Lucene search
K
MicrosoftWindows 2003 Serverweb

66 matches found

CVE
CVE
added 2003/07/17 4:0 a.m.227 views

CVE-2003-0352

CVE-2003-0352 describes a buffer overflow vulnerability in the DCOM RPC interface (RPCSS) of Windows NT 4.0 SP3-6a, Windows 2000, XP, and Server 2003. The issue is a stack/heap buffer overflow triggered by a malformed DCERPC DCOM object activation request with modified length fields, allowing rem...

7.5CVSS7.5AI score0.98626EPSS
CVE
CVE
added 2006/01/10 10:0 p.m.138 views

CVE-2006-0010

CVE-2006-0010 describes a heap-based buffer overflow in T2EMBED.DLL on Windows platforms (Windows 98/ME, Windows 2000 SP4, Windows XP SP1/SP2, Windows Server 2003 up to SP1). The overflow is triggered while Windows decompresses Embedded Open Type (EOT) fonts referenced by web pages or email, allo...

9.3CVSS7.7AI score0.32189EPSS
CVE
CVE
added 2005/05/31 4:0 a.m.137 views

CVE-2005-0356

CVE-2005-0356 affects F5 BIG-IP BIG-IP LTM 9.0.0–9.0.5; other listed BIG-IP lines are not affected (e.g., 9.1.x, 9.2.x, 9.3.x, 9.4.x, 9.6.x are Not Affected). The issue is described as inadequate validation for TCP segments with PAWS/timestamps, enabling a remote attacker to cause a denial of ser...

5CVSS6.2AI score0.83284EPSS
CVE
CVE
added 2003/09/12 4:0 a.m.121 views

CVE-2003-0528

Technical details for CVE-2003-0528 are not publicly provided in the supplied documents. Monitor for updates from official advisories; related CVEs (e.g., CVE-2003-0352) are discussed but do not specify 0528 specifics.

10CVSS7.8AI score0.37799EPSS
CVE
CVE
added 2003/09/04 4:0 a.m.119 views

CVE-2003-0661

The CVE-2003-0661 entry concerns the NetBIOS NBNS information disclosure vulnerability in Windows NT 4.0, 2000, XP, and Server 2003. The NBNS response may leak random memory contents from the target, potentially revealing sensitive data to remote attackers. Public details across connected documen...

5CVSS6.3AI score0.22019EPSS
CVE
CVE
added 2004/02/11 5:0 a.m.114 views

CVE-2003-0818

CVE-2003-0818 covers a heap-based overflow in the Microsoft ASN.1 library (MSASN1.DLL) used by Windows components (LSASS.EXE, CRYPT32.DLL) on Windows NT 4.0/2000/XP. The vulnerability affects BER decoding of ASN.1 data, with two vectors: (1) very large length fields overwriting heap data, and (2)...

7.5CVSS7.4AI score0.84008EPSS
CVE
CVE
added 2003/09/12 4:0 a.m.106 views

CVE-2003-0715

CVE-2003-0715 describes a heap-based buffer overflow in the Windows RPCSS DCOM interface that can be triggered by a malformed DCERPC DCOM object activation request with modified length fields, enabling remote code execution. Affected: Windows NT 4.0 SPx, 2000, XP, and Server 2003 (DCOM RPC interf...

10CVSS7.7AI score0.37141EPSS
CVE
CVE
added 2006/06/13 7:0 p.m.103 views

CVE-2006-2370

CVE-2006-2370 describes a buffer/ memory corruption vulnerability in the Routing and Remote Access Service (RRAS) on Windows 2000 SP4, XP SP1/SP2, and Server 2003 SP1 and earlier. The flaw, triggered by certain crafted RPC-related requests to RRAS (RASMAN), allows remote attackers (authenticated ...

7.5CVSS9.7AI score0.72969EPSS
Web
CVE
CVE
added 2005/06/14 4:0 a.m.93 views

CVE-2005-1205

The CVE-2005-1205 issue is a documented information-disclosure vulnerability in the Microsoft Telnet client across Windows XP, Windows Server 2003, and Windows Services for UNIX. Exploitation arises from handling the Telnet NEW-ENVIRON command (SEND ENV_USERVAR), allowing a remote attacker to rea...

5CVSS6.3AI score0.33261EPSS
CVE
CVE
added 2005/12/28 7:0 p.m.92 views

CVE-2005-4560

CVE-2005-4560 is a Windows GDI/WMF parsing vulnerability in GDI32.DLL that allows remote code execution via a crafted WMF image using the SETABORTPROC GDI Escape function, with SHIMGVW.DLL involved. The issue is tied to WMF/EMF processing in Windows, and public details describe arbitrary code exe...

7.5CVSS7.1AI score0.86476EPSS
CVE
CVE
added 2006/12/22 2:0 a.m.91 views

CVE-2006-6696

CVE-2006-6696 is a CSRSS vulnerability in Windows where improper handling of a MessageBox call with MB_SERVICE_NOTIFICATION can send a crafted HardError to CSRSS, enabling remote code execution. Public details indicate the issue affects multiple Windows versions (Windows 2000, XP, Server 2003, Vi...

6.9CVSS6.2AI score0.03284EPSS
CVE
CVE
added 2003/10/17 4:0 a.m.90 views

CVE-2003-0717

CVE-2003-0717 describes a buffer overflow in the Windows Messenger Service (NT through Server 2003). The root cause is improper validation of message length before writing to the allocated buffer, enabling remote code execution with the target’s privileges. Public sources (MS03-043) identify affe...

7.5CVSS7.9AI score0.63464EPSS
CVE
CVE
added 2004/12/15 5:0 a.m.88 views

CVE-2004-0571

CVE-2004-0571 describes a remote code execution vulnerability in the Word for Windows 6.0 Converter used by WordPad. A crafted Word 6.0 document could trigger an unchecked data length/buffer handling in the converter, enabling an attacker to execute arbitrary code on a vulnerable system when the ...

10CVSS7.6AI score0.30724EPSS
CVE
CVE
added 2004/12/15 5:0 a.m.88 views

CVE-2004-0901

CVE-2004-0901 (Font Conversion Vulnerability) affects WordPad’s Word for Windows 6.0 Converter (MSWRD632.WPC) used by WordPad. A crafted Word/RTF/WRI/ DOC file can trigger a buffer/length-check flaw, leading to remote code execution when opened by WordPad. Public advisories (MS04-041) document tw...

10CVSS7.5AI score0.31053EPSS
CVE
CVE
added 2004/09/01 4:0 a.m.86 views

CVE-2003-0825

CVE-2003-0825 concerns the Windows Internet Naming Service (WINS) in Windows NT/2000/Server 2003 families, where malformed packets with improper lengths bypass WINS’ length validation. The result is a remote denial of service on Windows Server 2003 and, for older platforms, potential denial of se...

9.3CVSS7.2AI score0.12099EPSS
CVE
CVE
added 2004/07/14 4:0 a.m.86 views

CVE-2004-0201

The CVE-2004-0201 entry documents a heap-based buffer overflow in the HTML Help viewer hh.exe used by HTML Help (.chm) on Windows platforms (Windows 98, Me, NT 4.0, 2000, XP, and Server 2003). The vulnerability allows remote code execution via a .CHM file with a large length field, enabling an at...

10CVSS7.8AI score0.45137EPSS
CVE
CVE
added 2005/02/14 5:0 a.m.86 views

CVE-2005-0416

CVE-2005-0416 describes a stack-based buffer overflow in the Windows Animated Cursor (ANI) handling. The vulnerability affects Windows NT, Windows 2000 (SP4), Windows XP (SP1), and Windows 2003, where a crafted AnimationHeaderBlock length field can lead to remote code execution or memory corrupti...

7.5CVSS7.6AI score0.45486EPSS
CVE
CVE
added 2005/02/08 5:0 a.m.85 views

CVE-2005-0045

CVE-2005-0045 is a remote code execution vulnerability in the SMB client/server implementation on Windows NT 4.0, 2000, XP and Server 2003. The issue stems from improper validation of SMB packets, enabling an attacker to execute arbitrary code by crafting SMB Transaction responses (notably Trans ...

7.5CVSS7.6AI score0.73094EPSS
CVE
CVE
added 2006/05/09 11:0 p.m.80 views

CVE-2006-1184

CVE-2006-1184 describes a Denial of Service in Microsoft Windows’ Distributed Transaction Coordinator (MSDTC) that could crash the MSDTC service when a remote attacker sends a crafted BuildContextW message with a large UuidString or GuidIn. The issue affects MSDTC on Windows NT 4.0, 2000 SP4, XP ...

5CVSS6.3AI score0.29721EPSS
CVE
CVE
added 2006/06/13 7:0 p.m.80 views

CVE-2006-2379

CVE-2006-2379 describes a buffer overflow in the Windows TCP/IP Protocol driver related to IP source routing. Affected products include Windows 2000 SP4, XP SP1/SP2, and Server 2003 SP1 and earlier. The root cause is an unchecked buffer length when processing IP source routing packets, potentiall...

9.3CVSS7.7AI score0.58027EPSS
CVE
CVE
added 2005/02/08 5:0 a.m.79 views

CVE-2005-0053

Summary of CAN-2005-0053 (CVE-2005-0053) : In Internet Explorer 5.01, 5.5, and 6, drag-and-drop events can be exploited to write arbitrary files or execute code on the local system via malicious drag-and-drop content. Microsoft’s fix is delivered in two security updates: MS05-014 (CVE CAN-2005-00...

7.5CVSS7.6AI score0.6349EPSS
CVE
CVE
added 2006/05/09 11:0 p.m.76 views

CVE-2006-0034

CVE-2006-0034 describes a heap-based buffer overflow in MSDTC’s RPC path (msdtcprx.dll BuildContextW/BuildContext) caused by an overly long fifth argument, triggering a bug in NdrAllocate. Affected products include Windows 2000/NT4-era MSDTC deployments, with the issue leading to denial of servic...

7.5CVSS7.9AI score0.30542EPSS
CVE
CVE
added 2004/06/11 4:0 a.m.75 views

CVE-2004-0202

CVE-2004-0202 concerns a denial-of-service vulnerability in the DirectPlay API, specifically the IDirectPlay4 interfaces of DirectPlay within Microsoft DirectX. The issue arises from insufficient input/packet validation of incoming network data, enabling a remote attacker to crash a DirectPlay-ba...

5CVSS6.4AI score0.26175EPSS
CVE
CVE
added 2005/02/08 5:0 a.m.75 views

CVE-2005-0044

CVE-2005-0044 is the Input Validation Vulnerability in the Windows OLE component that could allow remote code execution. The NVD/NVD-derived data unify that the issue affects Windows 98, 2000, XP, and Server 2003, as well as Exchange Server 5.0–2003, caused by improper validation of message lengt...

7.5CVSS7.4AI score0.33206EPSS
CVE
CVE
added 2005/02/08 5:0 a.m.75 views

CVE-2005-0050

CVE-2005-0050 covers a remote code execution/DoS vulnerability in the Windows License Logging Service (LLS) affecting Windows NT Server, Windows 2000 Server, and Windows Server 2003. The root cause is an unchecked buffer due to improper validation of message lengths, enabling a specially crafted ...

10CVSS7.5AI score0.46513EPSS
CVE
CVE
added 2005/04/13 4:0 a.m.75 views

CVE-2005-0063

The CVE-2005-0063 issue stems from Windows Shell/MSHTA handling of file associations. A remote code execution vulnerability exists when a user opens a specially crafted OLE2 document (e.g., Word) whose CLSID is manipulated to invoke HTML Application Host (MSHTA) to process the file. Exploitation ...

7.5CVSS7.1AI score0.51684EPSS
CVE
CVE
added 2004/12/15 5:0 a.m.74 views

CVE-2004-0893

This CVE describes two privilege-elevation flaws in Windows components from 2004: (1) the Local Procedure Call (LPC) interface in the Windows kernel fails to validate message lengths, enabling a locally-authenticated attacker to gain full control; and (2) LSASS validates identity tokens improperl...

7.2CVSS6.6AI score0.01514EPSS
CVE
CVE
added 2005/06/15 4:0 a.m.74 views

CVE-2005-1208

CVE-2005-1208 describes a remote code execution vulnerability in Microsoft HTML Help (CHM/InfoTech Storage protocols like ms-its, ms-itss, its, mk:@MSITStore). The root cause is an integer overflow/heap-based buffer overflow when processing crafted CHM content with a large size field, exploitable...

10CVSS7.9AI score0.4715EPSS
CVE
CVE
added 2004/12/15 5:0 a.m.73 views

CVE-2004-0568

HyperTerminal for Windows NT 4.0/2000/XP/Server 2003 contains a buffer overflow in session file handling due to improper validation of a value’s length. This allows a remote attacker to execute arbitrary code when a user opens a malicious HyperTerminal session file (.ht), or follows a web/Telnet ...

10CVSS7.9AI score0.35155EPSS
CVE
CVE
added 2005/01/06 5:0 a.m.73 views

CVE-2004-1319

The CVE-2004-1319 issue concerns the DHTML Editing Component ActiveX control (dhtmled.ocx) used by Internet Explorer. The vulnerability is cross-domain in nature and could allow remote code execution or information disclosure by exploiting the control from a malicious page, potentially granting a...

5CVSS6.6AI score0.26162EPSS
CVE
CVE
added 2003/10/17 4:0 a.m.72 views

CVE-2003-0659

CVE-2003-0659 describes a buffer-overflow in a function used by the Windows ListBox and ComboBox controls (User32.dll) that can be triggered by crafted Windows messages (LB_DIR/CB_DIR). This local, interactive vulnerability could allow an attacker who can log on to execute arbitrary code with the...

7.2CVSS7.3AI score0.33575EPSS
CVE
CVE
added 2005/01/06 5:0 a.m.71 views

CVE-2004-1305

CVE-2004-1305 refers to a denial-of-service vulnerability in the Windows kernel related to how animated cursor and icon formats are processed. The weakness, described in MS05-002 and related CERT advisories, can be triggered by specially crafted cursor/icon/ani files viewed via Web pages or email...

5CVSS6.5AI score0.6236EPSS
CVE
CVE
added 2005/08/10 4:0 a.m.71 views

CVE-2005-1218

CVE-2005-1218 describes a denial-of-service in the Microsoft Windows Remote Desktop Protocol (RDP) service affecting Windows 2000/XP/Server 2003. Root cause: an input-validation flaw in how RDP messages are processed, which could allow a remote attacker to crash the RDP service by sending a craft...

5CVSS6.4AI score0.61183EPSS
CVE
CVE
added 2006/04/12 12:0 a.m.71 views

CVE-2006-0012

CVE-2006-0012 is a Windows Shell vulnerability in which Windows Explorer could incorrectly handle COM objects, enabling remote code execution if a user visits a malicious Web site or opens crafted files/directories. Affected products include Windows 2000 SP4, XP SP1/SP2, and Windows Server 2003 S...

5.1CVSS7.5AI score0.24069EPSS
CVE
CVE
added 2006/02/14 7:0 p.m.71 views

CVE-2006-0013

Mode C: Affected software and root cause: Microsoft Windows XP SP1/SP2 and Windows Server 2003 up to SP1 with the Web Client service (WebClnt.dll) are vulnerable. The issue is an unchecked buffer in the Web Client service that handles WebDAV/RPC messages, enabling remote code execution. Impact: a...

6.5CVSS7.4AI score0.34854EPSS
CVE
CVE
added 2003/10/17 4:0 a.m.70 views

CVE-2003-0711

CVE-2003-0711 describes a stack-based buffer overflow in the PCHealth-HSC (Help and Support Center) HCP URL handling on Windows XP and Windows Server 2003. The unchecked buffer in the HCP protocol-handling file allows remote code execution with SYSTEM/Local privileges when a user clicks a crafted...

7.5CVSS8.1AI score0.33077EPSS
CVE
CVE
added 2004/12/15 5:0 a.m.69 views

CVE-2004-0894

CVE-2004-0894 is a local elevation-of-privilege issue in LSASS on Microsoft Windows 2000 Server and Windows Server 2003. The vulnerability stems from incomplete validation of connection information by LSASS, allowing a locally authenticated user to gain complete control of the system by running a...

7.2CVSS6.5AI score0.03629EPSS
CVE
CVE
added 2005/02/08 5:0 a.m.69 views

CVE-2005-0047

CVE-2005-0047 relates to a local privilege-escalation vulnerability in Windows OLE/COM Structured Storage handling (CAN-2005-0047) affecting Windows 2000, Windows XP, and Windows Server 2003. The root cause is improper validation of memory regions when processing COM structured storage files, ena...

7.2CVSS7.1AI score0.05132EPSS
CVE
CVE
added 2006/09/12 11:0 p.m.69 views

CVE-2006-0032

Microsoft Windows Indexing Service vulnerability (CVE-2006-0032) is a cross-site scripting flaw in the Indexing Service component of Windows 2000/XP/Server 2003 when Encoding is set to Auto Select. An attacker can craft a UTF-7 URL that is injected into an error message, potentially executing scr...

4.3CVSS5.4AI score0.33221EPSS
CVE
CVE
added 2006/06/13 7:0 p.m.69 views

CVE-2006-1313

CVE-2006-1313 is the Microsoft JScript memory corruption remote code execution vulnerability documented in MS06-023. It affects JScript in Windows 98/Me, Windows 2000 SP4, Windows XP (incl. SP1/SP2), and Windows Server 2003 families, including x64/Itanium variants, where JScript may release objec...

6.8CVSS7.4AI score0.28602EPSS
CVE
CVE
added 2004/12/01 5:0 a.m.68 views

CVE-2004-1080

Summary: CVE-2004-1080 describes a remote memory overwrite in the Windows WINS service (wins.exe) via a crafted WINS replication packet sent to TCP port 42, which could allow arbitrary code execution. Affected products: Microsoft Windows NT Server 4.0, Windows 2000 Server, and Windows Server 2003...

10CVSS7.3AI score0.81699EPSS
CVE
CVE
added 2003/10/17 4:0 a.m.67 views

CVE-2003-0660

The CVE-2003-0660 issue is a vulnerability in the Authenticode verification mechanism used by Windows NT through Server 2003. Under low-memory conditions, an ActiveX control could be downloaded and installed without prompting the user, enabling remote code execution with the user’s privileges whe...

7.5CVSS7.4AI score0.22932EPSS
CVE
CVE
added 2005/05/18 4:0 a.m.67 views

CVE-2005-1649

CVE-2005-1649 affects Windows XP SP2, Windows Server 2003 SP1, and Longhorn. It describes a LAND-like denial-of-service vector in IPv6 TCP/IP where a crafted TCP SYN packet uses the same source and destination IP and port, causing high CPU or unresponsiveness. The vulnerability is a variant of CV...

5CVSS6.5AI score0.21776EPSS
CVE
CVE
added 2006/02/14 7:0 p.m.66 views

CVE-2006-0008

The CVE-2006-0008 issue affects the Korean Input Method Editor (IME) on Windows XP SP1/SP2, Windows Server 2003 up to SP1, and Office 2003. A privilege-elevation flaw exists in the Korean IME; an attacker who can log on (locally or via Remote Desktop/Terminal Services) could exploit the ShellAbou...

7.2CVSS6.4AI score0.01657EPSS
CVE
CVE
added 2005/01/19 5:0 a.m.65 views

CVE-2004-1361

The CVE-2004-1361 issue affects Microsoft Windows where winhlp32.exe parses help files (.hlp). Affected: Windows NT, Windows 2000 (SP4), Windows XP (SP2), Windows 2003; vulnerability arises from an integer/length miscalculation in handling .hlp content, causing a heap-based buffer overflow. Conse...

5CVSS7.9AI score0.19914EPSS
CVE
CVE
added 2004/09/14 4:0 a.m.64 views

CVE-2004-0839

CVE-2004-0839 is the IE Drag-and-Drop Vulnerability. The connected docs show it as a publicly disclosed CAN-2005-0053 vulnerability, which was addressed by Microsoft security updates MS05-014 and related MS05-008. The vulnerability arises from Internet Explorer handling drag-and-drop events, allo...

5CVSS7.4AI score0.33081EPSS
CVE
CVE
added 2005/04/13 4:0 a.m.64 views

CVE-2005-0061

CVE-2005-0061 (Windows kernel elevation of privilege) is a local privilege-elevation vulnerability in the Windows kernel (Windows 2000, XP SP1/SP2, Windows Server 2003) caused by the way the kernel processes certain access requests. An attacker with valid logon credentials and local access could ...

7.2CVSS6.5AI score0.01774EPSS
CVE
CVE
added 2006/02/14 7:0 p.m.63 views

CVE-2006-0021

The CVE-2006-0021 issue affects Microsoft Windows TCP/IP implementation on Windows XP SP1/SP2 and Windows Server 2003 up to SP1, where a specially crafted IGMPv3 packet can trigger a denial‑of‑service (system hang). Root cause: failure to properly validate IGMP packets in the TCP/IP stack, allowi...

7.8CVSS6.4AI score0.62882EPSS
CVE
CVE
added 2005/02/08 5:0 a.m.62 views

CVE-2005-0057

Microsoft’s MS05-015 fixes a remote code execution flaw in the Hyperlink Object Library (Hlink.dll) affecting Windows 98, 2000, XP, and Server 2003. The vulnerability arises from an unchecked buffer when handling hyperlinks, potentially allowing arbitrary code execution if a user clicks a crafted...

7.5CVSS7.9AI score0.41139EPSS
CVE
CVE
added 2006/04/03 10:0 a.m.62 views

CVE-2006-1591

CVE-2006-1591 describes a heap-based buffer overflow in Microsoft Windows Help winhlp32.exe caused by improper parsing of malformed .hlp files. The vulnerability permits user-assisted attackers to execute arbitrary code by crafting an embedded image data payload within a Windows Help (.hlp) file....

5.1CVSS7.8AI score0.07EPSS
Total number of security vulnerabilities66