Microsoft : Security Vulnerabilities, CVEs, Published In January 2000
Microsoft Java Virtual Machine allows remote attackers to read files via the getSystemResourceAsStream function.
Max CVSS
2.6
EPSS Score
0.43%
Published
2000-01-31
Updated
2008-09-10
Sample Internet Data Query (IDQ) scripts in IIS 3 and 4 allow remote attackers to read files via a .. (dot dot) attack.
Max CVSS
5.0
EPSS Score
95.61%
Published
2000-01-26
Updated
2022-08-17
IIS allows local users to cause a denial of service via invalid regular expressions in a Visual Basic script in an ASP page.
Max CVSS
5.0
EPSS Score
2.73%
Published
2000-01-21
Updated
2022-08-17
Microsoft Index Server allows remote attackers to determine the real path for a web directory via a request to an Internet Data Query file that does not exist.
Max CVSS
5.0
EPSS Score
96.38%
Published
2000-01-26
Updated
2018-10-12
The WebHits ISAPI filter in Microsoft Index Server allows remote attackers to read arbitrary files, aka the "Malformed Hit-Highlighting Argument" vulnerability.
Max CVSS
5.0
EPSS Score
93.00%
Published
2000-01-26
Updated
2018-10-12
Buffer overflow in the conversion utilities for Japanese, Korean and Chinese Word 5 documents allows an attacker to execute commands, aka the "Malformed Conversion Data" vulnerability.
Max CVSS
7.2
EPSS Score
0.05%
Published
2000-01-20
Updated
2018-10-12
Hotmail does not properly filter JavaScript code from a user's mailbox, which allows a remote attacker to execute code via the LOWSRC or DYNRC parameters in the IMG tag.
Max CVSS
7.5
EPSS Score
1.50%
Published
2000-01-04
Updated
2022-08-17
WebTV email client allows remote attackers to force the client to send email without the user's knowledge via HTML.
Max CVSS
5.0
EPSS Score
1.67%
Published
2000-01-02
Updated
2008-09-05
Hotmail does not properly filter JavaScript code from a user's mailbox, which allows a remote attacker to execute the code by using hexadecimal codes to specify the javascript: protocol, e.g. jAvascript.
Max CVSS
10.0
EPSS Score
1.17%
Published
2000-01-10
Updated
2022-08-17
IIS 4.0 allows a remote attacker to obtain the real pathname of the document root by requesting non-existent files with .ida or .idq extensions.
Max CVSS
5.0
EPSS Score
92.20%
Published
2000-01-11
Updated
2018-10-30
NtImpersonateClientOfPort local procedure call in Windows NT 4.0 allows local users to gain privileges, aka "Spoofed LPC Port Request."
Max CVSS
7.2
EPSS Score
0.05%
Published
2000-01-12
Updated
2018-10-12
Internet Explorer 5 does not modify the security zone for a document that is being loaded into a window until after the document has been loaded, which could allow remote attackers to execute Javascript in a different security context while the document is loading.
Max CVSS
10.0
EPSS Score
1.17%
Published
2000-01-07
Updated
2021-07-23
Microsoft Commercial Internet System (MCIS) IMAP server allows remote attackers to cause a denial of service via a malformed IMAP request.
Max CVSS
7.5
EPSS Score
2.11%
Published
2000-01-04
Updated
2018-10-12
Buffer overflow in Internet Explorer 4.0 via EMBED tag.
Max CVSS
10.0
EPSS Score
1.00%
Published
2000-01-04
Updated
2021-07-22
A Windows NT system does not clear the system page file during shutdown, which might allow sensitive information to be recorded.
Max CVSS
2.1
EPSS Score
0.04%
Published
2000-01-20
Updated
2022-08-17
15 vulnerabilities found