Vulnerabilities > Microsoft > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 1999-10-26 | CVE-1999-1234 | Unspecified vulnerability in Microsoft Windows NT 4.0 LSA (LSASS.EXE) in Windows NT 4.0 allows remote attackers to cause a denial of service via a NULL policy handle in a call to (1) SamrOpenDomain, (2) SamrEnumDomainUsers, and (3) SamrQueryDomainInfo. | 5.0 |
| 1999-09-24 | CVE-1999-1578 | Unspecified vulnerability in Microsoft Internet Explorer 4.0.1/5.0 Buffer overflow in Registration Wizard ActiveX control (regwizc.dll, InvokeRegWizard) 3.0.0.0 for Internet Explorer 4.01 and 5 allows remote attackers to execute arbitrary commands. | 5.1 |
| 1999-09-13 | CVE-1999-0750 | Unspecified vulnerability in Microsoft Hotmail Hotmail allows Javascript to be executed via the HTML STYLE tag, allowing remote attackers to execute commands on the user's Hotmail account. | 5.1 |
| 1999-09-10 | CVE-1999-1575 | Unspecified vulnerability in Microsoft Internet Explorer 4.0.1/5.0 The Kodak/Wang (1) Image Edit (imgedit.ocx), (2) Image Annotation (imgedit.ocx), (3) Image Scan (imgscan.ocx), (4) Thumbnail Image (imgthumb.ocx), (5) Image Admin (imgadmin.ocx), (6) HHOpen (hhopen.ocx), (7) Registration Wizard (regwizc.dll), and (8) IE Active Setup (setupctl.dll) ActiveX controls for Internet Explorer (IE) 4.01 and 5.0 are marked as "Safe for Scripting," which allows remote attackers to create and modify files and execute arbitrary commands. | 5.1 |
| 1999-09-10 | CVE-1999-0910 | Unspecified vulnerability in Microsoft products Microsoft Site Server and Commercial Internet System (MCIS) do not set an expiration for a cookie, which could then be cached by a proxy and inadvertently used by a different user. | 5.0 |
| 1999-09-01 | CVE-1999-0670 | Unspecified vulnerability in Microsoft Internet Explorer 4.0/5.0 Buffer overflow in the Eyedog ActiveX control allows a remote attacker to execute arbitrary commands. | 4.0 |
| 1999-09-01 | CVE-1999-0669 | Unspecified vulnerability in Microsoft Internet Explorer 4.0/5.0 The Eyedog ActiveX control is marked as "safe for scripting" for Internet Explorer, which allows a remote attacker to execute arbitrary commands as demonstrated by Bubbleboy. | 4.0 |
| 1999-08-27 | CVE-1999-1016 | Microsoft HTML control as used in (1) Internet Explorer 5.0, (2) FrontPage Express, (3) Outlook Express 5, and (4) Eudora, and possibly others, allows remote malicious web site or HTML emails to cause a denial of service (100% CPU consumption) via large HTML form fields such as text inputs in a table cell. | 5.0 |
| 1999-08-25 | CVE-1999-1235 | Unspecified vulnerability in Microsoft Internet Explorer 5.0 Internet Explorer 5.0 records the username and password for FTP servers in the URL history, which could allow (1) local users to read the information from another user's index.dat, or (2) people who are physically observing ("shoulder surfing") another user to read the information from the status bar when the user moves the mouse over a link. | 4.6 |
| 1999-08-24 | CVE-1999-1052 | Unspecified vulnerability in Microsoft Frontpage Microsoft FrontPage stores form results in a default location in /_private/form_results.txt, which is world-readable and accessible in the document root, which allows remote attackers to read possibly sensitive information submitted by other users. | 5.0 |