Every CVE whose affected-product data names Microsoft Windows 98, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (87)
CVE-2005-0059 — CVSS 10.0 (critical): Buffer overflow in the Message Queuing component of Microsoft Windows 2000 and Windows XP SP1 allows remote attackers to execute arbitrary…
CVE-2002-1257 — CVSS 10.0 (critical): Microsoft Virtual Machine (VM) up to and including build 5.0.3805 allows remote attackers to execute arbitrary code by including a Java…
CVE-2004-0201 — CVSS 10.0 (critical): Heap-based buffer overflow in the HtmlHelp program (hh.exe) in HTML Help for Microsoft Windows 98, Me, NT 4.0, 2000, XP, and Server 2003…
CVE-2004-0214 — CVSS 10.0 (critical): Buffer overflow in Microsoft Internet Explorer and Explorer on Windows XP SP1, WIndows 2000, Windows 98, and Windows Me may allow remote…
CVE-2004-0571 — CVSS 10.0 (critical): Microsoft Word for Windows 6.0 Converter does not properly validate certain data lengths, which allows remote attackers to execute…
CVE-2004-0901 — CVSS 10.0 (critical): Microsoft Word for Windows 6.0 Converter (MSWRD632.WPC), as used in WordPad, does not properly validate certain data lengths, which allows…
CVE-2005-1208 — CVSS 10.0 (critical): Integer overflow in Microsoft Windows 98, 2000, XP SP2 and earlier, and Server 2003 SP1 and earlier allows remote attackers to execute…
CVE-2000-1218 — CVSS 9.8 (critical): The default configuration for the domain name resolver for Microsoft Windows 98, NT 4.0, 2000, and XP sets the QueryIpMatching parameter to…
CVE-2006-0010 — CVSS 9.3 (critical): Heap-based buffer overflow in T2EMBED.DLL in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 up to SP1, Windows 98, and Windows…
CVE-2006-0020 — CVSS 9.3 (critical): An unspecified Microsoft WMF parsing application, as used in Internet Explorer 5.01 SP4 on Windows 2000 SP4, and 5.5 SP2 on Windows…
CVE-2006-0006 — CVSS 9.3 (critical): Heap-based buffer overflow in the bitmap processing routine in Microsoft Windows Media Player 7.1 on Windows 2000 SP4, Media Player 9 on…
CVE-2003-1048 — CVSS 7.8 (high): Double free vulnerability in mshtml.dll for certain versions of Internet Explorer 6.x allows remote attackers to cause a denial of service…
CVE-2000-0305 — CVSS 7.8 (high): Windows 95, Windows 98, Windows 2000, Windows NT 4.0, and Terminal Server systems allow a remote attacker to cause a denial of service by…
CVE-1999-0387 — CVSS 7.8 (high): A legacy credential caching mechanism used in Windows 95 and Windows 98 systems allows attackers to read plaintext network passwords.
CVE-1999-1593 — CVSS 7.6 (high): Windows Internet Naming Service (WINS) allows remote attackers to cause a denial of service (connectivity loss) or steal credentials via a…
CVE-2000-0330 — CVSS 7.6 (high): The networking software in Windows 95 and Windows 98 allows remote attackers to execute commands via a long file name string, aka the "File…
CVE-2002-0070 — CVSS 7.6 (high): Buffer overflow in Windows Shell (used as the Windows Desktop) allows local and possibly remote attackers to execute arbitrary code via a…
CVE-2006-2376 — CVSS 7.5 (high): Integer overflow in the PolyPolygon function in Graphics Rendering Engine on Microsoft Windows 98 and Me allows remote attackers to execute…
CVE-2000-1079 — CVSS 7.5 (high): Interactions between the CIFS Browser Protocol and NetBIOS as implemented in Microsoft Windows 95, 98, NT, and 2000 allow remote attackers…
CVE-2001-0238 — CVSS 7.5 (high): Microsoft Data Access Component Internet Publishing Provider 8.103.2519.0 and earlier allows remote attackers to bypass Security Zone…
CVE-2001-0876 — CVSS 7.5 (high): Buffer overflow in Universal Plug and Play (UPnP) on Windows 98, 98SE, ME, and XP allows remote attackers to execute arbitrary code via a…
CVE-2002-0053 — CVSS 7.5 (high): Buffer overflow in SNMP agent service in Windows 95/98/98SE, Windows NT 4.0, Windows 2000, and Windows XP allows remote attackers to cause…
CVE-2002-0693 — CVSS 7.5 (high): Buffer overflow in the HTML Help ActiveX Control (hhctrl.ocx) in Microsoft Windows 98, 98 Second Edition, Millennium Edition, NT 4.0, NT…
CVE-2002-0694 — CVSS 7.5 (high): The HTML Help facility in Microsoft Windows 98, 98 Second Edition, Millennium Edition, NT 4.0, NT 4.0 Terminal Server Edition, Windows…
CVE-2002-1183 — CVSS 7.5 (high): Microsoft Windows 98 and Windows NT 4.0 do not properly verify the Basic Constraints of digital certificates, allowing remote attackers to…
CVE-2002-1260 — CVSS 7.5 (high): The Java Database Connectivity (JDBC) APIs in Microsoft Virtual Machine (VM) 5.0.3805 and earlier allow remote attackers to bypass security…
CVE-2003-0010 — CVSS 7.5 (high): Integer overflow in JsArrayFunctionHeapSort function used by Windows Script Engine for JScript (JScript.dll) on various Windows operating…
CVE-2003-0469 — CVSS 7.5 (high): Buffer overflow in the HTML Converter (HTML32.cnv) on various Windows operating systems allows remote attackers to cause a denial of…
CVE-2003-0533 — CVSS 7.5 (high): Stack-based buffer overflow in certain Active Directory service functions in LSASRV.DLL of the Local Security Authority Subsystem Service…
CVE-2003-0719 — CVSS 7.5 (high): Buffer overflow in the Private Communications Transport (PCT) protocol implementation in the Microsoft SSL library, as used in Microsoft…
CVE-2004-0117 — CVSS 7.5 (high): Unknown vulnerability in the H.323 protocol implementation in Windows 98, Windows 2000, Windows XP, and Windows Server 2003 allows remote…
CVE-2004-0123 — CVSS 7.5 (high): Double free vulnerability in the ASN.1 library as used in Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003, allows remote…
CVE-2004-0206 — CVSS 7.5 (high): Network Dynamic Data Exchange (NetDDE) services for Microsoft Windows 98, Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003…
CVE-2005-0044 — CVSS 7.5 (high): The OLE component in Windows 98, 2000, XP, and Server 2003, and Exchange Server 5.0 through 2003, does not properly validate the lengths of…
CVE-2005-0053 — CVSS 7.5 (high): Internet Explorer 5.01, 5.5, and 6 allows remote attackers to execute arbitrary code via drag and drop events, aka the "Drag-and-Drop…
CVE-2005-0057 — CVSS 7.5 (high): The Hyperlink Object Library for Windows 98, 2000, XP, and Server 2003 allows remote attackers to execute arbitrary code via a crafted link…
CVE-2005-0058 — CVSS 7.5 (high): Buffer overflow in the Telephony Application Programming Interface (TAPI) for Microsoft Windows 98, Windows 98 SE, Windows ME, Windows…
CVE-2005-0063 — CVSS 7.5 (high): The document processing application used by the Windows Shell in Microsoft Windows 2000, Windows XP, and Windows Server 2003 allows remote…
CVE-2005-0416 — CVSS 7.5 (high): The Windows Animated Cursor (ANI) capability in Windows NT, Windows 2000 through SP4, Windows XP through SP1, and Windows 2003 allows…
CVE-2005-1212 — CVSS 7.5 (high): Buffer overflow in Microsoft Step-by-Step Interactive Training (orun32.exe) allows remote attackers to execute arbitrary code via a…
CVE-2006-0143 — CVSS 7.5 (high): Microsoft Windows Graphics Rendering Engine (GRE) allows remote attackers to corrupt memory and cause a denial of service (crash) via a WMF…
CVE-2005-0060 — CVSS 7.2 (high): Buffer overflow in the font processing component of Microsoft Windows 2000, Windows XP SP1 and SP2, and Windows Server 2003 allows local…
CVE-2005-2388 — CVSS 7.2 (high): Buffer overflow in a certain USB driver, as used on Microsoft Windows, allows attackers to execute arbitrary code.
CVE-2000-0155 — CVSS 7.2 (high): Windows NT Autorun executes the autorun.inf file on non-removable media, which allows local attackers to specify an alternate program to…
CVE-2005-0061 — CVSS 7.2 (high): The kernel of Microsoft Windows 2000, Windows XP SP1 and SP2, and Windows Server 2003 allows local users to gain privileges via certain…
CVE-2006-1313 — CVSS 6.8 (medium): Microsoft JScript 5.1, 5.5, and 5.6 on Windows 2000 SP4, and 5.6 on Windows XP, Server 2003, Windows 98 and Windows Me, will "release…
CVE-2002-0862 — CVSS 6.8 (medium): The (1) CertGetCertificateChain, (2) CertVerifyCertificateChainPolicy, and (3) WinVerifyTrust APIs within the CryptoAPI for Microsoft…
CVE-2000-0979 — CVSS 6.4 (medium): File and Print Sharing service in Windows 95, Windows 98, and Windows Me does not properly check the password for a file share, which…
CVE-2003-0813 — CVSS 5.1 (medium): A multi-threaded race condition in the Windows RPC DCOM functionality with the MS03-039 patch installed allows remote attackers to cause a…
CVE-2006-0012 — CVSS 5.1 (medium): Unspecified vulnerability in Windows Explorer in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allows remote attackers to…
CVE-2005-1214 — CVSS 5.1 (medium): Microsoft Agent allows remote attackers to spoof trusted Internet content and execute arbitrary code by disguising security prompts on a…
CVE-2004-0839 — CVSS 5.0 (medium): Internet Explorer in Windows XP SP2, and other versions including 5.01 and 5.5, allows remote attackers to install arbitrary programs via a…
CVE-1999-1254 — CVSS 5.0 (medium): Windows 95, 98, and NT 4.0 allow remote attackers to cause a denial of service by spoofing ICMP redirect messages from a router, which…
CVE-2000-0742 — CVSS 5.0 (medium): The IPX protocol implementation in Microsoft Windows 95 and 98 allows remote attackers to cause a denial of service by sending a ping…
CVE-2002-1258 — CVSS 5.0 (medium): Two vulnerabilities in Microsoft Virtual Machine (VM) up to and including build 5.0.3805, as used in Internet Explorer and other…
CVE-2002-1325 — CVSS 5.0 (medium): Microsoft Virtual Machine (VM) build 5.0.3805 and earlier allows remote attackers to determine a local user's username via a Java applet…
CVE-1999-0444 — CVSS 5.0 (medium): Remote attackers can perform a denial of service in Windows machines using malicious ARP packets, forcing a message box display for each…
CVE-1999-0357 — CVSS 5.0 (medium): Windows 98 and other operating systems allows remote attackers to cause a denial of service via crafted "oshare" packets, possibly…
CVE-2005-1191 — CVSS 5.0 (medium): The Web View DLL (webvw.dll), as used in Windows Explorer on Windows 2000 systems, does not properly filter an apostrophe ("'") in the…
CVE-2000-0168 — CVSS 5.0 (medium): Microsoft Windows 9x operating systems allow an attacker to cause a denial of service via a pathname that includes file device names, aka…
CVE-2004-0202 — CVSS 5.0 (medium): IDirectPlay4 Application Programming Interface (API) of Microsoft DirectPlay 7.0a thru 9.0b, as used in Windows Server 2003 and earlier…
CVE-2004-0230 — CVSS 5.0 (medium): TCP, when using a large Window Size, makes it easier for remote attackers to guess sequence numbers and cause a denial of service…
CVE-2000-0073 — CVSS 5.0 (medium): Buffer overflow in Microsoft Rich Text Format (RTF) reader allows attackers to cause a denial of service via a malformed control word.
CVE-2004-0790 — CVSS 5.0 (medium): Multiple TCP/IP and ICMP implementations allow remote attackers to cause a denial of service (reset TCP connections) via spoofed ICMP error…
CVE-2000-0612 — CVSS 5.0 (medium): Windows 95 and Windows 98 do not properly process spoofed ARP packets, which allows remote attackers to overwrite static entries in the…
CVE-2004-1319 — CVSS 5.0 (medium): The DHTML Edit Control (dhtmled.ocx) allows remote attackers to inject arbitrary web script into other domains by setting a name for a…
CVE-2001-0721 — CVSS 5.0 (medium): Universal Plug and Play (UPnP) in Windows 98, 98SE, ME, and XP allows remote attackers to cause a denial of service (memory consumption or…
CVE-2001-0877 — CVSS 5.0 (medium): Universal Plug and Play (UPnP) on Windows 98, 98SE, ME, and XP allows remote attackers to cause a denial of service via (1) a spoofed SSDP…
CVE-2001-1055 — CVSS 5.0 (medium): The Microsoft Windows network stack allows remote attackers to cause a denial of service (CPU consumption) via a flood of malformed ARP…
CVE-2000-0404 — CVSS 5.0 (medium): The CIFS Computer Browser service allows remote attackers to cause a denial of service by sending a ResetBrowser frame to the Master…
CVE-2002-0699 — CVSS 5.0 (medium): Unknown vulnerability in the Certificate Enrollment ActiveX Control in Microsoft Windows 98, Windows 98 Second Edition, Windows Millennium…
CVE-1999-1201 — CVSS 5.0 (medium): Windows 95 and Windows 98 systems, when configured with multiple TCP/IP stacks bound to the same MAC address, allow remote attackers to…
CVE-2000-0347 — CVSS 5.0 (medium): Windows 95 and Windows 98 allow a remote attacker to cause a denial of service via a NetBIOS session request packet with a NULL source name.
CVE-2000-0980 — CVSS 5.0 (medium): NMPI (Name Management Protocol on IPX) listener in Microsoft NWLink does not properly filter packets from a broadcast address, which allows…
CVE-2000-1039 — CVSS 5.0 (medium): Various TCP/IP stacks and network applications allow remote attackers to cause a denial of service by flooding a target host with TCP…
CVE-2004-1305 — CVSS 5.0 (medium): The Windows Animated Cursor (ANI) capability in Windows NT, Windows 2000 through SP4, Windows XP through SP1, and Windows 2003 allow remote…
CVE-2002-2185 — CVSS 4.9 (medium): The Internet Group Management Protocol (IGMP) allows local users to cause a denial of service via an IGMP membership report to a target's…
CVE-2000-0790 — CVSS 4.6 (medium): The web-based folder display capability in Microsoft Internet Explorer 5.5 on Windows 98 allows local users to insert Trojan horse programs…
CVE-1999-0975 — CVSS 4.6 (medium): The Windows help system can allow a local user to execute commands as another user by editing a table of contents metafile with a .CNT…
CVE-1999-0749 — CVSS 2.6 (low): Buffer overflow in Microsoft Telnet client in Windows 95 and Windows 98 via a malformed Telnet argument.
CVE-2001-0324 — CVSS 2.6 (low): Windows 98 and Windows 2000 Java clients allow remote attackers to cause a denial of service via a Java applet that opens a large number of…
CVE-2000-1003 — CVSS 2.6 (low): NETBIOS client in Windows 95 and Windows 98 allows a remote attacker to cause a denial of service by changing a file sharing service to…
CVE-2004-0207 — CVSS 2.1 (low): "Shatter" style vulnerability in the Window Management application programming interface (API) for Microsoft Windows 98, Windows NT 4.0…
CVE-2000-0129 — CVSS 2.1 (low): Buffer overflow in the SHGetPathFromIDList function of the Serv-U FTP server allows attackers to cause a denial of service by performing a…