VYPR

Vendor CVEs

Microsoft

All CVEs

14,271 total · sorted by risk
  • CVE-2002-0622Jul 3, 2002
    risk 0.02cvss epss 0.19

    The Office Web Components (OWC) package installer for Microsoft Commerce Server 2000 allows remote attackers to execute commands by passing the commands as input to the OWC package installer, aka "OWC Package Command Execution".

  • CVE-2002-0190May 29, 2002
    risk 0.02cvss epss 0.24

    Microsoft Internet Explorer 5.01, 5.5 and 6.0 allows remote attackers to execute arbitrary code under fewer security restrictions via a malformed web page that requires NetBIOS connectivity, aka "Zone Spoofing through Malformed Web Page" vulnerability.

  • CVE-2002-0155May 29, 2002
    risk 0.02cvss epss 0.24

    Buffer overflow in Microsoft MSN Chat ActiveX Control, as used in MSN Messenger 4.5 and 4.6, and Exchange Instant Messenger 4.5 and 4.6, allows remote attackers to execute arbitrary code via a long ResDLL parameter in the MSNChat OCX.

  • CVE-2002-0224May 16, 2002
    risk 0.02cvss epss 0.22

    The MSDTC (Microsoft Distributed Transaction Service Coordinator) for Microsoft Windows 2000, Microsoft IIS 5.0 and SQL Server 6.5 through SQL 2000 0.0 allows remote attackers to cause a denial of service (crash or hang) via malformed (random) input.

  • CVE-2002-0154May 16, 2002
    risk 0.02cvss epss 0.25

    Buffer overflows in extended stored procedures for Microsoft SQL Server 7.0 and 2000 allow remote attackers to cause a denial of service or execute arbitrary code via a database query with certain long arguments.

  • CVE-2002-0078Mar 29, 2002
    risk 0.02cvss epss 0.22

    The zone determination function in Microsoft Internet Explorer 5.5 and 6.0 allows remote attackers to run scripts in the Local Computer zone by embedding the script in a cookie, aka the "Cookie-based Script Execution" vulnerability.

  • CVE-2002-0076Mar 19, 2002
    risk 0.02cvss epss 0.27

    Java Runtime Environment (JRE) Bytecode Verifier allows remote attackers to escape the Java sandbox and execute commands via an applet containing an illegal cast operation, as seen in (1) Microsoft VM build 3802 and earlier as used in Internet Explorer 4.x and 5.x, (2) Netscape…

  • CVE-2002-0027Mar 8, 2002
    risk 0.02cvss epss 0.19

    Internet Explorer 5.5 and 6.0 allows remote attackers to read certain files and spoof the URL in the address bar by using the Document.open function to pass information between two frames from different domains, a new variant of the "Frame Domain Verification" vulnerability…

  • CVE-2002-0054Mar 8, 2002
    risk 0.02cvss epss 0.22

    SMTP service in (1) Microsoft Windows 2000 and (2) Internet Mail Connector (IMC) in Exchange Server 5.5 does not properly handle responses to NTLM authentication, which allows remote attackers to perform mail relaying via an SMTP AUTH command using null session credentials.

  • CVE-2002-0057Mar 8, 2002
    risk 0.02cvss epss 0.19

    XMLHTTP control in Microsoft XML Core Services 2.6 and later does not properly handle IE Security Zone settings, which allows remote attackers to read arbitrary files by specifying a local file as an XML Data Source.

  • CVE-2002-0056Mar 8, 2002
    risk 0.02cvss epss 0.25

    Buffer overflow in SQL Server 7.0 and 2000 allows remote attackers to execute arbitrary code via a long OLE DB provider name to (1) OpenDataSource or (2) OpenRowset in an ad hoc connection.

  • CVE-2001-0727Dec 14, 2001
    risk 0.02cvss epss 0.31

    Internet Explorer 6.0 allows remote attackers to execute arbitrary code by modifying the Content-Disposition and Content-Type header fields in a way that causes Internet Explorer to believe that the file is safe to open without prompting the user, aka the "File Execution…

  • CVE-2001-0945Dec 3, 2001
    risk 0.02cvss epss 0.20

    Buffer overflow in Outlook Express 5.0 through 5.02 for Macintosh allows remote attackers to cause a denial of service via an e-mail message that contains a long line.

  • CVE-2001-0508Sep 20, 2001
    risk 0.02cvss epss 0.27

    Vulnerability in IIS 5.0 allows remote attackers to cause a denial of service (restart) via a long, invalid WebDAV request.

  • CVE-2001-0504Aug 14, 2001
    risk 0.02cvss epss 0.23

    Vulnerability in authentication process for SMTP service in Microsoft Windows 2000 allows remote attackers to use incorrect credentials to gain privileges and conduct activities such as mail relaying.

  • CVE-2001-0002Jul 21, 2001
    risk 0.02cvss epss 0.20

    Internet Explorer 5.5 and earlier allows remote attackers to obtain the physical location of cached content and open the content in the Local Computer Zone, then use compiled HTML help (.chm) files to execute arbitrary programs.

  • CVE-2001-1319Jul 16, 2001
    risk 0.02cvss epss 0.29

    Microsoft Exchange 5.5 2000 allows remote attackers to cause a denial of service (hang) via exceptional BER encodings for the LDAP filter type field, as demonstrated by the PROTOS LDAPv3 test suite.

  • CVE-2001-0242Jun 27, 2001
    risk 0.02cvss epss 0.30

    Buffer overflows in Microsoft Windows Media Player 7 and earlier allow remote attackers to execute arbitrary commands via (1) a long version tag in an .ASX file, or (2) a long banner tag, a variant of the ".ASX Buffer Overrun" vulnerability as discussed in MS:MS00-090.

  • CVE-2001-0335Jun 27, 2001
    risk 0.02cvss epss 0.21

    FTP service in IIS 5.0 and earlier allows remote attackers to enumerate Guest accounts in trusted domains by preceding the username with a special sequence of characters.

  • CVE-1999-0945Mar 12, 2001
    risk 0.02cvss epss 0.20

    Buffer overflow in Internet Mail Service (IMS) for Microsoft Exchange 5.5 and 5.0 allows remote attackers to conduct a denial of service via AUTH or AUTHINFO commands.

  • CVE-2001-0004Feb 12, 2001
    risk 0.02cvss epss 0.28

    IIS 5.0 and 4.0 allows remote attackers to read the source code for executable web server programs by appending "%3F+.htr" to the requested URL, which causes the files to be parsed by the .HTR ISAPI extension, aka a variant of the "File Fragment Reading via .HTR" vulnerability.

  • CVE-2001-0096Feb 12, 2001
    risk 0.02cvss epss 0.20

    FrontPage Server Extensions (FPSE) in IIS 4.0 and 5.0 allows remote attackers to cause a denial of service via a malformed form, aka the "Malformed Web Form Submission" vulnerability.

  • CVE-1999-1579Dec 14, 2000
    risk 0.02cvss epss 0.22

    The Cenroll ActiveX control (xenroll.dll) for Terminal Server Editions of Windows NT 4.0 and Windows NT Server 4.0 before SP6 allows remote attackers to cause a denial of service (resource consumption) by creating a large number of arbitrary files on the target machine.

  • CVE-2000-1034Dec 11, 2000
    risk 0.02cvss epss 0.30

    Buffer overflow in the System Monitor ActiveX control in Windows 2000 allows remote attackers to execute arbitrary commands via a long LogFileName parameter in HTML source code, aka the "ActiveX Parameter Validation" vulnerability.

  • CVE-2000-0858Nov 14, 2000
    risk 0.02cvss epss 0.19

    Vulnerability in Microsoft Windows NT 4.0 allows remote attackers to cause a denial of service in IIS by sending it a series of malformed requests which cause INETINFO.EXE to fail, aka the "Invalid URL" vulnerability.

  • CVE-2000-0709Oct 20, 2000
    risk 0.02cvss epss 0.25

    The shtml.exe component of Microsoft FrontPage 2000 Server Extensions 1.1 allows remote attackers to cause a denial of service in some components by requesting a URL whose name includes a standard DOS device name.

  • CVE-2000-0710Oct 20, 2000
    risk 0.02cvss epss 0.26

    The shtml.exe component of Microsoft FrontPage 2000 Server Extensions 1.1 allows remote attackers to determine the physical path of the server components by requesting an invalid URL whose name includes a standard DOS device name.

  • CVE-2000-0742Oct 20, 2000
    risk 0.02cvss epss 0.19

    The IPX protocol implementation in Microsoft Windows 95 and 98 allows remote attackers to cause a denial of service by sending a ping packet with a source IP address that is a broadcast address, aka the "Malformed IPX Ping Packet" vulnerability.

  • CVE-2000-0621Jul 20, 2000
    risk 0.02cvss epss 0.22

    Microsoft Outlook 98 and 2000, and Outlook Express 4.0x and 5.0x, allow remote attackers to read files on the client's system via a malformed HTML message that stores files outside of the cache, aka the "Cache Bypass" vulnerability.

  • CVE-2000-0631Jul 14, 2000
    risk 0.02cvss epss 0.25

    An administrative script from IIS 3.0, later included in IIS 4.0 and 5.0, allows remote attackers to cause a denial of service by accessing the script without a particular argument, aka the "Absent Directory Browser Argument" vulnerability.

  • CVE-2000-0596Jun 27, 2000
    risk 0.02cvss epss 0.25

    Internet Explorer 5.x does not warn a user before opening a Microsoft Access database file that is referenced within ActiveX OBJECT tags in an HTML document, which could allow remote attackers to execute arbitrary commands, aka the "IE Script" vulnerability.

  • CVE-2000-0419May 11, 2000
    risk 0.02cvss epss 0.21

    The Office 2000 UA ActiveX Control is marked as "safe for scripting," which allows remote attackers to conduct unauthorized activities via the "Show Me" function in Office Help, aka the "Office 2000 UA Control" vulnerability.

  • CVE-2000-0304May 10, 2000
    risk 0.02cvss epss 0.29

    Microsoft IIS 4.0 and 5.0 with the IISADMPWD virtual directory installed allows a remote attacker to cause a denial of service via a malformed request to the inetinfo.exe program, aka the "Undelimited .HTR Request" vulnerability.

  • CVE-2000-0122Feb 3, 2000
    risk 0.02cvss epss 0.21

    Frontpage Server Extensions allows remote attackers to determine the physical path of a virtual directory via a GET request to the htimage.exe CGI program.

  • CVE-2000-0071Jan 11, 2000
    risk 0.02cvss epss 0.28

    IIS 4.0 allows a remote attacker to obtain the real pathname of the document root by requesting non-existent files with .ida or .idq extensions.

  • CVE-2000-0081Jan 10, 2000
    risk 0.02cvss epss 0.19

    Hotmail does not properly filter JavaScript code from a user's mailbox, which allows a remote attacker to execute the code by using hexadecimal codes to specify the javascript: protocol, e.g. jAvascript.

  • CVE-1999-0995Dec 16, 1999
    risk 0.02cvss epss 0.22

    Windows NT Local Security Authority (LSA) allows remote attackers to cause a denial of service via malformed arguments to the LsaLookupSids function which looks up the SID, aka "Malformed Security Identifier Request."

  • CVE-2000-0328Aug 24, 1999
    risk 0.02cvss epss 0.25

    Windows NT 4.0 generates predictable random TCP initial sequence numbers (ISN), which allows remote attackers to perform spoofing and session hijacking.

  • CVE-1999-0682Aug 6, 1999
    risk 0.02cvss epss 0.26

    Microsoft Exchange 5.5 allows a remote attacker to relay email (i.e. spam) using encapsulated SMTP addresses, even if the anti-relaying features are enabled.

  • CVE-1999-0737May 7, 1999
    risk 0.02cvss epss 0.28

    The viewcode.asp sample file in IIS and Site Server allows remote attackers to read arbitrary files.

  • CVE-1999-0739May 7, 1999
    risk 0.02cvss epss 0.29

    The codebrws.asp sample file in IIS and Site Server allows remote attackers to read arbitrary files.

  • CVE-1999-0738May 7, 1999
    risk 0.02cvss epss 0.29

    The code.asp sample file in IIS and Site Server allows remote attackers to read arbitrary files.

  • CVE-1999-1376Jan 14, 1999
    risk 0.02cvss epss 0.24

    Buffer overflow in fpcount.exe in IIS 4.0 with FrontPage Server Extensions allows remote attackers to execute arbitrary commands.

  • CVE-1999-1581Dec 23, 1997
    risk 0.02cvss epss 0.21

    Memory leak in Simple Network Management Protocol (SNMP) agent (snmp.exe) for Windows NT 4.0 before Service Pack 4 allows remote attackers to cause a denial of service (memory consumption) via a large number of SNMP packets with Object Identifiers (OIDs) that cannot be decoded.

  • CVE-1999-1387Apr 2, 1997
    risk 0.02cvss epss 0.21

    Windows NT 4.0 SP2 allows remote attackers to cause a denial of service (crash), possibly via malformed inputs or packets, such as those generated by a Linux smbmount command that was compiled on the Linux 2.0.29 kernel but executed on Linux 2.0.25.

  • CVE-2025-55232Sep 9, 2025
    risk 0.01cvss epss 0.02

    Deserialization of untrusted data in Microsoft High Performance Compute Pack (HPC) allows an unauthorized attacker to execute code over a network.

  • CVE-2025-53143Aug 12, 2025
    risk 0.01cvss epss 0.01

    Access of resource using incompatible type ('type confusion') in Windows Message Queuing allows an authorized attacker to execute code over a network.

  • CVE-2025-53773Aug 12, 2025
    risk 0.01cvss epss 0.03

    Improper neutralization of special elements used in a command ('command injection') in GitHub Copilot and Visual Studio allows an unauthorized attacker to execute code locally.

  • CVE-2020-1045HigSep 11, 2020
    risk 0.01cvss 7.5epss 0.07

    A security feature bypass vulnerability exists in the way Microsoft ASP.NET Core parses encoded cookie names. The ASP.NET Core cookie parser decodes entire cookie strings which could allow a malicious attacker to set a second cookie with the name being percent…

  • CVE-2020-0812HigMar 12, 2020
    risk 0.01cvss 7.5epss 0.08

    A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge (HTML-based)L, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0811.

Page 234 of 286