Vulnerabilities (CVE)

Vendor filter

Microsoft Subscribe

Filter

6484 total CVE
CVE Vendors Products Updated CVSS
CVE-2005-3173 1 Microsoft 1 Windows 2000 2008-09-05 4.6
Microsoft Windows 2000 before Update Rollup 1 for SP4 does not apply group policies if the user logs on using UPN credentials with a trailing dot, which prevents Windows 2000 from finding the correct domain controller and could allow the user to...
CVE-2005-3172 1 Microsoft 1 Windows 2000 2008-09-05 5.0
The WideCharToMultiByte function in Microsoft Windows 2000 before Update Rollup 1 for SP4 does not properly convert strings with Japanese composite characters in the last character, which could prevent the string from being null terminated and...
CVE-2005-3171 1 Microsoft 1 Windows 2000 2008-09-05 4.6
Microsoft Windows 2000 before Update Rollup 1 for SP4 records Event ID 1704 to indicate that Group Policy security settings were successfully updated, even when the processing fails such as when Ntuser.pol cannot be accessed, which could cause...
CVE-2005-3170 1 Microsoft 1 Windows 2000 2008-09-05 5.1
The LDAP client on Microsoft Windows 2000 before Update Rollup 1 for SP4 accepts certificates using LDAP Secure Sockets Layer (LDAPS) even when the Certificate Authority (CA) is not trusted, which could allow attackers to trick users into...
CVE-2005-3169 1 Microsoft 1 Windows 2000 2008-09-05 5.0
Microsoft Windows 2000 before Update Rollup 1 for SP4, when the "audit directory service access" policy is enabled, does not record a 565 event message for File Delete Child operations on an Active Directory object in the security event log,...
CVE-2005-3168 1 Microsoft 1 Windows 2000 2008-09-05 7.5
The SECEDIT command on Microsoft Windows 2000 before Update Rollup 1 for SP4, when using a security template to set Access Control Lists (ACLs) on folders, does not apply ACLs on folders that are listed after a long folder entry, which could...
CVE-2005-3077 1 Microsoft 1 Ie For Macintosh 2008-09-05 5.0
Microsoft Internet Explorer 5.2.3 for Mac OS allows remote attackers to cause a denial of service (crash) via a web page with malformed attributes in a BGSOUND tag, possibly involving double-quotes in an about: URI.
CVE-2005-2940 1 Microsoft 1 Antispyware 2008-09-05 7.2
Unquoted Windows search path vulnerability in Microsoft Antispyware 1.0.509 (Beta 1) might allow local users to gain privileges via a malicious "program.exe" file in the C: folder, involving the programs (1) GIANTAntiSpywareMain.exe, (2)...
CVE-2005-2935 1 Microsoft 1 Antispyware 2008-09-05 4.6
Unquoted Windows search path vulnerability in Microsoft AntiSpyware might allow local users to execute code via a malicious c:\program.exe file, which is run by AntiSpywareMain.exe when it attempts to execute gsasDtServ.exe. NOTE: it is not...
CVE-2005-2765 1 Microsoft 2 Windows Xp, Windows 2003 Server 2008-09-05 2.1
The user interface in the Windows Firewall does not properly display certain malformed entries in the Windows Registry, which makes it easier for attackers with administrator privileges to hide activities if the administrator only uses the...
CVE-2005-2308 1 Microsoft 1 Ie 2008-09-05 7.5
The JPEG decoder in Microsoft Internet Explorer allows remote attackers to cause a denial of service (CPU consumption or crash) and possibly execute arbitrary code via certain crafted JPEG images, as demonstrated using (1) mov_fencepost.jpg, (2)...
CVE-2005-2304 1 Microsoft 2 Live Messenger, Ie 2008-09-05 5.0
Microsoft MSN Messenger 9.0 and Internet Explorer 6.0 allows remote attackers to cause a denial of service (crash) via an image with an ICC Profile with a large Tag Count.
CVE-2005-2274 1 Microsoft 1 Ie 2008-09-05 2.6
Microsoft Internet Explorer 6.0 does not clearly associate a Javascript dialog box with the web page that generated it, which allows remote attackers to spoof a dialog box from a trusted site and facilitates phishing attacks, aka the "Dialog...
CVE-2005-2226 1 Microsoft 1 Outlook Express 2008-09-05 5.0
Microsoft Outlook Express 6.0 leaks the default news server account when a user responds to a "watched" conversation thread, which could allow remote attackers to obtain sensitive information.
CVE-2005-2225 1 Microsoft 1 Msn Messenger Service 2008-09-05 5.0
Microsoft MSN Messenger allows remote attackers to cause a denial of service via a plaintext message containing the ".pif" string, which is interpreted as a malicious file extension and causes users to be kicked from a group conversation. NOTE:...
CVE-2005-2143 1 Microsoft 1 Frontpage 2008-09-05 5.0
Microsoft Front Page allows attackers to cause a denial of service (crash) via a crafted style tag in a web page.
CVE-2005-1792 1 Microsoft 1 Windows Xp 2008-09-05 5.0
Memory leak in Windows Management Instrumentation (WMI) service allows attackers to cause a denial of service (memory consumption and crash) by creating security contexts more quickly than they can be cleared from the RPC cache.
CVE-2005-0921 1 Microsoft 1 Outlook Connector 2008-09-05 4.6
Microsoft Outlook 2002 Connector for IBM Lotus Domino 2.0 allows local users to save passwords and login credentials locally, even when password caching is disabled by a group policy.
CVE-2005-0360 1 Microsoft 1 Log Sink Class Activex Control 2008-09-05 5.0
The Microsoft Log Sink Class ActiveX control in pkmcore.dll is marked as "safe for scripting" for Internet Explorer, which allows remote attackers to create or append to arbitrary files.
CVE-2004-2291 1 Microsoft 1 Ie 2008-09-05 7.5
Microsoft Windows Internet Explorer 5.5 and 6.0 allows remote attackers to execute arbitrary code via an embedded script that uses Shell Helper objects and a shortcut (link) to execute the target script.