Vulnerabilities > Microsoft
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2006-12-31 | CVE-2006-5265 | Improper Input Validation vulnerability in Microsoft Dynamics GP Unspecified vulnerability in Microsoft Dynamics GP (formerly Great Plains) 9.0 and earlier allows remote attackers to cause a denial of service (crash) via an invalid magic number in a Distributed Process Server (DPS) message. | 5.0 |
2006-12-31 | CVE-2006-4695 | Code Injection vulnerability in Microsoft Office web Components 2000 Unspecified vulnerability in certain COM objects in Microsoft Office Web Components 2000 allows user-assisted remote attackers to execute arbitrary code via a crafted URL, aka "Office Web Components URL Parsing Vulnerability." | 9.3 |
2006-12-31 | CVE-2006-1305 | Resource Management Errors vulnerability in Microsoft Office and Outlook Microsoft Outlook 2000, 2002, and 2003 allows user-assisted remote attackers to cause a denial of service (memory exhaustion and interrupted mail recovery) via malformed e-mail header information, possibly related to (1) long subject lines or (2) large numbers of recipients in To or CC headers. | 4.3 |
2006-12-28 | CVE-2006-6797 | Unspecified vulnerability in Microsoft Windows XP The Client Server Run-Time Subsystem (CSRSS) in Microsoft Windows allows local users to cause a denial of service (crash) or read arbitrary memory from csrss.exe via crafted arguments to the NtRaiseHardError function with status 0x50000018, a different vulnerability than CVE-2006-6696. | 6.6 |
2006-12-27 | CVE-2006-6753 | Remote Security vulnerability in Windows Event Viewer Event Viewer (eventvwr.exe) in Microsoft Windows does not properly display log data that contains '%' (percent) characters, which might make it impossible to use Event Viewer to determine the actual data that triggered an event, and might produce long strings that are not properly handled by certain processes that rely on Event Viewer. low complexity microsoft | 4.1 |
2006-12-26 | CVE-2006-6723 | Resource Management Errors vulnerability in Microsoft Windows 2000 and Windows XP The Workstation service in Microsoft Windows 2000 SP4 and XP SP2 allows remote attackers to cause a denial of service (memory consumption) via a large maxlen value in an NetrWkstaUserEnum RPC request. | 7.8 |
2006-12-22 | CVE-2006-6696 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft products Double free vulnerability in Microsoft Windows 2000, XP, 2003, and Vista allows local users to gain privileges by calling the MessageBox function with a MB_SERVICE_NOTIFICATION message with crafted data, which sends a HardError message to Client/Server Runtime Server Subsystem (CSRSS) process, which is not properly handled when invoking the UserHardError and GetHardErrorText functions in WINSRV.DLL. | 6.9 |
2006-12-20 | CVE-2006-6659 | Remote Internet Explorer Denial of Service vulnerability in Microsoft IE, Outlook and Windows XP The Microsoft Office Outlook Recipient ActiveX control (ole32.dll) in Windows XP SP2 allows remote attackers to cause a denial of service (Internet Explorer 7 hang) via crafted HTML. | 5.0 |
2006-12-18 | CVE-2006-6617 | Information Disclosure vulnerability in Microsoft Project Server 2003 projectserver/logon/pdsrequest.asp in Microsoft Project Server 2003 allows remote authenticated users to obtain the MSProjectUser password for a SQL database via a GetInitializationData request, which includes the information in the UserName and Password tags of the response. | 6.5 |
2006-12-15 | CVE-2006-6602 | Denial of Service vulnerability in Microsoft Windows Explorer and Windows XP explorer.exe in Windows Explorer 6.00.2900.2180 in Microsoft Windows XP SP2 allows user-assisted remote attackers to cause a denial of service via a crafted WMV file. network microsoft | 4.3 |