81 matches found
CVE-2001-0238
The CVE-2001-0238 entry concerns Microsoft Data Access Component Internet Publishing Provider (ID 8.103.2519.0 and earlier). The available connected documents describe that remote attackers can bypass Security Zone restrictions through WebDAV requests. The root cause details are not explicitly st...
CVE-2004-0839
CVE-2004-0839 is the IE Drag-and-Drop Vulnerability. The connected docs show it as a publicly disclosed CAN-2005-0053 vulnerability, which was addressed by Microsoft security updates MS05-014 and related MS05-008. The vulnerability arises from Internet Explorer handling drag-and-drop events, allo...
CVE-2005-0061
CVE-2005-0061 (Windows kernel elevation of privilege) is a local privilege-elevation vulnerability in the Windows kernel (Windows 2000, XP SP1/SP2, Windows Server 2003) caused by the way the kernel processes certain access requests. An attacker with valid logon credentials and local access could ...
CVE-1999-0749
The CVE-1999-0749 entry describes a buffer overflow in the Microsoft Telnet client for Windows 95/98 triggered by a malformed Telnet argument. The vulnerability concerns the Telnet client component (Windows 95/98) and is due to improper handling of a Telnet argument, leading to memory corruption....
CVE-2000-1079
Affected software/hardware: Microsoft Windows 95, 98, NT, and 2000. Vulnerability: Interaction between the CIFS Browser Protocol and NetBIOS allows remote modification of dynamic NetBIOS name cache entries via a spoofed Browse Frame Request carried in a unicast or UDP broadcast datagram. Impact: ...
CVE-2002-0694
The CVE-2002-0694 issue is tied to an unchecked buffer in Windows Help (Q323255) that affected Windows 98, 98 Second Edition, Millennium Edition, NT 4.0, NT 4.0 Terminal Server Edition, Windows 2000, and Windows XP. Root cause: a vulnerability in the HTML Help facility could allow a remote attack...
CVE-2000-0155
CVE-2000-0155 affects Windows NT Autorun: the system executes the autorun.inf file on non-removable media, allowing a local attacker to specify an alternate program to run when other users access a drive. The provided documents describe the vulnerability in terms of its existence and impact (loca...
CVE-2000-0742
The CVE-2000-0742 entry concerns the IPX protocol implementation in Microsoft Windows 95 and Windows 98. The vulnerability allows remote attackers to cause a denial of service by sending a ping packet with a source IP address that is a broadcast address (the “Malformed IPX Ping Packet” issue). Th...
CVE-2005-0057
Microsoft’s MS05-015 fixes a remote code execution flaw in the Hyperlink Object Library (Hlink.dll) affecting Windows 98, 2000, XP, and Server 2003. The vulnerability arises from an unchecked buffer when handling hyperlinks, potentially allowing arbitrary code execution if a user clicks a crafted...
CVE-2006-0020
CVE-2006-0020 describes a WMF parsing memory corruption affecting Internet Explorer on Windows platforms (e.g., IE 5.01 SP4 on 2000 SP4; 5.5 SP2 on Millennium) where a crafted WMF file with manipulated header size (potential integer overflow) can crash the process and may allow code execution. Th...
CVE-2000-0073
CVE-2000-0073 involves a buffer overflow in the Microsoft Rich Text Format (RTF) reader triggered by a malformed control word, leading to a denial of service. The affected software is the RTF reader component in Microsoft environments. The root cause is a buffer overflow condition, as described i...
CVE-2000-0330
CVE-2000-0330 affects the networking software in Windows 95 and Windows 98. The vulnerability allows remote attackers to execute commands via a long file name string (the “File Access URL” issue). The CVSS data indicates a network-access, high-severity impact with complete confidentiality, integr...
CVE-2000-0347
CVE-2000-0347 affects Windows 95/98. The vulnerability is a denial-of-service triggered by sending a NetBIOS session request with a NULL source name to the remote host. The resulting impact is remote crash/DoS as described by multiple sources. No remediation details are provided in the supplied d...
CVE-2000-0790
The CVE-2000-0790 entry describes a local-in-the-IE5.5/Windows 98 scenario where modifying Folder.htt and invoking the default execute option via the ShellDefView ActiveX control could cause Trojan horses to be run for the first listed file. No explicit affected versions beyond IE 5.5 on Windows ...
CVE-2000-0979
CVE-2000-0979 affects Windows 95/98/Me File and Print Sharing. The service does not properly enforce file-share passwords, allowing a remote attacker to bypass access controls by sending a 1‑byte password that matches the first character of the real password. The documented impact is partial conf...
CVE-2002-0699
The CVE-2002-0699 issue affects the Certificate Enrollment ActiveX Control used by Windows 98/98SE/Millennium/NT 4.0/2000/XP. The root cause is a flaw in the Certificate Enrollment Control that allows remote attackers to delete digital certificates on a user’s system via HTML. OpenVAS entries cor...
CVE-1999-1254
Technical details (affected software, vulnerability specifics, and remediation) are not publicly provided in the connected documents. Monitor for updates.
CVE-2001-1055
The CVE-2001-1055 entry affects the Microsoft Windows network stack . The vulnerability allows a remote attacker to exhaust CPU resources by sending a flood of malformed ARP request packets with random source IP and MAC addresses, resulting in denial of service . The effect is described as CPU co...
CVE-1999-0387
CVE-1999-0387 affects Windows 95/98 where a legacy credential caching mechanism can be exploited to read plaintext network passwords. The Red Hat and CVE records reflect the same description: a local/system-level weakness in the credential cache that may expose confidential credentials. Documents...
CVE-2000-1003
CVE-2000-1003 (Windows 95/98 NETBIOS client) : The NETBIOS client in Windows 95 and Windows 98 is affected. A remote attacker over a network can cause a denial of service by altering a file sharing service to return an unknown driver type, which crashes the client. Root cause described as the fil...
CVE-2002-1183
CVE-2002-1183 describes a certificate validation flaw in CryptoAPI on Microsoft Windows 98 and Windows NT 4.0 where Basic Constraints of intermediate CA certificates are not verified correctly (CertGetCertificateChain/CertVerifyCertificateChainPolicy/WinVerifyTrust). This could allow an attacker ...
CVE-2005-0060
CVE-2005-0060 is a local privilege-elevation vulnerability in the Windows font-processing subsystem caused by an unchecked buffer when handling certain fonts. A logged-on user could gain full control of an affected system by running a specially crafted application. Affected platforms include Wind...
CVE-2005-1214
CVE-2005-1214 involves a spoofing flaw in Microsoft Agent that could allow remote attackers to impersonate trusted Internet content and potentially execute arbitrary code when a user visits a malicious Web page. Connected docs confirm the vulnerability (CAN-2005-1214) exists in Microsoft Agent an...
CVE-2005-1191
Summary : CVE-2005-1191 affects the Web View DLL (webvw.dll) used by Windows Explorer on Windows 2000. The flaw arises from insufficient validation of the Author field in file metadata, allowing an attacker to craft a name that, when Web View creates a mailto: link in the preview pane, results in...
CVE-2005-1212
CVE-2005-1212 is a buffer overflow in Microsoft Step-by-Step Interactive Training (orun32.exe). A crafted bookmark link file with a long User field in extensions .cbo/.cbl/.cbm allows remote code execution, running with the caller’s privileges. The issue affects Step-by-Step Interactive Training ...
CVE-2000-0612
CVE-2000-0612 affects Windows 95 and Windows 98 ; spoofed ARP packets allow remote attackers to overwrite static ARP cache entries. The connected records confirm the impact but do not include a provided patch or concrete mitigation details in the supplied documents.
CVE-2005-2388
CVE-2005-2388 describes a buffer overflow in a USB driver used on Microsoft Windows that could allow an attacker to execute arbitrary code. The provided documents do not specify the affected product name, exact driver version, or root cause details beyond the general buffer overflow. Exploit info...
CVE-2006-0143
The Connected advisory CPAI-2006-171 documents a denial-of-service flaw in Microsoft Windows’ Graphics Rendering Engine (GRE) when parsing certain WMF files. Specifically, a crafted WMF with ExtCreateRegion or ExtEscape calls can trigger a memory read/parse error in GRE, causing the host applicat...
CVE-1999-0975
The CVE-1999-0975 entry describes a local privilege escalation in the Windows Help system: by editing a table of contents metafile (.CNT) and altering the topic action, a local user could cause commands to execute when the .hlp file is opened. The remediation/affected product details beyond this ...
CVE-2000-0404
The CVE-2000-0404 issue affects the CIFS Computer Browser service and allows remote denial of service by sending a ResetBrowser frame to the Master Browser ("ResetBrowser Frame" vulnerability). Connected sources confirm the vulnerability impact is a network-denial of service and describe two rela...
CVE-2000-0980
This CVE concerns the NMPI listener component of Microsoft NWLink. The affected element is the NMPI (Name Management Protocol on IPX) listener in NWLink, which fails to properly filter packets originating from a broadcast address. Under this flaw, remote attackers can trigger a broadcast storm an...