Vulnerabilities > Microsoft > High

DATE CVE VULNERABILITY TITLE RISK
2002-10-10 CVE-2002-0694 Unspecified vulnerability in Microsoft products
The HTML Help facility in Microsoft Windows 98, 98 Second Edition, Millennium Edition, NT 4.0, NT 4.0 Terminal Server Edition, Windows 2000, and Windows XP uses the Local Computer Security Zone when opening .chm files from the Temporary Internet Files folder, which allows remote attackers to execute arbitrary code via HTML mail that references or inserts a malicious .chm file containing shortcuts that can be executed, aka "Code Execution via Compiled HTML Help File."
network
low complexity
microsoft
7.5
2002-10-10 CVE-2002-0693 Buffer Overflow vulnerability in Microsoft Windows Help Facility ActiveX Control
Buffer overflow in the HTML Help ActiveX Control (hhctrl.ocx) in Microsoft Windows 98, 98 Second Edition, Millennium Edition, NT 4.0, NT 4.0 Terminal Server Edition, Windows 2000, and Windows XP allows remote attackers to execute code via (1) a long parameter to the Alink function, or (2) script containing a long argument to the showHelp function.
network
low complexity
microsoft
7.5
2002-10-10 CVE-2002-0692 Buffer Overflow vulnerability in Microsoft products
Buffer overflow in SmartHTML Interpreter (shtml.dll) in Microsoft FrontPage Server Extensions (FPSE) 2000 and 2002 allows remote attackers to cause a denial of service (CPU consumption) or run arbitrary code, respectively, via a certain type of web file request.
network
low complexity
microsoft
7.5
2002-10-10 CVE-2002-0370 Buffer Overflow vulnerability in Multiple Vendor ZIP Files Long Filename
Buffer overflow in the ZIP capability for multiple products allows remote attackers to cause a denial of service or execute arbitrary code via ZIP files containing entries with long filenames, including (1) Microsoft Windows 98 with Plus! Pack, (2) Windows XP, (3) Windows ME, (4) Lotus Notes R4 through R6 (pre-gold), (5) Verity KeyView, and (6) Stuffit Expander before 7.0.
7.5
2002-10-04 CVE-2002-0862 The (1) CertGetCertificateChain, (2) CertVerifyCertificateChainPolicy, and (3) WinVerifyTrust APIs within the CryptoAPI for Microsoft products including Microsoft Windows 98 through XP, Office for Mac, Internet Explorer for Mac, and Outlook Express for Mac, do not properly verify the Basic Constraints of intermediate CA-signed X.509 certificates, which allows remote attackers to spoof the certificates of trusted sites via a man-in-the-middle attack for SSL sessions, as originally reported for Internet Explorer and IIS. 7.5
2002-10-04 CVE-2002-0696 Unspecified vulnerability in Microsoft Visual Foxpro 6.0
Microsoft Visual FoxPro 6.0 does not register its associated files with Internet Explorer, which allows remote attackers to execute Visual FoxPro applications without warning via HTML that references specially-crafted filenames.
network
low complexity
microsoft
7.5
2002-09-24 CVE-2002-1123 Remote Buffer Overflow vulnerability in Microsoft Data Engine and SQL Server
Buffer overflow in the authentication function for Microsoft SQL Server 2000 and Microsoft Desktop Engine (MSDE) 2000 allows remote attackers to execute arbitrary code via a long request to TCP port 1433, aka the "Hello" overflow.
network
low complexity
microsoft
7.5
2002-09-24 CVE-2002-0982 Remote Security vulnerability in Microsoft SQL Server 2000
Microsoft SQL Server 2000 SP2, when configured as a distributor, allows attackers to execute arbitrary code via the @scriptfile parameter to the sp_MScopyscript stored procedure.
network
low complexity
microsoft
7.5
2002-09-24 CVE-2002-0980 Unspecified vulnerability in Microsoft Internet Explorer 5.5/6.0
The Web Folder component for Internet Explorer 5.5 and 6.0 writes an error message to a known location in the temporary folder, which allows remote attackers to execute arbitrary code by injecting it into the error message, then referring to the error message file via a mhtml: URL.
network
low complexity
microsoft
7.5
2002-09-24 CVE-2002-0979 Unspecified vulnerability in Microsoft Virtual Machine
The Java logging feature for the Java Virtual Machine in Internet Explorer writes output from functions such as System.out.println to a known pathname, which can be used to execute arbitrary code.
network
low complexity
microsoft
7.5