Lucene search
K
MicrosoftWindows 2003 Server-

21 matches found

CVE
CVE
•added 2013/11/27 11:0 p.m.•1088 views

CVE-2013-5065

NDProxy.sys in the Windows kernel is affected by a local privilege escalation flaw (CVE-2013-5065) caused by improper input validation in the NDPROXY driver. A crafted IOCTL path allows a local attacker to exploit a NULL pointer dereference to escalate privileges on affected systems. Public explo...

7.8CVSS6.3AI score0.34893EPSS
In wild
CVE
CVE
•added 2015/04/21 10:0 a.m.•1019 views

CVE-2015-1701

CVE-2015-1701 is a Win32k.sys kernel-mode privilege-escalation flaw affecting Windows Server 2003 SP2, Vista SP2, and Server 2008 SP2. The issue stems from improper handling within win32k, notably around the ClientCopyImage/SetWindowLongPtr path, enabling a crafted user-mode input to execute code...

7.8CVSS7.3AI score0.562EPSS
In wild
CVE
CVE
•added 2010/02/10 6:0 p.m.•151 views

CVE-2010-0231

CVE-2010-0231 involves the SMB server’s NTLM authentication on Windows 2000/XP/2003/Vista/Server 2008/7 where insufficient entropy in server-generated challenges (duplicate NTLM nonces) allows remote attackers to access files and SMB resources after many authentication requests. Root cause: weak ...

10CVSS9AI score0.41262EPSS
CVE
CVE
•added 2010/02/10 6:0 p.m.•148 views

CVE-2010-0020

CVE-2010-0020 concerns a flaw in the SMB server implementation of Windows: the Server service fails to validate request fields, enabling a remote authenticated user to execute arbitrary code via a malformed SMB request. Affected platforms include Windows 2000 SP4, XP SP2/SP3, Server 2003 SP2, Vis...

9CVSS7.1AI score0.32032EPSS
CVE
CVE
•added 2010/02/10 6:0 p.m.•124 views

CVE-2010-0022

CVE-2010-0022 is part of the SMB server NTLM vulnerabilities addressed by Microsoft MS10-012. The XP/2000/2003/Vista/2008/7 SMB server implementation fails to properly validate shared/servername fields in SMB packets, allowing remote attackers to cause a denial of service (system hang) via a craf...

7.8CVSS6.3AI score0.79499EPSS
CVE
CVE
•added 2010/02/10 6:0 p.m.•122 views

CVE-2010-0021

CVE-2010-0021 is part of the MS10-012 set of SMB server vulnerabilities affecting Windows Vista/Windows Server 2008/Windows 7 and related Server roles. The issue arises from race conditions in the SMB Server service during Negotiate handling (SMBv1/v2), allowing remote attackers to trigger a deni...

7.1CVSS6.4AI score0.14385EPSS
CVE
CVE
•added 2009/07/07 11:0 p.m.•112 views

CVE-2008-0015

CVE-2008-0015 is a stack-based buffer overflow in ATL’s CComVariant::ReadFromStream used by the MPEG2TuneRequest ActiveX control in msvidctl.dll (DirectShow). The vulnerability affects multiple Windows versions (2000 SP4, XP SP2/SP3, Server 2003 SP2, Vista SP1/SP2, Server 2008 SP2) and allows rem...

9.3CVSS7.8AI score0.76647EPSS
In wild
CVE
CVE
•added 2009/07/07 11:0 p.m.•110 views

CVE-2008-0020

Technical details about CVE-2008-0020 are not publicly available in the provided connected documents. Monitor for updates as new information becomes public.

9.3CVSS7.4AI score0.30917EPSS
CVE
CVE
•added 2007/03/30 12:0 a.m.•101 views

CVE-2007-1765

CVE-2007-1765 refers to a remote code execution/DoS vulnerability in Microsoft Windows (Windows 2000 SP4 through Vista) via a malformed ANI file that corrupts memory while processing cursors/animated cursors/icons in LoadAniIcon() of USER32.dll. Connected sources identify this as MS07-017 (RIFF/A...

9.3CVSS7.7AI score0.54326EPSS
CVE
CVE
•added 2010/04/14 3:44 p.m.•99 views

CVE-2010-0024

The CVEs concern the Windows SMTP service (smtpsvc.dll) used by Microsoft Windows 2000 SP4, Windows XP SP3, Windows Server 2003 SP2, Windows Server 2008 SP2/R2, Exchange Server 2003 SP3, Exchange Server 2007 SP2, and Exchange Server 2010. CVE-2010-0024 describes a flaw in parsing DNS MX records t...

5CVSS6.2AI score0.10746EPSS
CVE
CVE
•added 2010/08/16 6:25 p.m.•91 views

CVE-2010-1886

CVE-2010-1886 represents a local privilege-escalation issue in Windows where an attacker with access to a process running under the NetworkService account can gain LocalSystem privileges via the Windows Service Isolation mechanism. Documented vectors involve the TAPI Server and other services suc...

6.8CVSS7.5AI score0.01407EPSS
CVE
CVE
•added 2010/04/14 3:44 p.m.•86 views

CVE-2010-0025

Technical details for CVE-2010-0025 are not provided in the connected documents; only related DNS spoofing CVEs are present. Monitor for updates.

5CVSS6.7AI score0.21491EPSS
CVE
CVE
•added 2011/04/13 8:7 p.m.•80 views

CVE-2011-1229

CVE-2011-1229 is a local privilege-escalation vulnerability in the Windows kernel identified as the Win32k NULL Pointer De-reference. It affects win32k.sys in multiple Windows platforms: XP SP2/SP3, Server 2003 SP2, Vista SP1/SP2, Server 2008 Gold/SP2/R2 and R2 SP1, and Windows 7 SP1. A crafted a...

7.2CVSS6.4AI score0.01468EPSS
CVE
CVE
•added 2009/08/12 5:0 p.m.•78 views

CVE-2009-1923

CVE-2009-1923 describes a heap-based buffer overflow in the Windows WINS service that can allow remote code execution on Windows 2000 SP4 and Windows Server 2003 SP2. The flaw occurs during WINS replication packet processing, where a buffer-length calculation leads to a heap overflow. Public refe...

9.3CVSS7.9AI score0.24658EPSS
CVE
CVE
•added 2008/09/10 3:0 p.m.•76 views

CVE-2008-3008

CVE-2008-3008 affects Windows Media Encoder 9 Series. A stack-based buffer overflow in the WMEncProfileManager ActiveX control (wmex.dll) can be triggered by passing a very long first argument to GetDetailsString, enabling remote code execution. The vulnerability is associated with Microsoft MS08...

9.3CVSS7.6AI score0.54553EPSS
CVE
CVE
•added 2009/12/09 6:0 p.m.•73 views

CVE-2009-3675

CVE-2009-3675 describes a denial-of-service vulnerability in Windows LSASS (Local Security Authority Subsystem Service) where remote authenticated attackers can exhaust CPU resources by sending specially crafted ISAKMP messages over IPsec. Affected: Windows 2000 SP4, XP SP2/SP3, and Server 2003 S...

6.8CVSS6AI score0.24705EPSS
CVE
CVE
•added 2015/06/10 1:0 a.m.•67 views

CVE-2015-1768

CVE-2015-1768 affects the Windows kernel-mode driver Win32k.sys, specifically on Windows Server 2003 SP2 and R2 SP2, where a memory corruption issue in the kernel can allow local privilege escalation or denial of service. The vulnerability arises from flaws in handling memory/objects in win32k.sy...

7.2CVSS6.7AI score0.02028EPSS
CVE
CVE
•added 2007/09/27 7:0 p.m.•66 views

CVE-2007-5133

Microsoft Windows Explorer (explorer.exe) is affected by CVE-2007-5133. A crafted PNG file with a large tEXt chunk may trigger an integer overflow in PNG chunk size handling, allowing user‑assisted remote attackers to cause a denial of service (CPU consumption). The connected sources explicitly d...

7.1CVSS6.9AI score0.22913EPSS
CVE
CVE
•added 2009/08/12 5:0 p.m.•65 views

CVE-2009-1924

The CVE-2009-1924 entry relates to an integer/heap overflow in Microsoft Windows WINS (NetBIOS name resolution). Affected product: Windows Server/Windows 2000 SP4 with WINS service. Vulnerability arises when processing crafted WINS replication packets, allowing remote code execution with SYSTEM p...

9.3CVSS7.8AI score0.08842EPSS
CVE
CVE
•added 2006/06/13 7:0 p.m.•60 views

CVE-2006-2374

CVE-2006-2374 (SMB Invalid Handle Vulnerability) affects Windows 2000 SP4, XP SP1/SP2, and Server 2003 SP1 and earlier. The issue is a DoS in MRXSMB.SYS caused by a logic/error in MrxSmbCscIoctlCloseForCopyChunk when given a shadow-device file handle, potentially freezing the system (deadlock). T...

5.5CVSS5.2AI score0.01811EPSS
CVE
CVE
•added 2008/06/12 1:30 a.m.•48 views

CVE-2008-1451

CVE-2008-1451 affects the Windows WINS service on: Windows 2000 Server SP4, Windows Server 2003 SP1/SP2 (including x64/Itanium variants listed in MS08-034). The vulnerability arises because WINS does not properly validate the data structures of crafted WINS network packets, enabling a local attac...

7.2CVSS6.2AI score0.04142EPSS