Vulnerabilities > Microsoft > Critical
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2004-07-07 | CVE-2004-0420 | Unspecified vulnerability in Microsoft IE and Internet Explorer The Windows Shell application in Windows 98, Windows ME, Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows remote attackers to execute arbitrary code by spoofing the type of a file via a CLSID specifier in the filename, as demonstrated using Internet Explorer 6.0.2800.1106 on Windows XP. | 10.0 |
2004-05-04 | CVE-2004-0380 | Unspecified vulnerability in Microsoft Outlook Express 5.5/6.0 The MHTML protocol handler in Microsoft Outlook Express 5.5 SP2 through Outlook Express 6 SP1 allows remote attackers to bypass domain restrictions and execute arbitrary code, as demonstrated on Internet Explorer using script in a compiled help (CHM) file that references the InfoTech Storage (ITS) protocol handlers such as (1) ms-its, (2) ms-itss, (3) its, or (4) mk:@MSITStore, aka the "MHTML URL Processing Vulnerability." | 10.0 |
2004-03-03 | CVE-2003-0825 | Improper Input Validation vulnerability in Microsoft Windows 2000, Windows 2003 Server and Windows NT The Windows Internet Naming Service (WINS) for Microsoft Windows Server 2003, and possibly Windows NT and Server 2000, does not properly validate the length of certain packets, which allows attackers to cause a denial of service and possibly execute arbitrary code. | 9.3 |
2004-02-17 | CVE-2003-0903 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft Data Access Components Buffer overflow in a component of Microsoft Data Access Components (MDAC) 2.5 through 2.8 allows remote attackers to execute arbitrary code via a malformed UDP response to a broadcast request. | 10.0 |
2004-02-17 | CVE-2003-0819 | Buffer Errors vulnerability in Microsoft Proxy Server 2.0 Buffer overflow in the H.323 filter of Microsoft Internet Security and Acceleration Server 2000 allows remote attackers to execute arbitrary code in the Microsoft Firewall Service via certain H.323 traffic, as demonstrated by the NISCC/OUSPG PROTOS test suite for the H.225 protocol. | 10.0 |
2004-01-20 | CVE-2003-1027 | Unspecified vulnerability in Microsoft IE and Internet Explorer Internet Explorer 5.01 through 6 SP1 allows remote attackers to direct drag and drop behaviors and other mouse click actions to other windows by using method caching (SaveRef) to access the window.moveBy method, which is otherwise inaccessible, as demonstrated by HijackClickV2, a different vulnerability than CVE-2003-0823, aka the "Function Pointer Drag and Drop Vulnerability." | 10.0 |
2004-01-20 | CVE-2003-1026 | Permissions, Privileges, and Access Controls vulnerability in Microsoft IE and Internet Explorer Internet Explorer 5.01 through 6 SP1 allows remote attackers to bypass zone restrictions via a javascript protocol URL in a sub-frame, which is added to the history list and executed in the top window's zone when the history.back (back) function is called, as demonstrated by BackToFramedJpu, aka the "Travel Log Cross Domain Vulnerability." | 9.3 |
2003-12-31 | CVE-2003-1357 | Configuration vulnerability in Replicom Proxyview ProxyView has a default administrator password of Administrator for Embedded Windows NT, which allows remote attackers to gain access. | 10.0 |
2003-11-17 | CVE-2003-0662 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft Windows 2000 Buffer overflow in Troubleshooter ActiveX Control (Tshoot.ocx) in Microsoft Windows 2000 SP4 and earlier allows remote attackers to execute arbitrary code via an HTML document with a long argument to the RunQuery2 method. | 9.3 |
2003-10-20 | CVE-2003-0347 | Buffer Overrun vulnerability in Microsoft Visual Basic For Applications Document Handling Heap-based buffer overflow in VBE.DLL and VBE6.DLL of Microsoft Visual Basic for Applications (VBA) SDK 5.0 through 6.3 allows remote attackers to execute arbitrary code via a document with a long ID parameter. | 10.0 |