All the vulnerabilites related to Microsoft Corporation - Microsoft Windows 2000
jvndb-2006-000345
Vulnerability from jvndb
Published
2008-05-21 00:00
Modified
2008-05-21 00:00
Summary
Microsoft Internet Explorer address bar spoofing vulnerability
Details
Microsoft Internet Explorer contains an address bar spoofing vulnerability. A remote attacker can cause a spoofed content to be displayed in a user's web browser window. The address bar and other parts of the trust user interface can be displayed in the context of a trusted site while the spoofed content remains under the control of the remote attacker.
References
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2006/JVNDB-2006-000345.html",
"dc:date": "2008-05-21T00:00+09:00",
"dcterms:issued": "2008-05-21T00:00+09:00",
"dcterms:modified": "2008-05-21T00:00+09:00",
"description": "Microsoft Internet Explorer contains an address bar spoofing vulnerability. A remote attacker can cause a spoofed content to be displayed in a user\u0027s web browser window. The address bar and other parts of the trust user interface can be displayed in the context of a trusted site while the spoofed content remains under the control of the remote attacker.",
"link": "https://jvndb.jvn.jp/en/contents/2006/JVNDB-2006-000345.html",
"sec:cpe": [
{
"#text": "cpe:/a:microsoft:internet_explorer",
"@product": "Microsoft Internet Explorer",
"@vendor": "Microsoft Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/o:microsoft:windows-9x",
"@product": "Microsoft Windows 9X",
"@vendor": "Microsoft Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/o:microsoft:windows_2000",
"@product": "Microsoft Windows 2000",
"@vendor": "Microsoft Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/o:microsoft:windows_server_2003",
"@product": "Microsoft Windows Server 2003",
"@vendor": "Microsoft Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/o:microsoft:windows_xp",
"@product": "Microsoft Windows XP",
"@vendor": "Microsoft Corporation",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "2.6",
"@severity": "Low",
"@type": "Base",
"@vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2006-000345",
"sec:references": [
{
"#text": "http://jvn.jp/cert/JVNTA06-164A/index.html",
"@id": "JVNTA06-164A",
"@source": "JVN"
},
{
"#text": "http://jvn.jp/en/jp/JVN74969119/index.html",
"@id": "JVN#74969119",
"@source": "JVN"
},
{
"#text": "http://jvn.jp/tr/TRTA06-164A/",
"@id": "TRTA06-164A",
"@source": "JVNTR"
},
{
"#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2384",
"@id": "CVE-2006-2384",
"@source": "CVE"
},
{
"#text": "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-2384",
"@id": "CVE-2006-2384",
"@source": "NVD"
},
{
"#text": "http://www.us-cert.gov/cas/alerts/SA06-164A.html",
"@id": "SA06-164A",
"@source": "CERT-SA"
},
{
"#text": "http://www.us-cert.gov/cas/techalerts/TA06-164A.html",
"@id": "TA06-164A",
"@source": "CERT-TA"
},
{
"#text": "http://www.securityfocus.com/bid/18321",
"@id": "18321",
"@source": "BID"
},
{
"#text": "http://www.frsirt.com/english/advisories/2006/2319",
"@id": "FrSIRT/ADV-2006-2319",
"@source": "FRSIRT"
}
],
"title": "Microsoft Internet Explorer address bar spoofing vulnerability"
}
jvndb-2006-000540
Vulnerability from jvndb
Published
2008-05-21 00:00
Modified
2008-05-21 00:00
Summary
Microsoft Windows Indexing Service cross-site scripting vulnerability
Details
Microsoft Windows Indexing Service contains a cross-site scripting vulnerability.
References
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2006/JVNDB-2006-000540.html",
"dc:date": "2008-05-21T00:00+09:00",
"dcterms:issued": "2008-05-21T00:00+09:00",
"dcterms:modified": "2008-05-21T00:00+09:00",
"description": "Microsoft Windows Indexing Service contains a cross-site scripting vulnerability.",
"link": "https://jvndb.jvn.jp/en/contents/2006/JVNDB-2006-000540.html",
"sec:cpe": [
{
"#text": "cpe:/o:microsoft:windows_2000",
"@product": "Microsoft Windows 2000",
"@vendor": "Microsoft Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/o:microsoft:windows_server_2003",
"@product": "Microsoft Windows Server 2003",
"@vendor": "Microsoft Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/o:microsoft:windows_xp",
"@product": "Microsoft Windows XP",
"@vendor": "Microsoft Corporation",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "4.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2006-000540",
"sec:references": [
{
"#text": "http://jvn.jp/cert/JVNTA06-255A/",
"@id": "JVNTA06-255A",
"@source": "JVN"
},
{
"#text": "http://jvn.jp/en/jp/JVN52201480/index.html",
"@id": "JVN#52201480",
"@source": "JVN"
},
{
"#text": "http://jvn.jp/tr/TRTA06-255A",
"@id": "TRTA06-255A",
"@source": "JVNTR"
},
{
"#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0032",
"@id": "CVE-2006-0032",
"@source": "CVE"
},
{
"#text": "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-0032",
"@id": "CVE-2006-0032",
"@source": "NVD"
},
{
"#text": "http://www.us-cert.gov/cas/alerts/SA06-255A.html",
"@id": "SA06-255A",
"@source": "CERT-SA"
},
{
"#text": "http://www.kb.cert.org/vuls/id/108884",
"@id": "VU#108884",
"@source": "CERT-VN"
},
{
"#text": "http://www.us-cert.gov/cas/techalerts/TA06-255A.html",
"@id": "TA06-255A",
"@source": "CERT-TA"
},
{
"#text": "http://secunia.com/advisories/21861",
"@id": "SA21861",
"@source": "SECUNIA"
},
{
"#text": "http://www.securityfocus.com/bid/19927",
"@id": "19927",
"@source": "BID"
},
{
"#text": "http://www.frsirt.com/english/advisories/2006/3564",
"@id": "FrSIRT/ADV-2006-3564",
"@source": "FRSIRT"
}
],
"title": "Microsoft Windows Indexing Service cross-site scripting vulnerability"
}
jvndb-2009-000059
Vulnerability from jvndb
Published
2009-09-09 17:30
Modified
2009-09-09 17:30
Summary
Buffer overflow vulnerability in Microsoft Windows
Details
Microsoft Windows contains a buffer overflow vulnerability.
Windows Media Format Runtime included in Microsoft Windows contains a buffer overflow vulnerability when parsing specific files.
The security update for this vulnerability is contained in the Microsoft Security Bulletin Summary for September 2009.
Hiroshi Noguchi of Alice Carroll fan club reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000059.html",
"dc:date": "2009-09-09T17:30+09:00",
"dcterms:issued": "2009-09-09T17:30+09:00",
"dcterms:modified": "2009-09-09T17:30+09:00",
"description": "Microsoft Windows contains a buffer overflow vulnerability.\r\n\r\nWindows Media Format Runtime included in Microsoft Windows contains a buffer overflow vulnerability when parsing specific files.\r\n\r\nThe security update for this vulnerability is contained in the Microsoft Security Bulletin Summary for September 2009.\r\n\r\nHiroshi Noguchi of Alice Carroll fan club reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000059.html",
"sec:cpe": [
{
"#text": "cpe:/o:microsoft:windows_2000",
"@product": "Microsoft Windows 2000",
"@vendor": "Microsoft Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/o:microsoft:windows_server_2003",
"@product": "Microsoft Windows Server 2003",
"@vendor": "Microsoft Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/o:microsoft:windows_server_2008",
"@product": "Microsoft Windows Server 2008",
"@vendor": "Microsoft Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/o:microsoft:windows_vista",
"@product": "Microsoft Windows Vista",
"@vendor": "Microsoft Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/o:microsoft:windows_xp",
"@product": "Microsoft Windows XP",
"@vendor": "Microsoft Corporation",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "6.8",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2009-000059",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN62211338/index.html",
"@id": "JVN#62211338",
"@source": "JVN"
},
{
"#text": "https://jvn.jp/en/tr/JVNTR-2009-22/",
"@id": "JVNTR-2009-22",
"@source": "JVNTR"
},
{
"#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2498",
"@id": "CVE-2009-2498",
"@source": "CVE"
},
{
"#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2499",
"@id": "CVE-2009-2499",
"@source": "CVE"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2498",
"@id": "CVE-2009-2498",
"@source": "NVD"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2499",
"@id": "CVE-2009-2499",
"@source": "NVD"
},
{
"#text": "http://www.ipa.go.jp/security/english/vuln/200909_windows_en.html",
"@id": "Security Alert for Vulnerability in Microsoft Windows",
"@source": "IPA SECURITY ALERTS"
},
{
"#text": "http://www.us-cert.gov/cas/alerts/SA09-251A.html",
"@id": "SA09-251A",
"@source": "CERT-SA"
},
{
"#text": "http://www.us-cert.gov/cas/techalerts/TA09-251A.html",
"@id": "TA09-251A",
"@source": "CERT-TA"
},
{
"#text": "http://secunia.com/advisories/36596",
"@id": "SA36596",
"@source": "SECUNIA"
},
{
"#text": "http://www.securityfocus.com/bid/36225",
"@id": "36225",
"@source": "BID"
},
{
"#text": "http://www.securityfocus.com/bid/36228",
"@id": "36228",
"@source": "BID"
},
{
"#text": "http://www.vupen.com/english/advisories/2009/2566",
"@id": "VUPEN/ADV-2009-2566",
"@source": "VUPEN"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-119",
"@title": "Buffer Errors(CWE-119)"
}
],
"title": "Buffer overflow vulnerability in Microsoft Windows"
}
jvndb-2011-000036
Vulnerability from jvndb
Published
2011-06-16 12:11
Modified
2011-06-16 12:11
Summary
Microsoft Windows VBScript implementation file name disclosure vulnerability
Details
The Microsoft Windows VBScript implementation contains a file name disclosure vulnerability.
When VBScript is used to load an image file in Internet Explorer, there is a vulnerability where an unauthenticated attacker may confirm the existence of a particular file.
References
| Type | URL |
|---|---|
| JVN | https://jvn.jp/en/jp/JVN5D1D3E36/index.html |
| Permissions(CWE-264) | https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html |
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000036.html",
"dc:date": "2011-06-16T12:11+09:00",
"dcterms:issued": "2011-06-16T12:11+09:00",
"dcterms:modified": "2011-06-16T12:11+09:00",
"description": "The Microsoft Windows VBScript implementation contains a file name disclosure vulnerability.\r\n\r\nWhen VBScript is used to load an image file in Internet Explorer, there is a vulnerability where an unauthenticated attacker may confirm the existence of a particular file.",
"link": "https://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000036.html",
"sec:cpe": [
{
"#text": "cpe:/o:microsoft:windows_2000",
"@product": "Microsoft Windows 2000",
"@vendor": "Microsoft Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/o:microsoft:windows_xp",
"@product": "Microsoft Windows XP",
"@vendor": "Microsoft Corporation",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "5.0",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2011-000036",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN5D1D3E36/index.html",
"@id": "JVN#5D1D3E36",
"@source": "JVN"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-264",
"@title": "Permissions(CWE-264)"
}
],
"title": "Microsoft Windows VBScript implementation file name disclosure vulnerability"
}