Vulnerabilities > Microsoft > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 1999-11-01 | CVE-1999-0354 | Unspecified vulnerability in Microsoft Internet Explorer and Word Internet Explorer 4.x or 5.x with Word 97 allows arbitrary execution of Visual Basic programs to the IE client through the Word 97 template, which doesn't warn the user that the template contains executable content. | 7.5 |
| 1999-10-21 | CVE-2000-0327 | Unspecified vulnerability in Microsoft Virtual Machine 2000/3000 Microsoft Virtual Machine (VM) allows remote attackers to escape the Java sandbox and execute commands via an applet containing an illegal cast operation, aka the "Virtual Machine Verifier" vulnerability. | 7.6 |
| 1999-09-24 | CVE-1999-1484 | Buffer Overflow vulnerability in Microsoft MSN Setup Bulletin Board Services 4.71.0.10 Buffer overflow in MSN Setup BBS 4.71.0.10 ActiveX control (setupbbs.ocx) allows a remote attacker to execute arbitrary commands via the methods (1) vAddNewsServer or (2) bIsNewsServerConfigured. | 7.5 |
| 1999-08-20 | CVE-2000-0325 | Unspecified vulnerability in Microsoft JET 3.5/3.5.1 The Microsoft Jet database engine allows an attacker to execute commands via a database query, aka the "VBA Shell" vulnerability. | 7.2 |
| 1999-06-28 | CVE-1999-1365 | Unspecified vulnerability in Microsoft Windows NT Windows NT searches a user's home directory (%systemroot% by default) before other directories to find critical programs such as NDDEAGNT.EXE, EXPLORER.EXE, USERINIT.EXE or TASKMGR.EXE, which could allow local users to bypass access restrictions or gain privileges by placing a Trojan horse program into the root directory, which is writable by default. | 7.2 |
| 1999-04-21 | CVE-1999-0490 | Unspecified vulnerability in Microsoft Internet Explorer 4.0/5.0 MSHTML.DLL in Internet Explorer 5.0 allows a remote attacker to learn information about a local user's files via an IMG SRC tag. | 7.5 |
| 1999-04-21 | CVE-1999-0488 | Unspecified vulnerability in Microsoft Internet Explorer 4.0/4.0.1/5.0 Internet Explorer 4.0 and 5.0 allows a remote attacker to execute security scripts in a different security context using malicious URLs, a variant of the "cross frame" vulnerability. | 7.5 |
| 1999-03-23 | CVE-1999-1397 | Remote Registry vulnerability in Microsoft Index Server 2.0 Index Server 2.0 on IIS 4.0 stores physical path information in the ContentIndex\Catalogs subkey of the AllowedPaths registry key, whose permissions allows local and remote users to obtain the physical paths of directories that are being indexed. | 7.5 |
| 1999-03-23 | CVE-1999-1370 | Unspecified vulnerability in Microsoft Internet Explorer 5.0 The setup wizard (ie5setup.exe) for Internet Explorer 5.0 disables (1) the screen saver, which could leave the system open to users with physical access if a failure occurs during an unattended installation, and (2) the Task Scheduler Service, which might prevent the scheduled execution of security-critical programs. | 7.2 |
| 1999-03-12 | CVE-1999-0382 | Unspecified vulnerability in Microsoft Windows NT 3.5.1/4.0 The screen saver in Windows NT does not verify that its security context has been changed properly, allowing attackers to run programs with elevated privileges. | 7.2 |