Windows Server 2003 Security Vulnerabilities and Issues — Windows Server 2003 CVE List

Lucene search

MicrosoftWindows Server 2003

21 matches found

CVE•added 2004/08/18 4:0 a.m.•748 views

CVE-2004-0230

TCP, when using a large Window Size, makes it easier for remote attackers to guess sequence numbers and cause a denial of service (connection loss) to persistent TCP connections by repeatedly injecting a TCP RST packet, especially in protocols that use long-lived connections, such as BGP.

5CVSS9.1AI score0.11484EPSS

CVE•added 2012/03/13 9:55 p.m.•164 views

CVE-2012-0006

The DNS server in Microsoft Windows Server 2003 SP2 and Server 2008 SP2, R2, and R2 SP1 does not properly handle objects in memory during record lookup, which allows remote attackers to cause a denial of service (daemon restart) via a crafted query, aka "DNS Denial of Service Vulnerability."

5CVSS6.3AI score0.73659EPSS

CVE•added 2013/11/13 12:55 a.m.•145 views

CVE-2013-3869

Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow remote attackers to cause a denial of service (daemon hang) via a web-service r...

5CVSS6.5AI score0.0806EPSS

CVE•added 2014/03/12 5:15 a.m.•82 views

CVE-2014-0317

The Security Account Manager Remote (SAMR) protocol implementation in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows Server 2012 Gold and R2 does not properly determine the user-lockout state, which makes it easier for r...

5.4CVSS6.5AI score0.09151EPSS

CVE•added 2014/12/11 12:59 a.m.•79 views

CVE-2014-6355

The Graphics Component in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly process JPEG images, which makes it easier for remote attackers t...

5CVSS6.2AI score0.13294EPSS

CVE•added 2010/04/14 4:0 p.m.•74 views

CVE-2010-0024

The SMTP component in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, and Server 2008 Gold, SP2, and R2, and Exchange Server 2003 SP2, does not properly parse MX records, which allows remote DNS servers to cause a denial of service (service outage) via a crafted response to a DNS MX re...

5CVSS6.2AI score0.40008EPSS

CVE•added 2009/04/15 8:0 a.m.•71 views

CVE-2009-0089

Windows HTTP Services (aka WinHTTP) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, and Vista Gold allows remote web servers to impersonate arbitrary https web sites by using DNS spoofing to "forward a connection" to a different https web site that has a valid certificate ma...

5.8CVSS6.5AI score0.12911EPSS

CVE•added 2012/08/15 1:55 a.m.•63 views

CVE-2012-1850

The Remote Administration Protocol (RAP) implementation in the LanmanWorkstation service in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle RAP responses, which allows remote a...

5CVSS6.6AI score0.60252EPSS

CVE•added 2010/04/14 4:0 p.m.•61 views

CVE-2010-0025

The SMTP component in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, and Server 2008 Gold, SP2, and R2, and Exchange Server 2000 SP3, does not properly allocate memory for SMTP command replies, which allows remote attackers to read fragments of e-mail messages by sending a series of i...

5CVSS6.7AI score0.54363EPSS

CVE•added 2006/10/10 10:7 p.m.•60 views

CVE-2006-4692

Argument injection vulnerability in the Windows Object Packager (packager.exe) in Microsoft Windows XP SP1 and SP2 and Server 2003 SP1 and earlier allows remote user-assisted attackers to execute arbitrary commands via a crafted file with a "/" (slash) character in the filename of the Command Line ...

5.1CVSS7.8AI score0.63983EPSS

CVE•added 2015/05/13 10:59 a.m.•60 views

CVE-2015-1716

Schannel in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly restrict Diffie-Hellman Ephemeral (DHE) key lengths, which makes it easier for ...

5CVSS3.9AI score0.1971EPSS

CVE•added 2004/06/01 4:0 a.m.•58 views

CVE-2003-0907

Help and Support Center in Microsoft Windows XP SP1 does not properly validate HCP URLs, which allows remote attackers to execute arbitrary code via quotation marks in an hcp:// URL, which are not quoted when constructing the argument list to HelpCtr.exe.

5.1CVSS7.8AI score0.42335EPSS

CVE•added 2010/12/16 7:33 p.m.•58 views

CVE-2010-2742

The Netlogon RPC Service in Microsoft Windows Server 2003 SP2 and Server 2008 Gold, SP2, and R2, when the domain controller role is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and reboot) via a crafted RPC packet, aka "Netlogon RPC Null dereference DOS Vu...

5.4CVSS6.5AI score0.55735EPSS

CVE•added 2003/11/17 5:0 a.m.•57 views

CVE-2003-0813

A multi-threaded race condition in the Windows RPC DCOM functionality with the MS03-039 patch installed allows remote attackers to cause a denial of service (crash or reboot) by causing two threads to process the same RPC request, which causes one thread to use memory after it has been freed, a dif...

5.1CVSS6.5AI score0.89814EPSS

CVE•added 2011/08/10 9:55 p.m.•55 views

CVE-2011-1970

The DNS server in Microsoft Windows Server 2003 SP2 and Windows Server 2008 SP2, R2, and R2 SP1 does not properly initialize memory, which allows remote attackers to cause a denial of service (service outage) via a query for a nonexistent domain, aka "DNS Uninitialized Memory Corruption Vulnerabili...

5CVSS6.6AI score0.61465EPSS

CVE•added 2009/03/11 2:19 p.m.•53 views

CVE-2009-0094

The WINS server in Microsoft Windows 2000 SP4 and Server 2003 SP1 and SP2 does not restrict registration of the (1) "wpad" and (2) "isatap" NetBIOS names, which allows remote authenticated users to hijack the Web Proxy Auto-Discovery (WPAD) and Intra-Site Automatic Tunnel Addressing Protocol (ISATA...

5.5CVSS6.1AI score0.5338EPSS

CVE•added 2015/03/11 10:59 a.m.•53 views

CVE-2015-0095

The kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow local users to cause a denial of service (NULL pointer dereference and blue ...

5.6CVSS6.2AI score0.04408EPSS

CVE•added 2008/06/12 2:32 a.m.•51 views

CVE-2008-1441

Microsoft Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to cause a denial of service (system hang) via a series of Pragmatic General Multicast (PGM) packets with invalid fragment options, aka the "PGM Malformed Fragment Vulnerability."

5.4CVSS6.3AI score0.57393EPSS

CVE•added 2015/03/11 10:59 a.m.•51 views

CVE-2015-0089

Adobe Font Driver in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to obtain sensitive information from kernel memory, and possibly...

5CVSS5.7AI score0.19489EPSS

CVE•added 2009/03/11 2:19 p.m.•49 views

CVE-2009-0233

The DNS Resolver Cache Service (aka DNSCache) in Windows DNS Server in Microsoft Windows 2000 SP4, Server 2003 SP1 and SP2, and Server 2008, when dynamic updates are enabled, does not reuse cached DNS responses in all applicable situations, which makes it easier for remote attackers to predict tran...

5.8CVSS6.3AI score0.54197EPSS

CVE•added 2015/03/11 10:59 a.m.•48 views

CVE-2015-0087

5CVSS5.7AI score0.19489EPSS