Filtered by vendor Microsoft
Subscriptions
Filtered by product Windows Server 2003
Subscriptions
Total
652 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2006-4692 | 1 Microsoft | 2 Windows Server 2003, Windows Xp | 2024-11-21 | N/A |
Argument injection vulnerability in the Windows Object Packager (packager.exe) in Microsoft Windows XP SP1 and SP2 and Server 2003 SP1 and earlier allows remote user-assisted attackers to execute arbitrary commands via a crafted file with a "/" (slash) character in the filename of the Command Line property, followed by a valid file extension, which causes the command before the slash to be executed, aka "Object Packager Dialogue Spoofing Vulnerability." | ||||
CVE-2006-2373 | 1 Microsoft | 3 Windows 2000, Windows Server 2003, Windows Xp | 2024-11-21 | N/A |
The Server Message Block (SMB) driver (MRXSMB.SYS) in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows local users to execute arbitrary code by calling the MrxSmbCscIoctlOpenForCopyChunk function with the METHOD_NEITHER method flag and an arbitrary address, possibly for kernel memory, aka the "SMB Driver Elevation of Privilege Vulnerability." | ||||
CVE-2006-0005 | 1 Microsoft | 7 Windows-nt, Windows 2000, Windows 2000 Advanced Server and 4 more | 2024-11-21 | N/A |
Buffer overflow in the plug-in for Microsoft Windows Media Player (WMP) 9 and 10, when used in browsers other than Internet Explorer and set as the default application to handle media files, allows remote attackers to execute arbitrary code via HTML with an EMBED element containing a long src attribute. | ||||
CVE-2005-1987 | 1 Microsoft | 4 Exchange Server, Windows 2000, Windows Server 2003 and 1 more | 2024-11-21 | N/A |
Buffer overflow in Collaboration Data Objects (CDO), as used in Microsoft Windows and Microsoft Exchange Server, allows remote attackers to execute arbitrary code when CDOSYS or CDOEX processes an e-mail message with a large header name, as demonstrated using the "Content-Type" string. | ||||
CVE-2004-0978 | 1 Microsoft | 7 Internet Explorer, Windows 2000, Windows 98se and 4 more | 2024-11-21 | N/A |
Heap-based buffer overflow in the Hrtbeat.ocx (Heartbeat) ActiveX control for Internet Explorer 5.01 through 6, when users who visit online gaming sites that are associated with MSN, allows remote attackers to execute arbitrary code via the SetupData parameter. | ||||
CVE-2004-0840 | 1 Microsoft | 3 Exchange Server, Windows Server 2003, Windows Xp | 2024-11-21 | N/A |
The SMTP (Simple Mail Transfer Protocol) component of Microsoft Windows XP 64-bit Edition, Windows Server 2003, Windows Server 2003 64-bit Edition, and the Exchange Routing Engine component of Exchange Server 2003, allows remote attackers to execute arbitrary code via a malicious DNS response message containing length values that are not properly validated. | ||||
CVE-2004-0574 | 1 Microsoft | 4 Exchange Server, Windows 2000, Windows Nt and 1 more | 2024-11-21 | N/A |
The Network News Transfer Protocol (NNTP) component of Microsoft Windows NT Server 4.0, Windows 2000 Server, Windows Server 2003, Exchange 2000 Server, and Exchange Server 2003 allows remote attackers to execute arbitrary code via XPAT patterns, possibly related to improper length validation and an "unchecked buffer," leading to off-by-one and heap-based buffer overflows. | ||||
CVE-2004-0119 | 1 Microsoft | 3 Windows 2000, Windows Server 2003, Windows Xp | 2024-11-21 | 7.5 High |
The Negotiate Security Software Provider (SSP) interface in Windows 2000, Windows XP, and Windows Server 2003, allows remote attackers to cause a denial of service (crash from null dereference) or execute arbitrary code via a crafted SPNEGO NegTokenInit request during authentication protocol selection. | ||||
CVE-2003-1048 | 1 Microsoft | 8 Internet Explorer, Outlook, Windows 98 and 5 more | 2024-11-21 | 7.8 High |
Double free vulnerability in mshtml.dll for certain versions of Internet Explorer 6.x allows remote attackers to cause a denial of service (application crash) via a malformed GIF image. | ||||
CVE-2003-0907 | 1 Microsoft | 2 Windows Server 2003, Windows Xp | 2024-11-21 | N/A |
Help and Support Center in Microsoft Windows XP SP1 does not properly validate HCP URLs, which allows remote attackers to execute arbitrary code via quotation marks in an hcp:// URL, which are not quoted when constructing the argument list to HelpCtr.exe. | ||||
CVE-2003-0904 | 1 Microsoft | 3 Exchange Server, Sharepoint Services, Windows Server 2003 | 2024-11-21 | N/A |
Microsoft Exchange 2003 and Outlook Web Access (OWA), when configured to use NTLM authentication, does not properly reuse HTTP connections, which can cause OWA users to view mailboxes of other users when Kerberos has been disabled as an authentication method for IIS 6.0, e.g. when SharePoint Services 2.0 is installed. | ||||
CVE-2003-0813 | 1 Microsoft | 5 Windows 2000, Windows 98, Windows Nt and 2 more | 2024-11-21 | N/A |
A multi-threaded race condition in the Windows RPC DCOM functionality with the MS03-039 patch installed allows remote attackers to cause a denial of service (crash or reboot) by causing two threads to process the same RPC request, which causes one thread to use memory after it has been freed, a different vulnerability than CVE-2003-0352 (Blaster/Nachi), CVE-2003-0715, and CVE-2003-0528, and as demonstrated by certain exploits against those vulnerabilities. |