Every CVE whose affected-product data names Microsoft Windows Me, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (58)
CVE-2004-0597 — CVSS 10.0 (critical): Multiple buffer overflows in libpng 1.2.5 and earlier, as used in multiple products, allow remote attackers to execute arbitrary code via…
CVE-2002-1257 — CVSS 10.0 (critical): Microsoft Virtual Machine (VM) up to and including build 5.0.3805 allows remote attackers to execute arbitrary code by including a Java…
CVE-2004-0201 — CVSS 10.0 (critical): Heap-based buffer overflow in the HtmlHelp program (hh.exe) in HTML Help for Microsoft Windows 98, Me, NT 4.0, 2000, XP, and Server 2003…
CVE-2004-0901 — CVSS 10.0 (critical): Microsoft Word for Windows 6.0 Converter (MSWRD632.WPC), as used in WordPad, does not properly validate certain data lengths, which allows…
CVE-2004-0214 — CVSS 10.0 (critical): Buffer overflow in Microsoft Internet Explorer and Explorer on Windows XP SP1, WIndows 2000, Windows 98, and Windows Me may allow remote…
CVE-2004-0571 — CVSS 10.0 (critical): Microsoft Word for Windows 6.0 Converter does not properly validate certain data lengths, which allows remote attackers to execute…
CVE-2006-0006 — CVSS 9.3 (critical): Heap-based buffer overflow in the bitmap processing routine in Microsoft Windows Media Player 7.1 on Windows 2000 SP4, Media Player 9 on…
CVE-2006-0020 — CVSS 9.3 (critical): An unspecified Microsoft WMF parsing application, as used in Internet Explorer 5.01 SP4 on Windows 2000 SP4, and 5.5 SP2 on Windows…
CVE-2006-0010 — CVSS 9.3 (critical): Heap-based buffer overflow in T2EMBED.DLL in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 up to SP1, Windows 98, and Windows…
CVE-2003-1048 — CVSS 7.8 (high): Double free vulnerability in mshtml.dll for certain versions of Internet Explorer 6.x allows remote attackers to cause a denial of service…
CVE-2002-0694 — CVSS 7.5 (high): The HTML Help facility in Microsoft Windows 98, 98 Second Edition, Millennium Edition, NT 4.0, NT 4.0 Terminal Server Edition, Windows…
CVE-2005-0416 — CVSS 7.5 (high): The Windows Animated Cursor (ANI) capability in Windows NT, Windows 2000 through SP4, Windows XP through SP1, and Windows 2003 allows…
CVE-2005-0063 — CVSS 7.5 (high): The document processing application used by the Windows Shell in Microsoft Windows 2000, Windows XP, and Windows Server 2003 allows remote…
CVE-2005-0058 — CVSS 7.5 (high): Buffer overflow in the Telephony Application Programming Interface (TAPI) for Microsoft Windows 98, Windows 98 SE, Windows ME, Windows…
CVE-2004-0123 — CVSS 7.5 (high): Double free vulnerability in the ASN.1 library as used in Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003, allows remote…
CVE-2005-0057 — CVSS 7.5 (high): The Hyperlink Object Library for Windows 98, 2000, XP, and Server 2003 allows remote attackers to execute arbitrary code via a crafted link…
CVE-2002-1260 — CVSS 7.5 (high): The Java Database Connectivity (JDBC) APIs in Microsoft Virtual Machine (VM) 5.0.3805 and earlier allow remote attackers to bypass security…
CVE-2005-0053 — CVSS 7.5 (high): Internet Explorer 5.01, 5.5, and 6 allows remote attackers to execute arbitrary code via drag and drop events, aka the "Drag-and-Drop…
CVE-2001-0876 — CVSS 7.5 (high): Buffer overflow in Universal Plug and Play (UPnP) on Windows 98, 98SE, ME, and XP allows remote attackers to execute arbitrary code via a…
CVE-2003-0010 — CVSS 7.5 (high): Integer overflow in JsArrayFunctionHeapSort function used by Windows Script Engine for JScript (JScript.dll) on various Windows operating…
CVE-2003-0469 — CVSS 7.5 (high): Buffer overflow in the HTML Converter (HTML32.cnv) on various Windows operating systems allows remote attackers to cause a denial of…
CVE-2003-0533 — CVSS 7.5 (high): Stack-based buffer overflow in certain Active Directory service functions in LSASRV.DLL of the Local Security Authority Subsystem Service…
CVE-2003-0711 — CVSS 7.5 (high): Stack-based buffer overflow in the PCHealth system in the Help and Support Center function in Windows XP and Windows Server 2003 allows…
CVE-2003-0717 — CVSS 7.5 (high): The Messenger Service for Windows NT through Server 2003 does not properly verify the length of the message, which allows remote attackers…
CVE-2003-0719 — CVSS 7.5 (high): Buffer overflow in the Private Communications Transport (PCT) protocol implementation in the Microsoft SSL library, as used in Microsoft…
CVE-2004-0117 — CVSS 7.5 (high): Unknown vulnerability in the H.323 protocol implementation in Windows 98, Windows 2000, Windows XP, and Windows Server 2003 allows remote…
CVE-2006-2376 — CVSS 7.5 (high): Integer overflow in the PolyPolygon function in Graphics Rendering Engine on Microsoft Windows 98 and Me allows remote attackers to execute…
CVE-2006-0143 — CVSS 7.5 (high): Microsoft Windows Graphics Rendering Engine (GRE) allows remote attackers to corrupt memory and cause a denial of service (crash) via a WMF…
CVE-2001-0238 — CVSS 7.5 (high): Microsoft Data Access Component Internet Publishing Provider 8.103.2519.0 and earlier allows remote attackers to bypass Security Zone…
CVE-2005-0044 — CVSS 7.5 (high): The OLE component in Windows 98, 2000, XP, and Server 2003, and Exchange Server 5.0 through 2003, does not properly validate the lengths of…
CVE-2005-1212 — CVSS 7.5 (high): Buffer overflow in Microsoft Step-by-Step Interactive Training (orun32.exe) allows remote attackers to execute arbitrary code via a…
CVE-2002-0370 — CVSS 7.5 (high): Buffer overflow in the ZIP capability for multiple products allows remote attackers to cause a denial of service or execute arbitrary code…
CVE-2002-0693 — CVSS 7.5 (high): Buffer overflow in the HTML Help ActiveX Control (hhctrl.ocx) in Microsoft Windows 98, 98 Second Edition, Millennium Edition, NT 4.0, NT…
CVE-2005-2388 — CVSS 7.2 (high): Buffer overflow in a certain USB driver, as used on Microsoft Windows, allows attackers to execute arbitrary code.
CVE-2005-0060 — CVSS 7.2 (high): Buffer overflow in the font processing component of Microsoft Windows 2000, Windows XP SP1 and SP2, and Windows Server 2003 allows local…
CVE-2005-0061 — CVSS 7.2 (high): The kernel of Microsoft Windows 2000, Windows XP SP1 and SP2, and Windows Server 2003 allows local users to gain privileges via certain…
CVE-2003-0009 — CVSS 6.8 (medium): Cross-site scripting (XSS) vulnerability in Help and Support Center for Microsoft Windows Me allows remote attackers to execute arbitrary…
CVE-2002-0862 — CVSS 6.8 (medium): The (1) CertGetCertificateChain, (2) CertVerifyCertificateChainPolicy, and (3) WinVerifyTrust APIs within the CryptoAPI for Microsoft…
CVE-2006-1313 — CVSS 6.8 (medium): Microsoft JScript 5.1, 5.5, and 5.6 on Windows 2000 SP4, and 5.6 on Windows XP, Server 2003, Windows 98 and Windows Me, will "release…
CVE-2000-0979 — CVSS 6.4 (medium): File and Print Sharing service in Windows 95, Windows 98, and Windows Me does not properly check the password for a file share, which…
CVE-2006-0012 — CVSS 5.1 (medium): Unspecified vulnerability in Windows Explorer in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allows remote attackers to…
CVE-2005-1214 — CVSS 5.1 (medium): Microsoft Agent allows remote attackers to spoof trusted Internet content and execute arbitrary code by disguising security prompts on a…
CVE-2000-0980 — CVSS 5.0 (medium): NMPI (Name Management Protocol on IPX) listener in Microsoft NWLink does not properly filter packets from a broadcast address, which allows…
CVE-2002-0699 — CVSS 5.0 (medium): Unknown vulnerability in the Certificate Enrollment ActiveX Control in Microsoft Windows 98, Windows 98 Second Edition, Windows Millennium…
CVE-2005-1191 — CVSS 5.0 (medium): The Web View DLL (webvw.dll), as used in Windows Explorer on Windows 2000 systems, does not properly filter an apostrophe ("'") in the…
CVE-2001-1552 — CVSS 5.0 (medium): ssdpsrv.exe in Windows ME allows remote attackers to cause a denial of service by sending multiple newlines in a Simple Service Discovery…
CVE-2001-0877 — CVSS 5.0 (medium): Universal Plug and Play (UPnP) on Windows 98, 98SE, ME, and XP allows remote attackers to cause a denial of service via (1) a spoofed SSDP…
CVE-2001-0721 — CVSS 5.0 (medium): Universal Plug and Play (UPnP) in Windows 98, 98SE, ME, and XP allows remote attackers to cause a denial of service (memory consumption or…
CVE-2001-0003 — CVSS 5.0 (medium): Web Extender Client (WEC) in Microsoft Office 2000, Windows 2000, and Windows Me does not properly process Internet Explorer security…
CVE-2000-1039 — CVSS 5.0 (medium): Various TCP/IP stacks and network applications allow remote attackers to cause a denial of service by flooding a target host with TCP…
CVE-2004-0790 — CVSS 5.0 (medium): Multiple TCP/IP and ICMP implementations allow remote attackers to cause a denial of service (reset TCP connections) via spoofed ICMP error…
CVE-2004-0202 — CVSS 5.0 (medium): IDirectPlay4 Application Programming Interface (API) of Microsoft DirectPlay 7.0a thru 9.0b, as used in Windows Server 2003 and earlier…
CVE-2004-0839 — CVSS 5.0 (medium): Internet Explorer in Windows XP SP2, and other versions including 5.01 and 5.5, allows remote attackers to install arbitrary programs via a…
CVE-2004-1305 — CVSS 5.0 (medium): The Windows Animated Cursor (ANI) capability in Windows NT, Windows 2000 through SP4, Windows XP through SP1, and Windows 2003 allow remote…
CVE-2004-1319 — CVSS 5.0 (medium): The DHTML Edit Control (dhtmled.ocx) allows remote attackers to inject arbitrary web script into other domains by setting a name for a…
CVE-2002-1325 — CVSS 5.0 (medium): Microsoft Virtual Machine (VM) build 5.0.3805 and earlier allows remote attackers to determine a local user's username via a Java applet…
CVE-2002-1258 — CVSS 5.0 (medium): Two vulnerabilities in Microsoft Virtual Machine (VM) up to and including build 5.0.3805, as used in Internet Explorer and other…
CVE-2002-1139 — CVSS 5.0 (medium): The Compressed Folders feature in Microsoft Windows 98 with Plus! Pack, Windows Me, and Windows XP does not properly check the destination…