CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Microsoft : Security Vulnerabilities (CVSS score between 5 and 5.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
701 CVE-2001-0505 DoS 2001-10-30 2018-10-12
5.0
None Remote Low Not required None None Partial
Multiple memory leaks in Microsoft Services for Unix 2.0 allow remote attackers to cause a denial of service (memory exhaustion) via a large number of malformed requests to (1) the Telnet service, or (2) the NFS service.
702 CVE-2001-0503 DoS 2001-07-21 2018-10-12
5.0
None Remote Low Not required None None Partial
Microsoft NetMeeting 3.01 with Remote Desktop Sharing enabled allows remote attackers to cause a denial of service via a malformed string to the NetMeeting service port, aka a variant of the "NetMeeting Desktop Sharing" vulnerability.
703 CVE-2001-0348 DoS 2001-07-21 2018-10-12
5.0
None Remote Low Not required None None Partial
Microsoft Windows 2000 telnet service allows attackers to cause a denial of service (crash) via a long logon command that contains a backspace.
704 CVE-2001-0346 DoS 2001-07-21 2018-10-12
5.0
None Remote Low Not required None None Partial
Handle leak in Microsoft Windows 2000 telnet service allows attackers to cause a denial of service by starting a large number of sessions and terminating them.
705 CVE-2001-0345 DoS 2001-07-21 2018-10-12
5.0
None Remote Low Not required None None Partial
Microsoft Windows 2000 telnet service allows attackers to prevent idle Telnet sessions from timing out, causing a denial of service by creating a large number of idle sessions.
706 CVE-2001-0338 2001-06-27 2021-07-23
5.1
None Remote High Not required Partial Partial Partial
Internet Explorer 5.5 and earlier does not properly validate digital certificates when Certificate Revocation List (CRL) checking is enabled, which could allow remote attackers to spoof trusted web sites, aka the "Server certificate validation vulnerability."
707 CVE-2001-0337 DoS 2001-06-27 2018-10-12
5.0
None Remote Low Not required None None Partial
The Microsoft MS01-014 and MS01-016 patches for IIS 5.0 and earlier introduce a memory leak which allows attackers to cause a denial of service via a series of requests.
708 CVE-2001-0336 DoS 2001-06-27 2018-10-12
5.0
None Remote Low Not required None None Partial
The Microsoft MS00-060 patch for IIS 5.0 and earlier introduces an error which allows attackers to cause a denial of service via a malformed request.
709 CVE-2001-0335 2001-06-27 2018-10-12
5.0
None Remote Low Not required Partial None None
FTP service in IIS 5.0 and earlier allows remote attackers to enumerate Guest accounts in trusted domains by preceding the username with a special sequence of characters.
710 CVE-2001-0334 DoS 2001-06-27 2018-10-12
5.0
None Remote Low Not required None None Partial
FTP service in IIS 5.0 and earlier allows remote attackers to cause a denial of service via a wildcard sequence that generates a long string when it is expanded.
711 CVE-2001-0332 2001-06-27 2021-07-23
5.0
None Remote Low Not required Partial None None
Internet Explorer 5.5 and earlier does not properly verify the domain of a frame within a browser window, which allows remote web site operators to read certain files on the client by sending information from a local frame to a frame in a different domain using MSScriptControl.ScriptControl and GetObject, aka a variant of the "Frame Domain Verification" vulnerability.
712 CVE-2001-0322 DoS 2001-06-02 2021-07-22
5.0
None Remote Low Not required None None Partial
MSHTML.DLL HTML parser in Internet Explorer 4.0, and other versions, allows remote attackers to cause a denial of service (application crash) via a script that creates and deletes an object that is associated with the browser window object.
713 CVE-2001-0246 2001-06-27 2021-07-23
5.0
None Remote Low Not required Partial None None
Internet Explorer 5.5 and earlier does not properly verify the domain of a frame within a browser window, which allows remote web site operators to read certain files on the client by sending information from a local frame to a frame in a different domain, aka a variant of the "Frame Domain Verification" vulnerability.
714 CVE-2001-0245 2001-06-27 2018-10-12
5.0
None Remote Low Not required Partial None None
Microsoft Index Server 2.0 in Windows NT 4.0, and Indexing Service in Windows 2000, allows remote attackers to read server-side include files via a malformed search request, aka a new variant of the "Malformed Hit-Highlighting" vulnerability.
715 CVE-2001-0243 2001-06-27 2018-10-12
5.0
None Remote Low Not required Partial None None
Windows Media Player 7 and earlier stores Internet shortcuts in a user's Temporary Files folder with a fixed filename instead of in the Internet Explorer cache, which causes the HTML in those shortcuts to run in the Local Computer Zone instead of the Internet Zone, which allows remote attackers to read certain files.
716 CVE-2001-0237 DoS 2001-06-27 2019-04-30
5.0
None Remote Low Not required None None Partial
Memory leak in Microsoft 2000 domain controller allows remote attackers to cause a denial of service by repeatedly connecting to the Kerberos service and then disconnecting without sending any data.
717 CVE-2001-0151 DoS 2001-06-02 2018-10-30
5.0
None Remote Low Not required None None Partial
IIS 5.0 allows remote attackers to cause a denial of service via a series of malformed WebDAV requests.
718 CVE-2001-0150 Exec Code 2001-06-02 2021-07-23
5.1
None Remote High Not required Partial Partial Partial
Internet Explorer 5.5 and earlier executes Telnet sessions using command line arguments that are specified by the web site, which could allow remote attackers to execute arbitrary commands if the IE client is using the Telnet client provided in Services for Unix (SFU) 2.0, which creates session transcripts.
719 CVE-2001-0149 2001-06-02 2021-07-23
5.0
None Remote Low Not required Partial None None
Windows Scripting Host in Internet Explorer 5.5 and earlier allows remote attackers to read arbitrary files via the GetObject Javascript function and the htmlfile ActiveX object.
720 CVE-2001-0146 DoS 2001-06-02 2020-04-02
5.0
None Remote Low Not required None None Partial
IIS 5.0 and Microsoft Exchange 2000 allow remote attackers to cause a denial of service (memory allocation error) by repeatedly sending a series of specially formatted URL's.
721 CVE-2001-0137 Exec Code 2001-03-12 2018-10-12
5.1
None Remote High Not required Partial Partial Partial
Windows Media Player 7 allows remote attackers to execute malicious Java applets in Internet Explorer clients by enclosing the applet in a skin file named skin.wmz, then referencing that skin in the codebase parameter to an applet tag, aka the Windows Media Player Skins File Download" vulnerability.
722 CVE-2001-0096 DoS 2001-02-12 2018-10-30
5.0
None Remote Low Not required None None Partial
FrontPage Server Extensions (FPSE) in IIS 4.0 and 5.0 allows remote attackers to cause a denial of service via a malformed form, aka the "Malformed Web Form Submission" vulnerability.
723 CVE-2001-0090 2001-02-16 2021-07-23
5.1
None Remote High Not required Partial Partial Partial
The Print Templates feature in Internet Explorer 5.5 executes arbitrary custom print templates without prompting the user, which could allow an attacker to execute arbitrary ActiveX controls, aka the "Browser Print Template" vulnerability.
724 CVE-2001-0083 DoS 2001-02-12 2018-10-12
5.0
None Remote Low Not required None None Partial
Windows Media Unicast Service in Windows Media Services 4.0 and 4.1 does not properly shut down some types of connections, producing a memory leak that allows remote attackers to cause a denial of service via a series of severed connections, aka the "Severed Windows Media Server Connection" vulnerability.
725 CVE-2001-0018 DoS 2001-07-21 2019-04-30
5.0
None Remote Low Not required None None Partial
Windows 2000 domain controller in Windows 2000 Server, Advanced Server, or Datacenter Server allows remote attackers to cause a denial of service via a flood of malformed service requests.
726 CVE-2001-0017 DoS 2001-03-12 2018-10-12
5.0
None Remote Low Not required None None Partial
Memory leak in PPTP server in Windows NT 4.0 allows remote attackers to cause a denial of service via a malformed data packet, aka the "Malformed PPTP Packet Stream" vulnerability.
727 CVE-2001-0014 DoS 2001-02-12 2019-04-30
5.0
None Remote Low Not required None None Partial
Remote Data Protocol (RDP) in Windows 2000 Terminal Service does not properly handle certain malformed packets, which allows remote attackers to cause a denial of service, aka the "Invalid RDP Data" vulnerability.
728 CVE-2001-0004 2001-02-12 2018-10-30
5.0
None Remote Low Not required Partial None None
IIS 5.0 and 4.0 allows remote attackers to read the source code for executable web server programs by appending "%3F+.htr" to the requested URL, which causes the files to be parsed by the .HTR ISAPI extension, aka a variant of the "File Fragment Reading via .HTR" vulnerability.
729 CVE-2001-0003 2001-02-12 2018-10-12
5.0
None Remote Low Not required Partial None None
Web Extender Client (WEC) in Microsoft Office 2000, Windows 2000, and Windows Me does not properly process Internet Explorer security settings for NTLM authentication, which allows attackers to obtain NTLM credentials and possibly obtain the password, aka the "Web Client NTLM Authentication" vulnerability.
730 CVE-2000-1227 DoS 2000-12-31 2019-04-30
5.0
None Remote Low Not required None None Partial
Windows NT 4.0 and Windows 2000 hosts allow remote attackers to cause a denial of service (unavailable connections) by sending multiple SMB SMBnegprots requests but not reading the response that is sent back.
731 CVE-2000-1200 +Info 2001-08-31 2017-10-10
5.0
None Remote Low Not required Partial None None
Windows NT allows remote attackers to list all users in a domain by obtaining the domain SID with the LsaQueryInformationPolicy policy function via a null session and using the SID to list the users.
732 CVE-2000-1111 DoS 2001-01-09 2017-10-10
5.0
None Remote Low Not required None None Partial
Telnet Service for Windows 2000 Professional does not properly terminate incomplete connection attempts, which allows remote attackers to cause a denial of service by connecting to the server and not providing any input.
733 CVE-2000-1090 2001-02-12 2018-01-11
5.0
None Remote Low Not required Partial None None
Microsoft IIS for Far East editions 4.0 and 5.0 allows remote attackers to read source code for parsed pages via a malformed URL that uses the lead-byte of a double-byte character.
734 CVE-2000-1061 Exec Code Bypass 2000-12-11 2018-10-12
5.1
None Remote High Not required Partial Partial Partial
Microsoft Virtual Machine (VM) in Internet Explorer 4.x and 5.x allows an unsigned applet to create and use ActiveX controls, which allows a remote attacker to bypass Internet Explorer's security settings and execute arbitrary commands via a malicious web page or email, aka the "Microsoft VM ActiveX Component" vulnerability.
735 CVE-2000-1039 DoS 2001-01-09 2018-10-12
5.0
None Remote Low Not required None None Partial
Various TCP/IP stacks and network applications allow remote attackers to cause a denial of service by flooding a target host with TCP connection attempts and completing the TCP/IP handshake without maintaining the connection state on the attacker host, aka the "NAPTHA" class of vulnerabilities. NOTE: this candidate may change significantly as the security community discusses the technical nature of NAPTHA and learns more about the affected applications. This candidate is at a higher level of abstraction than is typical for CVE.
736 CVE-2000-1006 DoS 2000-12-11 2020-04-09
5.0
None Remote Low Not required None None Partial
Microsoft Exchange Server 5.5 does not properly handle a MIME header with a blank charset specified, which allows remote attackers to cause a denial of service via a charset="" command, aka the "Malformed MIME Header" vulnerability.
737 CVE-2000-0983 DoS 2000-12-19 2018-10-12
5.0
None Remote Low Not required None None Partial
Microsoft NetMeeting with Remote Desktop Sharing enabled allows remote attackers to cause a denial of service (CPU utilization) via a sequence of null bytes to the NetMeeting port, aka the "NetMeeting Desktop Sharing" vulnerability.
738 CVE-2000-0980 2000-12-19 2018-10-12
5.0
None Remote Low Not required None None Partial
NMPI (Name Management Protocol on IPX) listener in Microsoft NWLink does not properly filter packets from a broadcast address, which allows remote attackers to cause a broadcast storm and flood the network.
739 CVE-2000-0951 2000-12-19 2018-10-30
5.0
None Remote Low Not required Partial None None
A misconfiguration in IIS 5.0 with Index Server enabled and the Index property set allows remote attackers to list directories in the web root via a Web Distributed Authoring and Versioning (WebDAV) search.
740 CVE-2000-0942 XSS 2000-12-19 2018-10-12
5.1
None Remote High Not required Partial Partial Partial
The CiWebHitsFile component in Microsoft Indexing Services for Windows 2000 allows remote attackers to conduct a cross site scripting (CSS) attack via a CiRestriction parameter in a .htw request, aka the "Indexing Services Cross Site Scripting" vulnerability.
741 CVE-2000-0929 DoS 2000-12-19 2018-10-12
5.0
None Remote Low Not required None None Partial
Microsoft Windows Media Player 7 allows attackers to cause a denial of service in RTF-enabled email clients via an embedded OCX control that is not closed properly, aka the "OCX Attachment" vulnerability.
742 CVE-2000-0858 DoS 2000-11-14 2017-10-10
5.0
None Remote Low Not required None None Partial
Vulnerability in Microsoft Windows NT 4.0 allows remote attackers to cause a denial of service in IIS by sending it a series of malformed requests which cause INETINFO.EXE to fail, aka the "Invalid URL" vulnerability.
743 CVE-2000-0830 DoS 2000-11-14 2018-10-12
5.0
None Remote Low Not required None None Partial
annclist.exe in webTV for Windows allows remote attackers to cause a denial of service by via a large, malformed UDP packet to ports 22701 through 22705.
744 CVE-2000-0778 2000-10-20 2018-10-30
5.0
None Remote Low Not required Partial None None
IIS 5.0 allows remote attackers to obtain source code for .ASP files and other scripts via an HTTP GET request with a "Translate: f" header, aka the "Specialized Header" vulnerability.
745 CVE-2000-0765 Exec Code Overflow 2000-10-20 2018-10-12
5.1
None Remote High Not required Partial Partial Partial
Buffer overflow in the HTML interpreter in Microsoft Office 2000 allows an attacker to execute arbitrary commands via a long embedded object tag, aka the "Microsoft Office HTML Object Tag" vulnerability.
746 CVE-2000-0756 DoS 2000-10-20 2008-09-05
5.0
None Remote Low Not required None None Partial
Microsoft Outlook 2000 does not properly process long or malformed fields in vCard (.vcf) files, which allows attackers to cause a denial of service.
747 CVE-2000-0753 2000-10-20 2017-10-10
5.0
None Remote Low Not required None Partial None
The Microsoft Outlook mail client identifies the physical path of the sender's machine within a winmail.dat attachment to Rich Text Format (RTF) files.
748 CVE-2000-0742 DoS 2000-10-20 2018-10-12
5.0
None Remote Low Not required None None Partial
The IPX protocol implementation in Microsoft Windows 95 and 98 allows remote attackers to cause a denial of service by sending a ping packet with a source IP address that is a broadcast address, aka the "Malformed IPX Ping Packet" vulnerability.
749 CVE-2000-0710 2000-10-20 2017-07-12
5.0
None Remote Low Not required Partial None None
The shtml.exe component of Microsoft FrontPage 2000 Server Extensions 1.1 allows remote attackers to determine the physical path of the server components by requesting an invalid URL whose name includes a standard DOS device name.
750 CVE-2000-0709 DoS 2000-10-20 2008-09-05
5.0
None Remote Low Not required None None Partial
The shtml.exe component of Microsoft FrontPage 2000 Server Extensions 1.1 allows remote attackers to cause a denial of service in some components by requesting a URL whose name includes a standard DOS device name.
Total number of vulnerabilities : 883   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 (This Page)16 17 18
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.