Filtered by vendor Microsoft
Subscribe
Total
17397 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2002-2324 | 1 Microsoft | 1 Windows Xp | 2008-09-05 | 7.2 HIGH | N/A |
The "System Restore" directory and subdirectories, and possibly other subdirectories in the "System Volume Information" directory on Windows XP Professional, have insecure access control list (ACL) permissions, which allows local users to access restricted files and modify registry settings. | |||||
CVE-2002-1795 | 1 Microsoft | 1 Tsac Activex Control | 2008-09-05 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in connect.asp in Microsoft Terminal Services Advanced Client (TSAC) ActiveX control allows remote attackers to inject arbitrary web script or HTML via unknown vectors. | |||||
CVE-2002-1831 | 1 Microsoft | 1 Msn Messenger | 2008-09-05 | 5.0 MEDIUM | N/A |
Microsoft MSN Messenger Service 1.0 through 4.6 allows remote attackers to cause a denial of service (crash) via an invite request that contains hex-encoded spaces (%20) in the Invitation-Cookie field. | |||||
CVE-2002-1844 | 1 Microsoft | 1 Windows Media Player | 2008-09-05 | 7.2 HIGH | N/A |
Microsoft Windows Media Player (WMP) 6.3, when installed on Solaris, installs executables with world-writable permissions, which allows local users to delete or modify the executables to gain privileges. | |||||
CVE-2002-1872 | 1 Microsoft | 1 Sql Server | 2008-09-05 | 5.0 MEDIUM | N/A |
Microsoft SQL Server 6.0 through 2000, with SQL Authentication enabled, uses weak password encryption (XOR), which allows remote attackers to sniff and decrypt the password. | |||||
CVE-2002-1933 | 1 Microsoft | 1 Windows 2000 Terminal Services | 2008-09-05 | 7.2 HIGH | N/A |
The terminal services screensaver for Microsoft Windows 2000 does not automatically lock the terminal window if the window is minimized, which could allow local users to gain access to the terminal server window. | |||||
CVE-2002-0472 | 1 Microsoft | 1 Msn Messenger | 2008-09-05 | 5.0 MEDIUM | N/A |
MSN Messenger Service 3.6, and possibly other versions, uses weak authentication when exchanging messages between clients, which allows remote attackers to spoof messages from other users. | |||||
CVE-2002-0481 | 1 Microsoft | 1 Outlook | 2008-09-05 | 5.1 MEDIUM | N/A |
An interaction between Windows Media Player (WMP) and Outlook 2002 allows remote attackers to bypass Outlook security settings and execute Javascript via an IFRAME in an HTML email message that references .WMS (Windows Media Skin) or other WMP media files, whose onload handlers execute the player.LaunchURL() Javascript function. | |||||
CVE-2002-0444 | 1 Microsoft | 1 Windows 2000 Terminal Services | 2008-09-05 | 7.5 HIGH | N/A |
Microsoft Windows 2000 running the Terminal Server 90-day trial version, and possibly other versions, does not apply group policies to incoming users when the number of connections to the SYSVOL share exceeds the maximum, e.g. with a maximum number of licenses, which can allow remote authenticated users to bypass group policies. | |||||
CVE-2002-0736 | 1 Microsoft | 1 Backoffice | 2008-09-05 | 10.0 HIGH | N/A |
Microsoft BackOffice 4.0 and 4.5, when configured to be accessible by other systems, allows remote attackers to bypass authentication and access the administrative ASP pages via an HTTP request with an authorization type (auth_type) that is not blank. | |||||
CVE-2002-0421 | 1 Microsoft | 1 Windows Nt | 2008-09-05 | 5.0 MEDIUM | N/A |
IIS 4.0 allows local users to bypass the "User cannot change password" policy for Windows NT by directly calling .htr password changing programs in the /iisadmpwd directory, including (1) aexp2.htr, (2) aexp2b.htr, (3) aexp3.htr , or (4) aexp4.htr. | |||||
CVE-2001-1519 | 1 Microsoft | 1 Windows 2000 | 2008-09-05 | 3.6 LOW | N/A |
** DISPUTED ** RunAs (runas.exe) in Windows 2000 allows local users to create a spoofed named pipe when the service is stopped, then capture cleartext usernames and passwords when clients connect to the service. NOTE: the vendor disputes this issue, saying that administrative privileges are already required to exploit it. | |||||
CVE-2001-1533 | 1 Microsoft | 1 Isa Server | 2008-09-05 | 5.0 MEDIUM | N/A |
** DISPUTED * Microsoft Internet Security and Acceleration (ISA) Server 2000 allows remote attackers to cause a denial of service via a flood of fragmented UDP packets. NOTE: the vendor disputes this issue, saying that it requires high bandwidth to exploit, and the server does not experience any instability. Therefore this "laws of physics" issue might not be included in CVE. | |||||
CVE-2001-1547 | 1 Microsoft | 1 Outlook Express | 2008-09-05 | 7.5 HIGH | N/A |
Outlook Express 6.0, with "Do not allow attachments to be saved or opened that could potentially be a virus" enabled, does not block email attachments from forwarded messages, which could allow remote attackers to execute arbitrary code. | |||||
CVE-2001-1570 | 1 Microsoft | 1 Windows Xp | 2008-09-05 | 2.1 LOW | N/A |
Windows XP with fast user switching and account lockout enabled allows local users to deny user account access by setting the fast user switch to the same user (self) multiple times, which causes other accounts to be locked out. | |||||
CVE-2001-1571 | 1 Microsoft | 1 Windows Xp | 2008-09-05 | 5.0 MEDIUM | N/A |
The Remote Desktop client in Windows XP sends the most recent user account name in cleartext, which could allow remote attackers to obtain terminal server user account names via sniffing. | |||||
CVE-2001-1200 | 1 Microsoft | 1 Windows Xp | 2008-09-05 | 7.2 HIGH | N/A |
Microsoft Windows XP allows local users to bypass a locked screen and run certain programs that are associated with Hot Keys. | |||||
CVE-2001-0162 | 1 Microsoft | 1 Windows Ce | 2008-09-05 | 7.5 HIGH | N/A |
WinCE 3.0.9348 generates predictable TCP Initial Sequence Numbers (ISNs), which allows remote attackers to spoof or hijack TCP connections. | |||||
CVE-2001-0281 | 1 Microsoft | 1 Windows Nt | 2008-09-05 | 7.2 HIGH | N/A |
Format string vulnerability in DbgPrint function, used in debug messages for some Windows NT drivers (possibly when called through DebugMessage), may allow local users to gain privileges. | |||||
CVE-2001-0324 | 1 Microsoft | 2 Windows 2000, Windows 98 | 2008-09-05 | 2.6 LOW | N/A |
Windows 98 and Windows 2000 Java clients allow remote attackers to cause a denial of service via a Java applet that opens a large number of UDP sockets, which prevents the host from establishing any additional UDP connections, and possibly causes a crash. |