Lucene search
+L
MicrosoftWindows Server 2003-

105 matches found

CVE
CVE
added 2010/07/22 10:0 a.m.1704 views

CVE-2010-2568

CVE-2010-2568 affects the Windows shell icon display for shortcut files, enabling arbitrary code execution when a crafted .LNK or .PIF is processed by Windows Explorer. Affected systems include Windows XP SP3, Server 2003 SP2, Windows Vista SP1/SP2, Windows Server 2008 SP2/R2, and Windows 7, with...

9.3CVSS7.7AI score0.91324EPSS
In wild
CVE
CVE
added 2014/11/11 10:0 p.m.1287 views

CVE-2014-6332

CVE-2014-6332 is discussed in connected sources as being exploited by the Neptune Exploit Kit to deliver a Monero-mining payload via Internet Explorer exploits. The Neptune Campaign uses CVE-2014-6332 alongside other IE and Flash exploits to identify vulnerable targets and chain exploits in a sin...

9.3CVSS8.8AI score0.94996EPSS
In wildWeb
CVE
CVE
added 2012/04/10 9:0 p.m.1127 views

CVE-2012-0151

CVE-2012-0151 : A vulnerability in the Windows Authenticode Signature Verification (WinVerifyTrust) function (affecting Windows XP SP2/XP SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2/R2, Windows 7 SP1, and Windows 8 Consumer Preview) fails to properly validate the dige...

9.3CVSS5.8AI score0.8878EPSS
In wild
CVE
CVE
added 2010/12/03 8:0 p.m.1058 views

CVE-2010-4398

CVE-2010-4398 is a stack-based buffer overflow in win32k.sys (RtlQueryRegistryValues) that enables local privilege escalation and UAC bypass across multiple Windows platforms (XP SP2/SP3, Server 2003 SP2, Vista SP1/SP2, Server 2008 SP2/R2, and Windows 7). The vulnerability is triggered by a craft...

7.8CVSS6.8AI score0.08661EPSS
In wild
CVE
CVE
added 2013/05/24 8:0 p.m.1052 views

CVE-2013-3660

CVE-2013-3660 describes a local privilege-escalation in Microsoft Windows via Win32k.sys (EPATHOBJ::pprFlattenRec) where a pointer for the next object in a PATHREC list is not properly initialized. According to the CVE description and linked documents, local users could gain write access to the P...

7.8CVSS6.5AI score0.39578EPSS
In wild
CVE
CVE
added 2011/10/12 1:0 a.m.1018 views

CVE-2011-2005

CVE-2011-2005 : Afd.sys in the Microsoft Windows XP (SP2/SP3) and Server 2003 (SP2) Ancillary Function Driver fails to properly validate user‑mode input before passing to kernel mode, enabling local privilege escalation. Exploitation climbs from a crafted user‑mode application to SYSTEM privilege...

7.8CVSS6.2AI score0.31761EPSS
In wild
CVE
CVE
added 2009/06/10 6:0 p.m.1014 views

CVE-2009-1123

CVE-2009-1123 describes a Windows kernel local privilege escalation: Windows 2000 SP4; XP SP2/SP3; Server 2003 SP2; Vista (Gold/SP1/SP2); Server 2008 SP2 fail to validate changes to certain kernel objects, allowing local users to gain privileges via a crafted application. Affected components: ker...

7.8CVSS6.2AI score0.04918EPSS
In wild
CVE
CVE
added 2014/10/15 10:0 a.m.1007 views

CVE-2014-4113

CVE-2014-4113 corresponds to a Windows kernel-win32k.sys local privilege escalation (MS14-058) affecting multiple Windows editions (e.g., Windows 7/8/8.1 and corresponding server variants). The vulnerability arises in win32k.sys kernel-mode drivers and allows a crafted user-mode application to ga...

7.8CVSS8AI score0.87042EPSS
In wild
CVE
CVE
added 2014/11/18 11:0 p.m.995 views

CVE-2014-6324

Summary: CVE-2014-6324 affects the Microsoft Windows Kerberos Key Distribution Center (KDC) used by the Domain, affecting Windows Server 2003 SP2, Vista SP2, Server 2008 SP2/R2 SP1, Windows 7, 8, 8.1, and Server 2012 Gold/R2. The vulnerability stems from improper validation of cryptographic signa...

9CVSS5.9AI score0.87448EPSS
In wildWeb
CVE
CVE
added 2014/10/15 10:0 a.m.934 views

CVE-2014-4148

CVE-2014-4148 is a remote code execution vulnerability in Windows kernel-mode driver win32k.sys caused by improper handling of TrueType fonts. It affects multiple Windows versions (server 2003 SP2, Vista, 2008, 7, 8/8.1, Server 2012) and is referenced publicly as MS14-058. Public exploitation exi...

9.3CVSS7.9AI score0.50703EPSS
In wild
CVE
CVE
added 2015/07/14 10:0 p.m.927 views

CVE-2015-2387

CVE-2015-2387 discusses a local privilege-escalation in the ATMFD.DLL component of the Windows Adobe Type Manager Font Driver. Concrete details from connected sources show multiple OTF/TTF vulnerabilities in ATMFD.DLL (and related font subsystems) that allowed memory corruption via crafted font d...

7.8CVSS6.2AI score0.3512EPSS
In wild
CVE
CVE
added 2015/06/10 1:0 a.m.896 views

CVE-2015-2360

CVE-2015-2360 is a local privilege-escalation in Windows kernel-mode driver Win32k.sys affecting multiple Windows versions (Server 2003 SP2/R2 SP2, Vista SP2, Server 2008 SP2/R2 SP1, Windows 7 SP1, 8/8.1, Server 2012/2012 R2, RT/RT 8.1). The underlying issue is in Win32k.sys that allows crafted a...

8.8CVSS6.5AI score0.14958EPSS
In wild
CVE
CVE
added 2014/11/11 10:0 p.m.878 views

CVE-2014-4077

CVE-2014-4077: Microsoft IME (Japanese) privilege escalation via IMJPDCT.EXE, allowing sandbox bypass when processing crafted PDF files. Affected: Windows XP/Vista/2003/2008/7 with Office 2007/2010/2013 suites; exploited in the wild (2014). Mitigation: apply MS14-078 updates. Connected sources co...

9.3CVSS8.4AI score0.47679EPSS
In wild
CVE
CVE
added 2004/05/05 4:0 a.m.819 views

CVE-2004-0230

Technical details beyond the public description are not provided in the supplied documents. CVE-2004-0230 describes a TCP sequence-number guessing/RST-injection denial-of-service under large window size; no remediation details are given here.

5CVSS9.1AI score0.80855EPSS
CVE
CVE
added 2008/10/23 9:0 p.m.679 views

CVE-2008-4250

The CVE-2008-4250 issue is a remote code execution vulnerability in the Windows Server Service. The root cause is a buffer/overflow in the path canonicalization logic (triggered via crafted RPC requests to NetAPI32/Server Service), affecting Windows versions listed in the entry (e.g., Windows 200...

10CVSS9.5AI score0.98751EPSS
In wild
CVE
CVE
added 2008/10/20 5:0 p.m.526 views

CVE-2008-4609

CVE-2008-4609 is a TCP state-exhaustion DoS vulnerability demonstrated by sockstress. It was described as affecting the TCP implementation in Linux, BSD-based platforms, Windows, Cisco products, and probably others. The issue enables a remote attacker to exhaust connection state, potentially rend...

7.1CVSS8.8AI score0.32123EPSS
CVE
CVE
added 2017/06/15 8:0 p.m.346 views

CVE-2017-8461

CVE-2017-8461 affects Windows XP and Windows Server 2003, enabling remote code execution through the RRAS service. The vulnerability is a MIBEntryGet/overflow in RRAS’s DCERPC endpoint, exploitable via a crafted application and unauthenticated access on affected OS versions. Public details note e...

7.8CVSS7.7AI score0.21108EPSS
CVE
CVE
added 2015/02/11 2:0 a.m.237 views

CVE-2015-0008

CVE-2015-0008 affects Windows clients/servers (Windows Server 2003 SP2, Vista SP2, Server 2008 SP2/R2, 7 SP1, 8/8.1, Server 2012/2012 R2, RT/RT 8.1) where UNC-based policy data transfers during Group Policy processing allow remote code execution due to lack of server-to-client authentication. The...

8.3CVSS8.1AI score0.2858EPSS
Web
CVE
CVE
added 2015/03/06 5:0 p.m.191 views

CVE-2015-1637

CVE-2015-1637 is listed in OpenSSL TLS Export Cipher Suite Downgrade advisories (FREAK family). IBM AIX/OpenSSL references indicate OpenSSL on AIX platforms is affected by export-RSA downgrade threats and provides fixes via interim patches (IV69033s9a/b/c) for openssl.base 1.0.1.513 on AIX 5.3/6....

4.3CVSS6.2AI score0.13151EPSS
CVE
CVE
added 2015/03/11 10:0 a.m.185 views

CVE-2015-0096

CVE-2015-0096 is a Windows DLL search-order/shortcut (LNK) loading vulnerability (MS15-020 family). A crafted LNK with dynamic icon and SpecialFolderDataBlock can bypass earlier whitelisting, causing Windows to load a malicious DLL when icons are rendered (e.g., in Explorer), potentially executin...

9.3CVSS6.8AI score0.71075EPSS
CVE
CVE
added 2013/10/09 2:44 p.m.172 views

CVE-2013-3128

CVE-2013-3128 describes a vulnerability in OpenType font parsing that affects kernel-mode drivers across multiple Windows editions (XP SP2/3, Server 2003 SP2, Vista SP2, Server 2008 SP2/R2, Windows 7 SP1, 8, Server 2012, Windows RT) and certain .NET Framework versions. The issue arises in how Ope...

9.3CVSS7.3AI score0.50374EPSS
CVE
CVE
added 2013/11/12 1:0 a.m.170 views

CVE-2013-3918

CVE-2013-3918 is an out-of-bounds write vulnerability in the InformationCardSigninHelper Class ActiveX control (icardie.dll) used by Internet Explorer. The flaw exists when the ActiveX control is instantiated via a crafted webpage, enabling remote code execution with the current user’s privileges...

9.3CVSS7.5AI score0.73872EPSS
In wild
CVE
CVE
added 2014/04/08 9:0 p.m.167 views

CVE-2014-0315

CVE-2014-0315 corresponds to the Windows File Handling vulnerability fixed by MS14-019. It is a local privilege-escalation/binary-hijacking issue caused by untrusted search path handling for .bat/.cmd files when CreateProcess() is used and the first token is CMD, which can execute a rogue cmd.exe...

6.9CVSS6.3AI score0.14736EPSS
CVE
CVE
added 2013/11/13 12:0 a.m.159 views

CVE-2013-3869

The CVE-2013-3869 issue affects a broad set of Windows platforms (XP SP2/SP3, Server 2003 SP2, Vista SP2, Server 2008 SP2/R2 SP1, Windows 7 SP1, Windows 8, 8.1, Server 2012/R2, and Windows RT). The vulnerability stems from improper handling of X.509 certificates during validation, allowing remote...

5CVSS6.5AI score0.17977EPSS
CVE
CVE
added 2013/12/11 12:0 a.m.149 views

CVE-2013-5056

The CVE-2013-5056 issue is a use-after-free vulnerability in the Microsoft Scripting Runtime Object Library (scrrun.dll) that allows remote code execution when a user visits a crafted website via Internet Explorer. Affected products span multiple Windows versions (XP SP2/SP3, Server 2003 SP2, Vis...

9.3CVSS7.3AI score0.20353EPSS
CVE
CVE
added 2011/11/04 9:0 p.m.139 views

CVE-2011-3402

CVE-2011-3402 is a Windows kernel‑mode vulnerability in the TrueType font parsing engine of win32k.sys that allows remote code execution via crafted font data in Word/web content. The issue affects multiple Windows versions (XP/Server 2003, Vista/Server 2008, Windows 7 and Windows 7/Server 2008 R...

9.3CVSS7.4AI score0.78285EPSS
In wild
CVE
CVE
added 2014/11/11 10:0 p.m.137 views

CVE-2014-6321

CVE-2014-6321 is a Microsoft Schannel remote code execution vulnerability affecting Windows Server 2003 SP2, Vista SP2, Server 2008 SP2/R2, Windows 7 SP1, 8/8.1, Server 2012 (Gold/R2) and Windows RT/8.1. The issue arises from improper processing of crafted packets in Schannel, enabling remote cod...

10CVSS7.2AI score0.95988EPSS
In wild
CVE
CVE
added 2015/02/11 2:0 a.m.136 views

CVE-2015-0009

CVE-2015-0009 is the Group Policy Security Feature Bypass vulnerability affecting multiple Windows platforms (Windows Server 2003 SP2, Vista SP2, Server 2008 SP2/R2, Windows 7, 8/8.1, Server 2012) where a man-in-the-middle attacker can spoof domain-controller responses to disable a signing requir...

3.3CVSS6.2AI score0.08074EPSS
CVE
CVE
added 2015/02/11 2:0 a.m.129 views

CVE-2015-0057

CVE-2015-0057 is a local privilege escalation in the Windows kernel-mode driver win32k.sys. The vulnerability in Win32k.sys allows local attackers to gain elevated privileges by exploiting crafted applications, specifically tied to MS15-010. Public exploits exist (e.g., Exploit-DB MS15-010 entry ...

7.2CVSS6.4AI score0.12752EPSS
CVE
CVE
added 2014/03/12 1:0 a.m.117 views

CVE-2014-0301

CVE-2014-0301 is a DirectShow memory corruption (double-free) in qedit.dll used when processing JPEGs, enabling remote code execution on Windows XP/Server 2003/Vista/Server 2008/Windows 7/8/8.1/Server 2012. Affected components include DirectShow JPEG handling; root cause is a double-free in JPEG ...

9.3CVSS7.5AI score0.13974EPSS
CVE
CVE
added 2017/06/15 8:0 p.m.114 views

CVE-2017-8487

CVE-2017-8487 affects Microsoft Windows XP and Windows Server 2003. The vulnerability is in Windows OLE, specifically olecnv32.dll, due to improper validation of input embedded in OLE streams/files. An attacker can achieve remote code execution by compelling a user to open a specially crafted fil...

9.3CVSS7.7AI score0.62532EPSS
CVE
CVE
added 2010/04/14 3:44 p.m.102 views

CVE-2010-0024

The CVEs concern the Windows SMTP service (smtpsvc.dll) used by Microsoft Windows 2000 SP4, Windows XP SP3, Windows Server 2003 SP2, Windows Server 2008 SP2/R2, Exchange Server 2003 SP3, Exchange Server 2007 SP2, and Exchange Server 2010. CVE-2010-0024 describes a flaw in parsing DNS MX records t...

5CVSS6.2AI score0.10746EPSS
CVE
CVE
added 2014/02/12 2:0 a.m.100 views

CVE-2014-0266

CVE-2014-0266 (MS14-005) affects Microsoft XML Core Services (MSXML) 3.0 used by Internet Explorer. The root cause is an information-disclosure vulnerability in the MSXML ActiveX controls that can be triggered when a user visits a specially crafted web page, allowing remote attackers to bypass th...

7.1CVSS6.3AI score0.1941EPSS
CVE
CVE
added 2014/11/11 10:0 p.m.99 views

CVE-2014-4118

CVE-2014-4118 affects Microsoft XML Core Services (MSXML) 3.0. The vulnerability arises when parsing crafted XML content, allowing remote code execution or system-state corruption on multiple Windows versions (MSXML 3.0 in Windows Server 2003 SP2; Vista SP2; Server 2008 SP2 and R2 SP1; Windows 7 ...

9.3CVSS8.3AI score0.13661EPSS
CVE
CVE
added 2004/10/16 4:0 a.m.98 views

CVE-2004-0840

CVE-2004-0840 describes a remote code execution vulnerability in the SMTP component of Microsoft Windows XP 64‑Bit Edition, Windows Server 2003 (and 64‑Bit) and the Exchange Routing Engine of Exchange Server 2003. The issue is a buffer/length handling flaw triggered by malicious DNS responses dur...

10CVSS7.4AI score0.30291EPSS
CVE
CVE
added 2013/12/11 12:0 a.m.98 views

CVE-2013-5058

CVE-2013-5058 is a Windows kernel win32k.sys integer overflow (RFONTOBJ::bTextExtent) vulnerability that can crash the kernel and may enable local privilege escalation. It affects multiple OS versions up to Windows Server 2012 R2; CoreLabs/Core advisory details describe a signed division overflow...

6.9CVSS6.4AI score0.02764EPSS
CVE
CVE
added 2015/02/11 2:0 a.m.94 views

CVE-2015-0003

CVE-2015-0003 affects Win32k.sys in multiple Windows versions (SERVER 2003 SP2, Vista SP2, Server 2008 SP2/R2 SP1, Windows 7 SP1, 8, 8.1, Server 2012, RT/RT 8.1). The flaw allows local privilege escalation or denial of service via a crafted application, caused by a NULL pointer dereference in the...

6.9CVSS6.5AI score0.04536EPSS
CVE
CVE
added 2013/11/13 12:0 a.m.93 views

CVE-2013-3940

CVE-2013-3940 is a Windows Graphics Device Interface (GDI) integer-overflow vulnerability affecting multiple Windows platforms (XP SP2/SP3, Server 2003 SP2, Vista SP2, Server 2008 SP2/R2 SP1, Windows 7 SP1, Windows 8/8.1, Server 2012/R2, Windows RT). The issue arises when processing specially cra...

9.3CVSS8AI score0.34452EPSS
CVE
CVE
added 2014/08/12 9:0 p.m.93 views

CVE-2014-0318

CVE-2014-0318 affects Windows kernel-mode driver code (win32k.sys) and enables local privilege escalation by abusing thread-owned object access. The vulnerability impacts multiple Windows client/server platforms listed in the initial description (e.g., Windows Server 2003 SP2, Vista SP2, Server 2...

7.2CVSS6.5AI score0.01821EPSS
CVE
CVE
added 2015/04/14 8:0 p.m.93 views

CVE-2015-1644

CVE-2015-1644 describes an elevation-of-privilege flaw in Windows where impersonation levels are not properly constrained, enabling local users to gain privileges via a crafted application. Affected products include Windows Server 2003 SP2, Vista SP2, Server 2008 SP2/R2 SP1, Windows 7 SP1, Window...

7.2CVSS6.2AI score0.01755EPSS
CVE
CVE
added 2015/05/13 10:0 a.m.91 views

CVE-2015-1676

Technical details about CVE-2015-1676 are not publicly provided in the connected documents. Monitor for updates; no concrete technical details (affected components, root cause, versions, exploit info) are available here.

2.1CVSS5.9AI score0.03052EPSS
CVE
CVE
added 2015/06/10 1:0 a.m.91 views

CVE-2015-1722

CVE-2015-1722 is a use-after-free vulnerability in Windows kernel-mode drivers, specifically tied to the Kernel Bitmap Handling path. A crafted local application can exploit the flaw to escalate privileges from a local user to higher rights (e.g., SYSTEM) by corrupting kernel memory. Affected pro...

7.2CVSS6.4AI score0.03477EPSS
CVE
CVE
added 2010/05/07 6:23 p.m.90 views

CVE-2010-1690

CVE-2010-1690 describes a DNS spoofing vulnerability in the Windows SMTP/Exchange DNS handling: smtpsvc.dll before 6.0.2600.5949 does not verify that DNS response transaction IDs match the corresponding query IDs, enabling potential MITM spoofing of DNS responses. Affected products span Windows 2...

6.4CVSS6AI score0.06572EPSS
CVE
CVE
added 2015/06/10 1:0 a.m.90 views

CVE-2015-1725

CVE-2015-1725 is a local privilege-escalation vulnerability in Windows kernel-mode via a buffer overflow in Win32k.sys affecting Windows Server 2003 SP2/R2 SP2, Vista SP2, Server 2008 SP2/R2 SP1, Windows 7 SP1, Windows 8/8.1, Windows Server 2012 (Gold/R2) and Windows RT 8.x. Root cause: kernel-mo...

7.2CVSS6.8AI score0.03763EPSS
CVE
CVE
added 2008/04/23 10:0 a.m.89 views

CVE-2007-6255

The CVE-2007-6255 issue affects the Microsoft HeartbeatCtl ActiveX control (HeartbeatCtl ActiveX in HRTBEAT.OCX). A buffer overflow occurs when processing the Host parameter, potentially allowing a remote attacker to execute arbitrary code. Exploitation is possible if a user is convinced to view ...

9.3CVSS7.9AI score0.30179EPSS
CVE
CVE
added 2013/11/16 2:0 a.m.89 views

CVE-2013-3876

CVE-2013-3876 concerns DirectAccess in Windows platforms where the client/server DirectAccess component fails to properly verify server X.509 certificates. This enables a man-in-the-middle to impersonate a legitimate server and potentially read encrypted domain credentials when a crafted certific...

7.1CVSS6.2AI score0.05218EPSS
CVE
CVE
added 2015/03/11 10:0 a.m.89 views

CVE-2015-0081

CVE-2015-0081 affects Windows Text Services (WTS) and allows remote code execution when a user opens a crafted web site or file. Affected products include Windows Server 2003 SP2, Vista SP2, Server 2008 SP2/R2, Windows 7 SP1, Windows 8/8.1, Windows Server 2012/2012 R2, and Windows RT/8.1. Root ca...

9.3CVSS7.9AI score0.23755EPSS
CVE
CVE
added 2009/10/14 10:0 a.m.88 views

CVE-2009-0555

CVE-2009-0555 is a Windows Media Runtime issue affecting the ASF handling in DirectShow WMA Voice Codec, Windows Media Audio Voice Decoder, and ACM. The flaw allows remote code execution via a crafted ASF audio file that uses the Windows Media Speech codec, as described in multiple sources (MS09-...

9.3CVSS7.2AI score0.27086EPSS
CVE
CVE
added 2014/06/11 1:0 a.m.88 views

CVE-2014-1817

CVE-2014-1817 concerns a vulnerability in usp10.dll (Uniscribe) that affects multiple Windows versions (Server 2003 SP2, Vista, Server 2008/2008 R2, Windows 7/8/8.1, Server 2012/R2) and related Office components. The issue arises from processing a crafted EMF+ record in a font file, enabling remo...

9.3CVSS8.6AI score0.18875EPSS
CVE
CVE
added 2010/04/14 3:44 p.m.87 views

CVE-2010-0025

Technical details for CVE-2010-0025 are not provided in the connected documents; only related DNS spoofing CVEs are present. Monitor for updates.

5CVSS6.7AI score0.21491EPSS
Total number of security vulnerabilities105