Vulnerabilities > Microsoft

DATE CVE VULNERABILITY TITLE RISK
2001-12-31 CVE-2001-1571 Remote Desktop Plaintext Username vulnerability in Microsoft Windows XP
The Remote Desktop client in Windows XP sends the most recent user account name in cleartext, which could allow remote attackers to obtain terminal server user account names via sniffing.
network
low complexity
microsoft
5.0
2001-12-31 CVE-2001-1570 Unspecified vulnerability in Microsoft Windows XP
Windows XP with fast user switching and account lockout enabled allows local users to deny user account access by setting the fast user switch to the same user (self) multiple times, which causes other accounts to be locked out.
local
low complexity
microsoft
2.1
2001-12-31 CVE-2001-1560 Denial of Service vulnerability in Microsoft Windows 2000 and Windows XP
Win32k.sys (aka Graphics Device Interface (GDI)) in Windows 2000 and XP allows local users to cause a denial of service (system crash) by calling the ShowWindow function after receiving a WM_NCCREATE message.
local
low complexity
microsoft
2.1
2001-12-31 CVE-2001-1552 Denial of Service vulnerability in Windows ME Simple Service Discovery Protocol
ssdpsrv.exe in Windows ME allows remote attackers to cause a denial of service by sending multiple newlines in a Simple Service Discovery Protocol (SSDP) message.
network
low complexity
microsoft
5.0
2001-12-31 CVE-2001-1547 Remote Security vulnerability in Microsoft Outlook Express 6.0
Outlook Express 6.0, with "Do not allow attachments to be saved or opened that could potentially be a virus" enabled, does not block email attachments from forwarded messages, which could allow remote attackers to execute arbitrary code.
network
low complexity
microsoft
7.5
2001-12-31 CVE-2001-1539 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft Internet Explorer 6.0.2900
Stack consumption vulnerability in Internet Explorer The JavaScript settimeout function in Internet Explorer allows remote attackers to cause a denial of service (crash) via the JavaScript settimeout function.
network
low complexity
microsoft CWE-119
5.0
2001-12-31 CVE-2001-1518 Denial of Services vulnerability in Microsoft Windows 2000 RunAs Service
RunAs (runas.exe) in Windows 2000 only creates one session instance at a time, which allows local users to cause a denial of service (RunAs hang) by creating a named pipe session with the authentication server without any request for service.
local
low complexity
microsoft
2.1
2001-12-31 CVE-2001-1515 Improper Preservation of Permissions vulnerability in Microsoft Windows 2000
Macintosh clients, when using NT file system volumes on Windows 2000 SP1, create subdirectories and automatically modify the inherited NTFS permissions, which may cause the directories to have less restrictive permissions than intended.
network
low complexity
microsoft CWE-281
7.5
2001-12-31 CVE-2001-1497 Unspecified vulnerability in Microsoft IE and Internet Explorer
Microsoft Internet Explorer 4.0 through 6.0 could allow local users to differentiate between alphanumeric and non-alphanumeric characters used in a password by pressing certain control keys that jump between non-alphanumeric characters, which makes it easier to conduct a brute-force password guessing attack.
local
low complexity
microsoft
2.1
2001-12-31 CVE-2001-1489 Denial of Service vulnerability in Microsoft IE 6
Microsoft Internet Explorer 6 allows remote attackers to cause a denial of service (CPU consumption and memory leak) via a web page with a large number of images.
network
low complexity
microsoft
5.0