Filtered by vendor Microsoft
Subscribe
Total
23518 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2002-0619 | 1 Microsoft | 1 Office | 2026-04-16 | 7.5 HIGH | N/A |
| The Mail Merge Tool in Microsoft Word 2002 for Windows, when Microsoft Access is present on a system, allows remote attackers to execute Visual Basic (VBA) scripts within a mail merge document that is saved in HTML format, aka a "Variant of MS00-071, Word Mail Merge Vulnerability" (CVE-2000-0788). | |||||
| CVE-2005-0063 | 1 Microsoft | 6 Windows 2000, Windows 2003 Server, Windows 98 and 3 more | 2026-04-16 | 7.5 HIGH | N/A |
| The document processing application used by the Windows Shell in Microsoft Windows 2000, Windows XP, and Windows Server 2003 allows remote attackers to execute arbitrary code by modifying the CLSID stored in a file so that it is processed by HTML Application Host (MSHTA), as demonstrated using a Microsoft Word document. | |||||
| CVE-2006-3638 | 1 Microsoft | 2 Ie, Internet Explorer | 2026-04-16 | 7.5 HIGH | N/A |
| Microsoft Internet Explorer 5.01 and 6 does not properly handle uninitialized COM objects, which allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code, as demonstrated by the Nth function in the DirectAnimation.DATuple ActiveX control, aka "COM Object Instantiation Memory Corruption Vulnerability." | |||||
| CVE-2001-0239 | 1 Microsoft | 1 Isa Server | 2026-04-16 | 7.5 HIGH | N/A |
| Microsoft Internet Security and Acceleration (ISA) Server 2000 Web Proxy allows remote attackers to cause a denial of service via a long web request with a specific type. | |||||
| CVE-2006-3639 | 1 Microsoft | 2 Ie, Internet Explorer | 2026-04-16 | 7.5 HIGH | N/A |
| Microsoft Internet Explorer 5.01 and 6 does not properly identify the originating domain zone when handling redirects, which allows remote attackers to read cross-domain web pages and possibly execute code via unspecified vectors involving a crafted web page, aka "Source Element Cross-Domain Vulnerability." | |||||
| CVE-1999-0386 | 1 Microsoft | 2 Frontpage, Personal Web Server | 2026-04-16 | 5.0 MEDIUM | N/A |
| Microsoft Personal Web Server and FrontPage Personal Web Server in some Windows systems allows a remote attacker to read files on the server by using a nonstandard URL. | |||||
| CVE-1999-1575 | 1 Microsoft | 1 Internet Explorer | 2026-04-16 | 5.1 MEDIUM | N/A |
| The Kodak/Wang (1) Image Edit (imgedit.ocx), (2) Image Annotation (imgedit.ocx), (3) Image Scan (imgscan.ocx), (4) Thumbnail Image (imgthumb.ocx), (5) Image Admin (imgadmin.ocx), (6) HHOpen (hhopen.ocx), (7) Registration Wizard (regwizc.dll), and (8) IE Active Setup (setupctl.dll) ActiveX controls for Internet Explorer (IE) 4.01 and 5.0 are marked as "Safe for Scripting," which allows remote attackers to create and modify files and execute arbitrary commands. | |||||
| CVE-2005-3240 | 1 Microsoft | 2 Ie, Internet Explorer | 2026-04-16 | 5.1 MEDIUM | N/A |
| Race condition in Microsoft Internet Explorer allows user-assisted attackers to overwrite arbitrary files and possibly execute code by tricking a user into performing a drag-and-drop action from certain objects, such as file objects within a folder view, then predicting the drag action, and re-focusing to a malicious window. | |||||
| CVE-2006-0003 | 1 Microsoft | 1 Data Access Components | 2026-04-16 | 5.1 MEDIUM | N/A |
| Unspecified vulnerability in the RDS.Dataspace ActiveX control, which is contained in ActiveX Data Objects (ADO) and distributed in Microsoft Data Access Components (MDAC) 2.7 and 2.8, allows remote attackers to execute arbitrary code via unknown attack vectors. | |||||
| CVE-2000-0121 | 1 Microsoft | 1 Windows Nt | 2026-04-16 | 3.6 LOW | N/A |
| The Recycle Bin utility in Windows NT and Windows 2000 allows local users to read or modify files by creating a subdirectory with the victim's SID in the recycler directory, aka the "Recycle Bin Creation" vulnerability. | |||||
| CVE-1999-1317 | 1 Microsoft | 1 Windows Nt | 2026-04-16 | 4.6 MEDIUM | N/A |
| Windows NT 4.0 SP4 and earlier allows local users to gain privileges by modifying the symbolic link table in the \?? object folder using a different case letter (upper or lower) to point to a different device. | |||||
| CVE-2003-0007 | 1 Microsoft | 1 Outlook | 2026-04-16 | 5.0 MEDIUM | N/A |
| Microsoft Outlook 2002 does not properly handle requests to encrypt email messages with V1 Exchange Server Security certificates, which causes Outlook to send the email in plaintext, aka "Flaw in how Outlook 2002 handles V1 Exchange Server Security Certificates could lead to Information Disclosure." | |||||
| CVE-2006-1476 | 1 Microsoft | 1 Windows Xp | 2026-04-16 | 2.6 LOW | N/A |
| Windows Firewall in Microsoft Windows XP SP2 produces incorrect application block alerts when the application filename is ".exe" (with no characters before the "."), which might allow local user-assisted users to trick a user into unblocking a Trojan horse program, as demonstrated by a malicious ".exe" program in a folder named "Internet Explorer," which triggers a question about whether to unblock the "Internet Explorer" program. | |||||
| CVE-2002-0018 | 1 Microsoft | 2 Windows 2000, Windows Nt | 2026-04-16 | 10.0 HIGH | N/A |
| In Microsoft Windows NT and Windows 2000, a trusting domain that receives authorization information from a trusted domain does not verify that the trusted domain is authoritative for all listed SIDs, which allows remote attackers to gain Domain Administrator privileges on the trusting domain by injecting SIDs from untrusted domains into the authorization data that comes from from the trusted domain. | |||||
| CVE-2006-3899 | 1 Microsoft | 2 Internet Explorer, Windows Xp | 2026-04-16 | 5.0 MEDIUM | N/A |
| Microsoft Internet Explorer 6.0 on Windows XP SP2 allows remote attackers to cause a denial of service (application crash) by calling the stringToBinary function of the CEnroll.CEnroll.2 ActiveX object with a long second argument, which triggers an invalid memory access inside the SysAllocStringLen function. | |||||
| CVE-2000-1034 | 1 Microsoft | 1 Windows 2000 | 2026-04-16 | 10.0 HIGH | N/A |
| Buffer overflow in the System Monitor ActiveX control in Windows 2000 allows remote attackers to execute arbitrary commands via a long LogFileName parameter in HTML source code, aka the "ActiveX Parameter Validation" vulnerability. | |||||
| CVE-2005-2765 | 1 Microsoft | 2 Windows 2003 Server, Windows Xp | 2026-04-16 | 2.1 LOW | N/A |
| The user interface in the Windows Firewall does not properly display certain malformed entries in the Windows Registry, which makes it easier for attackers with administrator privileges to hide activities if the administrator only uses the Windows Firewall interface to monitor exceptions. NOTE: the vendor disputes this issue, saying that since administrative privileges are already required, it is not a vulnerability. CVE has not yet formally decided if such "information hiding" issues should be included. | |||||
| CVE-2001-0538 | 1 Microsoft | 1 Outlook | 2026-04-16 | 10.0 HIGH | N/A |
| Microsoft Outlook View ActiveX Control in Microsoft Outlook 2002 and earlier allows remote attackers to execute arbitrary commands via a malicious HTML e-mail message or web page. | |||||
| CVE-2002-1145 | 1 Microsoft | 2 Data Engine, Sql Server | 2026-04-16 | 10.0 HIGH | N/A |
| The xp_runwebtask stored procedure in the Web Tasks component of Microsoft SQL Server 7.0 and 2000, Microsoft Data Engine (MSDE) 1.0, and Microsoft Desktop Engine (MSDE) 2000 can be executed by PUBLIC, which allows an attacker to gain privileges by updating a webtask that is owned by the database owner through the msdb.dbo.mswebtasks table, which does not have strong permissions. | |||||
| CVE-2003-0109 | 1 Microsoft | 2 Windows 2000, Windows 2000 Terminal Services | 2026-04-16 | 7.5 HIGH | N/A |
| Buffer overflow in ntdll.dll on Microsoft Windows NT 4.0, Windows NT 4.0 Terminal Server Edition, Windows 2000, and Windows XP allows remote attackers to execute arbitrary code, as demonstrated via a WebDAV request to IIS 5.0. | |||||