Vulnerabilities > Microsoft > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-03-23 | CVE-2006-1364 | Resource Exhaustion vulnerability in Microsoft Asp.Net 1.0/1.1 Microsoft w3wp (aka w3wp.exe) does not properly handle when the AspCompat directive is not used when referencing COM components in ASP.NET, which allows remote attackers to cause a denial of service (resource consumption or crash) by repeatedly requesting each of several documents that refer to COM components, or are restricted documents located under the ASP.NET application path. | 7.5 |
| 2004-08-06 | CVE-2004-0213 | Missing Authentication for Critical Function vulnerability in Microsoft Windows 2000 Utility Manager in Windows 2000 launches winhlp32.exe while Utility Manager is running with raised privileges, which allows local users to gain system privileges via a "Shatter" style attack that sends a Windows message to cause Utility Manager to launch winhlp32 by directly accessing the context sensitive help and bypassing the GUI, then sending another message to winhlp32 in order to open a user-selected file, a different vulnerability than CVE-2003-0908. | 7.8 |
| 2004-08-06 | CVE-2004-0210 | Classic Buffer Overflow vulnerability in Microsoft Interix, Windows 2000 and Windows NT The POSIX component of Microsoft Windows NT and Windows 2000 allows local users to execute arbitrary code via certain parameters, possibly by modifying message length values and causing a buffer overflow. | 7.8 |
| 2004-07-27 | CVE-2003-1048 | Double Free vulnerability in Microsoft products Double free vulnerability in mshtml.dll for certain versions of Internet Explorer 6.x allows remote attackers to cause a denial of service (application crash) via a malformed GIF image. | 7.8 |
| 2004-06-01 | CVE-2004-0119 | NULL Pointer Dereference vulnerability in Microsoft Windows 2000, Windows Server 2003 and Windows XP The Negotiate Security Software Provider (SSP) interface in Windows 2000, Windows XP, and Windows Server 2003, allows remote attackers to cause a denial of service (crash from null dereference) or execute arbitrary code via a crafted SPNEGO NegTokenInit request during authentication protocol selection. | 7.5 |
| 2002-12-31 | CVE-2002-1872 | Inadequate Encryption Strength vulnerability in Microsoft SQL Server Microsoft SQL Server 6.0 through 2000, with SQL Authentication enabled, uses weak password encryption (XOR), which allows remote attackers to sniff and decrypt the password. | 7.5 |
| 2002-12-31 | CVE-2002-1844 | Incorrect Default Permissions vulnerability in Microsoft Windows Media Player 6.3 Microsoft Windows Media Player (WMP) 6.3, when installed on Solaris, installs executables with world-writable permissions, which allows local users to delete or modify the executables to gain privileges. | 7.8 |
| 2002-12-31 | CVE-2002-1745 | Off-by-one Error vulnerability in Microsoft Internet Information Services 5.0 Off-by-one error in the CodeBrws.asp sample script in Microsoft IIS 5.0 allows remote attackers to view the source code for files with extensions containing with one additional character after .html, .htm, .asp, or .inc, such as .aspx files. | 7.5 |
| 2002-06-25 | CVE-2002-0367 | Unspecified vulnerability in Microsoft Windows 2000 and Windows NT smss.exe debugging subsystem in Windows NT and Windows 2000 does not properly authenticate programs that connect to other programs, which allows local users to gain administrator or SYSTEM privileges by duplicating a handle to a privileged process, as demonstrated by DebPloit. | 7.8 |
| 2002-04-04 | CVE-2002-0051 | Improper Locking vulnerability in Microsoft Windows 2000 Windows 2000 allows local users to prevent the application of new group policy settings by opening Group Policy files with exclusive-read access. | 7.8 |