| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| The user interface in the Windows Firewall does not properly display certain malformed entries in the Windows Registry, which makes it easier for attackers with administrator privileges to hide activities if the administrator only uses the Windows Firewall interface to monitor exceptions. NOTE: the vendor disputes this issue, saying that since administrative privileges are already required, it is not a vulnerability. CVE has not yet formally decided if such "information hiding" issues should be included. |
| Microsoft Windows 2000 before Update Rollup 1 for SP4 does not apply group policies if the user logs on using UPN credentials with a trailing dot, which prevents Windows 2000 from finding the correct domain controller and could allow the user to bypass intended restrictions. |
| The LDAP client on Microsoft Windows 2000 before Update Rollup 1 for SP4 accepts certificates using LDAP Secure Sockets Layer (LDAPS) even when the Certificate Authority (CA) is not trusted, which could allow attackers to trick users into believing that they are accessing a trusted site. |
| Stack-based buffer overflow in the Vector Graphics Rendering engine (vgx.dll), as used in Microsoft Outlook and Internet Explorer 6.0 on Windows XP SP2, and possibly other versions, allows remote attackers to execute arbitrary code via a Vector Markup Language (VML) file with a long fill parameter within a rect tag. |
| Microsoft Terminal Server using Remote Desktop Protocol (RDP) 5.2 stores an RSA private key in mstlsapi.dll and uses it to sign a certificate, which allows remote attackers to spoof public keys of legitimate servers and conduct man-in-the-middle attacks. |
| Heap-based buffer overflow in the DirectAnimation Path Control (DirectAnimation.PathControl) COM object (daxctle.ocx) for Internet Explorer 6.0 SP1, on Chinese and possibly other Windows distributions, allows remote attackers to execute arbitrary code via unknown manipulations in arguments to the KeyFrame method, possibly related to an integer overflow, as demonstrated by daxctle2, and a different vulnerability than CVE-2006-4446. |
| Microsoft Front Page allows attackers to cause a denial of service (crash) via a crafted style tag in a web page. |
| Multiple unspecified vulnerabilities in Opera 8.50 on Linux and Windows have unknown impact and attack vectors, related to (1) " handling of must-revalidate cache directive for HTTPS pages" or (2) a "display issue with cookie comment encoding." |
| Microsoft Internet Explorer 5.2.3 for Mac OS allows remote attackers to cause a denial of service (crash) via a web page with malformed attributes in a BGSOUND tag, possibly involving double-quotes in an about: URI. |
| Cross-site scripting (XSS) vulnerability in ActiveXperts Software ActiveWebserver allows remote attackers to execute arbitrary web script via a link. |
| Buffer overflow in Internet Explorer 6 SP1 for certain languages that support double-byte encodings (e.g., Japanese) allows remote attackers to execute arbitrary code via the Type property of an Object tag, a variant of CVE-2003-0344. |
| Distributed Transaction Controller in Microsoft Windows allows remote servers to cause a denial of service (MSDTC service hang) via a crafted Transaction Internet Protocol (TIP) message that causes DTC to repeatedly connect to a target IP and port number after an error occurs, aka the "Distributed TIP Vulnerability." |
| The MIDL_user_allocate function in the Microsoft Distributed Transaction Coordinator (MSDTC) proxy (MSDTCPRX.DLL) allocates a 4K page of memory regardless of the required size, which allows attackers to overwrite arbitrary memory locations using an incorrect size value that is provided to the NdrAllocate function, which writes management data to memory outside of the allocated buffer. |
| Windows Shell for Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 allows remote attackers to execute arbitrary commands via a shortcut (.lnk) file with long font properties that lead to a buffer overflow in the Client/Server Runtime Server Subsystem (CSRSS), a different vulnerability than CVE-2005-2118. |
| The FTP client in Windows XP SP1 and Server 2003, and Internet Explorer 6 SP1 on Windows 2000 SP4, when "Enable Folder View for FTP Sites" is enabled and the user manually initiates a file transfer, allows user-assisted, remote FTP servers to overwrite files in arbitrary locations via crafted filenames. |
| Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a web page with embedded CLSIDs that reference certain COM objects that are not intended for use within Internet Explorer, as originally demonstrated using the (1) DDS Library Shape Control (Msdds.dll) COM object, and other objects including (2) Blnmgrps.dll, (3) Ciodm.dll, (4) Comsvcs.dll, (5) Danim.dll, (6) Htmlmarq.ocx, (7) Mdt2dd.dll (as demonstrated using a heap corruption attack with uninitialized memory), (8) Mdt2qd.dll, (9) Mpg4ds32.ax, (10) Msadds32.ax, (11) Msb1esen.dll, (12) Msb1fren.dll, (13) Msb1geen.dll, (14) Msdtctm.dll, (15) Mshtml.dll, (16) Msoeacct.dll, (17) Msosvfbr.dll, (18) Mswcrun.dll, (19) Netshell.dll, (20) Ole2disp.dll, (21) Outllib.dll, (22) Psisdecd.dll, (23) Qdvd.dll, (24) Repodbc.dll, (25) Shdocvw.dll, (26) Shell32.dll, (27) Soa.dll, (28) Srchui.dll, (29) Stobject.dll, (30) Vdt70.dll, (31) Vmhelper.dll, and (32) Wbemads.dll, aka a variant of the "COM Object Instantiation Memory Corruption vulnerability." |
| QUARTZ.DLL in Microsoft Windows Media Player 9 allows remote attackers to write a null byte to arbitrary memory via an AVI file with a crafted strn element with a modified length value. |
| Windows Explorer and Internet Explorer in Windows 2000 SP1 allows remote attackers to cause a denial of service (CPU consumption) via a malformed Windows Metafile (WMF) file. |
| Microsoft Visual Studio 6.0 allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code by instantiating certain Visual Studio 6.0 ActiveX COM Objects in Internet Explorer, including (1) tcprops.dll, (2) fp30wec.dll, (3) mdt2db.dll, (4) mdt2qd.dll, and (5) vi30aut.dll. |
| Microsoft Internet Explorer allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code by instantiating certain Windows 2000 ActiveX COM Objects including (1) ciodm.dll, (2) myinfo.dll, (3) msdxm.ocx, and (4) creator.dll. |
