Lucene search
K
MicrosoftWindows 2003 Server*

229 matches found

CVE
CVE
added 2009/04/15 3:49 a.m.87 views

CVE-2009-0087

CVE-2009-0087 is a remote-code-execution vulnerability in WordPad’s Word 6/text converters and Office Word’s Word 6 converter, caused by memory corruption while parsing crafted Word 6 documents. Affected products include WordPad Word 6 converter on Windows 2000 SP4, XP SP2/SP3, Server 2003; Word ...

9.3CVSS7.5AI score0.25892EPSS
CVE
CVE
added 2010/08/27 6:10 p.m.87 views

CVE-2010-3147

CVE-2010-3147 describes an untrusted search path vulnerability in Windows Address Book (wab.exe) where a Trojan horse wab32res.dll loaded from the current working directory can execute code. Affected: WAB/Windows Contacts components on Windows XP SP2/XP SP3, Server 2003 SP2, Vista SP1/SP2, Server...

9.3CVSS6.3AI score0.18675EPSS
CVE
CVE
added 2011/03/09 10:0 p.m.87 views

CVE-2011-0029

The CVE-2011-0029 issue affects the Microsoft Remote Desktop Connection client (versions 5.2, 6.0, 6.1, 7.0). It is a local privilege-escalation vulnerability caused by an untrusted search path: a Trojan DLL loaded from the current working directory when a directory contains a .rdp file. Impact i...

9.3CVSS6.3AI score0.0716EPSS
CVE
CVE
added 2011/04/13 6:0 p.m.87 views

CVE-2011-0034

The CVE-2011-0034 issue is a stack overflow in the OpenType Compact Font Format (CFF) driver (ATMFD.dll) in Microsoft Windows. It can be triggered by crafted OpenType fonts and allows remote attackers to execute arbitrary code on affected systems. Affected Windows versions include Windows XP SP2/...

9.3CVSS8AI score0.27925EPSS
CVE
CVE
added 2011/01/31 7:0 p.m.87 views

CVE-2011-0096

The CVE describes a vulnerability in the MHTML protocol handler where improper processing of MIME-formatted requests for content blocks can allow a remote attacker to trigger client-side effects in Internet Explorer. Connected advisories (MS11-026 and related OpenVAS/Nessus listings) frame this a...

6.1CVSS5.5AI score0.46819EPSS
CVE
CVE
added 2010/03/31 7:0 p.m.85 views

CVE-2010-0492

Microsoft Internet Explorer 8 contains a use-after-free in mstime.dll involving the CTimeAction object during TIME2 handling, causing memory corruption and remote code execution when a user visits a crafted page. The issue affects IE 8 and is officially addressed by Microsoft in MS10-018 (Cumulat...

9.3CVSS7.5AI score0.27523EPSS
CVE
CVE
added 2011/07/13 11:0 p.m.84 views

CVE-2011-1282

CVE-2011-1282 affects the Windows Client/Server Run-time Subsystem (CSRSS) in the Win32 subsystem, where improper memory initialization leads to a NULL pointer in SrvSetConsoleLocalEUDC. This allows local users to gain privileges or cause memory corruption. Affected products include Windows XP (S...

8.4CVSS6.6AI score0.01553EPSS
CVE
CVE
added 2008/01/08 8:0 p.m.83 views

CVE-2007-0069

CVE-2007-0069 describes a remote code execution and denial-of-service risk in the Windows kernel’s TCP/IP stack due to improper handling of IGMPv3 and MLDv2 state. Affected are Windows XP SP2, Server 2003, and Vista; exploitation requires specially crafted IGMPv3/MLDv2 packets that can trigger me...

9.3CVSS7.3AI score0.49205EPSS
CVE
CVE
added 2009/06/10 5:37 p.m.83 views

CVE-2009-0568

The CVE-2009-0568 issue affects the Windows RPC runtime (RPC Marshalling Engine/NDR) across Windows 2000 SP4, XP SP2/SP3, Server 2003 SP2, Vista SP1/SP2, and Server 2008 SP2. The root cause is the RPC Marshalling Engine failing to update its internal state, permitting a crafted RPC message to rea...

10CVSS6.6AI score0.32387EPSS
CVE
CVE
added 2010/01/22 9:20 p.m.83 views

CVE-2010-0027

CVE-2010-0027 documents a vulnerability in URL validation in Internet Explorer (IE 5.01, 6, 6 SP1, 7, 8) and in the ShellExecute API on Windows 2000 SP4, XP SP2/SP3, and Server 2003 SP2, where input parameters in crafted URLs could allow remote code execution by an attacker. The connected MSKB en...

9.3CVSS8.3AI score0.33985EPSS
CVE
CVE
added 2010/04/14 3:44 p.m.83 views

CVE-2010-0487

CVE-2010-0487 describes a remote code execution vulnerability in Windows Cabinet File Viewer (cabview.dll) where the Authenticode signature verification omits certain fields from the digest for cabinet files. Affected: Cabinet File Viewer Shell Extension (cabview.dll) versions 5.1, 6.0, 6.1 on Wi...

9.3CVSS7.6AI score0.24216EPSS
CVE
CVE
added 2010/06/14 6:0 p.m.83 views

CVE-2010-2265

CVE-2010-2265 is an XSS in the GetServerName function of sysinfo/commonFunc.js within Windows Help and Support Center on Windows XP and Windows Server 2003, exploitable via svr in sysinfo/sysinfomain.htm. It is paired with CVE-2010-1885, which covers HCP URL handling and can enable command execut...

4.3CVSS6.1AI score0.2099EPSS
CVE
CVE
added 2010/10/13 6:0 p.m.83 views

CVE-2010-2746

CVE-2010-2746 describes a heap-based buffer overflow in the Windows common controls library, Comctl32.dll, triggered when processing messages from a third-party SVG viewer. A remote code execution risk exists on affected Windows releases (XP SP3, Server 2003 SP2, Vista SP1/SP2, Server 2008, and W...

7.6CVSS7.8AI score0.36238EPSS
CVE
CVE
added 2011/02/16 12:0 a.m.83 views

CVE-2011-0654

CVE-2011-0654 describes an integer underflow in BowserWriteErrorLogEntry within the CIFS browser service (Mrxsmb.sys/bowser.sys) used by Active Directory; a malformed BROWSER ELECTION message can trigger a heap-based buffer overflow. Affected products include Windows XP SP2/SP3, Windows Server 20...

10CVSS7.8AI score0.68084EPSS
CVE
CVE
added 2011/08/10 9:16 p.m.83 views

CVE-2011-1967

CVE-2011-1967 affects the Windows Client/Server Run-time Subsystem (CSRSS) via the Winsrv.dll component. The root cause is improper permission checks when a lower‑integrity process sends inter‑process device‑event messages to a higher‑integrity CSRSS, enabling local privilege escalation. Affected...

7.2CVSS6.4AI score0.01707EPSS
CVE
CVE
added 2015/03/11 10:0 a.m.83 views

CVE-2015-0075

CVE-2015-0075 is scoped to Windows kernel privilege escalation via improper handling of impersonation levels. Affects Windows XP-era server/desktop SKUs listed in the CVE description (Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1). Root cause: i...

7.2CVSS6.3AI score0.01636EPSS
CVE
CVE
added 2015/07/14 9:0 p.m.83 views

CVE-2015-2374

CVE-2015-2374 affects the Netlogon service in multiple Windows Server editions (2003 SP2/R2 SP2, 2008 SP2/R2 SP1, 2012) where improper domain-controller communication can let an attacker disclose credentials by forging a BDC with PDC access in a PDC channel, enabling privilege escalation. Root ca...

3.3CVSS6.6AI score0.04969EPSS
CVE
CVE
added 2007/11/20 12:0 a.m.82 views

CVE-2007-6026

CVE-2007-6026 covers a stack-based buffer overflow in the Microsoft Jet Database Engine (msjet40.dll, 4.0.8618.0) used by Access 2003 in Office 2003 SP3. The vulnerability arises when parsing MDB files with a crafted column structure, allowing a user-assisted attacker to execute arbitrary code. T...

9.3CVSS7.3AI score0.28268EPSS
CVE
CVE
added 2010/01/13 7:0 p.m.82 views

CVE-2010-0018

CVE-2010-0018 is an integer overflow in the Windows Embedded OpenType (EOT) Font Engine (t2embed.dll) that could allow remote code execution via specially crafted EOT fonts. The issue occurs when decompressing EOT fonts and affects multiple Windows platforms (including Windows 2000 SP4, XP SP2/SP...

9.3CVSS7.7AI score0.26523EPSS
CVE
CVE
added 2010/03/31 7:0 p.m.82 views

CVE-2010-0267

CVE-2010-0267 affects Microsoft Internet Explorer 6/6 SP1/7. The issue is remote code execution due to improper handling of memory objects (uninitialized or deleted), causing memory corruption. Multiple connected advisories confirm exploitation vectors via malicious web pages and the potential fo...

9.3CVSS7.6AI score0.34408EPSS
CVE
CVE
added 2010/05/05 6:0 p.m.82 views

CVE-2010-1734

The CVE-2010-1734 entry concerns Microsoft Windows kernel component win32k.sys. The vulnerability is in the SfnINSTRING function within the kernel, affecting Windows 2000, XP, and Server 2003. It enables local users to cause a denial of service (system crash) by sending a 0x18d value in the Msg a...

4.9CVSS6.3AI score0.02658EPSS
CVE
CVE
added 2013/09/11 10:0 a.m.82 views

CVE-2013-3864

Technical details for CVE-2013-3864 are not publicly available in the provided connected documents. Monitor for updates from official advisories; the supplied references include NVD entries for related CVEs but no new specifics about this CVE.

7.2CVSS6.2AI score0.01654EPSS
CVE
CVE
added 2007/11/14 1:0 a.m.81 views

CVE-2007-3898

The CVE-2007-3898 issue affects the DNS server in Microsoft Windows 2000 Server SP4 and Windows Server 2003 SP1/SP2. The underlying problem is the use of predictable DNS transaction IDs when the server queries other DNS servers, which enables remote spoofing of DNS replies and can lead to DNS cac...

6.4CVSS6.3AI score0.55127EPSS
CVE
CVE
added 2010/04/14 3:44 p.m.81 views

CVE-2010-0234

The CVE-2010-0234 entry concerns a Windows kernel denial-of-service vulnerability caused by insufficient validation of a registry-key argument passed to a kernel system call. The issue affects Windows 2000 SP4, XP SP2/SP3, Server 2003 SP2, Vista (Gold, SP1, SP2), and Server 2008 (Gold, SP2). Expl...

4.7CVSS6AI score0.01932EPSS
CVE
CVE
added 2010/08/11 6:0 p.m.81 views

CVE-2010-1887

CVE-2010-1887 affects the Windows kernel‑mode driver win32k.sys and is triggered by improper validation of a system call argument, causing a denial of service (system hang) on XP SP2/3, Server 2003 SP2, Vista SP1/SP2, Server 2008 (Gold/SP2/R2), and Windows 7. Connected documents also describe rel...

4.4CVSS6.1AI score0.0196EPSS
CVE
CVE
added 2010/12/16 7:0 p.m.81 views

CVE-2010-3941

Summary (CVE-2010-3941) : A local privilege-escalation in Windows is caused by a double-free in the kernel-mode driver win32k.sys. Affects multiple Windows editions: XP SP2/SP3, Server 2003 SP2, Vista SP1/SP2, Server 2008 Gold/SP2, and Windows 7. The flaw enables local users to gain full privileg...

8.4CVSS6.3AI score0.0136EPSS
CVE
CVE
added 2012/06/12 10:0 p.m.81 views

CVE-2012-1864

CVE-2012-1864/1865 affect Windows kernel-mode, specifically win32k.sys, across multiple XP/2003/Vista/2008/7 builds. The root cause is improper handling of user-mode input passed to kernel-mode driver objects, enabling local privilege escalation. The linked documents confirm two CVEs (1864/1865) ...

7.2CVSS6.2AI score0.01577EPSS
CVE
CVE
added 2010/12/16 7:0 p.m.80 views

CVE-2010-3939

CVE-2010-3939 describes a local privilege-escalation vulnerability in the Windows kernel via the win32k.sys driver. Affected products include Windows XP (SP2/SP3), Windows Server 2003 (SP2), Windows Vista (SP1/SP2), Windows Server 2008 (Gold, SP2, and R2), and Windows 7. The root cause is imprope...

7.2CVSS6.8AI score0.01938EPSS
CVE
CVE
added 2011/01/20 6:0 p.m.80 views

CVE-2010-4701

The CVE-2010-4701 entry describes a heap-based buffer overflow in the CDrawPoly::Serialize function of fxscover.exe, part of Windows Fax Services Cover Page Editor, affecting Windows XP SP3, Windows Server 2003 R2, and Windows 7. An attacker could trigger arbitrary code execution by processing a ...

7.6CVSS7.9AI score0.47832EPSS
CVE
CVE
added 2010/03/31 7:0 p.m.79 views

CVE-2010-0488

CVE-2010-0488 relates to an information-disclosure vulnerability in Microsoft Internet Explorer (versions 5.01 SP4, 6, 6 SP1, 7) caused by improper handling of certain encoding strings. The root cause is an issue in how IE processes content with specific encoding strings, allowing a crafted web p...

6.5CVSS5.9AI score0.29229EPSS
CVE
CVE
added 2010/12/16 7:0 p.m.79 views

CVE-2010-3963

CVE-2010-3963 affects the Windows kernel’s Routing and Remote Access NDProxy driver, notably on Windows XP (SP2/SP3) and Server 2003 SP2. The vulnerability originates from improper validation/copying of data from user mode into the kernel, enabling a local attacker to trigger a kernel-mode privil...

7.2CVSS6.7AI score0.01858EPSS
CVE
CVE
added 2015/07/14 10:0 p.m.79 views

CVE-2015-2367

CVE-2015-2367 affects Windows kernel-mode driver Win32k.sys across multiple Windows versions (Server 2003 SP2/R2 SP2, Vista SP2, Server 2008 SP2/R2 SP1, Windows 7 SP1, 8/8.1, Server 2012/2012 R2, Windows RT 8.1). Root cause is an information-disclosure in uninitialized kernel memory via a crafted...

2.1CVSS5.3AI score0.03133EPSS
CVE
CVE
added 2008/12/10 1:33 p.m.78 views

CVE-2008-2249

The CVE-2008-2249 issue affects multiple Windows client/server editions (2000 SP4, XP SP2/SP3, Server 2003 SP1/SP2, Vista SP1, Server 2008) in the Windows GDI subsystem. It is caused by an integer/buffer overflow in the GDI rendering path when processing a malformed WMF header, leading to remote ...

9.3CVSS7.8AI score0.31122EPSS
CVE
CVE
added 2010/06/08 8:0 p.m.78 views

CVE-2010-0819

CVE-2010-0819: Elevation of privilege in the Windows OpenType Compact Font Format (CFF) Driver due to improper validation when copying data from user mode to kernel mode. Affected: Windows 2000 SP4, XP SP2/SP3, Server 2003 SP2, Vista SP1/SP2, Server 2008 SP2/R2, and Windows 7. Local attacker with...

7.2CVSS7.1AI score0.02081EPSS
CVE
CVE
added 2010/10/13 6:0 p.m.78 views

CVE-2010-1883

CVE-2010-1883 describes an integer overflow in the Microsoft Windows Embedded OpenType (EOT) Font Engine that could allow remote code execution. The vulnerability occurs when parsing certain tables in embedded fonts (notably during handling of the hdmx records) and affects multiple Windows produc...

9.3CVSS7.7AI score0.23344EPSS
CVE
CVE
added 2011/01/20 8:0 p.m.78 views

CVE-2010-2743

The CVE-2010-2743 issue affects Windows XP SP3 kernel-mode components, specifically the Win32k NtUserLoadKeyboardLayoutEx path, where indexing of a function-pointer table during loading of keyboard layouts from disk allows a local user to escalate privileges. The underlying cause is improper hand...

7.2CVSS6.1AI score0.14849EPSS
CVE
CVE
added 2011/09/15 10:0 a.m.78 views

CVE-2011-1984

CVE-2011-1984 affects the Windows WINS service on Windows Server 2003 SP2 and Windows Server 2008 SP2, R2, and R2 SP1. The vulnerability arises from how WINS processes loopback-interface traffic, allowing local attackers to elevate privileges by sending specially crafted packets. Impact is local ...

7.2CVSS6.4AI score0.07841EPSS
CVE
CVE
added 2011/10/12 1:0 a.m.78 views

CVE-2011-1985

CVE-2011-1985 affects the Windows kernel-mode driver win32k.sys. The issue arises from improper validation of user-mode input in Win32k, enabling local users to gain privileges or cause a denial of service via a crafted application, leading to a NULL pointer dereference and system crash. Affected...

7.2CVSS6.4AI score0.02386EPSS
CVE
CVE
added 2015/07/14 10:0 p.m.78 views

CVE-2015-2364

CVE-2015-2364 concerns a privilege-escalation in the Windows Graphics Component caused by incorrect bitmap conversion. A local attacker can exploit this via a crafted application to gain elevated privileges. Affected products include Windows Server 2003 SP2/R2 SP2, Windows Vista SP2, Windows Serv...

7.2CVSS6.3AI score0.01674EPSS
CVE
CVE
added 2007/08/14 9:0 p.m.77 views

CVE-2007-3034

Summary: CVE-2007-3034 is a remote code execution vulnerability in Microsoft Windows GDI. An integer overflow in the AttemptWrite function while processing Windows Metafiles (WMF) can cause a heap-based overflow when handling unusually large record lengths. A remote attacker could craft a WMF to ...

9.3CVSS7.7AI score0.54749EPSS
CVE
CVE
added 2008/08/13 12:0 a.m.77 views

CVE-2008-2245

CVE-2008-2245 affects Microsoft Windows Image Color Management System (ICM) via a heap-based overflow in mscms.dll (InternalOpenColorProfile). The vulnerability, in the ICCM/ICM component, allows remote code execution when a crafted image file is opened. Affected systems include Windows 2000 SP4,...

9.3CVSS7.5AI score0.46142EPSS
CVE
CVE
added 2009/06/01 7:0 p.m.77 views

CVE-2008-6819

The provided data identifies CVE-2008-6819 as related to win32k.sys in Microsoft Windows Server 2003 and Windows Vista, enabling local users to cause a denial of service (system crash) through vectors tied to CreateWindow, TranslateMessage, and DispatchMessage, potentially via a race condition be...

4.7CVSS6AI score0.013EPSS
CVE
CVE
added 2010/03/31 7:0 p.m.77 views

CVE-2010-0489

The CVE-2010-0489 entry corresponds to a Race Condition Memory Corruption vulnerability in Microsoft Internet Explorer (affecting IE 5.01 SP4, 6, 6 SP1, and 7). The connected sources confirm a remote code execution scenario triggered by specially crafted HTML/Web content, with exploitation possib...

9.3CVSS7.3AI score0.23731EPSS
CVE
CVE
added 2010/06/08 10:0 p.m.76 views

CVE-2010-0811

CVE-2010-0811 corresponds to a remote code execution vulnerability in the Internet Explorer 8 Developer Tools ActiveX control (iedvtool.dll). Public sources (OpenVAS/Nessus entries) tie this to Microsoft IE/Win components and list affected Windows versions including 2000 SP4, XP SP2/SP3, Server 2...

9.3CVSS7.6AI score0.25924EPSS
CVE
CVE
added 2010/08/11 6:0 p.m.76 views

CVE-2010-1882

CVE-2010-1882 corresponds to a memory corruption/buffer overflow in the Microsoft DirectShow MPEG Layer-3 Audio Codec (l3codecx.ax). The vulnerability exists in the MPEG Layer-3 codec used by Windows Media/DirectShow and can be triggered by a specially crafted MPEG‑L3 audio stream in a media file...

9.3CVSS7.7AI score0.23415EPSS
CVE
CVE
added 2010/12/16 7:0 p.m.76 views

CVE-2010-3943

CVE-2010-3943 affects Windows kernel-mode Win32k.sys, where driver objects are not properly linked, enabling local privilege escalation through linked-list corruption. Affected products include Windows XP (SP2/SP3), Windows Server 2003 (SP2), Windows Vista (SP1/SP2), Windows Server 2008 (Gold, SP...

7.2CVSS6.4AI score0.01792EPSS
CVE
CVE
added 2012/02/02 5:0 p.m.76 views

CVE-2010-4562

CVE-2010-4562 affects Microsoft Windows platforms when using IPv6. It allows remote attackers to infer if a host is sniffing the network by sending an ICMPv6 Echo Request to a multicast address and observing an Echo Reply (as demonstrated by thcping). The entry notes a typographical collision: so...

4.3CVSS6.3AI score0.15185EPSS
CVE
CVE
added 2011/04/13 8:7 p.m.76 views

CVE-2011-1231

The CVE-2011-1231 issue affects Microsoft Windows kernel-mode drivers, specifically the Win32k.sys component. The vulnerability is a NULL pointer de-reference in Win32k that allows a local attacker to gain privileges on affected systems (Windows XP SP2/SP3, Server 2003 SP2, Vista SP1/SP2, Server ...

8.4CVSS6.4AI score0.01349EPSS
CVE
CVE
added 2011/07/13 11:0 p.m.76 views

CVE-2011-1284

CVE-2011-1284 is a Windows CSRSS local privilege-escalation vulnerability caused by an integer overflow in the CSRSS SrvWriteConsoleOutput path. Reported root cause: an out-of-bounds/incorrect memory assignment in a user transaction leads to memory corruption and potential kernel-mode code execut...

7.2CVSS6.8AI score0.02098EPSS
CVE
CVE
added 2008/04/08 11:0 p.m.75 views

CVE-2008-1084

CVE-2008-1084 affects the Windows kernel (Win32k). The issue is a local privilege escalation in the kernel’s win32k.sys, traced to improper input validation, with one affected function allegedly NtUserFnOUTSTRING. Impact is local code execution with HIGH severity (CVSS v2 base 7.2) on Windows 200...

7.2CVSS6.8AI score0.06753EPSS
Total number of security vulnerabilities229