Total
546 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-0010 | 1 Microsoft | 7 Windows 2000, Windows 2003 Server, Windows 98 and 4 more | 2025-04-03 | 9.3 HIGH | N/A |
| Heap-based buffer overflow in T2EMBED.DLL in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 up to SP1, Windows 98, and Windows ME allows remote attackers to execute arbitrary code via an e-mail message or web page with a crafted Embedded Open Type (EOT) web font that triggers the overflow during decompression. | |||||
| CVE-2005-2126 | 1 Microsoft | 4 Ie, Windows 2000, Windows 2003 Server and 1 more | 2025-04-03 | 2.6 LOW | N/A |
| The FTP client in Windows XP SP1 and Server 2003, and Internet Explorer 6 SP1 on Windows 2000 SP4, when "Enable Folder View for FTP Sites" is enabled and the user manually initiates a file transfer, allows user-assisted, remote FTP servers to overwrite files in arbitrary locations via crafted filenames. | |||||
| CVE-2006-1314 | 1 Microsoft | 3 Windows 2000, Windows 2003 Server, Windows Xp | 2025-04-03 | 7.5 HIGH | N/A |
| Heap-based buffer overflow in the Server Service (SRV.SYS driver) in Microsoft Windows 2000 SP4, XP SP1 and SP2, Server 2003 up to SP1, and other products, allows remote attackers to execute arbitrary code via crafted first-class Mailslot messages that triggers memory corruption and bypasses size restrictions on second-class Mailslot messages. | |||||
| CVE-2004-0571 | 1 Microsoft | 7 Windows 2000, Windows 2003 Server, Windows 98 and 4 more | 2025-04-03 | 10.0 HIGH | N/A |
| Microsoft Word for Windows 6.0 Converter does not properly validate certain data lengths, which allows remote attackers to execute arbitrary code via a .wri, .rtf, and .doc file sent by email or malicious web site, aka "Table Conversion Vulnerability," a different vulnerability than CVE-2004-0901. | |||||
| CVE-2005-1978 | 1 Microsoft | 3 Windows 2000, Windows 2003 Server, Windows Xp | 2025-04-03 | 7.5 HIGH | N/A |
| COM+ in Microsoft Windows does not properly "create and use memory structures," which allows local users or remote attackers to execute arbitrary code. | |||||
| CVE-2005-2765 | 1 Microsoft | 2 Windows 2003 Server, Windows Xp | 2025-04-03 | 2.1 LOW | N/A |
| The user interface in the Windows Firewall does not properly display certain malformed entries in the Windows Registry, which makes it easier for attackers with administrator privileges to hide activities if the administrator only uses the Windows Firewall interface to monitor exceptions. NOTE: the vendor disputes this issue, saying that since administrative privileges are already required, it is not a vulnerability. CVE has not yet formally decided if such "information hiding" issues should be included. | |||||
| CVE-2006-0008 | 1 Microsoft | 3 Office, Windows 2003 Server, Windows Xp | 2025-04-03 | 7.2 HIGH | N/A |
| The ShellAbout API call in Korean Input Method Editor (IME) in Korean versions of Microsoft Windows XP SP1 and SP2, Windows Server 2003 up to SP1, and Office 2003, allows local users to gain privileges by launching the "shell about dialog box" and clicking the "End-User License Agreement" link, which executes Notepad with the privileges of the program that displays the about box. | |||||
| CVE-2003-0807 | 1 Microsoft | 4 Windows 2000, Windows 2003 Server, Windows Nt and 1 more | 2025-04-03 | 5.0 MEDIUM | N/A |
| Buffer overflow in the COM Internet Services and in the RPC over HTTP Proxy components for Microsoft Windows NT Server 4.0, NT 4.0 Terminal Server Edition, 2000, XP, and Server 2003 allows remote attackers to cause a denial of service via a crafted request. | |||||
| CVE-2005-1981 | 1 Microsoft | 2 Windows 2000, Windows 2003 Server | 2025-04-03 | 2.1 LOW | N/A |
| Unknown vulnerability in Microsoft Windows 2000 Server and Windows Server 2003 domain controllers allows remote authenticated users to cause a denial of service (system crash) via a crafted Kerberos message. | |||||
| CVE-2005-2124 | 1 Microsoft | 3 Windows 2000, Windows 2003 Server, Windows Xp | 2025-04-03 | 7.6 HIGH | N/A |
| Unspecified vulnerability in the Graphics Rendering Engine (GDI32.DLL) in Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1, related to "An unchecked buffer" and possibly buffer overflows, allows remote attackers to execute arbitrary code via a crafted Windows Metafile (WMF) format image, aka "Windows Metafile Vulnerability." | |||||
| CVE-2003-0715 | 1 Microsoft | 4 Windows 2000, Windows 2003 Server, Windows Nt and 1 more | 2025-04-03 | 10.0 HIGH | N/A |
| Heap-based buffer overflow in the Distributed Component Object Model (DCOM) interface in the RPCSS Service allows remote attackers to execute arbitrary code via a malformed DCERPC DCOM object activation request packet with modified length fields, a different vulnerability than CVE-2003-0352 (Blaster/Nachi) and CVE-2003-0528. | |||||
| CVE-2005-4560 | 1 Microsoft | 2 Windows 2003 Server, Windows Xp | 2025-04-03 | 7.5 HIGH | N/A |
| The Windows Graphical Device Interface library (GDI32.DLL) in Microsoft Windows allows remote attackers to execute arbitrary code via a Windows Metafile (WMF) format image with a crafted SETABORTPROC GDI Escape function call, related to the Windows Picture and Fax Viewer (SHIMGVW.DLL), a different vulnerability than CVE-2005-2123 and CVE-2005-2124, and as originally discovered in the wild on unionseek.com. | |||||
| CVE-2005-3945 | 1 Microsoft | 2 Windows 2000, Windows 2003 Server | 2025-04-03 | 7.8 HIGH | N/A |
| The SynAttackProtect protection in Microsoft Windows 2003 before SP1 and Windows 2000 before SP4 with Update Roll-up uses a hash of predictable data, which allows remote attackers to cause a denial of service (CPU consumption) via a flood of SYN packets that produce identical hash values, which slows down the hash table lookups. | |||||
| CVE-2005-1935 | 1 Microsoft | 4 Windows 2000, Windows 2003 Server, Windows Nt and 1 more | 2025-04-03 | 7.5 HIGH | N/A |
| Heap-based buffer overflow in the BERDecBitString function in Microsoft ASN.1 library (MSASN1.DLL) allows remote attackers to execute arbitrary code via nested constructed bit strings, which leads to a realloc of a non-null pointer and causes the function to overwrite previously freed memory, as demonstrated using a SPNEGO token with a constructed bit string during HTTP authentication, and a different vulnerability than CVE-2003-0818. NOTE: the researcher has claimed that MS:MS04-007 fixes this issue. | |||||
| CVE-2004-1049 | 1 Microsoft | 4 Windows 2000, Windows 2003 Server, Windows Nt and 1 more | 2025-04-03 | 5.1 MEDIUM | N/A |
| Integer overflow in the LoadImage API of the USER32 Lib for Microsoft Windows allows remote attackers to execute arbitrary code via a .bmp, .cur, .ico or .ani file with a large image size field, which leads to a buffer overflow, aka the "Cursor and Icon Format Handling Vulnerability." | |||||
| CVE-2004-0200 | 1 Microsoft | 24 .net Framework, Digital Image Pro, Digital Image Suite and 21 more | 2025-04-03 | 9.3 HIGH | N/A |
| Buffer overflow in the JPEG (JPG) parsing engine in the Microsoft Graphic Device Interface Plus (GDI+) component, GDIPlus.dll, allows remote attackers to execute arbitrary code via a JPEG image with a small JPEG COM field length that is normalized to a large integer length before a memory copy operation. | |||||
| CVE-2004-0892 | 1 Microsoft | 3 Isa Server, Proxy Server, Windows 2003 Server | 2025-04-03 | 7.5 HIGH | N/A |
| Microsoft Proxy Server 2.0 and Microsoft ISA Server 2000 (which is included in Small Business Server 2000 and Small Business Server 2003 Premium Edition) allows remote attackers to spoof trusted Internet content on a specially crafted webpage via spoofed reverse DNS lookup results. | |||||
| CVE-2003-0825 | 1 Microsoft | 3 Windows 2000, Windows 2003 Server, Windows Nt | 2025-04-03 | 9.3 HIGH | N/A |
| The Windows Internet Naming Service (WINS) for Microsoft Windows Server 2003, and possibly Windows NT and Server 2000, does not properly validate the length of certain packets, which allows attackers to cause a denial of service and possibly execute arbitrary code. | |||||
| CVE-2004-0120 | 1 Microsoft | 3 Windows 2000, Windows 2003 Server, Windows Xp | 2025-04-03 | 5.0 MEDIUM | N/A |
| The Microsoft Secure Sockets Layer (SSL) library, as used in Windows 2000, Windows XP, and Windows Server 2003, allows remote attackers to cause a denial of service via malformed SSL messages. | |||||
| CVE-2006-0012 | 1 Microsoft | 6 Windows 2000, Windows 2003 Server, Windows 98 and 3 more | 2025-04-03 | 5.1 MEDIUM | N/A |
| Unspecified vulnerability in Windows Explorer in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allows remote attackers to execute arbitrary code via attack vectors involving COM objects and "crafted files and directories," aka the "Windows Shell Vulnerability." | |||||