本ページは microsoft frontpage に影響する公開済み CVE(NVD の CPE 経由で関連付け)を列挙します。各行に深刻度指標・概要・公開日が含まれます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2013-3137 | Microsoft FrontPage 2003 SP3 does not properly parse DTDs, which allows remote attackers to obtain sensitive information via crafted XML data in a FrontPage document, aka "XML Disclosure Vulnerability." | [email protected] | 4.3 | 13.70% | 2013-09-11 | 2026-04-29 |
| CVE-2008-3068 | Microsoft Crypto API 5.131.2600.2180 through 6.0, as used in Outlook, Windows Live Mail, and Office 2007, performs Certificate Revocation List (CRL) checks by using an arbitrary URL from a certificate embedded in a (1) S/MIME e-mail message or (2) signed document, which allows remote attackers to obtain reading times and IP addresses of recipients, and port-scan results, via a crafted certificate with an Authority Information Access (AIA) extension. | [email protected] | 7.5 | 12.63% | 2008-07-07 | 2026-04-23 |
| CVE-2007-3109 | The CERN Image Map Dispatcher (htimage.exe) in Microsoft FrontPage allows remote attackers to determine the existence, and possibly partial contents, of arbitrary files under the web root via a relative pathname in the PATH_INFO. | [email protected] | 6.4 | 17.13% | 2007-06-07 | 2026-04-23 |
| CVE-2007-0671 KEV | Unspecified vulnerability in Microsoft Excel 2000, XP, 2003, and 2004 for Mac, and possibly other Office products, allows remote user-assisted attackers to execute arbitrary code via unknown attack vectors, as demonstrated by Exploit-MSExcel.h in targeted zero-day attacks. | [email protected] | 8.8 | 52.33% | 2007-02-03 | 2026-04-22 |
| CVE-2006-3877 | Unspecified vulnerability in PowerPoint in Microsoft Office 2000, Office 2002, Office 2003, Office 2004 for Mac, and Office v.X for Mac allows user-assisted attackers to execute arbitrary code via an unspecified "crafted file," a different vulnerability than CVE-2006-3435, CVE-2006-4694, and CVE-2006-3876. | [email protected] | 9.3 | 38.81% | 2006-10-10 | 2026-04-23 |
| CVE-2005-2143 | Microsoft Front Page allows attackers to cause a denial of service (crash) via a crafted style tag in a web page. | [email protected] | 5.0 | 8.48% | 2005-07-05 | 2026-04-16 |
| CVE-2004-2179 | asycpict.dll, as used in Microsoft products such as Front Page 97 and 98, allows remote attackers to cause a denial of service (hang) via a JPEG image with maximum height and width values. | [email protected] | 5.0 | 10.24% | 2004-12-31 | 2026-04-16 |
| CVE-2004-0573 | Buffer overflow in the converter for Microsoft WordPerfect 5.x on Office 2000, Office XP, Office 2003, and Works Suites 2001 through 2004 allows remote attackers to execute arbitrary code via a malicious document or website. | [email protected] | 7.5 | 39.52% | 2004-09-28 | 2026-04-16 |
| CVE-2004-0200 | Buffer overflow in the JPEG (JPG) parsing engine in the Microsoft Graphic Device Interface Plus (GDI+) component, GDIPlus.dll, allows remote attackers to execute arbitrary code via a JPEG image with a small JPEG COM field length that is normalized to a large integer length before a memory copy operation. | [email protected] | 9.3 | 74.51% | 2004-09-28 | 2026-04-16 |
| CVE-1999-0681 | Buffer overflow in Microsoft FrontPage Server Extensions (PWS) 3.0.2.926 on Windows 95, and possibly other versions, allows remote attackers to cause a denial of service via a long URL. | [email protected] | 5.0 | 12.35% | 2001-03-12 | 2026-04-16 |
| CVE-2000-0746 | Vulnerabilities in IIS 4.0 and 5.0 do not properly protect against cross-site scripting (CSS) attacks. They allow a malicious web site operator to embed scripts in a link to a trusted site, which are returned without quoting in an error message back to the client. The client then executes those scripts in the same context as the trusted site, aka the "IIS Cross-Site Scripting" vulnerabilities. | [email protected] | 7.5 | 18.28% | 2000-10-20 | 2026-04-16 |
| CVE-2000-0710 | The shtml.exe component of Microsoft FrontPage 2000 Server Extensions 1.1 allows remote attackers to determine the physical path of the server components by requesting an invalid URL whose name includes a standard DOS device name. | [email protected] | 5.0 | 55.14% | 2000-10-20 | 2026-04-16 |
| CVE-2000-0709 | The shtml.exe component of Microsoft FrontPage 2000 Server Extensions 1.1 allows remote attackers to cause a denial of service in some components by requesting a URL whose name includes a standard DOS device name. | [email protected] | 5.0 | 24.97% | 2000-10-20 | 2026-04-16 |
| CVE-2000-0419 | The Office 2000 UA ActiveX Control is marked as "safe for scripting," which allows remote attackers to conduct unauthorized activities via the "Show Me" function in Office Help, aka the "Office 2000 UA Control" vulnerability. | [email protected] | 7.5 | 14.17% | 2000-05-11 | 2026-04-16 |
| CVE-2000-0413 | The shtml.exe program in the FrontPage extensions package of IIS 4.0 and 5.0 allows remote attackers to determine the physical path of HTML, HTM, ASP, and SHTML files by requesting a file that does not exist, which generates an error message that reveals the path. | [email protected] | 5.0 | 59.39% | 2000-05-06 | 2026-04-16 |
| CVE-2000-0256 | Buffer overflows in htimage.exe and Imagemap.exe in FrontPage 97 and 98 Server Extensions allow a user to conduct activities that are not otherwise available through the web site, aka the "Server-Side Image Map Components" vulnerability. | [email protected] | 7.5 | 21.59% | 2000-04-19 | 2026-04-16 |
| CVE-2000-0260 | Buffer overflow in the dvwssr.dll DLL in Microsoft Visual Interdev 1.0 allows users to cause a denial of service or execute commands, aka the "Link View Server-Side Component" vulnerability. | [email protected] | 7.5 | 14.95% | 2000-04-14 | 2026-04-16 |
| CVE-2000-0122 | Frontpage Server Extensions allows remote attackers to determine the physical path of a virtual directory via a GET request to the htimage.exe CGI program. | [email protected] | 5.0 | 40.32% | 2000-02-03 | 2026-04-16 |
| CVE-1999-1016 | Microsoft HTML control as used in (1) Internet Explorer 5.0, (2) FrontPage Express, (3) Outlook Express 5, and (4) Eudora, and possibly others, allows remote malicious web site or HTML emails to cause a denial of service (100% CPU consumption) via large HTML form fields such as text inputs in a table cell. | [email protected] | 5.0 | 7.66% | 1999-08-27 | 2026-04-16 |
| CVE-1999-1052 | Microsoft FrontPage stores form results in a default location in /_private/form_results.txt, which is world-readable and accessible in the document root, which allows remote attackers to read possibly sensitive information submitted by other users. | [email protected] | 5.0 | 31.14% | 1999-08-24 | 2026-04-16 |