Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Microsoft Subscribe
Total 17397 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2000-1105 1 Microsoft 1 Indexing Service 2008-09-05 4.3 MEDIUM N/A
The ixsso.query ActiveX Object is marked as safe for scripting, which allows malicious web site operators to embed a script that remotely determines the existence of files on visiting Windows 2000 systems that have Indexing Services enabled.
CVE-2000-0709 1 Microsoft 1 Frontpage 2008-09-05 5.0 MEDIUM N/A
The shtml.exe component of Microsoft FrontPage 2000 Server Extensions 1.1 allows remote attackers to cause a denial of service in some components by requesting a URL whose name includes a standard DOS device name.
CVE-2000-0711 2 Microsoft, Netscape 2 Virtual Machine, Communicator 2008-09-05 7.5 HIGH N/A
Netscape Communicator does not properly prevent a ServerSocket object from being created by untrusted entities, which allows remote attackers to create a server on the victim's system via a malicious applet, as demonstrated by Brown Orifice.
CVE-2000-0756 1 Microsoft 1 Outlook 2008-09-05 5.0 MEDIUM N/A
Microsoft Outlook 2000 does not properly process long or malformed fields in vCard (.vcf) files, which allows attackers to cause a denial of service.
CVE-2000-0082 1 Microsoft 1 Webtv 2008-09-05 5.0 MEDIUM N/A
WebTV email client allows remote attackers to force the client to send email without the user's knowledge via HTML.
CVE-2000-0415 1 Microsoft 2 Outlook, Outlook Express 2008-09-05 5.0 MEDIUM N/A
Buffer overflow in Outlook Express 4.x allows attackers to cause a denial of service via a mail or news message that has a .jpg or .bmp attachment with a long file name.
CVE-1999-1591 1 Microsoft 2 Internet Information Server, Visual Interdev 2008-09-05 7.5 HIGH N/A
Microsoft Internet Information Services (IIS) server 4.0 SP4, without certain hotfixes released for SP4, does not require authentication credentials under certain conditions, which allows remote attackers to bypass authentication requirements, as demonstrated by connecting via Microsoft Visual InterDev 6.0.
CVE-1999-1360 1 Microsoft 1 Windows Nt 2008-09-05 2.1 LOW N/A
Windows NT 4.0 allows local users to cause a denial of service via a user mode application that closes a handle that was opened in kernel mode, which causes a crash when the kernel attempts to close the handle.
CVE-1999-1364 1 Microsoft 1 Windows Nt 2008-09-05 2.1 LOW N/A
Windows NT 4.0 allows local users to cause a denial of service (crash) via an illegal kernel mode address to the functions (1) GetThreadContext or (2) SetThreadContext.
CVE-1999-1362 1 Microsoft 1 Windows Nt 2008-09-05 2.1 LOW N/A
Win32k.sys in Windows NT 4.0 before SP2 allows local users to cause a denial of service (crash) by calling certain WIN32K functions with incorrect parameters.
CVE-1999-1359 1 Microsoft 1 Windows Nt 2008-09-05 7.5 HIGH N/A
When the Ntconfig.pol file is used on a server whose name is longer than 13 characters, Windows NT does not properly enforce policies for global groups, which could allow users to bypass restrictions that were intended by those policies.
CVE-1999-1358 1 Microsoft 2 Windows 2000, Windows Nt 2008-09-05 4.6 MEDIUM N/A
When an administrator in Windows NT or Windows 2000 changes a user policy, the policy is not properly updated if the local ntconfig.pol is not writable by the user, which could allow local users to bypass restrictions that would otherwise be enforced by the policy, possibly by changing the policy file to be read-only.
CVE-1999-1363 1 Microsoft 1 Windows Nt 2008-09-05 2.1 LOW N/A
Windows NT 3.51 and 4.0 allow local users to cause a denial of service (crash) by running a program that creates a large number of locks on a file, which exhausts the NonPagedPool.
CVE-1999-1105 1 Microsoft 1 Windows 95 2008-09-05 5.0 MEDIUM N/A
Windows 95, when Remote Administration and File Sharing for NetWare Networks is enabled, creates a share (C$) when an administrator logs in remotely, which allows remote attackers to read arbitrary files by mapping the network drive.
CVE-2007-4040 1 Microsoft 2 Outlook, Outlook Express 2008-09-04 4.3 MEDIUM N/A
Argument injection vulnerability involving Microsoft Outlook and Outlook Express, when certain URIs are registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in an unspecified URI, which are inserted into the command line when invoking the handling process, a similar issue to CVE-2007-3670.
CVE-2008-1299 2 Manageengine, Microsoft 2 Servicedesk Plus, Windows 2008-09-04 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in SolutionSearch.do in ManageEngine ServiceDesk Plus 7.0.0 Build 7011 for Windows allows remote attackers to inject arbitrary web script or HTML via the searchText parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2008-3893 1 Microsoft 1 Windows Vista 2008-09-04 1.9 LOW N/A
Microsoft Bitlocker in Windows Vista before SP1 stores pre-boot authentication passwords in the BIOS Keyboard buffer and does not clear this buffer during boot, which allows local users to obtain sensitive information by reading the physical memory locations associated with this buffer.