Vulnerabilities > Microsoft > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2001-05-03 | CVE-2001-0154 | Unspecified vulnerability in Microsoft Internet Explorer HTML e-mail feature in Internet Explorer 5.5 and earlier allows attackers to execute attachments by setting an unusual MIME type for the attachment, which Internet Explorer does not process correctly. | 7.5 |
| 2001-05-03 | CVE-2001-0153 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft Visual Basic and Visual Studio Buffer overflow in VB-TSQL debugger object (vbsdicli.exe) in Visual Studio 6.0 Enterprise Edition allows remote attackers to execute arbitrary commands. | 7.5 |
| 2001-05-03 | CVE-2001-0145 | Unspecified vulnerability in Microsoft Outlook and Outlook Express Buffer overflow in VCard handler in Outlook 2000 and 98, and Outlook Express 5.x, allows an attacker to execute arbitrary commands via a malformed vCard birthday field. | 7.5 |
| 2001-03-12 | CVE-2001-0016 | Unspecified vulnerability in Microsoft Windows NT NTLM Security Support Provider (NTLMSSP) service does not properly check the function number in an LPC request, which could allow local users to gain administrator level access. | 7.2 |
| 2001-03-12 | CVE-2001-0015 | Unspecified vulnerability in Microsoft Windows 2000 Network Dynamic Data Exchange (DDE) in Windows 2000 allows local users to gain SYSTEM privileges via a "WM_COPYDATA" message to an invisible window that is running with the privileges of the WINLOGON process. | 7.2 |
| 2001-02-16 | CVE-2001-0047 | Unspecified vulnerability in Microsoft Windows NT 4.0/Terminalserver The default permissions for the MTS Package Administration registry key in Windows NT 4.0 allows local users to install or modify arbitrary Microsoft Transaction Server (MTS) packages and gain privileges, aka one of the "Registry Permissions" vulnerabilities. | 7.5 |
| 2001-02-12 | CVE-2001-0048 | Unspecified vulnerability in Microsoft Windows 2000 The "Configure Your Server" tool in Microsoft 2000 domain controllers installs a blank password for the Directory Service Restore Mode, which allows attackers with physical access to the controller to install malicious programs, aka the "Directory Service Restore Mode Password" vulnerability. | 7.2 |
| 2001-02-12 | CVE-2001-0006 | Incorrect Permission Assignment for Critical Resource vulnerability in Microsoft Windows NT 4.0 The Winsock2ProtocolCatalogMutex mutex in Windows NT 4.0 has inappropriate Everyone/Full Control permissions, which allows local users to modify the permissions to "No Access" and disable Winsock network connectivity to cause a denial of service, aka the "Winsock Mutex" vulnerability. | 7.1 |
| 2001-01-09 | CVE-2000-1149 | Unspecified vulnerability in Microsoft Windows NT Terminalserver Buffer overflow in RegAPI.DLL used by Windows NT 4.0 Terminal Server allows remote attackers to execute arbitrary commands via a long username, aka the "Terminal Server Login Buffer Overflow" vulnerability. | 7.5 |
| 2001-01-09 | CVE-2000-1139 | USE of Hard-Coded Credentials vulnerability in Microsoft Exchange Server 2000 The installation of Microsoft Exchange 2000 before Rev. | 7.5 |