Total
286 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2003-0717 | 1 Microsoft | 5 Windows 2000, Windows 2003 Server, Windows Me and 2 more | 2024-11-20 | 7.5 HIGH | N/A |
| The Messenger Service for Windows NT through Server 2003 does not properly verify the length of the message, which allows remote attackers to execute arbitrary code via a buffer overflow attack. | |||||
| CVE-2003-0715 | 1 Microsoft | 4 Windows 2000, Windows 2003 Server, Windows Nt and 1 more | 2024-11-20 | 10.0 HIGH | N/A |
| Heap-based buffer overflow in the Distributed Component Object Model (DCOM) interface in the RPCSS Service allows remote attackers to execute arbitrary code via a malformed DCERPC DCOM object activation request packet with modified length fields, a different vulnerability than CVE-2003-0352 (Blaster/Nachi) and CVE-2003-0528. | |||||
| CVE-2003-0711 | 1 Microsoft | 5 Windows 2000, Windows 2003 Server, Windows Me and 2 more | 2024-11-20 | 7.5 HIGH | N/A |
| Stack-based buffer overflow in the PCHealth system in the Help and Support Center function in Windows XP and Windows Server 2003 allows remote attackers to execute arbitrary code via a long query in an HCP URL. | |||||
| CVE-2003-0661 | 1 Microsoft | 4 Windows 2000, Windows 2003 Server, Windows Nt and 1 more | 2024-11-20 | 5.0 MEDIUM | N/A |
| The NetBT Name Service (NBNS) for NetBIOS in Windows NT 4.0, 2000, XP, and Server 2003 may include random memory in a response to a NBNS query, which could allow remote attackers to obtain sensitive information. | |||||
| CVE-2003-0660 | 1 Microsoft | 4 Windows 2000, Windows 2003 Server, Windows Nt and 1 more | 2024-11-20 | 7.5 HIGH | N/A |
| The Authenticode capability in Microsoft Windows NT through Server 2003 does not prompt the user to download and install ActiveX controls when the system is low on memory, which could allow remote attackers to execute arbitrary code without user approval. | |||||
| CVE-2003-0659 | 1 Microsoft | 4 Windows 2000, Windows 2003 Server, Windows Nt and 1 more | 2024-11-20 | 7.2 HIGH | N/A |
| Buffer overflow in a function in User32.dll on Windows NT through Server 2003 allows local users to execute arbitrary code via long (1) LB_DIR messages to ListBox or (2) CB_DIR messages to ComboBox controls in a privileged application. | |||||
| CVE-2003-0533 | 1 Microsoft | 7 Netmeeting, Windows 2000, Windows 2003 Server and 4 more | 2024-11-20 | 7.5 HIGH | N/A |
| Stack-based buffer overflow in certain Active Directory service functions in LSASRV.DLL of the Local Security Authority Subsystem Service (LSASS) in Microsoft Windows NT 4.0 SP6a, 2000 SP2 through SP4, XP SP1, Server 2003, NetMeeting, Windows 98, and Windows ME, allows remote attackers to execute arbitrary code via a packet that causes the DsRolerUpgradeDownlevelServer function to create long debug entries for the DCPROMO.LOG log file, as exploited by the Sasser worm. | |||||
| CVE-2003-0528 | 1 Microsoft | 4 Windows 2000, Windows 2003 Server, Windows Nt and 1 more | 2024-11-20 | 10.0 HIGH | N/A |
| Heap-based buffer overflow in the Distributed Component Object Model (DCOM) interface in the RPCSS Service allows remote attackers to execute arbitrary code via a malformed RPC request with a long filename parameter, a different vulnerability than CVE-2003-0352 (Blaster/Nachi) and CVE-2003-0715. | |||||
| CVE-2003-0525 | 1 Microsoft | 1 Windows Nt | 2024-11-20 | 5.0 MEDIUM | N/A |
| The getCanonicalPath function in Windows NT 4.0 may free memory that it does not own and cause heap corruption, which allows attackers to cause a denial of service (crash) via requests that cause a long file name to be passed to getCanonicalPath, as demonstrated on the IBM JVM using a long string to the java.io.getCanonicalPath Java method. | |||||
| CVE-2003-0469 | 1 Microsoft | 7 Windows 2000, Windows 2003 Server, Windows 98 and 4 more | 2024-11-20 | 7.5 HIGH | N/A |
| Buffer overflow in the HTML Converter (HTML32.cnv) on various Windows operating systems allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via cut-and-paste operation, as demonstrated in Internet Explorer 5.0 using a long "align" argument in an HR tag. | |||||
| CVE-2003-0352 | 1 Microsoft | 4 Windows 2000, Windows 2003 Server, Windows Nt and 1 more | 2024-11-20 | 7.5 HIGH | N/A |
| Buffer overflow in a certain DCOM interface for RPC in Microsoft Windows NT 4.0, 2000, XP, and Server 2003 allows remote attackers to execute arbitrary code via a malformed message, as exploited by the Blaster/MSblast/LovSAN and Nachi/Welchia worms. | |||||
| CVE-2003-0345 | 1 Microsoft | 3 Windows 2000, Windows Nt, Windows Xp | 2024-11-20 | 7.5 HIGH | N/A |
| Buffer overflow in the SMB capability for Microsoft Windows XP, 2000, and NT allows remote attackers to cause a denial of service and possibly execute arbitrary code via an SMB packet that specifies a smaller buffer length than is required. | |||||
| CVE-2003-0227 | 1 Microsoft | 2 Windows 2000, Windows Nt | 2024-11-20 | 5.0 MEDIUM | N/A |
| The logging capability for unicast and multicast transmissions in the ISAPI extension for Microsoft Windows Media Services in Microsoft Windows NT 4.0 and 2000, nsiislog.dll, allows remote attackers to cause a denial of service in Internet Information Server (IIS) and execute arbitrary code via a certain network request. | |||||
| CVE-2003-0112 | 1 Microsoft | 4 Windows 2000, Windows 2000 Terminal Services, Windows Nt and 1 more | 2024-11-20 | 4.6 MEDIUM | N/A |
| Buffer overflow in Windows Kernel allows local users to gain privileges by causing certain error messages to be passed to a debugger. | |||||
| CVE-2003-0010 | 1 Microsoft | 7 Windows 2000, Windows 2000 Terminal Services, Windows 98 and 4 more | 2024-11-20 | 7.5 HIGH | N/A |
| Integer overflow in JsArrayFunctionHeapSort function used by Windows Script Engine for JScript (JScript.dll) on various Windows operating system allows remote attackers to execute arbitrary code via a malicious web page or HTML e-mail that uses a large array index value that enables a heap-based buffer overflow attack. | |||||
| CVE-2003-0003 | 1 Microsoft | 4 Windows 2000, Windows 2000 Terminal Services, Windows Nt and 1 more | 2024-11-20 | 7.5 HIGH | N/A |
| Buffer overflow in the RPC Locator service for Microsoft Windows NT 4.0, Windows NT 4.0 Terminal Server Edition, Windows 2000, and Windows XP allows local users to execute arbitrary code via an RPC call to the service containing certain parameter information. | |||||
| CVE-2002-2413 | 2 Deerfield, Microsoft | 3 Website Pro, Windows 9x, Windows Nt | 2024-11-20 | 5.0 MEDIUM | N/A |
| WebSite Pro 3.1.11.0 on Windows allows remote attackers to read script source code for files with extensions greater than 3 characters via a URL request that uses the equivalent 8.3 file name. | |||||
| CVE-2002-2401 | 1 Microsoft | 3 Windows 2000, Windows Nt, Windows Xp | 2024-11-20 | 3.6 LOW | N/A |
| NT Virtual DOS Machine (NTVDM.EXE) in Windows 2000, NT and XP does not verify user execution permissions for 16-bit executable files, which allows local users to bypass the loader and execute arbitrary programs. | |||||
| CVE-2002-2073 | 1 Microsoft | 3 Site Server, Site Server Commerce, Windows Nt | 2024-11-20 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the default ASP pages on Microsoft Site Server 3.0 on Windows NT 4.0 allows remote attackers to inject arbitrary web script or HTML via the (1) ctr parameter in Default.asp and (2) the query string to formslogin.asp. | |||||
| CVE-2002-2028 | 1 Microsoft | 3 Windows 2000, Windows Nt, Windows Xp | 2024-11-20 | 2.1 LOW | N/A |
| The screensaver on Windows NT 4.0, 2000, XP, and 2002 does not verify if a domain account has already been locked when a valid password is provided, which makes it easier for users with physical access to conduct brute force password guessing. | |||||