Vulnerabilities > Microsoft > Windows 98 > Critical

DATE CVE VULNERABILITY TITLE RISK
2007-05-17 CVE-2007-2736 Remote File Include vulnerability in Achievo 1.1.0
PHP remote file inclusion vulnerability in index.php in Achievo 1.1.0 allows remote attackers to execute arbitrary PHP code via a URL in the config_atkroot parameter.
network
low complexity
apple hp ibm linux microsoft santa-cruz-operation sun windriver achievo
critical
10.0
2006-12-04 CVE-2006-6261 Remote Memory Corruption vulnerability in Quinnware Quintessential Player Playlist Files
Buffer overflow in Quintessential Player 4.50.1.82 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted (1) M3u or (2) M3u-8 file; or a (3) crafted PLS file with a long value in the (a) NumberofEntries, (b) Length (aka Length1), (c) Filename (aka File1), (d) Title (aka Title1) field, or other unspecified fields.
network
microsoft quinnware
critical
9.3
2006-02-14 CVE-2006-0006 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft products
Heap-based buffer overflow in the bitmap processing routine in Microsoft Windows Media Player 7.1 on Windows 2000 SP4, Media Player 9 on Windows 2000 SP4 and XP SP1, and Media Player 10 on XP SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted bitmap (.BMP) file that specifies a size of 0 but contains additional data.
network
microsoft CWE-119
critical
9.3
2006-01-10 CVE-2006-0010 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft products
Heap-based buffer overflow in T2EMBED.DLL in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 up to SP1, Windows 98, and Windows ME allows remote attackers to execute arbitrary code via an e-mail message or web page with a crafted Embedded Open Type (EOT) web font that triggers the overflow during decompression.
network
microsoft CWE-119
critical
9.3
2006-01-10 CVE-2006-0020 Numeric Errors vulnerability in Microsoft products
An unspecified Microsoft WMF parsing application, as used in Internet Explorer 5.01 SP4 on Windows 2000 SP4, and 5.5 SP2 on Windows Millennium, and possibly other versions, allows attackers to cause a denial of service (crash) and possibly execute code via a crafted WMF file with a manipulated WMF header size, possibly involving an integer overflow, a different vulnerability than CVE-2005-4560, and aka "WMF Image Parsing Memory Corruption Vulnerability."
network
microsoft CWE-189
critical
9.3
2005-06-14 CVE-2005-1208 Remote Code Execution vulnerability in Microsoft Windows HTML Help
Integer overflow in Microsoft Windows 98, 2000, XP SP2 and earlier, and Server 2003 SP1 and earlier allows remote attackers to execute arbitrary code via a crafted compiled Help (.CHM) file with a large size field that triggers a heap-based buffer overflow, as demonstrated using a "ms-its:" URL in Internet Explorer.
network
low complexity
microsoft
critical
10.0
2005-05-02 CVE-2005-0059 Unspecified vulnerability in Microsoft products
Buffer overflow in the Message Queuing component of Microsoft Windows 2000 and Windows XP SP1 allows remote attackers to execute arbitrary code via a crafted message.
network
low complexity
microsoft
critical
10.0
2005-01-10 CVE-2004-0571 Unspecified vulnerability in Microsoft products
Microsoft Word for Windows 6.0 Converter does not properly validate certain data lengths, which allows remote attackers to execute arbitrary code via a .wri, .rtf, and .doc file sent by email or malicious web site, aka "Table Conversion Vulnerability," a different vulnerability than CVE-2004-0901.
network
low complexity
microsoft
critical
10.0
2005-01-10 CVE-2004-0901 Unspecified vulnerability in Microsoft products
Microsoft Word for Windows 6.0 Converter (MSWRD632.WPC), as used in WordPad, does not properly validate certain data lengths, which allows remote attackers to execute arbitrary code via a .wri, .rtf, and .doc file sent by email or malicious web site, aka "Font Conversion Vulnerability," a different vulnerability than CVE-2004-0571.
network
low complexity
microsoft
critical
10.0
2004-08-06 CVE-2004-0201 Heap-based buffer overflow in the HtmlHelp program (hh.exe) in HTML Help for Microsoft Windows 98, Me, NT 4.0, 2000, XP, and Server 2003 allows remote attackers to execute arbitrary commands via a .CHM file with a large length field, a different vulnerability than CVE-2003-1041.
network
low complexity
avaya microsoft
critical
10.0