Vulnerabilities > Microsoft
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-12-15 | CVE-2006-6602 | Denial of Service vulnerability in Microsoft Windows Explorer and Windows XP explorer.exe in Windows Explorer 6.00.2900.2180 in Microsoft Windows XP SP2 allows user-assisted remote attackers to cause a denial of service via a crafted WMV file. network microsoft | 4.3 |
| 2006-12-15 | CVE-2006-6601 | Resource Management Errors vulnerability in multiple products Windows Media Player 10.00.00.4036 in Microsoft Windows XP SP2 allows user-assisted remote attackers to cause a denial of service via a .MID (MIDI) file with a malformed header chunk without any track chunks, possibly involving (1) number of tracks of (2) time division fields that are set to 0. | 4.3 |
| 2006-12-15 | CVE-2006-6579 | Unspecified vulnerability in Microsoft products Microsoft Windows XP has weak permissions (FILE_WRITE_DATA and FILE_READ_DATA for Everyone) for %WINDIR%\pchealth\ERRORREP\QHEADLES, which allows local users to write and read files in this folder, as demonstrated by an ASP shell that has write access by IWAM_machine and read access by IUSR_Machine. local microsoft | 4.4 |
| 2006-12-15 | CVE-2006-6578 | Unspecified vulnerability in Microsoft Internet Information Services 5.1 Microsoft Internet Information Services (IIS) 5.1 permits the IUSR_Machine account to execute non-EXE files such as .COM files, which allows attackers to execute arbitrary commands via arguments to any .COM file that executes those arguments, as demonstrated using win.com when it is in a web directory with certain permissions. | 7.5 |
| 2006-12-14 | CVE-2006-6561 | Unspecified vulnerability in Microsoft products Unspecified vulnerability in Microsoft Word 2000, 2002, and Word Viewer 2003 allows user-assisted remote attackers to execute arbitrary code via a crafted DOC file that triggers memory corruption, as demonstrated via the 12122006-djtest.doc file, a different issue than CVE-2006-5994 and CVE-2006-6456. | 9.3 |
| 2006-12-13 | CVE-2006-5585 | Permissions, Privileges, and Access Controls vulnerability in Microsoft Windows 2003 Server and Windows XP The Client-Server Run-time Subsystem in Microsoft Windows XP SP2 and Server 2003 allows local users to gain privileges via a crafted file manifest within an application, aka "File Manifest Corruption Vulnerability." | 7.2 |
| 2006-12-13 | CVE-2006-5584 | Remote Installation Service Remote Code Execution vulnerability in Microsoft Windows 2000 The Remote Installation Service (RIS) in Microsoft Windows 2000 SP4 uses a TFTP server that allows anonymous access, which allows remote attackers to upload and overwrite arbitrary files to gain privileges on systems that use RIS. | 7.5 |
| 2006-12-13 | CVE-2006-4702 | Remote ASF File Buffer Overflow vulnerability in Microsoft products Buffer overflow in the Windows Media Format Runtime in Microsoft Windows Media Player (WMP) 6.4 and Windows XP SP2, Server 2003, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a crafted Advanced Systems Format (ASF) file. network microsoft | 6.8 |
| 2006-12-13 | CVE-2006-2386 | Remote Code Execution vulnerability in Microsoft Outlook Express Windows Address Book Contact Record Unspecified vulnerability in Microsoft Outlook Express 6 and earlier allows remote attackers to execute arbitrary code via a crafted contact record in a Windows Address Book (WAB) file. network microsoft | 6.8 |
| 2006-12-12 | CVE-2006-5583 | Remote Code Execution vulnerability in Microsoft Windows 2003 Server 2000/Sp1/Xpsp2 Buffer overflow in the SNMP Service in Microsoft Windows 2000 SP4, XP SP2, Server 2003, Server 2003 SP1, and possibly other versions allows remote attackers to execute arbitrary code via a crafted SNMP packet, aka "SNMP Memory Corruption Vulnerability." | 10.0 |