Lucene search
K
MicrosoftWindows 2003 Server*

229 matches found

CVE
CVE
added 2009/10/14 10:0 a.m.268 views

CVE-2009-2524

CVE-2009-2524 refers to an Integer Overflow in LSASS during NTLM authentication in multiple Windows versions. A malformed NTLM packet can cause LSASS to crash and reboot the host, i.e., a denial-of-service condition. Affected software includes Windows XP SP2/SP3, Windows Server 2003 SP2, Windows ...

7.8CVSS6.5AI score0.28261EPSS
CVE
CVE
added 2011/04/13 6:0 p.m.234 views

CVE-2011-0657

CVE-2011-0657 affects the DNSAPI.dll DNS client in multiple Windows platforms (XP SP2/SP3, Server 2003 SP2, Vista SP1/SP2, Server 2008 Gold/SP2/R2, Windows 7 SP1). Root cause: improper processing of DNS queries by the DNS client, enabling remote attackers to run arbitrary code via (1) a crafted L...

9.8CVSS7.6AI score0.63335EPSS
CVE
CVE
added 2009/07/29 5:0 p.m.210 views

CVE-2009-2493

CVE-2009-2493 : Microsoft’s ATL vulnerability enables remote code execution when a user loads a specially crafted component/control hosted on a malicious page. The issue is described in MS09-037 (ATL vulnerabilities) and is addressed by Microsoft security bulletin updates; affected products inclu...

9.3CVSS7.2AI score0.43389EPSS
CVE
CVE
added 2010/04/14 3:44 p.m.210 views

CVE-2010-0480

CVE-2010-0480 is a remote code execution vulnerability in Microsoft MPEG Layer-3 codecs. The issue arises from multiple stack-based buffer overflows in the MPEG Layer-3 audio decoders (l3codecx.ax and related ACM codecs) when processing crafted AVI files, affecting Windows 2000 SP4, XP SP2/SP3, S...

9.3CVSS7.5AI score0.67888EPSS
Web
CVE
CVE
added 2010/04/14 3:44 p.m.167 views

CVE-2010-0476

CVE-2010-0476 is a remote code-execution vulnerability in the Microsoft SMB client. The issue occurs when the SMB client implementation on Windows platforms (including Windows Server 2003 SP2, Windows Vista SP1/SP2, and Windows Server 2008 SP2) improperly parses or handles certain crafted SMB res...

10CVSS7.7AI score0.3433EPSS
CVE
CVE
added 2009/10/14 10:0 a.m.157 views

CVE-2009-2500

This CVE corresponds to MS09-062: GDI+ WMF Integer Overflow Vulnerability. Affected are Microsoft GDI+ image-processing paths used by WMF, PNG, TIFF, BMP handling across Windows components and Office/Viewer products (e.g., IE6, Office suites, Visio, Project, SQL/Report Viewer, Forefront Client Se...

9.3CVSS7.9AI score0.23647EPSS
CVE
CVE
added 2009/10/14 10:0 a.m.156 views

CVE-2009-2528

CVE-2009-2528 is a memory corruption vulnerability in GDI+ used by Microsoft Office XP/2000 when parsing Office Art Property Tables. A crafted Office document can trigger remote code execution. Microsoft Security Bulletin MS09-062 (KB957488) provides patches; apply the MS09-062 updates to remedia...

9.3CVSS7.2AI score0.20452EPSS
CVE
CVE
added 2011/10/12 1:0 a.m.156 views

CVE-2011-2003

CVE-2011-2003 : A buffer overflow in win32k.sys used by kernel-mode drivers across multiple Windows versions (XP SP2/SP3, Server 2003 SP2, Vista SP2, Server 2008 SP2/R2, Windows 7 RTM/SP1) can be triggered by a crafted .fon file. The vulnerability arises from an input validation error when the ke...

9.3CVSS7.6AI score0.27772EPSS
CVE
CVE
added 2010/02/10 6:0 p.m.151 views

CVE-2010-0231

CVE-2010-0231 involves the SMB server’s NTLM authentication on Windows 2000/XP/2003/Vista/Server 2008/7 where insufficient entropy in server-generated challenges (duplicate NTLM nonces) allows remote attackers to access files and SMB resources after many authentication requests. Root cause: weak ...

10CVSS9AI score0.41262EPSS
CVE
CVE
added 2012/07/10 9:0 p.m.150 views

CVE-2012-0175

CVE-2012-0175 corresponds to a Windows Shell remote code execution vulnerability caused by how Windows handles specially crafted file or directory names. The issue affects multiple Windows editions, including Windows XP SP2/SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2/...

9.3CVSS7.8AI score0.2621EPSS
CVE
CVE
added 2010/02/10 6:0 p.m.147 views

CVE-2010-0020

CVE-2010-0020 concerns a flaw in the SMB server implementation of Windows: the Server service fails to validate request fields, enabling a remote authenticated user to execute arbitrary code via a malformed SMB request. Affected platforms include Windows 2000 SP4, XP SP2/SP3, Server 2003 SP2, Vis...

9CVSS7.1AI score0.32032EPSS
CVE
CVE
added 2015/03/11 10:0 a.m.147 views

CVE-2015-0005

CVE-2015-0005 (NETLOGON Spoofing Vulnerability) affects Windows as a domain controller feature: the NETLOGON service on Windows Server 2003 SP2, 2008 SP2 and R2 SP1, and Windows Server 2012 Gold/R2, when configured as a Domain Controller, can be abused by remote attackers to spoof the computer na...

4.3CVSS6.3AI score0.18171EPSS
CVE
CVE
added 2009/10/14 10:0 a.m.145 views

CVE-2009-3126

CVE-2009-3126 corresponds to the GDI+ PNG Integer Overflow vulnerability described in MS09-062. The issue arises from an integer overflow in GDI+ when processing PNG images, which could allow remote code execution if a user opens a specially crafted image. The vulnerability affects a wide range o...

9.3CVSS9.7AI score0.23461EPSS
CVE
CVE
added 2015/07/14 10:0 p.m.144 views

CVE-2015-2370

CVE-2015-2370 involves an elevation-of-privilege flaw in Windows RPC/DCOM: the DCE/RPC reflection enables a local attacker to gain privileges via a crafted OBJREF, allowing a local user to trigger RPC auth relaying. Affected products span Windows Server 2003 SP2/R2 SP2, Vista SP2, Server 2008 SP2...

7.2CVSS6.5AI score0.04417EPSS
CVE
CVE
added 2007/06/27 5:0 p.m.142 views

CVE-2006-7210

The CVE-2006-7210 entry relates to Microsoft Windows 2000, XP, and Server 2003 where remote attackers can trigger a DoS (CPU consumption) by viewing a crafted PNG image that abuses the IHDR block (specifics: crafted Width and Height values). The vulnerability affects the PNG image handling path i...

5CVSS6.8AI score0.28358EPSS
CVE
CVE
added 2010/08/11 6:0 p.m.139 views

CVE-2010-2550

CVE-2010-2550 affects the SMB Server in multiple Windows versions (XP SP2/SP3, Server 2003 SP2, Vista SP1/SP2, Server 2008 SP2/R2, Windows 7). The root cause is improper validation of fields in an SMB request, allowing remote code execution via a crafted SMB packet (aka “SMB Pool Overflow Vulnera...

10CVSS9.3AI score0.7572EPSS
CVE
CVE
added 2010/12/16 7:0 p.m.139 views

CVE-2010-3956

CVE-2010-3956 concerns the OpenType Font (OTF) driver in multiple Windows platforms (XP SP2/SP3, Server 2003 SP2, Vista SP1/SP2, Server 2008 Gold/SP2/R2, and Windows 7). The vulnerability arises from an error in indexing an array when parsing OpenType fonts, enabling a local privilege escalation....

9.3CVSS6.3AI score0.08274EPSS
CVE
CVE
added 2009/10/14 10:0 a.m.132 views

CVE-2009-2507

CVE-2009-2507 describes a remote code execution via an ActiveX control in the Microsoft Windows Indexing Service. The vulnerability arises because the Indexing Service ActiveX component does not properly handle specially crafted URLs, enabling a remote attacker to load/execute arbitrary code on a...

9.3CVSS7.1AI score0.19291EPSS
CVE
CVE
added 2009/10/14 10:0 a.m.127 views

CVE-2009-2501

CVE-2009-2501 describes a heap-based buffer overflow in Microsoft GDI+ when processing PNG images, enabling remote code execution via crafted PNGs. Affected software/contexts include Internet Explorer 6 SP1 on Windows XP (SP2/SP3) and various Microsoft Office components and viewers that rely on G...

9.3CVSS9.7AI score0.26824EPSS
CVE
CVE
added 2010/02/10 6:0 p.m.124 views

CVE-2010-0022

CVE-2010-0022 is part of the SMB server NTLM vulnerabilities addressed by Microsoft MS10-012. The XP/2000/2003/Vista/2008/7 SMB server implementation fails to properly validate shared/servername fields in SMB packets, allowing remote attackers to cause a denial of service (system hang) via a craf...

7.8CVSS6.3AI score0.79499EPSS
CVE
CVE
added 2011/06/16 8:21 p.m.122 views

CVE-2011-1249

CVE-2011-1249 concerns the Ancillary Function Driver (afd.sys) in Windows, where local input validation flaws allow privilege escalation. Affected OSes include Windows XP SP2/SP3, Server 2003 SP2, Windows Vista SP1/SP2, Server 2008 (Gold/SP2/R2), and Windows 7 (Gold/SP1). The vulnerability stems ...

7.2CVSS6.3AI score0.08488EPSS
CVE
CVE
added 2010/02/10 6:0 p.m.120 views

CVE-2010-0021

CVE-2010-0021 is part of the MS10-012 set of SMB server vulnerabilities affecting Windows Vista/Windows Server 2008/Windows 7 and related Server roles. The issue arises from race conditions in the SMB Server service during Negotiate handling (SMBv1/v2), allowing remote attackers to trigger a deni...

7.1CVSS6.4AI score0.14385EPSS
CVE
CVE
added 2009/10/14 10:0 a.m.117 views

CVE-2009-2502

CVE-2009-2502 is a GDI+ TIFF buffer overflow vulnerability that could allow remote code execution when processing a specially crafted TIFF image. The vulnerability affects multiple Microsoft products enabled via Internet Explorer 6 SP1, various Windows and Office suites, Viewer components, and re...

9.3CVSS9.7AI score0.22025EPSS
CVE
CVE
added 2009/10/14 10:0 a.m.113 views

CVE-2009-2510

Technical details for CVE-2009-2510 are not publicly provided in the connected documents. Please monitor for updates.

6.8CVSS5.8AI score0.05321EPSS
CVE
CVE
added 2009/05/29 6:0 p.m.109 views

CVE-2009-1537

Summary of CVE-2009-1537 (DirectShow QuickTime parsing): A remote code execution vulnerability exists in the DirectShow QuickTime Movie Parser Filter (quartz.dll) within DirectX, affecting Windows 2000 SP4, XP SP2/SP3, and Server 2003 SP2, and potentially DirectX 7.0–9.0c. Exploitation requires a...

9.3CVSS7.3AI score0.50926EPSS
In wild
CVE
CVE
added 2007/02/23 12:0 a.m.107 views

CVE-2007-0843

CVE-2007-0843 concerns the ReadDirectoryChangesW API on Windows 2000/XP/2003/Vista. The vulnerability arises because ReadDirectoryChangesW does not check the caller’s permissions for child directories, allowing a user with LIST access to a parent folder to monitor and infer information about file...

4.6CVSS6.1AI score0.0361EPSS
CVE
CVE
added 2011/04/13 6:0 p.m.105 views

CVE-2011-0661

CVE-2011-0661 describes a remote code execution vulnerability in the Windows SMB Server service. The root cause is improper validation of fields in SMB requests by the SMB Server, allowing an unauthenticated remote attacker to execute arbitrary code via a malformed SMBv1 or SMBv2 packet. Affected...

10CVSS7.6AI score0.45497EPSS
CVE
CVE
added 2009/10/14 10:0 a.m.104 views

CVE-2009-2504

CVE-2009-2504 corresponds to MS09-062: multiple remote code execution vulnerabilities in Windows GDI+ exposed via GDI+ APIs used by .NET Framework and Office components. The issue stems from integer overflows/buffer handling in GDI+, enabling remote code execution when rendering crafted images in...

9.3CVSS9.7AI score0.20982EPSS
CVE
CVE
added 2009/10/14 10:0 a.m.102 views

CVE-2009-2503

CVE-2009-2503 is a GDI+ memory corruption vulnerability in Microsoft components that can be triggered by a crafted TIFF image file, enabling remote code execution. The weakness resides in how GDI+ allocates memory when processing TIFFs, affecting a wide range of Windows and Office products listed...

9.3CVSS9.6AI score0.22205EPSS
CVE
CVE
added 2007/07/10 10:0 p.m.99 views

CVE-2007-0040

CVE-2007-0040 affects Microsoft Windows Active Directory’s LDAP service (Windows 2000 Server SP4, Windows Server 2003 SP1/SP2, x64, Itanium variants). The issue is an LDAP request handling flaw related to the number of convertible attributes, enabling remote attackers to crash the service or exec...

10CVSS7.3AI score0.3917EPSS
CVE
CVE
added 2010/04/14 3:44 p.m.99 views

CVE-2010-0269

CVE-2010-0269 is a remote code execution vulnerability in the Microsoft SMB client. The issue arises from improper memory allocation when parsing specially crafted SMB responses, enabling an unauthenticated attacker to execute arbitrary code on a vulnerable system by sending a crafted SMB respons...

10CVSS7.5AI score0.28401EPSS
CVE
CVE
added 2010/08/11 6:0 p.m.99 views

CVE-2010-2566

The CVE-2010-2566 issue is a remote code execution vulnerability in Microsoft Windows SChannel (TLS/SSL) where the SChannel security package fails to properly validate certificate request messages from TLS/SSL servers. This affects Windows XP SP2/SP3 and Windows Server 2003 SP2. An attacker could...

9.3CVSS8.1AI score0.15355EPSS
CVE
CVE
added 2010/06/14 6:0 p.m.98 views

CVE-2010-1885

The CVE-2010-1885 entry concerns the Windows Help and Support Center (HelpCtr) in Windows XP and Windows Server 2003. The vulnerability stems from the MPC::HexToNum function in helpctr.exe failing to properly handle malformed escape sequences, allowing a crafted hcp:// URL to bypass the trusted d...

9.3CVSS7.2AI score0.75458EPSS
Web
CVE
CVE
added 2011/07/13 10:0 p.m.95 views

CVE-2011-1281

CVE-2011-1281 affects the Client/Server Run-time Subsystem (CSRSS) in the Win32 subsystem across multiple Windows versions: Windows XP SP2/SP3, Windows Server 2003 SP2, Windows Vista SP1/SP2, Windows Server 2008 Gold/SP2/R2 and Windows 7 Gold/SP1. The issue stems from AllocConsole() handling when...

7.2CVSS6.5AI score0.02116EPSS
CVE
CVE
added 2012/12/12 12:0 a.m.95 views

CVE-2012-2556

CVE-2012-2556 : OpenType Font (OTF) parsing vulnerability in Windows kernel‑mode drivers allows remote code execution via a crafted font file. Affected: Windows XP SP2/SP3, Server 2003 SP2, Vista SP2, Server 2008 SP2/R2, Windows 7 SP1, Windows 8, Server 2012, Windows RT. Root cause: improper hand...

9.3CVSS7.5AI score0.20766EPSS
CVE
CVE
added 2009/11/11 7:0 p.m.94 views

CVE-2009-2514

CVE-2009-2514 is a Win32k.sys remote code execution vulnerability in the embedded OpenType (EOT) font parsing path. The kernel component on Windows 2000 SP4, XP SP2/SP3, and Server 2003 SP2 parses EOT fonts and can be coerced by a crafted font to execute arbitrary code with kernel privileges. The...

9.3CVSS7.1AI score0.47489EPSS
CVE
CVE
added 2015/07/14 10:0 p.m.94 views

CVE-2015-2371

CVE-2015-2371 corresponds to a Windows Installer Service elevation-of-privilege issue. A local attacker can escalate privileges by abusing a custom action script within an MSI package, affecting multiple Windows editions (Server 2003 SP2/R2 SP2, Vista SP2, Server 2008 SP2/R2 SP1, Windows 7 SP1, W...

6.9CVSS6.4AI score0.01652EPSS
CVE
CVE
added 2010/09/07 5:0 p.m.93 views

CVE-2010-2739

The CVE-2010-2739 issue is a buffer overflow in the Windows win32k.sys CreateDIBPalette() function. A crafted bitmap with a very large color palette, used via GetClipboardData, can crash the system and may allow arbitrary code execution locally on affected Windows versions: XP SP3, Server 2003 R2...

7.2CVSS7.6AI score0.03745EPSS
CVE
CVE
added 2011/09/15 10:0 a.m.93 views

CVE-2011-1991

CVE-2011-1991 describes multiple untrusted search path vulnerabilities in Windows components that allow local privilege elevation via Trojan horse DLLs loaded from the current working directory. Affected products include Windows XP SP2/ SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Ser...

9.3CVSS6.6AI score0.12123EPSS
CVE
CVE
added 2015/07/14 9:0 p.m.93 views

CVE-2015-2369

CVE-2015-2369 describes an untrusted search path vulnerability in Windows Media Device Manager that allows local privilege escalation by placing a malicious DLL in the current directory, demonstrated via a crafted .RTF file. Affected OS versions include Windows Server 2003 SP2, Windows Vista SP2,...

6.9CVSS7AI score0.10307EPSS
CVE
CVE
added 2010/08/16 6:25 p.m.91 views

CVE-2010-1886

CVE-2010-1886 represents a local privilege-escalation issue in Windows where an attacker with access to a process running under the NetworkService account can gain LocalSystem privileges via the Windows Service Isolation mechanism. Documented vectors involve the TAPI Server and other services suc...

6.8CVSS7.5AI score0.01407EPSS
CVE
CVE
added 2010/08/11 6:0 p.m.91 views

CVE-2010-1895

CVE-2010-1895 affects Windows kernel-mode driver win32k.sys on Windows XP SP2/SP3 and Windows Server 2003 SP2. The root cause is improper memory allocation when copying data from user mode to kernel mode, enabling local privilege escalation via a crafted application. Microsoft released patch MS10...

7.2CVSS6.2AI score0.01591EPSS
CVE
CVE
added 2015/07/14 10:0 p.m.90 views

CVE-2015-2365

CVE-2015-2365 affects the Windows kernel component Win32k.sys (kernel-mode driver). A local attacker can gain privileges via a crafted application, leading to privilege escalation on multiple Windows platforms (Server 2003 SP2/R2 SP2, Vista SP2, Server 2008 SP2/R2, 7 SP1, 8/8.1, Server 2012/R2, R...

7.2CVSS6.5AI score0.03723EPSS
CVE
CVE
added 2010/02/10 6:0 p.m.89 views

CVE-2010-0252

CVE-2010-0252 describes a remote code execution risk in the Microsoft Data Analyzer ActiveX control (max3activex.dll) used in Office/Excel components. A crafted web page can corrupt the system state and run arbitrary code with the caller’s privileges. Microsoft addressed this via MS10-034, which ...

9.3CVSS7.4AI score0.28762EPSS
CVE
CVE
added 2011/08/10 9:16 p.m.89 views

CVE-2011-1974

Affected software and root cause: The vulnerability CVE-2011-1974 affects the NDISTAPI.sys driver in the Remote Access Service (RAS) on Microsoft Windows XP SP2/SP3 and Windows Server 2003 SP2. It arises from improper validation of user-mode input by the NDISTAPI driver, which can be exploited to...

7.2CVSS6.4AI score0.06983EPSS
Web
CVE
CVE
added 2015/07/14 10:0 p.m.89 views

CVE-2015-2363

CVE-2015-2363 affects Windows kernel-mode graphics/driver component Win32k.sys, enabling local privilege escalation via a crafted application. Affected products include Windows Server 2003 SP2/R2 SP2, Windows Vista SP2, Windows Server 2008 SP2/R2 SP1, Windows 7 SP1, Windows 8/8.1, Windows Server ...

7.2CVSS6.5AI score0.01799EPSS
CVE
CVE
added 2007/10/09 10:0 p.m.88 views

CVE-2007-2228

The CVE-2007-2228 entry describes a denial-of-service flaw in the RPC runtime library rpcrt4.dll on Windows platforms (XP SP2, XP x64, Server 2003 SP1/SP2, Server 2003 x64, Vista and Vista x64). The vulnerability occurs when parsing RPC authentication messages with NTLMSSP and PACKET level, where...

7.8CVSS6.4AI score0.43303EPSS
CVE
CVE
added 2010/06/08 10:0 p.m.88 views

CVE-2010-0485

The CVE-2010-0485 issue affects Windows kernel-mode drivers in win32k.sys across multiple OS versions (Windows 2000 SP4, XP SP2/SP3, Server 2003 SP2, Vista SP1/SP2, Server 2008 Gold/SP2, Windows 7, Server 2008 R2). The vulnerability stems from improper validation of callback parameters when creat...

7.8CVSS6.7AI score0.01228EPSS
CVE
CVE
added 2009/04/15 3:49 a.m.87 views

CVE-2009-0087

CVE-2009-0087 is a remote-code-execution vulnerability in WordPad’s Word 6/text converters and Office Word’s Word 6 converter, caused by memory corruption while parsing crafted Word 6 documents. Affected products include WordPad Word 6 converter on Windows 2000 SP4, XP SP2/SP3, Server 2003; Word ...

9.3CVSS7.5AI score0.25892EPSS
CVE
CVE
added 2010/10/13 6:0 p.m.87 views

CVE-2010-2744

The CVE-2010-2744 flaw is a Win32k kernel-mode privilege-escalation issue in multiple Windows versions. A window-class handling bug lets local attackers gain privileges by creating a window and abusing SetWindowLongPtr to modify the popup menu structure or by abusing SwitchWndProc invoked via WM_...

7.2CVSS6.1AI score0.04275EPSS
Total number of security vulnerabilities229