Vulnerabilities > Microsoft > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2002-05-31 | CVE-2002-0285 | Unspecified vulnerability in Microsoft Outlook Express 5.5/6.0 Outlook Express 5.5 and 6.0 on Windows treats a carriage return ("CR") in a message header as if it were a valid carriage return/line feed combination (CR/LF), which could allow remote attackers to bypass virus protection and or other filtering mechanisms via a mail message with headers that only contain the CR, which causes Outlook to create separate headers. | 7.5 |
| 2002-05-29 | CVE-2002-0269 | Unspecified vulnerability in Microsoft Internet Explorer Internet Explorer 5.x and 6 interprets an object as an HTML document even when its MIME Content-Type is text/plain, which could allow remote attackers to execute arbitrary script in documents that the user does not expect, possibly through web applications that use a text/plain type to prevent cross-site scripting attacks. | 7.5 |
| 2002-05-29 | CVE-2002-0242 | Unspecified vulnerability in Microsoft Internet Explorer Cross-site scripting vulnerability in Internet Explorer 6 earlier allows remote attackers to execute arbitrary script via an Extended HTML Form, whose output from the remote server is not properly cleansed. | 7.5 |
| 2002-05-29 | CVE-2002-0193 | Unspecified vulnerability in Microsoft Internet Explorer 5.0.1/6.0 Microsoft Internet Explorer 5.01 and 6.0 allow remote attackers to execute arbitrary code via malformed Content-Disposition and Content-Type header fields that cause the application for the spoofed file type to pass the file back to the operating system for handling rather than raise an error message, aka the first variant of the "Content Disposition" vulnerability. | 7.5 |
| 2002-05-29 | CVE-2002-0190 | Unspecified vulnerability in Microsoft Internet Explorer 5.01/5.5/6.0 Microsoft Internet Explorer 5.01, 5.5 and 6.0 allows remote attackers to execute arbitrary code under fewer security restrictions via a malformed web page that requires NetBIOS connectivity, aka "Zone Spoofing through Malformed Web Page" vulnerability. | 7.5 |
| 2002-05-29 | CVE-2002-0189 | Unspecified vulnerability in Microsoft Internet Explorer 5.0/5.5/6.0 Cross-site scripting vulnerability in Internet Explorer 6.0 allows remote attackers to execute scripts in the Local Computer zone via a URL that exploits a local HTML resource file, aka the "Cross-Site Scripting in Local HTML Resource" vulnerability. | 7.5 |
| 2002-05-29 | CVE-2002-0188 | Unspecified vulnerability in Microsoft Internet Explorer 5.01/6.0 Microsoft Internet Explorer 5.01 and 6.0 allow remote attackers to execute arbitrary code via malformed Content-Disposition and Content-Type header fields that cause the application for the spoofed file type to pass the file back to the operating system for handling rather than raise an error message, aka the second variant of the "Content Disposition" vulnerability. | 7.5 |
| 2002-05-29 | CVE-2002-0155 | Remote Buffer Overflow vulnerability in Microsoft products Buffer overflow in Microsoft MSN Chat ActiveX Control, as used in MSN Messenger 4.5 and 4.6, and Exchange Instant Messenger 4.5 and 4.6, allows remote attackers to execute arbitrary code via a long ResDLL parameter in the MSNChat OCX. | 7.5 |
| 2002-05-16 | CVE-2002-1056 | Unspecified vulnerability in Microsoft Outlook and Word Microsoft Outlook 2000 and 2002, when configured to use Microsoft Word as the email editor, does not block scripts that are used while editing email messages in HTML or Rich Text Format (RTF), which could allow remote attackers to execute arbitrary scripts via an email that the user forwards or replies to. | 7.5 |
| 2002-05-16 | CVE-2002-0154 | Unspecified vulnerability in Microsoft SQL Server 2000/7.0 Buffer overflows in extended stored procedures for Microsoft SQL Server 7.0 and 2000 allow remote attackers to cause a denial of service or execute arbitrary code via a database query with certain long arguments. | 7.5 |