Lucene search
+L
MicrosoftWindows 2003 Server*

229 matches found

CVE
CVE
added 2008/08/13 10:0 a.m.68 views

CVE-2008-1457

CVE-2008-1457 describes a remote code execution vulnerability in the Microsoft Windows Event System. The flaw occurs when creating per-user subscriptions, allowing an attacker with valid logon credentials to craft a subscription request that could run arbitrary code with system privileges. Affect...

9CVSS7AI score0.36269EPSS
CVE
CVE
added 2010/02/10 6:0 p.m.68 views

CVE-2010-0023

CVE-2010-0023 affects the Client/Server Runtime Subsystem (CSRSS) on Windows 2000 SP4, XP SP2/SP3, and Server 2003 SP2. The vulnerability stems from CSRSS not properly terminating processes after user logout, enabling a local attacker to gain privileges or access sensitive information via a craft...

6.9CVSS6.1AI score0.01812EPSS
CVE
CVE
added 2010/03/31 7:0 p.m.68 views

CVE-2010-0491

CVE-2010-0491 is the IE HTML Object Memory Corruption vulnerability (Use-after-free) affecting Internet Explorer 5.01 SP4, 6, and 6 SP1. Exploitation requires crafting a page with an onreadystatechange handler to trigger arbitrary code execution; Microsoft documented this as part of MS10-018 and ...

9.3CVSS7.5AI score0.29284EPSS
CVE
CVE
added 2010/10/13 6:0 p.m.68 views

CVE-2010-2740

The CVE-2010-2740 entry corresponds to two Windows OpenType Font (OTF) format driver vulnerabilities (CVE-2010-2740 and CVE-2010-2741) affecting Windows XP SP2/SP3 and Windows Server 2003 SP2. The OpenType Font (OTF) format driver is vulnerable in how it allocates memory when parsing specially cr...

7.2CVSS6.3AI score0.01807EPSS
CVE
CVE
added 2011/02/09 12:0 a.m.68 views

CVE-2011-0030

CVE-2011-0030 describes a CSRSS Elevation of Privilege vulnerability in Windows XP SP2/SP3 and Windows Server 2003 SP2. The Client/Server Run-time Subsystem (CSRSS) does not properly terminate processes after a user logs out, allowing a local attacker to keep a crafted process running into the ne...

4.7CVSS6.1AI score0.01764EPSS
CVE
CVE
added 2011/02/09 12:0 a.m.68 views

CVE-2011-0087

The CVE-2011-0087 issue concerns the Windows kernel-mode driver win32k.sys, where user-mode input is not properly validated. This enables local privilege escalation, potentially allowing an attacker to gain complete control of the affected system. Affected products include Windows XP (SP2/SP3), S...

7.2CVSS6.3AI score0.01831EPSS
CVE
CVE
added 2011/06/16 8:21 p.m.68 views

CVE-2011-0658

CVE-2011-0658 corresponds to Microsoft Windows OLE Automation Remote Code Execution via a malformed WMF in oleaut32.dll. Public sources (MS11-038) and multiple security analyses describe an integer underflow in the WMF parsing path, leading to arbitrary code execution when a user opens a crafted ...

9.3CVSS7.5AI score0.21202EPSS
CVE
CVE
added 2011/04/13 8:7 p.m.68 views

CVE-2011-1230

CVE-2011-1230 affects Windows kernel components, specifically win32k.sys in the kernel-mode drivers. The vulnerability is a NULL pointer de-reference in win32k.sys, leading to local privilege escalation. Affected products include Windows XP (SP2–SP3), Windows Server 2003 (SP2), Windows Vista (SP1...

7.2CVSS6.4AI score0.01398EPSS
CVE
CVE
added 2011/04/13 8:7 p.m.68 views

CVE-2011-1238

CVE-2011-1238 describes a use-after-free bug in the Windows kernel driver component win32k.sys. The issue affects multiple Windows lineages (XP SP2/SP3, Server 2003 SP2, Vista SP1/SP2, Server 2008 Gold, R2, and R2 SP1, and Windows 7 Gold/SP1) and is triggered by incorrect management of kernel-mod...

7.2CVSS6.4AI score0.01434EPSS
CVE
CVE
added 2011/04/13 8:7 p.m.68 views

CVE-2011-1239

CVE-2011-1239 is a use-after-free vulnerability in the Windows kernel-mode driver win32k.sys that allows local privilege escalation. A crafted action exploits incorrect driver object management to gain full control. Affected products/versions include Windows XP (SP2, SP3), Windows Server 2003 (SP...

7.2CVSS6.4AI score0.01446EPSS
CVE
CVE
added 2011/07/13 11:0 p.m.68 views

CVE-2011-1283

The CVE-2011-1283 entry concerns the Windows CSRSS component in the Win32 subsystem. The vulnerability arises from an array index check flaw in SrvSetConsoleNumberOfCommand, allowing a local attacker to cause memory corruption and elevate privileges by triggering an incorrect memory assignment fo...

7.2CVSS6.5AI score0.02116EPSS
CVE
CVE
added 2011/07/13 11:0 p.m.68 views

CVE-2011-1883

CVE-2011-1883 is a use-after-free vulnerability in win32k.sys (kernel-mode drivers) across Windows XP SP2/SP3, Server 2003 SP2, Vista SP1/SP2, Server 2008 Gold/SP2/R2, and Windows 7 SP1. The flaw stems from incorrect driver object management in kernel-mode, enabling local privilege escalation to ...

7.2CVSS6.5AI score0.01405EPSS
CVE
CVE
added 2007/09/27 7:0 p.m.67 views

CVE-2007-5133

Microsoft Windows Explorer (explorer.exe) is affected by CVE-2007-5133. A crafted PNG file with a large tEXt chunk may trigger an integer overflow in PNG chunk size handling, allowing user‑assisted remote attackers to cause a denial of service (CPU consumption). The connected sources explicitly d...

7.1CVSS6.9AI score0.22913EPSS
CVE
CVE
added 2011/04/13 8:7 p.m.67 views

CVE-2011-1241

The CVE-2011-1241 entry details a use-after-free in the Windows kernel-mode driver Win32k.sys that can allow local privilege escalation via crafted code, due to incorrect driver object management. Affected products/versions include Windows XP SP2/SP3, Windows Server 2003 SP2, Windows Vista SP1/SP...

7.2CVSS6.4AI score0.01434EPSS
CVE
CVE
added 2011/04/13 8:7 p.m.67 views

CVE-2011-1242

CVE-2011-1242 is a Win32k.sys use-after-free local privilege-escalation vulnerability. Affected: Windows XP SP2/SP3, Server 2003 SP2, Vista SP1/SP2, Server 2008 Gold/SP2/R2/R2 SP1, and Windows 7 SP1. Cause: incorrect management of kernel-mode driver objects in win32k.sys leading to use-after-free...

7.2CVSS6.4AI score0.01434EPSS
CVE
CVE
added 2011/07/13 11:0 p.m.67 views

CVE-2011-1875

CVE-2011-1875 is a use-after-free vulnerability in win32k.sys within kernel-mode drivers that enables local privilege escalation by exploiting incorrect driver object management. Affected systems include Windows XP SP2/SP3, Windows Server 2003 SP2, Windows Vista SP1/SP2, Windows Server 2008 Gold/...

7.2CVSS6.4AI score0.01405EPSS
CVE
CVE
added 2011/07/13 11:0 p.m.67 views

CVE-2011-1881

CVE-2011-1881 affects Windows kernel-mode drivers, specifically win32k.sys, with a NULL pointer dereference vulnerability that enables local privilege escalation. Affected products include Windows XP SP2–SP3, Windows Server 2003 SP2, Windows Vista SP1/SP2, Windows Server 2008 Gold/SP2/R2 and R2 S...

8.4CVSS6.4AI score0.01328EPSS
CVE
CVE
added 2011/08/10 9:16 p.m.67 views

CVE-2011-1970

The CVE-2011-1970 issue affects Microsoft Windows DNS Server (notably on Windows Server 2003 SP2 and Windows Server 2008 SP2, R2 and R2 SP1). It is a memory handling vulnerability where memory is not properly initialized when processing a query for a nonexistent domain, enabling a remote attacker...

5CVSS6.6AI score0.23037EPSS
CVE
CVE
added 2013/09/11 10:0 a.m.67 views

CVE-2013-3866

CVE-2013-3866 is a Windows kernel‑mode driver privilege escalation in Win32k.sys affecting multiple Windows versions (XP SP2/SP3, Server 2003 SP2, Vista SP2, Server 2008 SP2/R2 SP1, Windows 7 SP1, 8, Server 2012, Windows RT). The root cause is a crafted application that allows local users to gain...

7.2CVSS6.5AI score0.01806EPSS
CVE
CVE
added 2009/12/13 1:0 a.m.66 views

CVE-2009-4313

The CVE-2009-4313 issue affects the Microsoft Windows Indeo32 codec (ir32_32.dll 3.24.15.3) in Windows 2000 SP4, XP SP2/SP3, and Server 2003 SP2. The underlying flaw is malformed data in a stream within media files (e.g., AVI), which can lead to heap corruption and allow remote code execution or ...

9.3CVSS7.6AI score0.20731EPSS
CVE
CVE
added 2010/10/13 6:0 p.m.66 views

CVE-2010-2741

CVE-2010-2741 is a local elevation-of-privilege vulnerability in the Windows OpenType Font (OTF) format driver. OpenType fonts processed by the OTF driver could trigger improper integer calculations during parsing, enabling kernel-mode code execution when a specially crafted font is opened locall...

7.2CVSS6.3AI score0.01792EPSS
CVE
CVE
added 2010/12/16 7:0 p.m.66 views

CVE-2010-3942

CVE-2010-3942 affects Windows kernel-mode driver win32k.sys, where memory allocation for copies from user mode is flawed, enabling local privilege escalation on affected Windows versions (XP SP2/SP3, 2003 SP2, Vista SP1/SP2, Server 2008 Gold/SP2/R2, and Windows 7). Connected sources corroborate t...

7.2CVSS6.4AI score0.01792EPSS
CVE
CVE
added 2011/04/13 6:0 p.m.66 views

CVE-2011-0667

CVE-2011-0667 is a local privilege-escalation in the Windows kernel (win32k.sys) caused by a use-after-free in driver object management. A crafted application can abuse this to gain kernel privileges on affected systems, including Windows XP SP2/SP3, Windows Server 2003 SP2, Windows Vista SP1/SP2...

7.2CVSS6.5AI score0.01434EPSS
CVE
CVE
added 2011/04/13 8:7 p.m.66 views

CVE-2011-1225

The CVE-2011-1225 issue affects the Windows kernel32k subsystem: specifically, win32k.sys in kernel-mode drivers allows local privilege escalation via a NULL pointer de-reference. Affected products include Windows XP (SP2–SP3), Windows Server 2003 (SP2), Windows Vista (SP1–SP2), Windows Server 20...

7.2CVSS6.4AI score0.01398EPSS
CVE
CVE
added 2011/04/13 8:7 p.m.66 views

CVE-2011-1236

CVE-2011-1236 is a use-after-free vulnerability in win32k.sys (kernel-mode driver) affecting multiple Windows OS versions (XP SP2/SP3, Server 2003 SP2, Vista SP1/SP2, Server 2008 Gold/SP2/R2/R2 SP1, Windows 7 Gold/SP1). The issue arises from incorrect driver object management in the Win32k subsys...

7.8CVSS6.5AI score0.0117EPSS
CVE
CVE
added 2011/06/16 8:21 p.m.66 views

CVE-2011-1868

The CVE-2011-1868 issue affects Microsoft Windows DFS (Distributed File System) implementations on Windows XP SP2/SP3 and Windows Server 2003 SP2. The root cause is improper validation of fields in DFS responses, allowing remote DFS servers to cause arbitrary code execution via crafted responses ...

10CVSS7.5AI score0.1478EPSS
CVE
CVE
added 2011/06/16 8:21 p.m.66 views

CVE-2011-1869

The CVE-2011-1869 issue affects the Distributed File System (DFS) implementation on multiple Windows platforms (Windows XP SP2/SP3, Windows Server 2003 SP2, Windows Vista SP1/SP2, Windows Server 2008 Gold/SP2/R2/R2 SP1, Windows 7 Gold/SP1). A crafted DFS referral response can be sent by a remote ...

7.8CVSS6.5AI score0.10293EPSS
CVE
CVE
added 2011/07/13 11:0 p.m.66 views

CVE-2011-1878

CVE-2011-1878 is a use-after-free vulnerability in win32k.sys, the kernel-mode driver component of Windows. A crafted local access application can trigger improper driver object management, enabling a local user to escalate privileges. Affected products include Windows XP SP2/SP3, Windows Server ...

7.2CVSS6.5AI score0.01405EPSS
CVE
CVE
added 2013/09/11 10:0 a.m.66 views

CVE-2013-3865

Win32k Multiple Fetch Vulnerability (CVE-2013-3865) affects multiple Windows versions (XP SP2/SP3, Server 2003 SP2, Vista SP2, Server 2008 SP2/R2 SP1, 7 SP1, 8, Server 2012, Windows RT). It allows local privilege escalation through a crafted application affecting win32k.sys in kernel-mode drivers...

7.2CVSS6.2AI score0.01654EPSS
CVE
CVE
added 2008/08/13 10:0 a.m.65 views

CVE-2008-1456

CVE-2008-1456 describes a remote code execution vulnerability in the Windows Event System caused by improper validation when indexing an array of function pointers. Affected products include Windows 2000 SP4, XP (SP2/SP3), Server 2003 (SP1/SP2), Vista (initial and SP1), and Server 2008. The issue...

9CVSS7AI score0.28018EPSS
CVE
CVE
added 2010/12/16 7:0 p.m.65 views

CVE-2010-3959

CVE-2010-3959 affects the Microsoft OpenType Font (OTF) driver. A crafted CMAP table in an OpenType font can cause local privilege escalation on Windows XP SP2/SP3, Windows Server 2003 SP2, Windows Vista SP1/SP2, Windows Server 2008 Gold/SP2/R2, and Windows 7. Root cause: incorrect handling/parsi...

6.9CVSS6.4AI score0.1436EPSS
CVE
CVE
added 2011/01/07 11:0 a.m.65 views

CVE-2010-4669

The CVE-2010-4669 entry concerns the IPv6 Neighbor Discovery (ND) router advertisement flood vulnerability. Affected products include the IPv6 stack in Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, and Windows 7. The issue arises when an attacker sends many Router Advertise...

7.8CVSS7.2AI score0.2911EPSS
CVE
CVE
added 2011/02/09 12:0 a.m.65 views

CVE-2011-0086

CVE-2011-0086 pertains to win32k.sys in affected Windows versions (XP SP2/SP3, Server 2003 SP2, Vista SP1/SP2, Server 2008 Gold/SP2/R2, Windows 7) where user-mode input is not properly validated by kernel-mode drivers. This enables local privilege escalation via a crafted application. Acknowledge...

7.2CVSS6.4AI score0.01676EPSS
CVE
CVE
added 2011/04/13 8:7 p.m.65 views

CVE-2011-0672

CVE-2011-0672 is a use-after-free vulnerability in the Windows kernel Win32k.sys (kernel-mode drivers). Affected products include Windows XP SP2/SP3, Windows Server 2003 SP2, Windows Vista SP1/SP2, Windows Server 2008 Gold/SP2/R2/R2 SP1, and Windows 7 Gold/SP1. The issue stems from incorrect driv...

7.2CVSS6.5AI score0.01434EPSS
CVE
CVE
added 2013/09/11 10:0 a.m.65 views

CVE-2013-1343

Technical details for CVE-2013-1343 are not publicly available in the provided documents; affected components, impact, and remediation are not specified here. Monitor for updates from NVD and EUVD sources.

7.2CVSS6.2AI score0.01654EPSS
CVE
CVE
added 2008/10/15 12:0 a.m.64 views

CVE-2008-3464

CVE-2008-3464 (AFD Kernel Overwrite Vulnerability) is an elevation-of-privilege bug in the Microsoft AFD driver (afd.sys). It arises from improper validation of input passed from user mode to the Windows kernel, allowing a local attacker to execute arbitrary code with kernel privileges. Affected ...

7.2CVSS6.2AI score0.04026EPSS
CVE
CVE
added 2009/12/13 1:0 a.m.64 views

CVE-2009-4210

CVE-2009-4210 describes memory corruption in the Microsoft Windows Indeo codec exposed by crafted media content, affecting Windows 2000 SP4, XP SP2/SP3, and Server 2003 SP2. The OpenVAS entries corroborate multiple vulnerabilities in the Indeo codec and list CVE-2009-4210 among the affected vulne...

9.3CVSS7.3AI score0.16507EPSS
CVE
CVE
added 2011/02/10 3:0 p.m.64 views

CVE-2011-0033

The CVE-2011-0033 entry concerns a vulnerability in the OpenType Compact Font Format (CFF) driver in multiple Windows platforms (XP SP2/SP3, Server 2003 SP2, Vista SP1/SP2, Server 2008 SP2/R2, and Windows 7). The issue stems from improper validation of parameter values when parsing OpenType fonts...

9.3CVSS7.6AI score0.20731EPSS
CVE
CVE
added 2011/02/09 12:0 a.m.64 views

CVE-2011-0089

CVE-2011-0089 affects Windows kernel-mode driver win32k.sys across multiple OS versions (XP SP2/SP3, Server 2003 SP2, Vista SP1/SP2, Server 2008 Gold/SP2/R2, and Windows 7). The issue is improper validation of user-mode data by the Win32k subsystem, enabling local users to gain privileges via a c...

7.2CVSS6.4AI score0.01676EPSS
CVE
CVE
added 2011/04/13 6:0 p.m.64 views

CVE-2011-0660

The CVE-2011-0660 issue is a remote code execution vulnerability in the SMB client of several Windows versions (XP SP2/SP3, Server 2003 SP2, Vista SP1/SP2, Server 2008 Gold/SP2/R2, and Windows 7 SP1). Root cause: the SMB client incorrectly validates crafted SMB responses (SMBv1 or SMBv2), enablin...

9.3CVSS7.5AI score0.16699EPSS
CVE
CVE
added 2011/04/13 6:0 p.m.64 views

CVE-2011-0670

CVE-2011-0670 describes a use-after-free vulnerability in win32k.sys within Windows kernel-mode drivers that enables local privilege escalation. Affected are Windows XP (SP2/SP3), Windows Server 2003 (SP2), Windows Vista (SP1/SP2), Windows Server 2008 (Gold, SP2, R2, R2 SP1), and Windows 7 (Gold,...

7.2CVSS6.5AI score0.01434EPSS
CVE
CVE
added 2011/04/13 8:7 p.m.64 views

CVE-2011-0671

The CVE-2011-0671 issue affects Windows kernel-mode driver win32k.sys and is caused by a use-after-free from incorrect driver object management. Affects Windows XP SP2-SP3, Server 2003 SP2, Vista SP1-SP2, Server 2008 Gold/SP2/R2 and R2 SP1, and Windows 7 Gold/SP1. Local privilege escalation is po...

8.4CVSS6.5AI score0.01345EPSS
CVE
CVE
added 2011/04/13 8:7 p.m.64 views

CVE-2011-1227

CVE-2011-1227 affects the Windows kernel’s win32k.sys (kernel-mode drivers). The vulnerability is a NULL pointer de-reference in the Win32k subsystem that enables local attackers to gain privileges on multiple Windows versions, including Windows XP SP2/SP3, Windows Server 2003 SP2, Windows Vista ...

7.2CVSS6.4AI score0.01398EPSS
CVE
CVE
added 2008/06/12 1:30 a.m.63 views

CVE-2008-1445

CVE-2008-1445 corresponds to a denial-of-service vulnerability in Active Directory affecting Windows 2000 Server SP4, Windows XP Professional SP2/SP3, Windows Server 2003 SP1/SP2, and Windows Server 2008. The issue arises from insufficient validation of specially crafted LDAP requests, allowing r...

7.1CVSS6AI score0.27144EPSS
CVE
CVE
added 2009/12/13 1:0 a.m.63 views

CVE-2009-4309

CVE-2009-4309 describes a heap-based buffer overflow in the Intel Indeo41 codec used by Windows Media Player, affecting Windows 2000 SP4, XP SP2/SP3, and Server 2003 SP2. The flaw arises from missing bounds checking on a size field in the IV41/movi record of an IV41 stream, permitting remote atta...

9.3CVSS7.9AI score0.24111EPSS
CVE
CVE
added 2010/04/14 3:44 p.m.63 views

CVE-2010-0235

CVE-2010-0235 is the Windows Kernel Symbolic Link Value Vulnerability. The provided documents confirm a denial-of-service impact (system becomes unresponsive and reboots) caused by improper validation of symbolic link values when created by the Windows kernel. Affected products (per MS10-021 and ...

4.7CVSS6AI score0.01829EPSS
CVE
CVE
added 2011/02/10 3:0 p.m.63 views

CVE-2011-0043

CVE-2011-0043 affects Kerberos in Windows XP SP2/SP3 and Windows Server 2003 SP2. The root cause is use of weak hashing (CRC32) in service tickets, enabling local privilege escalation by a crafted service ticket. Public mitigations are documented in MS11-013, which addresses Kerberos-related elev...

7.2CVSS6.4AI score0.01573EPSS
CVE
CVE
added 2011/04/13 6:0 p.m.63 views

CVE-2011-0666

CVE-2011-0666 is a use-after-free vulnerability in the Windows kernel-mode driver win32k.sys affecting Windows XP SP2/SP3, Windows Server 2003 SP2, Windows Vista SP1/SP2, Windows Server 2008 (Gold, SP2, R2, R2 SP1), and Windows 7 (Gold, SP1). The issue arises from incorrect driver object manageme...

7.2CVSS6.5AI score0.01434EPSS
CVE
CVE
added 2011/04/13 8:7 p.m.63 views

CVE-2011-0674

CVE-2011-0674 is a use-after-free in the Windows kernel-mode driver win32k.sys that allows local privilege escalation. Affected products include Windows XP SP2/SP3, Windows Server 2003 SP2, Windows Vista SP1/SP2, Windows Server 2008 SP2/R2, and Windows 7 SP1. Root cause: incorrect management of k...

7.2CVSS6.5AI score0.01434EPSS
CVE
CVE
added 2011/04/13 8:7 p.m.63 views

CVE-2011-1234

CVE-2011-1234 is a use-after-free vulnerability in the Windows kernel-mode driver component win32k.sys that enables local privilege escalation. The issue arises from incorrect driver object management in the kernel, affecting multiple Windows versions (XP SP2/SP3, Server 2003 SP2, Vista SP1/SP2, ...

7.2CVSS6.4AI score0.01443EPSS
Total number of security vulnerabilities229