Vulnerabilities > Microsoft

DATE CVE VULNERABILITY TITLE RISK
2001-09-20 CVE-2001-0546 Denial of Service vulnerability in Microsoft ISA Server 2000
Memory leak in H.323 Gatekeeper Service in Microsoft Internet Security and Acceleration (ISA) Server 2000 allows remote attackers to cause a denial of service (resource exhaustion) via a large amount of malformed H.323 data.
network
low complexity
microsoft
5.0
2001-09-20 CVE-2001-0543 Memory Leak vulnerability in Microsoft Exchange Server, Windows 2000 and Windows NT
Memory leak in NNTP service in Windows NT 4.0 and Windows 2000 allows remote attackers to cause a denial of service (memory exhaustion) via a large number of malformed posts.
network
low complexity
microsoft CWE-401
5.0
2001-09-20 CVE-2001-0541 Buffer Overflow vulnerability in Microsoft Windows Media Player .NSC File
Buffer overflow in Microsoft Windows Media Player 7.1 and earlier allows remote attackers to execute arbitrary commands via a malformed Windows Media Station (.NSC) file.
network
low complexity
microsoft
7.5
2001-09-20 CVE-2001-0509 Improper Input Validation vulnerability in Microsoft products
Vulnerabilities in RPC servers in (1) Microsoft Exchange Server 2000 and earlier, (2) Microsoft SQL Server 2000 and earlier, (3) Windows NT 4.0, and (4) Windows 2000 allow remote attackers to cause a denial of service via malformed inputs.
network
low complexity
microsoft CWE-20
5.0
2001-09-20 CVE-2001-0508 Unspecified vulnerability in Microsoft Internet Information Services 5.0
Vulnerability in IIS 5.0 allows remote attackers to cause a denial of service (restart) via a long, invalid WebDAV request.
network
low complexity
microsoft
5.0
2001-09-20 CVE-2001-0507 Unspecified vulnerability in Microsoft Internet Information Services 5.0
IIS 5.0 uses relative paths to find system files that will run in-process, which allows local users to gain privileges via a Trojan horse file, aka the "System file listing privilege elevation" vulnerability.
local
low complexity
microsoft
7.2
2001-09-20 CVE-2001-0506 Buffer Overrun Privelege Elevation vulnerability in Microsoft products
Buffer overflow in ssinc.dll in IIS 5.0 and 4.0 allows local users to gain system privileges via a Server-Side Includes (SSI) directive for a long filename, which triggers the overflow when the directory name is added, aka the "SSI privilege elevation" vulnerability.
local
low complexity
microsoft
7.2
2001-09-14 CVE-2001-0986 File Information and Path Disclosure vulnerability in Microsoft Index Server 2.0
SQLQHit.asp sample file in Microsoft Index Server 2.0 allows remote attackers to obtain sensitive information such as the physical path, file attributes, or portions of source code by directly calling sqlqhit.asp with a CiScope parameter set to (1) webinfo, (2) extended_fileinfo, (3) extended_webinfo, or (4) fileinfo.
network
low complexity
microsoft
5.0
2001-09-12 CVE-2001-0999 Unspecified vulnerability in Microsoft Outlook Express 6.0
Outlook Express 6.00 allows remote attackers to execute arbitrary script by embedding SCRIPT tags in a message whose MIME content type is text/plain, contrary to the expected behavior that text/plain messages will not run script.
network
low complexity
microsoft
7.5
2001-09-07 CVE-2001-1099 Unrestricted Upload of File With Dangerous Type vulnerability in Symantec Norton Antivirus 2.5
The default configuration of Norton AntiVirus for Microsoft Exchange 2000 2.x allows remote attackers to identify the recipient's INBOX file path by sending an email with an attachment containing malicious content, which includes the path in the rejection notice.
network
low complexity
symantec microsoft CWE-434
5.0