CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Microsoft : Security Vulnerabilities (CVSS score between 5 and 5.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
751 CVE-2000-0581 DoS 2000-06-30 2008-09-10
5.0
None Remote Low Not required None None Partial
Windows 2000 Telnet Server allows remote attackers to cause a denial of service by sending a continuous stream of binary zeros, which causes the server to crash.
752 CVE-2000-0580 DoS 2000-06-30 2008-09-10
5.0
None Remote Low Not required None None Partial
Windows 2000 Server allows remote attackers to cause a denial of service by sending a continuous stream of binary zeros to various TCP and UDP ports, which significantly increases the CPU utilization.
753 CVE-2000-0567 Exec Code Overflow 2000-07-18 2018-10-12
5.0
None Remote Low Not required None Partial None
Buffer overflow in Microsoft Outlook and Outlook Express allows remote attackers to execute arbitrary commands via a long Date field in an email header, aka the "Malformed E-mail Header" vulnerability.
754 CVE-2000-0544 DoS 2000-06-05 2008-09-10
5.0
None Remote Low Not required None None Partial
Windows NT and Windows 2000 hosts allow a remote attacker to cause a denial of service via malformed DCE/RPC SMBwriteX requests that contain an invalid data length.
755 CVE-2000-0524 DoS 2000-06-05 2020-04-02
5.0
None Remote Low Not required None None Partial
Microsoft Outlook and Outlook Express allow remote attackers to cause a denial of service by sending email messages with blank fields such as BCC, Reply-To, Return-Path, or From.
756 CVE-2000-0495 DoS 2000-05-30 2018-10-12
5.0
None Remote Low Not required None None Partial
Microsoft Windows Media Encoder allows remote attackers to cause a denial of service via a malformed request, aka the "Malformed Windows Media Encoder Request" vulnerability.
757 CVE-2000-0465 2000-05-17 2021-07-23
5.1
None Remote High Not required Partial Partial Partial
Internet Explorer 4.x and 5.x does not properly verify the domain of a frame within a browser window, which allows a remote attacker to read client files via the frame, aka the "Frame Domain Verification" vulnerability.
758 CVE-2000-0416 Bypass 2000-05-11 2008-09-10
5.0
None Remote Low Not required None Partial None
NTMail 5.x allows network users to bypass the NTMail proxy restrictions by redirecting their requests to NTMail's web configuration server.
759 CVE-2000-0415 DoS Overflow 2000-05-12 2008-09-05
5.0
None Remote Low Not required None None Partial
Buffer overflow in Outlook Express 4.x allows attackers to cause a denial of service via a mail or news message that has a .jpg or .bmp attachment with a long file name.
760 CVE-2000-0413 2000-05-06 2018-10-30
5.0
None Remote Low Not required Partial None None
The shtml.exe program in the FrontPage extensions package of IIS 4.0 and 5.0 allows remote attackers to determine the physical path of HTML, HTM, ASP, and SHTML files by requesting a file that does not exist, which generates an error message that reveals the path.
761 CVE-2000-0408 DoS 2000-05-11 2018-10-30
5.0
None Remote Low Not required None None Partial
IIS 4.05 and 5.0 allow remote attackers to cause a denial of service via a long, complex URL that appears to contain a large number of file extensions, aka the "Malformed Extension Data in URL" vulnerability.
762 CVE-2000-0404 DoS 2000-05-25 2018-10-12
5.0
None Remote Low Not required None None Partial
The CIFS Computer Browser service allows remote attackers to cause a denial of service by sending a ResetBrowser frame to the Master Browser, aka the "ResetBrowser Frame" vulnerability.
763 CVE-2000-0403 DoS 2000-05-25 2018-10-12
5.0
None Remote Low Not required None None Partial
The CIFS Computer Browser service on Windows NT 4.0 allows a remote attacker to cause a denial of service by sending a large number of host announcement requests to the master browse tables, aka the "HostAnnouncement Flooding" or "HostAnnouncement Frame" vulnerability.
764 CVE-2000-0377 DoS 2000-06-08 2018-10-12
5.0
None Remote Low Not required None None Partial
The Remote Registry server in Windows NT 4.0 allows local authenticated users to cause a denial of service via a malformed request, which causes the winlogon process to fail, aka the "Remote Registry Access Authentication" vulnerability.
765 CVE-2000-0347 DoS 2000-05-02 2016-10-18
5.0
None Remote Low Not required None None Partial
Windows 95 and Windows 98 allow a remote attacker to cause a denial of service via a NetBIOS session request packet with a NULL source name.
766 CVE-2000-0331 DoS Overflow 2000-04-20 2018-10-12
5.0
None Remote Low Not required None None Partial
Buffer overflow in Microsoft command processor (CMD.EXE) for Windows NT and Windows 2000 allows a local user to cause a denial of service via a long environment variable, aka the "Malformed Environment Variable" vulnerability.
767 CVE-2000-0329 1999-11-11 2021-07-22
5.1
None Remote High Not required Partial Partial Partial
A Microsoft ActiveX control allows a remote attacker to execute a malicious cabinet file via an attachment and an embedded script in an HTML mail, aka the "Active Setup Control" vulnerability.
768 CVE-2000-0328 1999-08-24 2018-10-12
5.0
None Remote Low Not required Partial None None
Windows NT 4.0 generates predictable random TCP initial sequence numbers (ISN), which allows remote attackers to perform spoofing and session hijacking.
769 CVE-2000-0304 DoS 2000-05-10 2018-10-30
5.0
None Remote Low Not required None None Partial
Microsoft IIS 4.0 and 5.0 with the IISADMPWD virtual directory installed allows a remote attacker to cause a denial of service via a malformed request to the inetinfo.exe program, aka the "Undelimited .HTR Request" vulnerability.
770 CVE-2000-0302 2000-03-31 2018-10-12
5.0
None Remote Low Not required Partial None None
Microsoft Index Server allows remote attackers to view the source code of ASP files by appending a %20 to the filename in the CiWebHitsFile argument to the null.htw URL.
771 CVE-2000-0258 20 DoS 2000-04-12 2018-10-30
5.0
None Remote Low Not required None None Partial
IIS 4.0 and 5.0 allows remote attackers to cause a denial of service by sending many URLs with a large number of escaped characters, aka the "Myriad Escaped Characters" Vulnerability.
772 CVE-2000-0246 2000-03-30 2018-10-30
5.0
None Remote Low Not required Partial None None
IIS 4.0 and 5.0 does not properly perform ISAPI extension processing if a virtual directory is mapped to a UNC share, which allows remote attackers to read the source code of ASP and other files, aka the "Virtualized UNC Share" vulnerability.
773 CVE-2000-0228 DoS 2000-03-17 2018-10-12
5.0
None Remote Low Not required None None Partial
Microsoft Windows Media License Manager allows remote attackers to cause a denial of service by sending a malformed request that causes the manager to halt, aka the "Malformed Media License Request" Vulnerability.
774 CVE-2000-0226 DoS Overflow 2000-03-20 2018-10-12
5.0
None Remote Low Not required None None Partial
IIS 4.0 allows attackers to cause a denial of service by requesting a large buffer in a POST or PUT command which consumes memory, aka the "Chunked Transfer Encoding Buffer Overflow Vulnerability."
775 CVE-2000-0216 2000-02-29 2008-09-10
5.0
None Remote Low Not required None None Partial
Microsoft email clients in Outlook, Exchange, and Windows Messaging automatically respond to Read Receipt and Delivery Receipt tags, which could allow an attacker to flood a mail system with responses by forging a Read Receipt request that is redirected to a large distribution list.
776 CVE-2000-0211 DoS 2000-02-23 2018-10-12
5.0
None Remote Low Not required None None Partial
The Windows Media server allows remote attackers to cause a denial of service via a series of client handshake packets that are sent in an improper sequence, aka the "Misordered Windows Media Services Handshake" vulnerability.
777 CVE-2000-0201 Exec Code 2000-03-01 2021-07-23
5.1
None Remote High Not required Partial Partial Partial
The window.showHelp() method in Internet Explorer 5.x does not restrict HTML help files (.chm) to be executed from the local host, which allows remote attackers to execute arbitrary commands via Microsoft Networking.
778 CVE-2000-0200 DoS Exec Code Overflow 2000-03-06 2018-10-12
5.1
None Remote High Not required Partial Partial Partial
Buffer overflow in Microsoft Clip Art Gallery allows remote attackers to cause a denial of service or execute commands via a malformed CIL (clip art library) file, aka the "Clip Art Buffer Overrun" vulnerability.
779 CVE-2000-0168 DoS 2000-03-04 2008-09-10
5.0
None Remote Low Not required None None Partial
Microsoft Windows 9x operating systems allow an attacker to cause a denial of service via a pathname that includes file device names, aka the "DOS Device in Path Name" vulnerability.
780 CVE-2000-0162 2000-02-18 2021-07-22
5.1
None Remote High Not required Partial Partial Partial
The Microsoft virtual machine (VM) in Internet Explorer 4.x and 5.x allows a remote attacker to read files via a malicious Java applet that escapes the Java sandbox, aka the "VM File Reading" vulnerability.
781 CVE-2000-0156 2000-02-16 2021-07-23
5.1
None Remote High Not required Partial Partial Partial
Internet Explorer 4.x and 5.x allows remote web servers to access files on the client that are outside of its security domain, aka the "Image Source Redirect" vulnerability.
782 CVE-2000-0153 1999-03-26 2008-09-10
5.0
None Remote Low Not required Partial None None
FrontPage Personal Web Server (PWS) allows remote attackers to read files via a .... (dot dot) attack.
783 CVE-2000-0126 2000-01-26 2008-09-10
5.0
None Remote Low Not required Partial None None
Sample Internet Data Query (IDQ) scripts in IIS 3 and 4 allow remote attackers to read files via a .. (dot dot) attack.
784 CVE-2000-0122 2000-02-03 2018-10-19
5.0
None Remote Low Not required Partial None None
Frontpage Server Extensions allows remote attackers to determine the physical path of a virtual directory via a GET request to the htimage.exe CGI program.
785 CVE-2000-0115 DoS 2000-01-21 2008-09-10
5.0
None Remote Low Not required None None Partial
IIS allows local users to cause a denial of service via invalid regular expressions in a Visual Basic script in an ASP page.
786 CVE-2000-0114 2000-02-02 2008-09-10
5.0
None Remote Low Not required Partial None None
Frontpage Server Extensions allows remote attackers to determine the name of the anonymous account via an RPC POST request to shtml.dll in the /_vti_bin/ virtual directory.
787 CVE-2000-0105 2000-02-01 2008-09-10
5.0
None Remote Low Not required Partial None None
Outlook Express 5.01 and Internet Explorer 5.01 allow remote attackers to view a user's email messages via a script that accesses a variable that references subsequent email messages that are read by the client.
788 CVE-2000-0098 2000-01-26 2018-10-12
5.0
None Remote Low Not required Partial None None
Microsoft Index Server allows remote attackers to determine the real path for a web directory via a request to an Internet Data Query file that does not exist.
789 CVE-2000-0097 2000-01-26 2018-10-12
5.0
None Remote Low Not required Partial None None
The WebHits ISAPI filter in Microsoft Index Server allows remote attackers to read arbitrary files, aka the "Malformed Hit-Highlighting Argument" vulnerability.
790 CVE-2000-0082 2000-01-02 2008-09-05
5.0
None Remote Low Not required Partial None None
WebTV email client allows remote attackers to force the client to send email without the user's knowledge via HTML.
791 CVE-2000-0073 DoS Overflow 1999-11-17 2018-10-12
5.0
None Remote Low Not required None None Partial
Buffer overflow in Microsoft Rich Text Format (RTF) reader allows attackers to cause a denial of service via a malformed control word.
792 CVE-2000-0071 2000-01-11 2018-10-30
5.0
None Remote Low Not required Partial None None
IIS 4.0 allows a remote attacker to obtain the real pathname of the document root by requesting non-existent files with .ida or .idq extensions.
793 CVE-2000-0036 1999-12-22 2018-10-12
5.0
None Remote Low Not required None Partial None
Outlook Express 5 for Macintosh downloads attachments to HTML mail without prompting the user, aka the "HTML Mail Attachment" vulnerability.
794 CVE-2000-0025 1999-12-21 2018-10-12
5.0
None Remote Low Not required Partial None None
IIS 4.0 and Site Server 3.0 allow remote attackers to read source code for ASP files if the file is in a virtual directory whose name includes extensions such as .com, .exe, .sh, .cgi, or .dll, aka the "Virtual Directory Naming" vulnerability.
795 CVE-1999-1581 DoS 1997-12-23 2017-07-11
5.0
None Remote Low Not required None None Partial
Memory leak in Simple Network Management Protocol (SNMP) agent (snmp.exe) for Windows NT 4.0 before Service Pack 4 allows remote attackers to cause a denial of service (memory consumption) via a large number of SNMP packets with Object Identifiers (OIDs) that cannot be decoded.
796 CVE-1999-1579 DoS 2000-12-14 2018-08-13
5.0
None Remote Low Not required None None Partial
The Cenroll ActiveX control (xenroll.dll) for Terminal Server Editions of Windows NT 4.0 and Windows NT Server 4.0 before SP6 allows remote attackers to cause a denial of service (resource consumption) by creating a large number of arbitrary files on the target machine.
797 CVE-1999-1578 Exec Code Overflow 1999-09-24 2021-07-22
5.1
None Remote High Not required Partial Partial Partial
Buffer overflow in Registration Wizard ActiveX control (regwizc.dll, InvokeRegWizard) 3.0.0.0 for Internet Explorer 4.01 and 5 allows remote attackers to execute arbitrary commands.
798 CVE-1999-1577 Exec Code Overflow 1999-10-31 2021-07-22
5.1
None Remote High Not required Partial Partial Partial
Buffer overflow in HHOpen ActiveX control (hhopen.ocx) 1.0.0.1 for Internet Explorer 4.01 and 5 allows remote attackers to execute arbitrary commands via long arguments to the OpenHelp method.
799 CVE-1999-1575 Exec Code 1999-09-10 2021-07-22
5.1
None Remote High Not required Partial Partial Partial
The Kodak/Wang (1) Image Edit (imgedit.ocx), (2) Image Annotation (imgedit.ocx), (3) Image Scan (imgscan.ocx), (4) Thumbnail Image (imgthumb.ocx), (5) Image Admin (imgadmin.ocx), (6) HHOpen (hhopen.ocx), (7) Registration Wizard (regwizc.dll), and (8) IE Active Setup (setupctl.dll) ActiveX controls for Internet Explorer (IE) 4.01 and 5.0 are marked as "Safe for Scripting," which allows remote attackers to create and modify files and execute arbitrary commands.
800 CVE-1999-1544 DoS Overflow 1999-01-24 2016-10-18
5.0
None Remote Low Not required None None Partial
Buffer overflow in FTP server in Microsoft IIS 3.0 and 4.0 allows local and sometimes remote attackers to cause a denial of service via a long NLST (ls) command.
Total number of vulnerabilities : 883   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 (This Page)17 18
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.