Vulnerabilities > Microsoft
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2002-03-08 | CVE-2002-0057 | Unspecified vulnerability in Microsoft products XMLHTTP control in Microsoft XML Core Services 2.6 and later does not properly handle IE Security Zone settings, which allows remote attackers to read arbitrary files by specifying a local file as an XML Data Source. | 5.0 |
| 2002-03-08 | CVE-2002-0056 | Buffer Overflow vulnerability in Microsoft SQL Server OLE DB Provider Name Buffer overflow in SQL Server 7.0 and 2000 allows remote attackers to execute arbitrary code via a long OLE DB provider name to (1) OpenDataSource or (2) OpenRowset in an ad hoc connection. | 7.5 |
| 2002-03-08 | CVE-2002-0055 | Incorrect Resource Transfer Between Spheres vulnerability in Microsoft Exchange Server, Windows 2000 and Windows XP SMTP service in Microsoft Windows 2000, Windows XP Professional, and Exchange 2000 allows remote attackers to cause a denial of service via a command with a malformed data transfer (BDAT) request. | 5.0 |
| 2002-03-08 | CVE-2002-0054 | Authentication Bypass BY Capture-Replay vulnerability in Microsoft Exchange Server and Windows 2000 SMTP service in (1) Microsoft Windows 2000 and (2) Internet Mail Connector (IMC) in Exchange Server 5.5 does not properly handle responses to NTLM authentication, which allows remote attackers to perform mail relaying via an SMTP AUTH command using null session credentials. | 7.5 |
| 2002-03-08 | CVE-2002-0053 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft products Buffer overflow in SNMP agent service in Windows 95/98/98SE, Windows NT 4.0, Windows 2000, and Windows XP allows remote attackers to cause a denial of service or execute arbitrary code via a malformed management request. | 7.5 |
| 2002-03-08 | CVE-2002-0052 | Unspecified vulnerability in Microsoft Internet Explorer Internet Explorer 6.0 and earlier does not properly handle VBScript in certain domain security checks, which allows remote attackers to read arbitrary files. | 5.0 |
| 2002-03-08 | CVE-2002-0050 | Buffer Overflow vulnerability in Microsoft Commerce Server 2000 Buffer overflow in AuthFilter ISAPI filter on Microsoft Commerce Server 2000 allows remote attackers to execute arbitrary code via long authentication data. | 7.5 |
| 2002-03-08 | CVE-2002-0049 | Improper Privilege Management vulnerability in Microsoft Exchange Server 2000 Microsoft Exchange Server 2000 System Attendant gives "Everyone" group privileges to the WinReg key, which could allow remote attackers to read or modify registry keys. | 6.4 |
| 2002-03-08 | CVE-2002-0027 | Unspecified vulnerability in Microsoft Internet Explorer 5.5/6.0 Internet Explorer 5.5 and 6.0 allows remote attackers to read certain files and spoof the URL in the address bar by using the Document.open function to pass information between two frames from different domains, a new variant of the "Frame Domain Verification" vulnerability described in MS:MS01-058/CAN-2001-0874. | 7.5 |
| 2002-03-08 | CVE-2002-0026 | Unspecified vulnerability in Microsoft Internet Explorer 5.5/6.0 Internet Explorer 5.5 and 6.0 allows remote attackers to bypass restrictions for executing scripts via an object that processes asynchronous events after the initial security checks have been made. | 7.5 |