Filtered by vendor Microsoft
Subscribe
Total
23518 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2000-0216 | 1 Microsoft | 3 Exchange Server, Outlook, Windows Messaging | 2026-04-16 | 5.0 MEDIUM | N/A |
| Microsoft email clients in Outlook, Exchange, and Windows Messaging automatically respond to Read Receipt and Delivery Receipt tags, which could allow an attacker to flood a mail system with responses by forging a Read Receipt request that is redirected to a large distribution list. | |||||
| CVE-2002-0022 | 1 Microsoft | 1 Internet Explorer | 2026-04-16 | 7.5 HIGH | N/A |
| Buffer overflow in the implementation of an HTML directive in mshtml.dll in Internet Explorer 5.5 and 6.0 allows remote attackers to execute arbitrary code via a web page that specifies embedded ActiveX controls in a way that causes 2 Unicode strings to be concatenated. | |||||
| CVE-2005-2308 | 1 Microsoft | 1 Ie | 2026-04-16 | 7.5 HIGH | N/A |
| The JPEG decoder in Microsoft Internet Explorer allows remote attackers to cause a denial of service (CPU consumption or crash) and possibly execute arbitrary code via certain crafted JPEG images, as demonstrated using (1) mov_fencepost.jpg, (2) cmp_fencepost.jpg, (3) oom_dos.jpg, or (4) random.jpg. | |||||
| CVE-2003-1430 | 3 Epic Games, Linux, Microsoft | 3 Unreal Engine, Linux Kernel, All Windows | 2026-04-16 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in Unreal Tournament Server 436 and earlier allows remote attackers to access known files via a ".." (dot dot) in an unreal:// URL. | |||||
| CVE-1999-1011 | 1 Microsoft | 4 Data Access Components, Index Server, Internet Information Server and 1 more | 2026-04-16 | 10.0 HIGH | N/A |
| The Remote Data Service (RDS) DataFactory component of Microsoft Data Access Components (MDAC) in IIS 3.x and 4.x exposes unsafe methods, which allows remote attackers to execute arbitrary commands. | |||||
| CVE-1999-1538 | 1 Microsoft | 1 Internet Information Server | 2026-04-16 | 2.1 LOW | N/A |
| When IIS 2 or 3 is upgraded to IIS 4, ism.dll is inadvertently left in /scripts/iisadmin, which does not restrict access to the local machine and allows an unauthorized user to gain access to sensitive server information, including the Administrator's password. | |||||
| CVE-2006-2389 | 1 Microsoft | 1 Office | 2026-04-16 | 9.3 HIGH | N/A |
| Unspecified vulnerability in Microsoft Office 2003 SP1 and SP2, Office XP SP3, Office 2000 SP3, and other products, allows user-assisted attackers to execute arbitrary code via an Office file with a malformed property that triggers memory corruption related to record lengths, aka "Microsoft Office Property Vulnerability," a different vulnerability than CVE-2006-1316. | |||||
| CVE-1999-0274 | 1 Microsoft | 1 Windows Nt | 2026-04-16 | 5.0 MEDIUM | N/A |
| Denial of service in Windows NT DNS servers through malicious packet which contains a response to a query that wasn't made. | |||||
| CVE-2006-4446 | 1 Microsoft | 1 Ie | 2026-04-16 | 5.0 MEDIUM | N/A |
| Heap-based buffer overflow in DirectAnimation.PathControl COM object (daxctle.ocx) in Microsoft Internet Explorer 6.0 SP1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a Spline function call whose first argument specifies a large number of points. | |||||
| CVE-2006-3545 | 1 Microsoft | 1 Internet Explorer | 2026-04-16 | 5.0 MEDIUM | N/A |
| Microsoft Internet Explorer 7.0 Beta allows remote attackers to cause a denial of service (application crash) via a web page with multiple empty APPLET start tags. NOTE: a third party has disputed this issue, stating that the crash does not occur with Microsoft Internet Explorer 7.0 Beta3 | |||||
| CVE-1999-0824 | 1 Microsoft | 1 Windows Nt | 2026-04-16 | 4.6 MEDIUM | N/A |
| A Windows NT user can use SUBST to map a drive letter to a folder, which is not unmapped after the user logs off, potentially allowing that user to modify the location of folders accessed by later users. | |||||
| CVE-2006-3511 | 1 Microsoft | 2 Internet Explorer, Windows Xp | 2026-04-16 | 5.0 MEDIUM | N/A |
| Internet Explorer 6 on Windows XP SP2 allows remote attackers to cause a denial of service (crash) by setting the fonts property of the HtmlDlgSafeHelper object, which triggers a null dereference. | |||||
| CVE-2004-1331 | 1 Microsoft | 2 Ie, Internet Explorer | 2026-04-16 | 2.6 LOW | N/A |
| The execCommand method in Microsoft Internet Explorer 6.0 SP2 allows remote attackers to bypass the "File Download - Security Warning" dialog and save arbitrary files with arbitrary extensions via the SaveAs command. | |||||
| CVE-2004-0841 | 2 Avaya, Microsoft | 7 Definity One Media Server, Ip600 Media Servers, Modular Messaging Message Storage Server and 4 more | 2026-04-16 | 5.0 MEDIUM | N/A |
| Internet Explorer 6.x allows remote attackers to install arbitrary programs via mousedown events that call the Popup.show method and use drag-and-drop actions in a popup window, aka "HijackClick 3" and the "Script in Image Tag File Download Vulnerability." | |||||
| CVE-1999-1397 | 1 Microsoft | 1 Index Server | 2026-04-16 | 7.5 HIGH | N/A |
| Index Server 2.0 on IIS 4.0 stores physical path information in the ContentIndex\Catalogs subkey of the AllowedPaths registry key, whose permissions allows local and remote users to obtain the physical paths of directories that are being indexed. | |||||
| CVE-1999-1364 | 1 Microsoft | 1 Windows Nt | 2026-04-16 | 2.1 LOW | N/A |
| Windows NT 4.0 allows local users to cause a denial of service (crash) via an illegal kernel mode address to the functions (1) GetThreadContext or (2) SetThreadContext. | |||||
| CVE-1999-0981 | 1 Microsoft | 1 Internet Explorer | 2026-04-16 | 5.1 MEDIUM | N/A |
| Internet Explorer 5.01 and earlier allows a remote attacker to create a reference to a client window and use a server-side redirect to access local files via that window, aka "Server-side Page Reference Redirect." | |||||
| CVE-2001-1533 | 1 Microsoft | 1 Isa Server | 2026-04-16 | 5.0 MEDIUM | 5.3 MEDIUM |
| Microsoft Internet Security and Acceleration (ISA) Server 2000 allows remote attackers to cause a denial of service via a flood of fragmented UDP packets. NOTE: the vendor disputes this issue, saying that it requires high bandwidth to exploit, and the server does not experience any instability. Therefore this "laws of physics" issue might not be included in CVE | |||||
| CVE-2005-1052 | 1 Microsoft | 2 Outlook, Outlook Web Access | 2026-04-16 | 5.0 MEDIUM | N/A |
| Microsoft Outlook 2003 and Outlook Web Access (OWA) 2003 do not properly display comma separated addresses in the From field in an e-mail message, which could allow remote attackers to spoof e-mail addresses. | |||||
| CVE-2000-0211 | 1 Microsoft | 1 Windows Media Services | 2026-04-16 | 5.0 MEDIUM | N/A |
| The Windows Media server allows remote attackers to cause a denial of service via a series of client handshake packets that are sent in an improper sequence, aka the "Misordered Windows Media Services Handshake" vulnerability. | |||||