Microsoft » Windows 2003 Server : Security Vulnerabilities (CVSS score between 6 and 6.99)

CVSS Scores Greater Than: 0 1 2 3 4 5 6 7 8 9

Sort Results By : Cve Number Descending Cve Number Ascending CVSS Score Descending Number Of Exploits Descending

Copy Results Download Results Select Table

#	CVE ID	CWE ID	# of Exploits	Vulnerability Type(s)	Publish Date	Update Date	Score	Gained Access Level	Access	Complexity	Authentication	Conf.	Integ.	Avail.
1	CVE-2010-3959	94		+Priv	2010-12-16	2011-07-18	6.9	None	Local	Medium	Not required	Complete	Complete	Complete
The OpenType Font (OTF) driver in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges via a crafted CMAP table in an OpenType font, aka "OpenType CMAP Table Vulnerability."
2	CVE-2010-3957	399		+Priv	2010-12-16	2011-07-18	6.9	None	Local	Medium	Not required	Complete	Complete	Complete
Double free vulnerability in the OpenType Font (OTF) driver in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges via a crafted OpenType font, aka "OpenType Font Double Free Vulnerability."
3	CVE-2010-1896	20		+Priv	2010-08-11	2010-09-17	6.6	Admin	Local	Medium	Single system	Complete	Complete	Complete
The Windows kernel-mode drivers in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, and Windows Server 2008 Gold and SP2 do not properly validate user-mode input passed to kernel mode, which allows local users to gain privileges via a crafted application, aka "Win32k User Input Validation Vulnerability."
4	CVE-2010-1895	264		Overflow +Priv	2010-08-11	2010-09-17	6.6	Admin	Local	Medium	Single system	Complete	Complete	Complete
The Windows kernel-mode drivers in win32k.sys in Microsoft Windows XP SP2 and SP3, and Windows Server 2003 SP2, do not properly perform memory allocation before copying user-mode data to kernel mode, which allows local users to gain privileges via a crafted application, aka "Win32k Pool Overflow Vulnerability."
5	CVE-2010-1894	264		+Priv	2010-08-11	2010-09-17	6.6	Admin	Local	Medium	Single system	Complete	Complete	Complete
The Windows kernel-mode drivers in win32k.sys in Microsoft Windows XP SP2 and SP3, and Windows Server 2003 SP2, do not properly handle unspecified exceptions, which allows local users to gain privileges via a crafted application, aka "Win32k Exception Handling Vulnerability."
6	CVE-2010-1886	264		+Priv	2010-08-16	2010-08-17	6.8	None	Local	Low	Single system	Complete	Complete	Complete
Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 SP2 and R2, and Windows 7 allow local users to gain privileges by leveraging access to a process with NetworkService credentials, as demonstrated by TAPI Server, SQL Server, and IIS processes, and related to the Windows Service Isolation feature. NOTE: the vendor states that privilege escalation from NetworkService to LocalSystem does not cross a "security boundary."
7	CVE-2010-1690	20			2010-05-07	2010-05-10	6.4	None	Remote	Low	Not required	None	Partial	Partial
The DNS implementation in smtpsvc.dll before 6.0.2600.5949 in Microsoft Windows 2000 SP4 and earlier, Windows XP SP3 and earlier, Windows Server 2003 SP2 and earlier, Windows Server 2008 SP2 and earlier, Windows Server 2008 R2, Exchange Server 2003 SP3 and earlier, Exchange Server 2007 SP2 and earlier, and Exchange Server 2010 does not verify that transaction IDs of responses match transaction IDs of queries, which makes it easier for man-in-the-middle attackers to spoof DNS responses, a different vulnerability than CVE-2010-0024 and CVE-2010-0025.
8	CVE-2010-1689	310			2010-05-07	2010-05-10	6.4	None	Remote	Low	Not required	None	Partial	Partial
The DNS implementation in smtpsvc.dll before 6.0.2600.5949 in Microsoft Windows 2000 SP4 and earlier, Windows XP SP3 and earlier, Windows Server 2003 SP2 and earlier, Windows Server 2008 SP2 and earlier, Windows Server 2008 R2, Exchange Server 2003 SP3 and earlier, Exchange Server 2007 SP2 and earlier, and Exchange Server 2010 uses predictable transaction IDs that are formed by incrementing a previous ID by 1, which makes it easier for man-in-the-middle attackers to spoof DNS responses, a different vulnerability than CVE-2010-0024 and CVE-2010-0025.
9	CVE-2010-1255	94		Exec Code	2010-06-08	2010-08-21	6.8	Admin	Local	Low	Single system	Complete	Complete	Complete
The Windows kernel-mode drivers in win32k.sys in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, Server 2008 Gold and SP2, Windows 7, and Server 2008 R2 allows local users to execute arbitrary code via vectors related to "glyph outline information" and TrueType fonts, aka "Win32k TrueType Font Parsing Vulnerability."
10	CVE-2010-0812	264		Bypass	2010-04-14	2010-08-21	6.4	None	Remote	Low	Not required	Partial	Partial	None
Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allow remote attackers to bypass intended IPv4 source-address restrictions via a mismatched IPv6 source address in a tunneled ISATAP packet, aka "ISATAP IPv6 Source Address Spoofing Vulnerability."
11	CVE-2010-0485	20		Exec Code	2010-06-08	2010-08-21	6.8	Admin	Local	Low	Single system	Complete	Complete	Complete
The Windows kernel-mode drivers in win32k.sys in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, Server 2008 Gold and SP2, Windows 7, and Server 2008 R2 "do not properly validate all callback parameters when creating a new window," which allows local users to execute arbitrary code, aka "Win32k Window Creation Vulnerability."
12	CVE-2010-0484	20		Exec Code	2010-06-08	2010-08-21	6.8	Admin	Local	Low	Single system	Complete	Complete	Complete
The Windows kernel-mode drivers in win32k.sys in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, and Server 2008 Gold and SP2 "do not properly validate changes in certain kernel objects," which allows local users to execute arbitrary code via vectors related to Device Contexts (DC) and the GetDCEx function, aka "Win32k Improper Data Validation Vulnerability."
13	CVE-2010-0236	399		+Priv	2010-04-14	2010-08-21	6.8	Admin	Local	Low	Single system	Complete	Complete	Complete
The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, and Vista Gold does not properly allocate memory for the destination key associated with a symbolic-link registry key, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Memory Allocation Vulnerability."
14	CVE-2010-0023	264		+Priv +Info	2010-02-10	2010-08-21	6.9	Admin	Local	Medium	Not required	Complete	Complete	Complete
The Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 does not properly kill processes after a logout, which allows local users to obtain sensitive information or gain privileges via a crafted application that continues to execute throughout the logout of one user and the login session of the next user, aka "CSRSS Local Privilege Elevation Vulnerability."
15	CVE-2009-3675	399		DoS	2009-12-09	2010-08-21	6.8	None	Remote	Low	Single system	None	None	Complete
LSASS.exe in the Local Security Authority Subsystem Service (LSASS) in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote authenticated users to cause a denial of service (CPU consumption) via a malformed ISAKMP request over IPsec, aka "Local Security Authority Subsystem Service Resource Exhaustion Vulnerability."
16	CVE-2009-2513	20		+Priv	2009-11-11	2010-08-21	6.8	None	Local	Low	Single system	Complete	Complete	Complete
The Graphics Device Interface (GDI) in win32k.sys in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Win32k Insufficient Data Validation Vulnerability."
17	CVE-2009-2510	310			2009-10-14	2010-08-21	6.8	None	Remote	Medium	Not required	Partial	Partial	Partial
The CryptoAPI component in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7, as used by Internet Explorer and other applications, does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, aka "Null Truncation in X.509 Common Name Vulnerability," a related issue to CVE-2009-2408.
18	CVE-2009-1127	20		+Priv	2009-11-11	2010-08-21	6.8	None	Local	Low	Single system	Complete	Complete	Complete
win32k.sys in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 does not correctly validate an argument to an unspecified system call, which allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, aka "Win32k NULL Pointer Dereferencing Vulnerability."
19	CVE-2008-0088	20		DoS	2008-02-12	2008-09-05	6.8	None	Remote	Low	Single system	None	None	Complete
Unspecified vulnerability in Active Directory on Microsoft Windows 2000 and Windows Server 2003, and Active Directory Application Mode (ADAM) on XP and Server 2003, allows remote attackers to cause a denial of service (hang and restart) via a crafted LDAP request.
20	CVE-2007-3898	16			2007-11-13	2008-09-05	6.4	None	Remote	Low	Not required	None	Partial	Partial
The DNS server in Microsoft Windows 2000 Server SP4, and Server 2003 SP1 and SP2, uses predictable transaction IDs when querying other DNS servers, which allows remote attackers to spoof DNS replies, poison the DNS cache, and facilitate further attack vectors.
21	CVE-2007-3036	264		+Priv	2007-09-11	2008-09-05	6.9	Admin	Local	Medium	Not required	Complete	Complete	Complete
Unspecified vulnerability in the (1) Windows Services for UNIX 3.0 and 3.5, and (2) Subsystem for UNIX-based Applications in Microsoft Windows 2000, XP, Server 2003, and Vista allows local users to gain privileges via unspecified vectors related to "certain setuid binary files."
22	CVE-2007-1912		1	Overflow	2007-04-10	2008-09-05	6.8	User	Remote	Medium	Not required	Partial	Partial	Partial
Heap-based buffer overflow in Microsoft Windows allows user-assisted remote attackers to have an unknown impact via a crafted .HLP file.
23	CVE-2007-1212			Overflow +Priv	2007-04-04	2008-09-05	6.6	Admin	Local	Medium	Single system	Complete	Complete	Complete
Buffer overflow in the Graphics Device Interface (GDI) in Microsoft Windows 2000 SP4; XP SP2; Server 2003 Gold, SP1, and SP2; and Vista allows local users to gain privileges via a crafted Enhanced Metafile (EMF) image format file.
24	CVE-2006-6696	119		Overflow +Priv	2006-12-21	2009-09-24	6.9	Admin	Local	Medium	Not required	Complete	Complete	Complete
Double free vulnerability in Microsoft Windows 2000, XP, 2003, and Vista allows local users to gain privileges by calling the MessageBox function with a MB_SERVICE_NOTIFICATION message with crafted data, which sends a HardError message to Client/Server Runtime Server Subsystem (CSRSS) process, which is not properly handled when invoking the UserHardError and GetHardErrorText functions in WINSRV.DLL.
25	CVE-2006-5585			+Priv	2006-12-12	2008-09-05	6.8	Admin	Local	Low	Single system	Complete	Complete	Complete
The Client-Server Run-time Subsystem in Microsoft Windows XP SP2 and Server 2003 allows local users to gain privileges via a crafted file manifest within an application, aka "File Manifest Corruption Vulnerability."
26	CVE-2006-4702			Exec Code Overflow	2006-12-12	2008-09-05	6.8	User	Remote	Medium	Not required	Partial	Partial	Partial
Buffer overflow in the Windows Media Format Runtime in Microsoft Windows Media Player (WMP) 6.4 and Windows XP SP2, Server 2003, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a crafted Advanced Systems Format (ASF) file.
27	CVE-2006-2378			Exec Code Overflow	2006-06-13	2008-09-05	6.8	User	Remote	Medium	Not required	Partial	Partial	Partial
Buffer overflow in the ART Image Rendering component (jgdw400.dll) in Microsoft Windows XP SP1 and Sp2, Server 2003 SP1 and earlier, and Windows 98 and Me allows remote attackers to execute arbitrary code via a crafted ART image that causes heap corruption.
28	CVE-2006-1313			Exec Code Mem. Corr.	2006-06-13	2008-09-05	6.8	User	Remote	Medium	Not required	Partial	Partial	Partial
Microsoft JScript 5.1, 5.5, and 5.6 on Windows 2000 SP4, and 5.6 on Windows XP, Server 2003, Windows 98 and Windows Me, will "release objects early" in certain cases, which results in memory corruption and allows remote attackers to execute arbitrary code.
29	CVE-2006-0013			Exec Code Overflow	2006-02-14	2008-09-05	6.5	User	Remote	Low	Single system	Partial	Partial	Partial
Buffer overflow in the Web Client service (WebClnt.dll) for Microsoft Windows XP SP1 and SP2, and Server 2003 up to SP1, allows remote authenticated users or Guests to execute arbitrary code via crafted RPC requests, a different vulnerability than CVE-2005-1207.
30	CVE-2003-0904	200		+Info	2004-01-20	2008-09-10	6.0	User	Remote	Medium	Single system	Partial	Partial	Partial
Microsoft Exchange 2003 and Outlook Web Access (OWA), when configured to use NTLM authentication, does not properly reuse HTTP connections, which can cause OWA users to view mailboxes of other users when Kerberos has been disabled as an authentication method for IIS 6.0, e.g. when SharePoint Services 2.0 is installed.

Total number of vulnerabilities : 30 Page : 1 (This Page)