15 matches found
CVE-2006-3439
CVE-2006-3439 is a buffer overflow in the Server Service (SRVSVC) RPC interface that can be triggered by malformed parameters to SRVSVC API functions, enabling remote code execution on affected Windows versions. Public context from connected docs shows exploits and disclosures tied to MS06-040, a...
CVE-2006-1314
CVE-2006-1314 is a heap-based buffer overflow in the Windows Server Service (SRV.SYS) that affects Windows 2000 SP4, XP SP1/SP2, and Server 2003 (up to SP1). The vulnerability allows remote code execution via crafted first-class Mailslot messages, triggering memory corruption and bypassing size r...
CVE-2005-1979
CVE-2005-1979 affects the Microsoft Distributed Transaction Coordinator (MSDTC) TIP handling. A denial-of-service can occur when a remote attacker sends a crafted TIP message, potentially terminating MSDTC and affecting dependent services. The issue is mitigated by MS05-051 updates across Windows...
CVE-2005-2119
Mode C: CVE-2005-2119 is discussed in connected docs as a MSDTC DoS variant: remote attackers can crash MSDTC by sending a BuildContextW request with a large UuidString or GuidIn, causing out-of-range memory access. It notes this is a variant of CVE-2005-2119 and affects the Microsoft Distributed...
CVE-2005-1978
CAN-2005-1978 pertains to a COM+ vulnerability in Windows (MS04-era MS05-051 context) where the COM+ component creates/uses memory structures in a way that could allow remote code execution and local privilege escalation. The linked MS05-051 bulletin confirms affected platforms include Windows 20...
CVE-2005-1980
CVE-2005-1980 corresponds to the MSDTC TIP Denial of Service vulnerability described in Microsoft Security Bulletin MS05-051 (CAN-2005-1980). The flaw affects MSDTC TIP processing, enabling a remote attacker to cause the DTC service to stop responding by sending a crafted TIP message. Microsoft l...
CVE-2005-2124
The CVE-2005-2124 entry concerns a vulnerability in the Windows Graphics Rendering Engine (GDI32.DLL) affecting Windows 2000 SP4, XP SP1/SP2, and Server 2003 SP1. The flaw stems from an unchecked buffer in WMF handling, enabling remote code execution via a crafted Windows Metafile image. Exploita...
CVE-2006-3873
CVE-2006-3873 describes a heap-based buffer overflow in URLMON.DLL of Microsoft Internet Explorer 6 SP1 on Windows 2000/XP SP1, exploitable via a long URL in a GZIP-compressed HTTP-redirected web page. The issue is tied to an incomplete fix for CVE-2006-3869 and is mitigated by applying the MS06-...
CVE-2005-2123
CVE-2005-2123 affects the Windows GDI32.DLL Graphics Rendering Engine, with heap-based buffer overflows triggered by crafted WMF/EMF image data. Affected systems include Windows 2000 SP4, XP SP1/SP2, and Server 2003 SP1. Root cause is overflow/unchecked size handling in image rendering, enabling ...
CVE-2006-3942
CVE-2006-3942 is a denial-of-service vulnerability in the Windows Server Service (SRV.SYS) affecting Windows NT 4.0, 2000, XP, and Server 2003. A crafted SMB_COM_TRANSACTION SMB message containing a non-terminated string can cause a NULL dereference in ExecuteTransaction, crashing the system. The...
CVE-2007-0214
CVE-2007-0214 affects the HTML Help ActiveX control (hhctrl.ocx) in Microsoft Windows 2000 SP3, XP SP2/Professional, and Windows Server 2003 SP1. The vulnerability arises from improper input validation in HTML Help ActiveX methods, leading to a remote code execution flaw if a user visits a specia...
CVE-2007-2374
Technical details are not publicly available in the provided documents; no affected products, vulnerable components, vectors, or fixes are specified. Monitor for updates.
CVE-2006-3445
Summary (CVE-2006-3445) : A memory corruption and heap-based overflow exists in Microsoft Agent when processing specially crafted .ACF files. The flaw occurs in the ReadWideString handling within agentdpv.dll and can be triggered via a remote attack, typically by convincing a user to view a malic...
CVE-2006-3351
CVE-2006-3351 is a Windows Explorer vulnerability (explorer.exe) affecting Windows XP/2003 where parsing of .url files with InternetShortcut tags can overflow the stack. A crafted .url file containing a long URL and many file: specifiers may trigger a denial of service and possibly arbitrary code...
CVE-2006-5585
CVE-2006-5585 is a local privilege-elevation vulnerability in the Client-Server Run-time Subsystem (CSRSS) of Microsoft Windows XP SP2 and Windows Server 2003. The issue arises from improper processing/validation of embedded file manifests by CSRSS, which could let a logged-on attacker run a craf...