Vulnerabilities > Microsoft > Critical

DATE CVE VULNERABILITY TITLE RISK
2002-12-31 CVE-2002-1918 Buffer Overflow vulnerability in Microsoft Data Access Components 2.5/2.6/2.7
Buffer overflow in Microsoft Active Data Objects (ADO) in Microsoft MDAC 2.5 through 2.7 allows remote attackers to have unknown impact with unknown attack vectors.
network
low complexity
microsoft
critical
10.0
2002-12-23 CVE-2002-1257 Unspecified vulnerability in Microsoft products
Microsoft Virtual Machine (VM) up to and including build 5.0.3805 allows remote attackers to execute arbitrary code by including a Java applet that invokes COM (Component Object Model) objects in a web site or an HTML mail.
network
low complexity
microsoft
critical
10.0
2002-10-28 CVE-2002-1145 Privilege Escalation vulnerability in Microsoft Data Engine and SQL Server
The xp_runwebtask stored procedure in the Web Tasks component of Microsoft SQL Server 7.0 and 2000, Microsoft Data Engine (MSDE) 1.0, and Microsoft Desktop Engine (MSDE) 2000 can be executed by PUBLIC, which allows an attacker to gain privileges by updating a webtask that is owned by the database owner through the msdb.dbo.mswebtasks table, which does not have strong permissions.
network
low complexity
microsoft
critical
10.0
2002-09-05 CVE-2002-0721 Unspecified vulnerability in Microsoft Data Engine and SQL Server
Microsoft SQL Server 7.0 and 2000 installs with weak permissions for extended stored procedures that are associated with helper functions, which could allow unprivileged users, and possibly remote attackers, to run stored procedures with administrator privileges via (1) xp_execresultset, (2) xp_printstatements, or (3) xp_displayparamstmt.
network
low complexity
microsoft
critical
10.0
2002-08-12 CVE-2002-0736 Authentication Bypass vulnerability in Microsoft BackOffice Server Web Administration
Microsoft BackOffice 4.0 and 4.5, when configured to be accessible by other systems, allows remote attackers to bypass authentication and access the administrative ASP pages via an HTTP request with an authorization type (auth_type) that is not blank.
network
low complexity
microsoft
critical
10.0
2002-08-12 CVE-2002-0697 Remote LDAP Client Administration vulnerability in Microsoft Metadirectory Services 2.2
Microsoft Metadirectory Services (MMS) 2.2 allows remote attackers to bypass authentication and modify sensitive data by using an LDAP client to directly connect to MMS and bypass the checks for MMS credentials.
network
low complexity
microsoft
critical
10.0
2002-08-12 CVE-2002-0391 Integer Overflow or Wraparound vulnerability in multiple products
Integer overflow in xdr_array function in RPC servers for operating systems that use libc, glibc, or other code based on SunRPC including dietlibc, allows remote attackers to execute arbitrary code by passing a large number of arguments to xdr_array through RPC services such as rpc.cmsd and dmispd.
network
low complexity
openbsd sun freebsd microsoft CWE-190
critical
9.8
2002-07-26 CVE-2002-0369 Buffer Overflow vulnerability in Microsoft .Net Framework 1.0
Buffer overflow in ASP.NET Worker Process allows remote attackers to cause a denial of service (restart) and possibly execute arbitrary code via a routine that processes cookies while in StateServer mode.
network
low complexity
microsoft
critical
10.0
2002-03-08 CVE-2002-0018 Privilege Escalation vulnerability in Microsoft Windows 2000 and Windows NT
In Microsoft Windows NT and Windows 2000, a trusting domain that receives authorization information from a trusted domain does not verify that the trusted domain is authoritative for all listed SIDs, which allows remote attackers to gain Domain Administrator privileges on the trusting domain by injecting SIDs from untrusted domains into the authorization data that comes from from the trusted domain.
network
low complexity
microsoft
critical
10.0
2001-08-14 CVE-2001-0538 Unspecified vulnerability in Microsoft Outlook
Microsoft Outlook View ActiveX Control in Microsoft Outlook 2002 and earlier allows remote attackers to execute arbitrary commands via a malicious HTML e-mail message or web page.
network
low complexity
microsoft
critical
10.0