Lucene search
+L
MicrosoftWindows 2003 Server*

229 matches found

CVE
CVE
added 2010/08/11 6:0 p.m.77 views

CVE-2010-1882

CVE-2010-1882 corresponds to a memory corruption/buffer overflow in the Microsoft DirectShow MPEG Layer-3 Audio Codec (l3codecx.ax). The vulnerability exists in the MPEG Layer-3 codec used by Windows Media/DirectShow and can be triggered by a specially crafted MPEG‑L3 audio stream in a media file...

9.3CVSS7.7AI score0.23415EPSS
CVE
CVE
added 2010/12/16 7:0 p.m.77 views

CVE-2010-3943

CVE-2010-3943 affects Windows kernel-mode Win32k.sys, where driver objects are not properly linked, enabling local privilege escalation through linked-list corruption. Affected products include Windows XP (SP2/SP3), Windows Server 2003 (SP2), Windows Vista (SP1/SP2), Windows Server 2008 (Gold, SP...

7.2CVSS6.4AI score0.01792EPSS
CVE
CVE
added 2012/02/02 5:0 p.m.77 views

CVE-2010-4562

CVE-2010-4562 affects Microsoft Windows platforms when using IPv6. It allows remote attackers to infer if a host is sniffing the network by sending an ICMPv6 Echo Request to a multicast address and observing an Echo Reply (as demonstrated by thcping). The entry notes a typographical collision: so...

4.3CVSS6.3AI score0.15185EPSS
CVE
CVE
added 2011/02/09 12:0 a.m.77 views

CVE-2011-0090

CVE-2011-0090 concerns Win32k.sys in the kernel-mode drivers of affected Windows versions (XP SP2/SP3, Server 2003 SP2, Vista SP1/SP2, Server 2008 Gold/SP2/R2, and Windows 7). The vulnerability stems from improper validation of data passed from user mode to kernel mode, enabling local privilege e...

7.2CVSS6.4AI score0.02078EPSS
CVE
CVE
added 2011/07/13 11:0 p.m.77 views

CVE-2011-1885

The CVE-2011-1885 issue affects Win32k.sys in multiple Windows OS versions (Windows XP SP2/SP3, Server 2003 SP2, Vista SP1/SP2, Server 2008 Gold/SP2/R2/R2 SP1, Windows 7 Gold/SP1). It is a local privilege escalation caused by a NULL pointer dereference in kernel‑mode drivers, allowing a crafted a...

7.2CVSS6.4AI score0.0137EPSS
CVE
CVE
added 2010/03/03 7:0 p.m.76 views

CVE-2010-0483

CVE-2010-0483 targets VBScript.dll in VBScript 5.1/5.6/5.7/5.8 on Windows 2000 SP4, XP SP2/SP3, and Server 2003 SP2. When Internet Explorer is used, referencing a crafted .hlp file via the MsgBox function’s helpfile argument (local, UNC, or WebDAV) can lead to code execution via winhlp32.exe if t...

7.6CVSS7.4AI score0.86367EPSS
CVE
CVE
added 2010/06/08 10:0 p.m.76 views

CVE-2010-0484

CVE-2010-0484 affects Windows kernel-mode drivers in win32k.sys. The vulnerability arises from improper validation/memory handling when processing Device Contexts (DC) via GetDCEx, enabling local users to execute arbitrary code in kernel mode (ring0) on affected Windows versions. Affected are Win...

6.8CVSS7AI score0.01344EPSS
CVE
CVE
added 2010/06/08 10:0 p.m.76 views

CVE-2010-0811

CVE-2010-0811 corresponds to a remote code execution vulnerability in the Internet Explorer 8 Developer Tools ActiveX control (iedvtool.dll). Public sources (OpenVAS/Nessus entries) tie this to Microsoft IE/Win components and list affected Windows versions including 2000 SP4, XP SP2/SP3, Server 2...

9.3CVSS7.6AI score0.25924EPSS
CVE
CVE
added 2011/04/13 6:0 p.m.76 views

CVE-2010-3974

CVE-2010-3974 is a memory corruption vulnerability in the Windows Fax Cover Page Editor (fxscover.exe) that occurs when parsing crafted Fax cover pages (.cov). A remote attacker could execute arbitrary code on affected systems by convincing a user to open a malicious fax cover page file. Affected...

7.6CVSS7.5AI score0.18511EPSS
CVE
CVE
added 2011/06/16 8:21 p.m.76 views

CVE-2011-1894

The CVE-2011-1894 issue affects the MHTML protocol handler used by Microsoft Windows components (XP SP2/SP3, Server 2003 SP2, Vista SP1/SP2, Server 2008 Gold/R2, Windows 7 SP1). The vulnerability arises from improper handling of a MIME format in requests for embedded content within an HTML docume...

4.3CVSS5.5AI score0.11411EPSS
CVE
CVE
added 2009/11/11 7:0 p.m.75 views

CVE-2009-2513

CVE-2009-2513 is the Win32k Insufficient Data Validation Vulnerability affecting the Windows kernel-mode GDI path (win32k.sys). The issue stems from improper validation of user-mode input in the GDI subsystem, allowing local users to execute arbitrary code in kernel mode and escalate privileges. ...

7.2CVSS6AI score0.01546EPSS
CVE
CVE
added 2010/03/31 7:0 p.m.75 views

CVE-2010-0494

CVE-2010-0494 is the HTML Element Cross-Domain Vulnerability in Internet Explorer (IE6/6 SP1/7/8) that allows information disclosure when a user drags one IE window across another. The issue affects IE’s handling of cross-domain scripting context and is addressed by Microsoft Security Bulletin MS...

4.3CVSS5.4AI score0.22893EPSS
CVE
CVE
added 2010/04/14 3:44 p.m.75 views

CVE-2010-0812

ISATAP IPv6 Source Address Spoofing vulnerability (CVE-2010-0812) affects Windows XP SP2/SP3, Server 2003 SP2, Vista SP1/SP2, and Server 2008 SP2. The flaw in the Windows TCP/IP stack checks the inner IPv6 source in tunneled ISATAP packets, enabling spoofing that could bypass IPv4 source-address ...

6.4CVSS6.5AI score0.17452EPSS
CVE
CVE
added 2009/11/11 7:0 p.m.74 views

CVE-2009-1928

The CVE-2009-1928 entry describes an LSASS Recursive Stack Overflow vulnerability that causes denial of service in Active Directory implementations. Affected software includes: Microsoft Windows 2000 Server SP4, Windows Server 2003 SP2, Windows Server 2008 (Gold and SP2) Active Directory; Active ...

7.8CVSS6.4AI score0.3002EPSS
CVE
CVE
added 2010/12/16 7:0 p.m.74 views

CVE-2010-3940

CVE-2010-3940 is a Windows kernel-mode driver (win32k.sys) vulnerability described as a double-free in the Win32k PFE pointer handling that could allow local privilege elevation. Affected platforms include Windows XP SP2/SP3, Windows Server 2003 SP2, Windows Vista SP1/SP2, Windows Server 2008 (Go...

7.2CVSS6.4AI score0.01641EPSS
CVE
CVE
added 2011/10/12 1:0 a.m.74 views

CVE-2011-1247

CVE-2011-1247 describes an untrusted search path vulnerability in the Microsoft Active Accessibility component that affects Windows XP SP2/SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2/R2 SP1, and Windows 7 RTM/SP1. The underlying flaw is insecure library loading (DLL l...

9.3CVSS6.4AI score0.11115EPSS
CVE
CVE
added 2012/06/12 10:0 p.m.74 views

CVE-2012-1865

CVE-2012-1865 affects Microsoft Windows kernel- mode drivers (notably win32k.sys) across multiple OS versions (XP SP2/SP3, Server 2003 SP2, Vista SP2, Server 2008 SP2/R2, and Windows 7 SP1). The root cause, as described in the CVE entry, is that user-mode input passed to kernel mode for driver ob...

7.2CVSS6.2AI score0.0164EPSS
CVE
CVE
added 2013/09/11 10:0 a.m.74 views

CVE-2013-1341

CVE-2013-1341 affects the Windows kernel component win32k.sys (kernel-mode drivers) and allows local privilege escalation via a crafted application on several Windows families. Affected: Windows XP SP2/SP3, Server 2003 SP2, Vista SP2, Server 2008 SP2/R2 SP1, Windows 7 SP1, Windows 8. Root cause: ...

7.2CVSS6.4AI score0.01806EPSS
CVE
CVE
added 2008/04/08 11:0 p.m.73 views

CVE-2008-1087

CVE-2008-1087: A stack-based buffer overflow in Windows GDI processing of EMF image filenames allows remote code execution. Affected: Windows 2000 SP4, XP SP2, Server 2003 SP1/SP2, Vista, Server 2008. Root cause: buffer overflow in EMF filename handling. Exploit-vector: crafted EMF file name para...

9.3CVSS7.8AI score0.56603EPSS
CVE
CVE
added 2009/06/10 5:37 p.m.73 views

CVE-2009-0230

CVE-2009-0230 : A remote authenticated elevation-of-privilege vulnerability in the Windows Print Spooler allowing an arbitrary DLL to be loaded via a crafted RPC message. Affected: Windows 2000 SP4, XP SP2/SP3, Server 2003 SP2, Vista (Gold, SP1, SP2), and Server 2008 SP2. Exploitation requires th...

9CVSS6.5AI score0.34878EPSS
CVE
CVE
added 2009/12/09 6:0 p.m.73 views

CVE-2009-3675

CVE-2009-3675 describes a denial-of-service vulnerability in Windows LSASS (Local Security Authority Subsystem Service) where remote authenticated attackers can exhaust CPU resources by sending specially crafted ISAKMP messages over IPsec. Affected: Windows 2000 SP4, XP SP2/SP3, and Server 2003 S...

6.8CVSS6AI score0.24705EPSS
CVE
CVE
added 2010/03/31 7:0 p.m.73 views

CVE-2010-0807

CVE-2010-0807 affects Microsoft Internet Explorer 7 and is caused by improper handling of objects in memory when accessing a deleted object, leading to HTML Rendering Memory Corruption and remote code execution. The issue allows an attacker to run arbitrary code on a vulnerable machine, typically...

9.3CVSS7.6AI score0.29284EPSS
CVE
CVE
added 2010/08/11 6:0 p.m.73 views

CVE-2010-1896

CVE-2010-1896 corresponds to Win32k User Input Validation Vulnerability. Affected software includes Windows XP SP2/SP3, Windows Server 2003 SP2, Windows Vista SP1/SP2, and Windows Server 2008 (Gold/SP2). The flaw is in win32k.sys where user-mode input is not properly validated before kernel-mode ...

8.4CVSS6.2AI score0.01418EPSS
CVE
CVE
added 2011/04/13 6:0 p.m.73 views

CVE-2011-0662

CVE-2011-0662 is a Win32k.sys use-after-free vulnerability in Windows kernel-mode drivers that allows a local user to escalate privileges via a crafted application, due to incorrect driver object management. Affected: Windows XP SP2/SP3, Server 2003 SP2, Vista SP1/SP2, Server 2008 (Gold, SP2, R2,...

7.2CVSS6.4AI score0.01561EPSS
CVE
CVE
added 2011/04/13 8:7 p.m.73 views

CVE-2011-0676

CVE-2011-0676 affects Windows kernel-mode drivers (notably win32k.sys) across multiple Windows versions (XP SP2/SP3, Server 2003 SP2, Vista SP1/SP2, Server 2008 Gold/SP2/R2, and Windows 7 Gold/SP1). The vulnerability is a NULL pointer de-reference in the Win32k subsystem that allows local users t...

7.8CVSS6.4AI score0.01173EPSS
CVE
CVE
added 2011/06/16 8:21 p.m.73 views

CVE-2011-1268

CVE-2011-1268 affects the SMB client in various Windows versions (XP SP2/SP3, Server 2003 SP2, Vista SP1/SP2, Server 2008 Gold/SP2/R2, and Windows 7). The issue is a remote code execution flaw caused by improper parsing of crafted SMB responses (SMBv1 or SMBv2), allowing an attacker to execute ar...

10CVSS7.5AI score0.11051EPSS
CVE
CVE
added 2013/09/11 10:0 a.m.73 views

CVE-2013-1344

CVE-2013-1344 affects win32k.sys in multiple Windows kernel-mode drivers. A memory handling flaw in Win32k allows local privilege escalation via a crafted application on affected OSes (XP SP2/SP3, Server 2003 SP2, Vista SP2, Server 2008 SP2/R2 SP1, Windows 7 SP1, Windows 8, Server 2012, Windows R...

7.2CVSS6.2AI score0.01654EPSS
CVE
CVE
added 2010/08/11 6:0 p.m.72 views

CVE-2010-1897

CVE-2010-1897 affects Windows kernel-mode drivers in win32k.sys across Windows XP SP2/SP3, Windows Server 2003 SP2, Windows Vista SP1/SP2, Windows Server 2008 SP2/R2, and Windows 7. The vulnerability arises from improper validation of pseudo-handle values passed in callback parameters during Crea...

7.2CVSS6.2AI score0.03428EPSS
CVE
CVE
added 2010/12/16 7:0 p.m.72 views

CVE-2010-2742

The CVE affects the Netlogon RPC Service in Windows Server 2003 SP2 and Windows Server 2008 Gold/SP2/R2 when the domain controller role is enabled. A remote attacker can trigger a denial-of-service via a crafted Netlogon RPC packet, causing a NULL pointer dereference and reboot. The issue is docu...

5.4CVSS6.5AI score0.30356EPSS
CVE
CVE
added 2011/07/13 11:0 p.m.72 views

CVE-2011-1876

CVE-2011-1876 is a use-after-free vulnerability in win32k.sys (kernel-mode drivers) that allows local privilege escalation by abusing improper driver object management. Affected products include Windows XP SP2/SP3, Windows Server 2003 SP2, Windows Vista SP1/SP2, Windows Server 2008 (Gold, SP2, R2...

7.2CVSS6.4AI score0.01405EPSS
CVE
CVE
added 2011/10/12 1:0 a.m.72 views

CVE-2011-2011

The CVE-2011-2011 issue is a local privilege-escalation vulnerability in Windows kernel components, specifically Win32k.sys, affecting Windows XP, Server 2003, Vista, Server 2008/R2, and Windows 7 (Gold/SP1). Root cause: a use-after-free condition in win32k.sys due to incorrect driver object mana...

7.2CVSS6.4AI score0.01787EPSS
CVE
CVE
added 2015/07/14 10:0 p.m.72 views

CVE-2015-2416

CVE-2015-2416 is a Windows OLE privilege-elevation vulnerability affecting multiple editions (Windows Server 2003 SP2, Vista SP2, Server 2008 SP2/R2 SP1, Windows 7 SP1, 8/8.1, Server 2012). The root cause, as cited across connected sources, is an input-validation flaw in OLE that allows remote at...

5CVSS6.9AI score0.10164EPSS
CVE
CVE
added 2015/07/14 10:0 p.m.72 views

CVE-2015-2417

CVE-2015-2417 describes an OLE-based elevation-of-privilege vulnerability in multiple Windows platforms (Windows Server 2003 SP2, Vista SP2, Server 2008 SP2/R2 SP1, Windows 7 SP1, Windows 8/8.1, Windows Server 2012 Gold/R2, Windows RT Gold/8.1). The root cause is an input validation flaw in OLE t...

5CVSS6.9AI score0.10164EPSS
CVE
CVE
added 2008/04/08 11:0 p.m.71 views

CVE-2008-1083

CVE-2008-1083 describes a remote-code-execution vulnerability in the Windows GDI component. The flaw occurs in the CreateDIBPatternBrushPt function when parsing malformed EMF/WMF image headers, leading to a heap-based/integer overflow in GDI and potentially arbitrary code execution on affected sy...

9.3CVSS7.7AI score0.57102EPSS
CVE
CVE
added 2010/06/08 10:0 p.m.71 views

CVE-2010-1255

CVE-2010-1255 maps to the Win32k TrueType Font Parsing Vulnerability in Windows kernel-mode driver win32k.sys. The issue concerns how glyph outline information is provided to user-mode applications, enabling local users to execute arbitrary code in kernel mode. Affected products include Windows 2...

6.8CVSS7.2AI score0.05068EPSS
CVE
CVE
added 2010/08/11 6:0 p.m.71 views

CVE-2010-1894

Win32k Exception Handling Vulnerability (CVE-2010-1894) affects Windows XP SP2/SP3 and Windows Server 2003 SP2 via win32k.sys. Description: the kernel-mode driver does not properly handle certain exceptions, enabling local privilege escalation by a crafted application. Impact: attacker could exec...

7.2CVSS6.4AI score0.02959EPSS
CVE
CVE
added 2011/04/13 6:0 p.m.71 views

CVE-2011-0041

CVE-2011-0041 affects gdiplus.dll (GDI+) across Windows XP SP2/SP3, Server 2003 SP2, Vista SP1/SP2, Server 2008 Gold/SP2 and Office XP SP3. Root cause: integer overflow in gdiplus!GpPath::CreateDashedPath when processing EMF/EMF+ images, enabling remote code execution. Verified references indicat...

9.3CVSS7.6AI score0.28157EPSS
CVE
CVE
added 2011/07/13 11:0 p.m.71 views

CVE-2011-1880

CVE-2011-1880 affects Windows kernel-mode drivers, specifically Win32k.sys, across multiple OS versions (Windows XP SP2/SP3, Windows Server 2003 SP2, Windows Vista SP1/SP2, Windows Server 2008 Gold SP2/R2 and R2 SP1, Windows 7 Gold/SP1). The vulnerability is a NULL pointer de-reference in Win32k....

7.2CVSS6.4AI score0.0137EPSS
CVE
CVE
added 2011/04/13 8:7 p.m.70 views

CVE-2011-0677

CVE-2011-0677 targets win32k.sys in Windows kernel-mode drivers, enabling local privilege escalation via a NULL pointer de-reference. A crafted application can trigger the vulnerability on affected Windows versions (XP SP2/SP3, Server 2003 SP2, Vista SP1/SP2, Server 2008 Gold/SP2/R2, Windows 7 Go...

7.2CVSS6.4AI score0.01398EPSS
CVE
CVE
added 2011/06/16 8:21 p.m.70 views

CVE-2011-1264

Active Directory Certificate Services Web Enrollment (AD CS Web Enrollment) on Microsoft Windows Server 2003 SP2 and Windows Server 2008 Gold, SP2, R2, and R2 SP1 is affected by CVE-2011-1264. The vulnerability is a cross-site scripting (XSS) flaw in the Web Enrollment interface that allows remot...

4.3CVSS5.7AI score0.0515EPSS
CVE
CVE
added 2011/07/13 11:0 p.m.70 views

CVE-2011-1870

CVE-2011-1870 is an integer overflow vulnerability in the Windows CSRSS component of the Win32 subsystem. The flaw occurs in SrvWriteConsoleOutputString, allowing a local attacker to cause memory corruption and potentially elevate privileges to kernel mode on affected systems (Windows XP SP2/SP3 ...

7.2CVSS6.8AI score0.02244EPSS
CVE
CVE
added 2008/01/08 8:0 p.m.69 views

CVE-2007-0066

CVE-2007-0066 describes a denial-of-service in the Windows kernel TCP/IP/ICMP handling when Router Discovery Protocol (RDP) is enabled. The vulnerability arises from how fragmented router advertisement ICMP queries are processed, potentially causing an out-of-bounds read and system unresponsivene...

7.1CVSS6.2AI score0.31525EPSS
CVE
CVE
added 2008/12/10 1:33 p.m.69 views

CVE-2008-3465

CVE-2008-3465 describes a heap overflow in the GDI API used when processing WMF images. The vulnerability arises from parsing a malformed file-size parameter in WMF files, which could allow a remote attacker to cause a denial of service or execute arbitrary code on affected Windows variants. Affe...

9.8CVSS7.8AI score0.13674EPSS
CVE
CVE
added 2009/11/11 7:0 p.m.69 views

CVE-2009-1127

Microsoft Windows kernel Win32k subsystem (Win32k.sys) contains multiple vulnerabilities disclosed under CVE-2009-1127, CVE-2009-2513, and CVE-2009-2514 (MS09-065). The common root cause across the entries is improper validation of arguments passed to kernel/system calls (and related GDI input ha...

7.2CVSS6.1AI score0.01546EPSS
CVE
CVE
added 2010/04/14 3:44 p.m.69 views

CVE-2010-0486

CVE-2010-0486 describes a remote code execution vulnerability in Windows Authenticode Signature Verification (WinVerifyTrust) affecting PE and cabinet (.CAB) handling. The flaw arises from improper use of certain file digest fields during signing/verifying, enabling a modified signed file to exec...

9.3CVSS7.6AI score0.22037EPSS
CVE
CVE
added 2010/05/05 6:0 p.m.69 views

CVE-2010-1735

The CVE-2010-1735 issue affects the Windows kernel component win32k.sys (SfnLOGONNOTIFY) in Windows 2000, XP and Server 2003. It allows a local attacker to trigger a denial-of-service (system crash) by sending a 0x4c value in the Msg argument of a PostMessage call to the DDEMLEvent window. This i...

4.9CVSS6.3AI score0.02491EPSS
CVE
CVE
added 2011/04/13 8:7 p.m.69 views

CVE-2011-1240

CVE-2011-1240 is a local privilege-escalation in the Windows kernel via the Win32k.sys use-after-free condition. A crafted local attack can abuse incorrect driver object management to execute code with kernel privileges on affected Windows versions (XP SP2/SP3, Server 2003 SP2, Vista SP1/SP2, Ser...

7.2CVSS6.5AI score0.01434EPSS
CVE
CVE
added 2011/07/13 11:0 p.m.69 views

CVE-2011-1874

CVE-2011-1874 is a local privilege-escalation vulnerability in Windows kernel-mode drivers, caused by a use-after-free in Win32k.sys due to incorrect driver object management. Affected products span Windows XP SP2–SP3, Server 2003 SP2, Vista SP1–SP2, Server 2008 Gold/SP2/R2/R2 SP1, and Windows 7 ...

7.8CVSS6.4AI score0.01164EPSS
CVE
CVE
added 2011/07/13 11:0 p.m.69 views

CVE-2011-1882

The CVE-2011-1882 entry documents a local privilege-escalation vulnerability in Windows kernel-mode drivers, specifically in win32k.sys. The issue arises from a use-after-free condition due to incorrect driver object management, enabling a crafted user-space application to trigger privilege escal...

7.2CVSS6.5AI score0.01405EPSS
CVE
CVE
added 2008/08/13 10:0 a.m.68 views

CVE-2008-1457

CVE-2008-1457 describes a remote code execution vulnerability in the Microsoft Windows Event System. The flaw occurs when creating per-user subscriptions, allowing an attacker with valid logon credentials to craft a subscription request that could run arbitrary code with system privileges. Affect...

9CVSS7AI score0.36269EPSS
Total number of security vulnerabilities229