Vulnerabilities > Microsoft > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2000-12-19 | CVE-2000-0885 | Unspecified vulnerability in Microsoft Systems Management Server, Windows 2000 and Windows NT Buffer overflows in Microsoft Network Monitor (Netmon) allow remote attackers to execute arbitrary commands via a long Browser Name in a CIFS Browse Frame, a long SNMP community name, or a long username or filename in an SMB session, aka the "Netmon Protocol Parsing" vulnerability. | 7.5 |
| 2000-12-19 | CVE-2000-0884 | Unspecified vulnerability in Microsoft products IIS 4.0 and 5.0 allows remote attackers to read documents outside of the web root, and possibly execute arbitrary commands, via malformed URLs that contain UNICODE encoded characters, aka the "Web Server Folder Traversal" vulnerability. | 7.5 |
| 2000-12-19 | CVE-2000-0817 | Unspecified vulnerability in Microsoft Network Monitor Buffer overflow in the HTTP protocol parser for Microsoft Network Monitor (Netmon) allows remote attackers to execute arbitrary commands via malformed data, aka the "Netmon Protocol Parsing" vulnerability. | 7.5 |
| 2000-11-14 | CVE-2000-0834 | Unspecified vulnerability in Microsoft Windows 2000 The Windows 2000 telnet client attempts to perform NTLM authentication by default, which allows remote attackers to capture and replay the NTLM challenge/response via a telnet:// URL that points to the malicious server, aka the "Windows 2000 Telnet Client NTLM Authentication" vulnerability. | 7.5 |
| 2000-10-20 | CVE-2000-0777 | Unspecified vulnerability in Microsoft Money 2000/2001 The password protection feature of Microsoft Money can store the password in plaintext, which allows attackers with physical access to the system to obtain the password, aka the "Money Password" vulnerability. | 7.2 |
| 2000-10-20 | CVE-2000-0746 | Cross-Site Scripting shtml.dll vulnerability in Microsoft products Vulnerabilities in IIS 4.0 and 5.0 do not properly protect against cross-site scripting (CSS) attacks. | 7.5 |
| 2000-10-20 | CVE-2000-0711 | Netscape Communicator does not properly prevent a ServerSocket object from being created by untrusted entities, which allows remote attackers to create a server on the victim's system via a malicious applet, as demonstrated by Brown Orifice. | 7.5 |
| 2000-08-29 | CVE-2000-1079 | Unspecified vulnerability in Microsoft products Interactions between the CIFS Browser Protocol and NetBIOS as implemented in Microsoft Windows 95, 98, NT, and 2000 allow remote attackers to modify dynamic NetBIOS name cache entries via a spoofed Browse Frame Request in a unicast or UDP broadcast datagram. | 7.5 |
| 2000-07-20 | CVE-2000-0621 | Unspecified vulnerability in Microsoft Outlook and Outlook Express Microsoft Outlook 98 and 2000, and Outlook Express 4.0x and 5.0x, allow remote attackers to read files on the client's system via a malformed HTML message that stores files outside of the cache, aka the "Cache Bypass" vulnerability. | 7.5 |
| 2000-06-27 | CVE-2000-0597 | Unspecified vulnerability in Microsoft Excel and Powerpoint Microsoft Office 2000 (Excel and PowerPoint) and PowerPoint 97 are marked as safe for scripting, which allows remote attackers to force Internet Explorer or some email clients to save files to arbitrary locations via the Visual Basic for Applications (VBA) SaveAs function, aka the "Office HTML Script" vulnerability. | 7.5 |