CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Microsoft : Security Vulnerabilities Published In 2001 (Denial Of Service)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2001-1560 DoS 2001-12-31 2008-09-05
2.1
None Local Low Not required None None Partial
Win32k.sys (aka Graphics Device Interface (GDI)) in Windows 2000 and XP allows local users to cause a denial of service (system crash) by calling the ShowWindow function after receiving a WM_NCCREATE message.
2 CVE-2001-1552 DoS 2001-12-31 2008-09-10
5.0
None Remote Low Not required None None Partial
ssdpsrv.exe in Windows ME allows remote attackers to cause a denial of service by sending multiple newlines in a Simple Service Discovery Protocol (SSDP) message. NOTE: multiple replies to the original post state that the problem could not be reproduced.
3 CVE-2001-1539 119 DoS Overflow 2001-12-31 2010-01-08
5.0
None Remote Low Not required None None Partial
Stack consumption vulnerability in Internet Explorer The JavaScript settimeout function in Internet Explorer allows remote attackers to cause a denial of service (crash) via the JavaScript settimeout function. NOTE: the vendor could not reproduce the problem.
4 CVE-2001-1533 DoS 2001-12-31 2008-09-05
5.0
None Remote Low Not required None None Partial
** DISPUTED * Microsoft Internet Security and Acceleration (ISA) Server 2000 allows remote attackers to cause a denial of service via a flood of fragmented UDP packets. NOTE: the vendor disputes this issue, saying that it requires high bandwidth to exploit, and the server does not experience any instability. Therefore this "laws of physics" issue might not be included in CVE.
5 CVE-2001-1518 DoS 2001-12-31 2008-09-05
2.1
None Local Low Not required None None Partial
RunAs (runas.exe) in Windows 2000 only creates one session instance at a time, which allows local users to cause a denial of service (RunAs hang) by creating a named pipe session with the authentication server without any request for service. NOTE: the vendor disputes this vulnerability, however the vendor also presents a scenario in which other users could be affected if running on a Terminal Server. Therefore this is a vulnerability.
6 CVE-2001-1489 DoS 2001-12-31 2008-09-05
5.0
None Remote Low Not required None None Partial
Microsoft Internet Explorer 6 allows remote attackers to cause a denial of service (CPU consumption and memory leak) via a web page with a large number of images.
7 CVE-2001-1450 DoS 2001-05-11 2008-09-05
2.6
None Remote High Not required None None Partial
Microsoft Internet Explorer 5.0 through 6.0 allows attackers to cause a denial of service (browser crash) via a crafted FTP URL such as "/.#./".
8 CVE-2001-1347 DoS +Priv 2001-05-24 2008-09-05
4.6
User Local Low Not required Partial Partial Partial
Windows 2000 allows local users to cause a denial of service and possibly gain privileges by setting a hardware breakpoint that is handled using global debug registers, which could cause other processes to terminate due to an exception, and allow hijacking of resources such as named pipes.
9 CVE-2001-1319 DoS 2001-07-16 2008-09-05
5.0
None Remote Low Not required None None Partial
Microsoft Exchange 5.5 2000 allows remote attackers to cause a denial of service (hang) via exceptional BER encodings for the LDAP filter type field, as demonstrated by the PROTOS LDAPv3 test suite.
10 CVE-2001-1288 DoS 2001-07-27 2008-09-10
2.1
None Local Low Not required None None Partial
Windows 2000 and Windows NT allows local users to cause a denial of service (reboot) by executing a command at the command prompt and pressing the F7 and enter keys several times while the command is executing, possibly related to an exception handling error in csrss.exe.
11 CVE-2001-1244 DoS 2001-07-07 2008-09-05
5.0
None Remote Low Not required None None Partial
Multiple TCP implementations could allow remote attackers to cause a denial of service (bandwidth and CPU exhaustion) by setting the maximum segment size (MSS) to a very small number and requesting large amounts of data, which generates more packets with less TCP-level data that amplify network traffic and consume more server CPU to process.
12 CVE-2001-1243 DoS 2001-07-04 2008-09-05
5.0
None Remote Low Not required None None Partial
Scripting.FileSystemObject in asp.dll for Microsoft IIS 4.0 and 5.0 allows local or remote attackers to cause a denial of service (crash) via (1) creating an ASP program that uses Scripting.FileSystemObject to open a file with an MS-DOS device name, or (2) remotely injecting the device name into ASP programs that internally use Scripting.FileSystemObject.
13 CVE-2001-1219 DoS 2001-12-20 2008-09-10
5.0
None Remote Low Not required None None Partial
Microsoft Internet Explorer 6.0 and earlier allows malicious website operators to cause a denial of service (client crash) via JavaScript that continually refreshes the window via self.location.
14 CVE-2001-1218 DoS 2001-12-20 2008-09-10
2.1
None Local Low Not required None None Partial
Microsoft Internet Explorer for Unix 5.0SP1 allows local users to possibly cause a denial of service (crash) in CDE or the X server on Solaris 2.6 by rapidly scrolling Chinese characters or maximizing the window.
15 CVE-2001-1186 DoS 2001-12-11 2008-09-05
5.0
None Remote Low Not required None None Partial
Microsoft IIS 5.0 allows remote attackers to cause a denial of service via an HTTP request with a content-length value that is larger than the size of the request, which prevents IIS from timing out the connection.
16 CVE-2001-1122 DoS 2001-08-03 2008-09-05
2.1
None Local Low Not required None None Partial
Windows NT 4.0 SP 6a allows a local user with write access to winnt/system32 to cause a denial of service (crash in lsass.exe) by running the NT4ALL exploit program in 'SPECIAL' mode.
17 CVE-2001-1055 DoS 2001-07-30 2008-09-05
5.0
None Remote Low Not required None None Partial
The Microsoft Windows network stack allows remote attackers to cause a denial of service (CPU consumption) via a flood of malformed ARP request packets with random source IP and MAC addresses, as demonstrated by ARPNuke.
18 CVE-2001-0951 DoS 2001-12-07 2008-09-05
5.0
None Remote Low Not required None None Partial
Windows 2000 allows remote attackers to cause a denial of service (CPU consumption) by flooding Internet Key Exchange (IKE) UDP port 500 with packets that contain a large number of dot characters.
19 CVE-2001-0945 DoS Overflow 2001-12-03 2008-09-05
5.0
None Remote Low Not required None None Partial
Buffer overflow in Outlook Express 5.0 through 5.02 for Macintosh allows remote attackers to cause a denial of service via an e-mail message that contains a long line.
20 CVE-2001-0879 DoS 2001-12-20 2008-09-05
5.0
None Remote Low Not required None None Partial
Format string vulnerability in the C runtime functions in SQL Server 7.0 and 2000 allows attackers to cause a denial of service.
21 CVE-2001-0877 DoS 2001-12-20 2008-09-05
5.0
None Remote Low Not required None None Partial
Universal Plug and Play (UPnP) on Windows 98, 98SE, ME, and XP allows remote attackers to cause a denial of service via (1) a spoofed SSDP advertisement that causes the client to connect to a service on another machine that generates a large amount of traffic (e.g., chargen), or (2) via a spoofed SSDP announcement to broadcast or multicast addresses, which could cause all UPnP clients to send traffic to a single target system.
22 CVE-2001-0721 DoS 2001-12-06 2008-09-05
5.0
None Remote Low Not required None None Partial
Universal Plug and Play (UPnP) in Windows 98, 98SE, ME, and XP allows remote attackers to cause a denial of service (memory consumption or crash) via a malformed UPnP request.
23 CVE-2001-0666 DoS 2001-10-30 2008-09-05
2.1
None Local Low Not required None None Partial
Outlook Web Access (OWA) in Microsoft Exchange 2000 allows an authenticated user to cause a denial of service (CPU consumption) via a malformed OWA request for a deeply nested folder within the user's mailbox.
24 CVE-2001-0663 DoS 2001-12-06 2008-09-05
5.0
None Remote Low Not required None None Partial
Terminal Server in Windows NT and Windows 2000 allows remote attackers to cause a denial of service via a sequence of invalid Remote Desktop Protocol (RDP) packets.
25 CVE-2001-0662 DoS 2001-10-30 2008-09-05
5.0
None Remote Low Not required None None Partial
RPC endpoint mapper in Windows NT 4.0 allows remote attackers to cause a denial of service (loss of RPC services) via a malformed request.
26 CVE-2001-0659 DoS Overflow 2001-09-20 2008-09-05
5.0
None Remote Low Not required None None Partial
Buffer overflow in IrDA driver providing infrared data exchange on Windows 2000 allows attackers who are physically close to the machine to cause a denial of service (reboot) via a malformed IrDA packet.
27 CVE-2001-0547 DoS 2001-09-20 2008-09-05
2.1
None Local Low Not required None None Partial
Memory leak in the proxy service in Microsoft Internet Security and Acceleration (ISA) Server 2000 allows local attackers to cause a denial of service (resource exhaustion).
28 CVE-2001-0546 DoS 2001-09-20 2008-09-05
5.0
None Remote Low Not required None None Partial
Memory leak in H.323 Gatekeeper Service in Microsoft Internet Security and Acceleration (ISA) Server 2000 allows remote attackers to cause a denial of service (resource exhaustion) via a large amount of malformed H.323 data.
29 CVE-2001-0545 DoS 2001-10-30 2008-09-05
5.0
None Remote Low Not required None None Partial
IIS 4.0 with URL redirection enabled allows remote attackers to cause a denial of service (crash) via a malformed request that specifies a length that is different than the actual length.
30 CVE-2001-0544 DoS 2001-10-30 2008-09-05
2.1
None Local Low Not required None None Partial
IIS 5.0 allows local users to cause a denial of service (hang) via by installing content that produces a certain invalid MIME Content-Type header, which corrupts the File Type table.
31 CVE-2001-0543 DoS 2001-09-20 2008-09-05
5.0
None Remote Low Not required None None Partial
Memory leak in NNTP service in Windows NT 4.0 and Windows 2000 allows remote attackers to cause a denial of service (memory exhaustion) via a large number of malformed posts.
32 CVE-2001-0540 DoS 2001-10-30 2008-09-05
5.0
None Remote Low Not required None None Partial
Memory leak in Terminal servers in Windows NT and Windows 2000 allows remote attackers to cause a denial of service (memory exhaustion) via a large number of malformed Remote Desktop Protocol (RDP) requests to port 3389.
33 CVE-2001-0509 DoS 2001-09-20 2008-09-10
5.0
None Remote Low Not required None None Partial
Vulnerabilities in RPC servers in (1) Microsoft Exchange Server 2000 and earlier, (2) Microsoft SQL Server 2000 and earlier, (3) Windows NT 4.0, and (4) Windows 2000 allow remote attackers to cause a denial of service via malformed inputs.
34 CVE-2001-0508 DoS 2001-09-20 2008-09-05
5.0
None Remote Low Not required None None Partial
Vulnerability in IIS 5.0 allows remote attackers to cause a denial of service (restart) via a long, invalid WebDAV request.
35 CVE-2001-0505 DoS 2001-10-30 2008-09-05
5.0
None Remote Low Not required None None Partial
Multiple memory leaks in Microsoft Services for Unix 2.0 allow remote attackers to cause a denial of service (memory exhaustion) via a large number of malformed requests to (1) the Telnet service, or (2) the NFS service.
36 CVE-2001-0503 DoS 2001-07-21 2008-09-05
5.0
None Remote Low Not required None None Partial
Microsoft NetMeeting 3.01 with Remote Desktop Sharing enabled allows remote attackers to cause a denial of service via a malformed string to the NetMeeting service port, aka a variant of the "NetMeeting Desktop Sharing" vulnerability.
37 CVE-2001-0351 DoS 2001-07-21 2008-09-10
2.1
None Local Low Not required None None Partial
Microsoft Windows 2000 telnet service allows a local user to make a certain system call that allows the user to terminate a Telnet session and cause a denial of service.
38 CVE-2001-0348 DoS 2001-07-21 2008-09-10
5.0
None Remote Low Not required None None Partial
Microsoft Windows 2000 telnet service allows attackers to cause a denial of service (crash) via a long logon command that contains a backspace.
39 CVE-2001-0346 DoS 2001-07-21 2008-09-10
5.0
None Remote Low Not required None None Partial
Handle leak in Microsoft Windows 2000 telnet service allows attackers to cause a denial of service by starting a large number of sessions and terminating them.
40 CVE-2001-0345 DoS 2001-07-21 2008-09-10
5.0
None Remote Low Not required None None Partial
Microsoft Windows 2000 telnet service allows attackers to prevent idle Telnet sessions from timing out, causing a denial of service by creating a large number of idle sessions.
41 CVE-2001-0337 DoS 2001-06-27 2008-09-05
5.0
None Remote Low Not required None None Partial
The Microsoft MS01-014 and MS01-016 patches for IIS 5.0 and earlier introduce a memory leak which allows attackers to cause a denial of service via a series of requests.
42 CVE-2001-0336 DoS 2001-06-27 2008-09-05
5.0
None Remote Low Not required None None Partial
The Microsoft MS00-060 patch for IIS 5.0 and earlier introduces an error which allows attackers to cause a denial of service via a malformed request.
43 CVE-2001-0334 DoS 2001-06-27 2008-09-05
5.0
None Remote Low Not required None None Partial
FTP service in IIS 5.0 and earlier allows remote attackers to cause a denial of service via a wildcard sequence that generates a long string when it is expanded.
44 CVE-2001-0324 DoS 2001-05-03 2008-09-05
2.6
None Remote High Not required None None Partial
Windows 98 and Windows 2000 Java clients allow remote attackers to cause a denial of service via a Java applet that opens a large number of UDP sockets, which prevents the host from establishing any additional UDP connections, and possibly causes a crash.
45 CVE-2001-0322 DoS 2001-06-02 2008-09-05
5.0
None Remote Low Not required None None Partial
MSHTML.DLL HTML parser in Internet Explorer 4.0, and other versions, allows remote attackers to cause a denial of service (application crash) via a script that creates and deletes an object that is associated with the browser window object.
46 CVE-2001-0239 DoS 2001-07-02 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Microsoft Internet Security and Acceleration (ISA) Server 2000 Web Proxy allows remote attackers to cause a denial of service via a long web request with a specific type.
47 CVE-2001-0237 DoS 2001-06-27 2008-09-05
5.0
None Remote Low Not required None None Partial
Memory leak in Microsoft 2000 domain controller allows remote attackers to cause a denial of service by repeatedly connecting to the Kerberos service and then disconnecting without sending any data.
48 CVE-2001-0151 DoS 2001-06-02 2008-09-10
5.0
None Remote Low Not required None None Partial
IIS 5.0 allows remote attackers to cause a denial of service via a series of malformed WebDAV requests.
49 CVE-2001-0146 DoS 2001-06-02 2008-09-05
5.0
None Remote Low Not required None None Partial
IIS 5.0 and Microsoft Exchange 2000 allow remote attackers to cause a denial of service (memory allocation error) by repeatedly sending a series of specially formatted URL's.
50 CVE-2001-0096 DoS 2001-02-12 2008-09-05
5.0
None Remote Low Not required None None Partial
FrontPage Server Extensions (FPSE) in IIS 4.0 and 5.0 allows remote attackers to cause a denial of service via a malformed form, aka the "Malformed Web Form Submission" vulnerability.
Total number of vulnerabilities : 67   Page : 1 (This Page)2
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.