Filtered by vendor Microsoft
Subscriptions
Filtered by product Windows 2003 Server
Subscriptions
Total
546 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2009-2507 | 1 Microsoft | 3 Windows 2000, Windows 2003 Server, Windows Xp | 2025-04-09 | N/A |
| A certain ActiveX control in the Indexing Service in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 does not properly process URLs, which allows remote attackers to execute arbitrary programs via unspecified vectors that cause a "vulnerable binary" to load and run, aka "Memory Corruption in Indexing Service Vulnerability." | ||||
| CVE-2009-2510 | 1 Microsoft | 6 Windows 2000, Windows 2003 Server, Windows 7 and 3 more | 2025-04-09 | N/A |
| The CryptoAPI component in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7, as used by Internet Explorer and other applications, does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, aka "Null Truncation in X.509 Common Name Vulnerability," a related issue to CVE-2009-2408. | ||||
| CVE-2007-0025 | 1 Microsoft | 2 Visual Studio .net, Windows 2003 Server | 2025-04-09 | N/A |
| The MFC component in Microsoft Windows 2000 SP4, XP SP2, and 2003 SP1 and Visual Studio .NET 2000, 2002 SP1, 2003, and 2003 SP1 allows user-assisted remote attackers to execute arbitrary code via an RTF file with a malformed OLE object that triggers memory corruption. NOTE: this might be due to a stack-based buffer overflow in the AfxOleSetEditMenu function in MFC42u.dll. | ||||
| CVE-2007-2398 | 2 Apple, Microsoft | 2 Safari, Windows 2003 Server | 2025-04-09 | N/A |
| Apple Safari 3.0.1 beta (522.12.12) on Windows allows remote attackers to modify the window title and address bar while filling the main window with arbitrary content by setting the location bar and using setTimeout() to create an event that modifies the window content, which could facilitate phishing attacks. | ||||
| CVE-2008-1086 | 1 Microsoft | 6 Internet Explorer, Windows-nt, Windows 2000 and 3 more | 2025-04-09 | N/A |
| The HxTocCtrl ActiveX control (hxvz.dll), as used in Microsoft Internet Explorer 5.01 SP4 and 6 SP1, in Windows XP SP2, Server 2003 SP1 and SP2, Vista SP1, and Server 2008, allows remote attackers to execute arbitrary code via malformed arguments, which triggers memory corruption. | ||||
| CVE-2006-4688 | 1 Microsoft | 3 Windows 2000, Windows 2003 Server, Windows Xp | 2025-04-09 | N/A |
| Buffer overflow in Client Service for NetWare (CSNW) in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 up to SP1 allows remote attackers to execute arbitrary code via crafted messages, aka "Client Service for NetWare Memory Corruption Vulnerability." | ||||
| CVE-2006-5559 | 1 Microsoft | 4 Data Access Components, Windows 2000, Windows 2003 Server and 1 more | 2025-04-09 | N/A |
| The Execute method in the ADODB.Connection 2.7 and 2.8 ActiveX control objects (ADODB.Connection.2.7 and ADODB.Connection.2.8) in the Microsoft Data Access Components (MDAC) 2.5 SP3, 2.7 SP1, 2.8, and 2.8 SP1 does not properly track freed memory when the second argument is a BSTR, which allows remote attackers to cause a denial of service (Internet Explorer crash) and possibly execute arbitrary code via certain strings in the second and third arguments. | ||||
| CVE-2006-6696 | 1 Microsoft | 4 Windows 2000, Windows 2003 Server, Windows Vista and 1 more | 2025-04-09 | N/A |
| Double free vulnerability in Microsoft Windows 2000, XP, 2003, and Vista allows local users to gain privileges by calling the MessageBox function with a MB_SERVICE_NOTIFICATION message with crafted data, which sends a HardError message to Client/Server Runtime Server Subsystem (CSRSS) process, which is not properly handled when invoking the UserHardError and GetHardErrorText functions in WINSRV.DLL. | ||||
| CVE-2006-7031 | 1 Microsoft | 10 Internet Explorer, Windows 2000, Windows 2003 Server and 7 more | 2025-04-09 | 6.5 Medium |
| Microsoft Internet Explorer 6.0.2900 SP2 and earlier allows remote attackers to cause a denial of service (crash) via a table element with a CSS attribute that sets the position, which triggers an "unhandled exception" in mshtml.dll. | ||||
| CVE-2006-7039 | 2 Atrium Software, Microsoft | 9 Mercur Messaging 2005, Windows 2000, Windows 2003 Server and 6 more | 2025-04-09 | N/A |
| The IMAP4 service in MERCUR Messaging 2005 before Service Pack 4 allows remote attackers to cause a denial of service (crash) via a message with a long subject field. | ||||
| CVE-2007-5143 | 2 F-secure, Microsoft | 2 F-secure Anti-virus, Windows 2003 Server | 2025-04-09 | N/A |
| F-Secure Anti-Virus for Windows Servers 7.0 64-bit edition allows local users to bypass virus scanning by using the system32 directory to store a crafted (1) archive or (2) packed executable. NOTE: in many environments, this does not cross privilege boundaries because any process able to write to system32 could also shut off F-Secure Anti-Virus. | ||||
| CVE-2007-0064 | 1 Microsoft | 6 Windows 2000, Windows 2003 Server, Windows Media Format Runtime and 3 more | 2025-04-09 | N/A |
| Heap-based buffer overflow in Windows Media Format Runtime 7.1, 9, 9.5, 9.5 x64 Edition, 11, and Windows Media Services 9.1 for Microsoft Windows 2000, XP, Server 2003, and Vista allows user-assisted remote attackers to execute arbitrary code via a crafted Advanced Systems Format (ASF) file. | ||||
| CVE-2007-0065 | 1 Microsoft | 6 Office, Visual Basic, Windows 2000 and 3 more | 2025-04-09 | N/A |
| Heap-based buffer overflow in Object Linking and Embedding (OLE) Automation in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, Vista, Office 2004 for Mac, and Visual basic 6.0 SP6 allows remote attackers to execute arbitrary code via a crafted script request. | ||||
| CVE-2007-0066 | 1 Microsoft | 6 Home Server, Small Business Server, Windows 2000 and 3 more | 2025-04-09 | N/A |
| The kernel in Microsoft Windows 2000 SP4, XP SP2, and Server 2003, when ICMP Router Discovery Protocol (RDP) is enabled, allows remote attackers to cause a denial of service via fragmented router advertisement ICMP packets that trigger an out-of-bounds read, aka "Windows Kernel TCP/IP/ICMP Vulnerability." | ||||
| CVE-2007-0069 | 1 Microsoft | 3 Windows 2003 Server, Windows Vista, Windows Xp | 2025-04-09 | N/A |
| Unspecified vulnerability in the kernel in Microsoft Windows XP SP2, Server 2003, and Vista allows remote attackers to cause a denial of service (CPU consumption) and possibly execute arbitrary code via crafted (1) IGMPv3 and (2) MLDv2 packets that trigger memory corruption, aka "Windows Kernel TCP/IP/IGMPv3 and MLDv2 Vulnerability." | ||||
| CVE-2007-0217 | 1 Microsoft | 5 Ie, Internet Explorer, Windows 2000 and 2 more | 2025-04-09 | N/A |
| The wininet.dll FTP client code in Microsoft Internet Explorer 5.01 and 6 might allow remote attackers to execute arbitrary code via an FTP server response of a specific length that causes a terminating null byte to be written outside of a buffer, which causes heap corruption. | ||||
| CVE-2007-1043 | 9 Apple, Ezboo, Hp and 6 more | 18 Mac Os X, Webstats, Hp-ux and 15 more | 2025-04-09 | N/A |
| Ezboo webstats, possibly 3.0.3, allows remote attackers to bypass authentication and gain access via a direct request to (1) update.php and (2) config.php. | ||||
| CVE-2007-1212 | 1 Microsoft | 4 Windows 2000, Windows 2003 Server, Windows Vista and 1 more | 2025-04-09 | N/A |
| Buffer overflow in the Graphics Device Interface (GDI) in Microsoft Windows 2000 SP4; XP SP2; Server 2003 Gold, SP1, and SP2; and Vista allows local users to gain privileges via a crafted Enhanced Metafile (EMF) image format file. | ||||
| CVE-2007-1215 | 1 Microsoft | 4 Windows 2000, Windows 2003 Server, Windows Vista and 1 more | 2025-04-09 | N/A |
| Buffer overflow in the Graphics Device Interface (GDI) in Microsoft Windows 2000 SP4; XP SP2; Server 2003 Gold, SP1, and SP2; and Vista allows local users to gain privileges via certain "color-related parameters" in crafted images. | ||||
| CVE-2007-1692 | 1 Microsoft | 2 Windows 2000, Windows 2003 Server | 2025-04-09 | N/A |
| The default configuration of Microsoft Windows uses the Web Proxy Autodiscovery Protocol (WPAD) without static WPAD entries, which might allow remote attackers to intercept web traffic by registering a proxy server using WINS or DNS, then responding to WPAD requests, as demonstrated using Internet Explorer. NOTE: it could be argued that if an attacker already has control over WINS/DNS, then web traffic could already be intercepted by modifying WINS or DNS records, so this would not cross privilege boundaries and would not be a vulnerability. It has also been reported that DHCP is an alternate attack vector. | ||||