9 matches found
CVE-2006-2370
CVE-2006-2370 describes a buffer/ memory corruption vulnerability in the Routing and Remote Access Service (RRAS) on Windows 2000 SP4, XP SP1/SP2, and Server 2003 SP1 and earlier. The flaw, triggered by certain crafted RPC-related requests to RRAS (RASMAN), allows remote attackers (authenticated ...
CVE-2006-6696
CVE-2006-6696 is a CSRSS vulnerability in Windows where improper handling of a MessageBox call with MB_SERVICE_NOTIFICATION can send a crafted HardError to CSRSS, enabling remote code execution. Public details indicate the issue affects multiple Windows versions (Windows 2000, XP, Server 2003, Vi...
CVE-2006-0032
Microsoft Windows Indexing Service vulnerability (CVE-2006-0032) is a cross-site scripting flaw in the Indexing Service component of Windows 2000/XP/Server 2003 when Encoding is set to Auto Select. An attacker can craft a UTF-7 URL that is injected into an error message, potentially executing scr...
CVE-2006-1313
CVE-2006-1313 is the Microsoft JScript memory corruption remote code execution vulnerability documented in MS06-023. It affects JScript in Windows 98/Me, Windows 2000 SP4, Windows XP (incl. SP1/SP2), and Windows Server 2003 families, including x64/Itanium variants, where JScript may release objec...
CVE-2006-0005
The CVE-2006-0005 vulnerability is a buffer overflow in the Windows Media Player plug-in (npdsplay.dll) used by non‑Microsoft browsers. When a user views HTML containing an EMBED tag with a long src attribute, it may allow remote code execution in the user’s context. Affected software includes Wi...
CVE-2006-2378
CVE-2006-2378 is a heap-based buffer overflow in the ART Image Rendering component (jgdw400.dll) used by AOL ART images in Microsoft Windows XP (SP1/SP2), Windows Server 2003 (SP1), and older/related OSes (including 98/Me). A crafted ART image can cause heap corruption, enabling remote code execu...
CVE-2006-2371
The CVE-2006-2371 issue is a buffer overflow in the Windows RRAS RASMAN RPC server (RASMAN) that affects Windows 2000 SP4, XP SP1/SP2, and Server 2003 SP1 and earlier. A remote attacker can trigger arbitrary code execution via crafted RPC-related requests, resulting in registry corruption and sta...
CVE-2006-3880
The CVE affects Microsoft Windows NT 4.0, Windows 2000, Windows XP, and Windows Small Business Server 2003. The issue is a DoS via a continuous stream of TCP port 135 packets carrying incorrect TCP header checksums and random values in certain TCP header fields (demonstrated by the Achilles Windo...
CVE-2006-3351
CVE-2006-3351 is a Windows Explorer vulnerability (explorer.exe) affecting Windows XP/2003 where parsing of .url files with InternetShortcut tags can overflow the stack. A crafted .url file containing a long URL and many file: specifiers may trigger a denial of service and possibly arbitrary code...