VYPR

Vendor CVEs

Microsoft

All CVEs

14,175 total · sorted by risk
  • CVE-1999-1363Dec 31, 1999
    risk 0.00cvss epss 0.01

    Windows NT 3.51 and 4.0 allow local users to cause a denial of service (crash) by running a program that creates a large number of locks on a file, which exhausts the NonPagedPool.

  • CVE-1999-1233Dec 31, 1999
    risk 0.00cvss epss 0.05

    IIS 4.0 does not properly restrict access for the initial session request from a user's IP address if the address does not resolve to a DNS domain, aka the "Domain Resolution" vulnerability.

  • CVE-1999-1455Dec 31, 1999
    risk 0.00cvss epss 0.04

    RSH service utility RSHSVC in Windows NT 3.5 through 4.0 does not properly restrict access as specified in the .Rhosts file when a user comes from an authorized host, which could allow unauthorized users to access the service by logging in from an authorized host.

  • CVE-1999-1317Dec 31, 1999
    risk 0.00cvss epss 0.02

    Windows NT 4.0 SP4 and earlier allows local users to gain privileges by modifying the symbolic link table in the \?? object folder using a different case letter (upper or lower) to point to a different device.

  • CVE-1999-1294Dec 31, 1999
    risk 0.00cvss epss 0.02

    Office Shortcut Bar (OSB) in Windows 3.51 enables backup and restore permissions, which are inherited by programs such as File Manager that are started from the Shortcut Bar, which could allow local users to read folders for which they do not have permission.

  • CVE-1999-1259Dec 31, 1999
    risk 0.00cvss epss 0.03

    Microsoft Office 98, Macintosh Edition, does not properly initialize the disk space used by Office 98 files and effectively inserts data from previously deleted files into the Office file, which could allow attackers to obtain sensitive information.

  • CVE-2000-0036Dec 22, 1999
    risk 0.00cvss epss 0.04

    Outlook Express 5 for Macintosh downloads attachments to HTML mail without prompting the user, aka the "HTML Mail Attachment" vulnerability.

  • CVE-1999-0824Nov 30, 1999
    risk 0.00cvss epss 0.01

    A Windows NT user can use SUBST to map a drive letter to a folder, which is not unmapped after the user logs off, potentially allowing that user to modify the location of folders accessed by later users.

  • CVE-1999-0839Nov 29, 1999
    risk 0.00cvss epss 0.02

    Windows NT Task Scheduler installed with Internet Explorer 5 allows a user to gain privileges by modifying the job after it has been scheduled.

  • CVE-1999-0987Nov 18, 1999
    risk 0.00cvss epss 0.05

    Windows NT does not properly download a system policy if the domain user logs into the domain with a space at the end of the domain name.

  • CVE-1999-0354Nov 1, 1999
    risk 0.00cvss epss 0.05

    Internet Explorer 4.x or 5.x with Word 97 allows arbitrary execution of Visual Basic programs to the IE client through the Word 97 template, which doesn't warn the user that the template contains executable content. Also applies to Outlook when the client views a malicious…

  • CVE-1999-0827Nov 1, 1999
    risk 0.00cvss epss 0.05

    By default, Internet Explorer 5.0 and other versions enables the "Navigate sub-frames across different domains" option, which allows frame spoofing.

  • CVE-1999-0794Oct 1, 1999
    risk 0.00cvss epss 0.01

    Microsoft Excel does not warn a user when a macro is present in a Symbolic Link (SYLK) format file.

  • CVE-1999-0910Sep 10, 1999
    risk 0.00cvss epss 0.06

    Microsoft Site Server and Commercial Internet System (MCIS) do not set an expiration for a cookie, which could then be cached by a proxy and inadvertently used by a different user.

  • CVE-1999-0861Aug 11, 1999
    risk 0.00cvss epss 0.03

    Race condition in the SSL ISAPI filter in IIS and other servers may leak information in plaintext.

  • CVE-1999-0680Aug 9, 1999
    risk 0.00cvss epss 0.06

    Windows NT Terminal Server performs extra work when a client opens a new connection but before it is authenticated, allowing for a denial of service.

  • CVE-2000-0323Jul 28, 1999
    risk 0.00cvss epss 0.06

    The Microsoft Jet database engine allows an attacker to modify text files via a database query, aka the "Text I-ISAM" vulnerability.

  • CVE-1999-0728Jul 6, 1999
    risk 0.00cvss epss 0.06

    A Windows NT user can disable the keyboard or mouse by directly calling the IOCTLs which control them.

  • CVE-1999-1365Jun 28, 1999
    risk 0.00cvss epss 0.02

    Windows NT searches a user's home directory (%systemroot% by default) before other directories to find critical programs such as NDDEAGNT.EXE, EXPLORER.EXE, USERINIT.EXE or TASKMGR.EXE, which could allow local users to bypass access restrictions or gain privileges by placing a…

  • CVE-1999-0917May 27, 1999
    risk 0.00cvss epss 0.06

    The Preloader ActiveX control used by Internet Explorer allows remote attackers to read arbitrary files.

  • CVE-1999-0229May 12, 1999
    risk 0.00cvss epss 0.06

    Denial of service in Windows NT IIS server using ..\..

  • CVE-1999-0717May 7, 1999
    risk 0.00cvss epss 0.06

    A remote attacker can disable the virus warning mechanism in Microsoft Excel 97.

  • CVE-1999-1367May 6, 1999
    risk 0.00cvss epss 0.01

    Internet Explorer 5.0 does not properly reset the username/password cache for Web sites that do not use standard cache controls, which could allow users on the same system to access restricted web sites that were visited by other users.

  • CVE-1999-1097May 4, 1999
    risk 0.00cvss epss 0.04

    Microsoft NetMeeting 2.1 allows one client to read the contents of another client's clipboard via a CTRL-C in the chat box when the box is empty.

  • CVE-1999-1370Mar 23, 1999
    risk 0.00cvss epss 0.01

    The setup wizard (ie5setup.exe) for Internet Explorer 5.0 disables (1) the screen saver, which could leave the system open to users with physical access if a failure occurs during an unattended installation, and (2) the Task Scheduler Service, which might prevent the scheduled…

  • CVE-1999-0419Mar 1, 1999
    risk 0.00cvss epss 0.01

    When the Microsoft SMTP service attempts to send a message to a server and receives a 4xx error code, it quickly and repeatedly attempts to redeliver the message, causing a denial of service.

  • CVE-1999-0379Feb 22, 1999
    risk 0.00cvss epss 0.06

    Microsoft Taskpads allows remote web sites to execute commands on the visiting user's machine via certain methods that are marked as Safe for Scripting.

  • CVE-1999-0407Feb 9, 1999
    risk 0.00cvss epss 0.05

    By default, IIS 4.0 has a virtual directory /IISADMPWD which contains files that can be used as proxies for brute force password attacks, or to identify valid users on the system.

  • CVE-1999-0366Feb 8, 1999
    risk 0.00cvss epss 0.04

    In some cases, Service Pack 4 for Windows NT 4.0 can allow access to network shares using a blank password, through a problem with a null NT hash value.

  • CVE-1999-0119Jan 19, 1999
    risk 0.00cvss epss 0.06

    Windows NT 4.0 beta allows users to read and delete shares.

  • CVE-1999-0391Jan 5, 1999
    risk 0.00cvss epss 0.05

    The cryptographic challenge of SMB authentication in Windows 95 and Windows 98 can be reused, allowing an attacker to replay the response and impersonate a user.

  • CVE-1999-0578Jan 1, 1999
    risk 0.00cvss epss 0.02

    A Windows NT system's registry audit policy does not log an event success or failure for security-critical registry keys.

  • CVE-1999-0226Jan 1, 1999
    risk 0.00cvss epss 0.06

    Windows NT TCP/IP processes fragmented IP packets improperly, causing a denial of service.

  • CVE-1999-0592Jan 1, 1999
    risk 0.00cvss epss 0.02

    The Logon box of a Windows NT system displays the name of the last user who logged in.

  • CVE-1999-0549Jan 1, 1999
    risk 0.00cvss epss 0.02

    Windows NT automatically logs in an administrator upon rebooting.

  • CVE-1999-0577Jan 1, 1999
    risk 0.00cvss epss 0.06

    A Windows NT system's file audit policy does not log an event success or failure for non-critical files or directories.

  • CVE-1999-0579Jan 1, 1999
    risk 0.00cvss epss 0.06

    A Windows NT system's registry audit policy does not log an event success or failure for non-critical registry keys.

  • CVE-1999-0465Jan 1, 1999
    risk 0.00cvss epss 0.03

    Remote attackers can crash Lynx and Internet Explorer using an IMG tag with a large width parameter.

  • CVE-1999-0570Jan 1, 1999
    risk 0.00cvss epss 0.06

    Windows NT is not using a password filter utility, e.g. PASSFILT.DLL.

  • CVE-1999-0364Jan 1, 1999
    risk 0.00cvss epss 0.05

    Microsoft Access 97 stores a database password as plaintext in a foreign mdb, allowing access to data.

  • CVE-1999-0560Jan 1, 1999
    risk 0.00cvss epss 0.06

    A system-critical Windows NT file or directory has inappropriate permissions.

  • CVE-1999-0611Jan 1, 1999
    risk 0.00cvss epss 0.02

    A system-critical Windows NT registry key has an inappropriate value.

  • CVE-1999-0665Jan 1, 1999
    risk 0.00cvss epss 0.02

    An application-critical Windows NT registry key has an inappropriate value.

  • CVE-1999-0384Jan 1, 1999
    risk 0.00cvss epss 0.01

    The Forms 2.0 ActiveX control (included with Visual Basic for Applications 5.0) can be used to read text from a user's clipboard when the user accesses documents with ActiveX content.

  • CVE-1999-0593Jan 1, 1999
    risk 0.00cvss epss 0.02

    The default setting for the Winlogon key entry ShutdownWithoutLogon in Windows NT allows users with physical access to shut down a Windows NT system without logging in.

  • CVE-1999-1322Nov 12, 1998
    risk 0.00cvss epss 0.01

    The installation of 1ArcServe Backup and Inoculan AV client modules for Exchange create a log file, exchverify.log, which contains usernames and passwords in plaintext.

  • CVE-1999-0505Oct 1, 1998
    risk 0.00cvss epss 0.02

    A Windows NT domain user or administrator account has a guessable password.

  • CVE-1999-0546Oct 1, 1998
    risk 0.00cvss epss 0.02

    The Windows NT guest account is enabled.

  • CVE-1999-0344Aug 1, 1998
    risk 0.00cvss epss 0.01

    NT users can gain debug-level access on a system process using the Sechole exploit.

  • CVE-1999-1556Jun 29, 1998
    risk 0.00cvss epss 0.01

    Microsoft SQL Server 6.5 uses weak encryption for the password for the SQLExecutiveCmdExec account and stores it in an accessible portion of the registry, which could allow local users to gain privileges by reading and decrypting the CmdExecAccount value.

Page 283 of 284