Filtered by vendor Microsoft
Subscribe
Total
23465 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-2117 | 1 Microsoft | 4 Windows 2000, Windows 2003 Server, Windows Explorer and 1 more | 2026-04-16 | 5.1 MEDIUM | N/A |
| Web View in Windows Explorer on Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 does not properly handle certain HTML characters in preview fields, which allows remote user-assisted attackers to execute arbitrary code. | |||||
| CVE-2005-1979 | 1 Microsoft | 3 Windows 2000, Windows 2003 Server, Windows Xp | 2026-04-16 | 5.0 MEDIUM | N/A |
| Distributed Transaction Controller in Microsoft Windows allows remote servers to cause a denial of service (MSDTC service exception and exit) via an "unexpected protocol command during the reconnection request," which is not properly handled by the Transaction Internet Protocol (TIP) functionality. | |||||
| CVE-2000-1218 | 1 Microsoft | 5 Windows 2000, Windows 98, Windows 98se and 2 more | 2026-04-16 | 7.5 HIGH | 9.8 CRITICAL |
| The default configuration for the domain name resolver for Microsoft Windows 98, NT 4.0, 2000, and XP sets the QueryIpMatching parameter to 0, which causes Windows to accept DNS updates from hosts that it did not query, which allows remote attackers to poison the DNS cache. | |||||
| CVE-1999-0716 | 1 Microsoft | 2 Windows 2000, Windows Nt | 2026-04-16 | 4.6 MEDIUM | N/A |
| Buffer overflow in Windows NT 4.0 help file utility via a malformed help file. | |||||
| CVE-2001-0338 | 1 Microsoft | 1 Internet Explorer | 2026-04-16 | 5.1 MEDIUM | N/A |
| Internet Explorer 5.5 and earlier does not properly validate digital certificates when Certificate Revocation List (CRL) checking is enabled, which could allow remote attackers to spoof trusted web sites, aka the "Server certificate validation vulnerability." | |||||
| CVE-2005-4840 | 1 Microsoft | 2 Internet Explorer, Outlook Express Book Control | 2026-04-16 | 4.3 MEDIUM | N/A |
| The Outlook Express Address Book control, when using Internet Explorer 6, allows remote attackers to cause a denial of service (NULL dereference and browser crash) by creating the OutlookExpress.AddressBook COM object, which is not intended for use within Internet Explorer. | |||||
| CVE-2001-0322 | 1 Microsoft | 3 Internet Explorer, Outlook, Outlook Express | 2026-04-16 | 5.0 MEDIUM | N/A |
| MSHTML.DLL HTML parser in Internet Explorer 4.0, and other versions, allows remote attackers to cause a denial of service (application crash) via a script that creates and deletes an object that is associated with the browser window object. | |||||
| CVE-2001-0090 | 1 Microsoft | 1 Internet Explorer | 2026-04-16 | 5.1 MEDIUM | N/A |
| The Print Templates feature in Internet Explorer 5.5 executes arbitrary custom print templates without prompting the user, which could allow an attacker to execute arbitrary ActiveX controls, aka the "Browser Print Template" vulnerability. | |||||
| CVE-2002-0969 | 2 Microsoft, Oracle | 2 Windows, Mysql | 2026-04-16 | 4.6 MEDIUM | 7.8 HIGH |
| Buffer overflow in MySQL daemon (mysqld) before 3.23.50, and 4.0 beta before 4.02, on the Win32 platform, allows local users to execute arbitrary code via a long "datadir" parameter in the my.ini initialization file, whose permissions on Windows allow Full Control to the Everyone group. | |||||
| CVE-1999-0899 | 1 Microsoft | 1 Windows Nt | 2026-04-16 | 7.2 HIGH | N/A |
| The Windows NT 4.0 print spooler allows a local user to execute arbitrary commands due to inappropriate permissions that allow the user to specify an alternate print provider. | |||||
| CVE-1999-0349 | 1 Microsoft | 1 Internet Information Server | 2026-04-16 | 7.5 HIGH | N/A |
| A buffer overflow in the FTP list (ls) command in IIS allows remote attackers to conduct a denial of service and, in some cases, execute arbitrary commands. | |||||
| CVE-2001-1450 | 1 Microsoft | 1 Internet Explorer | 2026-04-16 | 2.6 LOW | N/A |
| Microsoft Internet Explorer 5.0 through 6.0 allows attackers to cause a denial of service (browser crash) via a crafted FTP URL such as "/.#./". | |||||
| CVE-2006-3880 | 1 Microsoft | 3 Windows 2000, Windows 2003 Server, Windows Xp | 2026-04-16 | 5.0 MEDIUM | N/A |
| Microsoft Windows NT 4.0, Windows 2000, Windows XP, and Windows Small Business Server 2003 allow remote attackers to cause a denial of service (IP stack hang) via a continuous stream of packets on TCP port 135 that have incorrect TCP header checksums and random numbers in certain TCP header fields, as demonstrated by the Achilles Windows Attack Tool. NOTE: the researcher reports that the Microsoft Security Response Center has stated "Our investigation which has included code review, review of the TCPDump, and attempts on reproing the issue on multiple fresh installs of various Windows Operating Systems have all resulted in non confirmation. | |||||
| CVE-2000-0266 | 1 Microsoft | 1 Internet Explorer | 2026-04-16 | 2.6 LOW | N/A |
| Internet Explorer 5.01 allows remote attackers to bypass the cross frame security policy via a malicious applet that interacts with the Java JSObject to modify the DOM properties to set the IFRAME to an arbitrary Javascript URL. | |||||
| CVE-1999-1556 | 1 Microsoft | 1 Sql Server | 2026-04-16 | 7.2 HIGH | N/A |
| Microsoft SQL Server 6.5 uses weak encryption for the password for the SQLExecutiveCmdExec account and stores it in an accessible portion of the registry, which could allow local users to gain privileges by reading and decrypting the CmdExecAccount value. | |||||
| CVE-2006-1300 | 1 Microsoft | 1 .net Framework | 2026-04-16 | 5.0 MEDIUM | N/A |
| Microsoft .NET framework 2.0 (ASP.NET) in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 up to SP1 allows remote attackers to bypass access restrictions via unspecified "URL paths" that can access Application Folder objects "explicitly by name." | |||||
| CVE-2001-0712 | 1 Microsoft | 1 Internet Explorer | 2026-04-16 | 7.5 HIGH | N/A |
| The rendering engine in Internet Explorer determines the MIME type independently of the type that is specified by the server, which allows remote servers to automatically execute script which is placed in a file whose MIME type does not normally support scripting, such as text (.txt), JPEG (.jpg), etc. | |||||
| CVE-2002-1291 | 1 Microsoft | 1 Java Virtual Machine | 2026-04-16 | 5.0 MEDIUM | N/A |
| The Microsoft Java implementation, as used in Internet Explorer, allows remote attackers to read arbitrary local files and network shares via an applet tag with a codebase set to a "file://%00" (null character) URL. | |||||
| CVE-1999-1451 | 1 Microsoft | 2 Internet Information Server, Site Server | 2026-04-16 | 5.0 MEDIUM | N/A |
| The Winmsdp.exe sample file in IIS 4.0 and Site Server 3.0 allows remote attackers to read arbitrary files. | |||||
| CVE-2006-0025 | 1 Microsoft | 1 Windows Media Player | 2026-04-16 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in Microsoft Windows Media Player 9 and 10 allows remote attackers to execute arbitrary code via a PNG image with a large chunk size. | |||||