Max CVSS | 10.0 | Min CVSS | 2.6 | Total Count | 2 |
ID | CVSS | Summary | Last (major) update | Published | |
CVE-2007-3892 | 7.5 |
Microsoft Internet Explorer 5.01 through 7 allows remote attackers to spoof the URL address bar and other "trust UI" components via unspecified vectors, a different issue than CVE-2007-1091 and CVE-2007-3826.
|
23-07-2021 - 15:06 | 09-10-2007 - 22:17 | |
CVE-2007-3893 | 6.8 |
Unspecified vulnerability in Microsoft Internet Explorer 5.01 through 7 allows remote attackers to execute arbitrary code via unspecified vectors involving memory corruption from an unhandled error.
|
23-07-2021 - 15:06 | 09-10-2007 - 22:17 | |
CVE-2007-3041 | 9.3 |
Unspecified vulnerability in the pdwizard.ocx ActiveX object for Internet Explorer 5.01, 6 SP1, and 7 allows remote attackers to execute arbitrary code via unknown vectors related to Microsoft Visual Basic 6 objects and memory corruption, aka "Active
|
23-07-2021 - 15:04 | 14-08-2007 - 21:17 | |
CVE-2007-3826 | 9.3 |
Microsoft Internet Explorer 7 on Windows XP SP2 allows remote attackers to prevent users from leaving a site, spoof the address bar, and conduct phishing and other attacks via repeated document.open function calls after a user requests a new page, bu
|
23-07-2021 - 15:04 | 17-07-2007 - 21:30 | |
CVE-2007-2216 | 9.3 |
The tblinf32.dll (aka vstlbinf.dll) ActiveX control for Internet Explorer 5.01, 6 SP1, and 7 uses an incorrect IObjectsafety implementation, which allows remote attackers to execute arbitrary code by requesting the HelpString property, involving a cr
|
23-07-2021 - 15:04 | 14-08-2007 - 21:17 | |
CVE-2007-1749 | 9.3 |
Integer underflow in the CDownloadSink class code in the Vector Markup Language (VML) component (VGX.DLL), as used in Internet Explorer 5.01, 6, and 7 allows remote attackers to execute arbitrary code via compressed content with an invalid buffer siz
|
23-07-2021 - 15:04 | 14-08-2007 - 22:17 | |
CVE-2005-1790 | 2.6 |
Microsoft Internet Explorer 6 SP2 6.0.2900.2180 and 6.0.2800.1106, and earlier versions, allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a Javascript BODY onload event that calls the window function, aka "M
|
23-07-2021 - 15:04 | 01-06-2005 - 04:00 | |
CVE-2004-0214 | 10.0 |
Buffer overflow in Microsoft Internet Explorer and Explorer on Windows XP SP1, WIndows 2000, Windows 98, and Windows Me may allow remote malicious servers to cause a denial of service (application crash) and possibly execute arbitrary code via long s
|
23-07-2021 - 15:03 | 03-11-2004 - 05:00 | |
CVE-2004-0420 | 10.0 |
The Windows Shell application in Windows 98, Windows ME, Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows remote attackers to execute arbitrary code by spoofing the type of a file via a CLSID specifier in the filename, as demo
|
23-07-2021 - 15:02 | 07-07-2004 - 04:00 | |
CVE-2002-1142 | 7.5 |
Heap-based buffer overflow in the Remote Data Services (RDS) component of Microsoft Data Access Components (MDAC) 2.1 through 2.6, and Internet Explorer 5.01 through 6.0, allows remote attackers to execute code via a malformed HTTP request to the Dat
|
23-07-2021 - 12:55 | 29-11-2002 - 05:00 | |
CVE-2007-1091 | 6.8 |
Microsoft Internet Explorer 7 allows remote attackers to prevent users from leaving a site, spoof the address bar, and conduct phishing and other attacks via onUnload Javascript handlers.
|
23-07-2021 - 12:55 | 26-02-2007 - 11:28 | |
CVE-2005-0053 | 7.5 |
Internet Explorer 5.01, 5.5, and 6 allows remote attackers to execute arbitrary code via drag and drop events, aka the "Drag-and-Drop Vulnerability."
|
23-07-2021 - 12:55 | 02-05-2005 - 04:00 | |
CVE-2007-0943 | 6.8 |
Unspecified vulnerability in Internet Explorer 5.01 and 6 SP1 allows remote attackers to execute arbitrary code via crafted Cascading Style Sheets (CSS) strings that trigger memory corruption during parsing, related to use of out-of-bounds pointers.
|
23-07-2021 - 12:18 | 14-08-2007 - 21:17 | |
CVE-2004-0845 | 6.4 |
Internet Explorer 5.01, 5.5, and 6 does not properly cache SSL content, which allows remote attackers to obtain information or spoof content via a web site with the same host name as the target web site, whose content is cached and reused when the us
|
23-07-2021 - 12:18 | 03-11-2004 - 05:00 | |
CVE-2007-3898 | 6.4 |
The DNS server in Microsoft Windows 2000 Server SP4, and Server 2003 SP1 and SP2, uses predictable transaction IDs when querying other DNS servers, which allows remote attackers to spoof DNS replies, poison the DNS cache, and facilitate further attac
|
07-07-2021 - 16:09 | 14-11-2007 - 01:46 | |
CVE-2003-0718 | 5.0 |
The WebDAV Message Handler for Internet Information Services (IIS) 5.0, 5.1, and 6.0 allows remote attackers to cause a denial of service (memory and CPU exhaustion, application crash) via a PROPFIND request with an XML message containing XML element
|
23-11-2020 - 19:49 | 03-11-2004 - 05:00 | |
CVE-2004-0203 | 4.3 |
Cross-site scripting (XSS) vulnerability in Outlook Web Access for Exchange Server 5.5 Service Pack 4 allows remote attackers to insert arbitrary script and spoof content in HTML email or web caches via an HTML redirect query.
|
09-04-2020 - 13:51 | 23-11-2004 - 05:00 | |
CVE-2004-0840 | 10.0 |
The SMTP (Simple Mail Transfer Protocol) component of Microsoft Windows XP 64-bit Edition, Windows Server 2003, Windows Server 2003 64-bit Edition, and the Exchange Routing Engine component of Exchange Server 2003, allows remote attackers to execute
|
09-04-2020 - 13:51 | 03-11-2004 - 05:00 | |
CVE-2004-0574 | 10.0 |
The Network News Transfer Protocol (NNTP) component of Microsoft Windows NT Server 4.0, Windows 2000 Server, Windows Server 2003, Exchange 2000 Server, and Exchange Server 2003 allows remote attackers to execute arbitrary code via XPAT patterns, poss
|
09-04-2020 - 13:50 | 03-11-2004 - 05:00 | |
CVE-2003-0904 | 6.0 |
Microsoft Exchange 2003 and Outlook Web Access (OWA), when configured to use NTLM authentication, does not properly reuse HTTP connections, which can cause OWA users to view mailboxes of other users when Kerberos has been disabled as an authenticatio
|
09-04-2020 - 13:49 | 20-01-2004 - 05:00 | |
CVE-2006-0002 | 7.5 |
Unspecified vulnerability in Microsoft Outlook 2000 through 2003, Exchange 5.0 Server SP2 and 5.5 SP4, Exchange 2000 SP3, and Office allows remote attackers to execute arbitrary code via an e-mail message with a crafted Transport Neutral Encapsulatio
|
09-04-2020 - 13:29 | 10-01-2006 - 22:03 | |
CVE-2006-0027 | 7.5 |
Unspecified vulnerability in Microsoft Exchange allows remote attackers to execute arbitrary code via e-mail messages with crafted (1) vCal or (2) iCal Calendar properties.
|
09-04-2020 - 13:29 | 10-05-2006 - 02:10 | |
CVE-2006-1193 | 2.6 |
Cross-site scripting (XSS) vulnerability in Microsoft Exchange Server 2000 SP1 through SP3, when running Outlook Web Access (OWA), allows user-assisted remote attackers to inject arbitrary HTML or web script via unknown vectors related to "HTML parsi
|
09-04-2020 - 13:29 | 13-06-2006 - 19:06 | |
CVE-2002-1230 | 4.6 |
NetDDE Agent on Windows NT 4.0, 4.0 Terminal Server Edition, Windows 2000, and Windows XP allows local users to execute arbitrary code as LocalSystem via "shatter" style attack by sending a WM_COPYDATA message followed by a WM_TIMER message, as demon
|
30-04-2019 - 14:27 | 04-11-2002 - 05:00 | |
CVE-2004-1305 | 5.0 |
The Windows Animated Cursor (ANI) capability in Windows NT, Windows 2000 through SP4, Windows XP through SP1, and Windows 2003 allow remote attackers to cause a denial of service via (1) the frame number set to zero, which causes an invalid memory ad
|
30-04-2019 - 14:27 | 23-12-2004 - 05:00 | |
CVE-2005-0045 | 7.5 |
The Server Message Block (SMB) implementation for Windows NT 4.0, 2000, XP, and Server 2003 does not properly validate certain SMB packets, which allows remote attackers to execute arbitrary code via Transaction responses containing (1) Trans or (2)
|
30-04-2019 - 14:27 | 02-05-2005 - 04:00 | |
CVE-2003-0659 | 7.2 |
Buffer overflow in a function in User32.dll on Windows NT through Server 2003 allows local users to execute arbitrary code via long (1) LB_DIR messages to ListBox or (2) CB_DIR messages to ComboBox controls in a privileged application.
|
30-04-2019 - 14:27 | 17-11-2003 - 05:00 | |
CVE-2003-0661 | 5.0 |
The NetBT Name Service (NBNS) for NetBIOS in Windows NT 4.0, 2000, XP, and Server 2003 may include random memory in a response to a NBNS query, which could allow remote attackers to obtain sensitive information.
|
30-04-2019 - 14:27 | 20-10-2003 - 04:00 | |
CVE-2007-2223 | 9.3 |
Microsoft XML Core Services (MSXML) 3.0 through 6.0 allows remote attackers to execute arbitrary code via the substringData method on a (1) TextNode or (2) XMLDOM object, which causes an integer overflow that leads to a buffer overflow.
|
27-02-2019 - 16:00 | 14-08-2007 - 21:17 | |
CVE-2007-3034 | 9.3 |
Integer overflow in the AttemptWrite function in Graphics Rendering Engine (GDI) on Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a crafted metafile (image) with a large record length va
|
26-02-2019 - 14:04 | 14-08-2007 - 21:17 | |
CVE-2004-0573 | 7.5 |
Buffer overflow in the converter for Microsoft WordPerfect 5.x on Office 2000, Office XP, Office 2003, and Works Suites 2001 through 2004 allows remote attackers to execute arbitrary code via a malicious document or website.
|
30-10-2018 - 16:25 | 28-09-2004 - 04:00 | |
CVE-2006-6104 | 5.0 |
The System.Web class in the XSP for ASP.NET server 1.1 through 2.0 in Mono does not properly verify local pathnames, which allows remote attackers to (1) read source code by appending a space (%20) to a URI, and (2) read credentials via a request for
|
17-10-2018 - 21:46 | 21-12-2006 - 19:28 | |
CVE-2006-6133 | 7.6 |
Stack-based buffer overflow in Visual Studio Crystal Reports for Microsoft Visual Studio .NET 2002 and 2002 SP1, .NET 2003 and 2003 SP1, and 2005 and 2005 SP1 (formerly Business Objects Crystal Reports XI Professional) allows user-assisted remote att
|
17-10-2018 - 21:46 | 28-11-2006 - 01:07 | |
CVE-2006-5584 | 7.5 |
The Remote Installation Service (RIS) in Microsoft Windows 2000 SP4 uses a TFTP server that allows anonymous access, which allows remote attackers to upload and overwrite arbitrary files to gain privileges on systems that use RIS.
|
17-10-2018 - 21:43 | 13-12-2006 - 01:28 | |
CVE-2007-3037 | 4.0 |
Microsoft Windows Media Player 7.1, 9, 10, and 11 allows remote attackers to execute arbitrary code via a skin file (WMZ or WMD) with crafted header information that causes a size mismatch between compressed and decompressed data and triggers a heap-
|
16-10-2018 - 16:47 | 14-08-2007 - 21:17 | |
CVE-2007-3035 | 7.6 |
Unspecified vulnerability in Microsoft Windows Media Player 7.1, 9, 10, and 11 allows remote attackers to execute arbitrary code via a skin file (WMZ or WMD) with crafted header information that is not properly handled during decompression, aka "Wind
|
16-10-2018 - 16:47 | 14-08-2007 - 21:17 | |
CVE-2006-2389 | 9.3 |
Unspecified vulnerability in Microsoft Office 2003 SP1 and SP2, Office XP SP3, Office 2000 SP3, and other products, allows user-assisted attackers to execute arbitrary code via an Office file with a malformed property that triggers memory corruption
|
12-10-2018 - 21:40 | 11-07-2006 - 21:05 | |
CVE-2004-0892 | 7.5 |
Microsoft Proxy Server 2.0 and Microsoft ISA Server 2000 (which is included in Small Business Server 2000 and Small Business Server 2003 Premium Edition) allows remote attackers to spoof trusted Internet content on a specially crafted webpage via spo
|
12-10-2018 - 21:35 | 27-01-2005 - 05:00 | |
CVE-2004-1244 | 7.5 |
Windows Media Player 9 allows remote attackers to execute arbitrary code via a PNG file containing large (1) width or (2) height values, aka the "PNG Processing Vulnerability."
|
12-10-2018 - 21:35 | 08-02-2004 - 05:00 | |
CVE-2004-0847 | 7.5 |
The Microsoft .NET forms authentication capability for ASP.NET allows remote attackers to bypass authentication for .aspx files in restricted directories via a request containing a (1) "\" (backslash) or (2) "%5C" (encoded backslash), aka "Path Valid
|
12-10-2018 - 21:35 | 03-11-2004 - 05:00 | |
CVE-2004-1049 | 5.1 |
Integer overflow in the LoadImage API of the USER32 Lib for Microsoft Windows allows remote attackers to execute arbitrary code via a .bmp, .cur, .ico or .ani file with a large image size field, which leads to a buffer overflow, aka the "Cursor and I
|
12-10-2018 - 21:35 | 31-12-2004 - 05:00 | |
CVE-2004-0206 | 7.5 |
Network Dynamic Data Exchange (NetDDE) services for Microsoft Windows 98, Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows attackers to remotely execute arbitrary code or locally gain privileges via a malicious message or appl
|
12-10-2018 - 21:34 | 03-11-2004 - 05:00 | |
CVE-2004-0215 | 5.0 |
Microsoft Outlook Express 5.5 and 6 allows attackers to cause a denial of service (application crash) via a malformed e-mail header.
|
12-10-2018 - 21:34 | 06-08-2004 - 04:00 | |
CVE-2003-0819 | 10.0 |
Buffer overflow in the H.323 filter of Microsoft Internet Security and Acceleration Server 2000 allows remote attackers to execute arbitrary code in the Microsoft Firewall Service via certain H.323 traffic, as demonstrated by the NISCC/OUSPG PROTOS t
|
12-10-2018 - 21:33 | 17-02-2004 - 05:00 | |
CVE-2003-0903 | 10.0 |
Buffer overflow in a component of Microsoft Data Access Components (MDAC) 2.5 through 2.8 allows remote attackers to execute arbitrary code via a malformed UDP response to a broadcast request.
|
12-10-2018 - 21:33 | 17-02-2004 - 05:00 | |
CVE-2003-0905 | 5.0 |
Unknown vulnerability in Windows Media Station Service and Windows Media Monitor Service components of Windows Media Services 4.1 allows remote attackers to cause a denial of service (disallowing new connections) via a certain sequence of TCP/IP pack
|
12-10-2018 - 21:33 | 15-04-2004 - 04:00 | |
CVE-2003-0110 | 5.0 |
The Winsock Proxy service in Microsoft Proxy Server 2.0 and the Microsoft Firewall service in Internet Security and Acceleration (ISA) Server 2000 allow remote attackers to cause a denial of service (CPU consumption or packet storm) via a spoofed, ma
|
12-10-2018 - 21:32 | 05-05-2003 - 04:00 | |
CVE-2003-0526 | 6.8 |
Cross-site scripting (XSS) vulnerability in Microsoft Internet Security and Acceleration (ISA) Server 2000 allows remote attackers to inject arbitrary web script via a URL containing the script in the domain name portion, which is not properly cleans
|
12-10-2018 - 21:32 | 18-08-2003 - 04:00 | |
CVE-1999-0621 | 5.0 |
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: None. Reason: this candidate is solely about a configuration that does not directly introduce security vulnerabilities, so it is more appropriate to cover under the Common Configuration En
|
01-08-2008 - 04:00 | 01-01-1999 - 05:00 |