Vulnerabilities > Microsoft
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2001-09-20 | CVE-2001-0508 | Unspecified vulnerability in Microsoft Internet Information Services 5.0 Vulnerability in IIS 5.0 allows remote attackers to cause a denial of service (restart) via a long, invalid WebDAV request. | 5.0 |
| 2001-09-20 | CVE-2001-0507 | Unspecified vulnerability in Microsoft Internet Information Services 5.0 IIS 5.0 uses relative paths to find system files that will run in-process, which allows local users to gain privileges via a Trojan horse file, aka the "System file listing privilege elevation" vulnerability. | 7.2 |
| 2001-09-20 | CVE-2001-0506 | Buffer Overrun Privelege Elevation vulnerability in Microsoft products Buffer overflow in ssinc.dll in IIS 5.0 and 4.0 allows local users to gain system privileges via a Server-Side Includes (SSI) directive for a long filename, which triggers the overflow when the directory name is added, aka the "SSI privilege elevation" vulnerability. | 7.2 |
| 2001-09-14 | CVE-2001-0986 | File Information and Path Disclosure vulnerability in Microsoft Index Server 2.0 SQLQHit.asp sample file in Microsoft Index Server 2.0 allows remote attackers to obtain sensitive information such as the physical path, file attributes, or portions of source code by directly calling sqlqhit.asp with a CiScope parameter set to (1) webinfo, (2) extended_fileinfo, (3) extended_webinfo, or (4) fileinfo. | 5.0 |
| 2001-09-12 | CVE-2001-0999 | Unspecified vulnerability in Microsoft Outlook Express 6.0 Outlook Express 6.00 allows remote attackers to execute arbitrary script by embedding SCRIPT tags in a message whose MIME content type is text/plain, contrary to the expected behavior that text/plain messages will not run script. | 7.5 |
| 2001-09-07 | CVE-2001-1099 | Unrestricted Upload of File With Dangerous Type vulnerability in Symantec Norton Antivirus 2.5 The default configuration of Norton AntiVirus for Microsoft Exchange 2000 2.x allows remote attackers to identify the recipient's INBOX file path by sending an email with an attachment containing malicious content, which includes the path in the rejection notice. | 5.0 |
| 2001-08-31 | CVE-2001-1452 | Origin Validation Error vulnerability in Microsoft Windows 2000 and Windows NT By default, DNS servers on Windows NT 4.0 and Windows 2000 Server cache glue records received from non-delegated name servers, which allows remote attackers to poison the DNS cache via spoofed DNS responses. | 7.5 |
| 2001-08-31 | CVE-2000-1200 | Unspecified vulnerability in Microsoft Windows NT 4.0 Windows NT allows remote attackers to list all users in a domain by obtaining the domain SID with the LsaQueryInformationPolicy policy function via a null session and using the SID to list the users. | 5.0 |
| 2001-08-14 | CVE-2001-0628 | Unspecified vulnerability in Microsoft Word 2000 Microsoft Word 2000 does not check AutoRecovery (.asd) files for macros, which allows a local attacker to execute arbitrary macros with the user ID of the Word user. | 7.2 |
| 2001-08-14 | CVE-2001-0538 | Unspecified vulnerability in Microsoft Outlook Microsoft Outlook View ActiveX Control in Microsoft Outlook 2002 and earlier allows remote attackers to execute arbitrary commands via a malicious HTML e-mail message or web page. | 10.0 |