Vulnerabilities > Microsoft

DATE CVE VULNERABILITY TITLE RISK
2001-12-20 CVE-2001-1219 Unspecified vulnerability in Microsoft Internet Explorer 5.5/6.0
Microsoft Internet Explorer 6.0 and earlier allows malicious website operators to cause a denial of service (client crash) via JavaScript that continually refreshes the window via self.location.
network
low complexity
microsoft
5.0
2001-12-20 CVE-2001-1218 Denial of Service vulnerability in Microsoft IE 5.0
Microsoft Internet Explorer for Unix 5.0SP1 allows local users to possibly cause a denial of service (crash) in CDE or the X server on Solaris 2.6 by rapidly scrolling Chinese characters or maximizing the window.
local
low complexity
microsoft
2.1
2001-12-20 CVE-2001-0879 Unspecified vulnerability in Microsoft products
Format string vulnerability in the C runtime functions in SQL Server 7.0 and 2000 allows attackers to cause a denial of service.
network
low complexity
microsoft
5.0
2001-12-20 CVE-2001-0877 Denial of Service vulnerability in Microsoft Universal Plug and Play Simple Service Discovery Protocol
Universal Plug and Play (UPnP) on Windows 98, 98SE, ME, and XP allows remote attackers to cause a denial of service via (1) a spoofed SSDP advertisement that causes the client to connect to a service on another machine that generates a large amount of traffic (e.g., chargen), or (2) via a spoofed SSDP announcement to broadcast or multicast addresses, which could cause all UPnP clients to send traffic to a single target system.
network
low complexity
microsoft
5.0
2001-12-20 CVE-2001-0876 Buffer Overflow vulnerability in Microsoft UPnP NOTIFY
Buffer overflow in Universal Plug and Play (UPnP) on Windows 98, 98SE, ME, and XP allows remote attackers to execute arbitrary code via a NOTIFY directive with a long Location URL.
network
low complexity
microsoft
7.5
2001-12-20 CVE-2001-0542 Buffer Overflow vulnerability in Microsoft SQL-Server 2000/7.0
Buffer overflows in Microsoft SQL Server 7.0 and 2000 allow attackers with access to SQL Server to execute arbitrary code through the functions (1) raiserror, (2) formatmessage, or (3) xp_sprintf.
network
low complexity
microsoft
7.5
2001-12-17 CVE-2001-1200 Unspecified vulnerability in Microsoft Windows XP
Microsoft Windows XP allows local users to bypass a locked screen and run certain programs that are associated with Hot Keys.
local
low complexity
microsoft
7.2
2001-12-14 CVE-2001-0727 Unspecified vulnerability in Microsoft Internet Explorer 5.5/6.0
Internet Explorer 6.0 allows remote attackers to execute arbitrary code by modifying the Content-Disposition and Content-Type header fields in a way that causes Internet Explorer to believe that the file is safe to open without prompting the user, aka the "File Execution Vulnerability."
network
low complexity
microsoft
7.5
2001-12-13 CVE-2001-0874 Unspecified vulnerability in Microsoft Internet Explorer 5.5/6.0
Internet Explorer 5.5 and 6.0 allow remote attackers to read certain files via HTML that passes information from a frame in the client's domain to a frame in the web site's domain, a variant of the "Frame Domain Verification" vulnerability.
network
low complexity
microsoft
5.0
2001-12-11 CVE-2001-1186 Unspecified vulnerability in Microsoft Internet Information Services 5.0
Microsoft IIS 5.0 allows remote attackers to cause a denial of service via an HTTP request with a content-length value that is larger than the size of the request, which prevents IIS from timing out the connection.
network
low complexity
microsoft
5.0