss —epss 0.91
The Mixed Mode authentication capability in Microsoft SQL Server 7.0 stores the System Administrator (sa) account in plaintext in a log file which is readable by any user, aka the "SQL Server 7.0 Service Pack Password" vulnerability.
- CVE-2015-2509Sep 9, 2015risk 0.09cvss —epss 0.71
Windows Media Center in Microsoft Windows Vista SP2, Windows 7 SP1, Windows 8, and Windows 8.1 allows user-assisted remote attackers to execute arbitrary code via a crafted Media Center link (mcl) file, aka "Windows Media Center RCE Vulnerability."
- CVE-2015-0096Mar 11, 2015risk 0.09cvss —epss 0.71
Untrusted search path vulnerability in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a Trojan…
- CVE-2015-0072Feb 7, 2015risk 0.09cvss —epss 0.72
Cross-site scripting (XSS) vulnerability in Microsoft Internet Explorer 9 through 11 allows remote attackers to bypass the Same Origin Policy and inject arbitrary web script or HTML via vectors involving an IFRAME element that triggers a redirect, a second IFRAME element that…
- CVE-2014-1762Apr 27, 2014risk 0.09cvss —epss 0.71
Unspecified vulnerability in Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code with medium-integrity privileges and bypass a sandbox protection mechanism via unknown vectors, as demonstrated by ZDI during a Pwn4Fun competition at…
- CVE-2014-0307Mar 12, 2014risk 0.09cvss —epss 0.72
Use-after-free vulnerability in Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a certain sequence of manipulations of a TextRange element, aka "Internet Explorer Memory Corruption…
- CVE-2014-0257Feb 12, 2014risk 0.09cvss —epss 0.70
Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, 4.5, and 4.5.1 does not properly determine whether it is safe to execute a method, which allows remote attackers to execute arbitrary code via (1) a crafted web site or (2) a crafted .NET Framework application…
- CVE-2012-0002Mar 13, 2012risk 0.09cvss —epss 0.74
The Remote Desktop Protocol (RDP) implementation in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly process packets in memory, which allows remote attackers to…
- CVE-2012-0013Jan 10, 2012risk 0.09cvss —epss 0.74
Incomplete blacklist vulnerability in the Windows Packager configuration in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a…
- CVE-2011-3400Dec 14, 2011risk 0.09cvss —epss 0.72
Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 do not properly handle OLE objects in memory, which allows remote attackers to execute arbitrary code via a crafted object in a file, aka "OLE Property Vulnerability."
- CVE-2011-3389Sep 6, 2011risk 0.09cvss —epss 0.73
The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to…
- CVE-2011-0105Apr 13, 2011risk 0.09cvss —epss 0.71
Microsoft Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac obtain a certain length value from an uninitialized memory location, which allows remote attackers to trigger a buffer overflow and execute arbitrary code via a crafted Excel file,…
- CVE-2010-3973Dec 23, 2010risk 0.09cvss —epss 0.72
The WMITools ActiveX control in WBEMSingleView.ocx 1.50.1131.0 in Microsoft WMI Administrative Tools 1.1 and earlier in Microsoft Windows XP SP2 and SP3 allows remote attackers to execute arbitrary code via a crafted argument to the AddContextRef method, possibly an untrusted…
- CVE-2010-2729Sep 15, 2010risk 0.09cvss —epss 0.76
The Print Spooler service in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7, when printer sharing is enabled, does not properly validate spooler access permissions, which allows remote…
- CVE-2010-2550Aug 11, 2010risk 0.09cvss —epss 0.76
The SMB Server in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate fields in an SMB request, which allows remote attackers to execute arbitrary code via a crafted…
- CVE-2010-1885Jun 15, 2010risk 0.09cvss —epss 0.75
The MPC::HexToNum function in helpctr.exe in Microsoft Windows Help and Support Center in Windows XP and Windows Server 2003 does not properly handle malformed escape sequences, which allows remote attackers to bypass the trusted documents whitelist (fromHCP option) and execute…
- CVE-2010-0822Jun 8, 2010risk 0.09cvss —epss 0.70
Stack-based buffer overflow in Microsoft Office Excel 2002 SP3, Office 2004 for Mac, Office 2008 for Mac, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via an Excel file with a crafted OBJ (0x5D) record, aka "Excel Object Stack…
- CVE-2010-0805Mar 31, 2010risk 0.09cvss —epss 0.81
The Tabular Data Control (TDC) ActiveX control in Microsoft Internet Explorer 5.01 SP4, 6 on Windows XP SP2 and SP3, and 6 SP1 allows remote attackers to execute arbitrary code via a long URL (DataURL parameter) that triggers memory corruption in the…
- CVE-2009-3672Dec 2, 2009risk 0.09cvss —epss 0.72
Microsoft Internet Explorer 6 and 7 does not properly handle objects in memory that (1) were not properly initialized or (2) are deleted, which allows remote attackers to execute arbitrary code via vectors involving a call to the getElementsByTagName method for the STYLE tag…
- CVE-2008-3466Oct 15, 2008risk 0.09cvss —epss 0.78
Microsoft Host Integration Server (HIS) 2000, 2004, and 2006 does not limit RPC access to administrative functions, which allows remote attackers to bypass authentication and execute arbitrary programs via a crafted SNA RPC message using opcode 1 or 6 to call the CreateProcess…
- CVE-2008-0927Apr 14, 2008risk 0.09cvss —epss 0.70
dhost.exe in Novell eDirectory 8.7.3 before sp10 and 8.8.2 allows remote attackers to cause a denial of service (CPU consumption) via an HTTP request with (1) multiple Connection headers or (2) a Connection header with multiple comma-separated values. NOTE: this might be…
- CVE-2007-3039Dec 12, 2007risk 0.09cvss —epss 0.69
Stack-based buffer overflow in the Microsoft Message Queuing (MSMQ) service in Microsoft Windows 2000 Server SP4, Windows 2000 Professional SP4, and Windows XP SP2 allows attackers to execute arbitrary code via a long string in an opnum 0x06 RPC call to port 2103. NOTE: this is…
- CVE-2007-0042Jul 10, 2007risk 0.09cvss —epss 0.78
Interpretation conflict in ASP.NET in Microsoft .NET Framework 1.0, 1.1, and 2.0 for Windows 2000, XP, Server 2003, and Vista allows remote attackers to access configuration files and obtain sensitive information, and possibly bypass security mechanisms that try to constrain the…
- CVE-2007-2815May 22, 2007risk 0.09cvss —epss 0.73
The "hit-highlighting" functionality in webhits.dll in Microsoft Internet Information Services (IIS) Web Server 5.0 only uses Windows NT ACL configuration, which allows remote attackers to bypass NTLM and basic authentication mechanisms and access private web directories via the…
- CVE-2007-1748Apr 13, 2007risk 0.09cvss —epss 0.79
Stack-based buffer overflow in the RPC interface in the Domain Name System (DNS) Server Service in Microsoft Windows 2000 Server SP 4, Server 2003 SP 1, and Server 2003 SP 2 allows remote attackers to execute arbitrary code via a long zone name containing character constants…
- CVE-2007-0038Mar 30, 2007risk 0.09cvss —epss 0.73
Stack-based buffer overflow in the animated cursor code in Microsoft Windows 2000 SP4 through Vista allows remote attackers to execute arbitrary code or cause a denial of service (persistent reboot) via a large length value in the second (or later) anih block of a RIFF .ANI,…
- CVE-2006-4688Nov 14, 2006risk 0.09cvss —epss 0.77
Buffer overflow in Client Service for NetWare (CSNW) in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 up to SP1 allows remote attackers to execute arbitrary code via crafted messages, aka "Client Service for NetWare Memory Corruption Vulnerability."
- CVE-2006-4691Nov 14, 2006risk 0.09cvss —epss 0.80
Stack-based buffer overflow in the NetpManageIPCConnect function in the Workstation service (wkssvc.dll) in Microsoft Windows 2000 SP4 and XP SP2 allows remote attackers to execute arbitrary code via NetrJoinDomain2 RPC messages with a long hostname.
- CVE-2006-5745Nov 6, 2006risk 0.09cvss —epss 0.76
Unspecified vulnerability in the setRequestHeader method in the XMLHTTP (XML HTTP) ActiveX Control 4.0 in Microsoft XML Core Services 4.0 on Windows, when accessed by Internet Explorer, allows remote attackers to execute arbitrary code via crafted arguments that lead to memory…
- CVE-2006-5614Oct 31, 2006risk 0.09cvss —epss 0.79
Microsoft Windows NAT Helper Components (ipnathlp.dll) on Windows XP SP2, when Internet Connection Sharing is enabled, allows remote attackers to cause a denial of service (svchost.exe crash) via a malformed DNS query, which results in a null pointer dereference.
- CVE-2006-4777Sep 14, 2006risk 0.09cvss —epss 0.79
Heap-based buffer overflow in the DirectAnimation Path Control (DirectAnimation.PathControl) COM object (daxctle.ocx) for Internet Explorer 6.0 SP1, on Chinese and possibly other Windows distributions, allows remote attackers to execute arbitrary code via unknown manipulations…
- CVE-2006-3942Jul 31, 2006risk 0.09cvss —epss 0.76
The server driver (srv.sys) in Microsoft Windows NT 4.0, 2000, XP, and Server 2003 allows remote attackers to cause a denial of service (system crash) via an SMB_COM_TRANSACTION SMB message that contains a string without null character termination, which leads to a NULL…
- CVE-2006-2370Jun 13, 2006risk 0.09cvss —epss 0.73
Buffer overflow in the Routing and Remote Access service (RRAS) in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows remote unauthenticated or authenticated attackers to execute arbitrary code via certain crafted "RPC related requests," aka the…
- CVE-2006-0027May 10, 2006risk 0.09cvss —epss 0.79
Unspecified vulnerability in Microsoft Exchange allows remote attackers to execute arbitrary code via e-mail messages with crafted (1) vCal or (2) iCal Calendar properties.
- CVE-2006-1185Apr 11, 2006risk 0.09cvss —epss 0.70
Unspecified vulnerability in Microsoft Internet Explorer 5.01 through 6 allows remote attackers to execute arbitrary code via certain invalid HTML that causes memory corruption.
- CVE-2006-0564Feb 6, 2006risk 0.09cvss —epss 0.71
Stack-based buffer overflow in Microsoft HTML Help Workshop 4.74.8702.0, and possibly earlier versions, and as included in the Microsoft HTML Help 1.4 SDK, allows context-dependent attackers to execute arbitrary code via a .hhp file with a long Contents file field.
- CVE-2005-1213Jun 14, 2005risk 0.09cvss —epss 0.74
Stack-based buffer overflow in the news reader for Microsoft Outlook Express (MSOE.DLL) 5.5 SP2, 6, and 6 SP1 allows remote malicious NNTP servers to execute arbitrary code via a LIST response with a long second field.
- CVE-2005-0560May 2, 2005risk 0.09cvss —epss 0.69
Heap-based buffer overflow in the SvrAppendReceivedChunk function in xlsasink.dll in the SMTP service of Exchange Server 2000 and 2003 allows remote attackers to execute arbitrary code via a crafted X-LINK2STATE extended verb request to the SMTP port.
- CVE-2005-0059May 2, 2005risk 0.09cvss —epss 0.77
Buffer overflow in the Message Queuing component of Microsoft Windows 2000 and Windows XP SP1 allows remote attackers to execute arbitrary code via a crafted message.
- CVE-2005-0045May 2, 2005risk 0.09cvss —epss 0.73
The Server Message Block (SMB) implementation for Windows NT 4.0, 2000, XP, and Server 2003 does not properly validate certain SMB packets, which allows remote attackers to execute arbitrary code via Transaction responses containing (1) Trans or (2) Trans2 commands, aka the…
- CVE-2005-0803May 2, 2005risk 0.09cvss —epss 0.71
The GetEnhMetaFilePaletteEntries API in GDI32.DLL in Windows 2000 allows remote attackers to cause a denial of service (application crash) via a crafted Enhanced Metafile (EMF) file that causes invalid (1) end, (2) emreof, or (3) palent offsets to be used, aka "Enhanced Metafile…
Page 200 of 287