Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): cpe:2.3:o:microsoft:windows_2003_server:-:sp2:x64:*:*:*:*:*
- CPE Name Search: true
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2007-1090 |
Microsoft Windows Explorer on Windows XP and 2003 allows remote user-assisted attackers to cause a denial of service (crash) via a malformed WMF file, which triggers the crash when the user browses the folder. Published: February 26, 2007; 6:28:00 AM -0500 |
V3.x:(not available) V2.0: 7.1 HIGH |
CVE-2007-0843 |
The ReadDirectoryChangesW API function on Microsoft Windows 2000, XP, Server 2003, and Vista does not check permissions for child objects, which allows local users to bypass permissions by opening a directory with LIST (READ) access and using ReadDirectoryChangesW to monitor changes of files that do not have LIST permissions, which can be leveraged to determine filenames, access times, and other sensitive information. Published: February 22, 2007; 9:28:00 PM -0500 |
V3.x:(not available) V2.0: 4.6 MEDIUM |
CVE-2007-0214 |
The HTML Help ActiveX control (Hhctrl.ocx) in Microsoft Windows 2000 SP3, XP SP2 and Professional, 2003 SP1 allows remote attackers to execute arbitrary code via unspecified functions, related to uninitialized parameters. Published: February 13, 2007; 3:28:00 PM -0500 |
V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2007-0024 |
Integer overflow in the Vector Markup Language (VML) implementation (vgx.dll) in Microsoft Internet Explorer 5.01, 6, and 7 on Windows 2000 SP4, XP SP2, Server 2003, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a crafted web page that contains unspecified integer properties that cause insufficient memory allocation and trigger a buffer overflow, aka the "VML Buffer Overrun Vulnerability." Published: January 09, 2007; 6:28:00 PM -0500 |
V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2006-5559 |
The Execute method in the ADODB.Connection 2.7 and 2.8 ActiveX control objects (ADODB.Connection.2.7 and ADODB.Connection.2.8) in the Microsoft Data Access Components (MDAC) 2.5 SP3, 2.7 SP1, 2.8, and 2.8 SP1 does not properly track freed memory when the second argument is a BSTR, which allows remote attackers to cause a denial of service (Internet Explorer crash) and possibly execute arbitrary code via certain strings in the second and third arguments. Published: October 27, 2006; 12:07:00 PM -0400 |
V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2006-4868 |
Stack-based buffer overflow in the Vector Graphics Rendering engine (vgx.dll), as used in Microsoft Outlook and Internet Explorer 6.0 on Windows XP SP2, and possibly other versions, allows remote attackers to execute arbitrary code via a Vector Markup Language (VML) file with a long fill parameter within a rect tag. Published: September 19, 2006; 3:07:00 PM -0400 |
V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2006-2374 |
The Server Message Block (SMB) driver (MRXSMB.SYS) in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows local users to cause a denial of service (hang) by calling the MrxSmbCscIoctlCloseForCopyChunk with the file handle of the shadow device, which results in a deadlock, aka the "SMB Invalid Handle Vulnerability." Published: June 13, 2006; 3:06:00 PM -0400 |
V3.1: 5.5 MEDIUM V2.0: 2.1 LOW |