Vulnerabilities > Microsoft
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2001-12-31 | CVE-2001-1519 | Unspecified vulnerability in Microsoft Windows 2000 ** DISPUTED ** RunAs (runas.exe) in Windows 2000 allows local users to create a spoofed named pipe when the service is stopped, then capture cleartext usernames and passwords when clients connect to the service. | 3.6 |
| 2001-12-31 | CVE-2001-1518 | Denial of Services vulnerability in Microsoft Windows 2000 RunAs Service RunAs (runas.exe) in Windows 2000 only creates one session instance at a time, which allows local users to cause a denial of service (RunAs hang) by creating a named pipe session with the authentication server without any request for service. | 2.1 |
| 2001-12-31 | CVE-2001-1517 | Unspecified vulnerability in Microsoft Windows 2000 ** DISPUTED ** RunAs (runas.exe) in Windows 2000 stores cleartext authentication information in memory, which could allow attackers to obtain usernames and passwords by executing a process that is allocated the same memory page after termination of a RunAs command. | 2.1 |
| 2001-12-31 | CVE-2001-1515 | Unspecified vulnerability in Microsoft Windows 2000 Macintosh clients, when using NT file system volumes on Windows 2000 SP1, create subdirectories and automatically modify the inherited NTFS permissions, which may cause the directories to have less restrictive permissions than intended. | 5.0 |
| 2001-12-31 | CVE-2001-1497 | Unspecified vulnerability in Microsoft IE and Internet Explorer Microsoft Internet Explorer 4.0 through 6.0 could allow local users to differentiate between alphanumeric and non-alphanumeric characters used in a password by pressing certain control keys that jump between non-alphanumeric characters, which makes it easier to conduct a brute-force password guessing attack. | 2.1 |
| 2001-12-31 | CVE-2001-1489 | Denial of Service vulnerability in Microsoft IE 6 Microsoft Internet Explorer 6 allows remote attackers to cause a denial of service (CPU consumption and memory leak) via a web page with a large number of images. | 5.0 |
| 2001-12-20 | CVE-2001-1219 | Unspecified vulnerability in Microsoft Internet Explorer 5.5/6.0 Microsoft Internet Explorer 6.0 and earlier allows malicious website operators to cause a denial of service (client crash) via JavaScript that continually refreshes the window via self.location. | 5.0 |
| 2001-12-20 | CVE-2001-1218 | Denial of Service vulnerability in Microsoft IE 5.0 Microsoft Internet Explorer for Unix 5.0SP1 allows local users to possibly cause a denial of service (crash) in CDE or the X server on Solaris 2.6 by rapidly scrolling Chinese characters or maximizing the window. | 2.1 |
| 2001-12-20 | CVE-2001-0879 | Unspecified vulnerability in Microsoft products Format string vulnerability in the C runtime functions in SQL Server 7.0 and 2000 allows attackers to cause a denial of service. | 5.0 |
| 2001-12-20 | CVE-2001-0877 | Denial of Service vulnerability in Microsoft Universal Plug and Play Simple Service Discovery Protocol Universal Plug and Play (UPnP) on Windows 98, 98SE, ME, and XP allows remote attackers to cause a denial of service via (1) a spoofed SSDP advertisement that causes the client to connect to a service on another machine that generates a large amount of traffic (e.g., chargen), or (2) via a spoofed SSDP announcement to broadcast or multicast addresses, which could cause all UPnP clients to send traffic to a single target system. | 5.0 |