Filtered by vendor Microsoft Subscriptions
Total 24964 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2005-2274 1 Microsoft 1 Internet Explorer 2026-04-16 N/A
Microsoft Internet Explorer 6.0 does not clearly associate a Javascript dialog box with the web page that generated it, which allows remote attackers to spoof a dialog box from a trusted site and facilitates phishing attacks, aka the "Dialog Origin Spoofing Vulnerability."
CVE-2003-0353 1 Microsoft 1 Data Access Components 2026-04-16 N/A
Buffer overflow in a component of SQL-DMO for Microsoft Data Access Components (MDAC) 2.5 through 2.7 allows remote attackers to execute arbitrary code via a long response to a broadcast request to UDP port 1434.
CVE-2002-0721 1 Microsoft 2 Data Engine, Sql Server 2026-04-16 N/A
Microsoft SQL Server 7.0 and 2000 installs with weak permissions for extended stored procedures that are associated with helper functions, which could allow unprivileged users, and possibly remote attackers, to run stored procedures with administrator privileges via (1) xp_execresultset, (2) xp_printstatements, or (3) xp_displayparamstmt.
CVE-2004-1134 1 Microsoft 1 W3who.dll 2026-04-16 N/A
Buffer overflow in the Microsoft W3Who ISAPI (w3who.dll) allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long query string.
CVE-1999-0074 4 Freebsd, Linux, Microsoft and 1 more 4 Freebsd, Linux Kernel, Windows Nt and 1 more 2026-04-16 N/A
Listening TCP ports are sequentially allocated, allowing spoofing attacks.
CVE-1999-0077 1 Microsoft 1 Windows Nt 2026-04-16 N/A
Predictable TCP sequence numbers allow spoofing.
CVE-1999-0226 1 Microsoft 1 Windows Nt 2026-04-16 N/A
Windows NT TCP/IP processes fragmented IP packets improperly, causing a denial of service.
CVE-1999-0278 1 Microsoft 2 Internet Information Server, Windows Nt 2026-04-16 N/A
In IIS, remote attackers can obtain source code for ASP files by appending "::$DATA" to the URL.
CVE-1999-0284 2 Ibm, Microsoft 2 Lotus Domino Mail Server, Exchange Server 2026-04-16 N/A
Denial of service to NT mail servers including Ipswitch, Mdaemon, and Exchange through a buffer overflow in the SMTP HELO command.
CVE-1999-0386 1 Microsoft 2 Frontpage, Personal Web Server 2026-04-16 N/A
Microsoft Personal Web Server and FrontPage Personal Web Server in some Windows systems allows a remote attacker to read files on the server by using a nonstandard URL.
CVE-2003-1463 2 Alt-n, Microsoft 2 Webadmin, All Windows 2026-04-16 N/A
Absolute path traversal vulnerability in Alt-N Technologies WebAdmin 2.0.0 through 2.0.2 allows remote attackers with administrator privileges to (1) determine the installation path by reading the contents of the Name parameter in a link, and (2) read arbitrary files via an absolute path in the Name parameter.
CVE-2004-0119 1 Microsoft 3 Windows 2000, Windows Server 2003, Windows Xp 2026-04-16 7.5 High
The Negotiate Security Software Provider (SSP) interface in Windows 2000, Windows XP, and Windows Server 2003, allows remote attackers to cause a denial of service (crash from null dereference) or execute arbitrary code via a crafted SPNEGO NegTokenInit request during authentication protocol selection.
CVE-2006-3605 1 Microsoft 1 Internet Explorer 2026-04-16 N/A
Microsoft Internet Explorer 6 allows remote attackers to cause a denial of service (crash) by setting the Transition property on an uninitialized DXImageTransform.Microsoft.RevealTrans.1 ActiveX Object, which triggers a null dereference.
CVE-2000-0413 1 Microsoft 3 Frontpage, Internet Information Server, Internet Information Services 2026-04-16 N/A
The shtml.exe program in the FrontPage extensions package of IIS 4.0 and 5.0 allows remote attackers to determine the physical path of HTML, HTM, ASP, and SHTML files by requesting a file that does not exist, which generates an error message that reveals the path.
CVE-2005-1935 1 Microsoft 4 Windows 2000, Windows 2003 Server, Windows Nt and 1 more 2026-04-16 N/A
Heap-based buffer overflow in the BERDecBitString function in Microsoft ASN.1 library (MSASN1.DLL) allows remote attackers to execute arbitrary code via nested constructed bit strings, which leads to a realloc of a non-null pointer and causes the function to overwrite previously freed memory, as demonstrated using a SPNEGO token with a constructed bit string during HTTP authentication, and a different vulnerability than CVE-2003-0818. NOTE: the researcher has claimed that MS:MS04-007 fixes this issue.
CVE-2006-2919 1 Microsoft 1 Netmeeting 2026-04-16 N/A
Unspecified vulnerability in Microsoft NetMeeting 3.01 allows remote attackers to cause a denial of service (crash or CPU consumption) and possibly execute arbitrary code via crafted inputs that trigger memory corruption.
CVE-2006-2297 1 Microsoft 1 Infotech Storage System Library 2026-04-16 N/A
Heap-based buffer overflow in Microsoft Infotech Storage System Library (itss.dll) allows user-assisted attackers to execute arbitrary code via a crafted CHM / ITS file that triggers the overflow while decompiling.
CVE-2006-2376 1 Microsoft 3 Windows 98, Windows 98se, Windows Me 2026-04-16 N/A
Integer overflow in the PolyPolygon function in Graphics Rendering Engine on Microsoft Windows 98 and Me allows remote attackers to execute arbitrary code via a Windows Metafile (WMF) or EMF image with a sum of entries in the vertext counts array and number of polygons that triggers a heap-based buffer overflow.
CVE-2006-2384 1 Microsoft 1 Internet Explorer 2026-04-16 N/A
Microsoft Internet Explorer 5.01 SP4 and 6 SP1 and earlier allows remote attackers to conduct spoofing and phishing attacks by using a modal browser window in a way that preserves the original address bar and trusted UI of a trusted site, even after the browser has been navigated to a malicious site, aka the "Address Bar Spoofing Vulnerability."
CVE-2006-2388 1 Microsoft 2 Excel, Excel Viewer 2026-04-16 N/A
Microsoft Office Excel 2000 through 2004 allows user-assisted attackers to execute arbitrary code via malformed cell comments, which lead to modification of "critical data offsets" during the rebuilding process.