Filtered by vendor Microsoft
Subscribe
Total
17397 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-2150 | 1 Microsoft | 2 Windows 2000, Windows Nt | 2017-07-10 | 5.0 MEDIUM | N/A |
| Windows NT 4.0 and Windows 2000 before URP1 for Windows 2000 SP4 does not properly prevent NULL sessions from accessing certain alternate named pipes, which allows remote attackers to (1) list Windows services via svcctl or (2) read eventlogs via eventlog. | |||||
| CVE-2005-1664 | 1 Microsoft | 1 Asp.net | 2017-07-10 | 6.4 MEDIUM | N/A |
| The __VIEWSTATE functionality in Microsoft ASP.NET 1.x allows remote attackers to conduct replay attacks to (1) apply a ViewState generated from one view to a different view, (2) reuse ViewState information after the application's state has changed, or (3) use the ViewState to conduct attacks or expose content to third parties. | |||||
| CVE-2004-1560 | 1 Microsoft | 1 Sql Server | 2017-07-10 | 5.0 MEDIUM | N/A |
| Microsoft SQL Server 7.0 allows remote attackers to cause a denial of service (mssqlserver service halt) via a long request to TCP port 1433, possibly triggering a buffer overflow. | |||||
| CVE-2004-1623 | 1 Microsoft | 1 Windows Xp | 2017-07-10 | 5.0 MEDIUM | N/A |
| The WAV file property handler in Windows XP SP1 allows remote attackers to cause a denial of service (infinite loop in Explorer) via a WAV file with an invalid file header whose fmt chunk length is set to 0xFFFFFFFF. | |||||
| CVE-2004-1649 | 1 Microsoft | 1 Windows 2000 | 2017-07-10 | 7.2 HIGH | N/A |
| Buffer overflow in Microsoft Msinfo32.exe might allow local users to execute arbitrary code via a long filename in the msinfo_file command line parameter. NOTE: this issue might not cross security boundaries, so it may be REJECTED in the future. | |||||
| CVE-2004-1686 | 1 Microsoft | 1 Ie | 2017-07-10 | 5.0 MEDIUM | N/A |
| Internet Explorer 6.0 in Windows XP SP2 allows remote attackers to bypass the Information Bar prompt for ActiveX and Javascript via an XHTML page that contains an Internet Explorer formatted comment between the DOCTYPE tag and the HTML tag, as demonstrated using the DesignScience MathPlayer ActiveX plugin. | |||||
| CVE-2004-2137 | 1 Microsoft | 1 Outlook Express | 2017-07-10 | 5.0 MEDIUM | N/A |
| Outlook Express 6.0, when sending multipart e-mail messages using the "Break apart messages larger than" setting, leaks the BCC recipients of the message to the addresses listed in the To and CC fields, which may allow remote attackers to obtain sensitive information. | |||||
| CVE-2004-2290 | 1 Microsoft | 1 Windows Xp | 2017-07-10 | 7.5 HIGH | N/A |
| Microsoft Windows XP Explorer allows attackers to execute arbitrary code via a HTML and script in a self-executing folder that references an executable file within the folder, which is automatically executed when a user accesses the folder. | |||||
| CVE-2004-2365 | 1 Microsoft | 2 Windows 2003 Server, Windows Xp | 2017-07-10 | 2.1 LOW | N/A |
| Memory leak in Microsoft Windows XP and Windows Server 2003 allows local users to cause a denial of service (memory exhaustion) by repeatedly creating and deleting directories using a non-standard tool such as smbmount. | |||||
| CVE-2004-2434 | 1 Microsoft | 1 Ie | 2017-07-10 | 5.0 MEDIUM | N/A |
| Microsoft Internet Explorer 6.0 SP1 allows remote attackers to cause a denial of service (browser crash) via a link with "::{" (colon colon left brace), which triggers a null dereference when the user attempts to save the link using "Save As" and Internet Explorer prepares an error message with an attacker-controlled format string. | |||||
| CVE-2004-2482 | 1 Microsoft | 1 Outlook | 2017-07-10 | 5.0 MEDIUM | N/A |
| Microsoft Outlook 2000 and 2003, when configured to use Microsoft Word 2000 or 2003 as the e-mail editor and when forwarding e-mail, does not properly handle an opening OBJECT tag that does not have a closing OBJECT tag, which causes Outlook to automatically download the URI in the data property of the OBJECT tag and might allow remote attackers to execute arbitrary code. | |||||
| CVE-2004-2527 | 1 Microsoft | 2 Windows 2003 Server, Windows Xp | 2017-07-10 | 5.4 MEDIUM | N/A |
| The local and remote desktop login screens in Microsoft Windows XP before SP2 and 2003 allow remote attackers to cause a denial of service (CPU and memory consumption) by repeatedly using the WinKey+"U" key combination, which causes multiple copies of Windows Utility Manager to be loaded more quickly than they can be closed when the copies detect that another instance is running. | |||||
| CVE-2004-0985 | 1 Microsoft | 1 Ie | 2017-07-10 | 10.0 HIGH | N/A |
| Internet Explorer 6.x on Windows XP SP2 allows remote attackers to execute arbitrary code, as demonstrated using a document with a draggable file type such as .xml, .doc, .py, .cdf, .css, .pdf, or .ppt, and using ADODB.Connection and ADODB.recordset to write to a .hta file that is interpreted in the Local Zone by HTML Help. | |||||
| CVE-2004-1133 | 1 Microsoft | 1 W3who.dll | 2017-07-10 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Microsoft W3Who ISAPI (w3who.dll) allow remote attackers to inject arbitrary HTML and web script via (1) HTTP headers such as "Connection" or (2) invalid parameters whose values are echoed in the resulting error message. | |||||
| CVE-2004-1134 | 1 Microsoft | 1 W3who.dll | 2017-07-10 | 10.0 HIGH | N/A |
| Buffer overflow in the Microsoft W3Who ISAPI (w3who.dll) allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long query string. | |||||
| CVE-2004-1324 | 1 Microsoft | 1 Windows Media Player | 2017-07-10 | 2.6 LOW | N/A |
| The Microsoft Windows Media Player 9.0 ActiveX control may allow remote attackers to execute arbitrary web script in the Local computer zone via the (1) artist or (2) song fields of a music file, if the file is processed using Internet Explorer. | |||||
| CVE-2004-1325 | 1 Microsoft | 1 Windows Media Player | 2017-07-10 | 5.0 MEDIUM | N/A |
| The getItemInfoByAtom function in the ActiveX control for Microsoft Windows Media Player 9.0 returns a 0 if the file does not exist and the size of the file if the file exists, which allows remote attackers to determine the existence of files on the local system. | |||||
| CVE-2004-0869 | 1 Microsoft | 1 Ie | 2017-07-10 | 5.0 MEDIUM | N/A |
| Internet Explorer does not prevent cookies that are sent over an insecure channel (HTTP) from also being sent over a secure channel (HTTPS/SSL) in the same domain, which could allow remote attackers to steal cookies and conduct unauthorized activities, aka "Cross Security Boundary Cookie Injection." | |||||
| CVE-2004-0379 | 1 Microsoft | 1 Sharepoint Portal Server | 2017-07-10 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Microsoft SharePoint Portal Server 2001 allow remote attackers to process arbitrary web content and steal cookies via certain server scripts. | |||||
| CVE-2004-0474 | 1 Microsoft | 1 Windows Xp | 2017-07-10 | 5.1 MEDIUM | N/A |
| Help Center (HelpCtr.exe) may allow remote attackers to read or execute arbitrary files via an "http://" or "file://" argument to the topic parameter in an hcp:// URL. NOTE: since the initial report of this problem, several researchers have been unable to reproduce this issue. | |||||