Vulnerabilities > Microsoft

DATE CVE VULNERABILITY TITLE RISK
2000-05-11 CVE-2000-0419 Unspecified vulnerability in Microsoft products
The Office 2000 UA ActiveX Control is marked as "safe for scripting," which allows remote attackers to conduct unauthorized activities via the "Show Me" function in Office Help, aka the "Office 2000 UA Control" vulnerability.
network
low complexity
microsoft
7.5
2000-05-11 CVE-2000-0408 Unspecified vulnerability in Microsoft products
IIS 4.05 and 5.0 allow remote attackers to cause a denial of service via a long, complex URL that appears to contain a large number of file extensions, aka the "Malformed Extension Data in URL" vulnerability.
network
low complexity
microsoft
5.0
2000-05-10 CVE-2000-0304 Unspecified vulnerability in Microsoft products
Microsoft IIS 4.0 and 5.0 with the IISADMPWD virtual directory installed allows a remote attacker to cause a denial of service via a malformed request to the inetinfo.exe program, aka the "Undelimited .HTR Request" vulnerability.
network
low complexity
microsoft
5.0
2000-05-06 CVE-2000-0413 Path Disclosure vulnerability in Microsoft products
The shtml.exe program in the FrontPage extensions package of IIS 4.0 and 5.0 allows remote attackers to determine the physical path of HTML, HTM, ASP, and SHTML files by requesting a file that does not exist, which generates an error message that reveals the path.
network
low complexity
microsoft
5.0
2000-05-02 CVE-2000-0347 Unspecified vulnerability in Microsoft Windows 95 and Windows 98
Windows 95 and Windows 98 allow a remote attacker to cause a denial of service via a NetBIOS session request packet with a NULL source name.
network
low complexity
microsoft
5.0
2000-04-20 CVE-2000-0331 Unspecified vulnerability in Microsoft Terminal Server, Windows 2000 and Windows NT
Buffer overflow in Microsoft command processor (CMD.EXE) for Windows NT and Windows 2000 allows a local user to cause a denial of service via a long environment variable, aka the "Malformed Environment Variable" vulnerability.
network
low complexity
microsoft
5.0
2000-04-20 CVE-2000-0311 Unspecified vulnerability in Microsoft Windows 2000
The Windows 2000 domain controller allows a malicious user to modify Active Directory information by modifying an unprotected attribute, aka the "Mixed Object Access" vulnerability.
local
low complexity
microsoft
2.1
2000-04-19 CVE-2000-0256 Buffer Overflow vulnerability in Microsoft Frontpage, Personal web Server and Windows NT
Buffer overflows in htimage.exe and Imagemap.exe in FrontPage 97 and 98 Server Extensions allow a user to conduct activities that are not otherwise available through the web site, aka the "Server-Side Image Map Components" vulnerability.
network
low complexity
microsoft
7.5
2000-04-14 CVE-2000-1218 Origin Validation Error vulnerability in Microsoft products
The default configuration for the domain name resolver for Microsoft Windows 98, NT 4.0, 2000, and XP sets the QueryIpMatching parameter to 0, which causes Windows to accept DNS updates from hosts that it did not query, which allows remote attackers to poison the DNS cache.
network
low complexity
microsoft CWE-346
critical
9.8
2000-04-14 CVE-2000-0260 Unspecified vulnerability in Microsoft Frontpage and Visual Interdev
Buffer overflow in the dvwssr.dll DLL in Microsoft Visual Interdev 1.0 allows users to cause a denial of service or execute commands, aka the "Link View Server-Side Component" vulnerability.
network
low complexity
microsoft
7.5