Vulnerabilities > Microsoft
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2005-12-31 | CVE-2005-4810 | Unspecified vulnerability in Microsoft Internet Explorer 7.0 Microsoft Internet Explorer 7.0 Beta3 and earlier allows remote attackers to cause a denial of service (crash) via a "text/html" HTML Content-type header sent in response to an XMLHttpRequest (AJAX). | 5.0 |
| 2005-12-31 | CVE-2005-4717 | Unspecified vulnerability in Microsoft products Microsoft Internet Explorer 6.0 on Windows NT 4.0 SP6a, Windows 2000 SP4, Windows XP SP1, Windows XP SP2, and Windows Server 2003 SP1 allows remote attackers to cause a denial of service (client crash) via a certain combination of a malformed HTML file and a CSS file that triggers a null dereference, probably related to rendering of a DIV element that contains a malformed IMG tag, as demonstrated by IEcrash.htm and IEcrash.rar. | 5.0 |
| 2005-12-31 | CVE-2005-4697 | Information Disclosure vulnerability in Microsoft Windows Wireless Zero Configuration Service The Microsoft Wireless Zero Configuration system (WZCS) allows local users to access WEP keys and pair-wise Master Keys (PMK) of the WPA pre-shared key via certain calls to the WZCQueryInterface API function in wzcsapi.dll. | 2.1 |
| 2005-12-31 | CVE-2005-4696 | Information Disclosure vulnerability in Microsoft Windows Wireless Zero Configuration Service The Microsoft Wireless Zero Configuration system (WZCS) stores WEP keys and pair-wise Master Keys (PMK) of the WPA pre-shared key in plaintext in memory of the explorer process, which allows attackers with access to process memory to steal the keys and access the network. | 2.1 |
| 2005-12-31 | CVE-2005-4679 | Remote Security vulnerability in Microsoft IE 6 Internet Explorer 6 for Windows XP Service Pack 2 allows remote attackers to spoof the URL in the status bar via the title in an image in a link to a trusted site within a form to the malicious site. | 5.0 |
| 2005-12-31 | CVE-2005-3240 | Race Condition vulnerability in Microsoft IE and Internet Explorer Race condition in Microsoft Internet Explorer allows user-assisted attackers to overwrite arbitrary files and possibly execute code by tricking a user into performing a drag-and-drop action from certain objects, such as file objects within a folder view, then predicting the drag action, and re-focusing to a malicious window. | 5.1 |
| 2005-12-28 | CVE-2005-4560 | Improper Input Validation vulnerability in Microsoft Windows 2003 Server and Windows XP The Windows Graphical Device Interface library (GDI32.DLL) in Microsoft Windows allows remote attackers to execute arbitrary code via a Windows Metafile (WMF) format image with a crafted SETABORTPROC GDI Escape function call, related to the Windows Picture and Fax Viewer (SHIMGVW.DLL), a different vulnerability than CVE-2005-2123 and CVE-2005-2124, and as originally discovered in the wild on unionseek.com. | 7.5 |
| 2005-12-20 | CVE-2005-4360 | Unchecked Return Value vulnerability in Microsoft Internet Information Services 5.1 The URL parser in Microsoft Internet Information Services (IIS) 5.1 on Windows XP Professional SP2 allows remote attackers to execute arbitrary code via multiple requests to ".dll" followed by arguments such as "~0" through "~9", which causes ntdll.dll to produce a return value that is not correctly handled by IIS, as demonstrated using "/_vti_bin/.dll/*/~0". | 7.8 |
| 2005-12-15 | CVE-2005-4269 | Denial-Of-Service vulnerability in Microsoft IE, Windows 2003 Server and Windows XP mshtml.dll in Microsoft Windows XP, Server 2003, and Internet Explorer 6.0 SP1 allows attackers to cause a denial of service (access violation) by causing mshtml.dll to process button-focus events at the same time that a document is reloading, as seen in Microsoft Office InfoPath 2003 by repeatedly clicking the "Delete" button in a repeating section in a form. | 7.8 |
| 2005-12-14 | CVE-2005-2831 | Unspecified vulnerability in Microsoft IE and Internet Explorer Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a web page with embedded CLSIDs that reference certain COM objects that are not intended for use within Internet Explorer, aka a variant of the "COM Object Instantiation Memory Corruption Vulnerability," a different vulnerability than CVE-2005-2127. | 7.5 |