Windows 2003 Server Security Vulnerabilities and Issues — Windows 2003 Server CVE List

Lucene search

MicrosoftWindows 2003 Server

84 matches found

CVE•added 2011/04/13 6:55 p.m.•185 views

CVE-2011-0657

DNSAPI.dll in the DNS client in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly process DNS queries, which allows remote attackers to execute arbitrary code via (1) a cr...

9.8CVSS7.6AI score0.49697EPSS

CVE•added 2011/10/12 2:52 a.m.•144 views

CVE-2011-2003

Buffer overflow in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted .fon file, aka "Font Library ...

9.3CVSS7.6AI score0.70736EPSS

CVE•added 2011/06/16 8:55 p.m.•89 views

CVE-2011-1249

The Ancillary Function Driver (AFD) in afd.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly validate user-mode input, which allows local users to gain privileges v...

7.2CVSS6.3AI score0.22388EPSS

CVE•added 2011/04/13 6:55 p.m.•82 views

CVE-2011-0661

The SMB Server service in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly validate fields in SMB requests, which allows remote attackers to execute arbitrary code via a ...

10CVSS7.6AI score0.63002EPSS

CVE•added 2011/09/15 12:26 p.m.•78 views

CVE-2011-1991

Multiple untrusted search path vulnerabilities in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allow local users to gain privileges via a Trojan horse DLL in the current working directory, as demons...

9.3CVSS6.6AI score0.40461EPSS

CVE•added 2011/07/13 10:55 p.m.•74 views

CVE-2011-1281

The Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly restrict the number of console objects for a p...

7.2CVSS6.5AI score0.00773EPSS

CVE•added 2011/03/09 11:0 p.m.•70 views

CVE-2011-0029

Untrusted search path vulnerability in the client in Microsoft Remote Desktop Connection 5.2, 6.0, 6.1, and 7.0 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .rdp file, aka "Remote Desktop Insecure Libra...

9.3CVSS6.3AI score0.34048EPSS

CVE•added 2011/01/31 8:0 p.m.•68 views

CVE-2011-0096

The MHTML protocol handler in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle a MIME format in a request for content blocks in a document, which allows remote att...

6.1CVSS5.5AI score0.79917EPSS

CVE•added 2011/02/16 1:0 a.m.•67 views

CVE-2011-0654

Integer underflow in the BowserWriteErrorLogEntry function in the Common Internet File System (CIFS) browser service in Mrxsmb.sys or bowser.sys in Active Directory in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1...

10CVSS7.8AI score0.81012EPSS

CVE•added 2011/04/13 8:26 p.m.•66 views

CVE-2011-1231

win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer deref...

8.4CVSS6.4AI score0.00702EPSS

CVE•added 2011/08/10 9:55 p.m.•65 views

CVE-2011-1967

Winsrv.dll in the Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly check permissions for sending inter-process de...

7.2CVSS6.4AI score0.00214EPSS

CVE•added 2011/07/13 11:55 p.m.•64 views

CVE-2011-1885

7.2CVSS6.4AI score0.00914EPSS

CVE•added 2011/08/10 9:55 p.m.•64 views

CVE-2011-1974

NDISTAPI.sys in the NDISTAPI driver in Remote Access Service (RAS) in Microsoft Windows XP SP2 and SP3 and Windows Server 2003 SP2 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "NDISTAPI Elevation of Privilege Vulnerability."

7.2CVSS6.4AI score0.18854EPSS

CVE•added 2011/01/20 7:0 p.m.•63 views

CVE-2010-4701

Heap-based buffer overflow in the CDrawPoly::Serialize function in fxscover.exe in Microsoft Windows Fax Services Cover Page Editor 5.2 r2 in Windows XP Professional SP3, Server 2003 R2 Enterprise Edition SP2, and Windows 7 Professional allows remote attackers to execute arbitrary code via a long r...

7.6CVSS7.9AI score0.65776EPSS

CVE•added 2011/04/13 6:55 p.m.•63 views

CVE-2011-0034

Stack-based buffer overflow in the OpenType Compact Font Format (aka OTF or CFF) driver in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary cod...

9.3CVSS8AI score0.46866EPSS

CVE•added 2011/04/13 8:26 p.m.•62 views

CVE-2011-1229

7.2CVSS6.4AI score0.00689EPSS

CVE•added 2011/10/12 2:52 a.m.•62 views

CVE-2011-1985

win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly validate user-mode input, which allows local users to gain privileges or cause a denial of ser...

7.2CVSS6.4AI score0.06147EPSS

CVE•added 2011/07/13 11:55 p.m.•61 views

CVE-2011-1282

8.4CVSS6.6AI score0.01099EPSS

CVE•added 2011/04/13 6:55 p.m.•60 views

CVE-2010-3974

fxscover.exe in the Fax Cover Page Editor in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly parse FAX cover pages, which allows remote attackers to execute arbitrary co...

7.6CVSS7.5AI score0.4249EPSS

CVE•added 2011/02/09 1:0 a.m.•60 views

CVE-2011-0090

win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka ...

7.2CVSS6.4AI score0.00669EPSS

CVE•added 2011/06/16 8:55 p.m.•60 views

CVE-2011-1268

The SMB client in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote SMB servers to execute arbitrary code via a crafted (1) SMBv1 or (2) SMBv2 response, aka "SMB Response Pars...

10CVSS7.5AI score0.3709EPSS

CVE•added 2011/04/13 8:26 p.m.•59 views

CVE-2011-0676

7.8CVSS6.4AI score0.0092EPSS

CVE•added 2011/01/20 9:0 p.m.•58 views

CVE-2010-2743

The kernel-mode drivers in Microsoft Windows XP SP3 do not properly perform indexing of a function-pointer table during the loading of keyboard layouts from disk, which allows local users to gain privileges via a crafted application, as demonstrated in the wild in July 2010 by the Stuxnet worm, aka...

7.2CVSS6.1AI score0.09012EPSS

CVE•added 2011/07/13 11:55 p.m.•58 views

CVE-2011-1876

Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application th...

7.2CVSS6.4AI score0.0061EPSS

CVE•added 2011/10/12 2:52 a.m.•57 views

CVE-2011-2011

Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages i...

7.2CVSS6.4AI score0.00425EPSS

CVE•added 2011/07/13 11:55 p.m.•56 views

CVE-2011-1880

7.2CVSS6.4AI score0.00914EPSS

CVE•added 2011/09/15 12:26 p.m.•56 views

CVE-2011-1984

WINS in Microsoft Windows Server 2003 SP2 and Server 2008 SP2, R2, and R2 SP1 allows local users to gain privileges by sending crafted packets over the loopback interface, aka "WINS Local Elevation of Privilege Vulnerability."

7.2CVSS6.4AI score0.18962EPSS

CVE•added 2011/04/13 6:55 p.m.•55 views

CVE-2011-0662

7.2CVSS6.4AI score0.00623EPSS

CVE•added 2011/04/13 8:26 p.m.•55 views

CVE-2011-1238

7.2CVSS6.4AI score0.00623EPSS

CVE•added 2011/07/13 11:55 p.m.•55 views

CVE-2011-1284

Integer overflow in the Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges or cau...

7.2CVSS6.8AI score0.01181EPSS

CVE•added 2011/08/10 9:55 p.m.•55 views

CVE-2011-1970

The DNS server in Microsoft Windows Server 2003 SP2 and Windows Server 2008 SP2, R2, and R2 SP1 does not properly initialize memory, which allows remote attackers to cause a denial of service (service outage) via a query for a nonexistent domain, aka "DNS Uninitialized Memory Corruption Vulnerabili...

5CVSS6.6AI score0.61465EPSS

CVE•added 2011/04/13 8:26 p.m.•54 views

CVE-2011-0677

7.2CVSS6.4AI score0.00827EPSS

CVE•added 2011/07/13 11:55 p.m.•54 views

CVE-2011-1870

Integer overflow in the Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, and Windows Server 2003 SP2, allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application that triggers an incorrect m...

7.2CVSS6.8AI score0.03122EPSS

CVE•added 2011/04/13 8:26 p.m.•53 views

CVE-2011-1230

7.2CVSS6.4AI score0.00845EPSS

CVE•added 2011/04/13 8:26 p.m.•53 views

CVE-2011-1242

7.2CVSS6.4AI score0.0061EPSS

CVE•added 2011/10/12 2:52 a.m.•53 views

CVE-2011-1247

Untrusted search path vulnerability in the Microsoft Active Accessibility component in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a Trojan horse DLL in th...

9.3CVSS6.4AI score0.18918EPSS

CVE•added 2011/06/16 8:55 p.m.•53 views

CVE-2011-1869

The Distributed File System (DFS) implementation in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote DFS servers to cause a denial of service (system hang) via a crafted refe...

7.8CVSS6.5AI score0.34157EPSS

CVE•added 2011/07/13 11:55 p.m.•53 views

CVE-2011-1874

7.8CVSS6.4AI score0.01004EPSS

CVE•added 2011/06/16 8:55 p.m.•53 views

CVE-2011-1894

The MHTML protocol handler in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle a MIME format in a request for embedded content in an HTML document, which allows re...

4.3CVSS5.5AI score0.20108EPSS

CVE•added 2011/04/13 6:55 p.m.•52 views

CVE-2011-0041

Integer overflow in gdiplus.dll in GDI+ in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold and SP2, and Office XP SP3 allows remote attackers to execute arbitrary code via a crafted EMF image, aka "GDI+ Integer Overflow Vulnerability."

9.3CVSS7.6AI score0.7426EPSS

CVE•added 2011/04/13 8:26 p.m.•52 views

CVE-2011-1240

7.2CVSS6.5AI score0.00623EPSS

CVE•added 2011/06/16 8:55 p.m.•51 views

CVE-2011-0658

Integer underflow in the OLE Automation protocol implementation in VBScript.dll in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a ...

9.3CVSS7.5AI score0.31103EPSS

CVE•added 2011/04/13 6:55 p.m.•51 views

CVE-2011-0670

7.2CVSS6.5AI score0.00623EPSS

CVE•added 2011/04/13 8:26 p.m.•51 views

CVE-2011-0671

8.4CVSS6.5AI score0.01054EPSS

CVE•added 2011/04/13 8:26 p.m.•51 views

CVE-2011-0672

7.2CVSS6.5AI score0.00623EPSS

CVE•added 2011/04/13 8:26 p.m.•51 views

CVE-2011-1227

7.2CVSS6.4AI score0.00845EPSS

CVE•added 2011/07/13 11:55 p.m.•51 views

CVE-2011-1875

7.2CVSS6.4AI score0.0061EPSS

CVE•added 2011/02/09 1:0 a.m.•50 views

CVE-2011-0087

win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, and Server 2008 Gold and SP2 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Win32k Insufficient User Input Validati...

7.2CVSS6.3AI score0.00751EPSS

CVE•added 2011/07/13 11:55 p.m.•50 views

CVE-2011-1881

8.4CVSS6.4AI score0.00759EPSS

CVE•added 2011/07/13 11:55 p.m.•50 views

CVE-2011-1882

7.2CVSS6.5AI score0.0061EPSS

Total number of security vulnerabilities84