Microsoft vulnerabilities

Showing 2251 - 2300 of 2.3K CVEs

  1. CVE-1999-1093 Published Dec 31, 1999

    Buffer overflow in the Window.External function in the JScript Scripting Engine in Internet Explorer 4.01 SP1 and earlier allows remote attackers to execute arbitrary commands via a malicious web page.

  2. CVE-1999-1087 Published Dec 31, 1999

    Internet Explorer 4 treats a 32-bit number ("dotless IP address") in the a URL as the hostname instead of an IP address, which causes IE to apply Local Intranet Zone settings to the resulting web page, allowing remote malicious web servers to conduct unauthorized activities by using URLs that contain the dotless IP address for their server.

  3. CVE-1999-1043 Published Dec 31, 1999

    Microsoft Exchange Server 5.5 and 5.0 does not properly handle (1) malformed NNTP data, or (2) malformed SMTP data, which allows remote attackers to cause a denial of service (application error).

  4. CVE-2000-0028 Published Dec 23, 1999

    Internet Explorer 5.0 and 5.01 allows remote attackers to bypass the cross frame security policy and read files via the external.NavigateAndFind function.

  5. CVE-1999-0993 Published Dec 13, 1999

    Modifications to ACLs (Access Control Lists) in Microsoft Exchange 5.5 do not take effect until the directory store cache is refreshed.

  6. CVE-1999-0981 Published Dec 8, 1999

    Internet Explorer 5.01 and earlier allows a remote attacker to create a reference to a client window and use a server-side redirect to access local files via that window, aka "Server-side Page Reference Redirect."

  7. CVE-1999-0858 Published Dec 2, 1999

    Internet Explorer 5 allows a remote attacker to modify the IE client's proxy configuration via a malicious Web Proxy Auto-Discovery (WPAD) server.

  8. CVE-1999-0999 Published Nov 19, 1999

    Microsoft SQL 7.0 server allows a remote attacker to cause a denial of service via a malformed TDS packet.

  9. CVE-1999-0793 Published Nov 17, 1999

    Internet Explorer allows remote attackers to read files by redirecting data to a Javascript applet.

  10. CVE-1999-1110 Published Nov 14, 1999

    Windows Media Player ActiveX object as used in Internet Explorer 5.0 returns a specific error code when a file does not exist, which allows remote malicious web sites to determine the existence of files on the client.

  11. CVE-2000-0329 Published Nov 11, 1999

    A Microsoft ActiveX control allows a remote attacker to execute a malicious cabinet file via an attachment and an embedded script in an HTML mail, aka the "Active Setup Control" vulnerability.

  12. CVE-1999-0827 Published Nov 1, 1999

    By default, Internet Explorer 5.0 and other versions enables the "Navigate sub-frames across different domains" option, which allows frame spoofing.

  13. CVE-1999-0354 Published Nov 1, 1999

    Internet Explorer 4.x or 5.x with Word 97 allows arbitrary execution of Visual Basic programs to the IE client through the Word 97 template, which doesn't warn the user that the template contains executable content. Also applies to Outlook when the client views a malicious email message.

  14. CVE-1999-1577 Published Oct 31, 1999

    Buffer overflow in HHOpen ActiveX control (hhopen.ocx) 1.0.0.1 for Internet Explorer 4.01 and 5 allows remote attackers to execute arbitrary commands via long arguments to the OpenHelp method.

  15. CVE-1999-0877 Published Oct 1, 1999

    Internet Explorer 5 allows remote attackers to read files via an ExecCommand method called on an IFRAME.

  16. CVE-1999-1578 Published Sep 24, 1999

    Buffer overflow in Registration Wizard ActiveX control (regwizc.dll, InvokeRegWizard) 3.0.0.0 for Internet Explorer 4.01 and 5 allows remote attackers to execute arbitrary commands.

  17. CVE-1999-1575 Published Sep 10, 1999

    The Kodak/Wang (1) Image Edit (imgedit.ocx), (2) Image Annotation (imgedit.ocx), (3) Image Scan (imgscan.ocx), (4) Thumbnail Image (imgthumb.ocx), (5) Image Admin (imgadmin.ocx), (6) HHOpen (hhopen.ocx), (7) Registration Wizard (regwizc.dll), and (8) IE Active Setup (setupctl.dll) ActiveX controls for Internet Explorer (IE) 4.01 and 5.0 are marked as "Safe for Scripting," which allows remote attackers to create and modify files and execute arbitrary commands.

  18. CVE-1999-0702 Published Sep 10, 1999

    Internet Explorer 5.0 and 5.01 allows remote attackers to modify or execute files via the Import/Export Favorites feature, aka the "ImportExportFavorites" vulnerability.

  19. CVE-1999-0891 Published Sep 1, 1999

    The "download behavior" in Internet Explorer 5 allows remote attackers to read arbitrary files via a server-side redirect.

  20. CVE-1999-0670 Published Sep 1, 1999

    Buffer overflow in the Eyedog ActiveX control allows a remote attacker to execute arbitrary commands.

  21. CVE-1999-0669 Published Sep 1, 1999

    The Eyedog ActiveX control is marked as "safe for scripting" for Internet Explorer, which allows a remote attacker to execute arbitrary commands as demonstrated by Bubbleboy.

  22. CVE-1999-1016 Published Aug 27, 1999

    Microsoft HTML control as used in (1) Internet Explorer 5.0, (2) FrontPage Express, (3) Outlook Express 5, and (4) Eudora, and possibly others, allows remote malicious web site or HTML emails to cause a denial of service (100% CPU consumption) via large HTML form fields such as text inputs in a table cell.

  23. CVE-1999-1235 Published Aug 25, 1999

    Internet Explorer 5.0 records the username and password for FTP servers in the URL history, which could allow (1) local users to read the information from another user's index.dat, or (2) people who are physically observing ("shoulder surfing") another user to read the information from the status bar when the user moves the mouse over a link.

  24. CVE-1999-0668 Published Aug 21, 1999

    The scriptlet.typelib ActiveX control is marked as "safe for scripting" for Internet Explorer, which allows a remote attacker to execute arbitrary commands as demonstrated by Bubbleboy.

  25. CVE-1999-0682 Published Aug 6, 1999

    Microsoft Exchange 5.5 allows a remote attacker to relay email (i.e. spam) using encapsulated SMTP addresses, even if the anti-relaying features are enabled.

  26. CVE-1999-0917 Published May 27, 1999

    The Preloader ActiveX control used by Internet Explorer allows remote attackers to read arbitrary files.

  27. CVE-1999-0802 Published May 27, 1999

    Buffer overflow in Internet Explorer 5 allows remote attackers to execute commands via a malformed Favorites icon.

  28. CVE-1999-1367 Published May 6, 1999

    Internet Explorer 5.0 does not properly reset the username/password cache for Web sites that do not use standard cache controls, which could allow users on the same system to access restricted web sites that were visited by other users.

  29. CVE-1999-1241 Published May 6, 1999

    Internet Explorer, with a security setting below Medium, allows remote attackers to execute arbitrary commands via a malicious web page that uses the FileSystemObject ActiveX object.

  30. CVE-1999-0487 Published May 1, 1999

    The DHTML Edit ActiveX control in Internet Explorer allows remote attackers to read arbitrary files.

  31. CVE-1999-0490 Published Apr 21, 1999

    MSHTML.DLL in Internet Explorer 5.0 allows a remote attacker to learn information about a local user's files via an IMG SRC tag.

  32. CVE-1999-0488 Published Apr 21, 1999

    Internet Explorer 4.0 and 5.0 allows a remote attacker to execute security scripts in a different security context using malicious URLs, a variant of the "cross frame" vulnerability.

  33. CVE-1999-0468 Published Apr 9, 1999

    Internet Explorer 5.0 allows a remote server to read arbitrary files on the client's file system using the Microsoft Scriptlet Component.

  34. CVE-1999-0469 Published Apr 1, 1999

    Internet Explorer 5.0 allows window spoofing, allowing a remote attacker to spoof a legitimate web site and capture information from the client.

  35. CVE-1999-1370 Published Mar 23, 1999

    The setup wizard (ie5setup.exe) for Internet Explorer 5.0 disables (1) the screen saver, which could leave the system open to users with physical access if a failure occurs during an unattended installation, and (2) the Task Scheduler Service, which might prevent the scheduled execution of security-critical programs.

  36. CVE-1999-1453 Published Feb 2, 1999

    Internet Explorer 4 allows remote attackers (malicious web site operators) to read the contents of the clipboard via the Internet WebBrowser ActiveX object.

  37. CVE-1999-0384 Published Jan 1, 1999

    The Forms 2.0 ActiveX control (included with Visual Basic for Applications 5.0) can be used to read text from a user's clipboard when the user accesses documents with ActiveX content.

  38. CVE-1999-0869 Published Dec 1, 1998

    Internet Explorer 3.x to 4.01 allows a remote attacker to insert malicious content into a frame of another web site, aka frame spoofing.

  39. CVE-1999-0385 Published Dec 1, 1998

    The LDAP bind function in Exchange 5.5 has a buffer overflow that allows a remote attacker to conduct a denial of service or execute commands.

  40. CVE-1999-1322 Published Nov 12, 1998

    The installation of 1ArcServe Backup and Inoculan AV client modules for Exchange create a log file, exchverify.log, which contains usernames and passwords in plaintext.

  41. CVE-1999-0870 Published Oct 1, 1998

    Internet Explorer 4.01 allows remote attackers to read arbitrary files by pasting a file name into the file upload control, aka untrusted scripted paste.

  42. CVE-1999-0871 Published Sep 4, 1998

    Internet Explorer 4.0 and 4.01 allow a remote attacker to read files via IE's cross frame security, aka the "Cross Frame Navigate" vulnerability.

  43. CVE-1999-1447 Published Jul 28, 1998

    Internet Explorer 4.0 allows remote attackers to cause a denial of service (crash) via HTML code that contains a long CLASSID parameter in an OBJECT tag.

  44. CVE-1999-1556 Published Jun 29, 1998

    Microsoft SQL Server 6.5 uses weak encryption for the password for the SQLExecutiveCmdExec account and stores it in an accessible portion of the registry, which could allow local users to gain privileges by reading and decrypting the CmdExecAccount value.

  45. CVE-1999-0007 Published Jun 26, 1998

    Information from SSL-encrypted sessions via PKCS #1.

  46. CVE-1999-0537 Published Apr 1, 1998

    A configuration in a web browser such as Internet Explorer or Netscape Navigator allows execution of active content such as ActiveX, Java, Javascript, etc.

  47. CVE-1999-0331 Published Jan 1, 1998

    Buffer overflow in Internet Explorer 4.0(1).

  48. CVE-1999-0284 Published Jan 1, 1998

    Denial of service to NT mail servers including Ipswitch, Mdaemon, and Exchange through a buffer overflow in the SMTP HELO command.

  49. CVE-1999-0967 Published Nov 1, 1997

    Buffer overflow in the HTML library used by Internet Explorer, Outlook Express, and Windows Explorer via the res: local resource protocol.

  50. CVE-1999-1446 Published Aug 5, 1997

    Internet Explorer 3 records a history of all URL's that are visited by a user in DAT files located in the Temporary Internet Files and History folders, which are not cleared when the user selects the "Clear History" option, and are not visible when the user browses the folders because of tailored displays.