LSASS (Local Security Authority Subsystem Service) of Windows 2000 Server and Windows Server 2003 does not properly validate connection information, which allows local users to gain privileges via a specially-designed program.
The Indexing Service for Microsoft Windows XP and Server 2003 does not properly validate the length of a message, which allows remote attackers to execute arbitrary code via a buffer overflow attack.
The Indexing Service for Microsoft Windows XP and Server 2003 does not properly validate the length of a message, which allows remote attackers to execute arbitrary code via a buffer overflow attack.
The Local Procedure Call (LPC) interface of the Windows Kernel for Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 does not properly validate the lengths of messages sent to the LPC port, which allows local users to gain privileges, aka "Windows Kernel Vulnerability."
Buffer overflow in Microsoft Office XP allows remote attackers to execute arbitrary code via a link with a URL file location containing long inputs after (1) "\\\%00 (null byte) in .doc filenames or (2) "\\\%0a" (carriage return) in .rtf filenames.
Buffer overflow in Microsoft Office XP allows remote attackers to execute arbitrary code via a link with a URL file location containing long inputs after (1) "\\\%00 (null byte) in .doc filenames or (2) "\\\%0a" (carriage return) in .rtf filenames.
Internet Explorer 6 on Double Byte Character Set (DBCS) systems allows remote attackers to alter displayed address bars and spoof web pages via a URL containing special characters, facilitating phishing attacks, aka the "Address Bar Spoofing on Double Byte Character Set Systems Vulnerability."
Unknown vulnerability in Microsoft Excel 2000, 2002, 2001 for Mac, and v.X for Mac allows remote attackers to execute arbitrary code via a malicious file containing certain parameters that are not properly validated.
Unknown vulnerability in Microsoft Excel 2000, 2002, 2001 for Mac, and v.X for Mac allows remote attackers to execute arbitrary code via a malicious file containing certain parameters that are not properly validated.
Integer overflow in DUNZIP32.DLL for Microsoft Windows XP, Windows XP 64-bit Edition, Windows Server 2003, and Windows Server 2003 64-bit Edition allows remote attackers to execute arbitrary code via compressed (zipped) folders that involve an "unchecked buffer" and improper length validation.