Vulnerabilities > Microsoft > Critical

DATE CVE VULNERABILITY TITLE RISK
2002-07-26 CVE-2002-0369 Buffer Overflow vulnerability in Microsoft .Net Framework 1.0
Buffer overflow in ASP.NET Worker Process allows remote attackers to cause a denial of service (restart) and possibly execute arbitrary code via a routine that processes cookies while in StateServer mode.
network
low complexity
microsoft
critical
10.0
2002-03-08 CVE-2002-0018 Privilege Escalation vulnerability in Microsoft Windows 2000 and Windows NT
In Microsoft Windows NT and Windows 2000, a trusting domain that receives authorization information from a trusted domain does not verify that the trusted domain is authoritative for all listed SIDs, which allows remote attackers to gain Domain Administrator privileges on the trusting domain by injecting SIDs from untrusted domains into the authorization data that comes from from the trusted domain.
network
low complexity
microsoft
critical
10.0
2001-08-14 CVE-2001-0538 Unspecified vulnerability in Microsoft Outlook
Microsoft Outlook View ActiveX Control in Microsoft Outlook 2002 and earlier allows remote attackers to execute arbitrary commands via a malicious HTML e-mail message or web page.
network
low complexity
microsoft
critical
10.0
2001-07-21 CVE-2001-0500 Buffer Overflow vulnerability in Microsoft products
Buffer overflow in ISAPI extension (idq.dll) in Index Server 2.0 and Indexing Service 2000 in IIS 6.0 beta and earlier allows remote attackers to execute arbitrary commands via a long argument to Internet Data Administration (.ida) and Internet Data Query (.idq) files such as default.ida, as commonly exploited by Code Red.
network
low complexity
microsoft
critical
10.0
2001-06-27 CVE-2001-0241 Buffer Overflow vulnerability in Microsoft IIS 5.0 .printer ISAPI Extension
Buffer overflow in Internet Printing ISAPI extension in Windows 2000 allows remote attackers to gain root privileges via a long print request that is passed to the extension through IIS 5.0.
network
low complexity
microsoft
critical
10.0
2001-05-03 CVE-2001-0147 Unspecified vulnerability in Microsoft Windows 2000
Buffer overflow in Windows 2000 event viewer snap-in allows attackers to execute arbitrary commands via a malformed field that is improperly handled during the detailed view of event records.
network
low complexity
microsoft
critical
10.0
2001-02-16 CVE-2001-0045 Unspecified vulnerability in Microsoft Windows NT 4.0/Terminalserver
The default permissions for the RAS Administration key in Windows NT 4.0 allows local users to execute arbitrary commands by changing the value to point to a malicious DLL, aka one of the "Registry Permissions" vulnerabilities.
network
low complexity
microsoft
critical
10.0
2001-01-09 CVE-2000-1089 Unspecified vulnerability in Microsoft Windows 2000 and Windows NT
Buffer overflow in Microsoft Phone Book Service allows local users to execute arbitrary commands, aka the "Phone Book Service Buffer Overflow" vulnerability.
network
low complexity
microsoft
critical
10.0
2000-12-11 CVE-2000-1034 Unspecified vulnerability in Microsoft Windows 2000
Buffer overflow in the System Monitor ActiveX control in Windows 2000 allows remote attackers to execute arbitrary commands via a long LogFileName parameter in HTML source code, aka the "ActiveX Parameter Validation" vulnerability.
network
low complexity
microsoft
critical
10.0
2000-11-14 CVE-2000-0854 Unspecified vulnerability in Microsoft Office 2000
When a Microsoft Office 2000 document is launched, the directory of that document is first used to locate DLL's such as riched20.dll and msi.dll, which could allow an attacker to execute arbitrary commands by inserting a Trojan Horse DLL into the same directory as the document.
network
low complexity
microsoft
critical
10.0