Filtered by vendor Microsoft
Subscriptions
Total
23834 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-1999-1453 | 1 Microsoft | 1 Internet Explorer | 2026-04-16 | N/A |
| Internet Explorer 4 allows remote attackers (malicious web site operators) to read the contents of the clipboard via the Internet WebBrowser ActiveX object. | ||||
| CVE-1999-1455 | 1 Microsoft | 1 Windows Nt | 2026-04-16 | N/A |
| RSH service utility RSHSVC in Windows NT 3.5 through 4.0 does not properly restrict access as specified in the .Rhosts file when a user comes from an authorized host, which could allow unauthorized users to access the service by logging in from an authorized host. | ||||
| CVE-1999-1472 | 1 Microsoft | 1 Internet Explorer | 2026-04-16 | N/A |
| Internet Explorer 4.0 allows remote attackers to read arbitrary text and HTML files on the user's machine via a small IFRAME that uses Dynamic HTML (DHTML) to send the data to the attacker, aka the Freiburg text-viewing issue. | ||||
| CVE-1999-1473 | 1 Microsoft | 1 Internet Explorer | 2026-04-16 | N/A |
| When a Web site redirects the browser to another site, Internet Explorer 3.02 and 4.0 automatically resends authentication information to the second site, aka the "Page Redirect Issue." | ||||
| CVE-1999-1538 | 1 Microsoft | 1 Internet Information Server | 2026-04-16 | N/A |
| When IIS 2 or 3 is upgraded to IIS 4, ism.dll is inadvertently left in /scripts/iisadmin, which does not restrict access to the local machine and allows an unauthorized user to gain access to sensitive server information, including the Administrator's password. | ||||
| CVE-2006-4446 | 1 Microsoft | 1 Ie | 2026-04-16 | N/A |
| Heap-based buffer overflow in DirectAnimation.PathControl COM object (daxctle.ocx) in Microsoft Internet Explorer 6.0 SP1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a Spline function call whose first argument specifies a large number of points. | ||||
| CVE-2006-4465 | 1 Microsoft | 1 Terminal Server | 2026-04-16 | N/A |
| Microsoft Terminal Server, when running an application session with the "Start program at logon" and "Override settings from user profile and Client Connection Manager wizard" options, allows local users to execute arbitrary code by forcing an Explorer error. NOTE: a third-party researcher has stated that the options are "a convenience to users" and were not intended to restrict execution of arbitrary code | ||||
| CVE-1999-1575 | 1 Microsoft | 1 Internet Explorer | 2026-04-16 | N/A |
| The Kodak/Wang (1) Image Edit (imgedit.ocx), (2) Image Annotation (imgedit.ocx), (3) Image Scan (imgscan.ocx), (4) Thumbnail Image (imgthumb.ocx), (5) Image Admin (imgadmin.ocx), (6) HHOpen (hhopen.ocx), (7) Registration Wizard (regwizc.dll), and (8) IE Active Setup (setupctl.dll) ActiveX controls for Internet Explorer (IE) 4.01 and 5.0 are marked as "Safe for Scripting," which allows remote attackers to create and modify files and execute arbitrary commands. | ||||
| CVE-1999-1578 | 1 Microsoft | 1 Internet Explorer | 2026-04-16 | N/A |
| Buffer overflow in Registration Wizard ActiveX control (regwizc.dll, InvokeRegWizard) 3.0.0.0 for Internet Explorer 4.01 and 5 allows remote attackers to execute arbitrary commands. | ||||
| CVE-1999-1581 | 1 Microsoft | 1 Windows Nt | 2026-04-16 | N/A |
| Memory leak in Simple Network Management Protocol (SNMP) agent (snmp.exe) for Windows NT 4.0 before Service Pack 4 allows remote attackers to cause a denial of service (memory consumption) via a large number of SNMP packets with Object Identifiers (OIDs) that cannot be decoded. | ||||
| CVE-2006-4777 | 1 Microsoft | 1 Ie | 2026-04-16 | N/A |
| Heap-based buffer overflow in the DirectAnimation Path Control (DirectAnimation.PathControl) COM object (daxctle.ocx) for Internet Explorer 6.0 SP1, on Chinese and possibly other Windows distributions, allows remote attackers to execute arbitrary code via unknown manipulations in arguments to the KeyFrame method, possibly related to an integer overflow, as demonstrated by daxctle2, and a different vulnerability than CVE-2006-4446. | ||||
| CVE-1999-0488 | 1 Microsoft | 1 Internet Explorer | 2026-04-16 | N/A |
| Internet Explorer 4.0 and 5.0 allows a remote attacker to execute security scripts in a different security context using malicious URLs, a variant of the "cross frame" vulnerability. | ||||
| CVE-1999-0490 | 1 Microsoft | 1 Internet Explorer | 2026-04-16 | N/A |
| MSHTML.DLL in Internet Explorer 5.0 allows a remote attacker to learn information about a local user's files via an IMG SRC tag. | ||||
| CVE-1999-1370 | 1 Microsoft | 1 Internet Explorer | 2026-04-16 | N/A |
| The setup wizard (ie5setup.exe) for Internet Explorer 5.0 disables (1) the screen saver, which could leave the system open to users with physical access if a failure occurs during an unattended installation, and (2) the Task Scheduler Service, which might prevent the scheduled execution of security-critical programs. | ||||
| CVE-2000-0025 | 1 Microsoft | 3 Internet Information Server, Site Server, Site Server Commerce | 2026-04-16 | N/A |
| IIS 4.0 and Site Server 3.0 allow remote attackers to read source code for ASP files if the file is in a virtual directory whose name includes extensions such as .com, .exe, .sh, .cgi, or .dll, aka the "Virtual Directory Naming" vulnerability. | ||||
| CVE-2000-0036 | 1 Microsoft | 2 Ie, Outlook Express | 2026-04-16 | N/A |
| Outlook Express 5 for Macintosh downloads attachments to HTML mail without prompting the user, aka the "HTML Mail Attachment" vulnerability. | ||||
| CVE-2000-0053 | 1 Microsoft | 1 Commercial Internet System | 2026-04-16 | N/A |
| Microsoft Commercial Internet System (MCIS) IMAP server allows remote attackers to cause a denial of service via a malformed IMAP request. | ||||
| CVE-2000-0061 | 1 Microsoft | 1 Internet Explorer | 2026-04-16 | N/A |
| Internet Explorer 5 does not modify the security zone for a document that is being loaded into a window until after the document has been loaded, which could allow remote attackers to execute Javascript in a different security context while the document is loading. | ||||
| CVE-2000-0070 | 1 Microsoft | 1 Windows Nt | 2026-04-16 | N/A |
| NtImpersonateClientOfPort local procedure call in Windows NT 4.0 allows local users to gain privileges, aka "Spoofed LPC Port Request." | ||||
| CVE-2000-0071 | 1 Microsoft | 2 Internet Information Server, Internet Information Services | 2026-04-16 | N/A |
| IIS 4.0 allows a remote attacker to obtain the real pathname of the document root by requesting non-existent files with .ida or .idq extensions. | ||||