Lucene search

K
MicrosoftWindows 2003 Server

405 matches found

CVE
CVE
added 2005/05/02 4:0 a.m.50 views

CVE-2005-0047

Windows 2000, XP, and Server 2003 does not properly "validate the use of memory regions" for COM structured storage files, which allows attackers to execute arbitrary code, aka the "COM Structured Storage Vulnerability."

7.2CVSS7.1AI score0.06563EPSS
CVE
CVE
added 2005/11/29 9:3 p.m.50 views

CVE-2005-2124

Unspecified vulnerability in the Graphics Rendering Engine (GDI32.DLL) in Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1, related to "An unchecked buffer" and possibly buffer overflows, allows remote attackers to execute arbitrary code via a crafted Windows Metafile (WMF) format image, aka "...

7.6CVSS7.5AI score0.76596EPSS
CVE
CVE
added 2005/10/21 6:2 p.m.50 views

CVE-2005-2126

The FTP client in Windows XP SP1 and Server 2003, and Internet Explorer 6 SP1 on Windows 2000 SP4, when "Enable Folder View for FTP Sites" is enabled and the user manually initiates a file transfer, allows user-assisted, remote FTP servers to overwrite files in arbitrary locations via crafted filen...

2.6CVSS6.7AI score0.61694EPSS
CVE
CVE
added 2006/09/12 11:7 p.m.50 views

CVE-2006-0032

Cross-site scripting (XSS) vulnerability in the Indexing Service in Microsoft Windows 2000, XP, and Server 2003, when the Encoding option is set to Auto Select, allows remote attackers to inject arbitrary web script or HTML via a UTF-7 encoded URL, which is injected into an error message whose char...

4.3CVSS5.4AI score0.66127EPSS
CVE
CVE
added 2006/06/13 7:6 p.m.50 views

CVE-2006-1313

Microsoft JScript 5.1, 5.5, and 5.6 on Windows 2000 SP4, and 5.6 on Windows XP, Server 2003, Windows 98 and Windows Me, will "release objects early" in certain cases, which results in memory corruption and allows remote attackers to execute arbitrary code.

6.8CVSS7.4AI score0.57905EPSS
CVE
CVE
added 2006/08/09 1:4 a.m.50 views

CVE-2006-3440

Buffer overflow in the Winsock API in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allows remote attackers to execute arbitrary code via unknown vectors, aka "Winsock Hostname Vulnerability."

10CVSS7.9AI score0.73645EPSS
CVE
CVE
added 2008/01/08 8:46 p.m.50 views

CVE-2007-0066

The kernel in Microsoft Windows 2000 SP4, XP SP2, and Server 2003, when ICMP Router Discovery Protocol (RDP) is enabled, allows remote attackers to cause a denial of service via fragmented router advertisement ICMP packets that trigger an out-of-bounds read, aka "Windows Kernel TCP/IP/ICMP Vulnerab...

7.1CVSS6.2AI score0.2531EPSS
CVE
CVE
added 2007/06/12 7:30 p.m.50 views

CVE-2007-2218

Unspecified vulnerability in the Windows Schannel Security Package for Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 and SP2, allows remote servers to execute arbitrary code or cause a denial of service via crafted digital signatures that are processed during an SSL handshake.

9.3CVSS7.6AI score0.50226EPSS
CVE
CVE
added 2007/09/27 7:17 p.m.50 views

CVE-2007-5133

Microsoft Windows Explorer (explorer.exe) allows user-assisted remote attackers to cause a denial of service (CPU consumption) via a certain PNG file with a large tEXt chunk that possibly triggers an integer overflow in PNG chunk size handling, as demonstrated by badlycrafted.png.

7.1CVSS6.9AI score0.56087EPSS
CVE
CVE
added 2010/04/14 4:0 p.m.50 views

CVE-2010-0236

The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, and Vista Gold does not properly allocate memory for the destination key associated with a symbolic-link registry key, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Memory Allocat...

7.2CVSS6.3AI score0.01547EPSS
CVE
CVE
added 2010/03/03 7:30 p.m.50 views

CVE-2010-0483

vbscript.dll in VBScript 5.1, 5.6, 5.7, and 5.8 in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2, when Internet Explorer is used, allows user-assisted remote attackers to execute arbitrary code by referencing a (1) local pathname, (2) UNC share pathname, or (3) WebDAV server with ...

7.6CVSS7.4AI score0.81699EPSS
CVE
CVE
added 2010/04/14 4:0 p.m.50 views

CVE-2010-0486

The WinVerifyTrust function in Authenticode Signature Verification 5.1, 6.0, and 6.1 in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly use unspecified fields in a f...

9.3CVSS7.6AI score0.44165EPSS
CVE
CVE
added 2011/02/09 1:0 a.m.50 views

CVE-2011-0087

win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, and Server 2008 Gold and SP2 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Win32k Insufficient User Input Validati...

7.2CVSS6.3AI score0.00751EPSS
CVE
CVE
added 2011/07/13 11:55 p.m.50 views

CVE-2011-1881

win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer deref...

8.4CVSS6.4AI score0.00759EPSS
CVE
CVE
added 2011/07/13 11:55 p.m.50 views

CVE-2011-1882

Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application th...

7.2CVSS6.5AI score0.0061EPSS
CVE
CVE
added 2013/09/11 2:3 p.m.50 views

CVE-2013-1344

win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application, aka "Win32k Multi...

7.2CVSS6.2AI score0.01084EPSS
CVE
CVE
added 2013/09/11 2:3 p.m.50 views

CVE-2013-3865

win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application, aka "Win32k Multi...

7.2CVSS6.2AI score0.01084EPSS
CVE
CVE
added 2004/09/14 4:0 a.m.49 views

CVE-2004-0839

Internet Explorer in Windows XP SP2, and other versions including 5.01 and 5.5, allows remote attackers to install arbitrary programs via a web page that uses certain styles and the AnchorClick behavior, popup windows, and drag-and-drop capabilities to drop the program in the local startup folder, ...

5CVSS7.4AI score0.38826EPSS
CVE
CVE
added 2005/05/02 4:0 a.m.49 views

CVE-2005-0061

The kernel of Microsoft Windows 2000, Windows XP SP1 and SP2, and Windows Server 2003 allows local users to gain privileges via certain access requests.

7.2CVSS6.5AI score0.02964EPSS
CVE
CVE
added 2005/11/29 9:3 p.m.49 views

CVE-2005-2123

Multiple integer overflows in the Graphics Rendering Engine (GDI32.DLL) in Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allow remote attackers to execute arbitrary code via crafted Windows Metafile (WMF) and Enhanced Metafile (EMF) format images that lead to heap-based buffer overflows, as...

7.5CVSS7.6AI score0.63244EPSS
CVE
CVE
added 2006/02/14 10:6 p.m.49 views

CVE-2006-0006

Heap-based buffer overflow in the bitmap processing routine in Microsoft Windows Media Player 7.1 on Windows 2000 SP4, Media Player 9 on Windows 2000 SP4 and XP SP1, and Media Player 10 on XP SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted bitmap (.BMP) file that specifi...

9.3CVSS7.7AI score0.739EPSS
CVE
CVE
added 2006/02/14 7:6 p.m.49 views

CVE-2006-0021

Microsoft Windows XP SP1 and SP2, and Server 2003 up to SP1, allows remote attackers to cause a denial of service (hang) via an IGMP packet with an invalid IP option, aka the "IGMP v3 DoS Vulnerability."

7.8CVSS6.4AI score0.69661EPSS
CVE
CVE
added 2007/04/10 9:19 p.m.49 views

CVE-2007-1205

Unspecified vulnerability in Microsoft Agent (msagent\agentsvr.exe) in Windows 2000 SP4, XP SP2, and Server 2003, 2003 SP1, and 2003 SP2 allows remote attackers to execute arbitrary code via crafted URLs, which result in memory corruption.

9.3CVSS7.4AI score0.61977EPSS
CVE
CVE
added 2007/04/04 4:19 p.m.49 views

CVE-2007-1215

Buffer overflow in the Graphics Device Interface (GDI) in Microsoft Windows 2000 SP4; XP SP2; Server 2003 Gold, SP1, and SP2; and Vista allows local users to gain privileges via certain "color-related parameters" in crafted images.

7.2CVSS6.5AI score0.0278EPSS
CVE
CVE
added 2010/08/11 6:47 p.m.49 views

CVE-2010-1897

The Windows kernel-mode drivers in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 do not properly validate pseudo-handle values in callback parameters during window creation, which allows local...

7.2CVSS6.2AI score0.01971EPSS
CVE
CVE
added 2011/01/07 12:0 p.m.49 views

CVE-2010-4669

The Neighbor Discovery (ND) protocol implementation in the IPv6 stack in Microsoft Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, and Windows 7 allows remote attackers to cause a denial of service (CPU consumption and system hang) by sending many Router Advertisement (RA) mess...

7.8CVSS7.2AI score0.07851EPSS
CVE
CVE
added 2011/02/10 4:0 p.m.49 views

CVE-2011-0033

The OpenType Compact Font Format (CFF) driver in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate parameter values in OpenType fonts, which allows remote attackers to execute arbitra...

9.3CVSS7.6AI score0.2718EPSS
CVE
CVE
added 2011/02/09 1:0 a.m.49 views

CVE-2011-0089

win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka ...

7.2CVSS6.4AI score0.00859EPSS
CVE
CVE
added 2011/04/13 6:55 p.m.49 views

CVE-2011-0667

Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application th...

7.2CVSS6.5AI score0.00623EPSS
CVE
CVE
added 2011/04/13 8:26 p.m.49 views

CVE-2011-1225

win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer deref...

7.2CVSS6.4AI score0.00827EPSS
CVE
CVE
added 2011/07/13 11:55 p.m.49 views

CVE-2011-1283

The Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, and Windows Server 2008 Gold and SP2 does not ensure that an unspecified array index has a non-negative value before performing read and w...

7.2CVSS6.5AI score0.00773EPSS
CVE
CVE
added 2011/06/16 8:55 p.m.49 views

CVE-2011-1868

The Distributed File System (DFS) implementation in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly validate fields in DFS responses, which allows remote DFS servers to execute arbitrary code via a crafted response, aka "DFS Memory Corruption Vulnerability."

10CVSS7.5AI score0.34714EPSS
CVE
CVE
added 2013/09/11 2:3 p.m.49 views

CVE-2013-1342

win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application, aka "Win32k Multi...

7.8CVSS6.2AI score0.01084EPSS
CVE
CVE
added 2013/09/11 2:3 p.m.49 views

CVE-2013-1343

win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application, aka "Win32k Multi...

7.2CVSS6.2AI score0.01084EPSS
CVE
CVE
added 2013/09/11 2:3 p.m.49 views

CVE-2013-3866

win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application, aka "Win32k Eleva...

7.2CVSS6.5AI score0.0059EPSS
CVE
CVE
added 2005/01/19 5:0 a.m.48 views

CVE-2004-1306

Heap-based buffer overflow in winhlp32.exe in Windows NT, Windows 2000 through SP4, Windows XP through SP2, and Windows 2003 allows remote attackers to execute arbitrary code via a crafted .hlp file.

5.1CVSS8AI score0.50695EPSS
CVE
CVE
added 2006/02/15 11:0 a.m.48 views

CVE-2005-4717

Microsoft Internet Explorer 6.0 on Windows NT 4.0 SP6a, Windows 2000 SP4, Windows XP SP1, Windows XP SP2, and Windows Server 2003 SP1 allows remote attackers to cause a denial of service (client crash) via a certain combination of a malformed HTML file and a CSS file that triggers a null dereferenc...

5CVSS6.8AI score0.10269EPSS
CVE
CVE
added 2006/04/03 10:4 a.m.48 views

CVE-2006-1591

Heap-based buffer overflow in Microsoft Windows Help winhlp32.exe allows user-assisted attackers to execute arbitrary code via crafted embedded image data in a .hlp file.

5.1CVSS7.8AI score0.28999EPSS
CVE
CVE
added 2006/08/10 1:4 a.m.48 views

CVE-2006-4071

Sign extension vulnerability in the createBrushIndirect function in the GDI library (gdi32.dll) in Microsoft Windows XP, Server 2003, and possibly other versions, allows user-assisted attackers to cause a denial of service (application crash) via a crafted WMF file.

2.6CVSS6.4AI score0.22839EPSS
CVE
CVE
added 2006/11/14 10:7 p.m.48 views

CVE-2006-4689

Unspecified vulnerability in the driver for the Client Service for NetWare (CSNW) in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 up to SP1 allows remote attackers to cause a denial of service (hang and reboot) via has unknown attack vectors, aka "NetWare Driver Denial of Service Vulnerabili...

5CVSS6.6AI score0.62562EPSS
CVE
CVE
added 2007/04/04 4:19 p.m.48 views

CVE-2007-1211

Unspecified kernel GDI functions in Microsoft Windows 2000 SP4; XP SP2; and Server 2003 Gold, SP1, and SP2 allows user-assisted remote attackers to cause a denial of service (possibly persistent restart) via a crafted Windows Metafile (WMF) image that causes an invalid dereference of an offset in a...

7.1CVSS6.1AI score0.90524EPSS
CVE
CVE
added 2009/08/12 5:30 p.m.48 views

CVE-2009-1546

Integer overflow in Avifil32.dll in the Windows Media file handling functionality in Microsoft Windows allows remote attackers to execute arbitrary code on a Windows 2000 SP4 system via a crafted AVI file, or cause a denial of service on a Windows XP SP2 or SP3, Server 2003 SP2, Vista Gold, SP1, or...

8.5CVSS7.9AI score0.63266EPSS
CVE
CVE
added 2009/11/11 7:30 p.m.48 views

CVE-2009-1928

Stack consumption vulnerability in the LDAP service in Active Directory on Microsoft Windows 2000 SP4, Server 2003 SP2, and Server 2008 Gold and SP2; Active Directory Application Mode (ADAM) on Windows XP SP2 and SP3 and Server 2003 SP2; and Active Directory Lightweight Directory Service (AD LDS) o...

7.8CVSS6.4AI score0.68083EPSS
CVE
CVE
added 2009/12/13 1:30 a.m.48 views

CVE-2009-4309

Heap-based buffer overflow in the Intel Indeo41 codec for Windows Media Player in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to execute arbitrary code via a large size value in a movi record in an IV41 stream in a media file, as demonstrated by an AVI fi...

9.3CVSS7.9AI score0.27797EPSS
CVE
CVE
added 2010/02/10 6:30 p.m.48 views

CVE-2010-0023

The Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 does not properly kill processes after a logout, which allows local users to obtain sensitive information or gain privileges via a crafted application that continues to execute throughout...

6.9CVSS6.1AI score0.01728EPSS
CVE
CVE
added 2010/04/14 4:0 p.m.48 views

CVE-2010-0235

The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, and Vista Gold does not perform the expected validation before creating a symbolic link, which allows local users to cause a denial of service (reboot) via a crafted application, aka "Windows Kernel Symbolic Link Value Vulne...

4.7CVSS6AI score0.00887EPSS
CVE
CVE
added 2011/02/09 1:0 a.m.48 views

CVE-2011-0030

The Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly kill processes after a logout, which allows local users to obtain sensitive information or gain privileges via a crafted application that continues to execute throughout the logout...

4.7CVSS6.1AI score0.01728EPSS
CVE
CVE
added 2011/04/13 6:55 p.m.48 views

CVE-2011-0660

The SMB client in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote SMB servers to execute arbitrary code via a crafted (1) SMBv1 or (2) SMBv2 response, aka "SMB Client Respon...

9.3CVSS7.5AI score0.4891EPSS
CVE
CVE
added 2011/04/13 8:26 p.m.48 views

CVE-2011-1234

Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application th...

7.2CVSS6.4AI score0.00639EPSS
CVE
CVE
added 2011/04/13 8:26 p.m.48 views

CVE-2011-1239

Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application th...

7.2CVSS6.4AI score0.00623EPSS
Total number of security vulnerabilities405