Vulnerabilities > Microsoft
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-05-12 | CVE-2006-2334 | Unspecified vulnerability in Microsoft Windows 2000 and Windows XP The RtlDosPathNameToNtPathName_U API function in NTDLL.DLL in Microsoft Windows 2000 SP4 and XP SP2 does not properly convert DOS style paths with trailing spaces into NT style paths, which allows context-dependent attackers to create files that cannot be accessed through the expected DOS path or prevent access to other similarly named files in the same directory, which prevents those files from being detected or disinfected by certain anti-virus and anti-spyware software. | 2.1 |
| 2006-05-10 | CVE-2006-2297 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft Infotech Storage System Library Heap-based buffer overflow in Microsoft Infotech Storage System Library (itss.dll) allows user-assisted attackers to execute arbitrary code via a crafted CHM / ITS file that triggers the overflow while decompiling. | 4.0 |
| 2006-05-10 | CVE-2006-1184 | Buffer Overflow vulnerability in Microsoft Windows MSDTC Heap Microsoft Distributed Transaction Coordinator (MSDTC) for Windows NT 4.0, 2000 SP4, XP SP1 and SP2, and Server 2003 allows remote attackers to cause a denial of service (crash) via a BuildContextW request with a large (1) UuidString or (2) GuidIn of a certain length, which causes an out-of-range memory access, aka the MSDTC Denial of Service Vulnerability. | 5.0 |
| 2006-05-10 | CVE-2006-0034 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft products Heap-based buffer overflow in the CRpcIoManagerServer::BuildContext function in msdtcprx.dll for Microsoft Distributed Transaction Coordinator (MSDTC) for Windows NT 4.0 and Windows 2000 SP2 and SP3 allows remote attackers to execute arbitrary code via a long fifth argument to the BuildContextW or BuildContext opcode, which triggers a bug in the NdrAllocate function, aka the MSDTC Invalid Memory Access Vulnerability. | 7.5 |
| 2006-05-10 | CVE-2006-0027 | Remote Code Execution vulnerability in Microsoft Exchange Server Calendar Unspecified vulnerability in Microsoft Exchange allows remote attackers to execute arbitrary code via e-mail messages with crafted (1) vCal or (2) iCal Calendar properties. | 7.5 |
| 2006-05-05 | CVE-2006-2218 | Unspecified vulnerability in Microsoft Internet Explorer 6.0 Unspecified vulnerability in Internet Explorer 6.0 on Microsoft Windows XP SP2 allows remote attackers to execute arbitrary code via "exceptional conditions" that trigger memory corruption, as demonstrated using an exception handler and nested object tags, a variant of CVE-2006-1992. | 9.3 |
| 2006-05-01 | CVE-2006-2111 | Information Exposure vulnerability in Microsoft Outlook Express 6.0 A component in Microsoft Outlook Express 6 allows remote attackers to bypass domain restrictions and obtain sensitive information via redirections with the mhtml: URI handler, as originally reported for Internet Explorer 6 and 7, aka "URL Redirect Cross Domain Information Disclosure Vulnerability." | 4.3 |
| 2006-04-29 | CVE-2006-2094 | Race Condition vulnerability in Microsoft IE and Internet Explorer Microsoft Internet Explorer before Windows XP Service Pack 2 and Windows Server 2003 Service Pack 1, when Prompt is configured in Security Settings, uses modal dialogs to verify that a user wishes to run an ActiveX control or perform other risky actions, which allows user-assisted remote attackers to construct a race condition that tricks a user into clicking an object or pressing keys that are actually applied to a "Yes" approval for executing the control. | 5.1 |
| 2006-04-25 | CVE-2006-1992 | Resource Management Errors vulnerability in Microsoft Internet Explorer 6.0.2900 mshtml.dll 6.00.2900.2873, as used in Microsoft Internet Explorer, allows remote attackers to cause a denial of service (crash) via nested OBJECT tags, which trigger invalid pointer dereferences including NULL dereferences. | 2.6 |
| 2006-04-12 | CVE-2006-0014 | Buffer Overflow vulnerability in Microsoft Outlook Express Windows Address Book File Parsing Buffer overflow in Microsoft Outlook Express 5.5 and 6 allows remote attackers to execute arbitrary code via a crafted Windows Address Book (WAB) file containing "certain Unicode strings" and modified length values. | 5.1 |