CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Microsoft : Security Vulnerabilities Published In 2000 (Execute Code)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2000-1061 Exec Code Bypass 2000-12-11 2008-09-05
5.1
None Remote High Not required Partial Partial Partial
Microsoft Virtual Machine (VM) in Internet Explorer 4.x and 5.x allows an unsigned applet to create and use ActiveX controls, which allows a remote attacker to bypass Internet Explorer's security settings and execute arbitrary commands via a malicious web page or email, aka the "Microsoft VM ActiveX Component" vulnerability.
2 CVE-2000-1034 Exec Code Overflow 2000-12-11 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in the System Monitor ActiveX control in Windows 2000 allows remote attackers to execute arbitrary commands via a long LogFileName parameter in HTML source code, aka the "ActiveX Parameter Validation" vulnerability.
3 CVE-2000-0886 Exec Code 2000-12-19 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
IIS 5.0 allows remote attackers to execute arbitrary commands via a malformed request for an executable file whose name is appended with operating system commands, aka the "Web Server File Request Parsing" vulnerability.
4 CVE-2000-0885 Exec Code Overflow 2000-12-19 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Buffer overflows in Microsoft Network Monitor (Netmon) allow remote attackers to execute arbitrary commands via a long Browser Name in a CIFS Browse Frame, a long SNMP community name, or a long username or filename in an SMB session, aka the "Netmon Protocol Parsing" vulnerability. NOTE: It is highly likely that this candidate will be split into multiple candidates.
5 CVE-2000-0884 Exec Code 2000-12-19 2008-09-10
7.5
None Remote Low Not required Partial Partial Partial
IIS 4.0 and 5.0 allows remote attackers to read documents outside of the web root, and possibly execute arbitrary commands, via malformed URLs that contain UNICODE encoded characters, aka the "Web Server Folder Traversal" vulnerability.
6 CVE-2000-0854 Exec Code 2000-11-14 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
When a Microsoft Office 2000 document is launched, the directory of that document is first used to locate DLL's such as riched20.dll and msi.dll, which could allow an attacker to execute arbitrary commands by inserting a Trojan Horse DLL into the same directory as the document.
7 CVE-2000-0817 Exec Code Overflow 2000-12-19 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in the HTTP protocol parser for Microsoft Network Monitor (Netmon) allows remote attackers to execute arbitrary commands via malformed data, aka the "Netmon Protocol Parsing" vulnerability.
8 CVE-2000-0788 Exec Code 2000-10-20 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
The Mail Merge tool in Microsoft Word does not prompt the user before executing Visual Basic (VBA) scripts in an Access database, which could allow an attacker to execute arbitrary commands.
9 CVE-2000-0765 Exec Code Overflow 2000-10-20 2008-09-05
5.1
User Remote High Not required Partial Partial Partial
Buffer overflow in the HTML interpreter in Microsoft Office 2000 allows an attacker to execute arbitrary commands via a long embedded object tag, aka the "Microsoft Office HTML Object Tag" vulnerability.
10 CVE-2000-0663 Exec Code 2000-07-25 2008-09-05
4.6
User Local Low Not required Partial Partial Partial
The registry entry for the Windows Shell executable (Explorer.exe) in Windows NT and Windows 2000 uses a relative path name, which allows local users to execute arbitrary commands by inserting a Trojan Horse named Explorer.exe into the %Systemdrive% directory, aka the "Relative Shell Path" vulnerability.
11 CVE-2000-0637 Exec Code 2000-07-26 2008-09-05
4.6
User Local Low Not required Partial Partial Partial
Microsoft Excel 97 and 2000 allows an attacker to execute arbitrary commands by specifying a malicious .dll using the Register.ID function, aka the "Excel REGISTER.ID Function" vulnerability.
12 CVE-2000-0596 Exec Code 2000-06-27 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
Internet Explorer 5.x does not warn a user before opening a Microsoft Access database file that is referenced within ActiveX OBJECT tags in an HTML document, which could allow remote attackers to execute arbitrary commands, aka the "IE Script" vulnerability.
13 CVE-2000-0567 Exec Code Overflow 2000-07-18 2008-09-10
5.0
None Remote Low Not required None Partial None
Buffer overflow in Microsoft Outlook and Outlook Express allows remote attackers to execute arbitrary commands via a long Date field in an email header, aka the "Malformed E-mail Header" vulnerability.
14 CVE-2000-0464 Exec Code Overflow 2000-05-17 2008-09-10
7.6
Admin Remote High Not required Complete Complete Complete
Internet Explorer 4.x and 5.x allows remote attackers to execute arbitrary commands via a buffer overflow in the ActiveX parameter parsing capability, aka the "Malformed Component Attribute" vulnerability.
15 CVE-2000-0260 DoS Exec Code Overflow 2000-04-14 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
Buffer overflow in the dvwssr.dll DLL in Microsoft Visual Interdev 1.0 allows users to cause a denial of service or execute commands, aka the "Link View Server-Side Component" vulnerability.
16 CVE-2000-0201 Exec Code 2000-03-01 2008-09-10
5.1
User Remote High Not required Partial Partial Partial
The window.showHelp() method in Internet Explorer 5.x does not restrict HTML help files (.chm) to be executed from the local host, which allows remote attackers to execute arbitrary commands via Microsoft Networking.
17 CVE-2000-0200 DoS Exec Code Overflow 2000-03-06 2008-09-10
5.1
User Remote High Not required Partial Partial Partial
Buffer overflow in Microsoft Clip Art Gallery allows remote attackers to cause a denial of service or execute commands via a malformed CIL (clip art library) file, aka the "Clip Art Buffer Overrun" vulnerability.
18 CVE-2000-0161 Exec Code 2000-02-18 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
Sample web sites on Microsoft Site Server 3.0 Commerce Edition do not validate an identification number, which allows remote attackers to execute SQL commands.
19 CVE-2000-0088 Exec Code Overflow 2000-01-20 2008-09-10
7.2
Admin Local Low Not required Complete Complete Complete
Buffer overflow in the conversion utilities for Japanese, Korean and Chinese Word 5 documents allows an attacker to execute commands, aka the "Malformed Conversion Data" vulnerability.
20 CVE-2000-0085 Exec Code 2000-01-04 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
Hotmail does not properly filter JavaScript code from a user's mailbox, which allows a remote attacker to execute code via the LOWSRC or DYNRC parameters in the IMG tag.
21 CVE-2000-0081 Exec Code 2000-01-10 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
Hotmail does not properly filter JavaScript code from a user's mailbox, which allows a remote attacker to execute the code by using hexadecimal codes to specify the javascript: protocol, e.g. jAvascript.
Total number of vulnerabilities : 21   Page : 1 (This Page)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.