Vulnerabilities > Microsoft > Windows 98 > High

DATE CVE VULNERABILITY TITLE RISK
2009-01-15 CVE-1999-1593 Link Following vulnerability in Microsoft Windows 2000, Windows 95 and Windows 98
Windows Internet Naming Service (WINS) allows remote attackers to cause a denial of service (connectivity loss) or steal credentials via a 1Ch registration that causes WINS to change the domain controller to point to a malicious server.
network
high complexity
microsoft CWE-59
7.6
2007-09-18 CVE-2007-4938 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products
Heap-based buffer overflow in libmpdemux/aviheader.c in MPlayer 1.0rc1 and earlier allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a .avi file with certain large "indx truck size" and nEntriesInuse values, and a certain wLongsPerEntry value.
7.6
2007-02-23 CVE-2006-7034 SQL-Injection vulnerability in Super Link Exchange Script Super Link Exchange Script 1.0
SQL injection vulnerability in directory.php in Super Link Exchange Script 1.0 might allow remote attackers to execute arbitrary SQL queries via the cat parameter.
7.5
2007-02-21 CVE-2007-1043 Authentication Bypass vulnerability in Ezboo Webstats 3.0.3
Ezboo webstats, possibly 3.0.3, allows remote attackers to bypass authentication and gain access via a direct request to (1) update.php and (2) config.php.
7.5
2006-06-13 CVE-2006-2376 Numeric Errors vulnerability in Microsoft Windows 98, Windows 98Se and Windows ME
Integer overflow in the PolyPolygon function in Graphics Rendering Engine on Microsoft Windows 98 and Me allows remote attackers to execute arbitrary code via a Windows Metafile (WMF) or EMF image with a sum of entries in the vertext counts array and number of polygons that triggers a heap-based buffer overflow.
network
low complexity
microsoft CWE-189
7.5
2006-01-09 CVE-2006-0143 Resource Management Errors vulnerability in Microsoft products
Microsoft Windows Graphics Rendering Engine (GRE) allows remote attackers to corrupt memory and cause a denial of service (crash) via a WMF file containing (1) ExtCreateRegion or (2) ExtEscape function calls with arguments with inconsistent lengths.
network
low complexity
microsoft CWE-399
7.5
2005-08-10 CVE-2005-0058 Buffer Overflow vulnerability in Microsoft Windows Telephony Service
Buffer overflow in the Telephony Application Programming Interface (TAPI) for Microsoft Windows 98, Windows 98 SE, Windows ME, Windows 2000, Windows XP, and Windows Server 2003 allows attackers to elevate privileges or execute arbitrary code via a crafted message.
network
low complexity
microsoft
7.5
2005-06-14 CVE-2005-1212 Buffer Overflow vulnerability in Microsoft Step-By-Step Interactive Training Bookmark Link
Buffer overflow in Microsoft Step-by-Step Interactive Training (orun32.exe) allows remote attackers to execute arbitrary code via a bookmark link file (.cbo, cbl, or .cbm extension) with a long User field.
network
low complexity
microsoft
7.5
2005-05-02 CVE-2005-0063 Remote Code Execution vulnerability in Microsoft Windows Shell
The document processing application used by the Windows Shell in Microsoft Windows 2000, Windows XP, and Windows Server 2003 allows remote attackers to execute arbitrary code by modifying the CLSID stored in a file so that it is processed by HTML Application Host (MSHTA), as demonstrated using a Microsoft Word document.
network
low complexity
microsoft
7.5
2005-05-02 CVE-2005-0061 Unspecified vulnerability in Microsoft products
The kernel of Microsoft Windows 2000, Windows XP SP1 and SP2, and Windows Server 2003 allows local users to gain privileges via certain access requests.
local
low complexity
microsoft
7.2