Microsoft » Windows 2003 Server : Security Vulnerabilities, CVEs, Published In 2007 (Overflow) CVSS score >= 4
Stack-based buffer overflow in Microsoft msjet40.dll 4.0.8618.0 (aka Microsoft Jet Engine), as used by Access 2003 in Microsoft Office 2003 SP3, allows user-assisted attackers to execute arbitrary code via a crafted MDB file database file containing a column structure with a modified column count. NOTE: this might be the same issue as CVE-2005-0944.
Max CVSS
9.3
EPSS Score
68.92%
Published
2007-11-20
Updated
2018-10-15
Microsoft Windows Explorer (explorer.exe) allows user-assisted remote attackers to cause a denial of service (CPU consumption) via a certain PNG file with a large tEXt chunk that possibly triggers an integer overflow in PNG chunk size handling, as demonstrated by badlycrafted.png.
Max CVSS
7.1
EPSS Score
19.03%
Published
2007-09-27
Updated
2021-07-07
Integer overflow in the AttemptWrite function in Graphics Rendering Engine (GDI) on Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a crafted metafile (image) with a large record length value, which triggers a heap-based buffer overflow.
Max CVSS
9.3
EPSS Score
95.71%
Published
2007-08-14
Updated
2019-02-26
Heap-based buffer overflow in Microsoft Windows allows user-assisted remote attackers to have an unknown impact via a crafted .HLP file.
Max CVSS
6.8
EPSS Score
21.44%
Published
2007-04-10
Updated
2017-10-11
CVE-2007-1748
Public exploit
Stack-based buffer overflow in the RPC interface in the Domain Name System (DNS) Server Service in Microsoft Windows 2000 Server SP 4, Server 2003 SP 1, and Server 2003 SP 2 allows remote attackers to execute arbitrary code via a long zone name containing character constants represented by escape sequences.
Max CVSS
10.0
EPSS Score
96.76%
Published
2007-04-13
Updated
2019-04-30
Buffer overflow in the Graphics Device Interface (GDI) in Microsoft Windows 2000 SP4; XP SP2; Server 2003 Gold, SP1, and SP2; and Vista allows local users to gain privileges via certain "color-related parameters" in crafted images.
Max CVSS
7.2
EPSS Score
0.04%
Published
2007-04-04
Updated
2018-10-16
Buffer overflow in the Graphics Device Interface (GDI) in Microsoft Windows 2000 SP4; XP SP2; Server 2003 Gold, SP1, and SP2; and Vista allows local users to gain privileges via a crafted Enhanced Metafile (EMF) image format file.
Max CVSS
6.6
EPSS Score
0.04%
Published
2007-04-04
Updated
2018-10-16
CVE-2007-0038
Public exploit
Stack-based buffer overflow in the animated cursor code in Microsoft Windows 2000 SP4 through Vista allows remote attackers to execute arbitrary code or cause a denial of service (persistent reboot) via a large length value in the second (or later) anih block of a RIFF .ANI, cur, or .ico file, which results in memory corruption when processing cursors, animated cursors, and icons, a variant of CVE-2005-0416, as originally demonstrated using Internet Explorer 6 and 7. NOTE: this might be a duplicate of CVE-2007-1765; if so, then CVE-2007-0038 should be preferred.
Max CVSS
9.3
EPSS Score
31.43%
Published
2007-03-30
Updated
2018-10-16
The MFC component in Microsoft Windows 2000 SP4, XP SP2, and 2003 SP1 and Visual Studio .NET 2000, 2002 SP1, 2003, and 2003 SP1 allows user-assisted remote attackers to execute arbitrary code via an RTF file with a malformed OLE object that triggers memory corruption. NOTE: this might be due to a stack-based buffer overflow in the AfxOleSetEditMenu function in MFC42u.dll.
Max CVSS
9.3
EPSS Score
67.24%
Published
2007-02-13
Updated
2018-10-12
9 vulnerabilities found