Vulnerabilities > Microsoft > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2002-12-31 | CVE-2002-1918 | Buffer Overflow vulnerability in Microsoft Data Access Components 2.5/2.6/2.7 Buffer overflow in Microsoft Active Data Objects (ADO) in Microsoft MDAC 2.5 through 2.7 allows remote attackers to have unknown impact with unknown attack vectors. | 10.0 |
| 2002-12-23 | CVE-2002-1257 | Unspecified vulnerability in Microsoft products Microsoft Virtual Machine (VM) up to and including build 5.0.3805 allows remote attackers to execute arbitrary code by including a Java applet that invokes COM (Component Object Model) objects in a web site or an HTML mail. | 10.0 |
| 2002-10-28 | CVE-2002-1145 | Privilege Escalation vulnerability in Microsoft Data Engine and SQL Server The xp_runwebtask stored procedure in the Web Tasks component of Microsoft SQL Server 7.0 and 2000, Microsoft Data Engine (MSDE) 1.0, and Microsoft Desktop Engine (MSDE) 2000 can be executed by PUBLIC, which allows an attacker to gain privileges by updating a webtask that is owned by the database owner through the msdb.dbo.mswebtasks table, which does not have strong permissions. | 10.0 |
| 2002-09-05 | CVE-2002-0721 | Unspecified vulnerability in Microsoft Data Engine and SQL Server Microsoft SQL Server 7.0 and 2000 installs with weak permissions for extended stored procedures that are associated with helper functions, which could allow unprivileged users, and possibly remote attackers, to run stored procedures with administrator privileges via (1) xp_execresultset, (2) xp_printstatements, or (3) xp_displayparamstmt. | 10.0 |
| 2002-08-12 | CVE-2002-0736 | Authentication Bypass vulnerability in Microsoft BackOffice Server Web Administration Microsoft BackOffice 4.0 and 4.5, when configured to be accessible by other systems, allows remote attackers to bypass authentication and access the administrative ASP pages via an HTTP request with an authorization type (auth_type) that is not blank. | 10.0 |
| 2002-08-12 | CVE-2002-0697 | Remote LDAP Client Administration vulnerability in Microsoft Metadirectory Services 2.2 Microsoft Metadirectory Services (MMS) 2.2 allows remote attackers to bypass authentication and modify sensitive data by using an LDAP client to directly connect to MMS and bypass the checks for MMS credentials. | 10.0 |
| 2002-08-12 | CVE-2002-0391 | Integer Overflow or Wraparound vulnerability in multiple products Integer overflow in xdr_array function in RPC servers for operating systems that use libc, glibc, or other code based on SunRPC including dietlibc, allows remote attackers to execute arbitrary code by passing a large number of arguments to xdr_array through RPC services such as rpc.cmsd and dmispd. | 9.8 |
| 2002-07-26 | CVE-2002-0369 | Buffer Overflow vulnerability in Microsoft .Net Framework 1.0 Buffer overflow in ASP.NET Worker Process allows remote attackers to cause a denial of service (restart) and possibly execute arbitrary code via a routine that processes cookies while in StateServer mode. | 10.0 |
| 2002-03-08 | CVE-2002-0018 | Privilege Escalation vulnerability in Microsoft Windows 2000 and Windows NT In Microsoft Windows NT and Windows 2000, a trusting domain that receives authorization information from a trusted domain does not verify that the trusted domain is authoritative for all listed SIDs, which allows remote attackers to gain Domain Administrator privileges on the trusting domain by injecting SIDs from untrusted domains into the authorization data that comes from from the trusted domain. | 10.0 |
| 2001-08-14 | CVE-2001-0538 | Unspecified vulnerability in Microsoft Outlook Microsoft Outlook View ActiveX Control in Microsoft Outlook 2002 and earlier allows remote attackers to execute arbitrary commands via a malicious HTML e-mail message or web page. | 10.0 |