23 matches found
CVE-2004-0200
CVE-2004-0200 is a buffer-overflow vulnerability in the JPEG parsing engine of Microsoft GDI+ (GDIPlus.dll). The flaw allows remote code execution when a specially crafted JPEG image is processed, with the attack vector involving JPEG data that is mis-sized during a memory copy. The vulnerability...
CVE-2000-0413
The vulnerability CVE-2000-0413 affects the FrontPage Server Extensions shtml.exe component in IIS 4.0/5.0. A remote attacker can trigger an error by requesting a non-existent HTML/HTM/ASP/SHTML file, causing the server to reveal the local absolute path of the web root in the error message. This ...
CVE-2013-3137
CVE-2013-3137 affects Microsoft FrontPage 2003 SP3. The issue arises from how FrontPage parses DTDs in XML inside FrontPage documents, causing an information-disclosure vulnerability. Remote attackers could obtain sensitive information by crafting a FrontPage document. Microsoft issued MS13-078 w...
CVE-2000-0709
The CVE-2000-0709 issue affects Microsoft FrontPage 2000 Server Extensions 1.1, specifically the shtml.exe component. A remote attacker can trigger a denial-of-service condition by requesting a URL whose path includes a standard DOS device name, leading to partial availability impact as described...
CVE-1999-0012
CVE-1999-0012 affects some Microsoft Windows-based web servers where remote attackers can bypass file access restrictions for files with long file names. The connected documents confirm the vulnerability description but do not provide concrete product versions, fixed versions, or remediation step...
CVE-2006-3877
PowerPoint Malformed Record Memory Corruption Vulnerability (CVE-2006-3877) affects multiple Office suites. A remote code execution flaw exists when PowerPoint opens a specially crafted file with malformed records, allowing an attacker to gain full control of the affected system if the user runs ...
CVE-2007-0671
CVE-2007-0671 is a remote-code-execution vulnerability in Microsoft Office Excel (affecting Excel 2000/XP/2003 and Mac equivalents) where a specially crafted Excel file can trigger arbitrary code execution. The vulnerability arises from improper handling/parsing of office records, enabling remote...
CVE-2000-0153
The CVE-2000-0153 entry concerns FrontPage Personal Web Server (PWS). It describes a path traversal vulnerability (dot-dot attack) that allows remote attackers to read files, resulting in partial confidentiality impact. The available connected records confirm the affected product and the basic im...
CVE-2000-0746
The CVE-2000-0746 entry concerns a Microsoft IIS XSS vulnerability affecting IIS 4.0 and 5.0. The issue arises from improper handling of unquoted script content in links returned within error messages, allowing a malicious site to craft a link that executes scripts in the context of a trusted sit...
CVE-2000-0710
Affected product/component: Microsoft FrontPage 2000 Server Extensions 1.1, shtml.exe. Vulnerability: Remote attackers can determine the physical path of server components by requesting an invalid URL whose name includes a standard DOS device name. Impact: Information disclosure (partial). Root c...
CVE-2000-0256
The CVE-2000-0256 entry describes buffer overflows in FrontPage 97/98 Server Extensions, specifically htimage.exe (and Imagemap.exe) that allow a remote attacker to perform actions beyond the web site’s scope. A concrete exploit path is documented for htimage.exe via /cgi-bin/htimage.exe/AAAA[......
CVE-1999-1016
CVE-1999-1016 concerns the Microsoft HTML control used in Internet Explorer 5.0, FrontPage Express, Outlook Express 5, and Eudora. The vulnerability allows a remote attacker (via a malicious web site or HTML email) to trigger a denial of service by crafting large HTML form fields (e.g., text inpu...
CVE-1999-0386
CVE-1999-0386 affects Microsoft Personal Web Server and FrontPage Personal Web Server on Windows. Connected sources confirm a remote attacker can read server files via a nonstandard URL, with additional evidence describing a traversal-like vector using multiple dot characters (e.g., dot-dot-dot s...
CVE-2008-3068
Microsoft Crypto API 5.131.2600.2180 through 6.0 (used in Outlook, Windows Live Mail, and Office 2007) performs CRL checks by using an arbitrary URL from a certificate embedded in an S/MIME email or a signed document via the Authority Information Access (AIA) extension. This allows remote attacke...
CVE-2000-0419
The Office 2000 UA ActiveX control is described as wrongly marked “safe for scripting.” This vulnerability allows an intruder to script interactions through the control’s Show Me feature, potentially disabling macro warnings and enabling arbitrary actions within Office applications (e.g., launchi...
CVE-2000-0260
The CVE-2000-0260 issue is a buffer overflow in the dvwssr.dll used by Microsoft FrontPage 98 Server Extensions for IIS, exposed via InterDev 1.0 and related IIS packages. The Core Advisory CORE-041200 documents a remotely exploitable boundary error in dvwssr.dll (FrontPage 98 extensions) that ca...
CVE-2004-0573
CVE-2004-0573 describes a buffer overflow in the Microsoft WordPerfect 5.x Converter used by Office 2000, Office XP, Office 2003, and Works Suite 2001–2004. The overflow occurs when reading an overly long WordPerfect 5.x document, allowing a remote attacker to execute arbitrary code with the priv...
CVE-1999-0681
CVE-1999-0681: A buffer overflow in Microsoft FrontPage Server Extensions (PWS) 3.0.2.926 on Windows 95 (and possibly other versions) allows remote attackers to cause a denial of service by sending a long URL. Red Hat and CVE records confirm the same description. The exposed component is FrontPag...
CVE-2005-2143
CVE-2005-2143 affects Microsoft Front Page; a crafted style tag in a web page can cause the application to crash (denial of service). The connected records reiterate the DoS impact but do not provide concrete exploit details, versions, or remediation steps. No explicit exploitation vectors or fix...
CVE-2007-3109
The CVE-2007-3109 description in the connected documents identifies the CERN Image Map Dispatcher (htimage.exe) used by Microsoft FrontPage as the affected component. The vulnerability allows remote attackers to determine the existence and potentially partial contents of arbitrary files under the...
CVE-2000-0122
CVE-2000-0122 affects FrontPage Server Extensions. A remote attacker can determine the physical path of a virtual directory by issuing a GET to htimage.exe, leading to information disclosure about server layout. The provided records do not specify affected versions, exact vulnerable component det...
CVE-2004-2179
CVE-2004-2179 affects asycpict.dll used in Microsoft FrontPage 97/98; allows remote DoS by sending a JPEG with maximum height/width, causing a hang. Red Hat and CVE lists mirror the description; no remediation details are provided in the connected documents. Exploit details and fix/version inform...
CVE-1999-1052
Microsoft FrontPage stores form results in a default location under /_private/form_results.txt, which is world-readable and accessible from the document root. This allows remote attackers to read possibly sensitive information submitted by other users. The available connected records confirm the ...