CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Microsoft » Windows Nt : Security Vulnerabilities Published In 2003

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2003-1407 119 Exec Code Overflow 2003-12-31 2008-09-05
7.2
Admin Local Low Not required Complete Complete Complete
Buffer overflow in cmd.exe in Windows NT 4.0 may allow local users to execute arbitrary code via a long pathname argument to the cd command.
2 CVE-2003-1357 16 2003-12-31 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
ProxyView has a default administrator password of Administrator for Embedded Windows NT, which allows remote attackers to gain access.
3 CVE-2003-0813 DoS 2003-11-17 2008-09-10
5.1
User Remote High Not required Partial Partial Partial
A multi-threaded race condition in the Windows RPC DCOM functionality with the MS03-039 patch installed allows remote attackers to cause a denial of service (crash or reboot) by causing two threads to process the same RPC request, which causes one thread to use memory after it has been freed, a different vulnerability than CVE-2003-0352 (Blaster/Nachi), CVE-2003-0715, and CVE-2003-0528, and as demonstrated by certain exploits against those vulnerabilities.
4 CVE-2003-0717 Exec Code Overflow 2003-11-17 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
The Messenger Service for Windows NT through Server 2003 does not properly verify the length of the message, which allows remote attackers to execute arbitrary code via a buffer overflow attack.
5 CVE-2003-0715 Exec Code Overflow 2003-09-17 2008-09-10
10.0
Admin Remote Low Not required Complete Complete Complete
Heap-based buffer overflow in the Distributed Component Object Model (DCOM) interface in the RPCSS Service allows remote attackers to execute arbitrary code via a malformed DCERPC DCOM object activation request packet with modified length fields, a different vulnerability than CVE-2003-0352 (Blaster/Nachi) and CVE-2003-0528.
6 CVE-2003-0711 Exec Code Overflow 2003-11-17 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
Stack-based buffer overflow in the PCHealth system in the Help and Support Center function in Windows XP and Windows Server 2003 allows remote attackers to execute arbitrary code via a long query in an HCP URL.
7 CVE-2003-0661 +Info 2003-10-20 2008-09-10
5.0
None Remote Low Not required Partial None None
The NetBT Name Service (NBNS) for NetBIOS in Windows NT 4.0, 2000, XP, and Server 2003 may include random memory in a response to a NBNS query, which could allow remote attackers to obtain sensitive information.
8 CVE-2003-0660 Exec Code 2003-11-17 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
The Authenticode capability in Microsoft Windows NT through Server 2003 does not prompt the user to download and install ActiveX controls when the system is low on memory, which could allow remote attackers execute arbitrary code without user approval.
9 CVE-2003-0659 Exec Code Overflow 2003-11-17 2008-09-10
7.2
Admin Local Low Not required Complete Complete Complete
Buffer overflow in a function in User32.dll on Windows NT through Server 2003 allows local users to execute arbitrary code via long (1) LB_DIR messages to ListBox or (2) CB_DIR messages to ComboBox controls in a privileged application.
10 CVE-2003-0528 Exec Code Overflow 2003-09-17 2008-09-10
10.0
Admin Remote Low Not required Complete Complete Complete
Heap-based buffer overflow in the Distributed Component Object Model (DCOM) interface in the RPCSS Service allows remote attackers to execute arbitrary code via a malformed RPC request with a long filename parameter, a different vulnerability than CVE-2003-0352 (Blaster/Nachi) and CVE-2003-0715.
11 CVE-2003-0525 DoS Mem. Corr. 2003-08-27 2008-09-10
5.0
None Remote Low Not required None None Partial
The getCanonicalPath function in Windows NT 4.0 may free memory that it does not own and cause heap corruption, which allows attackers to cause a denial of service (crash) via requests that cause a long file name to be passed to getCanonicalPath, as demonstrated on the IBM JVM using a long string to the java.io.getCanonicalPath Java method.
12 CVE-2003-0469 DoS Exec Code Overflow 2003-08-07 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
Buffer overflow in the HTML Converter (HTML32.cnv) on various Windows operating systems allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via cut-and-paste operation, as demonstrated in Internet Explorer 5.0 using a long "align" argument in an HR tag.
13 CVE-2003-0352 Exec Code Overflow 2003-08-18 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
Buffer overflow in a certain DCOM interface for RPC in Microsoft Windows NT 4.0, 2000, XP, and Server 2003 allows remote attackers to execute arbitrary code via a malformed message, as exploited by the Blaster/MSblast/LovSAN and Nachi/Welchia worms.
14 CVE-2003-0345 DoS Exec Code Overflow 2003-08-18 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
Buffer overflow in the SMB capability for Microsoft Windows XP, 2000, and NT allows remote attackers to cause a denial of service and possibly execute arbitrary code via an SMB packet that specifies a smaller buffer length than is required.
15 CVE-2003-0112 Overflow +Priv 2003-05-12 2008-09-10
4.6
User Local Low Not required Partial Partial Partial
Buffer overflow in Windows Kernel allows local users to gain privileges by causing certain error messages to be passed to a debugger.
16 CVE-2003-0010 Exec Code Overflow 2003-03-24 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
Integer overflow in JsArrayFunctionHeapSort function used by Windows Script Engine for JScript (JScript.dll) on various Windows operating system allows remote attackers to execute arbitrary code via a malicious web page or HTML e-mail that uses a large array index value that enables a heap-based buffer overflow attack.
17 CVE-2003-0003 Exec Code Overflow 2003-02-07 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
Buffer overflow in the RPC Locator service for Microsoft Windows NT 4.0, Windows NT 4.0 Terminal Server Edition, Windows 2000, and Windows XP allows local users to execute arbitrary code via an RPC call to the service containing certain parameter information.
18 CVE-2002-1561 DoS 2003-04-02 2008-09-10
5.0
None Remote Low Not required None None Partial
The RPC component in Windows 2000, Windows NT 4.0, and Windows XP allows remote attackers to cause a denial of service (disabled RPC service) via a malformed packet to the RPC Endpoint Mapper at TCP port 135, which triggers a null pointer dereference.
Total number of vulnerabilities : 18   Page : 1 (This Page)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.