Vulnerabilities > Microsoft > Critical

DATE CVE VULNERABILITY TITLE RISK
2001-07-21 CVE-2001-0500 Buffer Overflow vulnerability in Microsoft products
Buffer overflow in ISAPI extension (idq.dll) in Index Server 2.0 and Indexing Service 2000 in IIS 6.0 beta and earlier allows remote attackers to execute arbitrary commands via a long argument to Internet Data Administration (.ida) and Internet Data Query (.idq) files such as default.ida, as commonly exploited by Code Red.
network
low complexity
microsoft
critical
10.0
2001-06-27 CVE-2001-0241 Buffer Overflow vulnerability in Microsoft IIS 5.0 .printer ISAPI Extension
Buffer overflow in Internet Printing ISAPI extension in Windows 2000 allows remote attackers to gain root privileges via a long print request that is passed to the extension through IIS 5.0.
network
low complexity
microsoft
critical
10.0
2001-05-03 CVE-2001-0147 Unspecified vulnerability in Microsoft Windows 2000
Buffer overflow in Windows 2000 event viewer snap-in allows attackers to execute arbitrary commands via a malformed field that is improperly handled during the detailed view of event records.
network
low complexity
microsoft
critical
10.0
2001-02-16 CVE-2001-0045 Unspecified vulnerability in Microsoft Windows NT 4.0/Terminalserver
The default permissions for the RAS Administration key in Windows NT 4.0 allows local users to execute arbitrary commands by changing the value to point to a malicious DLL, aka one of the "Registry Permissions" vulnerabilities.
network
low complexity
microsoft
critical
10.0
2001-01-09 CVE-2000-1089 Unspecified vulnerability in Microsoft Windows 2000 and Windows NT
Buffer overflow in Microsoft Phone Book Service allows local users to execute arbitrary commands, aka the "Phone Book Service Buffer Overflow" vulnerability.
network
low complexity
microsoft
critical
10.0
2000-12-11 CVE-2000-1034 Unspecified vulnerability in Microsoft Windows 2000
Buffer overflow in the System Monitor ActiveX control in Windows 2000 allows remote attackers to execute arbitrary commands via a long LogFileName parameter in HTML source code, aka the "ActiveX Parameter Validation" vulnerability.
network
low complexity
microsoft
critical
10.0
2000-11-14 CVE-2000-0854 Unspecified vulnerability in Microsoft Office 2000
When a Microsoft Office 2000 document is launched, the directory of that document is first used to locate DLL's such as riched20.dll and msi.dll, which could allow an attacker to execute arbitrary commands by inserting a Trojan Horse DLL into the same directory as the document.
network
low complexity
microsoft
critical
10.0
2000-06-01 CVE-1999-0590 A system does not present an appropriate legal message or warning to a user who is accessing it.
network
low complexity
microsoft linux apple
critical
10.0
2000-04-14 CVE-2000-1218 Origin Validation Error vulnerability in Microsoft products
The default configuration for the domain name resolver for Microsoft Windows 98, NT 4.0, 2000, and XP sets the QueryIpMatching parameter to 0, which causes Windows to accept DNS updates from hosts that it did not query, which allows remote attackers to poison the DNS cache.
network
low complexity
microsoft CWE-346
critical
9.8
2000-01-10 CVE-2000-0081 Unspecified vulnerability in Microsoft Hotmail
Hotmail does not properly filter JavaScript code from a user's mailbox, which allows a remote attacker to execute the code by using hexadecimal codes to specify the javascript: protocol, e.g.
network
low complexity
microsoft
critical
10.0