Lucene search
+L
MicrosoftWindows 2003 Server*

229 matches found

CVE
CVE
added 2008/04/08 11:0 p.m.62 views

CVE-2008-0083

CVE-2008-0083 affects Microsoft VBScript/JScript scripting engines (VBScript.dll and JScript.dll) version 5.1 and 5.6 used in Windows 2000 SP4, XP SP2, and Server 2003 SP1/SP2. A vulnerability in decoding scripts in Web pages and in memory loading could allow remote code execution through unknown...

9.3CVSS7.1AI score0.29963EPSS
CVE
CVE
added 2010/04/14 3:44 p.m.62 views

CVE-2010-0238

CVE-2010-0238 corresponds to the Windows Kernel Registry Key Vulnerability. A denial-of-service occurs when the Windows kernel validates registry keys, enabling a crafted local app to cause the system to become unresponsive and reboot on affected products: Windows 2000 SP4, XP SP2/SP3, Server 200...

4.9CVSS6AI score0.02102EPSS
CVE
CVE
added 2011/07/13 11:0 p.m.62 views

CVE-2011-1884

CVE-2011-1884 describes a use-after-free vulnerability in the Windows kernel‑mode driver component win32k.sys. The flaw arises from incorrect management of driver objects in the Win32k subsystem, enabling a local attacker to gain privileges by running a crafted application. Affected platforms inc...

7.2CVSS6.5AI score0.01405EPSS
CVE
CVE
added 2011/08/10 9:16 p.m.62 views

CVE-2011-1968

CVE-2011-1968 affects the Remote Desktop Protocol (RDP) implementation in Windows XP SP2/SP3 and Windows Server 2003 SP2. The vulnerability arises from improper handling of in-memory RDP packets, enabling an unauthenticated, remote attacker to cause a denial of service (reboot) by triggering acce...

7.1CVSS6.6AI score0.25708EPSS
CVE
CVE
added 2008/04/08 11:0 p.m.61 views

CVE-2008-1086

The CVE-2008-1086 issue concerns the hxvz.dll ActiveX control (HxTocCtrl) used by Microsoft Help 2.5 and exposed in Internet Explorer on Windows XP SP2, Server 2003 SP1/SP2, Vista SP1, and Server 2008. The vulnerability is a memory corruption flaw triggered by malformed arguments to the ActiveX c...

9.3CVSS7.4AI score0.30543EPSS
CVE
CVE
added 2009/12/13 1:0 a.m.61 views

CVE-2009-4311

CVE-2009-4311 describes an unspecified vulnerability in Microsoft's Indeo codec used by Windows 2000 SP4, XP SP2/SP3, and Server 2003 SP2, enabling remote code execution via crafted media content. Connected documents reference multiple SoCs (OpenVAS/NVD) and Microsoft security advisories (KB95575...

9.3CVSS7.2AI score0.21947EPSS
CVE
CVE
added 2011/02/09 12:0 a.m.61 views

CVE-2011-0088

CVE-2011-0088 is a Windows kernel‑mode privilege elevation vulnerability in the Win32k.sys driver. The root cause is improper validation of data passed from user mode to kernel mode, enabling a local attacker to execute arbitrary code with kernel privileges. Affected products include Windows XP (...

7.2CVSS6.3AI score0.01831EPSS
CVE
CVE
added 2011/04/13 8:7 p.m.61 views

CVE-2011-1233

The CVE-2011-1233 issue affects Windows kernel (win32k.sys) across multiple OS versions (XP SP2/SP3, Server 2003 SP2, Vista SP1/SP2, Server 2008 Gold/SP2/R2, and Windows 7 Gold/SP1). The vulnerability is a NULL pointer de-reference in win32k.sys that enables local privilege escalation via a craft...

7.2CVSS6.4AI score0.01398EPSS
CVE
CVE
added 2009/12/13 1:0 a.m.60 views

CVE-2009-4310

CVE-2009-4310 concerns the Intel Indeo41 codec used by Windows Media Player. The issue is a stack-based buffer overflow in IV41 streams within AVI containers that allows remote code execution on Windows 2000 SP4, XP SP2/XP SP3, and Server 2003 SP2 when processing crafted video data. Affected comp...

9.3CVSS7.8AI score0.24111EPSS
CVE
CVE
added 2010/03/03 7:0 p.m.60 views

CVE-2010-0917

CVE-2010-0917 is a distinct VBScript vulnerability causing a stack-based buffer overflow via the MsgBox fourth argument when Internet Explorer is used, affecting VBScript.dll on Windows 2000 SP4, XP SP2/SP3, and Windows Server 2003 SP2. An attacker-user interaction in IE could enable code executi...

7.6CVSS8AI score0.24316EPSS
CVE
CVE
added 2011/04/13 6:0 p.m.60 views

CVE-2011-0665

The CVE-2011-0665 issue concerns a use-after-free vulnerability in the Windows kernel-mode driver win32k.sys. Affected products include Windows XP SP2/SP3, Windows Server 2003 SP2, Windows Vista SP1/SP2, Windows Server 2008 Gold/SP2/R2 and R2 SP1, and Windows 7 Gold/SP1. Root cause: incorrect man...

7.2CVSS6.5AI score0.01434EPSS
CVE
CVE
added 2011/04/13 8:7 p.m.60 views

CVE-2011-1232

CVE-2011-1232 affects Windows kernel-Mode drivers (win32k.sys) across XP SP2-SP3, Server 2003 SP2, Vista SP1/SP2, Server 2008 Gold/SP2/R2/SP1, and Windows 7 Gold/SP1. Root cause: NULL pointer dereference in Win32k subsystem allows a crafted application to escalate privileges from local user to ke...

7.2CVSS6.4AI score0.01398EPSS
CVE
CVE
added 2011/04/13 8:7 p.m.60 views

CVE-2011-1235

CVE-2011-1235 is a Windows kernel–mode driver use‑after‑free vulnerability in the Win32k subsystem (win32k.sys). Documents confirm a local privilege‑escalation vector via crafted applications that exploit incorrect driver object management, affecting multiple XP/Server 2003/Vista/Server 2008/Wind...

7.2CVSS6.5AI score0.01434EPSS
CVE
CVE
added 2012/06/12 10:0 p.m.60 views

CVE-2012-1866

CVE-2012-1866 concerns a local privilege escalation in the Windows kernel-mode drivers, specifically the win32k.sys component. The issue arises from improper handling of user-mode input passed to kernel-mode driver objects, enabling a local attacker to gain elevated privileges via a crafted appli...

7.2CVSS6.3AI score0.01722EPSS
CVE
CVE
added 2012/06/12 10:0 p.m.60 views

CVE-2012-1867

CVE-2012-1867 is a local privilege-escalation flaw in Windows where an integer overflow in win32k.sys (font resource handling) could allow a local attacker to gain SYSTEM-level privileges via a crafted TrueType font. Affected products include Windows XP SP2/SP3, Windows Server 2003 SP2, Windows V...

8.4CVSS6.7AI score0.01224EPSS
CVE
CVE
added 2011/04/13 8:7 p.m.59 views

CVE-2011-0675

CVE-2011-0675 is a local privilege-escalation in Windows caused by a use-after-free in win32k.sys (kernel-mode drivers). Affected are Windows XP SP2/SP3, Server 2003 SP2, Vista SP1/SP2, Server 2008 (Gold, SP2, R2, R2 SP1), and Windows 7 (Gold/SP1). The root cause is incorrect management of kernel...

7.2CVSS6.5AI score0.01434EPSS
CVE
CVE
added 2011/04/13 8:7 p.m.59 views

CVE-2011-1228

CVE-2011-1228 affects Microsoft Windows kernel-mode driver component win32k.sys. A NULL pointer de-reference in win32k allowed local attackers to gain kernel-level privileges on affected OS versions (XP SP2/SP3, Server 2003 SP2, Vista SP1/SP2, Server 2008 SP2/R2, Windows 7 Gold/SP1). The issue is...

7.2CVSS6.4AI score0.01398EPSS
CVE
CVE
added 2011/07/13 11:0 p.m.59 views

CVE-2011-1879

CVE-2011-1879 is a local privilege-escalation in Win32k.sys (kernel-mode driver) caused by incorrect driver object management leading to a use-after-free. Affects Windows XP (SP2, SP3), Server 2003 (SP2), Vista (SP1, SP2), Server 2008 (Gold, SP2, R2, R2 SP1), and Windows 7 (Gold, SP1). Successful...

7.2CVSS6.5AI score0.01405EPSS
CVE
CVE
added 2011/04/13 8:7 p.m.58 views

CVE-2011-1226

The CVE-2011-1226 issue is a local privilege-escalation vulnerability in Windows kernel-mode driver code (win32k.sys) caused by a NULL pointer de-reference. A crafted local application can trigger this in multiple supported OS versions, including Windows XP (SP2–SP3), Windows Server 2003 (SP2), W...

7.2CVSS6.4AI score0.01398EPSS
CVE
CVE
added 2007/09/12 1:0 a.m.57 views

CVE-2007-3036

CVE-2007-3036 describes a local privilege-escalation vulnerability in Windows Services for UNIX (WSF) 3.0 and 3.5 and in the Subsystem for UNIX-based Applications on Windows 2000/XP/Server 2003/Vista. The underlying issue is improper handling of setuid binary files which may allow a local, authen...

6.9CVSS6.3AI score0.02398EPSS
CVE
CVE
added 2009/12/13 1:0 a.m.57 views

CVE-2009-4312

CVE-2009-4312 concerns the Microsoft Windows Indeo codec and, per the provided documents, describes an unspecified vulnerability in the Indeo codec on Windows 2000 SP4, XP SP2/SP3, and Server 2003 SP2 that could allow remote code execution via crafted media content. The OpenVAS entries also refer...

9.3CVSS7.5AI score0.20731EPSS
CVE
CVE
added 2011/02/09 12:0 a.m.57 views

CVE-2011-0039

The CVE-2011-0039 entry describes an elevation-of-privilege flaw in the Local Security Authority Subsystem Service (LSASS) on Windows XP SP2/SP3 and Windows Server 2003 SP2. The issue arises when LSASS processes specially crafted authentication requests with a manipulated length, enabling local u...

7.2CVSS6.6AI score0.01924EPSS
CVE
CVE
added 2011/02/09 12:0 a.m.57 views

CVE-2011-0040

The CVE-2011-0040 vulnerability affects Microsoft Active Directory on Windows Server 2003 SP2, where the server mishandles an update request for a Service Principal Name (SPN). This can allow remote attackers to cause a denial of service or authentication outage via crafted SPN update requests th...

5CVSS6.6AI score0.2276EPSS
CVE
CVE
added 2007/02/13 8:0 p.m.56 views

CVE-2007-0214

CVE-2007-0214 affects the HTML Help ActiveX control (hhctrl.ocx) in Microsoft Windows 2000 SP3, XP SP2/Professional, and Windows Server 2003 SP1. The vulnerability arises from improper input validation in HTML Help ActiveX methods, leading to a remote code execution flaw if a user visits a specia...

9.3CVSS7.4AI score0.26374EPSS
CVE
CVE
added 2007/04/10 11:0 p.m.56 views

CVE-2007-1912

CVE-2007-1912 relates to a heap-based buffer overflow in Microsoft Windows’ Help system (WinHelp) triggered by specially crafted .HLP files. The connected advisory CPAI-2007-254 describes a boundary/heap overflow in handling HLP files that could allow a remote attacker to inject and execute arbit...

6.8CVSS7AI score0.13935EPSS
CVE
CVE
added 2010/02/26 7:0 p.m.56 views

CVE-2010-0719

CVE-2010-0719 affects multiple Windows client/server OSes (Windows 2000, XP, Server 2003, Vista, Server 2008, Windows 7). The root cause is an unspecified API that does not validate arguments, enabling local user privilege to trigger a denial of service (system crash) via a crafted application. T...

4.7CVSS6.4AI score0.01836EPSS
CVE
CVE
added 2007/04/30 11:0 p.m.54 views

CVE-2007-2374

Technical details are not publicly available in the provided documents; no affected products, vulnerable components, vectors, or fixes are specified. Monitor for updates.

9.3CVSS7.4AI score0.17432EPSS
CVE
CVE
added 2010/12/16 7:0 p.m.54 views

CVE-2010-3957

CVE-2010-3957 is a Windows OpenType Font (OTF) driver vulnerability (double-free) affecting Windows XP SP2–SP3, Server 2003 SP2, Vista SP1–SP2, Server 2008 Gold SP2/R2, and Windows 7. The issue resides in the OTF driver’s memory handling while parsing OpenType fonts, enabling local privilege esca...

7.3CVSS6.4AI score0.0183EPSS
CVE
CVE
added 2007/06/12 8:0 p.m.51 views

CVE-2007-2219

CVE-2007-2219 is a remote code-execution flaw in the Win32 API present on Windows 2000 SP4, XP SP2, and Server 2003 SP1/SP2. The vulnerability stems from improper validation of parameters passed to a Win32 API function, enabling an attacker to execute arbitrary code by convincing a user to view a...

9.3CVSS7.5AI score0.31808EPSS
Total number of security vulnerabilities229