Filtered by vendor Microsoft Subscriptions
Total 24964 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2002-0500 1 Microsoft 1 Internet Explorer 2026-04-16 N/A
Internet Explorer 5.0 through 6.0 allows remote attackers to determine the existence of files on the client via an IMG tag with a dynsrc property that references the target file, which sets certain elements of the image object such as file size.
CVE-1999-1157 1 Microsoft 1 Windows Nt 2026-04-16 N/A
Tcpip.sys in Windows NT 4.0 before SP4 allows remote attackers to cause a denial of service via an ICMP Subnet Mask Address Request packet, when certain multiple IP addresses are bound to the same network interface.
CVE-2001-0090 1 Microsoft 1 Internet Explorer 2026-04-16 N/A
The Print Templates feature in Internet Explorer 5.5 executes arbitrary custom print templates without prompting the user, which could allow an attacker to execute arbitrary ActiveX controls, aka the "Browser Print Template" vulnerability.
CVE-2001-0092 1 Microsoft 1 Internet Explorer 2026-04-16 N/A
A function in Internet Explorer 5.0 through 5.5 does not properly verify the domain of a frame within a browser window, which allows a remote attacker to read client files, aka a new variant of the "Frame Domain Verification" vulnerability.
CVE-1999-1241 1 Microsoft 1 Internet Explorer 2026-04-16 N/A
Internet Explorer, with a security setting below Medium, allows remote attackers to execute arbitrary commands via a malicious web page that uses the FileSystemObject ActiveX object.
CVE-2002-0421 1 Microsoft 1 Windows Nt 2026-04-16 N/A
IIS 4.0 allows local users to bypass the "User cannot change password" policy for Windows NT by directly calling .htr password changing programs in the /iisadmpwd directory, including (1) aexp2.htr, (2) aexp2b.htr, (3) aexp3.htr , or (4) aexp4.htr.
CVE-1999-1246 1 Microsoft 1 Site Server 2026-04-16 N/A
Direct Mailer feature in Microsoft Site Server 3.0 saves user domain names and passwords in plaintext in the TMLBQueue network share, which has insecure default permissions, allowing remote attackers to read the passwords and gain privileges.
CVE-1999-1105 1 Microsoft 1 Windows 95 2026-04-16 N/A
Windows 95, when Remote Administration and File Sharing for NetWare Networks is enabled, creates a share (C$) when an administrator logs in remotely, which allows remote attackers to read arbitrary files by mapping the network drive.
CVE-2000-1081 1 Microsoft 2 Data Engine, Sql Server 2026-04-16 N/A
The xp_displayparamstmt function in SQL Server and Microsoft SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP), which allows an attacker to cause a denial of service or execute arbitrary commands, aka the "Extended Stored Procedure Parameter Parsing" vulnerability.
CVE-1999-1055 1 Microsoft 1 Excel 2026-04-16 N/A
Microsoft Excel 97 does not warn the user before executing worksheet functions, which could allow attackers to execute arbitrary commands by using the CALL function to execute a malicious DLL, aka the Excel "CALL Vulnerability."
CVE-2000-0970 1 Microsoft 2 Internet Information Server, Internet Information Services 2026-04-16 N/A
IIS 4.0 and 5.0 .ASP pages send the same Session ID cookie for secure and insecure web sessions, which could allow remote attackers to hijack the secure web session of the user if that user moves to an insecure session, aka the "Session ID Cookie Marking" vulnerability.
CVE-2000-0983 1 Microsoft 1 Netmeeting 2026-04-16 N/A
Microsoft NetMeeting with Remote Desktop Sharing enabled allows remote attackers to cause a denial of service (CPU utilization) via a sequence of null bytes to the NetMeeting port, aka the "NetMeeting Desktop Sharing" vulnerability.
CVE-1999-1011 1 Microsoft 4 Data Access Components, Index Server, Internet Information Server and 1 more 2026-04-16 N/A
The Remote Data Service (RDS) DataFactory component of Microsoft Data Access Components (MDAC) in IIS 3.x and 4.x exposes unsafe methods, which allows remote attackers to execute arbitrary commands.
CVE-1999-1016 2 Microsoft, Qualcomm 4 Frontpage, Internet Explorer, Outlook Express and 1 more 2026-04-16 N/A
Microsoft HTML control as used in (1) Internet Explorer 5.0, (2) FrontPage Express, (3) Outlook Express 5, and (4) Eudora, and possibly others, allows remote malicious web site or HTML emails to cause a denial of service (100% CPU consumption) via large HTML form fields such as text inputs in a table cell.
CVE-2000-0933 1 Microsoft 1 Windows 2000 2026-04-16 N/A
The Input Method Editor (IME) in the Simplified Chinese version of Windows 2000 does not disable access to privileged functionality that should normally be restricted, which allows local users to gain privileges, aka the "Simplified Chinese IME State Recognition" vulnerability.
CVE-1999-0989 1 Microsoft 1 Ie 2026-04-16 N/A
Buffer overflow in Internet Explorer 5 directshow filter (MSDXM.OCX) allows remote attackers to execute commands via the vnd.ms.radio protocol.
CVE-2000-0885 1 Microsoft 3 Systems Management Server, Windows 2000, Windows Nt 2026-04-16 N/A
Buffer overflows in Microsoft Network Monitor (Netmon) allow remote attackers to execute arbitrary commands via a long Browser Name in a CIFS Browse Frame, a long SNMP community name, or a long username or filename in an SMB session, aka the "Netmon Protocol Parsing" vulnerability. NOTE: It is highly likely that this candidate will be split into multiple candidates.
CVE-1999-0981 1 Microsoft 1 Internet Explorer 2026-04-16 N/A
Internet Explorer 5.01 and earlier allows a remote attacker to create a reference to a client window and use a server-side redirect to access local files via that window, aka "Server-side Page Reference Redirect."
CVE-1999-0980 1 Microsoft 1 Windows Nt 2026-04-16 N/A
Windows NT Service Control Manager (SCM) allows remote attackers to cause a denial of service via a malformed argument in a resource enumeration request.
CVE-1999-0766 1 Microsoft 2 Internet Explorer, Java Virtual Machine 2026-04-16 N/A
The Microsoft Java Virtual Machine allows a malicious Java applet to execute arbitrary commands outside of the sandbox environment.