Vulnerabilities > Microsoft > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2001-07-21 | CVE-2001-0500 | Buffer Overflow vulnerability in Microsoft products Buffer overflow in ISAPI extension (idq.dll) in Index Server 2.0 and Indexing Service 2000 in IIS 6.0 beta and earlier allows remote attackers to execute arbitrary commands via a long argument to Internet Data Administration (.ida) and Internet Data Query (.idq) files such as default.ida, as commonly exploited by Code Red. | 10.0 |
| 2001-06-27 | CVE-2001-0241 | Buffer Overflow vulnerability in Microsoft IIS 5.0 .printer ISAPI Extension Buffer overflow in Internet Printing ISAPI extension in Windows 2000 allows remote attackers to gain root privileges via a long print request that is passed to the extension through IIS 5.0. | 10.0 |
| 2001-05-03 | CVE-2001-0147 | Unspecified vulnerability in Microsoft Windows 2000 Buffer overflow in Windows 2000 event viewer snap-in allows attackers to execute arbitrary commands via a malformed field that is improperly handled during the detailed view of event records. | 10.0 |
| 2001-02-16 | CVE-2001-0045 | Unspecified vulnerability in Microsoft Windows NT 4.0/Terminalserver The default permissions for the RAS Administration key in Windows NT 4.0 allows local users to execute arbitrary commands by changing the value to point to a malicious DLL, aka one of the "Registry Permissions" vulnerabilities. | 10.0 |
| 2001-01-09 | CVE-2000-1089 | Unspecified vulnerability in Microsoft Windows 2000 and Windows NT Buffer overflow in Microsoft Phone Book Service allows local users to execute arbitrary commands, aka the "Phone Book Service Buffer Overflow" vulnerability. | 10.0 |
| 2000-12-11 | CVE-2000-1034 | Unspecified vulnerability in Microsoft Windows 2000 Buffer overflow in the System Monitor ActiveX control in Windows 2000 allows remote attackers to execute arbitrary commands via a long LogFileName parameter in HTML source code, aka the "ActiveX Parameter Validation" vulnerability. | 10.0 |
| 2000-11-14 | CVE-2000-0854 | Unspecified vulnerability in Microsoft Office 2000 When a Microsoft Office 2000 document is launched, the directory of that document is first used to locate DLL's such as riched20.dll and msi.dll, which could allow an attacker to execute arbitrary commands by inserting a Trojan Horse DLL into the same directory as the document. | 10.0 |
| 2000-06-01 | CVE-1999-0590 | A system does not present an appropriate legal message or warning to a user who is accessing it. | 10.0 |
| 2000-04-14 | CVE-2000-1218 | Origin Validation Error vulnerability in Microsoft products The default configuration for the domain name resolver for Microsoft Windows 98, NT 4.0, 2000, and XP sets the QueryIpMatching parameter to 0, which causes Windows to accept DNS updates from hosts that it did not query, which allows remote attackers to poison the DNS cache. | 9.8 |
| 2000-01-10 | CVE-2000-0081 | Unspecified vulnerability in Microsoft Hotmail Hotmail does not properly filter JavaScript code from a user's mailbox, which allows a remote attacker to execute the code by using hexadecimal codes to specify the javascript: protocol, e.g. | 10.0 |