Vendor CVEs
Microsoft
All CVEs
14,318 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2002-1712 | 0.05 | — | 0.29 | Dec 31, 2002 | Microsoft Windows 2000 allows remote attackers to cause a denial of service (memory consumption) by sending a flood of empty TCP/IP packets with the ACK and FIN bits set to the NetBIOS port (TCP/139), as demonstrated by stream3. | |||
| CVE-2002-1183 | 0.05 | — | 0.19 | Dec 11, 2002 | Microsoft Windows 98 and Windows NT 4.0 do not properly verify the Basic Constraints of digital certificates, allowing remote attackers to execute code, aka "New Variant of Certificate Validation Flaw Could Enable Identity Spoofing" (CAN-2002-0862). | |||
| CVE-2002-1179 | 0.05 | — | 0.20 | Oct 28, 2002 | Buffer overflow in the S/MIME Parsing capability in Microsoft Outlook Express 5.5 and 6.0 allows remote attackers to execute arbitrary code via a digitally signed email with a long "From" address, which triggers the overflow when the user views or previews the message. | |||
| CVE-2002-0724 | 0.05 | — | 0.30 | Sep 24, 2002 | Buffer overflow in SMB (Server Message Block) protocol in Microsoft Windows NT, Windows 2000, and Windows XP allows attackers to cause a denial of service (crash) via a SMB_COM_TRANSACTION packet with a request for the (1) NetShareEnum, (2) NetServerEnum2, or (3) NetServerEnum3,… | |||
| CVE-2002-0647 | 0.05 | — | 0.23 | Sep 24, 2002 | Buffer overflow in a legacy ActiveX control used to display specially formatted text in Microsoft Internet Explorer 5.01, 5.5, and 6.0 allows remote attackers to execute arbitrary code, aka "Buffer Overrun in Legacy Text Formatting ActiveX Control". | |||
| CVE-2002-0980 | 0.05 | — | 0.27 | Sep 24, 2002 | The Web Folder component for Internet Explorer 5.5 and 6.0 writes an error message to a known location in the temporary folder, which allows remote attackers to execute arbitrary code by injecting it into the error message, then referring to the error message file via a mhtml:… | |||
| CVE-2002-0859 | 0.05 | — | 0.26 | Sep 5, 2002 | Buffer overflow in the OpenDataSource function of the Jet engine on Microsoft SQL Server 2000 allows remote attackers to execute arbitrary code. | |||
| CVE-2002-0461 | 0.05 | — | 0.23 | Aug 12, 2002 | Internet Explorer 5.01 through 6 allows remote attackers to cause a denial of service (application crash) via Javascript in a web page that calls location.replace on itself, causing a loop. | |||
| CVE-2002-0624 | 0.05 | — | 0.23 | Jul 23, 2002 | Buffer overflow in the password encryption function of Microsoft SQL Server 2000, including Microsoft SQL Server Desktop Engine (MSDE) 2000, allows remote attackers to gain control of the database and execute arbitrary code via SQL Server Authentication, aka "Unchecked Buffer in… | |||
| CVE-2002-0191 | 0.05 | — | 0.30 | May 29, 2002 | Microsoft Internet Explorer 5.01, 5.5 and 6.0 allows remote attackers to view arbitrary files that contain the "{" character via script containing the cssText property of the stylesheet object, aka "Local Information Disclosure through HTML Object" vulnerability. | |||
| CVE-2002-0147 | 0.05 | — | 0.62 | Apr 22, 2002 | Buffer overflow in the ASP data transfer mechanism in Internet Information Server (IIS) 4.0, 5.0, and 5.1 allows remote attackers to cause a denial of service or execute code, aka "Microsoft-discovered variant of Chunked Encoding buffer overrun." | |||
| CVE-2002-0072 | 0.05 | — | 0.57 | Apr 22, 2002 | The w3svc.dll ISAPI filter in Front Page Server Extensions and ASP.NET for Internet Information Server (IIS) 4.0, 5.0, and 5.1 does not properly handle the error condition when a long URL is provided, which allows remote attackers to cause a denial of service (crash) when the… | |||
| CVE-2002-0149 | 0.05 | — | 0.63 | Apr 22, 2002 | Buffer overflow in ASP Server-Side Include Function in IIS 4.0, 5.0 and 5.1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via long file names. | |||
| CVE-2002-0073 | 0.05 | — | 0.56 | Apr 22, 2002 | The FTP service in Internet Information Server (IIS) 4.0, 5.0 and 5.1 allows attackers who have established an FTP session to cause a denial of service via a specially crafted status request containing glob characters. | |||
| CVE-2001-0722 | 0.05 | — | 0.28 | Dec 6, 2001 | Internet Explorer 5.5 and 6.0 allows remote attackers to read and modify user cookies via Javascript in an about: URL, aka the "First Cookie Handling Vulnerability." | |||
| CVE-2001-0875 | 0.05 | — | 0.28 | Nov 26, 2001 | Internet Explorer 5.5 and 6.0 allows remote attackers to cause the File Download dialogue box to misrepresent the name of the file in the dialogue in a way that could fool users into thinking that the file type is safe to download. | |||
| CVE-2001-1055 | 0.05 | — | 0.22 | Jul 30, 2001 | The Microsoft Windows network stack allows remote attackers to cause a denial of service (CPU consumption) via a flood of malformed ARP request packets with random source IP and MAC addresses, as demonstrated by ARPNuke. | |||
| CVE-2001-0348 | 0.05 | — | 0.30 | Jul 21, 2001 | Microsoft Windows 2000 telnet service allows attackers to cause a denial of service (crash) via a long logon command that contains a backspace. | |||
| CVE-2001-0239 | 0.05 | — | 0.28 | Jul 2, 2001 | Microsoft Internet Security and Acceleration (ISA) Server 2000 Web Proxy allows remote attackers to cause a denial of service via a long web request with a specific type. | |||
| CVE-2001-1088 | 0.05 | — | 0.20 | Jun 5, 2001 | Microsoft Outlook 8.5 and earlier, and Outlook Express 5 and earlier, with the "Automatically put people I reply to in my address book" option enabled, do not notify the user when the "Reply-To" address is different than the "From" address, which could allow an untrusted remote… | |||
| CVE-2001-0148 | 0.05 | — | 0.27 | Jun 2, 2001 | The WMP ActiveX Control in Windows Media Player 7 allows remote attackers to execute commands in Internet Explorer via javascript URLs, a variant of the "Frame Domain Verification" vulnerability. | |||
| CVE-2001-0322 | 0.05 | — | 0.21 | Jun 2, 2001 | MSHTML.DLL HTML parser in Internet Explorer 4.0, and other versions, allows remote attackers to cause a denial of service (application crash) via a script that creates and deletes an object that is associated with the browser window object. | |||
| CVE-2001-1325 | 0.05 | — | 0.27 | Apr 20, 2001 | Internet Explorer 5.0 and 5.5, and Outlook Express 5.0 and 5.5, allow remote attackers to execute scripts when Active Scripting is disabled by including the scripts in XML stylesheets (XSL) that are referenced using an IFRAME tag, possibly due to a vulnerability in Windows… | |||
| CVE-1999-0681 | 0.05 | — | 0.20 | Mar 12, 2001 | Buffer overflow in Microsoft FrontPage Server Extensions (PWS) 3.0.2.926 on Windows 95, and possibly other versions, allows remote attackers to cause a denial of service via a long URL. | |||
| CVE-2001-0137 | 0.05 | — | 0.22 | Mar 12, 2001 | Windows Media Player 7 allows remote attackers to execute malicious Java applets in Internet Explorer clients by enclosing the applet in a skin file named skin.wmz, then referencing that skin in the codebase parameter to an applet tag, aka the Windows Media Player Skins File… | |||
| CVE-2000-1113 | 0.05 | — | 0.19 | Jan 9, 2001 | Buffer overflow in Microsoft Windows Media Player allows remote attackers to execute arbitrary commands via a malformed Active Stream Redirector (.ASX) file, aka the ".ASX Buffer Overrun" vulnerability. | |||
| CVE-2000-0942 | 0.05 | — | 0.21 | Dec 19, 2000 | The CiWebHitsFile component in Microsoft Indexing Services for Windows 2000 allows remote attackers to conduct a cross site scripting (CSS) attack via a CiRestriction parameter in a .htw request, aka the "Indexing Services Cross Site Scripting" vulnerability. | |||
| CVE-2000-0983 | 0.05 | — | 0.21 | Dec 19, 2000 | Microsoft NetMeeting with Remote Desktop Sharing enabled allows remote attackers to cause a denial of service (CPU utilization) via a sequence of null bytes to the NetMeeting port, aka the "NetMeeting Desktop Sharing" vulnerability. | |||
| CVE-2000-0830 | 0.05 | — | 0.26 | Nov 14, 2000 | annclist.exe in webTV for Windows allows remote attackers to cause a denial of service by via a large, malformed UDP packet to ports 22701 through 22705. | |||
| CVE-2000-0653 | 0.05 | — | 0.27 | Jul 20, 2000 | Microsoft Outlook Express allows remote attackers to monitor a user's email by creating a persistent browser link to the Outlook Express windows, aka the "Persistent Mail-Browser Link" vulnerability. | |||
| CVE-2000-0581 | 0.05 | — | 0.24 | Jun 30, 2000 | Windows 2000 Telnet Server allows remote attackers to cause a denial of service by sending a continuous stream of binary zeros, which causes the server to crash. | |||
| CVE-2000-0377 | 0.05 | — | 0.19 | Jun 8, 2000 | The Remote Registry server in Windows NT 4.0 allows local authenticated users to cause a denial of service via a malformed request, which causes the winlogon process to fail, aka the "Remote Registry Access Authentication" vulnerability. | |||
| CVE-2000-0465 | 0.05 | — | 0.21 | May 17, 2000 | Internet Explorer 4.x and 5.x does not properly verify the domain of a frame within a browser window, which allows a remote attacker to read client files via the frame, aka the "Frame Domain Verification" vulnerability. | |||
| CVE-1999-0980 | 0.05 | — | 0.23 | May 16, 2000 | Windows NT Service Control Manager (SCM) allows remote attackers to cause a denial of service via a malformed argument in a resource enumeration request. | |||
| CVE-2000-0168 | 0.05 | — | 0.20 | Mar 4, 2000 | Microsoft Windows 9x operating systems allow an attacker to cause a denial of service via a pathname that includes file device names, aka the "DOS Device in Path Name" vulnerability. | |||
| CVE-2000-0211 | 0.05 | — | 0.21 | Feb 23, 2000 | The Windows Media server allows remote attackers to cause a denial of service via a series of client handshake packets that are sent in an improper sequence, aka the "Misordered Windows Media Services Handshake" vulnerability. | |||
| CVE-2000-0105 | 0.05 | — | 0.21 | Feb 1, 2000 | Outlook Express 5.01 and Internet Explorer 5.01 allow remote attackers to view a user's email messages via a script that accesses a variable that references subsequent email messages that are read by the client. | |||
| CVE-2000-0132 | 0.05 | — | 0.20 | Jan 31, 2000 | Microsoft Java Virtual Machine allows remote attackers to read files via the getSystemResourceAsStream function. | |||
| CVE-2000-0061 | 0.05 | — | 0.20 | Jan 7, 2000 | Internet Explorer 5 does not modify the security zone for a document that is being loaded into a window until after the document has been loaded, which could allow remote attackers to execute Javascript in a different security context while the document is loading. | |||
| CVE-2000-0028 | 0.05 | — | 0.23 | Dec 23, 1999 | Internet Explorer 5.0 and 5.01 allows remote attackers to bypass the cross frame security policy and read files via the external.NavigateAndFind function. | |||
| CVE-1999-0999 | 0.05 | — | 0.22 | Nov 19, 1999 | Microsoft SQL 7.0 server allows a remote attacker to cause a denial of service via a malformed TDS packet. | |||
| CVE-2000-0073 | 0.05 | — | 0.24 | Nov 17, 1999 | Buffer overflow in Microsoft Rich Text Format (RTF) reader allows attackers to cause a denial of service via a malformed control word. | |||
| CVE-1999-1577 | 0.05 | — | 0.19 | Oct 31, 1999 | Buffer overflow in HHOpen ActiveX control (hhopen.ocx) 1.0.0.1 for Internet Explorer 4.01 and 5 allows remote attackers to execute arbitrary commands via long arguments to the OpenHelp method. | |||
| CVE-1999-1484 | 0.05 | — | 0.27 | Sep 24, 1999 | Buffer overflow in MSN Setup BBS 4.71.0.10 ActiveX control (setupbbs.ocx) allows a remote attacker to execute arbitrary commands via the methods (1) vAddNewsServer or (2) bIsNewsServerConfigured. | |||
| CVE-1999-1578 | 0.05 | — | 0.19 | Sep 24, 1999 | Buffer overflow in Registration Wizard ActiveX control (regwizc.dll, InvokeRegWizard) 3.0.0.0 for Internet Explorer 4.01 and 5 allows remote attackers to execute arbitrary commands. | |||
| CVE-1999-0886 | 0.05 | — | 0.22 | Sep 17, 1999 | The security descriptor for RASMAN allows users to point to an alternate location via the Windows NT Service Control Manager. | |||
| CVE-1999-0702 | 0.05 | — | 0.24 | Sep 10, 1999 | Internet Explorer 5.0 and 5.01 allows remote attackers to modify or execute files via the Import/Export Favorites feature, aka the "ImportExportFavorites" vulnerability. | |||
| CVE-1999-0668 | 0.05 | — | 0.23 | Aug 21, 1999 | The scriptlet.typelib ActiveX control is marked as "safe for scripting" for Internet Explorer, which allows a remote attacker to execute arbitrary commands as demonstrated by Bubbleboy. | |||
| CVE-1999-0725 | 0.05 | — | 0.25 | Aug 19, 1999 | When IIS is run with a default language of Chinese, Korean, or Japanese, it allows a remote attacker to view the source code of certain files, a.k.a. "Double Byte Code Page". | |||
| CVE-1999-0867 | 0.05 | — | 0.22 | Aug 11, 1999 | Denial of service in IIS 4.0 via a flood of HTTP requests with malformed headers. |
- CVE-2002-1712Dec 31, 2002risk 0.05cvss —epss 0.29
Microsoft Windows 2000 allows remote attackers to cause a denial of service (memory consumption) by sending a flood of empty TCP/IP packets with the ACK and FIN bits set to the NetBIOS port (TCP/139), as demonstrated by stream3.
- CVE-2002-1183Dec 11, 2002risk 0.05cvss —epss 0.19
Microsoft Windows 98 and Windows NT 4.0 do not properly verify the Basic Constraints of digital certificates, allowing remote attackers to execute code, aka "New Variant of Certificate Validation Flaw Could Enable Identity Spoofing" (CAN-2002-0862).
- CVE-2002-1179Oct 28, 2002risk 0.05cvss —epss 0.20
Buffer overflow in the S/MIME Parsing capability in Microsoft Outlook Express 5.5 and 6.0 allows remote attackers to execute arbitrary code via a digitally signed email with a long "From" address, which triggers the overflow when the user views or previews the message.
- CVE-2002-0724Sep 24, 2002risk 0.05cvss —epss 0.30
Buffer overflow in SMB (Server Message Block) protocol in Microsoft Windows NT, Windows 2000, and Windows XP allows attackers to cause a denial of service (crash) via a SMB_COM_TRANSACTION packet with a request for the (1) NetShareEnum, (2) NetServerEnum2, or (3) NetServerEnum3,…
- CVE-2002-0647Sep 24, 2002risk 0.05cvss —epss 0.23
Buffer overflow in a legacy ActiveX control used to display specially formatted text in Microsoft Internet Explorer 5.01, 5.5, and 6.0 allows remote attackers to execute arbitrary code, aka "Buffer Overrun in Legacy Text Formatting ActiveX Control".
- CVE-2002-0980Sep 24, 2002risk 0.05cvss —epss 0.27
The Web Folder component for Internet Explorer 5.5 and 6.0 writes an error message to a known location in the temporary folder, which allows remote attackers to execute arbitrary code by injecting it into the error message, then referring to the error message file via a mhtml:…
- CVE-2002-0859Sep 5, 2002risk 0.05cvss —epss 0.26
Buffer overflow in the OpenDataSource function of the Jet engine on Microsoft SQL Server 2000 allows remote attackers to execute arbitrary code.
- CVE-2002-0461Aug 12, 2002risk 0.05cvss —epss 0.23
Internet Explorer 5.01 through 6 allows remote attackers to cause a denial of service (application crash) via Javascript in a web page that calls location.replace on itself, causing a loop.
- CVE-2002-0624Jul 23, 2002risk 0.05cvss —epss 0.23
Buffer overflow in the password encryption function of Microsoft SQL Server 2000, including Microsoft SQL Server Desktop Engine (MSDE) 2000, allows remote attackers to gain control of the database and execute arbitrary code via SQL Server Authentication, aka "Unchecked Buffer in…
- CVE-2002-0191May 29, 2002risk 0.05cvss —epss 0.30
Microsoft Internet Explorer 5.01, 5.5 and 6.0 allows remote attackers to view arbitrary files that contain the "{" character via script containing the cssText property of the stylesheet object, aka "Local Information Disclosure through HTML Object" vulnerability.
- CVE-2002-0147Apr 22, 2002risk 0.05cvss —epss 0.62
Buffer overflow in the ASP data transfer mechanism in Internet Information Server (IIS) 4.0, 5.0, and 5.1 allows remote attackers to cause a denial of service or execute code, aka "Microsoft-discovered variant of Chunked Encoding buffer overrun."
- CVE-2002-0072Apr 22, 2002risk 0.05cvss —epss 0.57
The w3svc.dll ISAPI filter in Front Page Server Extensions and ASP.NET for Internet Information Server (IIS) 4.0, 5.0, and 5.1 does not properly handle the error condition when a long URL is provided, which allows remote attackers to cause a denial of service (crash) when the…
- CVE-2002-0149Apr 22, 2002risk 0.05cvss —epss 0.63
Buffer overflow in ASP Server-Side Include Function in IIS 4.0, 5.0 and 5.1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via long file names.
- CVE-2002-0073Apr 22, 2002risk 0.05cvss —epss 0.56
The FTP service in Internet Information Server (IIS) 4.0, 5.0 and 5.1 allows attackers who have established an FTP session to cause a denial of service via a specially crafted status request containing glob characters.
- CVE-2001-0722Dec 6, 2001risk 0.05cvss —epss 0.28
Internet Explorer 5.5 and 6.0 allows remote attackers to read and modify user cookies via Javascript in an about: URL, aka the "First Cookie Handling Vulnerability."
- CVE-2001-0875Nov 26, 2001risk 0.05cvss —epss 0.28
Internet Explorer 5.5 and 6.0 allows remote attackers to cause the File Download dialogue box to misrepresent the name of the file in the dialogue in a way that could fool users into thinking that the file type is safe to download.
- CVE-2001-1055Jul 30, 2001risk 0.05cvss —epss 0.22
The Microsoft Windows network stack allows remote attackers to cause a denial of service (CPU consumption) via a flood of malformed ARP request packets with random source IP and MAC addresses, as demonstrated by ARPNuke.
- CVE-2001-0348Jul 21, 2001risk 0.05cvss —epss 0.30
Microsoft Windows 2000 telnet service allows attackers to cause a denial of service (crash) via a long logon command that contains a backspace.
- CVE-2001-0239Jul 2, 2001risk 0.05cvss —epss 0.28
Microsoft Internet Security and Acceleration (ISA) Server 2000 Web Proxy allows remote attackers to cause a denial of service via a long web request with a specific type.
- CVE-2001-1088Jun 5, 2001risk 0.05cvss —epss 0.20
Microsoft Outlook 8.5 and earlier, and Outlook Express 5 and earlier, with the "Automatically put people I reply to in my address book" option enabled, do not notify the user when the "Reply-To" address is different than the "From" address, which could allow an untrusted remote…
- CVE-2001-0148Jun 2, 2001risk 0.05cvss —epss 0.27
The WMP ActiveX Control in Windows Media Player 7 allows remote attackers to execute commands in Internet Explorer via javascript URLs, a variant of the "Frame Domain Verification" vulnerability.
- CVE-2001-0322Jun 2, 2001risk 0.05cvss —epss 0.21
MSHTML.DLL HTML parser in Internet Explorer 4.0, and other versions, allows remote attackers to cause a denial of service (application crash) via a script that creates and deletes an object that is associated with the browser window object.
- CVE-2001-1325Apr 20, 2001risk 0.05cvss —epss 0.27
Internet Explorer 5.0 and 5.5, and Outlook Express 5.0 and 5.5, allow remote attackers to execute scripts when Active Scripting is disabled by including the scripts in XML stylesheets (XSL) that are referenced using an IFRAME tag, possibly due to a vulnerability in Windows…
- CVE-1999-0681Mar 12, 2001risk 0.05cvss —epss 0.20
Buffer overflow in Microsoft FrontPage Server Extensions (PWS) 3.0.2.926 on Windows 95, and possibly other versions, allows remote attackers to cause a denial of service via a long URL.
- CVE-2001-0137Mar 12, 2001risk 0.05cvss —epss 0.22
Windows Media Player 7 allows remote attackers to execute malicious Java applets in Internet Explorer clients by enclosing the applet in a skin file named skin.wmz, then referencing that skin in the codebase parameter to an applet tag, aka the Windows Media Player Skins File…
- CVE-2000-1113Jan 9, 2001risk 0.05cvss —epss 0.19
Buffer overflow in Microsoft Windows Media Player allows remote attackers to execute arbitrary commands via a malformed Active Stream Redirector (.ASX) file, aka the ".ASX Buffer Overrun" vulnerability.
- CVE-2000-0942Dec 19, 2000risk 0.05cvss —epss 0.21
The CiWebHitsFile component in Microsoft Indexing Services for Windows 2000 allows remote attackers to conduct a cross site scripting (CSS) attack via a CiRestriction parameter in a .htw request, aka the "Indexing Services Cross Site Scripting" vulnerability.
- CVE-2000-0983Dec 19, 2000risk 0.05cvss —epss 0.21
Microsoft NetMeeting with Remote Desktop Sharing enabled allows remote attackers to cause a denial of service (CPU utilization) via a sequence of null bytes to the NetMeeting port, aka the "NetMeeting Desktop Sharing" vulnerability.
- CVE-2000-0830Nov 14, 2000risk 0.05cvss —epss 0.26
annclist.exe in webTV for Windows allows remote attackers to cause a denial of service by via a large, malformed UDP packet to ports 22701 through 22705.
- CVE-2000-0653Jul 20, 2000risk 0.05cvss —epss 0.27
Microsoft Outlook Express allows remote attackers to monitor a user's email by creating a persistent browser link to the Outlook Express windows, aka the "Persistent Mail-Browser Link" vulnerability.
- CVE-2000-0581Jun 30, 2000risk 0.05cvss —epss 0.24
Windows 2000 Telnet Server allows remote attackers to cause a denial of service by sending a continuous stream of binary zeros, which causes the server to crash.
- CVE-2000-0377Jun 8, 2000risk 0.05cvss —epss 0.19
The Remote Registry server in Windows NT 4.0 allows local authenticated users to cause a denial of service via a malformed request, which causes the winlogon process to fail, aka the "Remote Registry Access Authentication" vulnerability.
- CVE-2000-0465May 17, 2000risk 0.05cvss —epss 0.21
Internet Explorer 4.x and 5.x does not properly verify the domain of a frame within a browser window, which allows a remote attacker to read client files via the frame, aka the "Frame Domain Verification" vulnerability.
- CVE-1999-0980May 16, 2000risk 0.05cvss —epss 0.23
Windows NT Service Control Manager (SCM) allows remote attackers to cause a denial of service via a malformed argument in a resource enumeration request.
- CVE-2000-0168Mar 4, 2000risk 0.05cvss —epss 0.20
Microsoft Windows 9x operating systems allow an attacker to cause a denial of service via a pathname that includes file device names, aka the "DOS Device in Path Name" vulnerability.
- CVE-2000-0211Feb 23, 2000risk 0.05cvss —epss 0.21
The Windows Media server allows remote attackers to cause a denial of service via a series of client handshake packets that are sent in an improper sequence, aka the "Misordered Windows Media Services Handshake" vulnerability.
- CVE-2000-0105Feb 1, 2000risk 0.05cvss —epss 0.21
Outlook Express 5.01 and Internet Explorer 5.01 allow remote attackers to view a user's email messages via a script that accesses a variable that references subsequent email messages that are read by the client.
- CVE-2000-0132Jan 31, 2000risk 0.05cvss —epss 0.20
Microsoft Java Virtual Machine allows remote attackers to read files via the getSystemResourceAsStream function.
- CVE-2000-0061Jan 7, 2000risk 0.05cvss —epss 0.20
Internet Explorer 5 does not modify the security zone for a document that is being loaded into a window until after the document has been loaded, which could allow remote attackers to execute Javascript in a different security context while the document is loading.
- CVE-2000-0028Dec 23, 1999risk 0.05cvss —epss 0.23
Internet Explorer 5.0 and 5.01 allows remote attackers to bypass the cross frame security policy and read files via the external.NavigateAndFind function.
- CVE-1999-0999Nov 19, 1999risk 0.05cvss —epss 0.22
Microsoft SQL 7.0 server allows a remote attacker to cause a denial of service via a malformed TDS packet.
- CVE-2000-0073Nov 17, 1999risk 0.05cvss —epss 0.24
Buffer overflow in Microsoft Rich Text Format (RTF) reader allows attackers to cause a denial of service via a malformed control word.
- CVE-1999-1577Oct 31, 1999risk 0.05cvss —epss 0.19
Buffer overflow in HHOpen ActiveX control (hhopen.ocx) 1.0.0.1 for Internet Explorer 4.01 and 5 allows remote attackers to execute arbitrary commands via long arguments to the OpenHelp method.
- CVE-1999-1484Sep 24, 1999risk 0.05cvss —epss 0.27
Buffer overflow in MSN Setup BBS 4.71.0.10 ActiveX control (setupbbs.ocx) allows a remote attacker to execute arbitrary commands via the methods (1) vAddNewsServer or (2) bIsNewsServerConfigured.
- CVE-1999-1578Sep 24, 1999risk 0.05cvss —epss 0.19
Buffer overflow in Registration Wizard ActiveX control (regwizc.dll, InvokeRegWizard) 3.0.0.0 for Internet Explorer 4.01 and 5 allows remote attackers to execute arbitrary commands.
- CVE-1999-0886Sep 17, 1999risk 0.05cvss —epss 0.22
The security descriptor for RASMAN allows users to point to an alternate location via the Windows NT Service Control Manager.
- CVE-1999-0702Sep 10, 1999risk 0.05cvss —epss 0.24
Internet Explorer 5.0 and 5.01 allows remote attackers to modify or execute files via the Import/Export Favorites feature, aka the "ImportExportFavorites" vulnerability.
- CVE-1999-0668Aug 21, 1999risk 0.05cvss —epss 0.23
The scriptlet.typelib ActiveX control is marked as "safe for scripting" for Internet Explorer, which allows a remote attacker to execute arbitrary commands as demonstrated by Bubbleboy.
- CVE-1999-0725Aug 19, 1999risk 0.05cvss —epss 0.25
When IIS is run with a default language of Chinese, Korean, or Japanese, it allows a remote attacker to view the source code of certain files, a.k.a. "Double Byte Code Page".
- CVE-1999-0867Aug 11, 1999risk 0.05cvss —epss 0.22
Denial of service in IIS 4.0 via a flood of HTTP requests with malformed headers.
Page 213 of 287