Vulnerabilities > Microsoft > Critical

DATE CVE VULNERABILITY TITLE RISK
2000-06-01 CVE-1999-0590 A system does not present an appropriate legal message or warning to a user who is accessing it.
network
low complexity
microsoft linux apple
critical
10.0
2000-04-14 CVE-2000-1218 Origin Validation Error vulnerability in Microsoft products
The default configuration for the domain name resolver for Microsoft Windows 98, NT 4.0, 2000, and XP sets the QueryIpMatching parameter to 0, which causes Windows to accept DNS updates from hosts that it did not query, which allows remote attackers to poison the DNS cache.
network
low complexity
microsoft CWE-346
critical
9.8
2000-01-10 CVE-2000-0081 Unspecified vulnerability in Microsoft Hotmail
Hotmail does not properly filter JavaScript code from a user's mailbox, which allows a remote attacker to execute the code by using hexadecimal codes to specify the javascript: protocol, e.g.
network
low complexity
microsoft
critical
10.0
2000-01-07 CVE-2000-0061 Unspecified vulnerability in Microsoft Internet Explorer
Internet Explorer 5 does not modify the security zone for a document that is being loaded into a window until after the document has been loaded, which could allow remote attackers to execute Javascript in a different security context while the document is loading.
network
low complexity
microsoft
critical
10.0
1999-07-19 CVE-1999-1011 Permissions, Privileges, and Access Controls vulnerability in Microsoft products
The Remote Data Service (RDS) DataFactory component of Microsoft Data Access Components (MDAC) in IIS 3.x and 4.x exposes unsafe methods, which allows remote attackers to execute arbitrary commands.
network
low complexity
microsoft CWE-264
critical
10.0
1999-05-17 CVE-1999-0489 Unspecified vulnerability in Microsoft Windows NT 4.0
MSHTML.DLL in Internet Explorer 5.0 allows a remote attacker to paste a file name into the file upload intrinsic control, a variant of "untrusted scripted paste" as described in MS:MS98-013.
network
low complexity
microsoft
critical
10.0
1999-05-06 CVE-1999-1241 Unspecified vulnerability in Microsoft Internet Explorer 6.0.2900
Internet Explorer, with a security setting below Medium, allows remote attackers to execute arbitrary commands via a malicious web page that uses the FileSystemObject ActiveX object.
network
low complexity
microsoft
critical
10.0
1999-02-09 CVE-1999-0407 Unspecified vulnerability in Microsoft Internet Information Server 4.0
By default, IIS 4.0 has a virtual directory /IISADMPWD which contains files that can be used as proxies for brute force password attacks, or to identify valid users on the system.
network
low complexity
microsoft
critical
10.0
1999-01-19 CVE-1999-0119 Unspecified vulnerability in Microsoft Windows NT 4.0
Windows NT 4.0 beta allows users to read and delete shares.
network
low complexity
microsoft
critical
10.0
1999-01-14 CVE-1999-1376 Unspecified vulnerability in Microsoft Internet Information Server 4.0
Buffer overflow in fpcount.exe in IIS 4.0 with FrontPage Server Extensions allows remote attackers to execute arbitrary commands.
network
low complexity
microsoft
critical
10.0