Microsoft vulnerabilities

Showing 1351 - 1389 of 1.4K CVEs

  1. CVE-1999-1578 Published Sep 24, 1999

    Buffer overflow in Registration Wizard ActiveX control (regwizc.dll, InvokeRegWizard) 3.0.0.0 for Internet Explorer 4.01 and 5 allows remote attackers to execute arbitrary commands.

  2. CVE-1999-1575 Published Sep 10, 1999

    The Kodak/Wang (1) Image Edit (imgedit.ocx), (2) Image Annotation (imgedit.ocx), (3) Image Scan (imgscan.ocx), (4) Thumbnail Image (imgthumb.ocx), (5) Image Admin (imgadmin.ocx), (6) HHOpen (hhopen.ocx), (7) Registration Wizard (regwizc.dll), and (8) IE Active Setup (setupctl.dll) ActiveX controls for Internet Explorer (IE) 4.01 and 5.0 are marked as "Safe for Scripting," which allows remote attackers to create and modify files and execute arbitrary commands.

  3. CVE-1999-0702 Published Sep 10, 1999

    Internet Explorer 5.0 and 5.01 allows remote attackers to modify or execute files via the Import/Export Favorites feature, aka the "ImportExportFavorites" vulnerability.

  4. CVE-1999-0891 Published Sep 1, 1999

    The "download behavior" in Internet Explorer 5 allows remote attackers to read arbitrary files via a server-side redirect.

  5. CVE-1999-0670 Published Sep 1, 1999

    Buffer overflow in the Eyedog ActiveX control allows a remote attacker to execute arbitrary commands.

  6. CVE-1999-0669 Published Sep 1, 1999

    The Eyedog ActiveX control is marked as "safe for scripting" for Internet Explorer, which allows a remote attacker to execute arbitrary commands as demonstrated by Bubbleboy.

  7. CVE-1999-1016 Published Aug 27, 1999

    Microsoft HTML control as used in (1) Internet Explorer 5.0, (2) FrontPage Express, (3) Outlook Express 5, and (4) Eudora, and possibly others, allows remote malicious web site or HTML emails to cause a denial of service (100% CPU consumption) via large HTML form fields such as text inputs in a table cell.

  8. CVE-1999-1235 Published Aug 25, 1999

    Internet Explorer 5.0 records the username and password for FTP servers in the URL history, which could allow (1) local users to read the information from another user's index.dat, or (2) people who are physically observing ("shoulder surfing") another user to read the information from the status bar when the user moves the mouse over a link.

  9. CVE-1999-0668 Published Aug 21, 1999

    The scriptlet.typelib ActiveX control is marked as "safe for scripting" for Internet Explorer, which allows a remote attacker to execute arbitrary commands as demonstrated by Bubbleboy.

  10. CVE-1999-0682 Published Aug 6, 1999

    Microsoft Exchange 5.5 allows a remote attacker to relay email (i.e. spam) using encapsulated SMTP addresses, even if the anti-relaying features are enabled.

  11. CVE-1999-0917 Published May 27, 1999

    The Preloader ActiveX control used by Internet Explorer allows remote attackers to read arbitrary files.

  12. CVE-1999-0802 Published May 27, 1999

    Buffer overflow in Internet Explorer 5 allows remote attackers to execute commands via a malformed Favorites icon.

  13. CVE-1999-1367 Published May 6, 1999

    Internet Explorer 5.0 does not properly reset the username/password cache for Web sites that do not use standard cache controls, which could allow users on the same system to access restricted web sites that were visited by other users.

  14. CVE-1999-1241 Published May 6, 1999

    Internet Explorer, with a security setting below Medium, allows remote attackers to execute arbitrary commands via a malicious web page that uses the FileSystemObject ActiveX object.

  15. CVE-1999-0487 Published May 1, 1999

    The DHTML Edit ActiveX control in Internet Explorer allows remote attackers to read arbitrary files.

  16. CVE-1999-0490 Published Apr 21, 1999

    MSHTML.DLL in Internet Explorer 5.0 allows a remote attacker to learn information about a local user's files via an IMG SRC tag.

  17. CVE-1999-0488 Published Apr 21, 1999

    Internet Explorer 4.0 and 5.0 allows a remote attacker to execute security scripts in a different security context using malicious URLs, a variant of the "cross frame" vulnerability.

  18. CVE-1999-0468 Published Apr 9, 1999

    Internet Explorer 5.0 allows a remote server to read arbitrary files on the client's file system using the Microsoft Scriptlet Component.

  19. CVE-1999-0469 Published Apr 1, 1999

    Internet Explorer 5.0 allows window spoofing, allowing a remote attacker to spoof a legitimate web site and capture information from the client.

  20. CVE-1999-1370 Published Mar 23, 1999

    The setup wizard (ie5setup.exe) for Internet Explorer 5.0 disables (1) the screen saver, which could leave the system open to users with physical access if a failure occurs during an unattended installation, and (2) the Task Scheduler Service, which might prevent the scheduled execution of security-critical programs.

  21. CVE-1999-1453 Published Feb 2, 1999

    Internet Explorer 4 allows remote attackers (malicious web site operators) to read the contents of the clipboard via the Internet WebBrowser ActiveX object.

  22. CVE-1999-0384 Published Jan 1, 1999

    The Forms 2.0 ActiveX control (included with Visual Basic for Applications 5.0) can be used to read text from a user's clipboard when the user accesses documents with ActiveX content.

  23. CVE-1999-0869 Published Dec 1, 1998

    Internet Explorer 3.x to 4.01 allows a remote attacker to insert malicious content into a frame of another web site, aka frame spoofing.

  24. CVE-1999-0385 Published Dec 1, 1998

    The LDAP bind function in Exchange 5.5 has a buffer overflow that allows a remote attacker to conduct a denial of service or execute commands.

  25. CVE-1999-1322 Published Nov 12, 1998

    The installation of 1ArcServe Backup and Inoculan AV client modules for Exchange create a log file, exchverify.log, which contains usernames and passwords in plaintext.

  26. CVE-1999-0870 Published Oct 1, 1998

    Internet Explorer 4.01 allows remote attackers to read arbitrary files by pasting a file name into the file upload control, aka untrusted scripted paste.

  27. CVE-1999-0871 Published Sep 4, 1998

    Internet Explorer 4.0 and 4.01 allow a remote attacker to read files via IE's cross frame security, aka the "Cross Frame Navigate" vulnerability.

  28. CVE-1999-1447 Published Jul 28, 1998

    Internet Explorer 4.0 allows remote attackers to cause a denial of service (crash) via HTML code that contains a long CLASSID parameter in an OBJECT tag.

  29. CVE-1999-1556 Published Jun 29, 1998

    Microsoft SQL Server 6.5 uses weak encryption for the password for the SQLExecutiveCmdExec account and stores it in an accessible portion of the registry, which could allow local users to gain privileges by reading and decrypting the CmdExecAccount value.

  30. CVE-1999-0007 Published Jun 26, 1998

    Information from SSL-encrypted sessions via PKCS #1.

  31. CVE-1999-0537 Published Apr 1, 1998

    A configuration in a web browser such as Internet Explorer or Netscape Navigator allows execution of active content such as ActiveX, Java, Javascript, etc.

  32. CVE-1999-0331 Published Jan 1, 1998

    Buffer overflow in Internet Explorer 4.0(1).

  33. CVE-1999-0284 Published Jan 1, 1998

    Denial of service to NT mail servers including Ipswitch, Mdaemon, and Exchange through a buffer overflow in the SMTP HELO command.

  34. CVE-1999-0967 Published Nov 1, 1997

    Buffer overflow in the HTML library used by Internet Explorer, Outlook Express, and Windows Explorer via the res: local resource protocol.

  35. CVE-1999-1446 Published Aug 5, 1997

    Internet Explorer 3 records a history of all URL's that are visited by a user in DAT files located in the Temporary Internet Files and History folders, which are not cleared when the user selects the "Clear History" option, and are not visible when the user browses the folders because of tailored displays.

  36. CVE-1999-0524 Published Aug 1, 1997

    ICMP information such as (1) netmask and (2) timestamp is allowed from arbitrary hosts.

  37. CVE-1999-0031 Published Jul 8, 1997

    JavaScript in Internet Explorer 3.x and 4.x, and Netscape 2.x, 3.x and 4.x, allows remote attackers to monitor a user's web activities, aka the Bell Labs vulnerability.

  38. CVE-1999-0280 Published Apr 1, 1997

    Remote command execution in Microsoft Internet Explorer using .lnk and .url files.

  39. CVE-1999-1128 Published Mar 1, 1997

    Internet Explorer 3.01 on Windows 95 allows remote malicious web sites to execute arbitrary commands via a .isp file, which is automatically downloaded and executed without prompting the user.