Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Windows_me
(Microsoft)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 58 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2004-12-23 | CVE-2004-1305 | The Windows Animated Cursor (ANI) capability in Windows NT, Windows 2000 through SP4, Windows XP through SP1, and Windows 2003 allow remote attackers to cause a denial of service via (1) the frame number set to zero, which causes an invalid memory address to be used and leads to a kernel crash, or (2) the rate number set to zero, which leads to resource exhaustion and hang. | Windows_2000, Windows_2003_server, Windows_98, Windows_98se, Windows_me, Windows_nt, Windows_xp, Ip_softphone_2050, Media_communication_server_5100, Media_communication_server_5200, Media_processing_server, Periphonics, Symposium_agent, Symposium_call_center_server, Symposium_express_call_center, Symposium_network_control_center, Symposium_tapi_service_provider, Symposium_web_centre_portal, Symposium_web_client | N/A | ||
| 2005-01-10 | CVE-2004-0901 | Microsoft Word for Windows 6.0 Converter (MSWRD632.WPC), as used in WordPad, does not properly validate certain data lengths, which allows remote attackers to execute arbitrary code via a .wri, .rtf, and .doc file sent by email or malicious web site, aka "Font Conversion Vulnerability," a different vulnerability than CVE-2004-0571. | Windows_2000, Windows_2003_server, Windows_98, Windows_98se, Windows_me, Windows_nt, Windows_xp | N/A | ||
| 2005-01-10 | CVE-2004-0571 | Microsoft Word for Windows 6.0 Converter does not properly validate certain data lengths, which allows remote attackers to execute arbitrary code via a .wri, .rtf, and .doc file sent by email or malicious web site, aka "Table Conversion Vulnerability," a different vulnerability than CVE-2004-0901. | Windows_2000, Windows_2003_server, Windows_98, Windows_98se, Windows_me, Windows_nt, Windows_xp | N/A | ||
| 2004-08-06 | CVE-2004-0202 | IDirectPlay4 Application Programming Interface (API) of Microsoft DirectPlay 7.0a thru 9.0b, as used in Windows Server 2003 and earlier allows remote attackers to cause a denial of service (application crash) via a malformed packet. | Directx, Windows_2000, Windows_2003_server, Windows_98, Windows_98se, Windows_me, Windows_xp | N/A | ||
| 2004-08-06 | CVE-2004-0201 | Heap-based buffer overflow in the HtmlHelp program (hh.exe) in HTML Help for Microsoft Windows 98, Me, NT 4.0, 2000, XP, and Server 2003 allows remote attackers to execute arbitrary commands via a .CHM file with a large length field, a different vulnerability than CVE-2003-1041. | Definity_one_media_server, Ip600_media_servers, Modular_messaging_message_storage_server, S8100, Windows_2000, Windows_2003_server, Windows_98, Windows_98se, Windows_me, Windows_nt, Windows_xp | N/A | ||
| 2003-11-17 | CVE-2003-0717 | The Messenger Service for Windows NT through Server 2003 does not properly verify the length of the message, which allows remote attackers to execute arbitrary code via a buffer overflow attack. | Windows_2000, Windows_2003_server, Windows_me, Windows_nt, Windows_xp | N/A | ||
| 2003-11-17 | CVE-2003-0711 | Stack-based buffer overflow in the PCHealth system in the Help and Support Center function in Windows XP and Windows Server 2003 allows remote attackers to execute arbitrary code via a long query in an HCP URL. | Windows_2000, Windows_2003_server, Windows_me, Windows_nt, Windows_xp | N/A | ||
| 2003-03-24 | CVE-2003-0010 | Integer overflow in JsArrayFunctionHeapSort function used by Windows Script Engine for JScript (JScript.dll) on various Windows operating system allows remote attackers to execute arbitrary code via a malicious web page or HTML e-mail that uses a large array index value that enables a heap-based buffer overflow attack. | Windows_2000, Windows_2000_terminal_services, Windows_98, Windows_98se, Windows_me, Windows_nt, Windows_xp | N/A | ||
| 2002-12-23 | CVE-2002-1325 | Microsoft Virtual Machine (VM) build 5.0.3805 and earlier allows remote attackers to determine a local user's username via a Java applet that accesses the user.dir system property, aka "User.dir Exposure Vulnerability." | Windows_2000, Windows_2000_terminal_services, Windows_95, Windows_98, Windows_98se, Windows_me, Windows_nt, Windows_xp | N/A | ||
| 2002-12-23 | CVE-2002-1260 | The Java Database Connectivity (JDBC) APIs in Microsoft Virtual Machine (VM) 5.0.3805 and earlier allow remote attackers to bypass security checks and access database contents via an untrusted Java applet. | Windows_2000, Windows_2000_terminal_services, Windows_95, Windows_98, Windows_98se, Windows_me, Windows_nt, Windows_xp | N/A |