Vulnerabilities > Microsoft > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2002-09-24 | CVE-2002-0722 | Unspecified vulnerability in Microsoft Internet Explorer 5.01/5.5/6.0 Microsoft Internet Explorer 5.01, 5.5, and 6.0 allows remote attackers to misrepresent the source of a file in the File Download dialogue box to trick users into thinking that the file type is safe to download, aka "File Origin Spoofing." | 7.5 |
2002-09-24 | CVE-2002-0691 | Unspecified vulnerability in Microsoft Internet Explorer 5.01/5.5 Microsoft Internet Explorer 5.01 and 5.5 allows remote attackers to execute scripts in the Local Computer zone via a URL that references a local HTML resource file, a variant of "Cross-Site Scripting in Local HTML Resource" as identified by CAN-2002-0189. | 7.5 |
2002-09-24 | CVE-2002-0647 | Unspecified vulnerability in Microsoft Internet Explorer 5.01/5.5/6.0 Buffer overflow in a legacy ActiveX control used to display specially formatted text in Microsoft Internet Explorer 5.01, 5.5, and 6.0 allows remote attackers to execute arbitrary code, aka "Buffer Overrun in Legacy Text Formatting ActiveX Control". | 7.5 |
2002-09-05 | CVE-2002-0720 | Unspecified vulnerability in Microsoft Windows 2000 and Windows 2000 Terminal Services A handler routine for the Network Connection Manager (NCM) in Windows 2000 allows local users to gain privileges via a complex attack that causes the handler to run in the LocalSystem context with user-specified code. | 7.2 |
2002-08-12 | CVE-2002-0832 | Unspecified vulnerability in Microsoft Internet Explorer 5.0/5.5/6.0 Internet Explorer 5, 5.6, and 6 allows remote attackers to bypass cookie privacy settings and store information across browser sessions via the userData (storeuserData) feature. | 7.5 |
2002-08-12 | CVE-2002-0815 | The Javascript "Same Origin Policy" (SOP), as implemented in (1) Netscape, (2) Mozilla, and (3) Internet Explorer, allows a remote web server to access HTTP and SOAP/XML content from restricted sites by mapping the malicious server's parent DNS domain name to the restricted site, loading a page from the restricted site into one frame, and passing the information to the attacker-controlled frame, which is allowed because the document.domain of the two frames matches on the parent domain. | 7.5 |
2002-08-12 | CVE-2002-0719 | SQL Injection vulnerability in Microsoft Content Management Server 2001 SQL injection vulnerability in the function that services for Microsoft Content Management Server (MCMS) 2001 allows remote attackers to execute arbitrary commands via an MCMS resource request for image files or other files. | 7.5 |
2002-08-12 | CVE-2002-0718 | Unspecified vulnerability in Microsoft Content Management Server 2001 Web authoring command in Microsoft Content Management Server (MCMS) 2001 allows attackers to authenticate and upload executable content, by modifying the upload location, aka "Program Execution via MCMS Authoring Function." | 7.5 |
2002-08-12 | CVE-2002-0700 | Buffer Overflow vulnerability in Microsoft Content Management Server 2001 Buffer overflow in a system function that performs user authentication for Microsoft Content Management Server (MCMS) 2001 allows attackers to execute code in the Local System context by authenticating to a web page that calls the function, aka "Unchecked Buffer in MDAC Function Could Enable SQL Server Compromise." | 7.5 |
2002-08-12 | CVE-2002-0695 | Buffer Overflow vulnerability in Microsoft products Buffer overflow in the Transact-SQL (T-SQL) OpenRowSet component of Microsoft Data Access Components (MDAC) 2.5 through 2.7 for SQL Server 7.0 or 2000 allows remote attackers to execute arbitrary code via a query that calls the OpenRowSet command. | 7.5 |