Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2012-1850

Summary
Assigner-microsoft
Assigner Org ID-f38d906d-7342-40ea-92c1-6c4a2c6478c8
Published At-15 Aug, 2012 | 01:00
Updated At-06 Aug, 2024 | 19:08
Rejected At-
Credits

The Remote Administration Protocol (RAP) implementation in the LanmanWorkstation service in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle RAP responses, which allows remote attackers to cause a denial of service (service hang) via crafted RAP packets, aka "Remote Administration Protocol Denial of Service Vulnerability."

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:microsoft
Assigner Org ID:f38d906d-7342-40ea-92c1-6c4a2c6478c8
Published At:15 Aug, 2012 | 01:00
Updated At:06 Aug, 2024 | 19:08
Rejected At:
▼CVE Numbering Authority (CNA)

The Remote Administration Protocol (RAP) implementation in the LanmanWorkstation service in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle RAP responses, which allows remote attackers to cause a denial of service (service hang) via crafted RAP packets, aka "Remote Administration Protocol Denial of Service Vulnerability."

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15669
vdb-entry
signature
x_refsource_OVAL
http://www.us-cert.gov/cas/techalerts/TA12-227A.html
third-party-advisory
x_refsource_CERT
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-054
vendor-advisory
x_refsource_MS
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15669
Resource:
vdb-entry
signature
x_refsource_OVAL
Hyperlink: http://www.us-cert.gov/cas/techalerts/TA12-227A.html
Resource:
third-party-advisory
x_refsource_CERT
Hyperlink: https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-054
Resource:
vendor-advisory
x_refsource_MS
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15669
vdb-entry
signature
x_refsource_OVAL
x_transferred
http://www.us-cert.gov/cas/techalerts/TA12-227A.html
third-party-advisory
x_refsource_CERT
x_transferred
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-054
vendor-advisory
x_refsource_MS
x_transferred
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15669
Resource:
vdb-entry
signature
x_refsource_OVAL
x_transferred
Hyperlink: http://www.us-cert.gov/cas/techalerts/TA12-227A.html
Resource:
third-party-advisory
x_refsource_CERT
x_transferred
Hyperlink: https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-054
Resource:
vendor-advisory
x_refsource_MS
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:secure@microsoft.com
Published At:15 Aug, 2012 | 01:55
Updated At:11 Apr, 2025 | 00:51

The Remote Administration Protocol (RAP) implementation in the LanmanWorkstation service in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle RAP responses, which allows remote attackers to cause a denial of service (service hang) via crafted RAP packets, aka "Remote Administration Protocol Denial of Service Vulnerability."

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.05.0MEDIUM
AV:N/AC:L/Au:N/C:N/I:N/A:P
Type: Primary
Version: 2.0
Base score: 5.0
Base severity: MEDIUM
Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P
CPE Matches
Microsoft Corporation
microsoft
>>windows_7>>*
cpe:2.3:o:microsoft:windows_7:*:*:x64:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows_7>>*
cpe:2.3:o:microsoft:windows_7:*:*:x86:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows_7>>*
cpe:2.3:o:microsoft:windows_7:*:sp1:x64:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows_7>>*
cpe:2.3:o:microsoft:windows_7:*:sp1:x86:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows_server_2003>>*
cpe:2.3:o:microsoft:windows_server_2003:*:sp2:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows_server_2008>>*
cpe:2.3:o:microsoft:windows_server_2008:*:r2:itanium:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows_server_2008>>*
cpe:2.3:o:microsoft:windows_server_2008:*:r2:x64:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows_server_2008>>*
cpe:2.3:o:microsoft:windows_server_2008:*:sp2:itanium:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows_server_2008>>*
cpe:2.3:o:microsoft:windows_server_2008:*:sp2:x64:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows_server_2008>>*
cpe:2.3:o:microsoft:windows_server_2008:*:sp2:x86:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows_vista>>*
cpe:2.3:o:microsoft:windows_vista:*:sp2:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows_xp>>*
cpe:2.3:o:microsoft:windows_xp:*:sp3:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows_xp>>-
cpe:2.3:o:microsoft:windows_xp:-:sp2:x64:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-20Primarynvd@nist.gov
CWE ID: CWE-20
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://www.us-cert.gov/cas/techalerts/TA12-227A.htmlsecure@microsoft.com
US Government Resource
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-054secure@microsoft.com
N/A
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15669secure@microsoft.com
N/A
http://www.us-cert.gov/cas/techalerts/TA12-227A.htmlaf854a3a-2127-422b-91ae-364da2661108
US Government Resource
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-054af854a3a-2127-422b-91ae-364da2661108
N/A
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15669af854a3a-2127-422b-91ae-364da2661108
N/A
Hyperlink: http://www.us-cert.gov/cas/techalerts/TA12-227A.html
Source: secure@microsoft.com
Resource:
US Government Resource
Hyperlink: https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-054
Source: secure@microsoft.com
Resource: N/A
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15669
Source: secure@microsoft.com
Resource: N/A
Hyperlink: http://www.us-cert.gov/cas/techalerts/TA12-227A.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
US Government Resource
Hyperlink: https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-054
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15669
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

2562Records found
CVE-2020-1469
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.5||HIGH
EPSS-6.03% / 90.36%
||
7 Day CHG~0.00%
Published-14 Jul, 2020 | 22:54
Updated-04 Aug, 2024 | 06:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A denial of service vulnerability exists when the .NET implementation of Bond improperly parses input, aka 'Bond Denial of Service Vulnerability'.

Action-Not Available
Vendor-Microsoft Corporation
Product-bondBond 9.0.1
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2005-4717
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-10.27% / 92.87%
||
7 Day CHG~0.00%
Published-15 Feb, 2006 | 11:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Internet Explorer 6.0 on Windows NT 4.0 SP6a, Windows 2000 SP4, Windows XP SP1, Windows XP SP2, and Windows Server 2003 SP1 allows remote attackers to cause a denial of service (client crash) via a certain combination of a malformed HTML file and a CSS file that triggers a null dereference, probably related to rendering of a DIV element that contains a malformed IMG tag, as demonstrated by IEcrash.htm and IEcrash.rar.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_ntwindows_xpieinternet_explorerwindows_2000windows_2003_servern/a
CVE-2014-2730
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-9.29% / 92.43%
||
7 Day CHG~0.00%
Published-05 Apr, 2014 | 14:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The XML parser in Microsoft Office 2007 SP3, 2010 SP1 and SP2, and 2013, and Office for Mac 2011, does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory consumption and persistent application hang) via a crafted XML document containing a large number of nested entity references, as demonstrated by a crafted text/plain e-mail message to Outlook, a similar issue to CVE-2003-1564.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-officen/a
CVE-2005-4810
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-18.51% / 95.00%
||
7 Day CHG~0.00%
Published-30 Aug, 2006 | 01:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Internet Explorer 7.0 Beta3 and earlier allows remote attackers to cause a denial of service (crash) via a "text/html" HTML Content-type header sent in response to an XMLHttpRequest (AJAX).

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-internet_explorern/a
CVE-2005-3077
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-14.57% / 94.21%
||
7 Day CHG~0.00%
Published-27 Sep, 2005 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Internet Explorer 5.2.3 for Mac OS allows remote attackers to cause a denial of service (crash) via a web page with malformed attributes in a BGSOUND tag, possibly involving double-quotes in an about: URI.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-ie_for_macintoshn/a
CVE-2005-2224
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-10.95% / 93.14%
||
7 Day CHG~0.00%
Published-12 Jul, 2005 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

aspnet_wp.exe in Microsoft ASP.NET web services allows remote attackers to cause a denial of service (CPU consumption from infinite loop) via a crafted SOAP message to an RPC/Encoded method.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-asp.netn/a
CWE ID-CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CVE-2005-2087
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-65.27% / 98.41%
||
7 Day CHG~0.00%
Published-30 Jun, 2005 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Internet Explorer 5.01 SP4 up to 6 on various Windows operating systems, including IE 6.0.2900.2180 on Windows XP, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a web page with embedded CLSIDs that reference certain COM objects that are not ActiveX controls, as demonstrated using the JVIEW Profiler (Javaprxy.dll). NOTE: the researcher says that the vendor could not reproduce this problem.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-internet_explorerien/a
CVE-2013-7332
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-10.96% / 93.15%
||
7 Day CHG~0.00%
Published-26 Feb, 2014 | 11:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Microsoft.XMLDOM ActiveX control in Microsoft Windows 8.1 and earlier does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_8.1windows_8n/a
CVE-2005-2128
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5||MEDIUM
EPSS-45.07% / 97.50%
||
7 Day CHG~0.00%
Published-11 Oct, 2005 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

QUARTZ.DLL in Microsoft Windows Media Player 9 allows remote attackers to write a null byte to arbitrary memory via an AVI file with a crafted strn element with a modified length value.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_media_playern/a
CVE-2005-2307
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-46.80% / 97.59%
||
7 Day CHG~0.00%
Published-19 Jul, 2005 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

netman.dll in Microsoft Windows Connections Manager Library allows local users to cause a denial of service (Network Connections Service crash) via a large integer argument to a particular function, aka "Network Connection Manager Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_xpwindows_2000n/a
CVE-2020-10863
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.64% / 69.67%
||
7 Day CHG~0.00%
Published-01 Apr, 2020 | 16:55
Updated-04 Aug, 2024 | 11:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Avast Antivirus before 20. The aswTask RPC endpoint for the TaskEx library in the Avast Service (AvastSvc.exe) allows attackers to trigger a shutdown via RPC from a Low Integrity process via TempShutDownMachine.

Action-Not Available
Vendor-avastn/aMicrosoft Corporation
Product-windowsantivirusn/a
CVE-2020-10860
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.64% / 69.67%
||
7 Day CHG~0.00%
Published-01 Apr, 2020 | 16:49
Updated-04 Aug, 2024 | 11:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Avast Antivirus before 20. An Arbitrary Memory Address Overwrite vulnerability in the aswAvLog Log Library results in Denial of Service of the Avast Service (AvastSvc.exe).

Action-Not Available
Vendor-avastn/aMicrosoft Corporation
Product-windowsantivirusn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-1466
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-10.96% / 93.15%
||
7 Day CHG~0.00%
Published-17 Aug, 2020 | 19:13
Updated-01 Oct, 2024 | 15:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Remote Desktop Gateway (RD Gateway) Denial of Service Vulnerability

A denial of service vulnerability exists in Windows Remote Desktop Gateway (RD Gateway) when an attacker connects to the target system using RDP and sends specially crafted requests. An attacker who successfully exploited this vulnerability could cause the RD Gateway service on the target system to stop responding. To exploit this vulnerability, an attacker would need to run a specially crafted application against a server which provides RD Gateway services. The update addresses the vulnerability by correcting how RD Gateway handles connection requests.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2012windows_server_2016windows_server_2019Windows Server 2019 (Server Core installation)Windows Server 2012 R2Windows Server 2016 (Server Core installation)Windows Server 2012Windows Server 2012 (Server Core installation)Windows Server 2019Windows Server 2012 R2 (Server Core installation)Windows Server 2016
CVE-2020-1161
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.5||HIGH
EPSS-3.72% / 87.52%
||
7 Day CHG~0.00%
Published-21 May, 2020 | 22:53
Updated-04 Aug, 2024 | 06:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A denial of service vulnerability exists when ASP.NET Core improperly handles web requests, aka 'ASP.NET Core Denial of Service Vulnerability'.

Action-Not Available
Vendor-Microsoft Corporation
Product-visual_studio_2019visual_studio_2017asp.net_coreMicrosoft Visual Studio 2019 version 16.5Microsoft Visual Studio 2019 version 16.4 (includes 16.0 - 16.3)ASP.NET CoreMicrosoft Visual Studio 2017 version 15.9 (includes 15.1 - 15.8)Microsoft Visual Studio 2019
CVE-2020-10864
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.46% / 63.00%
||
7 Day CHG~0.00%
Published-01 Apr, 2020 | 17:00
Updated-04 Aug, 2024 | 11:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Avast Antivirus before 20. The aswTask RPC endpoint for the TaskEx library in the Avast Service (AvastSvc.exe) allows attackers to trigger a reboot via RPC from a Low Integrity process.

Action-Not Available
Vendor-avastn/aMicrosoft Corporation
Product-windowsantivirusn/a
CVE-2020-1108
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.5||HIGH
EPSS-3.49% / 87.12%
||
7 Day CHG+1.08%
Published-21 May, 2020 | 22:53
Updated-04 Aug, 2024 | 06:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A denial of service vulnerability exists when .NET Core or .NET Framework improperly handles web requests, aka '.NET Core & .NET Framework Denial of Service Vulnerability'.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1visual_studio_2019.netwindows_rt_8.1windows_7windows_10powershell.net_corepowershell_core.net_frameworkwindows_server_2019windows_server_2008visual_studio_2017Microsoft .NET Framework 4.8 on Windows 10 Version 1709 for x64-based SystemsMicrosoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1809 for x64-based SystemsMicrosoft .NET Framework 4.8 on Windows 10 Version 1803 for x64-based SystemsMicrosoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1809 for 32-bit SystemsMicrosoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1903 for 32-bit SystemsMicrosoft .NET Framework 4.6Microsoft .NET Framework 3.5 AND 4.7.1/4.7.2 on Windows 10 Version 1709 for ARM64-based SystemsMicrosoft .NET Framework 4.8 on Windows Server 2016 (Server Core installation)Microsoft .NET Framework 2.0Microsoft .NET Framework 4.8 on Windows 8.1 for 32-bit systemsMicrosoft .NET Framework 4.8 on Windows 10 Version 1803 for 32-bit SystemsMicrosoft .NET Framework 3.5 AND 4.8 on Windows Server 2019 (Server Core installation)Microsoft .NET Framework 3.5 AND 4.6/4.6.1/4.6.2 on Windows 10 for 32-bit SystemsMicrosoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2Microsoft .NET Framework 4.8 on Windows Server 2012Microsoft .NET Framework 4.8 on Windows RT 8.1Microsoft Visual Studio 2019Microsoft .NET Framework 3.0Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1803 for ARM64-based SystemsMicrosoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1809 for x64-based SystemsMicrosoft .NET Framework 4.8 on Windows 8.1 for x64-based systemsMicrosoft .NET Framework 4.8 on Windows 10 Version 1709 for 32-bit Systems.NET Core 5.0Microsoft .NET Framework 4.8 on Windows Server 2012 (Server Core installation)Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 on Windows 10 Version 1607 for 32-bit SystemsMicrosoft .NET Framework 3.5 AND 4.7.1/4.7.2 on Windows 10 Version 1709 for 32-bit SystemsMicrosoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1903 for x64-based SystemsMicrosoft .NET Framework 3.5 AND 4.6/4.6.1/4.6.2 on Windows 10 for x64-based SystemsMicrosoft .NET Framework 4.8 on Windows 7 for 32-bit Systems Service Pack 1Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1809 for ARM64-based SystemsMicrosoft .NET Framework 3.5 AND 4.7.1/4.7.2 on Windows 10 Version 1709 for x64-based SystemsMicrosoft .NET Framework 3.5Microsoft Visual Studio 2019 version 16.4 (includes 16.0 - 16.3)Microsoft .NET Framework 3.5.1Microsoft .NET Framework 4.8 on Windows 10 Version 1607 for x64-based SystemsMicrosoft Visual Studio 2017 version 15.9 (includes 15.1 - 15.8)Microsoft .NET Framework 4.8 on Windows Server 2012 R2 (Server Core installation)Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2016Microsoft .NET Framework 4.8 on Windows Server 2012 R2Microsoft .NET Framework 4.8 on Windows 10 Version 1607 for 32-bit SystemsMicrosoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1903 for ARM64-based SystemsMicrosoft .NET Framework 4.8 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1803 for 32-bit SystemsMicrosoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1909 for x64-based Systems.NET CoreMicrosoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1909 for ARM64-based SystemsMicrosoft Visual Studio 2019 version 16.5Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 on Windows 10 Version 1607 for x64-based SystemsPowerShell 7.0Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1909 for 32-bit SystemsMicrosoft .NET Framework 3.5 AND 4.8 on Windows Server, version 1903 (Server Core installation)Microsoft .NET Framework 4.8 on Windows 7 for x64-based Systems Service Pack 1Microsoft .NET Framework 3.5 AND 4.7.2 on Windows Server 2019 (Server Core installation)Microsoft .NET Framework 3.5 AND 4.7.2 on Windows Server, version 1803 (Server Core Installation)PowerShell CoreMicrosoft .NET Framework 4.8 on Windows Server 2016Microsoft .NET Framework 3.5 AND 4.8 on Windows Server, version 1909 (Server Core installation)Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1803 for x64-based SystemsMicrosoft .NET Framework 4.5.2Microsoft .NET Framework 4.8 on Windows Server 2008 R2 for x64-based Systems Service Pack 1Microsoft .NET Framework 3.5 AND 4.8 on Windows Server 2019Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1809 for 32-bit SystemsMicrosoft .NET Framework 3.5 AND 4.7.2 on Windows Server 2019Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2016 (Server Core installation)Microsoft .NET Framework 4.8 on Windows Server, version 1803 (Server Core Installation)
CVE-2005-1980
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5||MEDIUM
EPSS-68.14% / 98.53%
||
7 Day CHG~0.00%
Published-11 Oct, 2005 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Distributed Transaction Controller in Microsoft Windows allows remote servers to cause a denial of service (MSDTC service hang) via a crafted Transaction Internet Protocol (TIP) message that causes DTC to repeatedly connect to a target IP and port number after an error occurs, aka the "Distributed TIP Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_xpwindows_2000windows_2003_servern/a
CVE-2020-0660
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.5||HIGH
EPSS-7.58% / 91.48%
||
7 Day CHG~0.00%
Published-11 Feb, 2020 | 21:22
Updated-04 Aug, 2024 | 06:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A denial of service vulnerability exists in Remote Desktop Protocol (RDP) when an attacker connects to the target system using RDP and sends specially crafted requests, aka 'Windows Remote Desktop Protocol (RDP) Denial of Service Vulnerability'.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_10windows_server_2019WindowsWindows 10 Version 1909 for x64-based SystemsWindows 10 Version 1903 for x64-based SystemsWindows ServerWindows 10 Version 1903 for ARM64-based SystemsWindows 10 Version 1909 for ARM64-based SystemsWindows Server, version 1909 (Server Core installation)Windows 10 Version 1903 for 32-bit SystemsWindows Server, version 1903 (Server Core installation)Windows 10 Version 1909 for 32-bit Systems
CVE-2003-0718
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-52.24% / 97.83%
||
7 Day CHG~0.00%
Published-16 Oct, 2004 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The WebDAV Message Handler for Internet Information Services (IIS) 5.0, 5.1, and 6.0 allows remote attackers to cause a denial of service (memory and CPU exhaustion, application crash) via a PROPFIND request with an XML message containing XML elements with a large number of attributes.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-internet_information_serverinternet_information_servicesn/a
CVE-2000-0228
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-18.27% / 94.96%
||
7 Day CHG~0.00%
Published-02 Jun, 2000 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Windows Media License Manager allows remote attackers to cause a denial of service by sending a malformed request that causes the manager to halt, aka the "Malformed Media License Request" Vulnerability.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_media_rights_managern/a
CVE-2003-0225
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-29.22% / 96.42%
||
7 Day CHG~0.00%
Published-30 May, 2003 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The ASP function Response.AddHeader in Microsoft Internet Information Server (IIS) 4.0 and 5.0 does not limit memory requests when constructing headers, which allow remote attackers to generate a large header to cause a denial of service (memory consumption) with an ASP page.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-internet_information_serverinternet_information_servicesn/a
CVE-2005-1665
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-34.53% / 96.86%
||
7 Day CHG~0.00%
Published-18 May, 2005 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The __VIEWSTATE functionality in Microsoft ASP.NET 1.x, when not cryptographically signed, allows remote attackers to cause a denial of service (CPU consumption) via deeply nested markup.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-asp.netn/a
CVE-2005-1979
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5||MEDIUM
EPSS-78.94% / 99.02%
||
7 Day CHG~0.00%
Published-11 Oct, 2005 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Distributed Transaction Controller in Microsoft Windows allows remote servers to cause a denial of service (MSDTC service exception and exit) via an "unexpected protocol command during the reconnection request," which is not properly handled by the Transaction Internet Protocol (TIP) functionality.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_xpwindows_2000windows_2003_servern/a
CVE-2005-1792
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-13.08% / 93.84%
||
7 Day CHG~0.00%
Published-01 Jun, 2005 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Memory leak in Windows Management Instrumentation (WMI) service allows attackers to cause a denial of service (memory consumption and crash) by creating security contexts more quickly than they can be cleared from the RPC cache.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_xpn/a
CVE-2005-1649
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-15.94% / 94.50%
||
7 Day CHG~0.00%
Published-18 May, 2005 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The IPv6 support in Windows XP SP2, 2003 Server SP1, and Longhorn, with Windows Firewall turned off, allows remote attackers to cause a denial of service (CPU consumption) via a TCP packet with the SYN flag set and the same destination and source address and port, a variant of CVE-2005-0688 and a reoccurrence of the "Land" vulnerability (CVE-1999-0016).

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_xpwindows_2003_servern/a
CVE-2005-0738
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-11.38% / 93.30%
||
7 Day CHG~0.00%
Published-13 Mar, 2005 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Stack consumption vulnerability in Microsoft Exchange Server 2003 SP1 allows users to cause a denial of service (hang) by deleting or moving a folder with deeply nested subfolders, which causes Microsoft Exchange Information Store service (Store.exe) to hang as a result of a large number of recursive calls.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-exchange_servern/a
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2003-0231
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-23.53% / 95.76%
||
7 Day CHG~0.00%
Published-25 Jul, 2003 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft SQL Server 7, 2000, and MSDE allows local or remote authenticated users to cause a denial of service (crash or hang) via a long request to a named pipe.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-sql_serverdata_enginen/a
CVE-2006-3899
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-17.55% / 94.83%
||
7 Day CHG~0.00%
Published-27 Jul, 2006 | 10:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Internet Explorer 6.0 on Windows XP SP2 allows remote attackers to cause a denial of service (application crash) by calling the stringToBinary function of the CEnroll.CEnroll.2 ActiveX object with a long second argument, which triggers an invalid memory access inside the SysAllocStringLen function.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_xpinternet_explorern/a
CVE-2005-0356
Matching Score-8
Assigner-CERT/CC
ShareView Details
Matching Score-8
Assigner-CERT/CC
CVSS Score-5||MEDIUM
EPSS-86.02% / 99.35%
||
7 Day CHG~0.00%
Published-31 May, 2005 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple TCP implementations with Protection Against Wrapped Sequence Numbers (PAWS) with the timestamps option enabled allow remote attackers to cause a denial of service (connection loss) via a spoofed packet with a large timer value, which causes the host to discard later packets because they appear to be too old.

Action-Not Available
Vendor-nortelalaxalayamahan/aOpenBSDF5, Inc.Microsoft CorporationFreeBSD FoundationCisco Systems, Inc.Hitachi, Ltd.
Product-e-mail_managerrt57iciscoworks_access_control_list_managercontent_services_switch_11800content_services_switch_11503alaxala_networkscontent_services_switch_11050rt105rt300iwindows_xpremote_monitoring_suite_optionethernet_routing_switch_1648call_managerip_contact_center_enterpriseciscoworks_common_management_foundationip_contact_center_expressconference_connectionagent_desktopunity_serveremergency_respondersuccession_communication_server_1000aironet_ap1200sn_5420_storage_router_firmwaresn_5420_storage_routerpersonal_assistantweb_collaboration_optionciscoworks_windowsgr4000secure_access_control_servertmosciscoworks_lmsrtx1000rtx1100contact_centercallpilotsupport_toolsmgx_82307220_wlan_access_pointgr3000webnssurvivable_remote_gatewaybusiness_communications_managermeetingplacealaxalamgx_8250content_services_switch_11000windows_2000windows_2003_serveropenbsdaironet_ap350sn_5428_storage_routeruniversal_signaling_point7250_wlan_access_pointrt250iethernet_routing_switch_1612optical_metro_5200ciscoworks_1105_hosting_solution_engineciscoworks_1105_wireless_lan_solution_engineintelligent_contact_managergs4000ciscoworks_common_servicesoptical_metro_5100ciscoworks_vpn_security_management_solutionrtx2000rtv700ciscoworks_cd1ethernet_routing_switch_1624ciscoworks_windows_wugcontent_services_switch_11501optical_metro_5000content_services_switch_11150interactive_voice_responsefreebsdrtx1500content_services_switch_11506content_services_switch_11500n/a
CVE-2006-3605
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-22.13% / 95.58%
||
7 Day CHG~0.00%
Published-14 Jul, 2006 | 20:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Internet Explorer 6 allows remote attackers to cause a denial of service (crash) by setting the Transition property on an uninitialized DXImageTransform.Microsoft.RevealTrans.1 ActiveX Object, which triggers a null dereference.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-internet_explorern/a
CVE-2006-3427
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-22.13% / 95.58%
||
7 Day CHG~0.00%
Published-07 Jul, 2006 | 00:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Internet Explorer 6 allows remote attackers to cause a denial of service (crash) by declaring the sourceURL attribute on an uninitialized DirectAnimation.StructuredGraphicsControl ActiveX Object, which triggers a null dereference.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-internet_explorern/a
CVE-2004-2179
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-11.79% / 93.45%
||
7 Day CHG~0.00%
Published-10 Jul, 2005 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

asycpict.dll, as used in Microsoft products such as Front Page 97 and 98, allows remote attackers to cause a denial of service (hang) via a JPEG image with maximum height and width values.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-frontpageien/a
CVE-2004-1560
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-14.12% / 94.11%
||
7 Day CHG~0.00%
Published-20 Feb, 2005 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft SQL Server 7.0 allows remote attackers to cause a denial of service (mssqlserver service halt) via a long request to TCP port 1433, possibly triggering a buffer overflow.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-sql_servern/a
CVE-2004-1305
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-77.41% / 98.94%
||
7 Day CHG~0.00%
Published-06 Jan, 2005 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Windows Animated Cursor (ANI) capability in Windows NT, Windows 2000 through SP4, Windows XP through SP1, and Windows 2003 allow remote attackers to cause a denial of service via (1) the frame number set to zero, which causes an invalid memory address to be used and leads to a kernel crash, or (2) the rate number set to zero, which leads to resource exhaustion and hang.

Action-Not Available
Vendor-norteln/aMicrosoft Corporation
Product-symposium_tapi_service_providersymposium_express_call_centersymposium_web_clientwindows_98windows_2000windows_2003_serverwindows_98semedia_communication_server_5100ip_softphone_2050windows_ntsymposium_agentwindows_xpmedia_communication_server_5200periphonicssymposium_call_center_serversymposium_web_centre_portalmedia_processing_serversymposium_network_control_centerwindows_men/a
CVE-2003-1305
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-0.56% / 67.45%
||
7 Day CHG~0.00%
Published-30 Aug, 2006 | 01:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Internet Explorer allows remote attackers to cause a denial of service (resource consumption) via a Javascript src attribute that recursively loads the current web page.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-internet_explorern/a
CVE-2004-0610
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-19.17% / 95.12%
||
7 Day CHG~0.00%
Published-30 Jun, 2004 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Web administration interface in Microsoft MN-500 Wireless Router allows remote attackers to cause a denial of service (connection refusal) via a large number of open HTTP connections.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-mn-500_wireless_base_stationn/a
CVE-2004-0230
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-11.48% / 93.35%
||
7 Day CHG~0.00%
Published-05 May, 2004 | 04:00
Updated-02 May, 2025 | 16:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

TCP, when using a large Window Size, makes it easier for remote attackers to guess sequence numbers and cause a denial of service (connection loss) to persistent TCP connections by repeatedly injecting a TCP RST packet, especially in protocols that use long-lived connections, such as BGP.

Action-Not Available
Vendor-xinuosopenpgpn/aMicrosoft CorporationNetBSDOracle CorporationMcAfee, LLCJuniper Networks, Inc.
Product-junoswindows_xpnetwork_data_loss_preventionunixwarewindows_98openserverwindows_server_2003solariswindows_98seopenpgpnetbsdwindows_2000n/a
CVE-2003-1430
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-2.42% / 84.51%
||
7 Day CHG~0.00%
Published-23 Oct, 2007 | 01:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Directory traversal vulnerability in Unreal Tournament Server 436 and earlier allows remote attackers to access known files via a ".." (dot dot) in an unreal:// URL.

Action-Not Available
Vendor-epic_gamesn/aLinux Kernel Organization, IncMicrosoft Corporation
Product-linux_kernelall_windowsunreal_enginen/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2003-1589
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-0.36% / 57.50%
||
7 Day CHG~0.00%
Published-25 Feb, 2010 | 19:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in Sun ONE (aka iPlanet) Web Server 4.1 before SP13 and 6.0 before SP6 on Windows allows attackers to cause a denial of service (daemon crash) via unknown vectors.

Action-Not Available
Vendor-n/aSun Microsystems (Oracle Corporation)Microsoft Corporation
Product-windowsone_web_servern/a
CVE-2004-0215
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-44.46% / 97.47%
||
7 Day CHG~0.00%
Published-14 Jul, 2004 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Outlook Express 5.5 and 6 allows attackers to cause a denial of service (application crash) via a malformed e-mail header.

Action-Not Available
Vendor-n/aAvaya LLCMicrosoft Corporation
Product-ip600_media_serversoutlook_expresss8100definity_one_media_servermodular_messaging_message_storage_servern/a
CVE-2004-0116
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-50.04% / 97.74%
||
7 Day CHG~0.00%
Published-16 Apr, 2004 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An Activation function in the RPCSS Service involved with DCOM activation for Microsoft Windows 2000, XP, and 2003 allows remote attackers to cause a denial of service (memory consumption) via an activation request with a large length field.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_xpwindows_2000windows_2003_servern/a
CVE-2004-0284
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-11.27% / 93.26%
||
7 Day CHG~0.00%
Published-18 Mar, 2004 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Internet Explorer 6.0, Outlook 2002, and Outlook 2003 allow remote attackers to cause a denial of service (CPU consumption), if "Do not save encrypted pages to disk" is disabled, via a web site or HTML e-mail that contains two null characters (%00) after the host name.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-internet_explorerieoutlookn/a
CVE-2003-0011
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-18.32% / 94.97%
||
7 Day CHG+3.53%
Published-21 Mar, 2003 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unknown vulnerability in the DNS intrusion detection application filter for Microsoft Internet Security and Acceleration (ISA) Server 2000 allows remote attackers to cause a denial of service (blocked traffic to DNS servers) via a certain type of incoming DNS request that is not properly handled.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-isa_servern/a
CVE-2006-6311
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-45.68% / 97.53%
||
7 Day CHG~0.00%
Published-06 Dec, 2006 | 20:00
Updated-07 Aug, 2024 | 20:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Internet Explorer 6.0.2900.2180 allows remote attackers to cause a denial of service via a style attribute in an HTML table tag with a width value that is dynamically calculated using JavaScript.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-internet_explorern/a
CVE-2003-0905
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-27.22% / 96.21%
||
7 Day CHG~0.00%
Published-01 Sep, 2004 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unknown vulnerability in Windows Media Station Service and Windows Media Monitor Service components of Windows Media Services 4.1 allows remote attackers to cause a denial of service (disallowing new connections) via a certain sequence of TCP/IP packets.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_media_servicesn/a
CVE-2003-0663
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-28.85% / 96.39%
||
7 Day CHG~0.00%
Published-16 Apr, 2004 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unknown vulnerability in the Local Security Authority Subsystem Service (LSASS) in Windows 2000 domain controllers allows remote attackers to cause a denial of service via a crafted LDAP message.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_2000n/a
CVE-2003-0824
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-34.27% / 96.84%
||
7 Day CHG~0.00%
Published-18 Nov, 2003 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unknown vulnerability in the SmartHTML interpreter (shtml.dll) in Microsoft FrontPage Server Extensions 2000 and 2002, and Microsoft SharePoint Team Services 2002, allows remote attackers to cause a denial of service (response failure) via a certain request.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-sharepoint_team_serviceswindows_xpfrontpage_server_extensionswindows_2000n/a
CVE-2002-1831
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-11.65% / 93.41%
||
7 Day CHG~0.00%
Published-28 Jun, 2005 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft MSN Messenger Service 1.0 through 4.6 allows remote attackers to cause a denial of service (crash) via an invite request that contains hex-encoded spaces (%20) in the Invitation-Cookie field.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-msn_messengern/a
CVE-2004-1623
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-38.70% / 97.15%
||
7 Day CHG~0.00%
Published-20 Feb, 2005 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The WAV file property handler in Windows XP SP1 allows remote attackers to cause a denial of service (infinite loop in Explorer) via a WAV file with an invalid file header whose fmt chunk length is set to 0xFFFFFFFF.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_xpn/a
CVE-2002-2117
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-17.06% / 94.73%
||
7 Day CHG~0.00%
Published-05 Aug, 2005 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Windows XP allows remote attackers to cause a denial of service (CPU consumption) by flooding UDP port 500 (ISAKMP).

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_xpn/a
  • Previous
  • 1
  • 2
  • ...
  • 5
  • 6
  • 7
  • ...
  • 51
  • 52
  • Next
Details not found