Vulnerabilities > Microsoft > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2002-04-22 | CVE-2002-0079 | Heap Overflow vulnerability in Microsoft products Buffer overflow in the chunked encoding transfer mechanism in Internet Information Server (IIS) 4.0 and 5.0 Active Server Pages allows attackers to cause a denial of service or execute arbitrary code. | 7.5 |
| 2002-04-22 | CVE-2002-0075 | Unspecified vulnerability in Microsoft products Cross-site scripting vulnerability for Internet Information Server (IIS) 4.0, 5.0 and 5.1 allows remote attackers to execute arbitrary script as other web users via the error message used in a URL redirect (""302 Object Moved") message. | 7.5 |
| 2002-04-22 | CVE-2002-0074 | Unspecified vulnerability in Microsoft products Cross-site scripting vulnerability in Help File search facility for Internet Information Server (IIS) 4.0, 5.0 and 5.1 allows remote attackers to embed scripts into another user's session. | 7.5 |
| 2002-04-22 | CVE-2002-0071 | Buffer Overflow vulnerability in Microsoft products Buffer overflow in the ism.dll ISAPI extension that implements HTR scripting in Internet Information Server (IIS) 4.0 and 5.0 allows attackers to cause a denial of service or execute arbitrary code via HTR requests with long variable names. | 7.5 |
| 2002-04-04 | CVE-2002-0151 | Buffer Overflow vulnerability in Microsoft Windows 2000, Windows NT and Windows XP Buffer overflow in Multiple UNC Provider (MUP) in Microsoft Windows operating systems allows local users to cause a denial of service or possibly gain SYSTEM privileges via a long UNC request. | 7.2 |
| 2002-04-04 | CVE-2002-0051 | Improper Locking vulnerability in Microsoft Windows 2000 Windows 2000 allows local users to prevent the application of new group policy settings by opening Group Policy files with exclusive-read access. | 7.8 |
| 2002-03-29 | CVE-2002-0078 | Unspecified vulnerability in Microsoft Internet Explorer 5.0.1/5.5/6.0 The zone determination function in Microsoft Internet Explorer 5.5 and 6.0 allows remote attackers to run scripts in the Local Computer zone by embedding the script in a cookie, aka the "Cookie-based Script Execution" vulnerability. | 7.5 |
| 2002-03-19 | CVE-2002-0076 | Java Runtime Environment (JRE) Bytecode Verifier allows remote attackers to escape the Java sandbox and execute commands via an applet containing an illegal cast operation, as seen in (1) Microsoft VM build 3802 and earlier as used in Internet Explorer 4.x and 5.x, (2) Netscape 6.2.1 and earlier, and possibly other implementations that use vulnerable versions of SDK or JDK, aka a variant of the "Virtual Machine Verifier" vulnerability. | 7.5 |
| 2002-03-15 | CVE-2002-0070 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft products Buffer overflow in Windows Shell (used as the Windows Desktop) allows local and possibly remote attackers to execute arbitrary code via a custom URL handler that has not been removed for an application that has been improperly uninstalled. | 7.6 |
| 2002-03-08 | CVE-2002-0056 | Buffer Overflow vulnerability in Microsoft SQL Server OLE DB Provider Name Buffer overflow in SQL Server 7.0 and 2000 allows remote attackers to execute arbitrary code via a long OLE DB provider name to (1) OpenDataSource or (2) OpenRowset in an ad hoc connection. | 7.5 |