VYPR

Vendor CVEs

Microsoft

All CVEs

14,175 total · sorted by risk
  • CVE-2000-1087Jan 9, 2001
    risk 0.00cvss epss 0.03

    The xp_proxiedmetadata function in Microsoft SQL Server 2000 and SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP), which allows an attacker to…

  • CVE-2000-1084Jan 9, 2001
    risk 0.00cvss epss 0.03

    The xp_updatecolvbm function in SQL Server and Microsoft SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP), which allows an attacker to cause a…

  • CVE-2000-1086Jan 9, 2001
    risk 0.00cvss epss 0.03

    The xp_printstatements function in Microsoft SQL Server 2000 and SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP), which allows an attacker to…

  • CVE-2000-0933Dec 19, 2000
    risk 0.00cvss epss 0.02

    The Input Method Editor (IME) in the Simplified Chinese version of Windows 2000 does not disable access to privileged functionality that should normally be restricted, which allows local users to gain privileges, aka the "Simplified Chinese IME State Recognition" vulnerability.

  • CVE-2000-1217Nov 21, 2000
    risk 0.00cvss epss 0.02

    Microsoft Windows 2000 before Service Pack 2 (SP2), when running in a non-Windows 2000 domain and using NTLM authentication, and when credentials of an account are locally cached, allows local users to bypass account lockout policies and make an unlimited number of login…

  • CVE-2000-0756Oct 20, 2000
    risk 0.00cvss epss 0.05

    Microsoft Outlook 2000 does not properly process long or malformed fields in vCard (.vcf) files, which allows attackers to cause a denial of service.

  • CVE-2000-0767Oct 20, 2000
    risk 0.00cvss epss 0.04

    The ActiveX control for invoking a scriptlet in Internet Explorer 4.x and 5.x renders arbitrary file types instead of HTML, which allows an attacker to read arbitrary files, aka the "Scriptlet Rendering" vulnerability.

  • CVE-2000-0753Oct 20, 2000
    risk 0.00cvss epss 0.05

    The Microsoft Outlook mail client identifies the physical path of the sender's machine within a winmail.dat attachment to Rich Text Format (RTF) files.

  • CVE-2000-0777Oct 20, 2000
    risk 0.00cvss epss 0.01

    The password protection feature of Microsoft Money can store the password in plaintext, which allows attackers with physical access to the system to obtain the password, aka the "Money Password" vulnerability.

  • CVE-2000-0790Oct 20, 2000
    risk 0.00cvss epss 0.02

    The web-based folder display capability in Microsoft Internet Explorer 5.5 on Windows 98 allows local users to insert Trojan horse programs by modifying the Folder.htt file and using the InvokeVerb method in the ShellDefView ActiveX control to specify a default execute option…

  • CVE-2000-0563Oct 20, 2000
    risk 0.00cvss epss 0.03

    The URLConnection function in MacOS Runtime Java (MRJ) 2.1 and earlier and the Microsoft virtual machine (VM) for MacOS allows a malicious web site operator to connect to arbitrary hosts using a HTTP redirection, in violation of the Java security model.

  • CVE-2000-0771Oct 20, 2000
    risk 0.00cvss epss 0.02

    Microsoft Windows 2000 allows local users to cause a denial of service by corrupting the local security policy via malformed RPC traffic, aka the "Local Security Policy Corruption" vulnerability.

  • CVE-2000-0765Oct 20, 2000
    risk 0.00cvss epss 0.04

    Buffer overflow in the HTML interpreter in Microsoft Office 2000 allows an attacker to execute arbitrary commands via a long embedded object tag, aka the "Microsoft Office HTML Object Tag" vulnerability.

  • CVE-2000-0637Jul 26, 2000
    risk 0.00cvss epss 0.02

    Microsoft Excel 97 and 2000 allows an attacker to execute arbitrary commands by specifying a malicious .dll using the Register.ID function, aka the "Excel REGISTER.ID Function" vulnerability.

  • CVE-2000-0663Jul 25, 2000
    risk 0.00cvss epss 0.02

    The registry entry for the Windows Shell executable (Explorer.exe) in Windows NT and Windows 2000 uses a relative path name, which allows local users to execute arbitrary commands by inserting a Trojan Horse named Explorer.exe into the %Systemdrive% directory, aka the "Relative…

  • CVE-2000-0654Jul 11, 2000
    risk 0.00cvss epss 0.01

    Microsoft Enterprise Manager allows local users to obtain database passwords via the Data Transformation Service (DTS) package Registered Servers Dialog dialog, aka a variant of the "DTS Password" vulnerability.

  • CVE-2000-0603Jul 7, 2000
    risk 0.00cvss epss 0.02

    Microsoft SQL Server 7.0 allows a local user to bypass permissions for stored procedures by referencing them via a temporary stored procedure, aka the "Stored Procedure Permissions" vulnerability.

  • CVE-1999-0585Jul 1, 2000
    risk 0.00cvss epss 0.02

    A Windows NT administrator account has the default name of Administrator.

  • CVE-2000-0475Jun 15, 2000
    risk 0.00cvss epss 0.02

    Windows 2000 allows a local user process to access another user's desktop within the same windows station, aka the "Desktop Separation" vulnerability.

  • CVE-2000-0519Jun 5, 2000
    risk 0.00cvss epss 0.05

    Internet Explorer 4.x and 5.x does not properly re-validate an SSL certificate if the user establishes a new SSL session with the same server during the same Internet Explorer session, aka one of two different "SSL Certificate Validation" vulnerabilities.

  • CVE-2000-0518Jun 5, 2000
    risk 0.00cvss epss 0.05

    Internet Explorer 4.x and 5.x does not properly verify all contents of an SSL certificate if a connection is made to the server via an image or a frame, aka one of two different "SSL Certificate Validation" vulnerabilities.

  • CVE-1999-0590Jun 1, 2000
    risk 0.00cvss epss 0.06

    A system does not present an appropriate legal message or warning to a user who is accessing it.

  • CVE-2000-0487Jun 1, 2000
    risk 0.00cvss epss 0.02

    The Protected Store in Windows 2000 does not properly select the strongest encryption when available, which causes it to use a default of 40-bit encryption instead of 56-bit DES encryption, aka the "Protected Store Key Length" vulnerability.

  • CVE-2000-0485May 30, 2000
    risk 0.00cvss epss 0.02

    Microsoft SQL Server allows local users to obtain database passwords via the Data Transformation Service (DTS) package Properties dialog, aka the "DTS Password" vulnerability.

  • CVE-2000-0415May 12, 2000
    risk 0.00cvss epss 0.06

    Buffer overflow in Outlook Express 4.x allows attackers to cause a denial of service via a mail or news message that has a .jpg or .bmp attachment with a long file name.

  • CVE-2000-0416May 11, 2000
    risk 0.00cvss epss 0.06

    NTMail 5.x allows network users to bypass the NTMail proxy restrictions by redirecting their requests to NTMail's web configuration server.

  • CVE-2000-0420May 11, 2000
    risk 0.00cvss epss 0.01

    The default configuration of SYSKEY in Windows 2000 stores the startup key in the registry, which could allow an attacker tor ecover it and use it to decrypt Encrypted File System (EFS) data.

  • CVE-2000-0311Apr 20, 2000
    risk 0.00cvss epss 0.01

    The Windows 2000 domain controller allows a malicious user to modify Active Directory information by modifying an unprotected attribute, aka the "Mixed Object Access" vulnerability.

  • CVE-2000-0259Apr 12, 2000
    risk 0.00cvss epss 0.01

    The default permissions for the Cryptography\Offload registry key used by the OffloadModExpo in Windows NT 4.0 allows local users to obtain compromise the cryptographic keys of other users.

  • CVE-1999-0701Apr 11, 2000
    risk 0.00cvss epss 0.02

    After an unattended installation of Windows NT 4.0, an installation file could include sensitive information such as the local Administrator password.

  • CVE-2000-0298Apr 7, 2000
    risk 0.00cvss epss 0.02

    The unattended installation of Windows 2000 with the OEMPreinstall option sets insecure permissions for the All Users and Default Users directories.

  • CVE-2000-0277Apr 3, 2000
    risk 0.00cvss epss 0.02

    Microsoft Excel 97 and 2000 does not warn the user when executing Excel Macro Language (XLM) macros in external text files, which could allow an attacker to execute a macro virus, aka the "XLM Text Macro" vulnerability.

  • CVE-2000-0199Mar 14, 2000
    risk 0.00cvss epss 0.01

    When a new SQL Server is registered in Enterprise Manager for Microsoft SQL Server 7.0 and the "Always prompt for login name and password" option is not set, then the Enterprise Manager uses weak encryption to store the login ID and password.

  • CVE-2000-0216Feb 29, 2000
    risk 0.00cvss epss 0.05

    Microsoft email clients in Outlook, Exchange, and Windows Messaging automatically respond to Read Receipt and Delivery Receipt tags, which could allow an attacker to flood a mail system with responses by forging a Read Receipt request that is redirected to a large distribution…

  • CVE-2000-0197Feb 14, 2000
    risk 0.00cvss epss 0.02

    The Windows NT scheduler uses the drive mapping of the interactive user who is currently logged onto the system, which allows the local user to gain privileges by providing a Trojan horse batch file in place of the original batch file.

  • CVE-2000-0089Feb 4, 2000
    risk 0.00cvss epss 0.02

    The rdisk utility in Microsoft Terminal Server Edition and Windows NT 4.0 stores registry hive information in a temporary file with permissions that allow local users to read it, aka the "RDISK Registry Enumeration File" vulnerability.

  • CVE-1999-0595Jan 20, 2000
    risk 0.00cvss epss 0.02

    A Windows NT system does not clear the system page file during shutdown, which might allow sensitive information to be recorded.

  • CVE-2000-0088Jan 20, 2000
    risk 0.00cvss epss 0.02

    Buffer overflow in the conversion utilities for Japanese, Korean and Chinese Word 5 documents allows an attacker to execute commands, aka the "Malformed Conversion Data" vulnerability.

  • CVE-2000-0070Jan 12, 2000
    risk 0.00cvss epss 0.02

    NtImpersonateClientOfPort local procedure call in Windows NT 4.0 allows local users to gain privileges, aka "Spoofed LPC Port Request."

  • CVE-1999-0876Jan 4, 2000
    risk 0.00cvss epss 0.06

    Buffer overflow in Internet Explorer 4.0 via EMBED tag.

  • CVE-1999-1104Dec 31, 1999
    risk 0.00cvss epss 0.01

    Windows 95 uses weak encryption for the password list (.pwl) file used when password caching is enabled, which allows local users to gain privileges by decrypting the passwords.

  • CVE-1999-1316Dec 31, 1999
    risk 0.00cvss epss 0.04

    Passfilt.dll in Windows NT SP2 allows users to create a password that contains the user's name, which could make it easier for an attacker to guess.

  • CVE-1999-1360Dec 31, 1999
    risk 0.00cvss epss 0.01

    Windows NT 4.0 allows local users to cause a denial of service via a user mode application that closes a handle that was opened in kernel mode, which causes a crash when the kernel attempts to close the handle.

  • CVE-1999-1364Dec 31, 1999
    risk 0.00cvss epss 0.01

    Windows NT 4.0 allows local users to cause a denial of service (crash) via an illegal kernel mode address to the functions (1) GetThreadContext or (2) SetThreadContext.

  • CVE-1999-1362Dec 31, 1999
    risk 0.00cvss epss 0.01

    Win32k.sys in Windows NT 4.0 before SP2 allows local users to cause a denial of service (crash) by calling certain WIN32K functions with incorrect parameters.

  • CVE-1999-1358Dec 31, 1999
    risk 0.00cvss epss 0.01

    When an administrator in Windows NT or Windows 2000 changes a user policy, the policy is not properly updated if the local ntconfig.pol is not writable by the user, which could allow local users to bypass restrictions that would otherwise be enforced by the policy, possibly by…

  • CVE-1999-1222Dec 31, 1999
    risk 0.00cvss epss 0.05

    Netbt.sys in Windows NT 4.0 allows remote malicious DNS servers to cause a denial of service (crash) by returning 0.0.0.0 as the IP address for a DNS host name lookup.

  • CVE-1999-1279Dec 31, 1999
    risk 0.00cvss epss 0.06

    An interaction between the AS/400 shared folders feature and Microsoft SNA Server 3.0 and earlier allows users to view each other's folders when the users share the same Local APPC LU.

  • CVE-1999-1452Dec 31, 1999
    risk 0.00cvss epss 0.06

    GINA in Windows NT 4.0 allows attackers with physical access to display a portion of the clipboard of the user who has locked the workstation by pasting (CTRL-V) the contents into the username prompt.

  • CVE-1999-1359Dec 31, 1999
    risk 0.00cvss epss 0.04

    When the Ntconfig.pol file is used on a server whose name is longer than 13 characters, Windows NT does not properly enforce policies for global groups, which could allow users to bypass restrictions that were intended by those policies.