4985 matches found
VulnCheck KEV: CVE-2006-3059
Unspecified vulnerability in Microsoft Excel 2000 through 2004 allows remote user-assisted attackers to execute arbitrary code via unspecified vectors. NOTE: this is a different vulnerability than CVE-2006-3086...
VulnCheck KEV: CVE-2006-1540
MSO.DLL in Microsoft Office 2000, Office XP 2002, and Office 2003 allows user-assisted attackers to cause a denial of service and execute arbitrary code via multiple attack vectors, as originally demonstrated using a crafted document record with a malformed string, as demonstrated by...
VulnCheck KEV: CVE-2006-2492
Microsoft Word and Microsoft Works Suites contain a malformed object pointer which allows attackers to execute code...
VulnCheck KEV: CVE-2006-1359
Microsoft Internet Explorer 6 and 7 Beta 2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a certain createTextRange call on a checkbox object, which results in a dereference of an invalid table pointer...
VulnCheck KEV: CVE-2006-0009
Buffer overflow in Microsoft Office 2000 SP3, XP SP3, and other versions and packages, allows user-assisted attackers to execute arbitrary code via a routing slip that is longer than specified by the provided length field, as exploited by malware such as TROJMDROPPER.BH and Trojan.PPDropper.E in...
VulnCheck KEV: CVE-2005-4560
The Windows Graphical Device Interface library GDI32.DLL in Microsoft Windows allows remote attackers to execute arbitrary code via a Windows Metafile WMF format image with a crafted SETABORTPROC GDI Escape function call, related to the Windows Picture and Fax Viewer SHIMGVW.DLL, a...
VulnCheck KEV: CVE-2005-1790
Microsoft Internet Explorer 6 SP2 6.0.2900.2180 and 6.0.2800.1106, and earlier versions, allows remote attackers to cause a denial of service crash and execute arbitrary code via a Javascript BODY onload event that calls the window function, aka "Mismatched Document Object Model Objects...
VulnCheck KEV: CVE-2005-3738
globals.php in Mambo Site Server 4.0.14 and earlier, when registerglobals is disabled, allows remote attackers to overwrite variables in the GLOBALS array and conduct various attacks, as demonstrated using the mosConfigabsolutepath parameter to content.html.php for remote PHP file inclusion...
VulnCheck KEV: CVE-2005-2127
Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to cause a denial of service application crash and possibly execute arbitrary code via a web page with embedded CLSIDs that reference certain COM objects that are not intended for use within Internet Explorer, as originally...
VulnCheck KEV: CVE-2001-0154
HTML e-mail feature in Internet Explorer 5.5 and earlier allows attackers to execute attachments by setting an unusual MIME type for the attachment, which Internet Explorer does not process correctly...
VulnCheck KEV: CVE-2000-0884
IIS 4.0 and 5.0 allows remote attackers to read documents outside of the web root, and possibly execute arbitrary commands, via malformed URLs that contain UNICODE encoded characters, aka the "Web Server Folder Traversal" vulnerability...
VulnCheck KEV: CVE-2005-1983
Stack-based buffer overflow in the Plug and Play PnP service for Microsoft Windows 2000 and Windows XP Service Pack 1 allows remote attackers to execute arbitrary code via a crafted packet, and local users to gain privileges via a malicious application, as exploited by the Zotob aka Mytob worm...
VulnCheck KEV: CVE-2005-1219
Buffer overflow in the Microsoft Color Management Module for Windows allows remote attackers to execute arbitrary code via an image with crafted ICC profile format tags...
VulnCheck KEV: CVE-2005-2087
Internet Explorer 5.01 SP4 up to 6 on various Windows operating systems, including IE 6.0.2900.2180 on Windows XP, allows remote attackers to cause a denial of service application crash and possibly execute arbitrary code via a web page with embedded CLSIDs that reference certain COM objects...
VulnCheck KEV: CVE-2005-0773
Stack-based buffer overflow in VERITAS Backup Exec Remote Agent 9.0 through 10.0 for Windows, and 9.0.4019 through 9.1.307 for Netware allows remote attackers to execute arbitrary code via a CONNECTCLIENTAUTH request with authentication method type 3 Windows credentials and a long password...
VulnCheck KEV: CVE-2005-0053
Internet Explorer 5.01, 5.5, and 6 allows remote attackers to execute arbitrary code via drag and drop events, aka the "Drag-and-Drop Vulnerability."...
VulnCheck KEV: CVE-2004-0847
The Microsoft .NET forms authentication capability for ASP.NET allows remote attackers to bypass authentication for .aspx files in restricted directories via a request containing a 1 "" backslash or 2 "%5C" encoded backslash, aka "Path Validation Vulnerability."...
VulnCheck KEV: CVE-2004-1319
The DHTML Edit Control dhtmled.ocx allows remote attackers to inject arbitrary web script into other domains by setting a name for a window, opening a child page whose target is the window with the given name, then injecting the script from the parent into the child using execScript, as...
VulnCheck KEV: CVE-2004-1043
Internet Explorer 6.0 on Windows XP SP2 allows remote attackers to execute arbitrary code by using the "Related Topics" command in the Help ActiveX Control hhctrl.ocx to open a Help popup window containing the PCHealth tools.htm file in the local zone and injecting Javascript to be executed, as...
VulnCheck KEV: CVE-2004-1050
Heap-based buffer overflow in Internet Explorer 6 allows remote attackers to execute arbitrary code via long 1 SRC or 2 NAME attributes in IFRAME, FRAME, and EMBED elements, as originally discovered using the mangleme utility, aka "the IFRAME vulnerability" or the "HTML Elements Vulnerability."...
VulnCheck KEV: CVE-2004-0839
Internet Explorer in Windows XP SP2, and other versions including 5.01 and 5.5, allows remote attackers to install arbitrary programs via a web page that uses certain styles and the AnchorClick behavior, popup windows, and drag-and-drop capabilities to drop the program in the local startup...
VulnCheck KEV: CVE-2004-0841
Internet Explorer 6.x allows remote attackers to install arbitrary programs via mousedown events that call the Popup.show method and use drag-and-drop actions in a popup window, aka "HijackClick 3" and the "Script in Image Tag File Download Vulnerability."...
VulnCheck KEV: CVE-2004-0727
Microsoft Internet Explorer 6.0.2800.1106 on Microsoft Windows XP SP2, and other versions including 5.01 and 5.5, allows remote web servers to bypass zone restrictions and execute arbitrary code in the local computer zone by redirecting a function to another function with the same name, as...
VulnCheck KEV: CVE-2004-0820
Winamp before 5.0.4 allows remote attackers to execute arbitrary script in the Local computer zone via script in HTML files that are referenced from XML files contained in a .wsz skin file...
VulnCheck KEV: CVE-2004-0549
The WebBrowser ActiveX control, or the Internet Explorer HTML rendering engine MSHTML, as used in Internet Explorer 6, allows remote attackers to execute arbitrary code in the Local Security context by using the showModalDialog method and modifying the location to execute code such as...
VulnCheck KEV: CVE-2004-0566
Integer overflow in imgbmp.cxx for Windows 2000 allows remote attackers to execute arbitrary code via a BMP image with a large bfOffBits value...
VulnCheck KEV: CVE-2003-1041
Internet Explorer 5.x and 6.0 allows remote attackers to execute arbitrary programs via a modified directory traversal attack using a URL containing ".." dot dot sequences and a filename that ends in "::" which is treated as a .chm file even if it does not have a .chm extension. NOTE: this bug...
VulnCheck KEV: CVE-2003-0533
Stack-based buffer overflow in certain Active Directory service functions in LSASRV.DLL of the Local Security Authority Subsystem Service LSASS in Microsoft Windows NT 4.0 SP6a, 2000 SP2 through SP4, XP SP1, Server 2003, NetMeeting, Windows 98, and Windows ME, allows remote attackers to execute...
VulnCheck KEV: CVE-2003-0961
Integer overflow in the dobrk function for the brk system call in Linux kernel 2.4.22 and earlier allows local users to gain root privileges...
VulnCheck KEV: CVE-2003-0605
The RPC DCOM interface in Windows 2000 SP3 and SP4 allows remote attackers to cause a denial of service crash, and local attackers to use the DoS to hijack the epmapper pipe to gain privileges, via certain messages to the RemoteGetClassObject interface that cause a NULL pointer to be passed...
VulnCheck KEV: CVE-2002-0649
Multiple buffer overflows in the Resolution Service for Microsoft SQL Server 2000 and Microsoft Desktop Engine 2000 MSDE allow remote attackers to cause a denial of service or execute arbitrary code via UDP packets to port 1434 in which 1 a 0x04 byte that causes the SQL Monitor thread to...
VulnCheck KEV: CVE-2002-1235
The kadmserin function in 1 the Kerberos v4compatibility administration daemon kadmind4 in the MIT Kerberos 5 krb5 krb5-1.2.6 and earlier, 2 kadmind in KTH Kerberos 4 eBones before 1.2.1, and 3 kadmind in KTH Kerberos 5 Heimdal before 0.5.1 when compiled with Kerberos 4 support,...
VulnCheck KEV: CVE-2002-0367
smss.exe debugging subsystem in Microsoft Windows does not properly authenticate programs that connect to other programs, which allows local users to gain administrator or SYSTEM privileges...
VulnCheck KEV: CVE-2001-0500
Buffer overflow in ISAPI extension idq.dll in Index Server 2.0 and Indexing Service 2000 in IIS 6.0 beta and earlier allows remote attackers to execute arbitrary commands via a long argument to Internet Data Administration .ida and Internet Data Query .idq files such as default.ida, as...
VulnCheck KEV: CVE-2000-0071
IIS 4.0 allows a remote attacker to obtain the real pathname of the document root by requesting non-existent files with .ida or .idq extensions...