Filtered by vendor Microsoft
Subscribe
Total
21800 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2000-0216 | 1 Microsoft | 3 Exchange Server, Outlook, Windows Messaging | 2008-09-10 | 5.0 MEDIUM | N/A |
| Microsoft email clients in Outlook, Exchange, and Windows Messaging automatically respond to Read Receipt and Delivery Receipt tags, which could allow an attacker to flood a mail system with responses by forging a Read Receipt request that is redirected to a large distribution list. | |||||
| CVE-2000-0105 | 1 Microsoft | 1 Outlook Express | 2008-09-10 | 5.0 MEDIUM | N/A |
| Outlook Express 5.01 and Internet Explorer 5.01 allow remote attackers to view a user's email messages via a script that accesses a variable that references subsequent email messages that are read by the client. | |||||
| CVE-1999-0975 | 1 Microsoft | 3 Windows 95, Windows 98, Windows Nt | 2008-09-09 | 4.6 MEDIUM | N/A |
| The Windows help system can allow a local user to execute commands as another user by editing a table of contents metafile with a .CNT extension and modifying the topic action to include the commands to be executed when the .hlp file is accessed. | |||||
| CVE-1999-0824 | 1 Microsoft | 1 Windows Nt | 2008-09-09 | 4.6 MEDIUM | N/A |
| A Windows NT user can use SUBST to map a drive letter to a folder, which is not unmapped after the user logs off, potentially allowing that user to modify the location of folders accessed by later users. | |||||
| CVE-1999-0989 | 1 Microsoft | 1 Ie | 2008-09-09 | 7.5 HIGH | N/A |
| Buffer overflow in Internet Explorer 5 directshow filter (MSDXM.OCX) allows remote attackers to execute commands via the vnd.ms.radio protocol. | |||||
| CVE-1999-0750 | 1 Microsoft | 1 Hotmail | 2008-09-09 | 5.1 MEDIUM | N/A |
| Hotmail allows Javascript to be executed via the HTML STYLE tag, allowing remote attackers to execute commands on the user's Hotmail account. | |||||
| CVE-1999-0225 | 1 Microsoft | 1 Windows Nt | 2008-09-09 | 5.0 MEDIUM | N/A |
| Windows NT 4.0 allows remote attackers to cause a denial of service via a malformed SMB logon request in which the actual data size does not match the specified size. | |||||
| CVE-1999-0449 | 1 Microsoft | 1 Internet Information Server | 2008-09-09 | 7.8 HIGH | N/A |
| The ExAir sample site in IIS 4 allows remote attackers to cause a denial of service (CPU consumption) via a direct request to the (1) advsearch.asp, (2) query.asp, or (3) search.asp scripts. | |||||
| CVE-1999-0256 | 2 Jgaa, Microsoft | 3 Warftpd, Windows 95, Windows Nt | 2008-09-09 | 7.5 HIGH | N/A |
| Buffer overflow in War FTP allows remote execution of commands. | |||||
| CVE-1999-0153 | 2 Microsoft, Sco | 4 Windows 2000, Windows 95, Windows Nt and 1 more | 2008-09-09 | 5.0 MEDIUM | N/A |
| Windows 95/NT out of band (OOB) data denial of service through NETBIOS port, aka WinNuke. | |||||
| CVE-1999-0191 | 1 Microsoft | 1 Internet Information Server | 2008-09-09 | 6.4 MEDIUM | N/A |
| IIS newdsn.exe CGI script allows remote users to overwrite files. | |||||
| CVE-2008-1200 | 1 Microsoft | 2 Access, Jet | 2008-09-05 | 9.3 HIGH | N/A |
| Unspecified vulnerability in Microsoft Access allows remote user-assisted attackers to execute arbitrary code via a crafted .MDB file, possibly related to Jet Engine (msjet40.dll). NOTE: this is probably a different issue than CVE-2007-6026. | |||||
| CVE-2006-6659 | 1 Microsoft | 3 Ie, Outlook, Windows Xp | 2008-09-05 | 5.0 MEDIUM | N/A |
| The Microsoft Office Outlook Recipient ActiveX control (ole32.dll) in Windows XP SP2 allows remote attackers to cause a denial of service (Internet Explorer 7 hang) via crafted HTML. | |||||
| CVE-2006-4888 | 1 Microsoft | 1 Ie | 2008-09-05 | 5.0 MEDIUM | N/A |
| Microsoft Internet Explorer 6 and earlier allows remote attackers to cause a denial of service (application hang) via a CSS-formatted HTML INPUT element within a DIV element that has a larger size than the INPUT. | |||||
| CVE-2006-0935 | 1 Microsoft | 1 Word | 2008-09-05 | 2.6 LOW | N/A |
| Microsoft Word 2003 allows remote attackers to cause a denial of service (application crash) via a crafted file, as demonstrated by 101_filefuzz. | |||||
| CVE-2006-0544 | 1 Microsoft | 1 Ie | 2008-09-05 | 7.5 HIGH | N/A |
| urlmon.dll in Microsoft Internet Explorer 7.0 beta 2 (aka 7.0.5296.0) allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a BGSOUND element with its SRC attribute set to "file://" followed by a large number of "-" (dash of hyphen) characters. | |||||
| CVE-2005-4679 | 1 Microsoft | 1 Ie | 2008-09-05 | 5.0 MEDIUM | N/A |
| Internet Explorer 6 for Windows XP Service Pack 2 allows remote attackers to spoof the URL in the status bar via the title in an image in a link to a trusted site within a form to the malicious site. | |||||
| CVE-2005-4269 | 1 Microsoft | 3 Ie, Windows 2003 Server, Windows Xp | 2008-09-05 | 7.8 HIGH | N/A |
| mshtml.dll in Microsoft Windows XP, Server 2003, and Internet Explorer 6.0 SP1 allows attackers to cause a denial of service (access violation) by causing mshtml.dll to process button-focus events at the same time that a document is reloading, as seen in Microsoft Office InfoPath 2003 by repeatedly clicking the "Delete" button in a repeating section in a form. NOTE: the normal operation of InfoPath appears to involve a local user without any privilege boundaries, so this might not be a vulnerability in InfoPath. If no realistic scenarios exist for this problem in other products, then perhaps it should be excluded from CVE. | |||||
| CVE-2005-3171 | 1 Microsoft | 1 Windows 2000 | 2008-09-05 | 4.6 MEDIUM | N/A |
| Microsoft Windows 2000 before Update Rollup 1 for SP4 records Event ID 1704 to indicate that Group Policy security settings were successfully updated, even when the processing fails such as when Ntuser.pol cannot be accessed, which could cause system administrators to believe that the system is compliant with the specified settings. | |||||
| CVE-2005-3077 | 1 Microsoft | 1 Ie For Macintosh | 2008-09-05 | 5.0 MEDIUM | N/A |
| Microsoft Internet Explorer 5.2.3 for Mac OS allows remote attackers to cause a denial of service (crash) via a web page with malformed attributes in a BGSOUND tag, possibly involving double-quotes in an about: URI. | |||||