Search Results (Refine Search)
- Keyword (text search): cpe:/o:microsoft:windows_2003_server
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2010-4701 |
Heap-based buffer overflow in the CDrawPoly::Serialize function in fxscover.exe in Microsoft Windows Fax Services Cover Page Editor 5.2 r2 in Windows XP Professional SP3, Server 2003 R2 Enterprise Edition SP2, and Windows 7 Professional allows remote attackers to execute arbitrary code via a long record in a Fax Cover Page (.cov) file. NOTE: some of these details are obtained from third party information. Published: January 20, 2011; 2:00:07 PM -0500 |
V3.x:(not available) V2.0: 7.6 HIGH |
CVE-2011-0027 |
Microsoft Data Access Components (MDAC) 2.8 SP1 and SP2, and Windows Data Access Components (WDAC) 6.0, does not properly validate memory allocation for internal data structures, which allows remote attackers to execute arbitrary code, possibly via a large CacheSize property that triggers an integer wrap and a buffer overflow, aka "ADO Record Memory Vulnerability." NOTE: this might be a duplicate of CVE-2010-1117 or CVE-2010-1118. Published: January 11, 2011; 8:00:01 PM -0500 |
V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2011-0026 |
Integer signedness error in the SQLConnectW function in an ODBC API (odbc32.dll) in Microsoft Data Access Components (MDAC) 2.8 SP1 and SP2, and Windows Data Access Components (WDAC) 6.0, allows remote attackers to execute arbitrary code via a long string in the Data Source Name (DSN) and a crafted szDSN argument, which bypasses a signed comparison and leads to a buffer overflow, aka "DSN Overflow Vulnerability." Published: January 11, 2011; 8:00:01 PM -0500 |
V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2011-0346 |
Use-after-free vulnerability in the ReleaseInterface function in MSHTML.DLL in Microsoft Internet Explorer 6, 7, and 8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to the DOM implementation and the BreakAASpecial and BreakCircularMemoryReferences functions, as demonstrated by cross_fuzz, aka "MSHTML Memory Corruption Vulnerability." Published: January 07, 2011; 6:00:20 PM -0500 |
V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2010-4669 |
The Neighbor Discovery (ND) protocol implementation in the IPv6 stack in Microsoft Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, and Windows 7 allows remote attackers to cause a denial of service (CPU consumption and system hang) by sending many Router Advertisement (RA) messages with different source addresses, as demonstrated by the flood_router6 program in the thc-ipv6 package. Published: January 07, 2011; 7:00:49 AM -0500 |
V3.x:(not available) V2.0: 7.8 HIGH |
CVE-2010-3963 |
Buffer overflow in the Routing and Remote Access NDProxy component in the kernel in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows local users to gain privileges via a crafted application, related to the Routing and Remote Access service (RRAS) and improper copying from user mode to the kernel, aka "Kernel NDProxy Buffer Overflow Vulnerability." Published: December 16, 2010; 2:33:03 PM -0500 |
V3.x:(not available) V2.0: 7.2 HIGH |
CVE-2010-3959 |
The OpenType Font (OTF) driver in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges via a crafted CMAP table in an OpenType font, aka "OpenType CMAP Table Vulnerability." Published: December 16, 2010; 2:33:03 PM -0500 |
V3.x:(not available) V2.0: 6.9 MEDIUM |
CVE-2010-3957 |
Double free vulnerability in the OpenType Font (OTF) driver in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges via a crafted OpenType font, aka "OpenType Font Double Free Vulnerability." Published: December 16, 2010; 2:33:03 PM -0500 |
V3.x:(not available) V2.0: 6.9 MEDIUM |
CVE-2010-3956 |
The OpenType Font (OTF) driver in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly perform array indexing, which allows local users to gain privileges via a crafted OpenType font, aka "OpenType Font Index Vulnerability." Published: December 16, 2010; 2:33:03 PM -0500 |
V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2010-3943 |
win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly link driver objects, which allows local users to gain privileges via a crafted application that triggers linked-list corruption, aka "Win32k Cursor Linking Vulnerability." Published: December 16, 2010; 2:33:02 PM -0500 |
V3.x:(not available) V2.0: 7.2 HIGH |
CVE-2010-3942 |
win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly allocate memory for copies from user mode, which allows local users to gain privileges via a crafted application, aka "Win32k WriteAV Vulnerability." Published: December 16, 2010; 2:33:02 PM -0500 |
V3.x:(not available) V2.0: 7.2 HIGH |
CVE-2010-3941 |
Double free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold and SP2, and Windows 7 allows local users to gain privileges via a crafted application, aka "Win32k Double Free Vulnerability." Published: December 16, 2010; 2:33:02 PM -0500 |
V3.x:(not available) V2.0: 7.2 HIGH |
CVE-2010-3940 |
Double free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges via a crafted application, aka "Win32k PFE Pointer Double Free Vulnerability." Published: December 16, 2010; 2:33:02 PM -0500 |
V3.x:(not available) V2.0: 7.2 HIGH |
CVE-2010-3939 |
Buffer overflow in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges via vectors related to improper memory allocation for copies from user mode, aka "Win32k Buffer Overflow Vulnerability." Published: December 16, 2010; 2:33:02 PM -0500 |
V3.x:(not available) V2.0: 7.2 HIGH |
CVE-2010-3340 |
Microsoft Internet Explorer 6 and 7 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "HTML Object Memory Corruption Vulnerability." Published: December 16, 2010; 2:33:02 PM -0500 |
V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2010-2742 |
The Netlogon RPC Service in Microsoft Windows Server 2003 SP2 and Server 2008 Gold, SP2, and R2, when the domain controller role is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and reboot) via a crafted RPC packet, aka "Netlogon RPC Null dereference DOS Vulnerability." Published: December 16, 2010; 2:33:02 PM -0500 |
V3.x:(not available) V2.0: 5.4 MEDIUM |
CVE-2010-4398 |
Stack-based buffer overflow in the RtlQueryRegistryValues function in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges, and bypass the User Account Control (UAC) feature, via a crafted REG_BINARY value for a SystemDefaultEUDCFont registry key, aka "Driver Improper Interaction with Windows Kernel Vulnerability." Published: December 06, 2010; 8:44:54 AM -0500 |
V3.x:(not available) V2.0: 7.2 HIGH |
CVE-2010-3331 |
Microsoft Internet Explorer 6 through 8 does not properly handle objects in memory in certain circumstances involving use of Microsoft Word to read Word documents, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability." Published: October 13, 2010; 3:00:46 PM -0400 |
V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2010-3330 |
Microsoft Internet Explorer 6 through 8 does not properly restrict script access to content from a different (1) domain or (2) zone, which allows remote attackers to obtain sensitive information via a crafted web site, aka "Cross-Domain Information Disclosure Vulnerability." Published: October 13, 2010; 3:00:46 PM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2010-3329 |
mshtmled.dll in Microsoft Internet Explorer 7 and 8 allows remote attackers to execute arbitrary code via a crafted Microsoft Office document that causes the HtmlDlgHelper class destructor to access uninitialized memory, aka "Uninitialized Memory Corruption Vulnerability." Published: October 13, 2010; 3:00:46 PM -0400 |
V3.x:(not available) V2.0: 9.3 HIGH |