Lucene search
+L
MicrosoftWindows Server 2003*

351 matches found

CVE
CVE
added 2012/05/09 12:0 a.m.115 views

CVE-2012-1848

CVE-2012-1848 affects win32k.sys kernel-mode drivers across multiple Windows versions (XP SP2/SP3, Server 2003 SP2, Vista SP2, Server 2008 SP2/R2/R2 SP1, Windows 7 SP1, and Windows 8 Consumer Preview). The underlying issue is improper handling of user-mode input passed to kernel mode, which enabl...

7.2CVSS6.2AI score0.01899EPSS
CVE
CVE
added 2009/08/12 5:0 p.m.114 views

CVE-2009-2494

Microsoft ATL (Active Template Library) in Windows platforms vulnerable to remote code execution due to an erroneous free operation after reading a variant from a stream and deleting it (ATL Object Type Mismatch). Affected products include Windows XP/2000/2003/Vista/Server editions as listed in M...

10CVSS7.4AI score0.42329EPSS
CVE
CVE
added 2009/05/29 6:0 p.m.112 views

CVE-2009-1537

Summary of CVE-2009-1537 (DirectShow QuickTime parsing): A remote code execution vulnerability exists in the DirectShow QuickTime Movie Parser Filter (quartz.dll) within DirectX, affecting Windows 2000 SP4, XP SP2/SP3, and Server 2003 SP2, and potentially DirectX 7.0–9.0c. Exploitation requires a...

9.3CVSS7.3AI score0.51207EPSS
In wild
CVE
CVE
added 2011/04/13 6:0 p.m.109 views

CVE-2011-0661

CVE-2011-0661 describes a remote code execution vulnerability in the Windows SMB Server service. The root cause is improper validation of fields in SMB requests by the SMB Server, allowing an unauthenticated remote attacker to execute arbitrary code via a malformed SMBv1 or SMBv2 packet. Affected...

10CVSS7.6AI score0.45497EPSS
CVE
CVE
added 2011/12/30 1:0 a.m.109 views

CVE-2011-3417

The CVE-2011-3417 entry concerns the ASP.NET Forms Authentication feature in Microsoft .NET Framework (1.1 SP1, 2.0 SP2, 3.5 SP1, 3.5.1, 4.0). When sliding expiry is enabled, cached content is not handled properly, allowing remote attackers to access arbitrary user accounts via a crafted URL (For...

9.3CVSS6.5AI score0.35731EPSS
CVE
CVE
added 2015/01/13 10:0 p.m.106 views

CVE-2015-0015

The CVE-2015-0015 issue affects Windows Server 2003 SP2, Server 2008 SP2 and R2 SP1, and Server 2012 Gold/R2, where crafted username strings sent to IAS/NPS trigger a remote denial of service (system hang/RADIUS outage). Root cause: improper parsing of username queries in NPS/IAS. Impact: DoS; ex...

7.8CVSS6.7AI score0.78735EPSS
CVE
CVE
added 2012/01/10 9:0 p.m.104 views

CVE-2012-0003

CVE-2012-0003 is a remote-code-execution issue in Windows Multimedia Library (winmm.dll) used by Windows Media Player. A specially crafted MIDI file can trigger the vulnerability, leading to arbitrary code execution with the user’s context. Affected products include Windows XP SP2/SP3, Windows Se...

9.3CVSS7.8AI score0.69499EPSS
In wild
CVE
CVE
added 2013/07/10 1:0 a.m.104 views

CVE-2013-3129

CVE-2013-3129 concerns a TrueType Font (TTF) parsing vulnerability that allows remote code execution. Affected products include Microsoft .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, 4.5; Silverlight 5 prior to 5.1.20513.0; and GDI+, DirectWrite, Journal in various Windows versions (XP through Windows ...

9.3CVSS7.3AI score0.32378EPSS
CVE
CVE
added 2014/12/11 12:0 a.m.104 views

CVE-2014-6355

CVE-2014-6355 concerns a vulnerability in the Microsoft Graphics Component where JPEG decoding in memory is mishandled, enabling information disclosure when a user visits a crafted web site. Affected products include Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, ...

5CVSS6.2AI score0.34203EPSS
CVE
CVE
added 2008/07/08 11:0 p.m.102 views

CVE-2008-1454

Technical details about CVE-2008-1454 (affected product, vulnerable component, impact, patch) are not publicly provided in the connected documents. Monitor for updates.

9.4CVSS6.2AI score0.34072EPSS
CVE
CVE
added 2014/03/12 1:0 a.m.102 views

CVE-2014-0317

CVE-2014-0317 is the SAMR Security Feature Bypass vulnerability in Microsoft Windows, affecting Windows XP SP2-SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2/R2 SP1, and Windows Server 2012 (Gold/R2). The issue stems from the Security Account Manager Remote (SAMR) protoc...

5.4CVSS6.5AI score0.10249EPSS
CVE
CVE
added 2010/04/14 3:44 p.m.100 views

CVE-2010-0269

CVE-2010-0269 is a remote code execution vulnerability in the Microsoft SMB client. The issue arises from improper memory allocation when parsing specially crafted SMB responses, enabling an unauthenticated attacker to execute arbitrary code on a vulnerable system by sending a crafted SMB respons...

10CVSS7.5AI score0.28401EPSS
CVE
CVE
added 2010/06/14 6:0 p.m.100 views

CVE-2010-1885

The CVE-2010-1885 entry concerns the Windows Help and Support Center (HelpCtr) in Windows XP and Windows Server 2003. The vulnerability stems from the MPC::HexToNum function in helpctr.exe failing to properly handle malformed escape sequences, allowing a crafted hcp:// URL to bypass the trusted d...

9.3CVSS7.2AI score0.75458EPSS
CVE
CVE
added 2010/08/11 6:0 p.m.100 views

CVE-2010-2566

The CVE-2010-2566 issue is a remote code execution vulnerability in Microsoft Windows SChannel (TLS/SSL) where the SChannel security package fails to properly validate certificate request messages from TLS/SSL servers. This affects Windows XP SP2/SP3 and Windows Server 2003 SP2. An attacker could...

9.3CVSS8.1AI score0.15355EPSS
CVE
CVE
added 2011/12/14 12:0 a.m.100 views

CVE-2011-3400

CVE-2011-3400 is a Windows OLE handling vulnerability affecting XP SP2/SP3 and Windows Server 2003 SP2. The issue stems from improper in-memory handling of OLE objects, allowing remote code execution when a crafted file containing an OLE object is opened. Public references and exploits/documentat...

9.3CVSS7.4AI score0.71722EPSS
CVE
CVE
added 2015/01/13 10:0 p.m.100 views

CVE-2015-0004

CVE-2015-0004 concerns a local privilege-escalation in the Windows User Profile Service (ProfSvc). According to the provided sources, the vulnerability is exploited by a junction attack that loads another user’s UsrClass.dat registry hive, enabling local users to gain privileges. Affected product...

7.2CVSS6.5AI score0.03545EPSS
CVE
CVE
added 2009/09/08 10:0 p.m.98 views

CVE-2009-2498

The CVE-2009-2498 entry corresponds to a code-execution vulnerability in Microsoft Windows Media Format Runtime (versions 9.0, 9.5, 11) and Windows Media Services 9.1/2008, triggered by parsing malformed ASF/WMV/WMA headers. Connected advisories (e.g., CPAI-2014-1114; OpenVAS 901012) corroborate ...

9.3CVSS7.4AI score0.2121EPSS
CVE
CVE
added 2011/09/15 10:0 a.m.98 views

CVE-2011-1991

CVE-2011-1991 describes multiple untrusted search path vulnerabilities in Windows components that allow local privilege elevation via Trojan horse DLLs loaded from the current working directory. Affected products include Windows XP SP2/ SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Ser...

9.3CVSS6.6AI score0.12123EPSS
CVE
CVE
added 2010/02/04 8:0 p.m.97 views

CVE-2010-0555

CVE-2010-0555 affects Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, 7, and 8. The root cause is URLMON sniffing that allows rendering of non-HTML local files as HTML documents after a redirect, bypassing access restrictions and enabling read of arbitrary files. The description identifies this a...

9.3CVSS6.2AI score0.20949EPSS
CVE
CVE
added 2012/12/12 12:0 a.m.96 views

CVE-2012-2556

CVE-2012-2556 : OpenType Font (OTF) parsing vulnerability in Windows kernel‑mode drivers allows remote code execution via a crafted font file. Affected: Windows XP SP2/SP3, Server 2003 SP2, Vista SP2, Server 2008 SP2/R2, Windows 7 SP1, Windows 8, Server 2012, Windows RT. Root cause: improper hand...

9.3CVSS7.5AI score0.20766EPSS
CVE
CVE
added 2011/07/13 10:0 p.m.95 views

CVE-2011-1281

CVE-2011-1281 affects the Client/Server Run-time Subsystem (CSRSS) in the Win32 subsystem across multiple Windows versions: Windows XP SP2/SP3, Windows Server 2003 SP2, Windows Vista SP1/SP2, Windows Server 2008 Gold/SP2/R2 and Windows 7 Gold/SP1. The issue stems from AllocConsole() handling when...

7.2CVSS6.5AI score0.02116EPSS
CVE
CVE
added 2009/09/08 10:0 p.m.94 views

CVE-2009-2499

The CVE-2009-2499 issue affects Microsoft Windows components: Windows Media Format Runtime versions 9.0, 9.5, and 11, and Windows Media Foundation on Windows Vista (Gold, SP1, SP2) and Server 2008. The vulnerability arises when processing MP3 files with crafted metadata, triggering memory corrupt...

8.5CVSS7.5AI score0.15546EPSS
CVE
CVE
added 2009/12/09 6:0 p.m.94 views

CVE-2009-3677

CVE-2009-3677 describes an elevation-of-privilege bypass in the Internet Authentication Service (IAS) used by Microsoft Windows products. The issue arises because MS-CHAP v2 authentication requests sent over PEAP are not properly validated, allowing remote attackers to gain access to network reso...

10CVSS6.5AI score0.2182EPSS
CVE
CVE
added 2010/09/07 5:0 p.m.94 views

CVE-2010-2739

The CVE-2010-2739 issue is a buffer overflow in the Windows win32k.sys CreateDIBPalette() function. A crafted bitmap with a very large color palette, used via GetClipboardData, can crash the system and may allow arbitrary code execution locally on affected Windows versions: XP SP3, Server 2003 R2...

7.2CVSS7.6AI score0.03745EPSS
CVE
CVE
added 2013/02/13 11:0 a.m.94 views

CVE-2013-1278

CVE-2013-1278 describes a kernel race condition in Windows XP SP2/SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2/R2, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT. The vulnerability allows local privilege elevation via crafted objects in memory, as part o...

7.4CVSS6.2AI score0.00942EPSS
CVE
CVE
added 2009/01/28 6:0 p.m.93 views

CVE-2009-0320

Microsoft Windows taskmgr.exe Information Disclosure Vulnerability (CVE-2009-0320) affects Windows XP, Server 2003/2008, and Vista. The issue exposes I/O activity measurements for all processes, enabling local users to infer sensitive information by reading the I/O Other Bytes column in Task Mana...

4CVSS6.4AI score0.01446EPSS
CVE
CVE
added 2013/05/24 8:0 p.m.93 views

CVE-2013-3661

CVE-2013-3661 affects Windows with the EPATHOBJ::bFlatten function in win32k.sys across Windows XP SP2/SP3, Server 2003 SP2, Vista SP2, Server 2008 SP2/R2 SP1, Windows 7 SP1, Windows 8, Server 2012, and Windows RT. The root cause is improper checking of linked-list traversal in PATHRECORD chains,...

4.9CVSS6.2AI score0.03852EPSS
CVE
CVE
added 2008/10/15 12:0 a.m.92 views

CVE-2008-4038

CVE-2008-4038 describes a remote code execution vulnerability in Microsoft Windows SMB file-name handling (SMB buffer underflow). The issue affects multiple Windows versions (including Windows 2000 SP4, XP SP2/SP3, Server 2003 SP1/SP2, Vista SP1, and Server 2008) and arises when a specially craft...

10CVSS7.3AI score0.3917EPSS
CVE
CVE
added 2010/08/11 6:0 p.m.92 views

CVE-2010-1895

CVE-2010-1895 affects Windows kernel-mode driver win32k.sys on Windows XP SP2/SP3 and Windows Server 2003 SP2. The root cause is improper memory allocation when copying data from user mode to kernel mode, enabling local privilege escalation via a crafted application. Microsoft released patch MS10...

7.2CVSS6.2AI score0.01591EPSS
CVE
CVE
added 2011/08/10 9:16 p.m.92 views

CVE-2011-1974

Affected software and root cause: The vulnerability CVE-2011-1974 affects the NDISTAPI.sys driver in the Remote Access Service (RAS) on Microsoft Windows XP SP2/SP3 and Windows Server 2003 SP2. It arises from improper validation of user-mode input by the NDISTAPI driver, which can be exploited to...

7.2CVSS6.4AI score0.06983EPSS
Web
CVE
CVE
added 2012/09/26 10:0 a.m.91 views

CVE-2012-2897

CVE-2012-2897 is a Windows kernel‑mode driver vulnerability known as the TrueType Font Parsing vulnerability. It affects multiple Windows platforms (XP SP2/SP3, Server 2003 SP2, Vista SP2, Server 2008 SP2/R2, Windows 7 SP1, Windows 8, Server 2012, Windows RT) and is triggered by processing a craf...

10CVSS7.3AI score0.21689EPSS
CVE
CVE
added 2013/07/10 1:0 a.m.91 views

CVE-2013-1345

CVE-2013-1345 affects the Windows kernel-mode driver component Win32k.sys across multiple Windows/Server editions (XP SP2/SP3, Server 2003 SP2, Vista SP2, Server 2008 SP2/R2, Windows 7, 8, Server 2012, Windows RT). The vulnerability arises from improper handling of objects in memory within Win32k...

7.2CVSS6.3AI score0.01743EPSS
CVE
CVE
added 2009/04/15 3:49 a.m.89 views

CVE-2009-0089

CVE-2009-0089 describes a vulnerability in Windows HTTP Services (WinHTTP) where remote servers could impersonate HTTPS sites via DNS spoofing and forward a connection to a host with a valid certificate for a different domain. Affected: Windows 2000 SP4, XP SP2/SP3, Server 2003 SP1/SP2, and Vista...

5.8CVSS6.5AI score0.05071EPSS
CVE
CVE
added 2010/10/13 6:0 p.m.89 views

CVE-2010-2744

The CVE-2010-2744 flaw is a Win32k kernel-mode privilege-escalation issue in multiple Windows versions. A window-class handling bug lets local attackers gain privileges by creating a window and abusing SetWindowLongPtr to modify the popup menu structure or by abusing SwitchWndProc invoked via WM_...

7.2CVSS6.1AI score0.04275EPSS
CVE
CVE
added 2009/10/14 10:0 a.m.88 views

CVE-2009-0555

CVE-2009-0555 is a Windows Media Runtime issue affecting the ASF handling in DirectShow WMA Voice Codec, Windows Media Audio Voice Decoder, and ACM. The flaw allows remote code execution via a crafted ASF audio file that uses the Windows Media Speech codec, as described in multiple sources (MS09-...

9.3CVSS7.2AI score0.27086EPSS
CVE
CVE
added 2010/08/27 6:10 p.m.88 views

CVE-2010-3147

CVE-2010-3147 describes an untrusted search path vulnerability in Windows Address Book (wab.exe) where a Trojan horse wab32res.dll loaded from the current working directory can execute code. Affected: WAB/Windows Contacts components on Windows XP SP2/XP SP3, Server 2003 SP2, Vista SP1/SP2, Server...

9.3CVSS6.3AI score0.18675EPSS
CVE
CVE
added 2011/03/09 10:0 p.m.88 views

CVE-2011-0029

The CVE-2011-0029 issue affects the Microsoft Remote Desktop Connection client (versions 5.2, 6.0, 6.1, 7.0). It is a local privilege-escalation vulnerability caused by an untrusted search path: a Trojan DLL loaded from the current working directory when a directory contains a .rdp file. Impact i...

9.3CVSS6.3AI score0.0716EPSS
CVE
CVE
added 2010/03/31 7:0 p.m.87 views

CVE-2010-0492

Microsoft Internet Explorer 8 contains a use-after-free in mstime.dll involving the CTimeAction object during TIME2 handling, causing memory corruption and remote code execution when a user visits a crafted page. The issue affects IE 8 and is officially addressed by Microsoft in MS10-018 (Cumulat...

9.3CVSS7.5AI score0.27523EPSS
CVE
CVE
added 2011/04/13 6:0 p.m.87 views

CVE-2011-0034

The CVE-2011-0034 issue is a stack overflow in the OpenType Compact Font Format (CFF) driver (ATMFD.dll) in Microsoft Windows. It can be triggered by crafted OpenType fonts and allows remote attackers to execute arbitrary code on affected systems. Affected Windows versions include Windows XP SP2/...

9.3CVSS8AI score0.27925EPSS
CVE
CVE
added 2011/01/31 7:0 p.m.87 views

CVE-2011-0096

The CVE describes a vulnerability in the MHTML protocol handler where improper processing of MIME-formatted requests for content blocks can allow a remote attacker to trigger client-side effects in Internet Explorer. Connected advisories (MS11-026 and related OpenVAS/Nessus listings) frame this a...

6.1CVSS5.5AI score0.46819EPSS
CVE
CVE
added 2013/02/13 11:0 a.m.87 views

CVE-2013-1277

AFFECTED: Microsoft Windows family (XP SP2/SP3; Server 2003 SP2; Vista SP2; Server 2008 SP2/R2/R2 SP1; Windows 7 Gold/SP1) – vulnerability in the kernel-mode driver win32k.sys. WHAT: A race condition in win32k.sys that allows local users to gain privileges and read arbitrary kernel memory when a ...

4.9CVSS6.4AI score0.01516EPSS
CVE
CVE
added 2015/01/13 10:0 p.m.86 views

CVE-2015-0006

The CVE-2015-0006 issue is a vulnerability in Microsoft Windows’ Network Location Awareness (NLA) service. The root cause is that NLA does not perform mutual authentication to verify domain connections, enabling a remote attacker to spoof DNS/LDAP responses on a local network and trigger an unint...

6.1CVSS6.6AI score0.11613EPSS
CVE
CVE
added 2010/10/13 6:0 p.m.85 views

CVE-2010-2746

CVE-2010-2746 describes a heap-based buffer overflow in the Windows common controls library, Comctl32.dll, triggered when processing messages from a third-party SVG viewer. A remote code execution risk exists on affected Windows releases (XP SP3, Server 2003 SP2, Vista SP1/SP2, Server 2008, and W...

7.6CVSS7.8AI score0.36238EPSS
CVE
CVE
added 2011/02/16 12:0 a.m.85 views

CVE-2011-0654

CVE-2011-0654 describes an integer underflow in BowserWriteErrorLogEntry within the CIFS browser service (Mrxsmb.sys/bowser.sys) used by Active Directory; a malformed BROWSER ELECTION message can trigger a heap-based buffer overflow. Affected products include Windows XP SP2/SP3, Windows Server 20...

10CVSS7.8AI score0.68084EPSS
CVE
CVE
added 2013/07/10 1:0 a.m.85 views

CVE-2013-1300

CVE-2013-1300 maps to a Win32k memory handling vulnerability in win32k.sys affecting multiple Windows XP/Vista/7/8/2003/Server variants. The issue is a local privilege escalation via a crafted application that abuses kernel memory object handling, enabling an attacker to gain SYSTEM-level privile...

7.2CVSS6.2AI score0.1218EPSS
CVE
CVE
added 2010/01/22 9:20 p.m.84 views

CVE-2010-0027

CVE-2010-0027 documents a vulnerability in URL validation in Internet Explorer (IE 5.01, 6, 6 SP1, 7, 8) and in the ShellExecute API on Windows 2000 SP4, XP SP2/SP3, and Server 2003 SP2, where input parameters in crafted URLs could allow remote code execution by an attacker. The connected MSKB en...

9.3CVSS8.3AI score0.33985EPSS
CVE
CVE
added 2010/04/14 3:44 p.m.84 views

CVE-2010-0487

CVE-2010-0487 describes a remote code execution vulnerability in Windows Cabinet File Viewer (cabview.dll) where the Authenticode signature verification omits certain fields from the digest for cabinet files. Affected: Cabinet File Viewer Shell Extension (cabview.dll) versions 5.1, 6.0, 6.1 on Wi...

9.3CVSS7.6AI score0.24216EPSS
CVE
CVE
added 2011/07/13 11:0 p.m.84 views

CVE-2011-1282

CVE-2011-1282 affects the Windows Client/Server Run-time Subsystem (CSRSS) in the Win32 subsystem, where improper memory initialization leads to a NULL pointer in SrvSetConsoleLocalEUDC. This allows local users to gain privileges or cause memory corruption. Affected products include Windows XP (S...

8.4CVSS6.6AI score0.01553EPSS
CVE
CVE
added 2009/03/10 8:0 p.m.83 views

CVE-2009-0085

CVE-2009-0085 describes a spoofing vulnerability in Microsoft Windows SChannel where the TLS handshake does not adequately validate the client’s key-exchange data when certificate-based authentication is used. A remote attacker with access to the certificate (but not the private key) can authenti...

7.1CVSS6.6AI score0.15193EPSS
CVE
CVE
added 2009/10/14 10:0 a.m.83 views

CVE-2009-2511

CVE-2009-2511 corresponds to a vulnerability in the Windows CryptoAPI: an integer overflow while parsing ASN.1 Object Identifiers (X.509) that can enable spoofing by a certificate issued by a trusted CA. Affected products include Windows 2000 SP4, Windows XP (SP2/SP3), Windows Server 2003 (SP1/SP...

7.5CVSS6.5AI score0.12959EPSS
Total number of security vulnerabilities351