Vendor CVEs
Microsoft
All CVEs
14,175 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-1999-1363 | 0.00 | — | 0.01 | Dec 31, 1999 | Windows NT 3.51 and 4.0 allow local users to cause a denial of service (crash) by running a program that creates a large number of locks on a file, which exhausts the NonPagedPool. | |||
| CVE-1999-1233 | 0.00 | — | 0.05 | Dec 31, 1999 | IIS 4.0 does not properly restrict access for the initial session request from a user's IP address if the address does not resolve to a DNS domain, aka the "Domain Resolution" vulnerability. | |||
| CVE-1999-1455 | 0.00 | — | 0.04 | Dec 31, 1999 | RSH service utility RSHSVC in Windows NT 3.5 through 4.0 does not properly restrict access as specified in the .Rhosts file when a user comes from an authorized host, which could allow unauthorized users to access the service by logging in from an authorized host. | |||
| CVE-1999-1317 | 0.00 | — | 0.02 | Dec 31, 1999 | Windows NT 4.0 SP4 and earlier allows local users to gain privileges by modifying the symbolic link table in the \?? object folder using a different case letter (upper or lower) to point to a different device. | |||
| CVE-1999-1294 | 0.00 | — | 0.02 | Dec 31, 1999 | Office Shortcut Bar (OSB) in Windows 3.51 enables backup and restore permissions, which are inherited by programs such as File Manager that are started from the Shortcut Bar, which could allow local users to read folders for which they do not have permission. | |||
| CVE-1999-1259 | 0.00 | — | 0.03 | Dec 31, 1999 | Microsoft Office 98, Macintosh Edition, does not properly initialize the disk space used by Office 98 files and effectively inserts data from previously deleted files into the Office file, which could allow attackers to obtain sensitive information. | |||
| CVE-2000-0036 | 0.00 | — | 0.04 | Dec 22, 1999 | Outlook Express 5 for Macintosh downloads attachments to HTML mail without prompting the user, aka the "HTML Mail Attachment" vulnerability. | |||
| CVE-1999-0824 | 0.00 | — | 0.01 | Nov 30, 1999 | A Windows NT user can use SUBST to map a drive letter to a folder, which is not unmapped after the user logs off, potentially allowing that user to modify the location of folders accessed by later users. | |||
| CVE-1999-0839 | 0.00 | — | 0.02 | Nov 29, 1999 | Windows NT Task Scheduler installed with Internet Explorer 5 allows a user to gain privileges by modifying the job after it has been scheduled. | |||
| CVE-1999-0987 | 0.00 | — | 0.05 | Nov 18, 1999 | Windows NT does not properly download a system policy if the domain user logs into the domain with a space at the end of the domain name. | |||
| CVE-1999-0354 | 0.00 | — | 0.05 | Nov 1, 1999 | Internet Explorer 4.x or 5.x with Word 97 allows arbitrary execution of Visual Basic programs to the IE client through the Word 97 template, which doesn't warn the user that the template contains executable content. Also applies to Outlook when the client views a malicious… | |||
| CVE-1999-0827 | 0.00 | — | 0.05 | Nov 1, 1999 | By default, Internet Explorer 5.0 and other versions enables the "Navigate sub-frames across different domains" option, which allows frame spoofing. | |||
| CVE-1999-0794 | 0.00 | — | 0.01 | Oct 1, 1999 | Microsoft Excel does not warn a user when a macro is present in a Symbolic Link (SYLK) format file. | |||
| CVE-1999-0910 | 0.00 | — | 0.06 | Sep 10, 1999 | Microsoft Site Server and Commercial Internet System (MCIS) do not set an expiration for a cookie, which could then be cached by a proxy and inadvertently used by a different user. | |||
| CVE-1999-0861 | 0.00 | — | 0.03 | Aug 11, 1999 | Race condition in the SSL ISAPI filter in IIS and other servers may leak information in plaintext. | |||
| CVE-1999-0680 | 0.00 | — | 0.06 | Aug 9, 1999 | Windows NT Terminal Server performs extra work when a client opens a new connection but before it is authenticated, allowing for a denial of service. | |||
| CVE-2000-0323 | 0.00 | — | 0.06 | Jul 28, 1999 | The Microsoft Jet database engine allows an attacker to modify text files via a database query, aka the "Text I-ISAM" vulnerability. | |||
| CVE-1999-0728 | 0.00 | — | 0.06 | Jul 6, 1999 | A Windows NT user can disable the keyboard or mouse by directly calling the IOCTLs which control them. | |||
| CVE-1999-1365 | 0.00 | — | 0.02 | Jun 28, 1999 | Windows NT searches a user's home directory (%systemroot% by default) before other directories to find critical programs such as NDDEAGNT.EXE, EXPLORER.EXE, USERINIT.EXE or TASKMGR.EXE, which could allow local users to bypass access restrictions or gain privileges by placing a… | |||
| CVE-1999-0917 | 0.00 | — | 0.06 | May 27, 1999 | The Preloader ActiveX control used by Internet Explorer allows remote attackers to read arbitrary files. | |||
| CVE-1999-0229 | 0.00 | — | 0.06 | May 12, 1999 | Denial of service in Windows NT IIS server using ..\.. | |||
| CVE-1999-0717 | 0.00 | — | 0.06 | May 7, 1999 | A remote attacker can disable the virus warning mechanism in Microsoft Excel 97. | |||
| CVE-1999-1367 | 0.00 | — | 0.01 | May 6, 1999 | Internet Explorer 5.0 does not properly reset the username/password cache for Web sites that do not use standard cache controls, which could allow users on the same system to access restricted web sites that were visited by other users. | |||
| CVE-1999-1097 | 0.00 | — | 0.04 | May 4, 1999 | Microsoft NetMeeting 2.1 allows one client to read the contents of another client's clipboard via a CTRL-C in the chat box when the box is empty. | |||
| CVE-1999-1370 | 0.00 | — | 0.01 | Mar 23, 1999 | The setup wizard (ie5setup.exe) for Internet Explorer 5.0 disables (1) the screen saver, which could leave the system open to users with physical access if a failure occurs during an unattended installation, and (2) the Task Scheduler Service, which might prevent the scheduled… | |||
| CVE-1999-0419 | 0.00 | — | 0.01 | Mar 1, 1999 | When the Microsoft SMTP service attempts to send a message to a server and receives a 4xx error code, it quickly and repeatedly attempts to redeliver the message, causing a denial of service. | |||
| CVE-1999-0379 | 0.00 | — | 0.06 | Feb 22, 1999 | Microsoft Taskpads allows remote web sites to execute commands on the visiting user's machine via certain methods that are marked as Safe for Scripting. | |||
| CVE-1999-0407 | 0.00 | — | 0.05 | Feb 9, 1999 | By default, IIS 4.0 has a virtual directory /IISADMPWD which contains files that can be used as proxies for brute force password attacks, or to identify valid users on the system. | |||
| CVE-1999-0366 | 0.00 | — | 0.04 | Feb 8, 1999 | In some cases, Service Pack 4 for Windows NT 4.0 can allow access to network shares using a blank password, through a problem with a null NT hash value. | |||
| CVE-1999-0119 | 0.00 | — | 0.06 | Jan 19, 1999 | Windows NT 4.0 beta allows users to read and delete shares. | |||
| CVE-1999-0391 | 0.00 | — | 0.05 | Jan 5, 1999 | The cryptographic challenge of SMB authentication in Windows 95 and Windows 98 can be reused, allowing an attacker to replay the response and impersonate a user. | |||
| CVE-1999-0578 | 0.00 | — | 0.02 | Jan 1, 1999 | A Windows NT system's registry audit policy does not log an event success or failure for security-critical registry keys. | |||
| CVE-1999-0226 | 0.00 | — | 0.06 | Jan 1, 1999 | Windows NT TCP/IP processes fragmented IP packets improperly, causing a denial of service. | |||
| CVE-1999-0592 | 0.00 | — | 0.02 | Jan 1, 1999 | The Logon box of a Windows NT system displays the name of the last user who logged in. | |||
| CVE-1999-0549 | 0.00 | — | 0.02 | Jan 1, 1999 | Windows NT automatically logs in an administrator upon rebooting. | |||
| CVE-1999-0577 | 0.00 | — | 0.06 | Jan 1, 1999 | A Windows NT system's file audit policy does not log an event success or failure for non-critical files or directories. | |||
| CVE-1999-0579 | 0.00 | — | 0.06 | Jan 1, 1999 | A Windows NT system's registry audit policy does not log an event success or failure for non-critical registry keys. | |||
| CVE-1999-0465 | 0.00 | — | 0.03 | Jan 1, 1999 | Remote attackers can crash Lynx and Internet Explorer using an IMG tag with a large width parameter. | |||
| CVE-1999-0570 | 0.00 | — | 0.06 | Jan 1, 1999 | Windows NT is not using a password filter utility, e.g. PASSFILT.DLL. | |||
| CVE-1999-0364 | 0.00 | — | 0.05 | Jan 1, 1999 | Microsoft Access 97 stores a database password as plaintext in a foreign mdb, allowing access to data. | |||
| CVE-1999-0560 | 0.00 | — | 0.06 | Jan 1, 1999 | A system-critical Windows NT file or directory has inappropriate permissions. | |||
| CVE-1999-0611 | 0.00 | — | 0.02 | Jan 1, 1999 | A system-critical Windows NT registry key has an inappropriate value. | |||
| CVE-1999-0665 | 0.00 | — | 0.02 | Jan 1, 1999 | An application-critical Windows NT registry key has an inappropriate value. | |||
| CVE-1999-0384 | 0.00 | — | 0.01 | Jan 1, 1999 | The Forms 2.0 ActiveX control (included with Visual Basic for Applications 5.0) can be used to read text from a user's clipboard when the user accesses documents with ActiveX content. | |||
| CVE-1999-0593 | 0.00 | — | 0.02 | Jan 1, 1999 | The default setting for the Winlogon key entry ShutdownWithoutLogon in Windows NT allows users with physical access to shut down a Windows NT system without logging in. | |||
| CVE-1999-1322 | 0.00 | — | 0.01 | Nov 12, 1998 | The installation of 1ArcServe Backup and Inoculan AV client modules for Exchange create a log file, exchverify.log, which contains usernames and passwords in plaintext. | |||
| CVE-1999-0505 | 0.00 | — | 0.02 | Oct 1, 1998 | A Windows NT domain user or administrator account has a guessable password. | |||
| CVE-1999-0546 | 0.00 | — | 0.02 | Oct 1, 1998 | The Windows NT guest account is enabled. | |||
| CVE-1999-0344 | 0.00 | — | 0.01 | Aug 1, 1998 | NT users can gain debug-level access on a system process using the Sechole exploit. | |||
| CVE-1999-1556 | 0.00 | — | 0.01 | Jun 29, 1998 | Microsoft SQL Server 6.5 uses weak encryption for the password for the SQLExecutiveCmdExec account and stores it in an accessible portion of the registry, which could allow local users to gain privileges by reading and decrypting the CmdExecAccount value. |
- CVE-1999-1363Dec 31, 1999risk 0.00cvss —epss 0.01
Windows NT 3.51 and 4.0 allow local users to cause a denial of service (crash) by running a program that creates a large number of locks on a file, which exhausts the NonPagedPool.
- CVE-1999-1233Dec 31, 1999risk 0.00cvss —epss 0.05
IIS 4.0 does not properly restrict access for the initial session request from a user's IP address if the address does not resolve to a DNS domain, aka the "Domain Resolution" vulnerability.
- CVE-1999-1455Dec 31, 1999risk 0.00cvss —epss 0.04
RSH service utility RSHSVC in Windows NT 3.5 through 4.0 does not properly restrict access as specified in the .Rhosts file when a user comes from an authorized host, which could allow unauthorized users to access the service by logging in from an authorized host.
- CVE-1999-1317Dec 31, 1999risk 0.00cvss —epss 0.02
Windows NT 4.0 SP4 and earlier allows local users to gain privileges by modifying the symbolic link table in the \?? object folder using a different case letter (upper or lower) to point to a different device.
- CVE-1999-1294Dec 31, 1999risk 0.00cvss —epss 0.02
Office Shortcut Bar (OSB) in Windows 3.51 enables backup and restore permissions, which are inherited by programs such as File Manager that are started from the Shortcut Bar, which could allow local users to read folders for which they do not have permission.
- CVE-1999-1259Dec 31, 1999risk 0.00cvss —epss 0.03
Microsoft Office 98, Macintosh Edition, does not properly initialize the disk space used by Office 98 files and effectively inserts data from previously deleted files into the Office file, which could allow attackers to obtain sensitive information.
- CVE-2000-0036Dec 22, 1999risk 0.00cvss —epss 0.04
Outlook Express 5 for Macintosh downloads attachments to HTML mail without prompting the user, aka the "HTML Mail Attachment" vulnerability.
- CVE-1999-0824Nov 30, 1999risk 0.00cvss —epss 0.01
A Windows NT user can use SUBST to map a drive letter to a folder, which is not unmapped after the user logs off, potentially allowing that user to modify the location of folders accessed by later users.
- CVE-1999-0839Nov 29, 1999risk 0.00cvss —epss 0.02
Windows NT Task Scheduler installed with Internet Explorer 5 allows a user to gain privileges by modifying the job after it has been scheduled.
- CVE-1999-0987Nov 18, 1999risk 0.00cvss —epss 0.05
Windows NT does not properly download a system policy if the domain user logs into the domain with a space at the end of the domain name.
- CVE-1999-0354Nov 1, 1999risk 0.00cvss —epss 0.05
Internet Explorer 4.x or 5.x with Word 97 allows arbitrary execution of Visual Basic programs to the IE client through the Word 97 template, which doesn't warn the user that the template contains executable content. Also applies to Outlook when the client views a malicious…
- CVE-1999-0827Nov 1, 1999risk 0.00cvss —epss 0.05
By default, Internet Explorer 5.0 and other versions enables the "Navigate sub-frames across different domains" option, which allows frame spoofing.
- CVE-1999-0794Oct 1, 1999risk 0.00cvss —epss 0.01
Microsoft Excel does not warn a user when a macro is present in a Symbolic Link (SYLK) format file.
- CVE-1999-0910Sep 10, 1999risk 0.00cvss —epss 0.06
Microsoft Site Server and Commercial Internet System (MCIS) do not set an expiration for a cookie, which could then be cached by a proxy and inadvertently used by a different user.
- CVE-1999-0861Aug 11, 1999risk 0.00cvss —epss 0.03
Race condition in the SSL ISAPI filter in IIS and other servers may leak information in plaintext.
- CVE-1999-0680Aug 9, 1999risk 0.00cvss —epss 0.06
Windows NT Terminal Server performs extra work when a client opens a new connection but before it is authenticated, allowing for a denial of service.
- CVE-2000-0323Jul 28, 1999risk 0.00cvss —epss 0.06
The Microsoft Jet database engine allows an attacker to modify text files via a database query, aka the "Text I-ISAM" vulnerability.
- CVE-1999-0728Jul 6, 1999risk 0.00cvss —epss 0.06
A Windows NT user can disable the keyboard or mouse by directly calling the IOCTLs which control them.
- CVE-1999-1365Jun 28, 1999risk 0.00cvss —epss 0.02
Windows NT searches a user's home directory (%systemroot% by default) before other directories to find critical programs such as NDDEAGNT.EXE, EXPLORER.EXE, USERINIT.EXE or TASKMGR.EXE, which could allow local users to bypass access restrictions or gain privileges by placing a…
- CVE-1999-0917May 27, 1999risk 0.00cvss —epss 0.06
The Preloader ActiveX control used by Internet Explorer allows remote attackers to read arbitrary files.
- CVE-1999-0229May 12, 1999risk 0.00cvss —epss 0.06
Denial of service in Windows NT IIS server using ..\..
- CVE-1999-0717May 7, 1999risk 0.00cvss —epss 0.06
A remote attacker can disable the virus warning mechanism in Microsoft Excel 97.
- CVE-1999-1367May 6, 1999risk 0.00cvss —epss 0.01
Internet Explorer 5.0 does not properly reset the username/password cache for Web sites that do not use standard cache controls, which could allow users on the same system to access restricted web sites that were visited by other users.
- CVE-1999-1097May 4, 1999risk 0.00cvss —epss 0.04
Microsoft NetMeeting 2.1 allows one client to read the contents of another client's clipboard via a CTRL-C in the chat box when the box is empty.
- CVE-1999-1370Mar 23, 1999risk 0.00cvss —epss 0.01
The setup wizard (ie5setup.exe) for Internet Explorer 5.0 disables (1) the screen saver, which could leave the system open to users with physical access if a failure occurs during an unattended installation, and (2) the Task Scheduler Service, which might prevent the scheduled…
- CVE-1999-0419Mar 1, 1999risk 0.00cvss —epss 0.01
When the Microsoft SMTP service attempts to send a message to a server and receives a 4xx error code, it quickly and repeatedly attempts to redeliver the message, causing a denial of service.
- CVE-1999-0379Feb 22, 1999risk 0.00cvss —epss 0.06
Microsoft Taskpads allows remote web sites to execute commands on the visiting user's machine via certain methods that are marked as Safe for Scripting.
- CVE-1999-0407Feb 9, 1999risk 0.00cvss —epss 0.05
By default, IIS 4.0 has a virtual directory /IISADMPWD which contains files that can be used as proxies for brute force password attacks, or to identify valid users on the system.
- CVE-1999-0366Feb 8, 1999risk 0.00cvss —epss 0.04
In some cases, Service Pack 4 for Windows NT 4.0 can allow access to network shares using a blank password, through a problem with a null NT hash value.
- CVE-1999-0119Jan 19, 1999risk 0.00cvss —epss 0.06
Windows NT 4.0 beta allows users to read and delete shares.
- CVE-1999-0391Jan 5, 1999risk 0.00cvss —epss 0.05
The cryptographic challenge of SMB authentication in Windows 95 and Windows 98 can be reused, allowing an attacker to replay the response and impersonate a user.
- CVE-1999-0578Jan 1, 1999risk 0.00cvss —epss 0.02
A Windows NT system's registry audit policy does not log an event success or failure for security-critical registry keys.
- CVE-1999-0226Jan 1, 1999risk 0.00cvss —epss 0.06
Windows NT TCP/IP processes fragmented IP packets improperly, causing a denial of service.
- CVE-1999-0592Jan 1, 1999risk 0.00cvss —epss 0.02
The Logon box of a Windows NT system displays the name of the last user who logged in.
- CVE-1999-0549Jan 1, 1999risk 0.00cvss —epss 0.02
Windows NT automatically logs in an administrator upon rebooting.
- CVE-1999-0577Jan 1, 1999risk 0.00cvss —epss 0.06
A Windows NT system's file audit policy does not log an event success or failure for non-critical files or directories.
- CVE-1999-0579Jan 1, 1999risk 0.00cvss —epss 0.06
A Windows NT system's registry audit policy does not log an event success or failure for non-critical registry keys.
- CVE-1999-0465Jan 1, 1999risk 0.00cvss —epss 0.03
Remote attackers can crash Lynx and Internet Explorer using an IMG tag with a large width parameter.
- CVE-1999-0570Jan 1, 1999risk 0.00cvss —epss 0.06
Windows NT is not using a password filter utility, e.g. PASSFILT.DLL.
- CVE-1999-0364Jan 1, 1999risk 0.00cvss —epss 0.05
Microsoft Access 97 stores a database password as plaintext in a foreign mdb, allowing access to data.
- CVE-1999-0560Jan 1, 1999risk 0.00cvss —epss 0.06
A system-critical Windows NT file or directory has inappropriate permissions.
- CVE-1999-0611Jan 1, 1999risk 0.00cvss —epss 0.02
A system-critical Windows NT registry key has an inappropriate value.
- CVE-1999-0665Jan 1, 1999risk 0.00cvss —epss 0.02
An application-critical Windows NT registry key has an inappropriate value.
- CVE-1999-0384Jan 1, 1999risk 0.00cvss —epss 0.01
The Forms 2.0 ActiveX control (included with Visual Basic for Applications 5.0) can be used to read text from a user's clipboard when the user accesses documents with ActiveX content.
- CVE-1999-0593Jan 1, 1999risk 0.00cvss —epss 0.02
The default setting for the Winlogon key entry ShutdownWithoutLogon in Windows NT allows users with physical access to shut down a Windows NT system without logging in.
- CVE-1999-1322Nov 12, 1998risk 0.00cvss —epss 0.01
The installation of 1ArcServe Backup and Inoculan AV client modules for Exchange create a log file, exchverify.log, which contains usernames and passwords in plaintext.
- CVE-1999-0505Oct 1, 1998risk 0.00cvss —epss 0.02
A Windows NT domain user or administrator account has a guessable password.
- CVE-1999-0546Oct 1, 1998risk 0.00cvss —epss 0.02
The Windows NT guest account is enabled.
- CVE-1999-0344Aug 1, 1998risk 0.00cvss —epss 0.01
NT users can gain debug-level access on a system process using the Sechole exploit.
- CVE-1999-1556Jun 29, 1998risk 0.00cvss —epss 0.01
Microsoft SQL Server 6.5 uses weak encryption for the password for the SQLExecutiveCmdExec account and stores it in an accessible portion of the registry, which could allow local users to gain privileges by reading and decrypting the CmdExecAccount value.
Page 283 of 284