Filtered by vendor Microsoft
Subscriptions
Total
20372 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2000-0765 | 1 Microsoft | 3 Excel, Powerpoint, Word | 2024-11-20 | N/A |
| Buffer overflow in the HTML interpreter in Microsoft Office 2000 allows an attacker to execute arbitrary commands via a long embedded object tag, aka the "Microsoft Office HTML Object Tag" vulnerability. | ||||
| CVE-2000-0756 | 1 Microsoft | 1 Outlook | 2024-11-20 | N/A |
| Microsoft Outlook 2000 does not properly process long or malformed fields in vCard (.vcf) files, which allows attackers to cause a denial of service. | ||||
| CVE-2000-0753 | 1 Microsoft | 1 Outlook | 2024-11-20 | N/A |
| The Microsoft Outlook mail client identifies the physical path of the sender's machine within a winmail.dat attachment to Rich Text Format (RTF) files. | ||||
| CVE-2000-0746 | 1 Microsoft | 3 Frontpage, Internet Information Server, Internet Information Services | 2024-11-20 | N/A |
| Vulnerabilities in IIS 4.0 and 5.0 do not properly protect against cross-site scripting (CSS) attacks. They allow a malicious web site operator to embed scripts in a link to a trusted site, which are returned without quoting in an error message back to the client. The client then executes those scripts in the same context as the trusted site, aka the "IIS Cross-Site Scripting" vulnerabilities. | ||||
| CVE-2000-0742 | 1 Microsoft | 2 Windows 95, Windows 98 | 2024-11-20 | N/A |
| The IPX protocol implementation in Microsoft Windows 95 and 98 allows remote attackers to cause a denial of service by sending a ping packet with a source IP address that is a broadcast address, aka the "Malformed IPX Ping Packet" vulnerability. | ||||
| CVE-2000-0737 | 1 Microsoft | 1 Windows 2000 | 2024-11-20 | N/A |
| The Service Control Manager (SCM) in Windows 2000 creates predictable named pipes, which allows a local user with console access to gain administrator privileges, aka the "Service Control Manager Named Pipe Impersonation" vulnerability. | ||||
| CVE-2000-0711 | 2 Microsoft, Netscape | 2 Virtual Machine, Communicator | 2024-11-20 | N/A |
| Netscape Communicator does not properly prevent a ServerSocket object from being created by untrusted entities, which allows remote attackers to create a server on the victim's system via a malicious applet, as demonstrated by Brown Orifice. | ||||
| CVE-2000-0710 | 1 Microsoft | 1 Frontpage | 2024-11-20 | N/A |
| The shtml.exe component of Microsoft FrontPage 2000 Server Extensions 1.1 allows remote attackers to determine the physical path of the server components by requesting an invalid URL whose name includes a standard DOS device name. | ||||
| CVE-2000-0709 | 1 Microsoft | 1 Frontpage | 2024-11-20 | N/A |
| The shtml.exe component of Microsoft FrontPage 2000 Server Extensions 1.1 allows remote attackers to cause a denial of service in some components by requesting a URL whose name includes a standard DOS device name. | ||||
| CVE-2000-0673 | 1 Microsoft | 2 Windows 2000, Windows Nt | 2024-11-20 | N/A |
| The NetBIOS Name Server (NBNS) protocol does not perform authentication, which allows remote attackers to cause a denial of service by sending a spoofed Name Conflict or Name Release datagram, aka the "NetBIOS Name Server Protocol Spoofing" vulnerability. | ||||
| CVE-2000-0663 | 1 Microsoft | 2 Windows 2000, Windows Nt | 2024-11-20 | N/A |
| The registry entry for the Windows Shell executable (Explorer.exe) in Windows NT and Windows 2000 uses a relative path name, which allows local users to execute arbitrary commands by inserting a Trojan Horse named Explorer.exe into the %Systemdrive% directory, aka the "Relative Shell Path" vulnerability. | ||||
| CVE-2000-0662 | 1 Microsoft | 1 Internet Explorer | 2024-11-20 | N/A |
| Internet Explorer 5.x and Microsoft Outlook allows remote attackers to read arbitrary files by redirecting the contents of an IFRAME using the DHTML Edit Control (DHTMLED). | ||||
| CVE-2000-0654 | 1 Microsoft | 1 Sql Server | 2024-11-20 | N/A |
| Microsoft Enterprise Manager allows local users to obtain database passwords via the Data Transformation Service (DTS) package Registered Servers Dialog dialog, aka a variant of the "DTS Password" vulnerability. | ||||
| CVE-2000-0653 | 1 Microsoft | 1 Outlook Express | 2024-11-20 | N/A |
| Microsoft Outlook Express allows remote attackers to monitor a user's email by creating a persistent browser link to the Outlook Express windows, aka the "Persistent Mail-Browser Link" vulnerability. | ||||
| CVE-2000-0649 | 1 Microsoft | 2 Internet Information Server, Internet Information Services | 2024-11-20 | N/A |
| IIS 4.0 allows remote attackers to obtain the internal IP address of the server via an HTTP 1.0 request for a web page which is protected by basic authentication and has no realm defined. | ||||
| CVE-2000-0637 | 1 Microsoft | 1 Excel | 2024-11-20 | N/A |
| Microsoft Excel 97 and 2000 allows an attacker to execute arbitrary commands by specifying a malicious .dll using the Register.ID function, aka the "Excel REGISTER.ID Function" vulnerability. | ||||
| CVE-2000-0631 | 1 Microsoft | 2 Internet Information Server, Internet Information Services | 2024-11-20 | N/A |
| An administrative script from IIS 3.0, later included in IIS 4.0 and 5.0, allows remote attackers to cause a denial of service by accessing the script without a particular argument, aka the "Absent Directory Browser Argument" vulnerability. | ||||
| CVE-2000-0630 | 1 Microsoft | 2 Internet Information Server, Internet Information Services | 2024-11-20 | N/A |
| IIS 4.0 and 5.0 allows remote attackers to obtain fragments of source code by appending a +.htr to the URL, a variant of the "File Fragment Reading via .HTR" vulnerability. | ||||
| CVE-2000-0621 | 1 Microsoft | 2 Outlook, Outlook Express | 2024-11-20 | N/A |
| Microsoft Outlook 98 and 2000, and Outlook Express 4.0x and 5.0x, allow remote attackers to read files on the client's system via a malformed HTML message that stores files outside of the cache, aka the "Cache Bypass" vulnerability. | ||||
| CVE-2000-0612 | 1 Microsoft | 2 Windows 95, Windows 98 | 2024-11-20 | N/A |
| Windows 95 and Windows 98 do not properly process spoofed ARP packets, which allows remote attackers to overwrite static entries in the cache table. | ||||