Windows 2003 Server@sp1 Security Vulnerabilities and Issues — Windows 2003 Server@sp1 CVE List

Lucene search

MicrosoftWindows 2003 Serversp1

16 matches found

CVE•added 2007/03/30 8:19 p.m.•86 views

CVE-2007-0038

Stack-based buffer overflow in the animated cursor code in Microsoft Windows 2000 SP4 through Vista allows remote attackers to execute arbitrary code or cause a denial of service (persistent reboot) via a large length value in the second (or later) anih block of a RIFF .ANI, cur, or .ico file, whic...

9.3CVSS7.8AI score0.90084EPSS

CVE•added 2007/04/13 6:19 p.m.•80 views

CVE-2007-1748

Stack-based buffer overflow in the RPC interface in the Domain Name System (DNS) Server Service in Microsoft Windows 2000 Server SP 4, Server 2003 SP 1, and Server 2003 SP 2 allows remote attackers to execute arbitrary code via a long zone name containing character constants represented by escape s...

10CVSS9.6AI score0.84055EPSS

CVE•added 2007/06/06 9:30 p.m.•75 views

CVE-2007-3091

Race condition in Microsoft Internet Explorer 6 SP1; 6 and 7 for Windows XP SP2 and SP3; 6 and 7 for Server 2003 SP2; 7 for Vista Gold, SP1, and SP2; and 7 for Server 2008 SP2 allows remote attackers to execute arbitrary code or perform other actions upon a page transition, with the permissions of ...

7.1CVSS7.2AI score0.18448EPSS

CVE•added 2007/04/10 9:19 p.m.•51 views

CVE-2007-1206

The Virtual DOS Machine (VDM) in the Windows Kernel in Microsoft Windows NT 4.0; 2000 SP4; XP SP2; Server 2003, 2003 SP1, and 2003 SP2; and Windows Vista before June 2006; uses insecure permissions (PAGE_READWRITE) for a physical memory view, which allows local users to gain privileges by modifying...

7.2CVSS6AI score0.01722EPSS

CVE•added 2007/06/12 7:30 p.m.•50 views

CVE-2007-2218

Unspecified vulnerability in the Windows Schannel Security Package for Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 and SP2, allows remote servers to execute arbitrary code or cause a denial of service via crafted digital signatures that are processed during an SSL handshake.

9.3CVSS7.6AI score0.50226EPSS

CVE•added 2007/04/10 9:19 p.m.•49 views

CVE-2007-1205

Unspecified vulnerability in Microsoft Agent (msagent\agentsvr.exe) in Windows 2000 SP4, XP SP2, and Server 2003, 2003 SP1, and 2003 SP2 allows remote attackers to execute arbitrary code via crafted URLs, which result in memory corruption.

9.3CVSS7.4AI score0.61977EPSS

CVE•added 2007/04/04 4:19 p.m.•49 views

CVE-2007-1215

Buffer overflow in the Graphics Device Interface (GDI) in Microsoft Windows 2000 SP4; XP SP2; Server 2003 Gold, SP1, and SP2; and Vista allows local users to gain privileges via certain "color-related parameters" in crafted images.

7.2CVSS6.5AI score0.0278EPSS

CVE•added 2007/04/04 4:19 p.m.•48 views

CVE-2007-1211

Unspecified kernel GDI functions in Microsoft Windows 2000 SP4; XP SP2; and Server 2003 Gold, SP1, and SP2 allows user-assisted remote attackers to cause a denial of service (possibly persistent restart) via a crafted Windows Metafile (WMF) image that causes an invalid dereference of an offset in a...

7.1CVSS6.1AI score0.90524EPSS

CVE•added 2007/02/13 8:28 p.m.•47 views

CVE-2006-1311

The RichEdit component in Microsoft Windows 2000 SP4, XP SP2, and 2003 SP1; Office 2000 SP3, XP SP3, 2003 SP2, and Office 2004 for Mac; and Learning Essentials for Microsoft Office 1.0, 1.1, and 1.5 allows user-assisted remote attackers to execute arbitrary code via a malformed OLE object in an RTF...

9.3CVSS7.4AI score0.68598EPSS

CVE•added 2007/02/13 8:28 p.m.•45 views

CVE-2007-0026

The OLE Dialog component in Microsoft Windows 2000 SP4, XP SP2, and 2003 SP1 allows user-assisted remote attackers to execute arbitrary code via an RTF file with a malformed OLE object that triggers memory corruption.

7.6CVSS7.4AI score0.47537EPSS

CVE•added 2007/06/04 5:30 p.m.•43 views

CVE-2007-2999

Microsoft Windows Server 2003, when time restrictions are in effect for user accounts, generates different error messages for failed login attempts with a valid user name than for those with an invalid user name, which allows context-dependent attackers to determine valid Active Directory account n...

1.8CVSS6.5AI score0.01252EPSS

CVE•added 2007/02/13 8:28 p.m.•42 views

CVE-2007-0214

The HTML Help ActiveX control (Hhctrl.ocx) in Microsoft Windows 2000 SP3, XP SP2 and Professional, 2003 SP1 allows remote attackers to execute arbitrary code via unspecified functions, related to uninitialized parameters.

9.3CVSS7.4AI score0.58096EPSS

CVE•added 2007/04/04 4:19 p.m.•42 views

CVE-2007-1212

Buffer overflow in the Graphics Device Interface (GDI) in Microsoft Windows 2000 SP4; XP SP2; Server 2003 Gold, SP1, and SP2; and Vista allows local users to gain privileges via a crafted Enhanced Metafile (EMF) image format file.

6.6CVSS6.3AI score0.02795EPSS

CVE•added 2007/02/13 8:28 p.m.•41 views

CVE-2007-0211

The hardware detection functionality in the Windows Shell in Microsoft Windows XP SP2 and Professional, and Server 2003 SP1 allows local users to gain privileges via an unvalidated parameter to a function related to the "detection and registration of new hardware."

7.2CVSS6.3AI score0.02312EPSS

CVE•added 2007/03/20 10:19 p.m.•38 views

CVE-2007-1537

\Device\NdisTapi (NDISTAPI.sys) in Microsoft Windows XP SP2 and 2003 SP1 uses weak permissions, which allows local users to write to the device and cause a denial of service, as demonstrated by using an IRQL to acquire a spinlock on paged memory via the NdisTapiDispatch function.

3.6CVSS6.4AI score0.01021EPSS

CVE•added 2007/06/12 8:30 p.m.•37 views

CVE-2007-2219

Unspecified vulnerability in the Win32 API on Microsoft Windows 2000, XP SP2, and Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via certain parameters to an unspecified function.

9.3CVSS7.5AI score0.58096EPSS