Vulnerabilities > Microsoft

DATE CVE VULNERABILITY TITLE RISK
2002-08-12 CVE-2002-0617 Unspecified vulnerability in Microsoft Excel and Office
The Macro Security Model in Microsoft Excel 2000 and 2002 for Windows allows remote attackers to execute code by creating a hyperlink on a drawing shape in a source workbook that points to a destination workbook containing an autoexecute macro, aka "Hyperlinked Excel Workbook Macro Bypass."
network
high complexity
microsoft
5.1
2002-08-12 CVE-2002-0616 Unspecified vulnerability in Microsoft Excel and Office
The Macro Security Model in Microsoft Excel 2000 and 2002 for Windows allows remote attackers to execute code by attaching an inline macro to an object within an Excel workbook, aka the "Excel Inline Macros Vulnerability."
network
high complexity
microsoft
5.1
2002-08-12 CVE-2002-0507 Improper Authentication vulnerability in multiple products
An interaction between Microsoft Outlook Web Access (OWA) with RSA SecurID allows local users to bypass the SecurID authentication for a previous user via several submissions of an OWA Authentication request with the proper OWA password for the previous user, which is eventually accepted by OWA.
local
low complexity
microsoft rsa CWE-287
2.1
2002-08-12 CVE-2002-0500 Unspecified vulnerability in Microsoft Internet Explorer
Internet Explorer 5.0 through 6.0 allows remote attackers to determine the existence of files on the client via an IMG tag with a dynsrc property that references the target file, which sets certain elements of the image object such as file size.
network
low complexity
microsoft
5.0
2002-08-12 CVE-2002-0481 Unspecified vulnerability in Microsoft Outlook 2002
An interaction between Windows Media Player (WMP) and Outlook 2002 allows remote attackers to bypass Outlook security settings and execute Javascript via an IFRAME in an HTML email message that references .WMS (Windows Media Skin) or other WMP media files, whose onload handlers execute the player.LaunchURL() Javascript function.
network
high complexity
microsoft
5.1
2002-08-12 CVE-2002-0472 Unspecified vulnerability in Microsoft MSN Messenger 3.6
MSN Messenger Service 3.6, and possibly other versions, uses weak authentication when exchanging messages between clients, which allows remote attackers to spoof messages from other users.
network
low complexity
microsoft
5.0
2002-08-12 CVE-2002-0461 Unspecified vulnerability in Microsoft Internet Explorer 5.0.1/5.5/6.0
Internet Explorer 5.01 through 6 allows remote attackers to cause a denial of service (application crash) via Javascript in a web page that calls location.replace on itself, causing a loop.
network
low complexity
microsoft
5.0
2002-08-12 CVE-2002-0422 Information Exposure vulnerability in Microsoft Internet Information Services 5.0
IIS 5 and 5.1 supporting WebDAV methods allows remote attackers to determine the internal IP address of the system (which may be obscured by NAT) via (1) a PROPFIND HTTP request with a blank Host header, which leaks the address in an HREF property in a 207 Multi-Status response, or (2) via the WRITE or MKCOL method, which leaks the IP in the Location server header.
network
high complexity
microsoft CWE-200
2.6
2002-08-12 CVE-2002-0421 Unspecified vulnerability in Microsoft Windows NT 4.0
IIS 4.0 allows local users to bypass the "User cannot change password" policy for Windows NT by directly calling .htr password changing programs in the /iisadmpwd directory, including (1) aexp2.htr, (2) aexp2b.htr, (3) aexp3.htr , or (4) aexp4.htr.
network
low complexity
microsoft
5.0
2002-08-12 CVE-2002-0419 Information Exposure vulnerability in Microsoft products
Information leaks in IIS 4 through 5.1 allow remote attackers to obtain potentially sensitive information or more easily conduct brute force attacks via responses from the server in which (2) in certain configurations, the server IP address is provided as the realm for Basic authentication, which could reveal real IP addresses that were obscured by NAT, or (3) when NTLM authentication is used, the NetBIOS name of the server and its Windows NT domain are revealed in response to an Authorization request.
network
low complexity
microsoft CWE-200
5.0