Vulnerabilities > Microsoft > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2001-11-21 | CVE-2001-0909 | Buffer Overflow vulnerability in Microsoft Windows XP HCP URI Buffer overflow in helpctr.exe program in Microsoft Help Center for Windows XP allows remote attackers to execute arbitrary code via a long hcp: URL. | 7.5 |
| 2001-11-20 | CVE-2001-0902 | Unspecified vulnerability in Microsoft Internet Information Services 5.0 Microsoft IIS 5.0 allows remote attackers to spoof web log entries via an HTTP request that includes hex-encoded newline or form-feed characters. | 7.5 |
| 2001-11-14 | CVE-2001-0724 | Unspecified vulnerability in Microsoft Internet Explorer 5.5 Internet Explorer 5.5 allows remote attackers to bypass security restrictions via malformed URLs that contain dotless IP addresses, which causes Internet Explorer to process the page in the Intranet Zone, which may have fewer security restrictions, aka the "Zone Spoofing Vulnerability variant" of CVE-2001-0664. | 7.5 |
| 2001-10-30 | CVE-2001-0718 | Unspecified vulnerability in Microsoft Excel and Powerpoint Vulnerability in (1) Microsoft Excel 2002 and earlier and (2) Microsoft PowerPoint 2002 and earlier allows attackers to bypass macro restrictions and execute arbitrary commands by modifying the data stream in the document. | 7.5 |
| 2001-10-30 | CVE-2001-0712 | Unspecified vulnerability in Microsoft Internet Explorer 5.0/5.0.1/5.5 The rendering engine in Internet Explorer determines the MIME type independently of the type that is specified by the server, which allows remote servers to automatically execute script which is placed in a file whose MIME type does not normally support scripting, such as text (.txt), JPEG (.jpg), etc. | 7.5 |
| 2001-10-30 | CVE-2001-0665 | Unspecified vulnerability in Microsoft IE Internet Explorer 6 and earlier allows remote attackers to cause certain HTTP requests to be automatically executed and appear to come from the user, which could allow attackers to gain privileges or execute operations within web-based services, aka the "HTTP Request Encoding vulnerability." | 7.5 |
| 2001-10-30 | CVE-2001-0664 | Unspecified vulnerability in Microsoft Internet Explorer 5.01/5.5 Internet Explorer 5.5 and 5.01 allows remote attackers to bypass security restrictions via malformed URLs that contain dotless IP addresses, which causes Internet Explorer to process the page in the Intranet Zone, which may have fewer security restrictions, aka the "Zone Spoofing vulnerability." | 7.5 |
| 2001-09-20 | CVE-2001-0658 | Cross-Site Scripting vulnerability in Microsoft ISA Server 2000 Cross-site scripting (CSS) vulnerability in Microsoft Internet Security and Acceleration (ISA) Server 2000 allows remote attackers to cause other clients to execute certain script or read cookies via malicious script in an invalid URL that is not properly quoted in an error message. | 7.5 |
| 2001-09-20 | CVE-2001-0541 | Buffer Overflow vulnerability in Microsoft Windows Media Player .NSC File Buffer overflow in Microsoft Windows Media Player 7.1 and earlier allows remote attackers to execute arbitrary commands via a malformed Windows Media Station (.NSC) file. | 7.5 |
| 2001-09-20 | CVE-2001-0507 | Unspecified vulnerability in Microsoft Internet Information Services 5.0 IIS 5.0 uses relative paths to find system files that will run in-process, which allows local users to gain privileges via a Trojan horse file, aka the "System file listing privilege elevation" vulnerability. | 7.2 |