Vulnerabilities > Microsoft > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2001-03-12 | CVE-2001-0015 | Unspecified vulnerability in Microsoft Windows 2000 Network Dynamic Data Exchange (DDE) in Windows 2000 allows local users to gain SYSTEM privileges via a "WM_COPYDATA" message to an invisible window that is running with the privileges of the WINLOGON process. | 7.2 |
| 2001-02-16 | CVE-2001-0047 | Unspecified vulnerability in Microsoft Windows NT 4.0/Terminalserver The default permissions for the MTS Package Administration registry key in Windows NT 4.0 allows local users to install or modify arbitrary Microsoft Transaction Server (MTS) packages and gain privileges, aka one of the "Registry Permissions" vulnerabilities. | 7.5 |
| 2001-02-12 | CVE-2001-0048 | Unspecified vulnerability in Microsoft Windows 2000 The "Configure Your Server" tool in Microsoft 2000 domain controllers installs a blank password for the Directory Service Restore Mode, which allows attackers with physical access to the controller to install malicious programs, aka the "Directory Service Restore Mode Password" vulnerability. | 7.2 |
| 2001-02-12 | CVE-2001-0006 | Incorrect Permission Assignment for Critical Resource vulnerability in Microsoft Windows NT 4.0 The Winsock2ProtocolCatalogMutex mutex in Windows NT 4.0 has inappropriate Everyone/Full Control permissions, which allows local users to modify the permissions to "No Access" and disable Winsock network connectivity to cause a denial of service, aka the "Winsock Mutex" vulnerability. | 7.1 |
| 2001-01-09 | CVE-2000-1149 | Unspecified vulnerability in Microsoft Windows NT Terminalserver Buffer overflow in RegAPI.DLL used by Windows NT 4.0 Terminal Server allows remote attackers to execute arbitrary commands via a long username, aka the "Terminal Server Login Buffer Overflow" vulnerability. | 7.5 |
| 2001-01-09 | CVE-2000-1139 | USE of Hard-Coded Credentials vulnerability in Microsoft Exchange Server 2000 The installation of Microsoft Exchange 2000 before Rev. | 7.5 |
| 2001-01-09 | CVE-2000-1113 | Unspecified vulnerability in Microsoft Windows Media Player 6.4/7 Buffer overflow in Microsoft Windows Media Player allows remote attackers to execute arbitrary commands via a malformed Active Stream Redirector (.ASX) file, aka the ".ASX Buffer Overrun" vulnerability. | 7.5 |
| 2001-01-09 | CVE-2000-1104 | Unspecified vulnerability in Microsoft products Variant of the "IIS Cross-Site Scripting" vulnerability as originally discussed in MS:MS00-060 (CVE-2000-0746) allows a malicious web site operator to embed scripts in a link to a trusted site, which are returned without quoting in an error message back to the client. | 7.5 |
| 2000-12-19 | CVE-2000-0982 | Unspecified vulnerability in Microsoft Internet Explorer Internet Explorer before 5.5 forwards cached user credentials for a secure web site to insecure pages on the same web site, which could allow remote attackers to obtain the credentials by monitoring connections to the web server, aka the "Cached Web Credentials" vulnerability. | 7.5 |
| 2000-12-19 | CVE-2000-0970 | Unspecified vulnerability in Microsoft products IIS 4.0 and 5.0 .ASP pages send the same Session ID cookie for secure and insecure web sessions, which could allow remote attackers to hijack the secure web session of the user if that user moves to an insecure session, aka the "Session ID Cookie Marking" vulnerability. | 7.5 |