Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): cpe:2.3:o:microsoft:windows_2003_server:-:*:*:*:*:*:*:*
There are 400 matching records.
Displaying matches 361 through 380.
Vuln ID Summary CVSS Severity
CVE-2007-5143

F-Secure Anti-Virus for Windows Servers 7.0 64-bit edition allows local users to bypass virus scanning by using the system32 directory to store a crafted (1) archive or (2) packed executable. NOTE: in many environments, this does not cross privilege boundaries because any process able to write to system32 could also shut off F-Secure Anti-Virus.

Published: October 01, 2007; 1:17:00 AM -0400
V3.x:(not available)
V2.0: 1.9 LOW
CVE-2007-5133

Microsoft Windows Explorer (explorer.exe) allows user-assisted remote attackers to cause a denial of service (CPU consumption) via a certain PNG file with a large tEXt chunk that possibly triggers an integer overflow in PNG chunk size handling, as demonstrated by badlycrafted.png.

Published: September 27, 2007; 3:17:00 PM -0400
V3.x:(not available)
V2.0: 7.1 HIGH
CVE-2007-4938

Heap-based buffer overflow in libmpdemux/aviheader.c in MPlayer 1.0rc1 and earlier allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a .avi file with certain large "indx truck size" and nEntriesInuse values, and a certain wLongsPerEntry value.

Published: September 18, 2007; 3:17:00 PM -0400
V3.x:(not available)
V2.0: 7.6 HIGH
CVE-2007-3036

Unspecified vulnerability in the (1) Windows Services for UNIX 3.0 and 3.5, and (2) Subsystem for UNIX-based Applications in Microsoft Windows 2000, XP, Server 2003, and Vista allows local users to gain privileges via unspecified vectors related to "certain setuid binary files."

Published: September 11, 2007; 9:17:00 PM -0400
V3.x:(not available)
V2.0: 6.9 MEDIUM
CVE-2007-4372

Unspecified vulnerability in NetWin SurgeMail 38k on Windows Server 2003 has unknown impact and remote attack vectors. NOTE: this information is based upon a vague advisory by a vulnerability information sales organization that does not coordinate with vendors or release actionable advisories. A CVE has been assigned for tracking purposes, but duplicates with other CVEs are difficult to determine.

Published: August 16, 2007; 2:17:00 PM -0400
V3.x:(not available)
V2.0: 10.0 HIGH
CVE-2007-2224

Object linking and embedding (OLE) Automation, as used in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, Office 2004 for Mac, and Visual Basic 6.0 allows remote attackers to execute arbitrary code via the substringData method on a TextNode object, which causes an integer overflow that leads to a buffer overflow.

Published: August 14, 2007; 5:17:00 PM -0400
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2007-3034

Integer overflow in the AttemptWrite function in Graphics Rendering Engine (GDI) on Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a crafted metafile (image) with a large record length value, which triggers a heap-based buffer overflow.

Published: August 14, 2007; 5:17:00 PM -0400
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2007-4041

Multiple argument injection vulnerabilities in Mozilla Firefox 2.0.0.5 and 3.0alpha allow remote attackers to execute arbitrary commands via a NULL byte (%00) and shell metacharacters in a (1) mailto, (2) nntp, (3) news, (4) snews, or (5) telnet URI, a similar issue to CVE-2007-3670.

Published: July 27, 2007; 6:30:00 PM -0400
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2007-4042

Multiple argument injection vulnerabilities in Netscape Navigator 9 allow remote attackers to execute arbitrary commands via a NULL byte (%00) and shell metacharacters in a (1) mailto, (2) nntp, (3) news, (4) snews, or (5) telnet URI, a similar issue to CVE-2007-3670.

Published: July 27, 2007; 6:30:00 PM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2007-0040

The LDAP service in Windows Active Directory in Microsoft Windows 2000 Server SP4, Server 2003 SP1 and SP2, Server 2003 x64 Edition and SP2, and Server 2003 for Itanium-based Systems SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted LDAP request with an unspecified number of "convertible attributes."

Published: July 10, 2007; 6:30:00 PM -0400
V3.x:(not available)
V2.0: 10.0 HIGH
CVE-2007-0041

The PE Loader service in Microsoft .NET Framework 1.0, 1.1, and 2.0 for Windows 2000, XP, Server 2003, and Vista allows remote attackers to execute arbitrary code via unspecified vectors involving an "unchecked buffer" and unvalidated message lengths, probably a buffer overflow.

Published: July 10, 2007; 6:30:00 PM -0400
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2007-0042

Interpretation conflict in ASP.NET in Microsoft .NET Framework 1.0, 1.1, and 2.0 for Windows 2000, XP, Server 2003, and Vista allows remote attackers to access configuration files and obtain sensitive information, and possibly bypass security mechanisms that try to constrain the final substring of a string, via %00 characters, related to use of %00 as a string terminator within POSIX functions but a data character within .NET strings, aka "Null Byte Termination Vulnerability."

Published: July 10, 2007; 6:30:00 PM -0400
V3.x:(not available)
V2.0: 7.8 HIGH
CVE-2007-0043

The Just In Time (JIT) Compiler service in Microsoft .NET Framework 1.0, 1.1, and 2.0 for Windows 2000, XP, Server 2003, and Vista allows user-assisted remote attackers to execute arbitrary code via unspecified vectors involving an "unchecked buffer," probably a buffer overflow, aka ".NET JIT Compiler Vulnerability".

Published: July 10, 2007; 6:30:00 PM -0400
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2006-7210

Microsoft Windows 2000, XP, and Server 2003 allows remote attackers to cause a denial of service (cpu consumption) via a PNG image with crafted (1) Width and (2) Height values in the IHDR block.

Published: June 27, 2007; 1:30:00 PM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2007-2227

The MHTML protocol handler in Microsoft Outlook Express 6 and Windows Mail in Windows Vista does not properly handle Content-Disposition "notifications," which allows remote attackers to obtain sensitive information from other Internet Explorer domains, aka "Content Disposition Parsing Cross Domain Information Disclosure Vulnerability."

Published: June 12, 2007; 5:30:00 PM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2007-2219

Unspecified vulnerability in the Win32 API on Microsoft Windows 2000, XP SP2, and Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via certain parameters to an unspecified function.

Published: June 12, 2007; 4:30:00 PM -0400
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2007-2225

A component in Microsoft Outlook Express 6 and Windows Mail in Windows Vista does not properly handle certain HTTP headers when processing MHTML protocol URLs, which allows remote attackers to obtain sensitive information from other Internet Explorer domains, aka "URL Parsing Cross Domain Information Disclosure Vulnerability."

Published: June 12, 2007; 4:30:00 PM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2007-0218

Microsoft Internet Explorer 5.01 and 6 allows remote attackers to execute arbitrary code by instantiating certain COM objects from Urlmon.dll, which triggers memory corruption during a call to the IObjectSafety function.

Published: June 12, 2007; 3:30:00 PM -0400
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2007-1750

Unspecified vulnerability in Microsoft Internet Explorer 6 allows remote attackers to execute arbitrary code via a crafted Cascading Style Sheets (CSS) tag that triggers memory corruption.

Published: June 12, 2007; 3:30:00 PM -0400
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2007-1751

Microsoft Internet Explorer 5.01, 6, and 7 allows remote attackers to execute arbitrary code by causing Internet Explorer to access an uninitialized or deleted object, related to prototype variables and table cells, aka "Uninitialized Memory Corruption Vulnerability."

Published: June 12, 2007; 3:30:00 PM -0400
V3.x:(not available)
V2.0: 9.3 HIGH