Vulnerabilities > Microsoft
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2001-09-20 | CVE-2001-0546 | Denial of Service vulnerability in Microsoft ISA Server 2000 Memory leak in H.323 Gatekeeper Service in Microsoft Internet Security and Acceleration (ISA) Server 2000 allows remote attackers to cause a denial of service (resource exhaustion) via a large amount of malformed H.323 data. | 5.0 |
2001-09-20 | CVE-2001-0543 | Memory Leak vulnerability in Microsoft Exchange Server, Windows 2000 and Windows NT Memory leak in NNTP service in Windows NT 4.0 and Windows 2000 allows remote attackers to cause a denial of service (memory exhaustion) via a large number of malformed posts. | 5.0 |
2001-09-20 | CVE-2001-0541 | Buffer Overflow vulnerability in Microsoft Windows Media Player .NSC File Buffer overflow in Microsoft Windows Media Player 7.1 and earlier allows remote attackers to execute arbitrary commands via a malformed Windows Media Station (.NSC) file. | 7.5 |
2001-09-20 | CVE-2001-0509 | Improper Input Validation vulnerability in Microsoft products Vulnerabilities in RPC servers in (1) Microsoft Exchange Server 2000 and earlier, (2) Microsoft SQL Server 2000 and earlier, (3) Windows NT 4.0, and (4) Windows 2000 allow remote attackers to cause a denial of service via malformed inputs. | 5.0 |
2001-09-20 | CVE-2001-0508 | Unspecified vulnerability in Microsoft Internet Information Services 5.0 Vulnerability in IIS 5.0 allows remote attackers to cause a denial of service (restart) via a long, invalid WebDAV request. | 5.0 |
2001-09-20 | CVE-2001-0507 | Unspecified vulnerability in Microsoft Internet Information Services 5.0 IIS 5.0 uses relative paths to find system files that will run in-process, which allows local users to gain privileges via a Trojan horse file, aka the "System file listing privilege elevation" vulnerability. | 7.2 |
2001-09-20 | CVE-2001-0506 | Buffer Overrun Privelege Elevation vulnerability in Microsoft products Buffer overflow in ssinc.dll in IIS 5.0 and 4.0 allows local users to gain system privileges via a Server-Side Includes (SSI) directive for a long filename, which triggers the overflow when the directory name is added, aka the "SSI privilege elevation" vulnerability. | 7.2 |
2001-09-14 | CVE-2001-0986 | File Information and Path Disclosure vulnerability in Microsoft Index Server 2.0 SQLQHit.asp sample file in Microsoft Index Server 2.0 allows remote attackers to obtain sensitive information such as the physical path, file attributes, or portions of source code by directly calling sqlqhit.asp with a CiScope parameter set to (1) webinfo, (2) extended_fileinfo, (3) extended_webinfo, or (4) fileinfo. | 5.0 |
2001-09-12 | CVE-2001-0999 | Unspecified vulnerability in Microsoft Outlook Express 6.0 Outlook Express 6.00 allows remote attackers to execute arbitrary script by embedding SCRIPT tags in a message whose MIME content type is text/plain, contrary to the expected behavior that text/plain messages will not run script. | 7.5 |
2001-09-07 | CVE-2001-1099 | Unrestricted Upload of File With Dangerous Type vulnerability in Symantec Norton Antivirus 2.5 The default configuration of Norton AntiVirus for Microsoft Exchange 2000 2.x allows remote attackers to identify the recipient's INBOX file path by sending an email with an attachment containing malicious content, which includes the path in the rejection notice. | 5.0 |