Vulnerabilities > Microsoft > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2002-11-29 | CVE-2002-1293 | Unspecified vulnerability in Microsoft Java Virtual Machine 1.1 The Microsoft Java implementation, as used in Internet Explorer, provides a public load0() method for the CabCracker class (com.ms.vm.loader.CabCracker), which allows remote attackers to bypass the security checks that are performed by the load() method. | 7.5 |
| 2002-11-29 | CVE-2002-1292 | Unspecified vulnerability in Microsoft Java Virtual Machine 1.1 The Microsoft Java virtual machine (VM) build 5.0.3805 and earlier, as used in Internet Explorer, allows remote attackers to extend the Standard Security Manager (SSM) class (com.ms.security.StandardSecurityManager) and bypass intended StandardSecurityManager restrictions by modifying the (1) deniedDefinitionPackages or (2) deniedAccessPackages settings, causing a denial of service by adding Java applets to the list of applets that are prevented from running. | 7.5 |
| 2002-11-29 | CVE-2002-1289 | Unspecified vulnerability in Microsoft Java Virtual Machine 1.1 The Microsoft Java implementation, as used in Internet Explorer, allows remote attackers to read restricted process memory, cause a denial of service (crash), and possibly execute arbitrary code via the getNativeServices function, which creates an instance of the com.ms.awt.peer.INativeServices (INativeServices) class, whose methods do not verify the memory addresses that are passed as parameters. | 7.5 |
| 2002-11-29 | CVE-2002-1286 | Unspecified vulnerability in Microsoft Java Virtual Machine 1.1 The Microsoft Java implementation, as used in Internet Explorer, allows remote attackers to steal cookies and execute script in a different security context via a URL that contains a colon in the domain portion, which is not properly parsed and loads an applet from a malicious site within the security context of the site that is being visited by the user. | 7.5 |
| 2002-11-29 | CVE-2002-1142 | Unspecified vulnerability in Microsoft Data Access Components, IE and Internet Explorer Heap-based buffer overflow in the Remote Data Services (RDS) component of Microsoft Data Access Components (MDAC) 2.1 through 2.6, and Internet Explorer 5.01 through 6.0, allows remote attackers to execute code via a malformed HTTP request to the Data Stub. | 7.5 |
| 2002-11-12 | CVE-2002-1180 | Unspecified vulnerability in Microsoft Internet Information Services 5.0 A typographical error in the script source access permissions for Internet Information Server (IIS) 5.0 does not properly exclude .COM files, which allows attackers with only write permissions to upload malicious .COM files, aka "Script Source Access Vulnerability." | 7.5 |
| 2002-11-12 | CVE-2002-0869 | Unspecified vulnerability in Microsoft products Unknown vulnerability in the hosting process (dllhost.exe) for Microsoft Internet Information Server (IIS) 4.0 through 5.1 allows remote attackers to gain privileges by executing an out of process application that acquires LocalSystem privileges, aka "Out of Process Privilege Elevation." | 7.5 |
| 2002-10-28 | CVE-2002-1217 | Unspecified vulnerability in Microsoft Internet Explorer 5.5/6.0 Cross-Frame scripting vulnerability in the WebBrowser control as used in Internet Explorer 5.5 and 6.0 allows remote attackers to execute arbitrary code, read arbitrary files, or conduct other unauthorized activities via script that accesses the Document property, which bypasses <frame> and <iframe> domain restrictions. | 7.5 |
| 2002-10-28 | CVE-2002-1214 | Buffer Overflow vulnerability in Microsoft products Buffer overflow in Microsoft PPTP Service on Windows XP and Windows 2000 allows remote attackers to cause a denial of service (hang) and possibly execute arbitrary code via a certain PPTP packet with malformed control data. | 7.5 |
| 2002-10-28 | CVE-2002-1179 | Buffer Overflow vulnerability in Microsoft Outlook Express S/MIME Buffer overflow in the S/MIME Parsing capability in Microsoft Outlook Express 5.5 and 6.0 allows remote attackers to execute arbitrary code via a digitally signed email with a long "From" address, which triggers the overflow when the user views or previews the message. | 7.5 |