windows 98 · threatengine.sh

Home/Product/microsoft windows 98

Product

microsoft windows 98

87 known vulnerabilities across versions

Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.

Sort Min CVSS Published since

Windows Internet Naming Service (WINS) allows remote attackers to cause a denial of service (connectivity loss) or steal credentia

Microsoft JScript 5.1, 5.5, and 5.6 on Windows 2000 SP4, and 5.6 on Windows XP, Server 2003, Windows 98 and Windows Me, will "rele

Integer overflow in the PolyPolygon function in Graphics Rendering Engine on Microsoft Windows 98 and Me allows remote attackers t

Unspecified vulnerability in Windows Explorer in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allows remote att

Heap-based buffer overflow in the bitmap processing routine in Microsoft Windows Media Player 7.1 on Windows 2000 SP4, Media Playe

Heap-based buffer overflow in T2EMBED.DLL in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 up to SP1, Windows 98, an

An unspecified Microsoft WMF parsing application, as used in Internet Explorer 5.01 SP4 on Windows 2000 SP4, and 5.5 SP2 on Window

Microsoft Windows Graphics Rendering Engine (GRE) allows remote attackers to corrupt memory and cause a denial of service (crash)

Buffer overflow in the Telephony Application Programming Interface (TAPI) for Microsoft Windows 98, Windows 98 SE, Windows ME, Win

Buffer overflow in a certain USB driver, as used on Microsoft Windows, allows attackers to execute arbitrary code.

Microsoft Agent allows remote attackers to spoof trusted Internet content and execute arbitrary code by disguising security prompt

Buffer overflow in Microsoft Step-by-Step Interactive Training (orun32.exe) allows remote attackers to execute arbitrary code via

Integer overflow in Microsoft Windows 98, 2000, XP SP2 and earlier, and Server 2003 SP1 and earlier allows remote attackers to exe

The Web View DLL (webvw.dll), as used in Windows Explorer on Windows 2000 systems, does not properly filter an apostrophe ("'") in

The document processing application used by the Windows Shell in Microsoft Windows 2000, Windows XP, and Windows Server 2003 allow

The kernel of Microsoft Windows 2000, Windows XP SP1 and SP2, and Windows Server 2003 allows local users to gain privileges via ce

Buffer overflow in the font processing component of Microsoft Windows 2000, Windows XP SP1 and SP2, and Windows Server 2003 allows

Buffer overflow in the Message Queuing component of Microsoft Windows 2000 and Windows XP SP1 allows remote attackers to execute a

The Hyperlink Object Library for Windows 98, 2000, XP, and Server 2003 allows remote attackers to execute arbitrary code via a cra

Internet Explorer 5.01, 5.5, and 6 allows remote attackers to execute arbitrary code via drag and drop events, aka the "Drag-and-D

The OLE component in Windows 98, 2000, XP, and Server 2003, and Exchange Server 5.0 through 2003, does not properly validate the l

The Windows Animated Cursor (ANI) capability in Windows NT, Windows 2000 through SP4, Windows XP through SP1, and Windows 2003 all

Multiple TCP/IP and ICMP implementations allow remote attackers to cause a denial of service (reset TCP connections) via spoofed I

Microsoft Word for Windows 6.0 Converter (MSWRD632.WPC), as used in WordPad, does not properly validate certain data lengths, whic

Microsoft Word for Windows 6.0 Converter does not properly validate certain data lengths, which allows remote attackers to execute

The Windows Animated Cursor (ANI) capability in Windows NT, Windows 2000 through SP4, Windows XP through SP1, and Windows 2003 all

The DHTML Edit Control (dhtmled.ocx) allows remote attackers to inject arbitrary web script into other domains by setting a name f

Buffer overflow in Microsoft Internet Explorer and Explorer on Windows XP SP1, WIndows 2000, Windows 98, and Windows Me may allow

"Shatter" style vulnerability in the Window Management application programming interface (API) for Microsoft Windows 98, Windows N

Network Dynamic Data Exchange (NetDDE) services for Microsoft Windows 98, Windows NT 4.0, Windows 2000, Windows XP, and Windows Se

Internet Explorer in Windows XP SP2, and other versions including 5.01 and 5.5, allows remote attackers to install arbitrary progr

TCP, when using a large Window Size, makes it easier for remote attackers to guess sequence numbers and cause a denial of service

IDirectPlay4 Application Programming Interface (API) of Microsoft DirectPlay 7.0a thru 9.0b, as used in Windows Server 2003 and ea

Heap-based buffer overflow in the HtmlHelp program (hh.exe) in HTML Help for Microsoft Windows 98, Me, NT 4.0, 2000, XP, and Serve

Double free vulnerability in mshtml.dll for certain versions of Internet Explorer 6.x allows remote attackers to cause a denial of

Double free vulnerability in the ASN.1 library as used in Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003, allow

Unknown vulnerability in the H.323 protocol implementation in Windows 98, Windows 2000, Windows XP, and Windows Server 2003 allows

Buffer overflow in the Private Communications Transport (PCT) protocol implementation in the Microsoft SSL library, as used in Mic

Stack-based buffer overflow in certain Active Directory service functions in LSASRV.DLL of the Local Security Authority Subsystem

A multi-threaded race condition in the Windows RPC DCOM functionality with the MS03-039 patch installed allows remote attackers to

Buffer overflow in the HTML Converter (HTML32.cnv) on various Windows operating systems allows remote attackers to cause a denial

Integer overflow in JsArrayFunctionHeapSort function used by Windows Script Engine for JScript (JScript.dll) on various Windows op

The Internet Group Management Protocol (IGMP) allows local users to cause a denial of service via an IGMP membership report to a t

Microsoft Virtual Machine (VM) build 5.0.3805 and earlier allows remote attackers to determine a local user's username via a Java

The Java Database Connectivity (JDBC) APIs in Microsoft Virtual Machine (VM) 5.0.3805 and earlier allow remote attackers to bypass

Two vulnerabilities in Microsoft Virtual Machine (VM) up to and including build 5.0.3805, as used in Internet Explorer and other a

Microsoft Virtual Machine (VM) up to and including build 5.0.3805 allows remote attackers to execute arbitrary code by including a

Microsoft Windows 98 and Windows NT 4.0 do not properly verify the Basic Constraints of digital certificates, allowing remote atta

The HTML Help facility in Microsoft Windows 98, 98 Second Edition, Millennium Edition, NT 4.0, NT 4.0 Terminal Server Edition, Win

Buffer overflow in the HTML Help ActiveX Control (hhctrl.ocx) in Microsoft Windows 98, 98 Second Edition, Millennium Edition, NT 4

The (1) CertGetCertificateChain, (2) CertVerifyCertificateChainPolicy, and (3) WinVerifyTrust APIs within the CryptoAPI for Micros

Unknown vulnerability in the Certificate Enrollment ActiveX Control in Microsoft Windows 98, Windows 98 Second Edition, Windows Mi

Buffer overflow in Windows Shell (used as the Windows Desktop) allows local and possibly remote attackers to execute arbitrary cod

Buffer overflow in SNMP agent service in Windows 95/98/98SE, Windows NT 4.0, Windows 2000, and Windows XP allows remote attackers

Universal Plug and Play (UPnP) on Windows 98, 98SE, ME, and XP allows remote attackers to cause a denial of service via (1) a spoo

Buffer overflow in Universal Plug and Play (UPnP) on Windows 98, 98SE, ME, and XP allows remote attackers to execute arbitrary cod

Universal Plug and Play (UPnP) in Windows 98, 98SE, ME, and XP allows remote attackers to cause a denial of service (memory consum

The Microsoft Windows network stack allows remote attackers to cause a denial of service (CPU consumption) via a flood of malforme

Microsoft Data Access Component Internet Publishing Provider 8.103.2519.0 and earlier allows remote attackers to bypass Security Z

Windows 98 and Windows 2000 Java clients allow remote attackers to cause a denial of service via a Java applet that opens a large

Various TCP/IP stacks and network applications allow remote attackers to cause a denial of service by flooding a target host with

NMPI (Name Management Protocol on IPX) listener in Microsoft NWLink does not properly filter packets from a broadcast address, whi

File and Print Sharing service in Windows 95, Windows 98, and Windows Me does not properly check the password for a file share, wh

NETBIOS client in Windows 95 and Windows 98 allows a remote attacker to cause a denial of service by changing a file sharing servi

The web-based folder display capability in Microsoft Internet Explorer 5.5 on Windows 98 allows local users to insert Trojan horse

The IPX protocol implementation in Microsoft Windows 95 and 98 allows remote attackers to cause a denial of service by sending a p

Interactions between the CIFS Browser Protocol and NetBIOS as implemented in Microsoft Windows 95, 98, NT, and 2000 allow remote a

Windows 95 and Windows 98 do not properly process spoofed ARP packets, which allows remote attackers to overwrite static entries i

A system does not present an appropriate legal message or warning to a user who is accessing it.

The CIFS Computer Browser service allows remote attackers to cause a denial of service by sending a ResetBrowser frame to the Mast

Windows 95, Windows 98, Windows 2000, Windows NT 4.0, and Terminal Server systems allow a remote attacker to cause a denial of ser

Windows 95 and Windows 98 allow a remote attacker to cause a denial of service via a NetBIOS session request packet with a NULL so

The default configuration for the domain name resolver for Microsoft Windows 98, NT 4.0, 2000, and XP sets the QueryIpMatching par

Microsoft Windows 9x operating systems allow an attacker to cause a denial of service via a pathname that includes file device nam

Windows NT Autorun executes the autorun.inf file on non-removable media, which allows local attackers to specify an alternate prog

Buffer overflow in the SHGetPathFromIDList function of the Serv-U FTP server allows attackers to cause a denial of service by perf

The Windows help system can allow a local user to execute commands as another user by editing a table of contents metafile with a

A legacy credential caching mechanism used in Windows 95 and Windows 98 systems allows attackers to read plaintext network passwor

Buffer overflow in Microsoft Rich Text Format (RTF) reader allows attackers to cause a denial of service via a malformed control w

The networking software in Windows 95 and Windows 98 allows remote attackers to execute commands via a long file name string, aka

Buffer overflow in Microsoft Telnet client in Windows 95 and Windows 98 via a malformed Telnet argument.

Denial of service in various Windows systems via malformed, fragmented IGMP packets.

A remote attacker can disable the virus warning mechanism in Microsoft Excel 97.

Remote attackers can perform a denial of service in Windows machines using malicious ARP packets, forcing a message box display fo

Windows 95, 98, and NT 4.0 allow remote attackers to cause a denial of service by spoofing ICMP redirect messages from a router, w

Windows 95 and Windows 98 systems, when configured with multiple TCP/IP stacks bound to the same MAC address, allow remote attacke

Windows 98 and other operating systems allows remote attackers to cause a denial of service via crafted "oshare" packets, possibly

Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities

Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs

Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures

Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1

About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service

threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin