Vulnerabilities > Microsoft > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2002-04-04 | CVE-2002-0151 | Buffer Overflow vulnerability in Microsoft Windows 2000, Windows NT and Windows XP Buffer overflow in Multiple UNC Provider (MUP) in Microsoft Windows operating systems allows local users to cause a denial of service or possibly gain SYSTEM privileges via a long UNC request. | 7.2 |
| 2002-04-04 | CVE-2002-0051 | Improper Locking vulnerability in Microsoft Windows 2000 Windows 2000 allows local users to prevent the application of new group policy settings by opening Group Policy files with exclusive-read access. | 7.8 |
| 2002-03-29 | CVE-2002-0078 | Unspecified vulnerability in Microsoft Internet Explorer 5.0.1/5.5/6.0 The zone determination function in Microsoft Internet Explorer 5.5 and 6.0 allows remote attackers to run scripts in the Local Computer zone by embedding the script in a cookie, aka the "Cookie-based Script Execution" vulnerability. | 7.5 |
| 2002-03-19 | CVE-2002-0076 | Java Runtime Environment (JRE) Bytecode Verifier allows remote attackers to escape the Java sandbox and execute commands via an applet containing an illegal cast operation, as seen in (1) Microsoft VM build 3802 and earlier as used in Internet Explorer 4.x and 5.x, (2) Netscape 6.2.1 and earlier, and possibly other implementations that use vulnerable versions of SDK or JDK, aka a variant of the "Virtual Machine Verifier" vulnerability. | 7.5 |
| 2002-03-15 | CVE-2002-0070 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft products Buffer overflow in Windows Shell (used as the Windows Desktop) allows local and possibly remote attackers to execute arbitrary code via a custom URL handler that has not been removed for an application that has been improperly uninstalled. | 7.6 |
| 2002-03-08 | CVE-2002-0056 | Buffer Overflow vulnerability in Microsoft SQL Server OLE DB Provider Name Buffer overflow in SQL Server 7.0 and 2000 allows remote attackers to execute arbitrary code via a long OLE DB provider name to (1) OpenDataSource or (2) OpenRowset in an ad hoc connection. | 7.5 |
| 2002-03-08 | CVE-2002-0054 | Authentication Bypass BY Capture-Replay vulnerability in Microsoft Exchange Server and Windows 2000 SMTP service in (1) Microsoft Windows 2000 and (2) Internet Mail Connector (IMC) in Exchange Server 5.5 does not properly handle responses to NTLM authentication, which allows remote attackers to perform mail relaying via an SMTP AUTH command using null session credentials. | 7.5 |
| 2002-03-08 | CVE-2002-0053 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft products Buffer overflow in SNMP agent service in Windows 95/98/98SE, Windows NT 4.0, Windows 2000, and Windows XP allows remote attackers to cause a denial of service or execute arbitrary code via a malformed management request. | 7.5 |
| 2002-03-08 | CVE-2002-0050 | Buffer Overflow vulnerability in Microsoft Commerce Server 2000 Buffer overflow in AuthFilter ISAPI filter on Microsoft Commerce Server 2000 allows remote attackers to execute arbitrary code via long authentication data. | 7.5 |
| 2002-03-08 | CVE-2002-0027 | Unspecified vulnerability in Microsoft Internet Explorer 5.5/6.0 Internet Explorer 5.5 and 6.0 allows remote attackers to read certain files and spoof the URL in the address bar by using the Document.open function to pass information between two frames from different domains, a new variant of the "Frame Domain Verification" vulnerability described in MS:MS01-058/CAN-2001-0874. | 7.5 |