Filtered by vendor Microsoft
Subscribe
Total
17397 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2002-0616 | 1 Microsoft | 2 Excel, Office | 2018-10-12 | 5.1 MEDIUM | N/A |
| The Macro Security Model in Microsoft Excel 2000 and 2002 for Windows allows remote attackers to execute code by attaching an inline macro to an object within an Excel workbook, aka the "Excel Inline Macros Vulnerability." | |||||
| CVE-2002-0617 | 1 Microsoft | 2 Excel, Office | 2018-10-12 | 5.1 MEDIUM | N/A |
| The Macro Security Model in Microsoft Excel 2000 and 2002 for Windows allows remote attackers to execute code by creating a hyperlink on a drawing shape in a source workbook that points to a destination workbook containing an autoexecute macro, aka "Hyperlinked Excel Workbook Macro Bypass." | |||||
| CVE-2002-0618 | 1 Microsoft | 2 Excel, Office | 2018-10-12 | 7.5 HIGH | N/A |
| The Macro Security Model in Microsoft Excel 2000 and 2002 for Windows allows remote attackers to execute code in the Local Computer zone by embedding HTML scripts within an Excel workbook that contains an XSL stylesheet, aka "Excel XSL Stylesheet Script Execution". | |||||
| CVE-2002-0645 | 1 Microsoft | 2 Data Engine, Sql Server | 2018-10-12 | 7.5 HIGH | N/A |
| SQL injection vulnerability in stored procedures for Microsoft SQL Server 2000 and Microsoft Desktop Engine (MSDE) 2000 may allow authenticated users to execute arbitrary commands. | |||||
| CVE-2002-0619 | 1 Microsoft | 1 Office | 2018-10-12 | 7.5 HIGH | N/A |
| The Mail Merge Tool in Microsoft Word 2002 for Windows, when Microsoft Access is present on a system, allows remote attackers to execute Visual Basic (VBA) scripts within a mail merge document that is saved in HTML format, aka a "Variant of MS00-071, Word Mail Merge Vulnerability" (CVE-2000-0788). | |||||
| CVE-2002-0620 | 1 Microsoft | 1 Commerce Server | 2018-10-12 | 5.0 MEDIUM | N/A |
| Buffer overflow in the Profile Service of Microsoft Commerce Server 2000 allows remote attackers to cause the server to fail or run arbitrary code in the LocalSystem security context via an input field using an affected API. | |||||
| CVE-2002-0622 | 1 Microsoft | 1 Commerce Server | 2018-10-12 | 7.5 HIGH | N/A |
| The Office Web Components (OWC) package installer for Microsoft Commerce Server 2000 allows remote attackers to execute commands by passing the commands as input to the OWC package installer, aka "OWC Package Command Execution". | |||||
| CVE-2002-0623 | 1 Microsoft | 1 Commerce Server | 2018-10-12 | 7.5 HIGH | N/A |
| Buffer overflow in AuthFilter ISAPI filter on Microsoft Commerce Server 2000 and 2002 allows remote attackers to execute arbitrary code via long authentication data, aka "New Variant of the ISAPI Filter Buffer Overrun". | |||||
| CVE-2002-0624 | 1 Microsoft | 2 Msde, Sql Server | 2018-10-12 | 7.5 HIGH | N/A |
| Buffer overflow in the password encryption function of Microsoft SQL Server 2000, including Microsoft SQL Server Desktop Engine (MSDE) 2000, allows remote attackers to gain control of the database and execute arbitrary code via SQL Server Authentication, aka "Unchecked Buffer in Password Encryption Procedure." | |||||
| CVE-2002-0650 | 1 Microsoft | 1 Sql Server | 2018-10-12 | 5.0 MEDIUM | N/A |
| The keep-alive mechanism for Microsoft SQL Server 2000 allows remote attackers to cause a denial of service (bandwidth consumption) via a "ping" style packet to the Resolution Service (UDP port 1434) with a spoofed IP address of another SQL Server system, which causes the two servers to exchange packets in an infinite loop. | |||||
| CVE-2002-0695 | 1 Microsoft | 2 Data Access Components, Microsoft Data Access Components | 2018-10-12 | 7.5 HIGH | N/A |
| Buffer overflow in the Transact-SQL (T-SQL) OpenRowSet component of Microsoft Data Access Components (MDAC) 2.5 through 2.7 for SQL Server 7.0 or 2000 allows remote attackers to execute arbitrary code via a query that calls the OpenRowSet command. | |||||
| CVE-2002-0696 | 1 Microsoft | 1 Visual Foxpro | 2018-10-12 | 7.5 HIGH | N/A |
| Microsoft Visual FoxPro 6.0 does not register its associated files with Internet Explorer, which allows remote attackers to execute Visual FoxPro applications without warning via HTML that references specially-crafted filenames. | |||||
| CVE-2002-0697 | 1 Microsoft | 1 Metadirectory Services | 2018-10-12 | 10.0 HIGH | N/A |
| Microsoft Metadirectory Services (MMS) 2.2 allows remote attackers to bypass authentication and modify sensitive data by using an LDAP client to directly connect to MMS and bypass the checks for MMS credentials. | |||||
| CVE-2002-0699 | 1 Microsoft | 6 Windows 2000, Windows 98, Windows 98se and 3 more | 2018-10-12 | 5.0 MEDIUM | N/A |
| Unknown vulnerability in the Certificate Enrollment ActiveX Control in Microsoft Windows 98, Windows 98 Second Edition, Windows Millennium, Windows NT 4.0, Windows 2000, and Windows XP allow remote attackers to delete digital certificates on a user's system via HTML. | |||||
| CVE-2002-0700 | 1 Microsoft | 1 Content Management Server | 2018-10-12 | 7.5 HIGH | N/A |
| Buffer overflow in a system function that performs user authentication for Microsoft Content Management Server (MCMS) 2001 allows attackers to execute code in the Local System context by authenticating to a web page that calls the function, aka "Unchecked Buffer in MDAC Function Could Enable SQL Server Compromise." | |||||
| CVE-2002-0718 | 1 Microsoft | 1 Content Management Server | 2018-10-12 | 7.5 HIGH | N/A |
| Web authoring command in Microsoft Content Management Server (MCMS) 2001 allows attackers to authenticate and upload executable content, by modifying the upload location, aka "Program Execution via MCMS Authoring Function." | |||||
| CVE-2002-0719 | 1 Microsoft | 1 Content Management Server | 2018-10-12 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the function that services for Microsoft Content Management Server (MCMS) 2001 allows remote attackers to execute arbitrary commands via an MCMS resource request for image files or other files. | |||||
| CVE-2002-0721 | 1 Microsoft | 2 Data Engine, Sql Server | 2018-10-12 | 10.0 HIGH | N/A |
| Microsoft SQL Server 7.0 and 2000 installs with weak permissions for extended stored procedures that are associated with helper functions, which could allow unprivileged users, and possibly remote attackers, to run stored procedures with administrator privileges via (1) xp_execresultset, (2) xp_printstatements, or (3) xp_displayparamstmt. | |||||
| CVE-2002-0726 | 1 Microsoft | 1 Tsac Activex Control | 2018-10-12 | 7.5 HIGH | N/A |
| Buffer overflow in Microsoft Terminal Services Advanced Client (TSAC) ActiveX control allows remote attackers to execute arbitrary code via a long server name field. | |||||
| CVE-2002-0727 | 1 Microsoft | 2 Office Web Components, Project | 2018-10-12 | 7.5 HIGH | N/A |
| The Host function in Microsoft Office Web Components (OWC) 2000 and 2002 is exposed in components that are marked as safe for scripting, which allows remote attackers to execute arbitrary commands via the setTimeout method. | |||||