Vulnerabilities > Microsoft > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 1999-12-31 | CVE-1999-1455 | Unspecified vulnerability in Microsoft Windows NT RSH service utility RSHSVC in Windows NT 3.5 through 4.0 does not properly restrict access as specified in the .Rhosts file when a user comes from an authorized host, which could allow unauthorized users to access the service by logging in from an authorized host. | 7.5 |
| 1999-12-31 | CVE-1999-1359 | Security Bypass vulnerability in Microsoft Windows NT When the Ntconfig.pol file is used on a server whose name is longer than 13 characters, Windows NT does not properly enforce policies for global groups, which could allow users to bypass restrictions that were intended by those policies. | 7.5 |
| 1999-12-31 | CVE-1999-1316 | Unspecified vulnerability in Microsoft Windows NT 4.0 Passfilt.dll in Windows NT SP2 allows users to create a password that contains the user's name, which could make it easier for an attacker to guess. | 7.5 |
| 1999-12-31 | CVE-1999-1246 | Unspecified vulnerability in Microsoft Site Server 3.0 Direct Mailer feature in Microsoft Site Server 3.0 saves user domain names and passwords in plaintext in the TMLBQueue network share, which has insecure default permissions, allowing remote attackers to read the passwords and gain privileges. | 7.5 |
| 1999-12-31 | CVE-1999-1233 | Unspecified vulnerability in Microsoft Internet Information Server 4.0 IIS 4.0 does not properly restrict access for the initial session request from a user's IP address if the address does not resolve to a DNS domain, aka the "Domain Resolution" vulnerability. | 7.5 |
| 1999-12-31 | CVE-1999-1127 | Missing Release of Resource after Effective Lifetime vulnerability in Microsoft Windows NT 4.0 Windows NT 4.0 does not properly shut down invalid named pipe RPC connections, which allows remote attackers to cause a denial of service (resource exhaustion) via a series of connections containing malformed data, aka the "Named Pipes Over RPC" vulnerability. | 7.5 |
| 1999-12-31 | CVE-1999-1094 | Unspecified vulnerability in Microsoft Internet Explorer Buffer overflow in Internet Explorer 4.01 and earlier allows remote attackers to execute arbitrary commands via a long URL with the "mk:" protocol, aka the "MK Overrun security issue." | 7.5 |
| 1999-12-31 | CVE-1999-1087 | Unspecified vulnerability in Microsoft Internet Explorer 4.0/4.0.1 Internet Explorer 4 treats a 32-bit number ("dotless IP address") in the a URL as the hostname instead of an IP address, which causes IE to apply Local Intranet Zone settings to the resulting web page, allowing remote malicious web servers to conduct unauthorized activities by using URLs that contain the dotless IP address for their server. | 7.5 |
| 1999-12-31 | CVE-1999-1055 | Unspecified vulnerability in Microsoft Excel 97 Microsoft Excel 97 does not warn the user before executing worksheet functions, which could allow attackers to execute arbitrary commands by using the CALL function to execute a malicious DLL, aka the Excel "CALL Vulnerability." | 7.5 |
| 1999-12-29 | CVE-2000-0100 | Unspecified vulnerability in Microsoft Systems Management Server 2.0 The SMS Remote Control program is installed with insecure permissions, which allows local users to gain privileges by modifying or replacing the program. | 7.2 |