Vulnerabilities > Microsoft

DATE CVE VULNERABILITY TITLE RISK
2004-09-16 CVE-2004-0869 Remote Security vulnerability in Microsoft IE 6
Internet Explorer does not prevent cookies that are sent over an insecure channel (HTTP) from also being sent over a secure channel (HTTPS/SSL) in the same domain, which could allow remote attackers to steal cookies and conduct unauthorized activities, aka "Cross Security Boundary Cookie Injection."
network
low complexity
microsoft
5.0
2004-09-16 CVE-2004-0866 Internet Explorer 6.0 allows web sites to set cookies for country-specific top-level domains, such as .ltd.uk, .plc.uk, and .sch.uk, which could allow remote attackers to perform a session fixation attack and hijack a user's HTTP session.
network
low complexity
kde mozilla microsoft suse
7.5
2004-09-15 CVE-2004-1686 Unspecified vulnerability in Microsoft IE 6.0
Internet Explorer 6.0 in Windows XP SP2 allows remote attackers to bypass the Information Bar prompt for ActiveX and Javascript via an XHTML page that contains an Internet Explorer formatted comment between the DOCTYPE tag and the HTML tag, as demonstrated using the DesignScience MathPlayer ActiveX plugin.
network
low complexity
microsoft
5.0
2004-08-31 CVE-2004-1649 Local Security vulnerability in Windows 2000 Server
Buffer overflow in Microsoft Msinfo32.exe might allow local users to execute arbitrary code via a long filename in the msinfo_file command line parameter.
local
low complexity
microsoft
7.2
2004-08-18 CVE-2004-0839 Internet Explorer in Windows XP SP2, and other versions including 5.01 and 5.5, allows remote attackers to install arbitrary programs via a web page that uses certain styles and the AnchorClick behavior, popup windows, and drag-and-drop capabilities to drop the program in the local startup folder, as demonstrated by "wottapoop.html".
network
low complexity
microsoft avaya nortel
5.0
2004-08-18 CVE-2004-0503 Unspecified vulnerability in Microsoft Outlook 2003
Microsoft Outlook 2003 allows remote attackers to bypass the default zone restrictions and execute script within media files via a Rich Text Format (RTF) message containing an OLE object for the Windows Media Player, which bypasses Media Player's setting to disallow scripting and may lead to unprompted installation of an executable when exploited in conjunction with predictable-file-location exposures such as CVE-2004-0502.
network
low complexity
microsoft
5.0
2004-08-18 CVE-2004-0502 Unspecified vulnerability in Microsoft Outlook 2003
Outlook 2003, when replying to an e-mail message, stores certain files in a predictable location for the "src" of an img tag of the original message, which allows remote attackers to bypass zone restrictions and exploit other issues that rely on predictable locations, as demonstrated using a shell: URI.
network
low complexity
microsoft
5.0
2004-08-18 CVE-2004-0501 Unspecified vulnerability in Microsoft Outlook 2003
Outlook 2003 allows remote attackers to bypass intended access restrictions and cause Outlook to request a URL from a remote site via an HTML e-mail message containing a Vector Markup Language (VML) entity whose src parameter points to the remote site, which could allow remote attackers to know when a message has been read, verify valid e-mail addresses, and possibly leak other information.
network
low complexity
microsoft
5.0
2004-08-06 CVE-2004-0549 Unspecified vulnerability in Microsoft Internet Explorer 5.01/5.5/6.0
The WebBrowser ActiveX control, or the Internet Explorer HTML rendering engine (MSHTML), as used in Internet Explorer 6, allows remote attackers to execute arbitrary code in the Local Security context by using the showModalDialog method and modifying the location to execute code such as Javascript, as demonstrated using (1) delayed HTTP redirect operations, and an HTTP response with a Location: header containing a "URL:" prepended to a "ms-its" protocol URI, or (2) modifying the location attribute of the window, as exploited by the Download.ject (aka Scob aka Toofer) using the ADODB.Stream object.
network
low complexity
microsoft
critical
10.0
2004-08-06 CVE-2004-0526 Unspecified vulnerability in Microsoft products
Unknown versions of Internet Explorer and Outlook allow remote attackers to spoof a legitimate URL in the status bar via A HREF tags with modified "alt" values that point to the legitimate site, combined with an image map whose href points to the malicious site, which facilitates a "phishing" attack.
network
low complexity
microsoft
5.0