Filtered by vendor Microsoft
Subscribe
Total
21800 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2004-1324 | 1 Microsoft | 1 Windows Media Player | 2017-07-11 | 2.6 LOW | N/A |
| The Microsoft Windows Media Player 9.0 ActiveX control may allow remote attackers to execute arbitrary web script in the Local computer zone via the (1) artist or (2) song fields of a music file, if the file is processed using Internet Explorer. | |||||
| CVE-2004-1133 | 1 Microsoft | 1 W3who.dll | 2017-07-11 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Microsoft W3Who ISAPI (w3who.dll) allow remote attackers to inject arbitrary HTML and web script via (1) HTTP headers such as "Connection" or (2) invalid parameters whose values are echoed in the resulting error message. | |||||
| CVE-2004-0723 | 1 Microsoft | 1 Java Virtual Machine | 2017-07-11 | 6.4 MEDIUM | N/A |
| Microsoft Java virtual machine (VM) 5.0.0.3810 allows remote attackers to bypass sandbox restrictions to read or write certain data between applets from different domains via the "GET/Key" and "PUT/Key/Value" commands, aka "cross-site Java." | |||||
| CVE-2004-0503 | 1 Microsoft | 1 Outlook | 2017-07-11 | 5.0 MEDIUM | N/A |
| Microsoft Outlook 2003 allows remote attackers to bypass the default zone restrictions and execute script within media files via a Rich Text Format (RTF) message containing an OLE object for the Windows Media Player, which bypasses Media Player's setting to disallow scripting and may lead to unprompted installation of an executable when exploited in conjunction with predictable-file-location exposures such as CVE-2004-0502. | |||||
| CVE-2004-0869 | 1 Microsoft | 1 Ie | 2017-07-11 | 5.0 MEDIUM | N/A |
| Internet Explorer does not prevent cookies that are sent over an insecure channel (HTTP) from also being sent over a secure channel (HTTPS/SSL) in the same domain, which could allow remote attackers to steal cookies and conduct unauthorized activities, aka "Cross Security Boundary Cookie Injection." | |||||
| CVE-2004-0728 | 1 Microsoft | 1 Systems Management Server | 2017-07-11 | 5.0 MEDIUM | N/A |
| The Remote Control Client service in Microsoft's Systems Management Server (SMS) 2.50.2726.0 allows remote attackers to cause a denial of service (crash) via a data packet to TCP port 2702 that causes the server to read or write to an invalid memory address. | |||||
| CVE-2004-0475 | 1 Microsoft | 1 Ie | 2017-07-11 | 5.1 MEDIUM | N/A |
| The showHelp function in Internet Explorer 6 on Windows XP Pro allows remote attackers to execute arbitrary local .CHM files via a double backward slash ("\\") before the target CHM file, as demonstrated using an "ms-its" URL to ntshared.chm. NOTE: this bug may overlap CVE-2003-1041. | |||||
| CVE-2004-0379 | 1 Microsoft | 1 Sharepoint Portal Server | 2017-07-11 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Microsoft SharePoint Portal Server 2001 allow remote attackers to process arbitrary web content and steal cookies via certain server scripts. | |||||
| CVE-2004-0502 | 1 Microsoft | 1 Outlook | 2017-07-11 | 5.0 MEDIUM | N/A |
| Outlook 2003, when replying to an e-mail message, stores certain files in a predictable location for the "src" of an img tag of the original message, which allows remote attackers to bypass zone restrictions and exploit other issues that rely on predictable locations, as demonstrated using a shell: URI. | |||||
| CVE-2004-0985 | 1 Microsoft | 1 Ie | 2017-07-11 | 10.0 HIGH | N/A |
| Internet Explorer 6.x on Windows XP SP2 allows remote attackers to execute arbitrary code, as demonstrated using a document with a draggable file type such as .xml, .doc, .py, .cdf, .css, .pdf, or .ppt, and using ADODB.Connection and ADODB.recordset to write to a .hta file that is interpreted in the Local Zone by HTML Help. | |||||
| CVE-2004-0501 | 1 Microsoft | 1 Outlook | 2017-07-11 | 5.0 MEDIUM | N/A |
| Outlook 2003 allows remote attackers to bypass intended access restrictions and cause Outlook to request a URL from a remote site via an HTML e-mail message containing a Vector Markup Language (VML) entity whose src parameter points to the remote site, which could allow remote attackers to know when a message has been read, verify valid e-mail addresses, and possibly leak other information. | |||||
| CVE-2004-0610 | 1 Microsoft | 1 Mn-500 Wireless Base Station | 2017-07-11 | 5.0 MEDIUM | N/A |
| The Web administration interface in Microsoft MN-500 Wireless Router allows remote attackers to cause a denial of service (connection refusal) via a large number of open HTTP connections. | |||||
| CVE-2002-1762 | 1 Microsoft | 1 Baseline Security Analyzer | 2017-07-11 | 5.0 MEDIUM | N/A |
| Microsoft Baseline Security Analyzer (MBSA) 1.0 stores security scans in a known location C:\Documents and Settings\username\SecurityScans in plaintext, which could allow remote attackers to obtain sensitive information about the system via malicious active content such as ActiveX controls or Java. | |||||
| CVE-2002-1338 | 1 Microsoft | 1 Office Web Components | 2017-07-11 | 5.0 MEDIUM | N/A |
| The Load method in the Chart component of Office Web Components (OWC) 9 and 10 generates an exception when a specified file does not exist, which allows remote attackers to determine the existence of local files. | |||||
| CVE-2002-1286 | 1 Microsoft | 1 Java Virtual Machine | 2017-07-11 | 7.5 HIGH | N/A |
| The Microsoft Java implementation, as used in Internet Explorer, allows remote attackers to steal cookies and execute script in a different security context via a URL that contains a colon in the domain portion, which is not properly parsed and loads an applet from a malicious site within the security context of the site that is being visited by the user. | |||||
| CVE-1999-0593 | 1 Microsoft | 1 Windows Nt | 2017-07-11 | 4.9 MEDIUM | N/A |
| The default setting for the Winlogon key entry ShutdownWithoutLogon in Windows NT allows users with physical access to shut down a Windows NT system without logging in. | |||||
| CVE-2002-1918 | 1 Microsoft | 1 Data Access Components | 2017-07-11 | 10.0 HIGH | N/A |
| Buffer overflow in Microsoft Active Data Objects (ADO) in Microsoft MDAC 2.5 through 2.7 allows remote attackers to have unknown impact with unknown attack vectors. NOTE: due to the lack of details available regarding this issue, perhaps it should be REJECTED. | |||||
| CVE-2002-1692 | 1 Microsoft | 1 Windows 95 | 2017-07-11 | 3.6 LOW | N/A |
| Buffer overflow in backup utility of Microsoft Windows 95 allows attackers to execute arbitrary code by causing a filename with a long extension to be placed in a folder to be backed up. | |||||
| CVE-2002-1698 | 1 Microsoft | 1 Msn Messenger | 2017-07-11 | 5.0 MEDIUM | N/A |
| Buffer overflow in Microsoft MSN Messenger Service 1.0 through 4.6 allows remote attackers to cause a denial of service (crash) via a long FN (font) argument in the message header. | |||||
| CVE-2003-0897 | 1 Microsoft | 1 Windows Xp | 2017-07-11 | 4.6 MEDIUM | N/A |
| "Shatter" vulnerability in CommCtl32.dll in Windows XP may allow local users to execute arbitrary code by sending (1) BCM_GETTEXTMARGIN or (2) BCM_SETTEXTMARGIN button control messages to privileged applications. | |||||