21 matches found
CVE-2009-0562
CVE-2009-0562 describes a heap memory corruption in the Office Web Components ActiveX control (OWC10.DataSourceControl) used by Office XP/2003 Web Components and related components. The vulnerability could allow remote code execution when a user loads a malicious page that loads/unloads the contr...
CVE-2009-1136
CVE-2009-1136 affects the Microsoft Office Web Components Spreadsheet ActiveX control (OWC10/OWC11) bundled with Office XP SP3, Office 2003 SP3, and related Web Components/ISA configurations. A crafted call to msDataSourceObject in Internet Explorer allows remote code execution; this vulnerabilit...
CVE-2009-1534
CVE-2009-1534 : Buffer overflow in the Office Web Components ActiveX Control used by Microsoft Office Web Components across multiple products (Office XP/2000 Web Components SP3, BizTalk Server 2002, Visual Studio .NET 2003 SP1) enables remote code execution via crafted property values. The issue ...
CVE-2002-0371
CVE-2002-0371 corresponds to a buffer overflow in the gopher client handling responses in Microsoft Internet Explorer (5.1–6.0) and related components (Proxy Server 2.0, ISA Server 2000). The CERT/CC entry (VU-440275) describes an overflow when processing gopher replies, allowing arbitrary code e...
CVE-2004-0892
CVE-2004-0892 describes a spoofing vulnerability in ISA Server 2000 and Proxy Server 2.0 (also in Small Business Server 2000/2003 Premium) where reverse-DNS cache results can be manipulated to spoof trusted Internet content on a crafted page. Connected data confirms the bug exists in these produc...
CVE-2001-1533
CVE-2001-1533 affects Microsoft Internet Security and Acceleration (ISA) Server 2000. A denial of service can be triggered by a flood of fragmented UDP packets. Several sources note the vendor disputes the issue, claiming it requires high bandwidth and does not cause instability, suggesting it ma...
CVE-2003-0526
The CVE-2003-0526 entry describes a cross-site scripting (XSS) vulnerability in Microsoft Internet Security and Acceleration (ISA) Server 2000. The flaw allows remote attackers to inject arbitrary web script via a URL whose domain name portion contains the attack payload. The vulnerability arises...
CVE-2005-1907
CVE-2005-1907 affects the ISA Firewall service in Microsoft Internet Security and Acceleration (ISA) Server 2000. The issue allows remote attackers to cause a denial of service (Wspsrv.exe crash) by sending a large volume of SecureNAT traffic. The connected Nessus entry MS05-034 (ISA Server 2000 ...
CVE-2003-0011
Microsoft ISA Server DNS – Denial Of Service (MS03-009): A vulnerability exists in the ISA Server 2000 DNS intrusion detection application filter that can be exploited by a specially formed DNS request to cause a denial of service in DNS services. Public references describe that the attacker can ...
CVE-2003-0110
The CVE-2003-0110 issue affects Microsoft Proxy Server 2.0 and ISA Server 2000, specifically the Winsock Proxy/WinSock Proxy service (wspsrv.exe) that binds UDP port 1745. A spoofed, malformed UDP packet can trigger a denial-of-service, causing CPU exhaustion or a packet storm on the remote host....
CVE-2009-1135
CVE-2009-1135 affects Microsoft ISA Server 2006 (Gold/SP1) when Radius OTP is enabled. The vulnerability stems from ISA Server using HTTP-Basic authentication for Radius OTP-enabled requests, which can let a remote attacker impersonate a valid user and access published web resources behind the IS...
CVE-2001-0546
The CVE-2001-0546 issue affects Microsoft Internet Security and Acceleration (ISA) Server 2000, specifically the H.323 Gatekeeper Service. A memory leak is triggered by large amounts of malformed H.323 data, allowing remote attackers to exhaust memory and cause a denial of service (resource exhau...
CVE-2001-0547
CVE-2001-0547 describes a memory leak in the proxy service of Microsoft Internet Security and Acceleration (ISA) Server 2000 that allows local attackers to cause a denial of service through resource exhaustion. The affected product is ISA Server 2000 (proxy service component); the underlying caus...
CVE-2006-3652
Microsoft Internet Security and Acceleration (ISA) Server 2004 is affected by CVE-2006-3652, where remote attackers can bypass file extension filters by issuing a request with a trailing character '#'. The provided sources describe the vulnerability as a filter bypass but do not specify affected ...
CVE-2001-0658
CVE-2001-0658 affects Microsoft Internet Security and Acceleration (ISA) Server 2000. The issue is a cross-site scripting (CSS) vulnerability where malicious script delivered in an invalid URL, not properly quoted in an error message, can cause other clients to execute scripts or read cookies. Th...
CVE-2007-4991
The CVE-2007-4991 issue affects Microsoft ISA Server 2004 SP1 and SP2, where the SOCKS4 Proxy can leak the destination IP address of another user’s session. The root cause is that an empty packet to the SOCKS4 proxy elicits a response containing the last IP address proxied through the server. Imp...
CVE-2005-1216
CVE-2005-1216 describes an elevation-of-privilege vulnerability in Microsoft ISA Server 2000 involving the NetBIOS (all) predefined packet filter. An attacker could connect to NetBIOS services on a server that has the filter enabled, potentially bypassing content restrictions or accessing restric...
CVE-2006-7027
CVE-2006-7027 concerns Microsoft Internet Security and Acceleration (ISA) Server 2004. The vulnerability arises when the Host header contains unusual ASCII characters (including a tab), enabling remote attackers to manipulate portions of the log file and potentially leverage it for further attack...
CVE-2005-1215
CVE-2005-1215 relates to ISA Server 2000's handling of HTTP requests with multiple Content-Length headers, enabling remote attackers to poison the cache or bypass content restrictions. The vulnerability arises from malformed HTTP content-length processing, potentially causing cached or redirected...
CVE-2006-1651
Microsoft ISA Server 2004 is affected by CVE-2006-1651, which reportedly allows remote attackers to bypass filtering rules (including ICMP and TCP) via IPv6 packets. The issue is controversial: an established researcher disputes IPv6 filtering support in ISA Server 2004 and Windows 2003 Basic Fir...
CVE-2001-0239
CVE-2001-0239 affects Microsoft Internet Security and Acceleration (ISA) Server 2000 Web Proxy. The vulnerability allows remote attackers to cause a denial of service by sending a long web request with a specific type. The provided documents do not specify the exact vulnerable component version, ...