Lucene search
K
Database
Vendors
Products
Timeline
Vulnerabilities
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
MicrosoftWindows 2003 Server*

230 matches found

CVE
CVEadded 2009/10/14 10:30 a.m.248 views

CVE-2009-2524

Integer underflow in the NTLM authentication feature in the Local Security Authority Subsystem Service (LSASS) in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows remote attackers to cause a deni...

7.8CVSS6.5AI score0.46383EPSS
CVE
CVEadded 2011/04/13 6:55 p.m.185 views

CVE-2011-0657

DNSAPI.dll in the DNS client in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly process DNS queries, which allows remote attackers to execute arbitrary code via (1) a cr...

9.8CVSS7.6AI score0.49697EPSS
CVE
CVEadded 2010/04/14 4:0 p.m.174 views

CVE-2010-0480

Multiple stack-based buffer overflows in the MPEG Layer-3 audio codecs in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allow remote attackers to execute arbitrary code via a crafted AVI file, aka "MPEG Layer-3 Audio Decoder Stac...

9.3CVSS7.5AI score0.81749EPSS
CVE
CVEadded 2009/07/29 5:30 p.m.173 views

CVE-2009-2493

The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold and SP1, and Visual C++ 2005 SP1 and 2008 Gold and SP1; and Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2; does not properly r...

9.3CVSS7.2AI score0.47797EPSS
CVE
CVEadded 2010/03/10 10:30 p.m.158 views

CVE-2010-0806

Use-after-free vulnerability in the Peer Objects component (aka iepeers.dll) in Microsoft Internet Explorer 6, 6 SP1, and 7 allows remote attackers to execute arbitrary code via vectors involving access to an invalid pointer after the deletion of an object, as exploited in the wild in March 2010, a...

9.3CVSS7.3AI score0.91165EPSS
CVE
CVEadded 2010/04/14 4:0 p.m.151 views

CVE-2010-0476

The SMB client in Microsoft Windows Server 2003 SP2, Vista Gold, SP1, and SP2, and Windows Server 2008 Gold and SP2 allows remote SMB servers and man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and reboot) via a crafted SMB transaction response ...

10CVSS7.7AI score0.49066EPSS
CVE
CVEadded 2011/10/12 2:52 a.m.144 views

CVE-2011-2003

Buffer overflow in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted .fon file, aka "Font Library ...

9.3CVSS7.6AI score0.70736EPSS
CVE
CVEadded 2012/07/10 9:55 p.m.135 views

CVE-2012-0175

The Shell in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted name for a (1) file or (2) directory, aka "Command Injection Vulnerability."

9.3CVSS7.8AI score0.47895EPSS
CVE
CVEadded 2009/10/14 10:30 a.m.133 views

CVE-2009-2528

GDI+ in Microsoft Office XP SP3 does not properly handle malformed objects in Office Art Property Tables, which allows remote attackers to execute arbitrary code via a crafted Office document that triggers memory corruption, aka "Memory Corruption Vulnerability."

9.3CVSS7.2AI score0.43234EPSS
CVE
CVEadded 2010/02/10 6:30 p.m.132 views

CVE-2010-0020

The SMB implementation in the Server service in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate request fields, which allows remote authenticated users to e...

9CVSS7.1AI score0.39978EPSS
CVE
CVEadded 2007/06/27 5:30 p.m.129 views

CVE-2006-7210

Microsoft Windows 2000, XP, and Server 2003 allows remote attackers to cause a denial of service (cpu consumption) via a PNG image with crafted (1) Width and (2) Height values in the IHDR block.

5CVSS6.8AI score0.3106EPSS
CVE
CVEadded 2010/02/10 6:30 p.m.123 views

CVE-2010-0231

The SMB implementation in the Server service in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not use a sufficient source of entropy, which allows remote attackers to obtain ac...

10CVSS9AI score0.51842EPSS
CVE
CVEadded 2010/12/16 7:33 p.m.122 views

CVE-2010-3956

The OpenType Font (OTF) driver in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly perform array indexing, which allows local users to gain privileges via a crafted OpenType font, aka "OpenTy...

9.3CVSS6.3AI score0.404EPSS
CVE
CVEadded 2015/07/14 10:59 p.m.120 views

CVE-2015-2370

The authentication implementation in the RPC subsystem in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not prevent DCE/RPC connection refl...

7.2CVSS6.5AI score0.17623EPSS
CVE
CVEadded 2009/10/14 10:30 a.m.119 views

CVE-2009-2500

Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office ...

9.3CVSS7.9AI score0.54154EPSS
CVE
CVEadded 2009/10/14 10:30 a.m.119 views

CVE-2009-3126

Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office ...

9.3CVSS9.7AI score0.48214EPSS
CVE
CVEadded 2010/08/11 6:47 p.m.113 views

CVE-2010-2550

The SMB Server in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate fields in an SMB request, which allows remote attackers to execute arbitrary code via a crafted SMB packet, aka "SM...

10CVSS9.3AI score0.81407EPSS
CVE
CVEadded 2009/10/14 10:30 a.m.108 views

CVE-2009-2507

A certain ActiveX control in the Indexing Service in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 does not properly process URLs, which allows remote attackers to execute arbitrary programs via unspecified vectors that cause a "vulnerable binary" to load and run, aka "Memory Corr...

9.3CVSS7.1AI score0.46104EPSS
CVE
CVEadded 2010/02/10 6:30 p.m.106 views

CVE-2010-0022

The SMB implementation in the Server service in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate the share and servername fields in SMB packets, which allows...

7.8CVSS6.3AI score0.79033EPSS
CVE
CVEadded 2009/10/14 10:30 a.m.105 views

CVE-2009-2501

Heap-based buffer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP...

9.3CVSS9.7AI score0.42403EPSS
CVE
CVEadded 2015/03/11 10:59 a.m.105 views

CVE-2015-0005

The NETLOGON service in Microsoft Windows Server 2003 SP2, Windows Server 2008 SP2 and R2 SP1, and Windows Server 2012 Gold and R2, when a Domain Controller is configured, allows remote attackers to spoof the computer name of a secure channel's endpoint, and obtain sensitive session information, by...

4.3CVSS6.3AI score0.01085EPSS
CVE
CVEadded 2010/02/10 6:30 p.m.99 views

CVE-2010-0021

Multiple race conditions in the SMB implementation in the Server service in Microsoft Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allow remote attackers to cause a denial of service (system hang) via a crafted (1) SMBv1 or (2) SMBv2 Negotiate packet, aka "...

7.1CVSS6.4AI score0.1244EPSS
CVE
CVEadded 2009/10/14 10:30 a.m.97 views

CVE-2009-2502

Buffer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office E...

9.3CVSS9.7AI score0.42434EPSS
CVE
CVEadded 2011/06/16 8:55 p.m.89 views

CVE-2011-1249

The Ancillary Function Driver (AFD) in afd.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly validate user-mode input, which allows local users to gain privileges v...

7.2CVSS6.3AI score0.22388EPSS
CVE
CVEadded 2009/10/14 10:30 a.m.88 views

CVE-2009-2510

The CryptoAPI component in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7, as used by Internet Explorer and other applications, does not properly handle a '\0' character in a domain ...

6.8CVSS5.8AI score0.17223EPSS
CVE
CVEadded 2007/07/10 10:30 p.m.86 views

CVE-2007-0040

The LDAP service in Windows Active Directory in Microsoft Windows 2000 Server SP4, Server 2003 SP1 and SP2, Server 2003 x64 Edition and SP2, and Server 2003 for Itanium-based Systems SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted LDAP request with an unspecified number ...

10CVSS7.3AI score0.60913EPSS
CVE
CVEadded 2010/08/11 6:47 p.m.86 views

CVE-2010-2566

The Secure Channel (aka SChannel) security package in Microsoft Windows XP SP2 and SP3, and Windows Server 2003 SP2, does not properly validate certificate request messages from TLS and SSL servers, which allows remote servers to execute arbitrary code via a crafted SSL response, aka "SChannel Malf...

9.3CVSS8.1AI score0.21883EPSS
CVE
CVEadded 2007/02/23 2:28 a.m.85 views

CVE-2007-0843

The ReadDirectoryChangesW API function on Microsoft Windows 2000, XP, Server 2003, and Vista does not check permissions for child objects, which allows local users to bypass permissions by opening a directory with LIST (READ) access and using ReadDirectoryChangesW to monitor changes of files that d...

4.6CVSS6.1AI score0.00418EPSS
CVE
CVEadded 2010/04/14 4:0 p.m.84 views

CVE-2010-0269

The SMB client in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly allocate memory for SMB responses, which allows remote SMB servers and man-in-the-middle attackers ...

10CVSS7.5AI score0.61275EPSS
CVE
CVEadded 2009/10/14 10:30 a.m.83 views

CVE-2009-2503

GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Windows Server 2003 SP2, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Of...

9.3CVSS9.6AI score0.41156EPSS
CVE
CVEadded 2011/04/13 6:55 p.m.82 views

CVE-2011-0661

The SMB Server service in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly validate fields in SMB requests, which allows remote attackers to execute arbitrary code via a ...

10CVSS7.6AI score0.63002EPSS
CVE
CVEadded 2009/10/14 10:30 a.m.81 views

CVE-2009-2504

Multiple integer overflows in unspecified APIs in GDI+ in Microsoft .NET Framework 1.1 SP1, .NET Framework 2.0 SP1 and SP2, Windows XP SP2 and SP3, Windows Server 2003 SP2, Vista Gold and SP1, Server 2008 Gold, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project...

9.3CVSS9.7AI score0.46054EPSS
CVE
CVEadded 2010/09/07 6:0 p.m.80 views

CVE-2010-2739

Buffer overflow in the CreateDIBPalette function in win32k.sys in Microsoft Windows XP SP3, Server 2003 R2 Enterprise SP2, Vista Business SP1, Windows 7, and Server 2008 SP2 allows local users to cause a denial of service (crash) and possibly execute arbitrary code by performing a clipboard operati...

7.2CVSS7.6AI score0.00927EPSS
CVE
CVEadded 2011/09/15 12:26 p.m.78 views

CVE-2011-1991

Multiple untrusted search path vulnerabilities in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allow local users to gain privileges via a Trojan horse DLL in the current working directory, as demons...

9.3CVSS6.6AI score0.40461EPSS
CVE
CVEadded 2015/07/14 10:59 p.m.78 views

CVE-2015-2371

The Windows Installer service in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a custom action script ...

6.9CVSS6.4AI score0.00995EPSS
CVE
CVEadded 2010/08/16 6:39 p.m.76 views

CVE-2010-1886

Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 SP2 and R2, and Windows 7 allow local users to gain privileges by leveraging access to a process with NetworkService credentials, as demonstrated by TAPI Server, SQL Server, and IIS processes, ...

6.8CVSS7.5AI score0.01342EPSS
CVE
CVEadded 2011/07/13 10:55 p.m.74 views

CVE-2011-1281

The Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly restrict the number of console objects for a p...

7.2CVSS6.5AI score0.00773EPSS
CVE
CVEadded 2009/11/11 7:30 p.m.73 views

CVE-2009-2514

win32k.sys in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 does not correctly parse font code during construction of a directory-entry table, which allows remote attackers to execute arbitrary code via a crafted Embedded OpenType (EOT) font, aka "Win32k EOT Parsing ...

9.3CVSS7.1AI score0.81818EPSS
CVE
CVEadded 2010/06/15 2:4 p.m.73 views

CVE-2010-1885

The MPC::HexToNum function in helpctr.exe in Microsoft Windows Help and Support Center in Windows XP and Windows Server 2003 does not properly handle malformed escape sequences, which allows remote attackers to bypass the trusted documents whitelist (fromHCP option) and execute arbitrary commands v...

9.3CVSS7.2AI score0.9147EPSS
CVE
CVEadded 2012/12/12 12:55 a.m.73 views

CVE-2012-2556

The OpenType Font (OTF) driver in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows remote attackers to execute arbitrary cod...

9.3CVSS7.5AI score0.43491EPSS
CVE
CVEadded 2015/07/14 10:59 p.m.73 views

CVE-2015-2365

win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a crafted appli...

7.2CVSS6.5AI score0.2157EPSS
CVE
CVEadded 2007/10/09 10:17 p.m.72 views

CVE-2007-2228

rpcrt4.dll (aka the RPC runtime library) in Microsoft Windows XP SP2, XP Professional x64 Edition, Server 2003 SP1 and SP2, Server 2003 x64 Edition and x64 Edition SP2, and Vista and Vista x64 Edition allows remote attackers to cause a denial of service (RPCSS service stop and system restart) via a...

7.8CVSS6.4AI score0.71221EPSS
CVE
CVEadded 2009/05/29 6:30 p.m.72 views

CVE-2009-1537

Unspecified vulnerability in the QuickTime Movie Parser Filter in quartz.dll in DirectShow in Microsoft DirectX 7.0 through 9.0c on Windows 2000 SP4, Windows XP SP2 and SP3, and Windows Server 2003 SP2 allows remote attackers to execute arbitrary code via a crafted QuickTime media file, as exploite...

9.3CVSS7.3AI score0.65797EPSS
CVE
CVEadded 2004/09/01 4:0 a.m.71 views

CVE-2003-0825

The Windows Internet Naming Service (WINS) for Microsoft Windows Server 2003, and possibly Windows NT and Server 2000, does not properly validate the length of certain packets, which allows attackers to cause a denial of service and possibly execute arbitrary code.

9.3CVSS7.2AI score0.46066EPSS
CVE
CVEadded 2010/08/11 6:47 p.m.71 views

CVE-2010-1895

The Windows kernel-mode drivers in win32k.sys in Microsoft Windows XP SP2 and SP3, and Windows Server 2003 SP2, do not properly perform memory allocation before copying user-mode data to kernel mode, which allows local users to gain privileges via a crafted application, aka "Win32k Pool Overflow Vu...

7.2CVSS6.2AI score0.01635EPSS
CVE
CVEadded 2011/03/09 11:0 p.m.70 views

CVE-2011-0029

Untrusted search path vulnerability in the client in Microsoft Remote Desktop Connection 5.2, 6.0, 6.1, and 7.0 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .rdp file, aka "Remote Desktop Insecure Libra...

9.3CVSS6.3AI score0.34048EPSS
CVE
CVEadded 2015/07/14 9:59 p.m.70 views

CVE-2015-2369

Untrusted search path vulnerability in Windows Media Device Manager in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a dire...

6.9CVSS7AI score0.08171EPSS
CVE
CVEadded 2009/04/15 8:0 a.m.69 views

CVE-2009-0087

Unspecified vulnerability in the Word 6 text converter in WordPad in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2; and the Word 6 text converter in Microsoft Office Word 2000 SP3 and 2002 SP3; allows remote attackers to execute arbitrary code via a crafted Word 6 file tha...

9.3CVSS7.5AI score0.64488EPSS
CVE
CVEadded 2015/07/14 10:59 p.m.69 views

CVE-2015-2363

win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application, aka "Win32k Eleva...

7.2CVSS6.5AI score0.01333EPSS
CVE
CVEadded 2010/01/22 10:0 p.m.68 views

CVE-2010-0027

The URL validation functionality in Microsoft Internet Explorer 5.01, 6, 6 SP1, 7 and 8, and the ShellExecute API function in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2, does not properly process input parameters, which allows remote attackers to execute arbitrary local programs via a cr...

9.3CVSS8.3AI score0.69488EPSS
Total number of security vulnerabilities230