Vulnerabilities > Microsoft > High

DATE CVE VULNERABILITY TITLE RISK
2001-07-21 CVE-2001-0340 Unrestricted Upload of File With Dangerous Type vulnerability in Microsoft Exchange Server 2000/5.5
An interaction between the Outlook Web Access (OWA) service in Microsoft Exchange 2000 Server and Internet Explorer allows attackers to execute malicious script code against a user's mailbox via a message attachment that contains HTML code, which is executed automatically.
network
low complexity
microsoft CWE-434
7.5
2001-07-21 CVE-2001-0002 Unspecified vulnerability in Microsoft Internet Explorer and Windows Script Host
Internet Explorer 5.5 and earlier allows remote attackers to obtain the physical location of cached content and open the content in the Local Computer Zone, then use compiled HTML help (.chm) files to execute arbitrary programs.
network
low complexity
microsoft
7.5
2001-07-02 CVE-2001-0239 Unspecified vulnerability in Microsoft ISA Server 2000
Microsoft Internet Security and Acceleration (ISA) Server 2000 Web Proxy allows remote attackers to cause a denial of service via a long web request with a specific type.
network
low complexity
microsoft
7.5
2001-07-02 CVE-2001-0238 Unspecified vulnerability in Microsoft products
Microsoft Data Access Component Internet Publishing Provider 8.103.2519.0 and earlier allows remote attackers to bypass Security Zone restrictions via WebDAV requests.
network
low complexity
microsoft
7.5
2001-06-27 CVE-2001-0339 Unspecified vulnerability in Microsoft Internet Explorer
Internet Explorer 5.5 and earlier allows remote attackers to display a URL in the address bar that is different than the URL that is actually being displayed, which could be used in web site spoofing attacks, aka the "Web page spoofing vulnerability."
network
low complexity
microsoft
7.5
2001-06-27 CVE-2001-0333 Unspecified vulnerability in Microsoft Internet Information Server
Directory traversal vulnerability in IIS 5.0 and earlier allows remote attackers to execute arbitrary commands by encoding ..
network
low complexity
microsoft
7.5
2001-06-27 CVE-2001-0244 Buffer Overflow vulnerability in Microsoft Index Server 2.0
Buffer overflow in Microsoft Index Server 2.0 allows remote attackers to execute arbitrary commands via a long search parameter.
network
low complexity
microsoft
7.5
2001-06-27 CVE-2001-0242 Buffer Overflow vulnerability in Microsoft Windows Media Player 6.3/6.4/7
Buffer overflows in Microsoft Windows Media Player 7 and earlier allow remote attackers to execute arbitrary commands via (1) a long version tag in an .ASX file, or (2) a long banner tag, a variant of the ".ASX Buffer Overrun" vulnerability as discussed in MS:MS00-090.
network
low complexity
microsoft
7.5
2001-06-05 CVE-2001-1088 Unspecified vulnerability in Microsoft Outlook and Outlook Express
Microsoft Outlook 8.5 and earlier, and Outlook Express 5 and earlier, with the "Automatically put people I reply to in my address book" option enabled, do not notify the user when the "Reply-To" address is different than the "From" address, which could allow an untrusted remote attacker to spoof legitimate addresses and intercept email from the client that is intended for another user.
network
low complexity
microsoft
7.5
2001-06-02 CVE-2001-0148 Unspecified vulnerability in Microsoft Windows Media Player 7
The WMP ActiveX Control in Windows Media Player 7 allows remote attackers to execute commands in Internet Explorer via javascript URLs, a variant of the "Frame Domain Verification" vulnerability.
network
low complexity
microsoft
7.5