Filtered by vendor Microsoft Subscriptions
Total 24964 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2000-0258 1 Microsoft 2 Internet Information Server, Internet Information Services 2026-04-16 N/A
IIS 4.0 and 5.0 allows remote attackers to cause a denial of service by sending many URLs with a large number of escaped characters, aka the "Myriad Escaped Characters" Vulnerability.
CVE-2000-0457 1 Microsoft 2 Internet Information Server, Internet Information Services 2026-04-16 N/A
ISM.DLL in IIS 4.0 and 5.0 allows remote attackers to read file contents by requesting the file and appending a large number of encoded spaces (%20) and terminated with a .htr extension, aka the ".HTR File Fragment Reading" or "File Fragment Reading via .HTR" vulnerability.
CVE-2000-0487 1 Microsoft 1 Windows 2000 2026-04-16 N/A
The Protected Store in Windows 2000 does not properly select the strongest encryption when available, which causes it to use a default of 40-bit encryption instead of 56-bit DES encryption, aka the "Protected Store Key Length" vulnerability.
CVE-2000-0581 1 Microsoft 1 Windows 2000 2026-04-16 N/A
Windows 2000 Telnet Server allows remote attackers to cause a denial of service by sending a continuous stream of binary zeros, which causes the server to crash.
CVE-2006-4071 1 Microsoft 2 Windows 2003 Server, Windows Xp 2026-04-16 N/A
Sign extension vulnerability in the createBrushIndirect function in the GDI library (gdi32.dll) in Microsoft Windows XP, Server 2003, and possibly other versions, allows user-assisted attackers to cause a denial of service (application crash) via a crafted WMF file.
CVE-2000-0951 1 Microsoft 1 Internet Information Services 2026-04-16 N/A
A misconfiguration in IIS 5.0 with Index Server enabled and the Index property set allows remote attackers to list directories in the web root via a Web Distributed Authoring and Versioning (WebDAV) search.
CVE-2001-0506 1 Microsoft 2 Internet Information Server, Internet Information Services 2026-04-16 N/A
Buffer overflow in ssinc.dll in IIS 5.0 and 4.0 allows local users to gain system privileges via a Server-Side Includes (SSI) directive for a long filename, which triggers the overflow when the directory name is added, aka the "SSI privilege elevation" vulnerability.
CVE-2001-1519 1 Microsoft 1 Windows 2000 2026-04-16 N/A
RunAs (runas.exe) in Windows 2000 allows local users to create a spoofed named pipe when the service is stopped, then capture cleartext usernames and passwords when clients connect to the service. NOTE: the vendor disputes this issue, saying that administrative privileges are already required to exploit it
CVE-2002-0074 1 Microsoft 2 Internet Information Server, Internet Information Services 2026-04-16 N/A
Cross-site scripting vulnerability in Help File search facility for Internet Information Server (IIS) 4.0, 5.0 and 5.1 allows remote attackers to embed scripts into another user's session.
CVE-2002-0823 1 Microsoft 2 Windows 2000, Windows Help 2026-04-16 N/A
Buffer overflow in Winhlp32.exe allows remote attackers to execute arbitrary code via an HTML document that calls the HTML Help ActiveX control (HHCtrl.ocx) with a long pathname in the Item parameter.
CVE-2002-1181 1 Microsoft 2 Internet Information Server, Internet Information Services 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in the administrative web pages for Microsoft Internet Information Server (IIS) 4.0 through 5.1 allow remote attackers to execute HTML script as other users through (1) a certain ASP file in the IISHELP virtual directory, or (2) possibly other unknown attack vectors.
CVE-2002-1873 1 Microsoft 1 Exchange Server 2026-04-16 N/A
Microsoft Exchange 2000, when used with Microsoft Remote Procedure Call (MSRPC), allows remote attackers to cause a denial of service (crash or memory consumption) via malformed MSRPC calls.
CVE-2003-0350 1 Microsoft 1 Windows 2000 2026-04-16 N/A
The control for listing accessibility options in the Accessibility Utility Manager on Windows 2000 (ListView) does not properly handle Windows messages, which allows local users to execute arbitrary code via a "Shatter" style message to the Utility Manager that references a user-controlled callback function.
CVE-2003-0812 1 Microsoft 2 Windows 2000, Windows Xp 2026-04-16 N/A
Stack-based buffer overflow in a logging function for Windows Workstation Service (WKSSVC.DLL) allows remote attackers to execute arbitrary code via RPC calls that cause long entries to be written to a debug log file ("NetSetup.LOG"), as demonstrated using the NetAddAlternateComputerName API.
CVE-2003-1448 1 Microsoft 1 Windows 2000 2026-04-16 N/A
Memory leak in the Windows 2000 kernel allows remote attackers to cause a denial of service (SMB request hang) via a NetBIOS continuation packet.
CVE-2005-0738 1 Microsoft 1 Exchange Server 2026-04-16 N/A
Stack consumption vulnerability in Microsoft Exchange Server 2003 SP1 allows users to cause a denial of service (hang) by deleting or moving a folder with deeply nested subfolders, which causes Microsoft Exchange Information Store service (Store.exe) to hang as a result of a large number of recursive calls.
CVE-2005-1191 1 Microsoft 4 Windows 2000, Windows 98, Windows 98se and 1 more 2026-04-16 N/A
The Web View DLL (webvw.dll), as used in Windows Explorer on Windows 2000 systems, does not properly filter an apostrophe ("'") in the author name in a document, which allows attackers to execute arbitrary script via extra attributes when Web View constructs a mailto: link for the preview pane when the user selects the file.
CVE-2005-2678 1 Microsoft 2 Internet Information Server, Internet Information Services 2026-04-16 N/A
Microsoft IIS 5.1 and 6 allows remote attackers to spoof the SERVER_NAME variable to bypass security checks and conduct various attacks via a GET request with an http://localhost URI, which makes it appear as if the request is coming from localhost.
CVE-2006-0544 1 Microsoft 1 Ie 2026-04-16 N/A
urlmon.dll in Microsoft Internet Explorer 7.0 beta 2 (aka 7.0.5296.0) allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a BGSOUND element with its SRC attribute set to "file://" followed by a large number of "-" (dash of hyphen) characters.
CVE-2005-1205 1 Microsoft 1 Windows 2003 Server 2026-04-16 N/A
The Telnet client for Microsoft Windows XP, Windows Server 2003, and Windows Services for UNIX allows remote attackers to read sensitive environment variables via the NEW-ENVIRON option with a SEND ENV_USERVAR command.