Microsoft Security Vulnerabilities
6.8AI Score
0.003EPSS
6.6AI Score
0.003EPSS
IIS 2.0 and 3.0 allows remote attackers to read the source code for ASP pages by appending a . (dot) to the end of the URL.
7.2AI Score
0.901EPSS
7AI Score
0.002EPSS
Windows NT TCP/IP processes fragmented IP packets improperly, causing a denial of service.
7AI Score
0.005EPSS
6.6AI Score
0.776EPSS
Denial of service in telnet from the Windows NT Resource Kit, by opening then immediately closing a connection.
6.9AI Score
0.005EPSS
IIS ASP caching problem releases sensitive information when two virtual servers share the same physical directory.
6.4AI Score
0.007EPSS
A buffer overflow in the FTP list (ls) command in IIS allows remote attackers to conduct a denial of service and, in some cases, execute arbitrary commands.
7.8AI Score
0.006EPSS
Internet Explorer 4.x or 5.x with Word 97 allows arbitrary execution of Visual Basic programs to the IE client through the Word 97 template, which doesn't warn the user that the template contains executable content. Also applies to Outlook when the client views a malicious email message.
7.1AI Score
0.003EPSS
Windows 98 and other operating systems allows remote attackers to cause a denial of service via crafted "oshare" packets, possibly involving invalid fragmentation offsets.
6.8AI Score
0.165EPSS
MS Site Server 2.0 with IIS 4 can allow users to upload content, including ASP, to the target web site, thus allowing them to execute commands remotely.
7.1AI Score
0.0005EPSS
Microsoft Access 97 stores a database password as plaintext in a foreign mdb, allowing access to data.
7AI Score
0.003EPSS
In some cases, Service Pack 4 for Windows NT 4.0 can allow access to network shares using a blank password, through a problem with a null NT hash value.
7AI Score
0.01EPSS
The installer for BackOffice Server includes account names and passwords in a setup file (reboot.ini) which is not deleted.
7AI Score
0.002EPSS
Local users in Windows NT can obtain administrator privileges by changing the KnownDLLs list to reference malicious programs.
6.9AI Score
0.0005EPSS
Microsoft Taskpads allows remote web sites to execute commands on the visiting user's machine via certain methods that are marked as Safe for Scripting.
7.2AI Score
0.008EPSS
The screen saver in Windows NT does not verify that its security context has been changed properly, allowing attackers to run programs with elevated privileges.
7AI Score
0.0005EPSS
The Forms 2.0 ActiveX control (included with Visual Basic for Applications 5.0) can be used to read text from a user's clipboard when the user accesses documents with ActiveX content.
6.8AI Score
0.0004EPSS
Microsoft Personal Web Server and FrontPage Personal Web Server in some Windows systems allows a remote attacker to read files on the server by using a nonstandard URL.
6.4AI Score
0.861EPSS
A legacy credential caching mechanism used in Windows 95 and Windows 98 systems allows attackers to read plaintext network passwords.
6.8AI Score
0.003EPSS
The cryptographic challenge of SMB authentication in Windows 95 and Windows 98 can be reused, allowing an attacker to replay the response and impersonate a user.
7.1AI Score
0.004EPSS
By default, IIS 4.0 has a virtual directory /IISADMPWD which contains files that can be used as proxies for brute force password attacks, or to identify valid users on the system.
6.7AI Score
0.034EPSS
In IIS and other web servers, an attacker can attack commands as SYSTEM if the server is running as SYSTEM and loading an ISAPI extension.
7.2AI Score
0.002EPSS
Remote attackers can perform a denial of service in Windows machines using malicious ARP packets, forcing a message box display for each packet or filling up log files.
7.1AI Score
0.165EPSS
IIS 4.0 and Apache log HTTP request methods, regardless of how long they are, allowing a remote attacker to hide the URL they really request.
7AI Score
0.89EPSS
The ExAir sample site in IIS 4 allows remote attackers to cause a denial of service (CPU consumption) via a direct request to the (1) advsearch.asp, (2) query.asp, or (3) search.asp scripts.
6.5AI Score
0.901EPSS
In IIS, an attacker could determine a real path using a request for a non-existent URL that would be interpreted by Perl (perl.exe).
6.6AI Score
0.005EPSS
Internet Explorer 5.0 allows a remote server to read arbitrary files on the client's file system using the Microsoft Scriptlet Component.
7AI Score
0.002EPSS
Internet Explorer 5.0 allows window spoofing, allowing a remote attacker to spoof a legitimate web site and capture information from the client.
6.6AI Score
0.853EPSS
The DHTML Edit ActiveX control in Internet Explorer allows remote attackers to read arbitrary files.
6.7AI Score
0.017EPSS
Internet Explorer 4.0 and 5.0 allows a remote attacker to execute security scripts in a different security context using malicious URLs, a variant of the "cross frame" vulnerability.
7.4AI Score
0.012EPSS
MSHTML.DLL in Internet Explorer 5.0 allows a remote attacker to paste a file name into the file upload intrinsic control, a variant of "untrusted scripted paste" as described in MS:MS98-013.
7AI Score
0.009EPSS
MSHTML.DLL in Internet Explorer 5.0 allows a remote attacker to learn information about a local user's files via an IMG SRC tag.
6.5AI Score
0.01EPSS
7AI Score
0.0004EPSS
7AI Score
0.002EPSS
7.2AI Score
0.003EPSS
A Windows NT system's file audit policy does not log an event success or failure for non-critical files or directories.
7.1AI Score
0.003EPSS
A Windows NT system's registry audit policy does not log an event success or failure for security-critical registry keys.
7.1AI Score
0.0004EPSS
A Windows NT system's registry audit policy does not log an event success or failure for non-critical registry keys.
7.1AI Score
0.003EPSS
The HKEY_CLASSES_ROOT key in a Windows NT system has inappropriate, system-critical permissions.
7AI Score
0.002EPSS
7AI Score
0.0004EPSS
A system does not present an appropriate legal message or warning to a user who is accessing it.
6.9AI Score
0.003EPSS
The default setting for the Winlogon key entry ShutdownWithoutLogon in Windows NT allows users with physical access to shut down a Windows NT system without logging in.
6.6AI Score
0.003EPSS
A Windows NT system does not clear the system page file during shutdown, which might allow sensitive information to be recorded.
6.5AI Score
0.0004EPSS
The scriptlet.typelib ActiveX control is marked as "safe for scripting" for Internet Explorer, which allows a remote attacker to execute arbitrary commands as demonstrated by Bubbleboy.
7.5AI Score
0.38EPSS
The Eyedog ActiveX control is marked as "safe for scripting" for Internet Explorer, which allows a remote attacker to execute arbitrary commands as demonstrated by Bubbleboy.
7.9AI Score
0.029EPSS
Buffer overflow in the Eyedog ActiveX control allows a remote attacker to execute arbitrary commands.
7.9AI Score
0.002EPSS
Windows NT Terminal Server performs extra work when a client opens a new connection but before it is authenticated, allowing for a denial of service.
7AI Score
0.002EPSS
Buffer overflow in Microsoft FrontPage Server Extensions (PWS) 3.0.2.926 on Windows 95, and possibly other versions, allows remote attackers to cause a denial of service via a long URL.
7.3AI Score
0.022EPSS