Filtered by vendor Microsoft Subscriptions
Total 24964 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2005-4717 1 Microsoft 6 Ie, Internet Explorer, Windows 2000 and 3 more 2026-04-16 N/A
Microsoft Internet Explorer 6.0 on Windows NT 4.0 SP6a, Windows 2000 SP4, Windows XP SP1, Windows XP SP2, and Windows Server 2003 SP1 allows remote attackers to cause a denial of service (client crash) via a certain combination of a malformed HTML file and a CSS file that triggers a null dereference, probably related to rendering of a DIV element that contains a malformed IMG tag, as demonstrated by IEcrash.htm and IEcrash.rar.
CVE-1999-1043 1 Microsoft 1 Exchange Server 2026-04-16 N/A
Microsoft Exchange Server 5.5 and 5.0 does not properly handle (1) malformed NNTP data, or (2) malformed SMTP data, which allows remote attackers to cause a denial of service (application error).
CVE-2004-1324 1 Microsoft 1 Windows Media Player 2026-04-16 N/A
The Microsoft Windows Media Player 9.0 ActiveX control may allow remote attackers to execute arbitrary web script in the Local computer zone via the (1) artist or (2) song fields of a music file, if the file is processed using Internet Explorer.
CVE-2004-0121 1 Microsoft 2 Office, Outlook 2026-04-16 N/A
Argument injection vulnerability in Microsoft Outlook 2002 does not sufficiently filter parameters of mailto: URLs when using them as arguments when calling OUTLOOK.EXE, which allows remote attackers to use script code in the Local Machine zone and execute arbitrary programs.
CVE-2006-2297 1 Microsoft 1 Infotech Storage System Library 2026-04-16 N/A
Heap-based buffer overflow in Microsoft Infotech Storage System Library (itss.dll) allows user-assisted attackers to execute arbitrary code via a crafted CHM / ITS file that triggers the overflow while decompiling.
CVE-2003-0701 1 Microsoft 2 Ie, Internet Explorer 2026-04-16 N/A
Buffer overflow in Internet Explorer 6 SP1 for certain languages that support double-byte encodings (e.g., Japanese) allows remote attackers to execute arbitrary code via the Type property of an Object tag, a variant of CVE-2003-0344.
CVE-2001-0002 1 Microsoft 2 Internet Explorer, Windows Script Host 2026-04-16 N/A
Internet Explorer 5.5 and earlier allows remote attackers to obtain the physical location of cached content and open the content in the Local Computer Zone, then use compiled HTML help (.chm) files to execute arbitrary programs.
CVE-2001-0150 1 Microsoft 1 Internet Explorer 2026-04-16 N/A
Internet Explorer 5.5 and earlier executes Telnet sessions using command line arguments that are specified by the web site, which could allow remote attackers to execute arbitrary commands if the IE client is using the Telnet client provided in Services for Unix (SFU) 2.0, which creates session transcripts.
CVE-2002-2413 2 Deerfield, Microsoft 3 Website Pro, Windows 9x, Windows Nt 2026-04-16 N/A
WebSite Pro 3.1.11.0 on Windows allows remote attackers to read script source code for files with extensions greater than 3 characters via a URL request that uses the equivalent 8.3 file name.
CVE-2005-4843 1 Microsoft 1 Internet Explorer 2026-04-16 N/A
The SmartConnect Class control allows remote attackers to cause a denial of service (Internet Explorer crash) by creating a COM object of the class associated with the control's CLSID, which is not intended for use within Internet Explorer.
CVE-2005-4868 2 Ibm, Microsoft 2 Db2 Universal Database, Windows 2026-04-16 7.1 High
Shared memory sections and events in IBM DB2 8.1 have default permissions of read and write for the Everyone group, which allows local users to gain unauthorized access, gain sensitive information, such as cleartext passwords, and cause a denial of service.
CVE-2003-0718 1 Microsoft 2 Internet Information Server, Internet Information Services 2026-04-16 N/A
The WebDAV Message Handler for Internet Information Services (IIS) 5.0, 5.1, and 6.0 allows remote attackers to cause a denial of service (memory and CPU exhaustion, application crash) via a PROPFIND request with an XML message containing XML elements with a large number of attributes.
CVE-2006-0004 1 Microsoft 1 Office 2026-04-16 N/A
Microsoft PowerPoint 2000 in Office 2000 SP3 has an interaction with Internet Explorer that allows remote attackers to obtain sensitive information via a PowerPoint presentation that attempts to access objects in the Temporary Internet Files Folder (TIFF).
CVE-2006-0008 1 Microsoft 3 Office, Windows 2003 Server, Windows Xp 2026-04-16 N/A
The ShellAbout API call in Korean Input Method Editor (IME) in Korean versions of Microsoft Windows XP SP1 and SP2, Windows Server 2003 up to SP1, and Office 2003, allows local users to gain privileges by launching the "shell about dialog box" and clicking the "End-User License Agreement" link, which executes Notepad with the privileges of the program that displays the about box.
CVE-2006-0023 1 Microsoft 1 Windows Xp 2026-04-16 N/A
Microsoft Windows XP SP1 and SP2 before August 2004, and possibly other operating systems and versions, uses insecure default ACLs that allow the Authenticated Users group to gain privileges by modifying critical configuration information for the (1) Simple Service Discovery Protocol (SSDP), (2) Universal Plug and Play Device Host (UPnP), (3) NetBT, (4) SCardSvr, (5) DHCP, and (6) DnsCache services, aka "Permissive Windows Services DACLs." NOTE: the NetBT, SCardSvr, DHCP, DnsCache already require privileged access to exploit.
CVE-2006-0057 1 Microsoft 2 Ie, Internet Explorer 2026-04-16 N/A
Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to bypass the Kill bit settings for dangerous ActiveX controls via unknown vectors involving crafted HTML, which can expose the browser to attacks that would otherwise be prevented by the Kill bit setting. NOTE: CERT/CC claims that MS05-054 fixes this issue, but it is not described in MS05-054.
CVE-2006-3059 1 Microsoft 2 Excel, Excel Viewer 2026-04-16 N/A
Unspecified vulnerability in Microsoft Excel 2000 through 2004 allows remote user-assisted attackers to execute arbitrary code via unspecified vectors. NOTE: this is a different vulnerability than CVE-2006-3086.
CVE-2001-0344 1 Microsoft 1 Sql Server 2026-04-16 N/A
An SQL query method in Microsoft SQL Server 2000 Gold and 7.0 using Mixed Mode allows local database users to gain privileges by reusing a cached connection of the sa administrator account.
CVE-2001-0504 1 Microsoft 1 Windows 2000 2026-04-16 N/A
Vulnerability in authentication process for SMTP service in Microsoft Windows 2000 allows remote attackers to use incorrect credentials to gain privileges and conduct activities such as mail relaying.
CVE-2003-0815 1 Microsoft 2 Ie, Internet Explorer 2026-04-16 N/A
Internet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions and read arbitrary files by (1) modifying the createTextRange method and using CreateLink, as demonstrated using LinkillerSaveRef, LinkillerJPU, and Linkiller, or (2) modifying the createRange method and using the FIND dialog to select text, as demonstrated using Findeath, aka the "Function Pointer Override Cross Domain" vulnerability.