Filtered by vendor Microsoft Subscriptions
Total 24964 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2006-1304 1 Microsoft 2 Excel, Excel Viewer 2026-04-16 N/A
Buffer overflow in Microsoft Excel 2000 through 2003 allows user-assisted attackers to execute arbitrary code via a .xls file with a crafted COLINFO record, which triggers the overflow during a "data filling operation."
CVE-2004-0790 2 Microsoft, Sun 8 Windows 2000, Windows 2003 Server, Windows 98 and 5 more 2026-04-16 N/A
Multiple TCP/IP and ICMP implementations allow remote attackers to cause a denial of service (reset TCP connections) via spoofed ICMP error messages, aka the "blind connection-reset attack." NOTE: CVE-2004-0790, CVE-2004-0791, and CVE-2004-1060 have been SPLIT based on different attacks; CVE-2005-0065, CVE-2005-0066, CVE-2005-0067, and CVE-2005-0068 are related identifiers that are SPLIT based on the underlying vulnerability. While CVE normally SPLITs based on vulnerability, the attack-based identifiers exist due to the variety and number of affected implementations and solutions that address the attacks instead of the underlying vulnerabilities.
CVE-2006-1303 1 Microsoft 2 Ie, Internet Explorer 2026-04-16 N/A
Multiple unspecified vulnerabilities in Microsoft Internet Explorer 5.01 SP4 and 6 SP1 and earlier allow remote attackers to execute arbitrary code by instantiating certain COM objects from Wmm2fxa.dll as ActiveX controls including (1) DXImageTransform.Microsoft.MMSpecialEffect1Input, (2) DXImageTransform.Microsoft.MMSpecialEffect1Input.1, (3) DXImageTransform.Microsoft.MMSpecialEffect2Inputs, (4) DXImageTransform.Microsoft.MMSpecialEffect2Inputs.1, (5) DXImageTransform.Microsoft.MMSpecialEffectInplace1Input, and (6) DXImageTransform.Microsoft.MMSpecialEffectInplace1Input.1, which causes memory corruption during garbage collection.
CVE-2002-1718 1 Microsoft 1 Internet Information Services 2026-04-16 N/A
Microsoft Internet Information Server (IIS) 5.1 may allow remote attackers to view the contents of a Frontpage Server Extension (FPSE) file, as claimed using an HTTP request for colegal.htm that contains .. (dot dot) sequences.
CVE-2002-1712 1 Microsoft 2 Windows 2000, Windows Nt 2026-04-16 N/A
Microsoft Windows 2000 allows remote attackers to cause a denial of service (memory consumption) by sending a flood of empty TCP/IP packets with the ACK and FIN bits set to the NetBIOS port (TCP/139), as demonstrated by stream3.
CVE-2006-2094 1 Microsoft 2 Ie, Internet Explorer 2026-04-16 N/A
Microsoft Internet Explorer before Windows XP Service Pack 2 and Windows Server 2003 Service Pack 1, when Prompt is configured in Security Settings, uses modal dialogs to verify that a user wishes to run an ActiveX control or perform other risky actions, which allows user-assisted remote attackers to construct a race condition that tricks a user into clicking an object or pressing keys that are actually applied to a "Yes" approval for executing the control.
CVE-2002-1561 1 Microsoft 4 Windows 2000, Windows 2000 Terminal Services, Windows Nt and 1 more 2026-04-16 N/A
The RPC component in Windows 2000, Windows NT 4.0, and Windows XP allows remote attackers to cause a denial of service (disabled RPC service) via a malformed packet to the RPC Endpoint Mapper at TCP port 135, which triggers a null pointer dereference.
CVE-2006-1245 1 Microsoft 1 Ie 2026-04-16 N/A
Buffer overflow in mshtml.dll in Microsoft Internet Explorer 6.0.2900.2180, and probably other versions, allows remote attackers to execute arbitrary code via an HTML tag with a large number of script action handlers such as onload and onmouseover, as demonstrated using onclick, aka the "Multiple Event Handler Memory Corruption Vulnerability."
CVE-2006-1257 1 Microsoft 1 Commerce Server 2026-04-16 N/A
The sample files in the authfiles directory in Microsoft Commerce Server 2002 before SP2 allow remote attackers to bypass authentication by logging in to authfiles/login.asp with a valid username and any password, then going to the main site twice.
CVE-2006-2389 1 Microsoft 1 Office 2026-04-16 N/A
Unspecified vulnerability in Microsoft Office 2003 SP1 and SP2, Office XP SP3, Office 2000 SP3, and other products, allows user-assisted attackers to execute arbitrary code via an Office file with a malformed property that triggers memory corruption related to record lengths, aka "Microsoft Office Property Vulnerability," a different vulnerability than CVE-2006-1316.
CVE-2005-4089 1 Microsoft 2 Ie, Internet Explorer 2026-04-16 N/A
Microsoft Internet Explorer allows remote attackers to bypass cross-domain security restrictions and obtain sensitive information by using the @import directive to download files from other domains that are not valid Cascading Style Sheets (CSS) files, as demonstrated using Google Desktop, aka "CSSXSS" and "CSS Cross-Domain Information Disclosure Vulnerability."
CVE-2002-1671 1 Microsoft 1 Internet Explorer 2026-04-16 N/A
Microsoft Internet Explorer 5.0, 5.01, and 5.5 allows remote attackers to monitor the contents of the clipboard via the getData method of the clipboardData object.
CVE-2006-1300 1 Microsoft 1 .net Framework 2026-04-16 N/A
Microsoft .NET framework 2.0 (ASP.NET) in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 up to SP1 allows remote attackers to bypass access restrictions via unspecified "URL paths" that can access Application Folder objects "explicitly by name."
CVE-2002-1688 1 Microsoft 1 Internet Explorer 2026-04-16 N/A
The browser history feature in Microsoft Internet Explorer 5.5 through 6.0 allows remote attackers to execute arbitrary script as other users and steal authentication information via cookies by injecting JavaScript into the URL, which is executed when the user hits the Back button.
CVE-2006-1302 1 Microsoft 2 Excel, Excel Viewer 2026-04-16 N/A
Buffer overflow in Microsoft Excel 2000 through 2003 allows user-assisted attackers to execute arbitrary code via a .xls file with certain crafted fields in a SELECTION record, which triggers memory corruption, aka "Malformed SELECTION record Vulnerability."
CVE-2002-1692 1 Microsoft 1 Windows 95 2026-04-16 N/A
Buffer overflow in backup utility of Microsoft Windows 95 allows attackers to execute arbitrary code by causing a filename with a long extension to be placed in a folder to be backed up.
CVE-2002-1694 1 Microsoft 2 Internet Information Server, Internet Information Services 2026-04-16 N/A
Microsoft Internet Information Server (IIS) 4.0 opens log files with FILE_SHARE_READ and FILE_SHARE_WRITE permissions, which could allow remote attackers to modify the log file contents while IIS is running.
CVE-2002-1698 1 Microsoft 1 Msn Messenger 2026-04-16 N/A
Buffer overflow in Microsoft MSN Messenger Service 1.0 through 4.6 allows remote attackers to cause a denial of service (crash) via a long FN (font) argument in the message header.
CVE-2002-1705 1 Microsoft 1 Internet Explorer 2026-04-16 N/A
Microsoft Internet Explorer 5.5 through 6.0 allows remote attackers to cause a denial of service (crash) via a Cascading Style Sheet (CSS) with the p{cssText} element declared and a bold font weight.
CVE-1999-0119 1 Microsoft 1 Windows Nt 2026-04-16 N/A
Windows NT 4.0 beta allows users to read and delete shares.