Lucene search
+L
MicrosoftWindows Server 2003*

351 matches found

CVE
CVE
added 2013/12/11 12:0 a.m.64 views

CVE-2013-3878

CVE-2013-3878 describes a local POST- exploitation vulnerability in the LRPC client of Microsoft Windows XP SP2/SP3 and Windows Server 2003 SP2. The issue is a stack-based buffer overflow triggered when an LRPC server sends a crafted LPC port message, allowing an authenticated local attacker to g...

6.9CVSS6.9AI score0.01743EPSS
CVE
CVE
added 2010/04/14 3:44 p.m.63 views

CVE-2010-0235

CVE-2010-0235 is the Windows Kernel Symbolic Link Value Vulnerability. The provided documents confirm a denial-of-service impact (system becomes unresponsive and reboots) caused by improper validation of symbolic link values when created by the Windows kernel. Affected products (per MS10-021 and ...

4.7CVSS6AI score0.01829EPSS
CVE
CVE
added 2011/02/10 3:0 p.m.63 views

CVE-2011-0043

CVE-2011-0043 affects Kerberos in Windows XP SP2/SP3 and Windows Server 2003 SP2. The root cause is use of weak hashing (CRC32) in service tickets, enabling local privilege escalation by a crafted service ticket. Public mitigations are documented in MS11-013, which addresses Kerberos-related elev...

7.2CVSS6.4AI score0.01573EPSS
CVE
CVE
added 2011/04/13 6:0 p.m.63 views

CVE-2011-0666

CVE-2011-0666 is a use-after-free vulnerability in the Windows kernel-mode driver win32k.sys affecting Windows XP SP2/SP3, Windows Server 2003 SP2, Windows Vista SP1/SP2, Windows Server 2008 (Gold, SP2, R2, R2 SP1), and Windows 7 (Gold, SP1). The issue arises from incorrect driver object manageme...

7.2CVSS6.5AI score0.01434EPSS
CVE
CVE
added 2011/04/13 8:7 p.m.63 views

CVE-2011-0674

CVE-2011-0674 is a use-after-free in the Windows kernel-mode driver win32k.sys that allows local privilege escalation. Affected products include Windows XP SP2/SP3, Windows Server 2003 SP2, Windows Vista SP1/SP2, Windows Server 2008 SP2/R2, and Windows 7 SP1. Root cause: incorrect management of k...

7.2CVSS6.5AI score0.01434EPSS
CVE
CVE
added 2012/02/14 10:0 p.m.63 views

CVE-2012-0149

CVE-2012-0149 affects the Windows Ancillary Function Driver (afd.sys) used by Windows Server 2003 SP2. The vulnerability arises from improper validation of user-mode input passed to kernel mode, enabling local privilege escalation. CVSS2 base score is 7.2 (HIGH) with local attack vector and no au...

7.2CVSS6.4AI score0.01585EPSS
CVE
CVE
added 2012/08/15 1:0 a.m.63 views

CVE-2012-2527

CVE-2012-2527 is a use-after-free vulnerability in win32k.sys (kernel-mode drivers) that affects Windows XP SP2/SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2/R2/R2 SP1, and Windows 7 Gold/SP1. The flaw allows local users to gain privileges via a crafted application, wit...

7.2CVSS6.4AI score0.01663EPSS
CVE
CVE
added 2013/02/13 11:0 a.m.63 views

CVE-2013-1256

CVE-2013-1256 describes a race condition in the Windows kernel-mode driver win32k.sys that allows local privilege escalation and reading arbitrary kernel memory. Affected products span Windows XP SP2/SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2/R2/R2 SP1, and Windows 7...

4.9CVSS6.4AI score0.01466EPSS
CVE
CVE
added 2013/02/13 11:0 a.m.63 views

CVE-2013-1264

CVE-2013-1264 describes a race condition in the Windows kernel driver win32k.sys that enables local privilege escalation and the potential to read arbitrary kernel memory. Affected products/versions include Windows XP (SP2–SP3), Windows Server 2003 (SP2), Windows Vista (SP2), Windows Server 2008 ...

4.9CVSS6.3AI score0.01466EPSS
CVE
CVE
added 2013/02/13 11:0 a.m.63 views

CVE-2013-1271

CVE-2013-1271 is a race condition in the Windows kernel-mode driver win32k.sys that allows local users to gain privileges and read arbitrary kernel memory. Affected products/versions include Windows XP SP2-SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2/R2/R2 SP1, and Win...

4.9CVSS6.4AI score0.01525EPSS
CVE
CVE
added 2009/06/10 5:37 p.m.62 views

CVE-2009-1139

CVE-2009-1139 is a memory leak/denial-of-service vulnerability in the LDAP service of Active Directory and ADAM. A remote attacker can trigger memory exhaustion by sending LDAP/LDAPS requests with specific OID filters. Affected: Windows 2000 Server SP4, Windows Server 2003 SP2, and ADAM on Window...

7.8CVSS6.6AI score0.3913EPSS
CVE
CVE
added 2010/04/14 3:44 p.m.62 views

CVE-2010-0238

CVE-2010-0238 corresponds to the Windows Kernel Registry Key Vulnerability. A denial-of-service occurs when the Windows kernel validates registry keys, enabling a crafted local app to cause the system to become unresponsive and reboot on affected products: Windows 2000 SP4, XP SP2/SP3, Server 200...

4.9CVSS6AI score0.02102EPSS
CVE
CVE
added 2011/06/16 8:21 p.m.62 views

CVE-2011-1873

The CVE-2011-1873 entry documents a remote code execution flaw in win32k.sys, affecting 64-bit Windows systems (XP SP2, Server 2003 SP2, Vista SP1/SP2, Server 2008 Gold/SP2/R2, and Windows 7 SP1) where OpenType font parsing allows crafted OTF files to execute code in kernel mode. Root cause: impr...

9.3CVSS7.6AI score0.187EPSS
CVE
CVE
added 2011/07/13 11:0 p.m.62 views

CVE-2011-1884

CVE-2011-1884 describes a use-after-free vulnerability in the Windows kernel‑mode driver component win32k.sys. The flaw arises from incorrect management of driver objects in the Win32k subsystem, enabling a local attacker to gain privileges by running a crafted application. Affected platforms inc...

7.2CVSS6.5AI score0.01405EPSS
CVE
CVE
added 2011/08/10 9:16 p.m.62 views

CVE-2011-1968

CVE-2011-1968 affects the Remote Desktop Protocol (RDP) implementation in Windows XP SP2/SP3 and Windows Server 2003 SP2. The vulnerability arises from improper handling of in-memory RDP packets, enabling an unauthenticated, remote attacker to cause a denial of service (reboot) by triggering acce...

7.1CVSS6.6AI score0.25708EPSS
CVE
CVE
added 2013/02/13 11:0 a.m.62 views

CVE-2013-1253

The CVE concerns a race condition in the Windows kernel-mode driver win32k.sys (affecting Windows XP SP2/SP3, Server 2003 SP2, Vista SP2, Server 2008 SP2/R2, and Windows 7 SP1). The underlying flaw allows local attackers to escalate privileges and read arbitrary kernel memory via a crafted applic...

7CVSS6.4AI score0.01047EPSS
CVE
CVE
added 2013/02/13 11:0 a.m.62 views

CVE-2013-1254

CVE-2013-1254 is a Windows kernel-mode driver (win32k.sys) local privilege-escalation vulnerability. A race condition in win32k.sys allows a local attacker to gain elevated privileges and read arbitrary kernel memory locations. Affected products include Windows XP SP2/SP3, Windows Server 2003 SP2...

4.9CVSS6.4AI score0.01538EPSS
CVE
CVE
added 2013/02/13 11:0 a.m.62 views

CVE-2013-1258

CVE-2013-1258 is a race condition in the Windows kernel-mode driver win32k.sys (affecting Windows XP SP2/SP3, Server 2003 SP2, Vista SP2, Server 2008 SP2/R2, and Windows 7 SP1). The vulnerability allows local users to gain privileges and read arbitrary kernel memory via a crafted application. Mul...

4.9CVSS6.3AI score0.01466EPSS
CVE
CVE
added 2013/02/13 11:0 a.m.62 views

CVE-2013-1263

CVE-2013-1263 involves a race condition in the Windows kernel‑mode driver win32k.sys that permits local privilege escalation and reading of arbitrary kernel memory. Affected products (per sources) include Windows XP SP2/SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2/R2 S...

4.9CVSS6.3AI score0.01466EPSS
CVE
CVE
added 2013/02/13 11:0 a.m.62 views

CVE-2013-1266

CVE-2013-1266 is a race-condition vulnerability in the Windows kernel-mode driver win32k.sys that allows local privilege escalation and potential kernel memory disclosure. It affects multiple Windows editions listed in MS13-016 (XP SP2/SP3, Server 2003 SP2, Vista SP2, Server 2008 SP2/R2, Windows ...

4.9CVSS6.3AI score0.01525EPSS
CVE
CVE
added 2013/08/14 10:0 a.m.62 views

CVE-2013-3197

The CVE-2013-3197 issue affects the NTVDM subsystem in the Windows kernel on 32‑bit Windows XP SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, Windows 7 SP1, and Windows 8. It arises from improper validation of kernel-memory addresses, enabling local privilege escalation...

7.2CVSS6.2AI score0.02079EPSS
CVE
CVE
added 2008/10/15 12:0 a.m.61 views

CVE-2008-2251

CVE-2008-2251 describes a kernel double-free vulnerability in Windows that allows local privilege escalation when a crafted multi-threaded system-call flow mishandles user-supplied data. Affected products include Windows 2000 SP4, XP SP2/SP3, Server 2003 SP1/SP2, Windows Vista (Gold/SP1), and Win...

7.2CVSS6AI score0.01501EPSS
CVE
CVE
added 2009/07/15 3:0 p.m.61 views

CVE-2009-1538

The CVE-2009-1538 family affects Microsoft DirectShow (quartz.dll) within DirectX 7.0–9.0c and DirectX/Windows DirectShow on Windows 2000 SP4, XP SP2/SP3, and Server 2003 SP2. A vulnerability exists in pointer validation when updating a QuickTime file, enabling remote code execution if a user ope...

9.3CVSS7.6AI score0.2682EPSS
CVE
CVE
added 2009/08/12 5:0 p.m.61 views

CVE-2009-1922

The CVE-2009-1922 entry concerns Microsoft Windows Message Queuing (MSMQ) Privilege Escalation affecting Windows 2000 SP4, XP SP2, Server 2003 SP2, and Vista. The root cause is improper validation of IOCTL request data in the MSMQ IOCTL handler (mqac.sys) as data moves from user mode to kernel mo...

6.9CVSS6.3AI score0.01345EPSS
Web
CVE
CVE
added 2011/02/09 12:0 a.m.61 views

CVE-2011-0088

CVE-2011-0088 is a Windows kernel‑mode privilege elevation vulnerability in the Win32k.sys driver. The root cause is improper validation of data passed from user mode to kernel mode, enabling a local attacker to execute arbitrary code with kernel privileges. Affected products include Windows XP (...

7.2CVSS6.3AI score0.01831EPSS
CVE
CVE
added 2011/04/13 8:7 p.m.61 views

CVE-2011-1233

The CVE-2011-1233 issue affects Windows kernel (win32k.sys) across multiple OS versions (XP SP2/SP3, Server 2003 SP2, Vista SP1/SP2, Server 2008 Gold/SP2/R2, and Windows 7 Gold/SP1). The vulnerability is a NULL pointer de-reference in win32k.sys that enables local privilege escalation via a craft...

7.2CVSS6.4AI score0.01398EPSS
CVE
CVE
added 2012/02/14 10:0 p.m.61 views

CVE-2012-0148

CVE-2012-0148 affects the Windows Ancillary Function Driver (afd.sys). The vulnerability stems from improper validation of user-mode input before crossing to kernel mode, enabling local privilege escalation. Affected on 64-bit Windows platforms: XP SP2, Server 2003 SP2, Vista SP2, Server 2008 SP2...

7.2CVSS6.4AI score0.0166EPSS
CVE
CVE
added 2013/02/13 11:0 a.m.61 views

CVE-2013-1262

CVE-2013-1262 describes a race condition in the Windows kernel surface, specifically the win32k.sys kernel-mode driver. The vulnerability allows local attackers to gain privileges and read arbitrary kernel memory locations through a crafted application. Affected products include various Windows e...

4.9CVSS6.3AI score0.01466EPSS
CVE
CVE
added 2013/07/10 1:0 a.m.61 views

CVE-2013-3172

CVE-2013-3172 is a Windows kernel-mode driver vulnerability in win32k.sys causing a local denial of service (system hang) via a buffer overflow. Affected products include Windows XP SP2/SP3, Server 2003 SP2, Vista SP2, Server 2008 SP2/R2 SP1, and Windows 7 SP1. Remediation is via MS13-053 patches...

4.9CVSS6.4AI score0.02613EPSS
CVE
CVE
added 2013/12/11 12:0 a.m.61 views

CVE-2013-3899

The CVE-2013-3899 issue affects Windows kernel-mode drivers, specifically Win32k.sys, on Windows XP SP2/SP3 and Windows Server 2003 SP2. The vulnerability stems from improper address validation in Win32k.sys, enabling a local attacker to escalate privileges via a crafted application and potential...

7.2CVSS6.4AI score0.02257EPSS
CVE
CVE
added 2010/03/03 7:0 p.m.60 views

CVE-2010-0917

CVE-2010-0917 is a distinct VBScript vulnerability causing a stack-based buffer overflow via the MsgBox fourth argument when Internet Explorer is used, affecting VBScript.dll on Windows 2000 SP4, XP SP2/SP3, and Windows Server 2003 SP2. An attacker-user interaction in IE could enable code executi...

7.6CVSS8AI score0.24316EPSS
CVE
CVE
added 2010/11/04 6:0 p.m.60 views

CVE-2010-4182

CVE-2010-4182 describes an untrusted search path vulnerability in the Data Access Objects (DAO) library (dao360.dll) where a Trojan horse msjet49.dll in the same folder as a file processed by dao360.dll can lead to DLL hijacking and arbitrary code execution. Affected platforms include Windows XP ...

9.3CVSS7.4AI score0.24604EPSS
CVE
CVE
added 2011/04/13 6:0 p.m.60 views

CVE-2011-0665

The CVE-2011-0665 issue concerns a use-after-free vulnerability in the Windows kernel-mode driver win32k.sys. Affected products include Windows XP SP2/SP3, Windows Server 2003 SP2, Windows Vista SP1/SP2, Windows Server 2008 Gold/SP2/R2 and R2 SP1, and Windows 7 Gold/SP1. Root cause: incorrect man...

7.2CVSS6.5AI score0.01434EPSS
CVE
CVE
added 2011/04/13 8:7 p.m.60 views

CVE-2011-1232

CVE-2011-1232 affects Windows kernel-Mode drivers (win32k.sys) across XP SP2-SP3, Server 2003 SP2, Vista SP1/SP2, Server 2008 Gold/SP2/R2/SP1, and Windows 7 Gold/SP1. Root cause: NULL pointer dereference in Win32k subsystem allows a crafted application to escalate privileges from local user to ke...

7.2CVSS6.4AI score0.01398EPSS
CVE
CVE
added 2011/04/13 8:7 p.m.60 views

CVE-2011-1235

CVE-2011-1235 is a Windows kernel–mode driver use‑after‑free vulnerability in the Win32k subsystem (win32k.sys). Documents confirm a local privilege‑escalation vector via crafted applications that exploit incorrect driver object management, affecting multiple XP/Server 2003/Vista/Server 2008/Wind...

7.2CVSS6.5AI score0.01434EPSS
CVE
CVE
added 2012/06/12 10:0 p.m.60 views

CVE-2012-1866

CVE-2012-1866 concerns a local privilege escalation in the Windows kernel-mode drivers, specifically the win32k.sys component. The issue arises from improper handling of user-mode input passed to kernel-mode driver objects, enabling a local attacker to gain elevated privileges via a crafted appli...

7.2CVSS6.3AI score0.01722EPSS
CVE
CVE
added 2012/06/12 10:0 p.m.60 views

CVE-2012-1867

CVE-2012-1867 is a local privilege-escalation flaw in Windows where an integer overflow in win32k.sys (font resource handling) could allow a local attacker to gain SYSTEM-level privileges via a crafted TrueType font. Affected products include Windows XP SP2/SP3, Windows Server 2003 SP2, Windows V...

8.4CVSS6.7AI score0.01224EPSS
CVE
CVE
added 2013/02/13 11:0 a.m.60 views

CVE-2013-1269

The CVE-2013-1269 entry tracks a race condition in the Windows kernel-mode driver win32k.sys that enables local privilege escalation and arbitrary kernel memory disclosure. Affected products include Microsoft Windows XP (SP2–SP3), Windows Server 2003 (SP2), Windows Vista (SP2), Windows Server 200...

4.9CVSS6.4AI score0.01525EPSS
CVE
CVE
added 2010/08/27 6:10 p.m.59 views

CVE-2010-3144

CVE-2010-3144 concerns an insecure library loading vulnerability in the Internet Connection Signup Wizard (ICSW) affecting Windows XP SP2/SP3 and Windows Server 2003 SP2. The root cause is untrusted search path handling that allows loading a Trojan horse DLL (smmscrpt.dll) from the current direct...

9.3CVSS6.5AI score0.1364EPSS
CVE
CVE
added 2011/04/13 8:7 p.m.59 views

CVE-2011-0675

CVE-2011-0675 is a local privilege-escalation in Windows caused by a use-after-free in win32k.sys (kernel-mode drivers). Affected are Windows XP SP2/SP3, Server 2003 SP2, Vista SP1/SP2, Server 2008 (Gold, SP2, R2, R2 SP1), and Windows 7 (Gold/SP1). The root cause is incorrect management of kernel...

7.2CVSS6.5AI score0.01434EPSS
CVE
CVE
added 2011/04/13 8:7 p.m.59 views

CVE-2011-1228

CVE-2011-1228 affects Microsoft Windows kernel-mode driver component win32k.sys. A NULL pointer de-reference in win32k allowed local attackers to gain kernel-level privileges on affected OS versions (XP SP2/SP3, Server 2003 SP2, Vista SP1/SP2, Server 2008 SP2/R2, Windows 7 Gold/SP1). The issue is...

7.2CVSS6.4AI score0.01398EPSS
CVE
CVE
added 2011/07/13 11:0 p.m.59 views

CVE-2011-1879

CVE-2011-1879 is a local privilege-escalation in Win32k.sys (kernel-mode driver) caused by incorrect driver object management leading to a use-after-free. Affects Windows XP (SP2, SP3), Server 2003 (SP2), Vista (SP1, SP2), Server 2008 (Gold, SP2, R2, R2 SP1), and Windows 7 (Gold, SP1). Successful...

7.2CVSS6.5AI score0.01405EPSS
CVE
CVE
added 2013/02/13 11:0 a.m.59 views

CVE-2013-1261

CVE-2013-1261 describes a race condition in the win32k.sys kernel‑mode driver that can enable local privilege escalation and allow an attacker to read arbitrary kernel memory. Affected products include various Windows versions listed in the initial document (XP SP2/SP3, Server 2003 SP2, Vista SP2...

4.9CVSS6.3AI score0.01466EPSS
CVE
CVE
added 2011/04/13 8:7 p.m.58 views

CVE-2011-1226

The CVE-2011-1226 issue is a local privilege-escalation vulnerability in Windows kernel-mode driver code (win32k.sys) caused by a NULL pointer de-reference. A crafted local application can trigger this in multiple supported OS versions, including Windows XP (SP2–SP3), Windows Server 2003 (SP2), W...

7.2CVSS6.4AI score0.01398EPSS
CVE
CVE
added 2013/02/13 11:0 a.m.58 views

CVE-2013-1276

CVE-2013-1276 : A race condition in the Windows kernel-mode driver win32k.sys (affecting Windows XP SP2/SP3, Server 2003 SP2, Vista SP2, Server 2008 SP2/R2, and Windows 7 SP1) enables a local user to gain privileges and read arbitrary kernel memory via a crafted application. Multiple connected so...

4.9CVSS6.4AI score0.01516EPSS
CVE
CVE
added 2013/02/13 11:0 a.m.57 views

CVE-2013-1265

The CVE-2013-1265 entry describes a race condition in the kernel-mode driver win32k.sys that affects multiple Microsoft Windows platforms (XP SP2/SP3, Server 2003 SP2, Vista SP2, Server 2008 SP2/R2, and Windows 7 SP1). The underlying flaw allows local attackers to escalate privileges and read arb...

7CVSS6.3AI score0.01047EPSS
CVE
CVE
added 2013/02/13 11:0 a.m.56 views

CVE-2013-1268

CVE-2013-1268 is a race-condition flaw in the Windows kernel-mode driver win32k.sys that enables local privilege escalation. A crafted user-space application can trigger the vulnerability to gain privileges and read arbitrary kernel memory. Affected Windows versions include XP SP2/SP3, Server 200...

4.9CVSS6.4AI score0.01525EPSS
CVE
CVE
added 2013/09/11 10:0 a.m.56 views

CVE-2013-3863

CVE-2013-3863 is the Windows OLE Property Vulnerability affecting Windows XP SP2/SP3 and Windows Server 2003 SP2. The issue arises from parsing crafted OLE objects in files, enabling remote code execution without user interaction (contrary to some variants that require a user action, the core des...

9.3CVSS7.5AI score0.21533EPSS
CVE
CVE
added 2010/12/16 7:0 p.m.54 views

CVE-2010-3957

CVE-2010-3957 is a Windows OpenType Font (OTF) driver vulnerability (double-free) affecting Windows XP SP2–SP3, Server 2003 SP2, Vista SP1–SP2, Server 2008 Gold SP2/R2, and Windows 7. The issue resides in the OTF driver’s memory handling while parsing OpenType fonts, enabling local privilege esca...

7.3CVSS6.4AI score0.0183EPSS
CVE
CVE
added 2010/09/15 6:0 p.m.53 views

CVE-2010-0818

The CVE-2010-0818 issue affects the MPEG-4 codec in Windows Media codecs on Windows XP SP2/SP3, Server 2003 SP2, Vista SP1/SP2, and Server 2008 Gold/SP2. Root cause: a buffer/handling flaw in the MPEG-4 codec when processing specially crafted media content with MPEG-4 video encoding, allowing rem...

9.3CVSS7.6AI score0.13945EPSS
Total number of security vulnerabilities351