Vulnerabilities > Microsoft > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2000-05-13 | CVE-2000-0400 | Improper Input Validation vulnerability in Microsoft Internet Explorer 5 The Microsoft Active Movie ActiveX Control in Internet Explorer 5 does not restrict which file types can be downloaded, which allows an attacker to download any type of file to a user's system by encoding it within an email message or news post. | 7.5 |
| 2000-05-11 | CVE-2000-0457 | Unspecified vulnerability in Microsoft products ISM.DLL in IIS 4.0 and 5.0 allows remote attackers to read file contents by requesting the file and appending a large number of encoded spaces (%20) and terminated with a .htr extension, aka the ".HTR File Fragment Reading" or "File Fragment Reading via .HTR" vulnerability. | 7.5 |
| 2000-05-11 | CVE-2000-0420 | Unspecified vulnerability in Microsoft Windows 2000 The default configuration of SYSKEY in Windows 2000 stores the startup key in the registry, which could allow an attacker tor ecover it and use it to decrypt Encrypted File System (EFS) data. | 7.2 |
| 2000-05-11 | CVE-2000-0419 | Unspecified vulnerability in Microsoft products The Office 2000 UA ActiveX Control is marked as "safe for scripting," which allows remote attackers to conduct unauthorized activities via the "Show Me" function in Office Help, aka the "Office 2000 UA Control" vulnerability. | 7.5 |
| 2000-04-19 | CVE-2000-0256 | Buffer Overflow vulnerability in Microsoft Frontpage, Personal web Server and Windows NT Buffer overflows in htimage.exe and Imagemap.exe in FrontPage 97 and 98 Server Extensions allow a user to conduct activities that are not otherwise available through the web site, aka the "Server-Side Image Map Components" vulnerability. | 7.5 |
| 2000-04-14 | CVE-2000-0260 | Unspecified vulnerability in Microsoft Frontpage and Visual Interdev Buffer overflow in the dvwssr.dll DLL in Microsoft Visual Interdev 1.0 allows users to cause a denial of service or execute commands, aka the "Link View Server-Side Component" vulnerability. | 7.5 |
| 2000-04-12 | CVE-2000-0259 | Unspecified vulnerability in Microsoft Terminal Server and Windows NT The default permissions for the Cryptography\Offload registry key used by the OffloadModExpo in Windows NT 4.0 allows local users to obtain compromise the cryptographic keys of other users. | 7.2 |
| 2000-04-07 | CVE-2000-0298 | Unspecified vulnerability in Microsoft Windows 2000 The unattended installation of Windows 2000 with the OEMPreinstall option sets insecure permissions for the All Users and Default Users directories. | 7.2 |
| 2000-04-03 | CVE-2000-0277 | 7PK - Security Features vulnerability in Microsoft Excel 2000/97 Microsoft Excel 97 and 2000 does not warn the user when executing Excel Macro Language (XLM) macros in external text files, which could allow an attacker to execute a macro virus, aka the "XLM Text Macro" vulnerability. | 7.2 |
| 2000-03-14 | CVE-2000-0199 | Weak Password Encryption vulnerability in Microsoft SQL Server 7.0 When a new SQL Server is registered in Enterprise Manager for Microsoft SQL Server 7.0 and the "Always prompt for login name and password" option is not set, then the Enterprise Manager uses weak encryption to store the login ID and password. | 7.2 |