Vulnerabilities > Microsoft > Critical
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2000-06-01 | CVE-1999-0590 | A system does not present an appropriate legal message or warning to a user who is accessing it. | 10.0 |
2000-04-14 | CVE-2000-1218 | Origin Validation Error vulnerability in Microsoft products The default configuration for the domain name resolver for Microsoft Windows 98, NT 4.0, 2000, and XP sets the QueryIpMatching parameter to 0, which causes Windows to accept DNS updates from hosts that it did not query, which allows remote attackers to poison the DNS cache. | 9.8 |
2000-01-10 | CVE-2000-0081 | Unspecified vulnerability in Microsoft Hotmail Hotmail does not properly filter JavaScript code from a user's mailbox, which allows a remote attacker to execute the code by using hexadecimal codes to specify the javascript: protocol, e.g. | 10.0 |
2000-01-07 | CVE-2000-0061 | Unspecified vulnerability in Microsoft Internet Explorer Internet Explorer 5 does not modify the security zone for a document that is being loaded into a window until after the document has been loaded, which could allow remote attackers to execute Javascript in a different security context while the document is loading. | 10.0 |
1999-07-19 | CVE-1999-1011 | Permissions, Privileges, and Access Controls vulnerability in Microsoft products The Remote Data Service (RDS) DataFactory component of Microsoft Data Access Components (MDAC) in IIS 3.x and 4.x exposes unsafe methods, which allows remote attackers to execute arbitrary commands. | 10.0 |
1999-05-17 | CVE-1999-0489 | Unspecified vulnerability in Microsoft Windows NT 4.0 MSHTML.DLL in Internet Explorer 5.0 allows a remote attacker to paste a file name into the file upload intrinsic control, a variant of "untrusted scripted paste" as described in MS:MS98-013. | 10.0 |
1999-05-06 | CVE-1999-1241 | Unspecified vulnerability in Microsoft Internet Explorer 6.0.2900 Internet Explorer, with a security setting below Medium, allows remote attackers to execute arbitrary commands via a malicious web page that uses the FileSystemObject ActiveX object. | 10.0 |
1999-02-09 | CVE-1999-0407 | Unspecified vulnerability in Microsoft Internet Information Server 4.0 By default, IIS 4.0 has a virtual directory /IISADMPWD which contains files that can be used as proxies for brute force password attacks, or to identify valid users on the system. | 10.0 |
1999-01-19 | CVE-1999-0119 | Unspecified vulnerability in Microsoft Windows NT 4.0 Windows NT 4.0 beta allows users to read and delete shares. | 10.0 |
1999-01-14 | CVE-1999-1376 | Unspecified vulnerability in Microsoft Internet Information Server 4.0 Buffer overflow in fpcount.exe in IIS 4.0 with FrontPage Server Extensions allows remote attackers to execute arbitrary commands. | 10.0 |