Lucene search
K

81 matches found

CVE
CVE
added 2001/09/18 4:0 a.m.64 views

CVE-2001-0238

The CVE-2001-0238 entry concerns Microsoft Data Access Component Internet Publishing Provider (ID 8.103.2519.0 and earlier). The available connected documents describe that remote attackers can bypass Security Zone restrictions through WebDAV requests. The root cause details are not explicitly st...

7.5CVSS7.1AI score0.162EPSS
CVE
CVE
added 2004/09/14 4:0 a.m.64 views

CVE-2004-0839

CVE-2004-0839 is the IE Drag-and-Drop Vulnerability. The connected docs show it as a publicly disclosed CAN-2005-0053 vulnerability, which was addressed by Microsoft security updates MS05-014 and related MS05-008. The vulnerability arises from Internet Explorer handling drag-and-drop events, allo...

5CVSS7.4AI score0.33081EPSS
CVE
CVE
added 2005/04/13 4:0 a.m.64 views

CVE-2005-0061

CVE-2005-0061 (Windows kernel elevation of privilege) is a local privilege-elevation vulnerability in the Windows kernel (Windows 2000, XP SP1/SP2, Windows Server 2003) caused by the way the kernel processes certain access requests. An attacker with valid logon credentials and local access could ...

7.2CVSS6.5AI score0.01774EPSS
CVE
CVE
added 2000/01/04 5:0 a.m.63 views

CVE-1999-0749

The CVE-1999-0749 entry describes a buffer overflow in the Microsoft Telnet client for Windows 95/98 triggered by a malformed Telnet argument. The vulnerability concerns the Telnet client component (Windows 95/98) and is due to improper handling of a Telnet argument, leading to memory corruption....

2.6CVSS7.2AI score0.07962EPSS
CVE
CVE
added 2000/11/29 5:0 a.m.63 views

CVE-2000-1079

Affected software/hardware: Microsoft Windows 95, 98, NT, and 2000. Vulnerability: Interaction between the CIFS Browser Protocol and NetBIOS allows remote modification of dynamic NetBIOS name cache entries via a spoofed Browse Frame Request carried in a unicast or UDP broadcast datagram. Impact: ...

7.5CVSS7AI score0.1752EPSS
CVE
CVE
added 2004/09/01 4:0 a.m.63 views

CVE-2002-0694

The CVE-2002-0694 issue is tied to an unchecked buffer in Windows Help (Q323255) that affected Windows 98, 98 Second Edition, Millennium Edition, NT 4.0, NT 4.0 Terminal Server Edition, Windows 2000, and Windows XP. Root cause: a vulnerability in the HTML Help facility could allow a remote attack...

7.5CVSS7.5AI score0.13667EPSS
CVE
CVE
added 2000/02/23 5:0 a.m.62 views

CVE-2000-0155

CVE-2000-0155 affects Windows NT Autorun: the system executes the autorun.inf file on non-removable media, allowing a local attacker to specify an alternate program to run when other users access a drive. The provided documents describe the vulnerability in terms of its existence and impact (loca...

7.2CVSS7AI score0.03939EPSS
CVE
CVE
added 2001/05/07 4:0 a.m.62 views

CVE-2000-0742

The CVE-2000-0742 entry concerns the IPX protocol implementation in Microsoft Windows 95 and Windows 98. The vulnerability allows remote attackers to cause a denial of service by sending a ping packet with a source IP address that is a broadcast address (the “Malformed IPX Ping Packet” issue). Th...

5CVSS7AI score0.18758EPSS
CVE
CVE
added 2005/02/08 5:0 a.m.62 views

CVE-2005-0057

Microsoft’s MS05-015 fixes a remote code execution flaw in the Hyperlink Object Library (Hlink.dll) affecting Windows 98, 2000, XP, and Server 2003. The vulnerability arises from an unchecked buffer when handling hyperlinks, potentially allowing arbitrary code execution if a user clicks a crafted...

7.5CVSS7.9AI score0.41139EPSS
CVE
CVE
added 2006/01/10 9:0 p.m.62 views

CVE-2006-0020

CVE-2006-0020 describes a WMF parsing memory corruption affecting Internet Explorer on Windows platforms (e.g., IE 5.01 SP4 on 2000 SP4; 5.5 SP2 on Millennium) where a crafted WMF file with manipulated header size (potential integer overflow) can crash the process and may allow code execution. Th...

9.3CVSS6.6AI score0.18495EPSS
CVE
CVE
added 2000/04/18 4:0 a.m.61 views

CVE-2000-0073

CVE-2000-0073 involves a buffer overflow in the Microsoft Rich Text Format (RTF) reader triggered by a malformed control word, leading to a denial of service. The affected software is the RTF reader component in Microsoft environments. The root cause is a buffer overflow condition, as described i...

5CVSS7AI score0.244EPSS
CVE
CVE
added 2000/06/02 4:0 a.m.60 views

CVE-2000-0330

CVE-2000-0330 affects the networking software in Windows 95 and Windows 98. The vulnerability allows remote attackers to execute commands via a long file name string (the “File Access URL” issue). The CVSS data indicates a network-access, high-severity impact with complete confidentiality, integr...

7.6CVSS7.5AI score0.15015EPSS
CVE
CVE
added 2000/10/13 4:0 a.m.60 views

CVE-2000-0347

CVE-2000-0347 affects Windows 95/98. The vulnerability is a denial-of-service triggered by sending a NetBIOS session request with a NULL source name to the remote host. The resulting impact is remote crash/DoS as described by multiple sources. No remediation details are provided in the supplied d...

5CVSS6.7AI score0.17596EPSS
CVE
CVE
added 2002/03/09 5:0 a.m.60 views

CVE-2000-0790

The CVE-2000-0790 entry describes a local-in-the-IE5.5/Windows 98 scenario where modifying Folder.htt and invoking the default execute option via the ShellDefView ActiveX control could cause Trojan horses to be run for the first listed file. No explicit affected versions beyond IE 5.5 on Windows ...

4.6CVSS6.8AI score0.01531EPSS
CVE
CVE
added 2001/01/22 5:0 a.m.60 views

CVE-2000-0979

CVE-2000-0979 affects Windows 95/98/Me File and Print Sharing. The service does not properly enforce file-share passwords, allowing a remote attacker to bypass access controls by sending a 1‑byte password that matches the first character of the real password. The documented impact is partial conf...

6.4CVSS7.3AI score0.45905EPSS
CVE
CVE
added 2002/08/31 4:0 a.m.60 views

CVE-2002-0699

The CVE-2002-0699 issue affects the Certificate Enrollment ActiveX Control used by Windows 98/98SE/Millennium/NT 4.0/2000/XP. The root cause is a flaw in the Certificate Enrollment Control that allows remote attackers to delete digital certificates on a user’s system via HTML. OpenVAS entries cor...

5CVSS6.6AI score0.06498EPSS
CVE
CVE
added 2001/09/12 4:0 a.m.59 views

CVE-1999-1254

Technical details (affected software, vulnerability specifics, and remediation) are not publicly provided in the connected documents. Monitor for updates.

5CVSS7AI score0.13344EPSS
CVE
CVE
added 2004/09/01 4:0 a.m.59 views

CVE-2001-1055

The CVE-2001-1055 entry affects the Microsoft Windows network stack . The vulnerability allows a remote attacker to exhaust CPU resources by sending a flood of malformed ARP request packets with random source IP and MAC addresses, resulting in denial of service . The effect is described as CPU co...

5CVSS7AI score0.2226EPSS
CVE
CVE
added 2000/07/12 4:0 a.m.58 views

CVE-1999-0387

CVE-1999-0387 affects Windows 95/98 where a legacy credential caching mechanism can be exploited to read plaintext network passwords. The Red Hat and CVE records reflect the same description: a local/system-level weakness in the credential cache that may expose confidential credentials. Documents...

7.8CVSS6.8AI score0.07917EPSS
CVE
CVE
added 2001/01/22 5:0 a.m.58 views

CVE-2000-1003

CVE-2000-1003 (Windows 95/98 NETBIOS client) : The NETBIOS client in Windows 95 and Windows 98 is affected. A remote attacker over a network can cause a denial of service by altering a file sharing service to return an unknown driver type, which crashes the client. Root cause described as the fil...

2.6CVSS7AI score0.12513EPSS
CVE
CVE
added 2004/09/01 4:0 a.m.58 views

CVE-2002-1183

CVE-2002-1183 describes a certificate validation flaw in CryptoAPI on Microsoft Windows 98 and Windows NT 4.0 where Basic Constraints of intermediate CA certificates are not verified correctly (CertGetCertificateChain/CertVerifyCertificateChainPolicy/WinVerifyTrust). This could allow an attacker ...

7.5CVSS6.8AI score0.1934EPSS
CVE
CVE
added 2005/04/13 4:0 a.m.58 views

CVE-2005-0060

CVE-2005-0060 is a local privilege-elevation vulnerability in the Windows font-processing subsystem caused by an unchecked buffer when handling certain fonts. A logged-on user could gain full control of an affected system by running a specially crafted application. Affected platforms include Wind...

7.2CVSS6.7AI score0.01715EPSS
CVE
CVE
added 2005/06/14 4:0 a.m.58 views

CVE-2005-1214

CVE-2005-1214 involves a spoofing flaw in Microsoft Agent that could allow remote attackers to impersonate trusted Internet content and potentially execute arbitrary code when a user visits a malicious Web page. Connected docs confirm the vulnerability (CAN-2005-1214) exists in Microsoft Agent an...

5.1CVSS7.5AI score0.12773EPSS
CVE
CVE
added 2005/04/19 4:0 a.m.57 views

CVE-2005-1191

Summary : CVE-2005-1191 affects the Web View DLL (webvw.dll) used by Windows Explorer on Windows 2000. The flaw arises from insufficient validation of the Author field in file metadata, allowing an attacker to craft a name that, when Web View creates a mailto: link in the preview pane, results in...

5CVSS7.2AI score0.19617EPSS
CVE
CVE
added 2005/06/14 4:0 a.m.57 views

CVE-2005-1212

CVE-2005-1212 is a buffer overflow in Microsoft Step-by-Step Interactive Training (orun32.exe). A crafted bookmark link file with a long User field in extensions .cbo/.cbl/.cbm allows remote code execution, running with the caller’s privileges. The issue affects Step-by-Step Interactive Training ...

7.5CVSS7.8AI score0.24804EPSS
CVE
CVE
added 2000/07/19 4:0 a.m.55 views

CVE-2000-0612

CVE-2000-0612 affects Windows 95 and Windows 98 ; spoofed ARP packets allow remote attackers to overwrite static ARP cache entries. The connected records confirm the impact but do not include a provided patch or concrete mitigation details in the supplied documents.

5CVSS7.1AI score0.08714EPSS
CVE
CVE
added 2005/07/27 4:0 a.m.55 views

CVE-2005-2388

CVE-2005-2388 describes a buffer overflow in a USB driver used on Microsoft Windows that could allow an attacker to execute arbitrary code. The provided documents do not specify the affected product name, exact driver version, or root cause details beyond the general buffer overflow. Exploit info...

7.2CVSS7.8AI score0.01796EPSS
CVE
CVE
added 2006/01/09 8:0 p.m.55 views

CVE-2006-0143

The Connected advisory CPAI-2006-171 documents a denial-of-service flaw in Microsoft Windows’ Graphics Rendering Engine (GRE) when parsing certain WMF files. Specifically, a crafted WMF with ExtCreateRegion or ExtEscape calls can trigger a memory read/parse error in GRE, causing the host applicat...

7.5CVSS6.7AI score0.39042EPSS
CVE
CVE
added 2000/01/04 5:0 a.m.53 views

CVE-1999-0975

The CVE-1999-0975 entry describes a local privilege escalation in the Windows Help system: by editing a table of contents metafile (.CNT) and altering the topic action, a local user could cause commands to execute when the .hlp file is opened. The remediation/affected product details beyond this ...

4.6CVSS7.2AI score0.02696EPSS
CVE
CVE
added 2000/07/12 4:0 a.m.53 views

CVE-2000-0404

The CVE-2000-0404 issue affects the CIFS Computer Browser service and allows remote denial of service by sending a ResetBrowser frame to the Master Browser ("ResetBrowser Frame" vulnerability). Connected sources confirm the vulnerability impact is a network-denial of service and describe two rela...

5CVSS6.7AI score0.19621EPSS
CVE
CVE
added 2001/01/22 5:0 a.m.50 views

CVE-2000-0980

This CVE concerns the NMPI listener component of Microsoft NWLink. The affected element is the NMPI (Name Management Protocol on IPX) listener in NWLink, which fails to properly filter packets originating from a broadcast address. Under this flaw, remote attackers can trigger a broadcast storm an...

5CVSS6.9AI score0.13239EPSS
Total number of security vulnerabilities81