Filtered by vendor Microsoft
Subscriptions
Total
23768 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2004-0848 | 1 Microsoft | 6 Office, Powerpoint, Project and 3 more | 2026-04-16 | N/A |
| Buffer overflow in Microsoft Office XP allows remote attackers to execute arbitrary code via a link with a URL file location containing long inputs after (1) "%00 (null byte) in .doc filenames or (2) "%0a" (carriage return) in .rtf filenames. | ||||
| CVE-2004-0893 | 1 Microsoft | 4 Windows 2000, Windows 2003 Server, Windows Nt and 1 more | 2026-04-16 | N/A |
| The Local Procedure Call (LPC) interface of the Windows Kernel for Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 does not properly validate the lengths of messages sent to the LPC port, which allows local users to gain privileges, aka "Windows Kernel Vulnerability." | ||||
| CVE-2004-0900 | 1 Microsoft | 1 Windows Nt | 2026-04-16 | N/A |
| The DHCP Server service for Microsoft Windows NT 4.0 Server and Terminal Server Edition does not properly validate the length of certain messages, which allows remote attackers to execute arbitrary code via a malformed DHCP message, aka the "DHCP Request Vulnerability." | ||||
| CVE-2004-0978 | 1 Microsoft | 7 Internet Explorer, Windows 2000, Windows 98se and 4 more | 2026-04-16 | N/A |
| Heap-based buffer overflow in the Hrtbeat.ocx (Heartbeat) ActiveX control for Internet Explorer 5.01 through 6, when users who visit online gaming sites that are associated with MSN, allows remote attackers to execute arbitrary code via the SetupData parameter. | ||||
| CVE-2004-0979 | 1 Microsoft | 3 Ie, Internet Explorer, Windows Xp | 2026-04-16 | N/A |
| Internet Explorer on Windows XP does not properly modify the "Drag and Drop or copy and paste files" setting when the user sets it to "Disable" or "Prompt," which may enable security-sensitive operations that are inconsistent with the user's intended configuration. | ||||
| CVE-2004-0985 | 1 Microsoft | 1 Ie | 2026-04-16 | N/A |
| Internet Explorer 6.x on Windows XP SP2 allows remote attackers to execute arbitrary code, as demonstrated using a document with a draggable file type such as .xml, .doc, .py, .cdf, .css, .pdf, or .ppt, and using ADODB.Connection and ADODB.recordset to write to a .hta file that is interpreted in the Local Zone by HTML Help. | ||||
| CVE-2004-1080 | 1 Microsoft | 3 Windows 2000, Windows 2003 Server, Windows Nt | 2026-04-16 | N/A |
| The WINS service (wins.exe) on Microsoft Windows NT Server 4.0, Windows 2000 Server, and Windows Server 2003 allows remote attackers to write to arbitrary memory locations and possibly execute arbitrary code via a modified memory pointer in a WINS replication packet to TCP port 42, aka the "Association Context Vulnerability." | ||||
| CVE-2004-1134 | 1 Microsoft | 1 W3who.dll | 2026-04-16 | N/A |
| Buffer overflow in the Microsoft W3Who ISAPI (w3who.dll) allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long query string. | ||||
| CVE-2004-1173 | 1 Microsoft | 1 Internet Explorer | 2026-04-16 | N/A |
| Internet Explorer 6 allows remote attackers to bypass the popup blocker via the document object model (DOM) methods in the DHTML Dynamic HTML (DHTML) Editing Component (DEC) and Javascript that calls showModalDialog. | ||||
| CVE-2004-1319 | 2 Microsoft, Nortel | 9 Windows 2000, Windows 2003 Server, Windows 98 and 6 more | 2026-04-16 | N/A |
| The DHTML Edit Control (dhtmled.ocx) allows remote attackers to inject arbitrary web script into other domains by setting a name for a window, opening a child page whose target is the window with the given name, then injecting the script from the parent into the child using execScript, as demonstrated by "AbusiveParent" in Internet Explorer 6.0.2900.2180. | ||||
| CVE-2004-1324 | 1 Microsoft | 1 Windows Media Player | 2026-04-16 | N/A |
| The Microsoft Windows Media Player 9.0 ActiveX control may allow remote attackers to execute arbitrary web script in the Local computer zone via the (1) artist or (2) song fields of a music file, if the file is processed using Internet Explorer. | ||||
| CVE-2004-1325 | 1 Microsoft | 1 Windows Media Player | 2026-04-16 | N/A |
| The getItemInfoByAtom function in the ActiveX control for Microsoft Windows Media Player 9.0 returns a 0 if the file does not exist and the size of the file if the file exists, which allows remote attackers to determine the existence of files on the local system. | ||||
| CVE-2004-1331 | 1 Microsoft | 2 Ie, Internet Explorer | 2026-04-16 | N/A |
| The execCommand method in Microsoft Internet Explorer 6.0 SP2 allows remote attackers to bypass the "File Download - Security Warning" dialog and save arbitrary files with arbitrary extensions via the SaveAs command. | ||||
| CVE-1999-0668 | 1 Microsoft | 1 Internet Explorer | 2026-04-16 | N/A |
| The scriptlet.typelib ActiveX control is marked as "safe for scripting" for Internet Explorer, which allows a remote attacker to execute arbitrary commands as demonstrated by Bubbleboy. | ||||
| CVE-2004-0723 | 1 Microsoft | 1 Java Virtual Machine | 2026-04-16 | N/A |
| Microsoft Java virtual machine (VM) 5.0.0.3810 allows remote attackers to bypass sandbox restrictions to read or write certain data between applets from different domains via the "GET/Key" and "PUT/Key/Value" commands, aka "cross-site Java." | ||||
| CVE-2004-0719 | 1 Microsoft | 2 Ie, Internet Explorer | 2026-04-16 | N/A |
| Internet Explorer for Mac 5.2.3, Internet Explorer 6 on Windows XP, and possibly other versions, does not properly prevent a frame in one domain from injecting content into a frame that belongs to another domain, which facilitates web site spoofing and other attacks, aka the frame injection vulnerability. | ||||
| CVE-2004-0209 | 1 Microsoft | 3 Windows 2000, Windows 2003 Server, Windows Xp | 2026-04-16 | N/A |
| Unknown vulnerability in the Graphics Rendering Engine processes of Microsoft Windows 2000, Windows XP, and Windows Server 2003 allows remote attackers to execute arbitrary code via (1) Windows Metafile (WMF) or (2) Enhanced Metafile (EMF) image formats that involve "an unchecked buffer." | ||||
| CVE-2004-0212 | 2 Avaya, Microsoft | 8 Definity One Media Server, Ip600 Media Servers, Modular Messaging Message Storage Server and 5 more | 2026-04-16 | N/A |
| Stack-based buffer overflow in the Task Scheduler for Windows 2000 and XP, and Internet Explorer 6 on Windows NT 4.0, allows local or remote attackers to execute arbitrary code via a .job file containing long parameters, as demonstrated using Internet Explorer and accessing a .job file on an anonymous share. | ||||
| CVE-2004-0214 | 1 Microsoft | 5 Internet Explorer, Windows 2000, Windows 98 and 2 more | 2026-04-16 | N/A |
| Buffer overflow in Microsoft Internet Explorer and Explorer on Windows XP SP1, WIndows 2000, Windows 98, and Windows Me may allow remote malicious servers to cause a denial of service (application crash) and possibly execute arbitrary code via long share names, as demonstrated using Samba. | ||||
| CVE-2004-0215 | 2 Avaya, Microsoft | 5 Definity One Media Server, Ip600 Media Servers, Modular Messaging Message Storage Server and 2 more | 2026-04-16 | N/A |
| Microsoft Outlook Express 5.5 and 6 allows attackers to cause a denial of service (application crash) via a malformed e-mail header. | ||||