Vulnerabilities > Microsoft
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2006-03-30 | CVE-2006-1510 | Buffer Overflow vulnerability in Microsoft .NET Framework SDK MSIL Tools Buffer overflow in calloc.c in the Microsoft Windows XP SP2 ntdll.dll system library, when used by the ILDASM disassembler in the Microsoft .NET 1.0 and 1.1 SDK, might allow user-assisted attackers to execute arbitrary code via a crafted .dll file with a large static method. | 4.0 |
2006-03-29 | CVE-2006-1476 | Remote Security vulnerability in Windows XP Tablet PC Edition Windows Firewall in Microsoft Windows XP SP2 produces incorrect application block alerts when the application filename is ".exe" (with no characters before the "."), which might allow local user-assisted users to trick a user into unblocking a Trojan horse program, as demonstrated by a malicious ".exe" program in a folder named "Internet Explorer," which triggers a question about whether to unblock the "Internet Explorer" program. | 2.6 |
2006-03-29 | CVE-2006-1475 | Local Security vulnerability in Windows XP Tablet PC Edition Windows Firewall in Microsoft Windows XP SP2 does not produce application alerts when an application is executed using the NTFS Alternate Data Streams (ADS) filename:stream syntax, which might allow local users to launch a Trojan horse attack in which the victim does not obtain the alert that Windows Firewall would have produced for a non-ADS file. | 2.1 |
2006-03-24 | CVE-2006-1388 | Unspecified vulnerability in Microsoft IE and Internet Explorer Unspecified vulnerability in Microsoft Internet Explorer 6.0 allows remote attackers to execute HTA files via unknown vectors. | 7.5 |
2006-03-23 | CVE-2006-1364 | Resource Exhaustion vulnerability in Microsoft Asp.Net 1.0/1.1 Microsoft w3wp (aka w3wp.exe) does not properly handle when the AspCompat directive is not used when referencing COM components in ASP.NET, which allows remote attackers to cause a denial of service (resource consumption or crash) by repeatedly requesting each of several documents that refer to COM components, or are restricted documents located under the ASP.NET application path. | 7.8 |
2006-03-23 | CVE-2006-1359 | Code Injection vulnerability in Microsoft IE and Internet Explorer Microsoft Internet Explorer 6 and 7 Beta 2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a certain createTextRange call on a checkbox object, which results in a dereference of an invalid table pointer. | 9.3 |
2006-03-19 | CVE-2006-1257 | Authentication Bypass vulnerability in Microsoft Commerce Server 2002 The sample files in the authfiles directory in Microsoft Commerce Server 2002 before SP2 allow remote attackers to bypass authentication by logging in to authfiles/login.asp with a valid username and any password, then going to the main site twice. | 7.5 |
2006-03-17 | CVE-2006-1245 | Buffer Overflow vulnerability in Microsoft IE 6.0 Buffer overflow in mshtml.dll in Microsoft Internet Explorer 6.0.2900.2180, and probably other versions, allows remote attackers to execute arbitrary code via an HTML tag with a large number of script action handlers such as onload and onmouseover, as demonstrated using onclick, aka the "Multiple Event Handler Memory Corruption Vulnerability." | 7.5 |
2006-03-14 | CVE-2006-0031 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft Office Stack-based buffer overflow in Microsoft Excel 2000, 2002, and 2003, in Microsoft Office 2000 SP3 and other packages, allows user-assisted attackers to execute arbitrary code via an Excel file with a malformed record with a modified length value, which leads to memory corruption. | 5.1 |
2006-03-14 | CVE-2006-0030 | Unspecified vulnerability in Microsoft Excel and Office Unspecified vulnerability in Microsoft Excel 2000, 2002, and 2003, in Microsoft Office 2000 SP3 and other packages, allows user-assisted attackers to execute arbitrary code via an Excel file with a malformed graphic, which leads to memory corruption. | 5.1 |