Vulnerabilities > Microsoft
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2003-08-18 | CVE-2001-1410 | Unspecified vulnerability in Microsoft Internet Explorer 5.5/6.0 Internet Explorer 6 and earlier allows remote attackers to create chromeless windows using the Javascript window.createPopup method, which could allow attackers to simulate a victim's display and conduct unauthorized activities or steal sensitive data via social engineering. | 5.0 |
| 2003-08-07 | CVE-2003-0507 | Remote Stack Overflow vulnerability in Microsoft Windows 2000 Active Directory Stack-based buffer overflow in Active Directory in Windows 2000 before SP4 allows remote attackers to cause a denial of service (reboot) and possibly execute arbitrary code via an LDAP version 3 search request with a large number of (1) "AND," (2) "OR," and possibly other statements, which causes LSASS.EXE to crash. | 7.5 |
| 2003-08-07 | CVE-2003-0506 | Denial-Of-Service vulnerability in Microsoft Netmeeting 3.0.1 Microsoft NetMeeting 3.01 2000 before SP4 allows remote attackers to cause a denial of service (shutdown of NetMeeting conference) via malformed packets, as demonstrated via the chat conversation. | 5.0 |
| 2003-08-07 | CVE-2003-0505 | Directory Traversal vulnerability in Microsoft Netmeeting 3.0.1 Directory traversal vulnerability in Microsoft NetMeeting 3.01 2000 before SP4 allows remote attackers to read arbitrary files via "..\.." (dot dot) sequences in a file transfer request. | 5.0 |
| 2003-08-07 | CVE-2003-0503 | Denial-Of-Service vulnerability in Windows 2000 Server Buffer overflow in the ShellExecute API function of SHELL32.DLL in Windows 2000 before SP4 may allow attackers to cause a denial of service or execute arbitrary code via a long third argument. | 7.5 |
| 2003-08-07 | CVE-2003-0469 | Buffer Overflow vulnerability in Microsoft Windows HTML Converter HR Align Buffer overflow in the HTML Converter (HTML32.cnv) on various Windows operating systems allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via cut-and-paste operation, as demonstrated in Internet Explorer 5.0 using a long "align" argument in an HR tag. | 7.5 |
| 2003-07-24 | CVE-2003-0447 | Unspecified vulnerability in Microsoft Internet Explorer 5.01/5.5/6.0 The Custom HTTP Errors capability in Internet Explorer 5.01, 5.5 and 6.0 allows remote attackers to execute script in the Local Zone via an argument to shdocvw.dll that causes a "javascript:" link to be generated. | 5.1 |
| 2003-07-24 | CVE-2003-0446 | Unspecified vulnerability in Microsoft Internet Explorer 5.5/6.0 Cross-site scripting (XSS) in Internet Explorer 5.5 and 6.0, possibly in a component that is also used by other Microsoft products, allows remote attackers to insert arbitrary web script via an XML file that contains a parse error, which inserts the script in the resulting error message. network microsoft | 4.3 |
| 2003-07-24 | CVE-2003-0349 | Unspecified vulnerability in Microsoft Windows 2000 Buffer overflow in the streaming media component for logging multicast requests in the ISAPI for the logging capability of Microsoft Windows Media Services (nsiislog.dll), as installed in IIS 5.0, allows remote attackers to execute arbitrary code via a large POST request to nsiislog.dll. | 7.5 |
| 2003-07-24 | CVE-2003-0348 | Unspecified vulnerability in Microsoft Windows Media Player 9 A certain Microsoft Windows Media Player 9 Series ActiveX control allows remote attackers to view and manipulate the Media Library on the local system via HTML script. | 6.4 |