Vulnerabilities > Microsoft
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2002-03-08 | CVE-2002-0024 | Unspecified vulnerability in Microsoft Internet Explorer 5.01/5.5/6.0 File Download box in Internet Explorer 5.01, 5.5 and 6.0 allows an attacker to use the Content-Disposition and Content-Type HTML header fields to modify how the name of the file is displayed, which could trick a user into believing that a file is safe to download. | 7.5 |
| 2002-03-08 | CVE-2002-0023 | Unspecified vulnerability in Microsoft Internet Explorer 5.01/5.5/6.0 Internet Explorer 5.01, 5.5 and 6.0 allows remote attackers to read arbitrary files via malformed requests to the GetObject function, which bypass some of GetObject's security checks. | 5.0 |
| 2002-03-08 | CVE-2002-0022 | Unspecified vulnerability in Microsoft Internet Explorer 5.5/6.0 Buffer overflow in the implementation of an HTML directive in mshtml.dll in Internet Explorer 5.5 and 6.0 allows remote attackers to execute arbitrary code via a web page that specifies embedded ActiveX controls in a way that causes 2 Unicode strings to be concatenated. | 7.5 |
| 2002-03-08 | CVE-2002-0021 | Denial of Service vulnerability in Microsoft Office V.X Network Product Identification (PID) Checker in Microsoft Office v. | 5.0 |
| 2002-03-08 | CVE-2002-0020 | Buffer Overflow vulnerability in Microsoft Telnet Server Buffer overflow in telnet server in Windows 2000 and Interix 2.2 allows remote attackers to execute arbitrary code via malformed protocol options. | 7.5 |
| 2002-03-08 | CVE-2002-0018 | Privilege Escalation vulnerability in Microsoft Windows 2000 and Windows NT In Microsoft Windows NT and Windows 2000, a trusting domain that receives authorization information from a trusted domain does not verify that the trusted domain is authoritative for all listed SIDs, which allows remote attackers to gain Domain Administrator privileges on the trusting domain by injecting SIDs from untrusted domains into the authorization data that comes from from the trusted domain. | 10.0 |
| 2002-01-13 | CVE-2002-0077 | Unspecified vulnerability in Microsoft Internet Explorer 5.0.1/5.5/6.0 Microsoft Internet Explorer 5.01, 5.5 and 6.0 treats objects invoked on an HTML page with the codebase property as part of Local Computer zone, which allows remote attackers to invoke executables present on the local system through objects such as the popup object, aka the "Local Executable Invocation via Object tag" vulnerability. | 7.5 |
| 2001-12-31 | CVE-2001-1571 | Remote Desktop Plaintext Username vulnerability in Microsoft Windows XP The Remote Desktop client in Windows XP sends the most recent user account name in cleartext, which could allow remote attackers to obtain terminal server user account names via sniffing. | 5.0 |
| 2001-12-31 | CVE-2001-1570 | Unspecified vulnerability in Microsoft Windows XP Windows XP with fast user switching and account lockout enabled allows local users to deny user account access by setting the fast user switch to the same user (self) multiple times, which causes other accounts to be locked out. | 2.1 |
| 2001-12-31 | CVE-2001-1560 | Denial of Service vulnerability in Microsoft Windows 2000 and Windows XP Win32k.sys (aka Graphics Device Interface (GDI)) in Windows 2000 and XP allows local users to cause a denial of service (system crash) by calling the ShowWindow function after receiving a WM_NCCREATE message. | 2.1 |