| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2000-0330 |
|
|
Exec Code |
1999-11-12 |
2008-09-10 |
7.6 |
Admin |
Remote |
High |
Not required |
Complete |
Complete |
Complete |
|
The networking software in Windows 95 and Windows 98 allows remote attackers to execute commands via a long file name string, aka the "File Access URL" vulnerability. |
|
2 |
CVE-2000-0329 |
|
|
|
1999-11-11 |
2008-09-10 |
5.1 |
User |
Remote |
High |
Not required |
Partial |
Partial |
Partial |
|
A Microsoft ActiveX control allows a remote attacker to execute a malicious cabinet file via an attachment and an embedded script in an HTML mail, aka the "Active Setup Control" vulnerability. |
|
3 |
CVE-2000-0328 |
|
|
|
1999-08-24 |
2008-09-10 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Windows NT 4.0 generates predictable random TCP initial sequence numbers (ISN), which allows remote attackers to perform spoofing and session hijacking. |
|
4 |
CVE-2000-0327 |
|
|
Exec Code |
1999-10-21 |
2008-09-10 |
7.6 |
Admin |
Remote |
High |
Not required |
Complete |
Complete |
Complete |
|
Microsoft Virtual Machine (VM) allows remote attackers to escape the Java sandbox and execute commands via an applet containing an illegal cast operation, aka the "Virtual Machine Verifier" vulnerability. |
|
5 |
CVE-2000-0325 |
|
|
Exec Code |
1999-08-20 |
2008-09-10 |
7.2 |
Admin |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
The Microsoft Jet database engine allows an attacker to execute commands via a database query, aka the "VBA Shell" vulnerability. |
|
6 |
CVE-2000-0323 |
|
|
|
1999-07-28 |
2008-09-10 |
7.6 |
Admin |
Remote |
High |
Not required |
Complete |
Complete |
Complete |
|
The Microsoft Jet database engine allows an attacker to modify text files via a database query, aka the "Text I-ISAM" vulnerability. |
|
7 |
CVE-2000-0153 |
|
|
|
1999-03-26 |
2008-09-10 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
FrontPage Personal Web Server (PWS) allows remote attackers to read files via a .... (dot dot) attack. |
|
8 |
CVE-2000-0100 |
|
|
+Priv |
1999-12-29 |
2008-09-10 |
7.2 |
Admin |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
The SMS Remote Control program is installed with insecure permissions, which allows local users to gain privileges by modifying or replacing the program. |
|
9 |
CVE-2000-0073 |
|
|
DoS Overflow |
1999-11-17 |
2008-09-10 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Buffer overflow in Microsoft Rich Text Format (RTF) reader allows attackers to cause a denial of service via a malformed control word. |
|
10 |
CVE-2000-0036 |
|
|
|
1999-12-22 |
2008-09-10 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
Outlook Express 5 for Macintosh downloads attachments to HTML mail without prompting the user, aka the "HTML Mail Attachment" vulnerability. |
|
11 |
CVE-2000-0028 |
|
|
Bypass |
1999-12-23 |
2008-09-10 |
2.6 |
None |
Remote |
High |
Not required |
Partial |
None |
None |
|
Internet Explorer 5.0 and 5.01 allows remote attackers to bypass the cross frame security policy and read files via the external.NavigateAndFind function. |
|
12 |
CVE-2000-0025 |
|
|
|
1999-12-21 |
2008-09-10 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
IIS 4.0 and Site Server 3.0 allow remote attackers to read source code for ASP files if the file is in a virtual directory whose name includes extensions such as .com, .exe, .sh, .cgi, or .dll, aka the "Virtual Directory Naming" vulnerability. |
|
13 |
CVE-2000-0024 |
|
|
Bypass |
1999-12-21 |
2008-09-10 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
None |
|
IIS does not properly canonicalize URLs, potentially allowing remote attackers to bypass access restrictions in third-party software via escape characters, aka the "Escape Character Parsing" vulnerability. |
|
14 |
CVE-1999-1591 |
|
|
Bypass |
1999-12-31 |
2008-09-05 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Microsoft Internet Information Services (IIS) server 4.0 SP4, without certain hotfixes released for SP4, does not require authentication credentials under certain conditions, which allows remote attackers to bypass authentication requirements, as demonstrated by connecting via Microsoft Visual InterDev 6.0. |
|
15 |
CVE-1999-1578 |
|
|
Exec Code Overflow |
1999-09-24 |
2008-09-05 |
5.1 |
None |
Remote |
High |
Not required |
Partial |
Partial |
Partial |
|
Buffer overflow in Registration Wizard ActiveX control (regwizc.dll, InvokeRegWizard) 3.0.0.0 for Internet Explorer 4.01 and 5 allows remote attackers to execute arbitrary commands. |
|
16 |
CVE-1999-1577 |
|
|
Exec Code Overflow |
1999-10-31 |
2008-09-05 |
5.1 |
None |
Remote |
High |
Not required |
Partial |
Partial |
Partial |
|
Buffer overflow in HHOpen ActiveX control (hhopen.ocx) 1.0.0.1 for Internet Explorer 4.01 and 5 allows remote attackers to execute arbitrary commands via long arguments to the OpenHelp method. |
|
17 |
CVE-1999-1575 |
|
|
Exec Code |
1999-09-10 |
2008-09-05 |
5.1 |
None |
Remote |
High |
Not required |
Partial |
Partial |
Partial |
|
The Kodak/Wang (1) Image Edit (imgedit.ocx), (2) Image Annotation (imgedit.ocx), (3) Image Scan (imgscan.ocx), (4) Thumbnail Image (imgthumb.ocx), (5) Image Admin (imgadmin.ocx), (6) HHOpen (hhopen.ocx), (7) Registration Wizard (regwizc.dll), and (8) IE Active Setup (setupctl.dll) ActiveX controls for Internet Explorer (IE) 4.01 and 5.0 are marked as "Safe for Scripting," which allows remote attackers to create and modify files and execute arbitrary commands. |
|
18 |
CVE-1999-1544 |
|
|
DoS Overflow |
1999-01-24 |
2008-09-05 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Buffer overflow in FTP server in Microsoft IIS 3.0 and 4.0 allows local and sometimes remote attackers to cause a denial of service via a long NLST (ls) command. |
|
19 |
CVE-1999-1538 |
|
|
|
1999-01-14 |
2008-09-05 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
When IIS 2 or 3 is upgraded to IIS 4, ism.dll is inadvertently left in /scripts/iisadmin, which does not restrict access to the local machine and allows an unauthorized user to gain access to sensitive server information, including the Administrator's password. |
|
20 |
CVE-1999-1537 |
|
|
DoS |
1999-07-07 |
2008-09-05 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
IIS 3.x and 4.x does not distinguish between pages requiring encryption and those that do not, which allows remote attackers to cause a denial of service (resource exhaustion) via SSL requests to the HTTPS port for normally unencrypted files, which will cause IIS to perform extra work to send the files over SSL. |
|
21 |
CVE-1999-1520 |
|
|
+Info |
1999-05-11 |
2008-09-05 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
A configuration problem in the Ad Server Sample directory (AdSamples) in Microsoft Site Server 3.0 allows an attacker to obtain the SITE.CSC file, which exposes sensitive SQL database information. |
|
22 |
CVE-1999-1484 |
|
|
Exec Code Overflow |
1999-09-24 |
2008-09-05 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Buffer overflow in MSN Setup BBS 4.71.0.10 ActiveX control (setupbbs.ocx) allows a remote attacker to execute arbitrary commands via the methods (1) vAddNewsServer or (2) bIsNewsServerConfigured. |
|
23 |
CVE-1999-1478 |
|
|
DoS |
1999-07-06 |
2008-09-05 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The Sun HotSpot Performance Engine VM allows a remote attacker to cause a denial of service on any server running HotSpot via a URL that includes the [ character. |
|
24 |
CVE-1999-1474 |
|
|
|
1999-12-31 |
2008-09-05 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
PowerPoint 95 and 97 allows remote attackers to cause an application to be run automatically without prompting the user, possibly through the slide show, when the document is opened in browsers such as Internet Explorer. |
|
25 |
CVE-1999-1473 |
|
|
|
1999-12-31 |
2008-09-05 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
When a Web site redirects the browser to another site, Internet Explorer 3.02 and 4.0 automatically resends authentication information to the second site, aka the "Page Redirect Issue." |
|
26 |
CVE-1999-1472 |
|
|
|
1999-12-31 |
2008-09-05 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Internet Explorer 4.0 allows remote attackers to read arbitrary text and HTML files on the user's machine via a small IFRAME that uses Dynamic HTML (DHTML) to send the data to the attacker, aka the Freiburg text-viewing issue. |
|
27 |
CVE-1999-1455 |
|
|
|
1999-12-31 |
2008-09-05 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
RSH service utility RSHSVC in Windows NT 3.5 through 4.0 does not properly restrict access as specified in the .Rhosts file when a user comes from an authorized host, which could allow unauthorized users to access the service by logging in from an authorized host. |
|
28 |
CVE-1999-1453 |
|
|
|
1999-02-02 |
2008-09-05 |
2.6 |
None |
Remote |
High |
Not required |
Partial |
None |
None |
|
Internet Explorer 4 allows remote attackers (malicious web site operators) to read the contents of the clipboard via the Internet WebBrowser ActiveX object. |
|
29 |
CVE-1999-1452 |
|
|
|
1999-12-31 |
2008-09-05 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
GINA in Windows NT 4.0 allows attackers with physical access to display a portion of the clipboard of the user who has locked the workstation by pasting (CTRL-V) the contents into the username prompt. |
|
30 |
CVE-1999-1451 |
|
|
|
1999-12-31 |
2008-09-05 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The Winmsdp.exe sample file in IIS 4.0 and Site Server 3.0 allows remote attackers to read arbitrary files. |
|
31 |
CVE-1999-1397 |
|
|
+Info |
1999-03-23 |
2008-09-10 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Index Server 2.0 on IIS 4.0 stores physical path information in the ContentIndex\Catalogs subkey of the AllowedPaths registry key, whose permissions allows local and remote users to obtain the physical paths of directories that are being indexed. |
|
32 |
CVE-1999-1376 |
|
|
Exec Code Overflow |
1999-01-14 |
2008-09-10 |
10.0 |
Admin |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Buffer overflow in fpcount.exe in IIS 4.0 with FrontPage Server Extensions allows remote attackers to execute arbitrary commands. |
|
33 |
CVE-1999-1375 |
|
|
|
1999-02-11 |
2008-09-05 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
FileSystemObject (FSO) in the showfile.asp Active Server Page (ASP) allows remote attackers to read arbitrary files by specifying the name in the file parameter. |
|
34 |
CVE-1999-1370 |
|
|
|
1999-03-23 |
2008-09-05 |
7.2 |
Admin |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
The setup wizard (ie5setup.exe) for Internet Explorer 5.0 disables (1) the screen saver, which could leave the system open to users with physical access if a failure occurs during an unattended installation, and (2) the Task Scheduler Service, which might prevent the scheduled execution of security-critical programs. |
|
35 |
CVE-1999-1367 |
|
|
|
1999-05-06 |
2008-09-05 |
4.6 |
User |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Internet Explorer 5.0 does not properly reset the username/password cache for Web sites that do not use standard cache controls, which could allow users on the same system to access restricted web sites that were visited by other users. |
|
36 |
CVE-1999-1365 |
|
|
+Priv Bypass |
1999-06-28 |
2008-09-05 |
7.2 |
Admin |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Windows NT searches a user's home directory (%systemroot% by default) before other directories to find critical programs such as NDDEAGNT.EXE, EXPLORER.EXE, USERINIT.EXE or TASKMGR.EXE, which could allow local users to bypass access restrictions or gain privileges by placing a Trojan horse program into the root directory, which is writable by default. |
|
37 |
CVE-1999-1364 |
|
|
DoS |
1999-12-31 |
2008-09-05 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
Windows NT 4.0 allows local users to cause a denial of service (crash) via an illegal kernel mode address to the functions (1) GetThreadContext or (2) SetThreadContext. |
|
38 |
CVE-1999-1363 |
|
|
DoS |
1999-12-31 |
2008-09-05 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
Windows NT 3.51 and 4.0 allow local users to cause a denial of service (crash) by running a program that creates a large number of locks on a file, which exhausts the NonPagedPool. |
|
39 |
CVE-1999-1362 |
|
|
DoS |
1999-12-31 |
2008-09-05 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
Win32k.sys in Windows NT 4.0 before SP2 allows local users to cause a denial of service (crash) by calling certain WIN32K functions with incorrect parameters. |
|
40 |
CVE-1999-1360 |
|
|
DoS |
1999-12-31 |
2008-09-05 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
Windows NT 4.0 allows local users to cause a denial of service via a user mode application that closes a handle that was opened in kernel mode, which causes a crash when the kernel attempts to close the handle. |
|
41 |
CVE-1999-1359 |
|
|
Bypass |
1999-12-31 |
2008-09-05 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
When the Ntconfig.pol file is used on a server whose name is longer than 13 characters, Windows NT does not properly enforce policies for global groups, which could allow users to bypass restrictions that were intended by those policies. |
|
42 |
CVE-1999-1358 |
|
|
Bypass |
1999-12-31 |
2008-09-05 |
4.6 |
User |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
When an administrator in Windows NT or Windows 2000 changes a user policy, the policy is not properly updated if the local ntconfig.pol is not writable by the user, which could allow local users to bypass restrictions that would otherwise be enforced by the policy, possibly by changing the policy file to be read-only. |
|
43 |
CVE-1999-1317 |
|
|
+Priv |
1999-12-31 |
2008-09-05 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Windows NT 4.0 SP4 and earlier allows local users to gain privileges by modifying the symbolic link table in the \?? object folder using a different case letter (upper or lower) to point to a different device. |
|
44 |
CVE-1999-1316 |
|
|
|
1999-12-31 |
2008-09-05 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Passfilt.dll in Windows NT SP2 allows users to create a password that contains the user's name, which could make it easier for an attacker to guess. |
|
45 |
CVE-1999-1294 |
|
|
|
1999-12-31 |
2008-09-05 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Office Shortcut Bar (OSB) in Windows 3.51 enables backup and restore permissions, which are inherited by programs such as File Manager that are started from the Shortcut Bar, which could allow local users to read folders for which they do not have permission. |
|
46 |
CVE-1999-1279 |
|
|
|
1999-12-31 |
2008-09-05 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
An interaction between the AS/400 shared folders feature and Microsoft SNA Server 3.0 and earlier allows users to view each other's folders when the users share the same Local APPC LU. |
|
47 |
CVE-1999-1259 |
|
|
+Info |
1999-12-31 |
2008-09-05 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Microsoft Office 98, Macintosh Edition, does not properly initialize the disk space used by Office 98 files and effectively inserts data from previously deleted files into the Office file, which could allow attackers to obtain sensitive information. |
|
48 |
CVE-1999-1254 |
|
|
DoS |
1999-03-08 |
2008-09-05 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Windows 95, 98, and NT 4.0 allow remote attackers to cause a denial of service by spoofing ICMP redirect messages from a router, which causes Windows to change its routing tables. |
|
49 |
CVE-1999-1246 |
|
|
+Priv |
1999-12-31 |
2008-09-05 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Direct Mailer feature in Microsoft Site Server 3.0 saves user domain names and passwords in plaintext in the TMLBQueue network share, which has insecure default permissions, allowing remote attackers to read the passwords and gain privileges. |
|
50 |
CVE-1999-1241 |
|
|
Exec Code |
1999-05-06 |
2008-09-05 |
10.0 |
Admin |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Internet Explorer, with a security setting below Medium, allows remote attackers to execute arbitrary commands via a malicious web page that uses the FileSystemObject ActiveX object. |
