Filtered by vendor Microsoft
Subscribe
Total
21605 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2000-0153 | 1 Microsoft | 2 Frontpage, Personal Web Server | 2025-04-03 | 5.0 MEDIUM | N/A |
| FrontPage Personal Web Server (PWS) allows remote attackers to read files via a .... (dot dot) attack. | |||||
| CVE-2004-1324 | 1 Microsoft | 1 Windows Media Player | 2025-04-03 | 2.6 LOW | N/A |
| The Microsoft Windows Media Player 9.0 ActiveX control may allow remote attackers to execute arbitrary web script in the Local computer zone via the (1) artist or (2) song fields of a music file, if the file is processed using Internet Explorer. | |||||
| CVE-2002-0980 | 1 Microsoft | 1 Internet Explorer | 2025-04-03 | 7.5 HIGH | N/A |
| The Web Folder component for Internet Explorer 5.5 and 6.0 writes an error message to a known location in the temporary folder, which allows remote attackers to execute arbitrary code by injecting it into the error message, then referring to the error message file via a mhtml: URL. | |||||
| CVE-2002-0340 | 1 Microsoft | 1 Windows Media Player | 2025-04-03 | 7.5 HIGH | N/A |
| Windows Media Player (WMP) 8.00.00.4477, and possibly other versions, automatically detects and executes .wmf and other content, even when the file's extension or content type does not specify .wmf, which could make it easier for attackers to conduct unauthorized activities via Trojan horse files containing .wmf content. | |||||
| CVE-2003-1484 | 1 Microsoft | 1 Ie | 2025-04-03 | 4.3 MEDIUM | N/A |
| Microsoft Internet Explorer 6.0 SP1 allows remote attackers to cause a denial of service (crash) by creating a DHTML link that uses the AnchorClick "A" object with a blank href attribute. | |||||
| CVE-2001-1410 | 1 Microsoft | 1 Internet Explorer | 2025-04-03 | 5.0 MEDIUM | N/A |
| Internet Explorer 6 and earlier allows remote attackers to create chromeless windows using the Javascript window.createPopup method, which could allow attackers to simulate a victim's display and conduct unauthorized activities or steal sensitive data via social engineering. | |||||
| CVE-1999-0562 | 1 Microsoft | 2 Windows 2000, Windows Nt | 2025-04-03 | 7.5 HIGH | N/A |
| The registry in Windows NT can be accessed remotely by users who are not administrators. | |||||
| CVE-2006-1188 | 2 Canon, Microsoft | 3 Network Camera Server Vb101, Ie, Internet Explorer | 2025-04-03 | 7.5 HIGH | N/A |
| Microsoft Internet Explorer 5.01 through 6 allows remote attackers to execute arbitrary code via HTML elements with a certain crafted tag, which leads to memory corruption. | |||||
| CVE-1999-0981 | 1 Microsoft | 1 Internet Explorer | 2025-04-03 | 5.1 MEDIUM | N/A |
| Internet Explorer 5.01 and earlier allows a remote attacker to create a reference to a client window and use a server-side redirect to access local files via that window, aka "Server-side Page Reference Redirect." | |||||
| CVE-2003-0605 | 1 Microsoft | 1 Windows 2000 | 2025-04-03 | 7.5 HIGH | N/A |
| The RPC DCOM interface in Windows 2000 SP3 and SP4 allows remote attackers to cause a denial of service (crash), and local attackers to use the DoS to hijack the epmapper pipe to gain privileges, via certain messages to the __RemoteGetClassObject interface that cause a NULL pointer to be passed to the PerformScmStage function. | |||||
| CVE-2006-3449 | 1 Microsoft | 1 Powerpoint | 2025-04-03 | 7.5 HIGH | N/A |
| Unspecified vulnerability in Microsoft PowerPoint 2000 through 2003, possibly a buffer overflow, allows user-assisted remote attackers to execute arbitrary commands via a malformed record in the BIFF file format used in a PPT file, a different issue than CVE-2006-1540, aka "Microsoft PowerPoint Malformed Record Vulnerability." | |||||
| CVE-2001-0718 | 1 Microsoft | 2 Excel, Powerpoint | 2025-04-03 | 7.5 HIGH | N/A |
| Vulnerability in (1) Microsoft Excel 2002 and earlier and (2) Microsoft PowerPoint 2002 and earlier allows attackers to bypass macro restrictions and execute arbitrary commands by modifying the data stream in the document. | |||||
| CVE-1999-0468 | 1 Microsoft | 1 Internet Explorer | 2025-04-03 | 2.6 LOW | N/A |
| Internet Explorer 5.0 allows a remote server to read arbitrary files on the client's file system using the Microsoft Scriptlet Component. | |||||
| CVE-2005-0738 | 1 Microsoft | 1 Exchange Server | 2025-04-03 | 5.0 MEDIUM | N/A |
| Stack consumption vulnerability in Microsoft Exchange Server 2003 SP1 allows users to cause a denial of service (hang) by deleting or moving a folder with deeply nested subfolders, which causes Microsoft Exchange Information Store service (Store.exe) to hang as a result of a large number of recursive calls. | |||||
| CVE-2006-0187 | 1 Microsoft | 1 Visual Studio .net | 2025-04-03 | 5.1 MEDIUM | N/A |
| By design, Microsoft Visual Studio 2005 automatically executes code in the Load event of a user-defined control (UserControl1_Load function), which allows user-assisted attackers to execute arbitrary code by tricking the user into opening a malicious Visual Studio project file. | |||||
| CVE-2000-1217 | 1 Microsoft | 1 Windows 2000 | 2025-04-03 | 4.6 MEDIUM | N/A |
| Microsoft Windows 2000 before Service Pack 2 (SP2), when running in a non-Windows 2000 domain and using NTLM authentication, and when credentials of an account are locally cached, allows local users to bypass account lockout policies and make an unlimited number of login attempts, aka the "Domain Account Lockout" vulnerability. | |||||
| CVE-2005-0688 | 1 Microsoft | 2 Windows 2003 Server, Windows Xp | 2025-04-03 | 5.0 MEDIUM | N/A |
| Windows Server 2003 and XP SP2, with Windows Firewall turned off, allows remote attackers to cause a denial of service (CPU consumption) via a TCP packet with the SYN flag set and the same destination and source address and port, aka a reoccurrence of the "Land" vulnerability (CVE-1999-0016). | |||||
| CVE-2000-0621 | 1 Microsoft | 2 Outlook, Outlook Express | 2025-04-03 | 7.5 HIGH | N/A |
| Microsoft Outlook 98 and 2000, and Outlook Express 4.0x and 5.0x, allow remote attackers to read files on the client's system via a malformed HTML message that stores files outside of the cache, aka the "Cache Bypass" vulnerability. | |||||
| CVE-2002-1180 | 1 Microsoft | 1 Internet Information Services | 2025-04-03 | 7.5 HIGH | N/A |
| A typographical error in the script source access permissions for Internet Information Server (IIS) 5.0 does not properly exclude .COM files, which allows attackers with only write permissions to upload malicious .COM files, aka "Script Source Access Vulnerability." | |||||
| CVE-1999-1581 | 1 Microsoft | 1 Windows Nt | 2025-04-03 | 5.0 MEDIUM | N/A |
| Memory leak in Simple Network Management Protocol (SNMP) agent (snmp.exe) for Windows NT 4.0 before Service Pack 4 allows remote attackers to cause a denial of service (memory consumption) via a large number of SNMP packets with Object Identifiers (OIDs) that cannot be decoded. | |||||