Filtered by vendor Microsoft
Subscribe
Total
23518 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2001-0148 | 1 Microsoft | 1 Windows Media Player | 2026-04-16 | 7.5 HIGH | N/A |
| The WMP ActiveX Control in Windows Media Player 7 allows remote attackers to execute commands in Internet Explorer via javascript URLs, a variant of the "Frame Domain Verification" vulnerability. | |||||
| CVE-2003-0115 | 1 Microsoft | 2 Ie, Internet Explorer | 2026-04-16 | 7.5 HIGH | N/A |
| Microsoft Internet Explorer 5.01, 5.5 and 6.0 does not properly check parameters that are passed during third party rendering, which could allow remote attackers to execute arbitrary web script, aka the "Third Party Plugin Rendering" vulnerability, a different vulnerability than CVE-2003-0233. | |||||
| CVE-2003-0350 | 1 Microsoft | 1 Windows 2000 | 2026-04-16 | 4.6 MEDIUM | N/A |
| The control for listing accessibility options in the Accessibility Utility Manager on Windows 2000 (ListView) does not properly handle Windows messages, which allows local users to execute arbitrary code via a "Shatter" style message to the Utility Manager that references a user-controlled callback function. | |||||
| CVE-2005-1212 | 1 Microsoft | 7 Windows 2000, Windows 2000 Terminal Services, Windows 2003 Server and 4 more | 2026-04-16 | 7.5 HIGH | N/A |
| Buffer overflow in Microsoft Step-by-Step Interactive Training (orun32.exe) allows remote attackers to execute arbitrary code via a bookmark link file (.cbo, cbl, or .cbm extension) with a long User field. | |||||
| CVE-2004-0213 | 1 Microsoft | 1 Windows 2000 | 2026-04-16 | 7.2 HIGH | 7.8 HIGH |
| Utility Manager in Windows 2000 launches winhlp32.exe while Utility Manager is running with raised privileges, which allows local users to gain system privileges via a "Shatter" style attack that sends a Windows message to cause Utility Manager to launch winhlp32 by directly accessing the context sensitive help and bypassing the GUI, then sending another message to winhlp32 in order to open a user-selected file, a different vulnerability than CVE-2003-0908. | |||||
| CVE-1999-0736 | 1 Microsoft | 1 Internet Information Server | 2026-04-16 | 5.0 MEDIUM | N/A |
| The showcode.asp sample file in IIS and Site Server allows remote attackers to read arbitrary files. | |||||
| CVE-2006-4777 | 1 Microsoft | 1 Ie | 2026-04-16 | 7.6 HIGH | N/A |
| Heap-based buffer overflow in the DirectAnimation Path Control (DirectAnimation.PathControl) COM object (daxctle.ocx) for Internet Explorer 6.0 SP1, on Chinese and possibly other Windows distributions, allows remote attackers to execute arbitrary code via unknown manipulations in arguments to the KeyFrame method, possibly related to an integer overflow, as demonstrated by daxctle2, and a different vulnerability than CVE-2006-4446. | |||||
| CVE-2000-0979 | 1 Microsoft | 4 Windows 95, Windows 98, Windows 98se and 1 more | 2026-04-16 | 6.4 MEDIUM | N/A |
| File and Print Sharing service in Windows 95, Windows 98, and Windows Me does not properly check the password for a file share, which allows remote attackers to bypass share access controls by sending a 1-byte password that matches the first character of the real password, aka the "Share Level Password" vulnerability. | |||||
| CVE-2000-0884 | 1 Microsoft | 2 Internet Information Server, Internet Information Services | 2026-04-16 | 7.5 HIGH | N/A |
| IIS 4.0 and 5.0 allows remote attackers to read documents outside of the web root, and possibly execute arbitrary commands, via malformed URLs that contain UNICODE encoded characters, aka the "Web Server Folder Traversal" vulnerability. | |||||
| CVE-2004-2219 | 1 Microsoft | 2 Ie, Internet Explorer | 2026-04-16 | 2.6 LOW | N/A |
| Microsoft Internet Explorer 6 allows remote attackers to spoof the address bar to facilitate phishing attacks via Javascript that uses an invalid URI, modifies the Location field, then uses history.back to navigate to the previous domain, aka NullyFake. | |||||
| CVE-2005-3595 | 1 Microsoft | 1 Windows Xp | 2026-04-16 | 10.0 HIGH | N/A |
| By default Microsoft Windows XP Home Edition installs with a blank password for the Administrator account, which allows remote attackers to gain control of the computer. | |||||
| CVE-1999-0499 | 1 Microsoft | 2 Windows 2000, Windows Nt | 2026-04-16 | 7.5 HIGH | N/A |
| NETBIOS share information may be published through SNMP registry keys in NT. | |||||
| CVE-1999-0275 | 1 Microsoft | 1 Windows Nt | 2026-04-16 | 5.0 MEDIUM | N/A |
| Denial of service in Windows NT DNS servers by flooding port 53 with too many characters. | |||||
| CVE-2001-0718 | 1 Microsoft | 2 Excel, Powerpoint | 2026-04-16 | 7.5 HIGH | N/A |
| Vulnerability in (1) Microsoft Excel 2002 and earlier and (2) Microsoft PowerPoint 2002 and earlier allows attackers to bypass macro restrictions and execute arbitrary commands by modifying the data stream in the document. | |||||
| CVE-2002-0645 | 1 Microsoft | 2 Data Engine, Sql Server | 2026-04-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in stored procedures for Microsoft SQL Server 2000 and Microsoft Desktop Engine (MSDE) 2000 may allow authenticated users to execute arbitrary commands. | |||||
| CVE-2000-0518 | 1 Microsoft | 2 Ie, Internet Explorer | 2026-04-16 | 2.6 LOW | N/A |
| Internet Explorer 4.x and 5.x does not properly verify all contents of an SSL certificate if a connection is made to the server via an image or a frame, aka one of two different "SSL Certificate Validation" vulnerabilities. | |||||
| CVE-2002-0736 | 1 Microsoft | 1 Backoffice | 2026-04-16 | 10.0 HIGH | N/A |
| Microsoft BackOffice 4.0 and 4.5, when configured to be accessible by other systems, allows remote attackers to bypass authentication and access the administrative ASP pages via an HTTP request with an authorization type (auth_type) that is not blank. | |||||
| CVE-2004-0475 | 1 Microsoft | 1 Ie | 2026-04-16 | 5.1 MEDIUM | N/A |
| The showHelp function in Internet Explorer 6 on Windows XP Pro allows remote attackers to execute arbitrary local .CHM files via a double backward slash ("\\") before the target CHM file, as demonstrated using an "ms-its" URL to ntshared.chm. NOTE: this bug may overlap CVE-2003-1041. | |||||
| CVE-2006-4495 | 1 Microsoft | 2 Ie, Windows 2003 Server | 2026-04-16 | 7.5 HIGH | N/A |
| Microsoft Internet Explorer allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code by instantiating certain Windows 2000 ActiveX COM Objects including (1) ciodm.dll, (2) myinfo.dll, (3) msdxm.ocx, and (4) creator.dll. | |||||
| CVE-1999-0590 | 3 Apple, Linux, Microsoft | 6 Macos, Linux Kernel, Windows 2000 and 3 more | 2026-04-16 | 10.0 HIGH | N/A |
| A system does not present an appropriate legal message or warning to a user who is accessing it. | |||||