Vulnerabilities > Microsoft > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2000-04-12 | CVE-2000-0259 | Unspecified vulnerability in Microsoft Terminal Server and Windows NT The default permissions for the Cryptography\Offload registry key used by the OffloadModExpo in Windows NT 4.0 allows local users to obtain compromise the cryptographic keys of other users. | 7.2 |
| 2000-04-07 | CVE-2000-0298 | Unspecified vulnerability in Microsoft Windows 2000 The unattended installation of Windows 2000 with the OEMPreinstall option sets insecure permissions for the All Users and Default Users directories. | 7.2 |
| 2000-04-03 | CVE-2000-0277 | 7PK - Security Features vulnerability in Microsoft Excel 2000/97 Microsoft Excel 97 and 2000 does not warn the user when executing Excel Macro Language (XLM) macros in external text files, which could allow an attacker to execute a macro virus, aka the "XLM Text Macro" vulnerability. | 7.2 |
| 2000-03-14 | CVE-2000-0199 | Weak Password Encryption vulnerability in Microsoft SQL Server 7.0 When a new SQL Server is registered in Enterprise Manager for Microsoft SQL Server 7.0 and the "Always prompt for login name and password" option is not set, then the Enterprise Manager uses weak encryption to store the login ID and password. | 7.2 |
| 2000-03-08 | CVE-2000-0202 | Unspecified vulnerability in Microsoft Data Engine and SQL Server Microsoft SQL Server 7.0 and Microsoft Data Engine (MSDE) 1.0 allow remote attackers to gain privileges via a malformed Select statement in an SQL query. | 7.5 |
| 2000-02-18 | CVE-2000-0161 | Unspecified vulnerability in Microsoft Site Server 3.0 Sample web sites on Microsoft Site Server 3.0 Commerce Edition do not validate an identification number, which allows remote attackers to execute SQL commands. | 7.5 |
| 2000-01-20 | CVE-2000-0088 | Unspecified vulnerability in Microsoft products Buffer overflow in the conversion utilities for Japanese, Korean and Chinese Word 5 documents allows an attacker to execute commands, aka the "Malformed Conversion Data" vulnerability. | 7.2 |
| 2000-01-04 | CVE-2000-0085 | Unspecified vulnerability in Microsoft Hotmail Hotmail does not properly filter JavaScript code from a user's mailbox, which allows a remote attacker to execute code via the LOWSRC or DYNRC parameters in the IMG tag. | 7.5 |
| 1999-12-31 | CVE-1999-1591 | Authentication vulnerability in Microsoft VisualInterDev 6.0 - IIS4- Management With No Microsoft Internet Information Services (IIS) server 4.0 SP4, without certain hotfixes released for SP4, does not require authentication credentials under certain conditions, which allows remote attackers to bypass authentication requirements, as demonstrated by connecting via Microsoft Visual InterDev 6.0. | 7.5 |
| 1999-12-31 | CVE-1999-1474 | Unspecified vulnerability in Microsoft Powerpoint 95/97 PowerPoint 95 and 97 allows remote attackers to cause an application to be run automatically without prompting the user, possibly through the slide show, when the document is opened in browsers such as Internet Explorer. | 7.5 |