CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Microsoft : Security Vulnerabilities (CVSS score >= 9)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-1999-0119 1999-01-19 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
Windows NT 4.0 beta allows users to read and delete shares.
2 CVE-1999-0226 19 DoS 1999-01-01 2017-05-03
10.0
None Remote Low Not required Complete Complete Complete
Windows NT TCP/IP processes fragmented IP packets improperly, causing a denial of service.
3 CVE-1999-0233 Exec Code 1996-02-25 2020-11-23
10.0
None Remote Low Not required Complete Complete Complete
IIS 1.0 allows users to execute arbitrary commands using .bat or .cmd files.
4 CVE-1999-0285 DoS 1999-01-01 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
Denial of service in telnet from the Windows NT Resource Kit, by opening then immediately closing a connection.
5 CVE-1999-0364 1999-01-01 2016-10-18
10.0
None Remote Low Not required Complete Complete Complete
Microsoft Access 97 stores a database password as plaintext in a foreign mdb, allowing access to data.
6 CVE-1999-0385 120 DoS Exec Code Overflow 1998-12-01 2020-04-02
10.0
None Remote Low Not required Complete Complete Complete
The LDAP bind function in Exchange 5.5 has a buffer overflow that allows a remote attacker to conduct a denial of service or execute commands.
7 CVE-1999-0407 1999-02-09 2016-10-18
10.0
None Remote Low Not required Complete Complete Complete
By default, IIS 4.0 has a virtual directory /IISADMPWD which contains files that can be used as proxies for brute force password attacks, or to identify valid users on the system.
8 CVE-1999-0489 1999-05-17 2018-10-12
10.0
None Remote Low Not required Complete Complete Complete
MSHTML.DLL in Internet Explorer 5.0 allows a remote attacker to paste a file name into the file upload intrinsic control, a variant of "untrusted scripted paste" as described in MS:MS98-013.
9 CVE-1999-0535 1997-01-01 2008-09-09
10.0
None Remote Low Not required Complete Complete Complete
A Windows NT account policy for passwords has inappropriate, security-critical settings, e.g. for password length, password age, or uniqueness.
10 CVE-1999-0560 1999-01-01 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
A system-critical Windows NT file or directory has inappropriate permissions.
11 CVE-1999-0570 1999-01-01 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
Windows NT is not using a password filter utility, e.g. PASSFILT.DLL.
12 CVE-1999-0577 1999-01-01 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
A Windows NT system's file audit policy does not log an event success or failure for non-critical files or directories.
13 CVE-1999-0579 1999-01-01 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
A Windows NT system's registry audit policy does not log an event success or failure for non-critical registry keys.
14 CVE-1999-0581 1999-01-01 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
The HKEY_CLASSES_ROOT key in a Windows NT system has inappropriate, system-critical permissions.
15 CVE-1999-0590 2000-06-01 2021-09-22
10.0
None Remote Low Not required Complete Complete Complete
A system does not present an appropriate legal message or warning to a user who is accessing it.
16 CVE-1999-0702 94 1999-09-10 2021-07-22
10.0
None Remote Low Not required Complete Complete Complete
Internet Explorer 5.0 and 5.01 allows remote attackers to modify or execute files via the Import/Export Favorites feature, aka the "ImportExportFavorites" vulnerability.
17 CVE-1999-0874 119 DoS Overflow 1999-06-16 2018-10-12
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in IIS 4.0 allows remote attackers to cause a denial of service via a malformed request for files with .HTR, .IDC, or .STM extensions.
18 CVE-1999-0876 119 Overflow 2000-01-04 2021-07-22
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in Internet Explorer 4.0 via EMBED tag.
19 CVE-1999-0967 Overflow 1997-11-01 2021-07-22
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in the HTML library used by Internet Explorer, Outlook Express, and Windows Explorer via the res: local resource protocol.
20 CVE-1999-0987 287 1999-11-18 2018-08-13
10.0
None Remote Low Not required Complete Complete Complete
Windows NT does not properly download a system policy if the domain user logs into the domain with a space at the end of the domain name.
21 CVE-1999-1011 264 Exec Code 1999-07-19 2018-10-15
10.0
None Remote Low Not required Complete Complete Complete
The Remote Data Service (RDS) DataFactory component of Microsoft Data Access Components (MDAC) in IIS 3.x and 4.x exposes unsafe methods, which allows remote attackers to execute arbitrary commands.
22 CVE-1999-1241 Exec Code 1999-05-06 2021-07-23
10.0
None Remote Low Not required Complete Complete Complete
Internet Explorer, with a security setting below Medium, allows remote attackers to execute arbitrary commands via a malicious web page that uses the FileSystemObject ActiveX object.
23 CVE-1999-1376 Exec Code Overflow 1999-01-14 2016-10-18
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in fpcount.exe in IIS 4.0 with FrontPage Server Extensions allows remote attackers to execute arbitrary commands.
24 CVE-2000-0061 2000-01-07 2021-07-23
10.0
None Remote Low Not required Complete Complete Complete
Internet Explorer 5 does not modify the security zone for a document that is being loaded into a window until after the document has been loaded, which could allow remote attackers to execute Javascript in a different security context while the document is loading.
25 CVE-2000-0081 Exec Code 2000-01-10 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
Hotmail does not properly filter JavaScript code from a user's mailbox, which allows a remote attacker to execute the code by using hexadecimal codes to specify the javascript: protocol, e.g. jAvascript.
26 CVE-2000-0222 2000-02-15 2019-04-30
10.0
None Remote Low Not required Complete Complete Complete
The installation for Windows 2000 does not activate the Administrator password until the system has rebooted, which allows remote attackers to connect to the ADMIN$ share without a password until the reboot occurs.
27 CVE-2000-0788 Exec Code 2000-10-20 2018-10-12
10.0
None Remote Low Not required Complete Complete Complete
The Mail Merge tool in Microsoft Word does not prompt the user before executing Visual Basic (VBA) scripts in an Access database, which could allow an attacker to execute arbitrary commands.
28 CVE-2000-0854 Exec Code 2000-11-14 2017-10-10
10.0
None Remote Low Not required Complete Complete Complete
When a Microsoft Office 2000 document is launched, the directory of that document is first used to locate DLL's such as riched20.dll and msi.dll, which could allow an attacker to execute arbitrary commands by inserting a Trojan Horse DLL into the same directory as the document.
29 CVE-2000-1034 Exec Code Overflow 2000-12-11 2018-10-12
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in the System Monitor ActiveX control in Windows 2000 allows remote attackers to execute arbitrary commands via a long LogFileName parameter in HTML source code, aka the "ActiveX Parameter Validation" vulnerability.
30 CVE-2000-1089 Exec Code Overflow 2001-01-09 2018-10-12
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in Microsoft Phone Book Service allows local users to execute arbitrary commands, aka the "Phone Book Service Buffer Overflow" vulnerability.
31 CVE-2000-1209 +Priv 2002-08-12 2018-08-13
10.0
None Remote Low Not required Complete Complete Complete
The "sa" account is installed with a default null password on (1) Microsoft SQL Server 2000, (2) SQL Server 7.0, and (3) Data Engine (MSDE) 1.0, including third party packages that use these products such as (4) Tumbleweed Secure Mail (MMS) (5) Compaq Insight Manager, and (6) Visio 2000, which allows remote attackers to gain privileges, as exploited by worms such as Voyager Alpha Force and Spida.
32 CVE-2001-0045 Exec Code 2001-02-16 2018-10-12
10.0
None Remote Low Not required Complete Complete Complete
The default permissions for the RAS Administration key in Windows NT 4.0 allows local users to execute arbitrary commands by changing the value to point to a malicious DLL, aka one of the "Registry Permissions" vulnerabilities.
33 CVE-2001-0147 Exec Code Overflow 2001-05-03 2019-04-30
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in Windows 2000 event viewer snap-in allows attackers to execute arbitrary commands via a malformed field that is improperly handled during the detailed view of event records.
34 CVE-2001-0241 Overflow +Priv 2001-06-27 2019-04-30
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in Internet Printing ISAPI extension in Windows 2000 allows remote attackers to gain root privileges via a long print request that is passed to the extension through IIS 5.0.
35 CVE-2001-0500 Exec Code Overflow 2001-07-21 2018-10-12
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in ISAPI extension (idq.dll) in Index Server 2.0 and Indexing Service 2000 in IIS 6.0 beta and earlier allows remote attackers to execute arbitrary commands via a long argument to Internet Data Administration (.ida) and Internet Data Query (.idq) files such as default.ida, as commonly exploited by Code Red.
36 CVE-2001-0538 Exec Code 2001-08-14 2018-10-12
10.0
None Remote Low Not required Complete Complete Complete
Microsoft Outlook View ActiveX Control in Microsoft Outlook 2002 and earlier allows remote attackers to execute arbitrary commands via a malicious HTML e-mail message or web page.
37 CVE-2002-0018 +Priv 2002-03-08 2018-10-12
10.0
None Remote Low Not required Complete Complete Complete
In Microsoft Windows NT and Windows 2000, a trusting domain that receives authorization information from a trusted domain does not verify that the trusted domain is authoritative for all listed SIDs, which allows remote attackers to gain Domain Administrator privileges on the trusting domain by injecting SIDs from untrusted domains into the authorization data that comes from from the trusted domain.
38 CVE-2002-0369 DoS Exec Code Overflow 2002-07-26 2018-10-12
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in ASP.NET Worker Process allows remote attackers to cause a denial of service (restart) and possibly execute arbitrary code via a routine that processes cookies while in StateServer mode.
39 CVE-2002-0697 Bypass 2002-08-12 2018-10-12
10.0
None Remote Low Not required Complete Complete Complete
Microsoft Metadirectory Services (MMS) 2.2 allows remote attackers to bypass authentication and modify sensitive data by using an LDAP client to directly connect to MMS and bypass the checks for MMS credentials.
40 CVE-2002-0721 2002-09-05 2018-10-12
10.0
None Remote Low Not required Complete Complete Complete
Microsoft SQL Server 7.0 and 2000 installs with weak permissions for extended stored procedures that are associated with helper functions, which could allow unprivileged users, and possibly remote attackers, to run stored procedures with administrator privileges via (1) xp_execresultset, (2) xp_printstatements, or (3) xp_displayparamstmt.
41 CVE-2002-0736 Bypass 2002-08-12 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
Microsoft BackOffice 4.0 and 4.5, when configured to be accessible by other systems, allows remote attackers to bypass authentication and access the administrative ASP pages via an HTTP request with an authorization type (auth_type) that is not blank.
42 CVE-2002-1145 +Priv 2002-10-28 2018-10-12
10.0
None Remote Low Not required Complete Complete Complete
The xp_runwebtask stored procedure in the Web Tasks component of Microsoft SQL Server 7.0 and 2000, Microsoft Data Engine (MSDE) 1.0, and Microsoft Desktop Engine (MSDE) 2000 can be executed by PUBLIC, which allows an attacker to gain privileges by updating a webtask that is owned by the database owner through the msdb.dbo.mswebtasks table, which does not have strong permissions.
43 CVE-2002-1257 Exec Code 2002-12-23 2019-04-30
10.0
None Remote Low Not required Complete Complete Complete
Microsoft Virtual Machine (VM) up to and including build 5.0.3805 allows remote attackers to execute arbitrary code by including a Java applet that invokes COM (Component Object Model) objects in a web site or an HTML mail.
44 CVE-2002-1918 Overflow 2002-12-31 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in Microsoft Active Data Objects (ADO) in Microsoft MDAC 2.5 through 2.7 allows remote attackers to have unknown impact with unknown attack vectors. NOTE: due to the lack of details available regarding this issue, perhaps it should be REJECTED.
45 CVE-2003-0224 Exec Code Overflow 2003-06-09 2018-10-30
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in ssinc.dll for Microsoft Internet Information Services (IIS) 5.0 allows local users to execute arbitrary code via a web page with a Server Side Include (SSI) directive with a long filename, aka "Server Side Include Web Pages Buffer Overrun."
46 CVE-2003-0347 Exec Code Overflow 2003-10-20 2018-10-12
10.0
None Remote Low Not required Complete Complete Complete
Heap-based buffer overflow in VBE.DLL and VBE6.DLL of Microsoft Visual Basic for Applications (VBA) SDK 5.0 through 6.3 allows remote attackers to execute arbitrary code via a document with a long ID parameter.
47 CVE-2003-0528 Exec Code Overflow 2003-09-17 2019-04-30
10.0
None Remote Low Not required Complete Complete Complete
Heap-based buffer overflow in the Distributed Component Object Model (DCOM) interface in the RPCSS Service allows remote attackers to execute arbitrary code via a malformed RPC request with a long filename parameter, a different vulnerability than CVE-2003-0352 (Blaster/Nachi) and CVE-2003-0715.
48 CVE-2003-0715 Exec Code Overflow 2003-09-17 2019-04-30
10.0
None Remote Low Not required Complete Complete Complete
Heap-based buffer overflow in the Distributed Component Object Model (DCOM) interface in the RPCSS Service allows remote attackers to execute arbitrary code via a malformed DCERPC DCOM object activation request packet with modified length fields, a different vulnerability than CVE-2003-0352 (Blaster/Nachi) and CVE-2003-0528.
49 CVE-2003-0819 119 Exec Code Overflow 2004-02-17 2018-10-12
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in the H.323 filter of Microsoft Internet Security and Acceleration Server 2000 allows remote attackers to execute arbitrary code in the Microsoft Firewall Service via certain H.323 traffic, as demonstrated by the NISCC/OUSPG PROTOS test suite for the H.225 protocol.
50 CVE-2003-0903 119 Exec Code Overflow 2004-02-17 2018-10-12
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in a component of Microsoft Data Access Components (MDAC) 2.5 through 2.8 allows remote attackers to execute arbitrary code via a malformed UDP response to a broadcast request.
Total number of vulnerabilities : 2137   Page : 1 (This Page)2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.