Filtered by vendor Microsoft
Subscriptions
Total
23827 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-1999-0717 | 1 Microsoft | 5 Excel, Windows 2000, Windows 95 and 2 more | 2026-04-16 | N/A |
| A remote attacker can disable the virus warning mechanism in Microsoft Excel 97. | ||||
| CVE-1999-0726 | 1 Microsoft | 2 Windows 2000, Windows Nt | 2026-04-16 | N/A |
| An attacker can conduct a denial of service in Windows NT by executing a program with a malformed file image header. | ||||
| CVE-1999-0728 | 1 Microsoft | 1 Windows Nt | 2026-04-16 | N/A |
| A Windows NT user can disable the keyboard or mouse by directly calling the IOCTLs which control them. | ||||
| CVE-1999-0750 | 1 Microsoft | 1 Hotmail | 2026-04-16 | N/A |
| Hotmail allows Javascript to be executed via the HTML STYLE tag, allowing remote attackers to execute commands on the user's Hotmail account. | ||||
| CVE-2002-0863 | 1 Microsoft | 5 .net Windows Server, Windows 2000, Windows 2000 Terminal Services and 2 more | 2026-04-16 | N/A |
| Remote Data Protocol (RDP) version 5.0 in Microsoft Windows 2000 and RDP 5.1 in Windows XP does not encrypt the checksums of plaintext session data, which could allow a remote attacker to determine the contents of encrypted sessions via sniffing, aka "Weak Encryption in RDP Protocol." | ||||
| CVE-2002-0866 | 1 Microsoft | 1 Virtual Machine | 2026-04-16 | N/A |
| Java Database Connectivity (JDBC) classes in Microsoft Virtual Machine (VM) up to and including 5.0.3805 allow remote attackers to load and execute DLLs (dynamic link libraries) via a Java applet that calls the constructor for com.ms.jdbc.odbc.JdbcOdbc with the desired DLL terminated by a null string, aka "DLL Execution via JDBC Classes." | ||||
| CVE-1999-0824 | 1 Microsoft | 1 Windows Nt | 2026-04-16 | N/A |
| A Windows NT user can use SUBST to map a drive letter to a folder, which is not unmapped after the user logs off, potentially allowing that user to modify the location of folders accessed by later users. | ||||
| CVE-1999-0875 | 2 Microsoft, Sun | 5 Windows 2000, Windows 95, Windows 98se and 2 more | 2026-04-16 | N/A |
| DHCP clients with ICMP Router Discovery Protocol (IRDP) enabled allow remote attackers to modify their default routes. | ||||
| CVE-1999-0877 | 1 Microsoft | 1 Internet Explorer | 2026-04-16 | N/A |
| Internet Explorer 5 allows remote attackers to read files via an ExecCommand method called on an IFRAME. | ||||
| CVE-2003-0507 | 1 Microsoft | 1 Windows 2000 | 2026-04-16 | N/A |
| Stack-based buffer overflow in Active Directory in Windows 2000 before SP4 allows remote attackers to cause a denial of service (reboot) and possibly execute arbitrary code via an LDAP version 3 search request with a large number of (1) "AND," (2) "OR," and possibly other statements, which causes LSASS.EXE to crash. | ||||
| CVE-1999-0910 | 1 Microsoft | 3 Commercial Internet System, Site Server, Site Server Commerce | 2026-04-16 | N/A |
| Microsoft Site Server and Commercial Internet System (MCIS) do not set an expiration for a cookie, which could then be cached by a proxy and inadvertently used by a different user. | ||||
| CVE-1999-0917 | 1 Microsoft | 1 Internet Explorer | 2026-04-16 | N/A |
| The Preloader ActiveX control used by Internet Explorer allows remote attackers to read arbitrary files. | ||||
| CVE-1999-0918 | 1 Microsoft | 4 Windows 2000, Windows 95, Windows 98 and 1 more | 2026-04-16 | N/A |
| Denial of service in various Windows systems via malformed, fragmented IGMP packets. | ||||
| CVE-2003-0528 | 1 Microsoft | 4 Windows 2000, Windows 2003 Server, Windows Nt and 1 more | 2026-04-16 | N/A |
| Heap-based buffer overflow in the Distributed Component Object Model (DCOM) interface in the RPCSS Service allows remote attackers to execute arbitrary code via a malformed RPC request with a long filename parameter, a different vulnerability than CVE-2003-0352 (Blaster/Nachi) and CVE-2003-0715. | ||||
| CVE-2003-0533 | 1 Microsoft | 7 Netmeeting, Windows 2000, Windows 2003 Server and 4 more | 2026-04-16 | N/A |
| Stack-based buffer overflow in certain Active Directory service functions in LSASRV.DLL of the Local Security Authority Subsystem Service (LSASS) in Microsoft Windows NT 4.0 SP6a, 2000 SP2 through SP4, XP SP1, Server 2003, NetMeeting, Windows 98, and Windows ME, allows remote attackers to execute arbitrary code via a packet that causes the DsRolerUpgradeDownlevelServer function to create long debug entries for the DCPROMO.LOG log file, as exploited by the Sasser worm. | ||||
| CVE-1999-0993 | 1 Microsoft | 1 Exchange Server | 2026-04-16 | N/A |
| Modifications to ACLs (Access Control Lists) in Microsoft Exchange 5.5 do not take effect until the directory store cache is refreshed. | ||||
| CVE-1999-0994 | 1 Microsoft | 1 Windows Nt | 2026-04-16 | N/A |
| Windows NT with SYSKEY reuses the keystream that is used for encrypting SAM password hashes, allowing an attacker to crack passwords. | ||||
| CVE-2003-0411 | 2 Microsoft, Oracle | 3 Windows 2000, Windows Xp, Sun One Application Server | 2026-04-16 | 7.5 High |
| Sun ONE Application Server 7.0 for Windows 2000/XP allows remote attackers to obtain JSP source code via a request that uses the uppercase ".JSP" extension instead of the lowercase .jsp extension. | ||||
| CVE-2002-0421 | 1 Microsoft | 1 Windows Nt | 2026-04-16 | N/A |
| IIS 4.0 allows local users to bypass the "User cannot change password" policy for Windows NT by directly calling .htr password changing programs in the /iisadmpwd directory, including (1) aexp2.htr, (2) aexp2b.htr, (3) aexp3.htr , or (4) aexp4.htr. | ||||
| CVE-2002-0443 | 1 Microsoft | 1 Windows 2000 | 2026-04-16 | N/A |
| Microsoft Windows 2000 allows local users to bypass the policy that prohibits reusing old passwords by changing the current password before it expires, which does not enable the check for previous passwords. | ||||