CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Microsoft : Security Vulnerabilities Published In 2003 (Execute Code)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2003-1407 119 Exec Code Overflow 2003-12-31 2008-09-05
7.2
Admin Local Low Not required Complete Complete Complete
Buffer overflow in cmd.exe in Windows NT 4.0 may allow local users to execute arbitrary code via a long pathname argument to the cd command.
2 CVE-2003-1378 264 Exec Code 2003-12-31 2008-09-05
8.8
None Remote Medium Not required Complete Complete None
Microsoft Outlook Express 6.0 and Outlook 2000, with the security zone set to Internet Zone, allows remote attackers to execute arbitrary programs via an HTML email with the CODEBASE parameter set to the program, a vulnerability similar to CAN-2002-0077.
3 CVE-2003-0897 Exec Code 2003-11-17 2008-09-05
4.6
User Local Low Not required Partial Partial Partial
"Shatter" vulnerability in CommCtl32.dll in Windows XP may allow local users to execute arbitrary code by sending (1) BCM_GETTEXTMARGIN or (2) BCM_SETTEXTMARGIN button control messages to privileged applications.
4 CVE-2003-0838 Exec Code Bypass 2003-11-17 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
Internet Explorer allows remote attackers to bypass zone restrictions to inject and execute arbitrary programs by creating a popup window and inserting ActiveX object code with a "data" tag pointing to the malicious code, which Internet Explorer treats as HTML or Javascript, but later executes as an HTA application, a different vulnerability than CVE-2003-0532, and as exploited using the QHosts Trojan horse (aka Trojan.Qhosts, QHosts-1, VBS.QHOSTS, or aolfix.exe).
5 CVE-2003-0822 Exec Code Overflow 2003-12-15 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
Buffer overflow in the debug functionality in fp30reg.dll of Microsoft FrontPage Server Extensions (FPSE) 2000 and 2002 allows remote attackers to execute arbitrary code via a crafted chunked encoded request.
6 CVE-2003-0821 Exec Code Bypass 2003-12-15 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
Microsoft Excel 97, 2000, and 2002 allows remote attackers to execute arbitrary code via a spreadsheet with a malicious XLM (Excel 4) macro that bypasses the macro security model.
7 CVE-2003-0820 Exec Code Overflow 2003-12-15 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
Microsoft Word 97, 98(J), 2000, and 2002, and Microsoft Works Suites 2001 through 2004, do not properly check the length of the "Macro names" data value, which could allow remote attackers to execute arbitrary code via a buffer overflow attack.
8 CVE-2003-0812 Exec Code Overflow 2003-12-15 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
Stack-based buffer overflow in a logging function for Windows Workstation Service (WKSSVC.DLL) allows remote attackers to execute arbitrary code via RPC calls that cause long entries to be written to a debug log file ("NetSetup.LOG"), as demonstrated using the NetAddAlternateComputerName API.
9 CVE-2003-0809 Exec Code 2003-11-17 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
Internet Explorer 5.01 through 6.0 does not properly handle object tags returned from a Web server during XML data binding, which allows remote attackers to execute arbitrary code via an HTML e-mail message or web page.
10 CVE-2003-0717 Exec Code Overflow 2003-11-17 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
The Messenger Service for Windows NT through Server 2003 does not properly verify the length of the message, which allows remote attackers to execute arbitrary code via a buffer overflow attack.
11 CVE-2003-0715 Exec Code Overflow 2003-09-17 2008-09-10
10.0
Admin Remote Low Not required Complete Complete Complete
Heap-based buffer overflow in the Distributed Component Object Model (DCOM) interface in the RPCSS Service allows remote attackers to execute arbitrary code via a malformed DCERPC DCOM object activation request packet with modified length fields, a different vulnerability than CVE-2003-0352 (Blaster/Nachi) and CVE-2003-0528.
12 CVE-2003-0711 Exec Code Overflow 2003-11-17 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
Stack-based buffer overflow in the PCHealth system in the Help and Support Center function in Windows XP and Windows Server 2003 allows remote attackers to execute arbitrary code via a long query in an HCP URL.
13 CVE-2003-0701 Exec Code Overflow 2003-08-27 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Buffer overflow in Internet Explorer 6 SP1 for certain languages that support double-byte encodings (e.g., Japanese) allows remote attackers to execute arbitrary code via the Type property of an Object tag, a variant of CVE-2003-0344.
14 CVE-2003-0666 Exec Code Overflow 2003-10-20 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Buffer overflow in Microsoft Wordperfect Converter allows remote attackers to execute arbitrary code via modified data offset and data size parameters in a Corel WordPerfect file.
15 CVE-2003-0665 Exec Code Overflow 2003-10-20 2012-09-12
7.5
User Remote Low Not required Partial Partial Partial
Buffer overflow in the ActiveX control for Microsoft Access Snapshot Viewer for Access 97, 2000, and 2002 allows remote attackers to execute arbitrary code via long parameters to the control.
16 CVE-2003-0662 119 Exec Code Overflow 2003-11-17 2008-09-10
9.3
Admin Remote Medium Not required Complete Complete Complete
Buffer overflow in Troubleshooter ActiveX Control (Tshoot.ocx) in Microsoft Windows 2000 SP4 and earlier allows remote attackers to execute arbitrary code via an HTML document with a long argument to the RunQuery2 method.
17 CVE-2003-0660 Exec Code 2003-11-17 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
The Authenticode capability in Microsoft Windows NT through Server 2003 does not prompt the user to download and install ActiveX controls when the system is low on memory, which could allow remote attackers execute arbitrary code without user approval.
18 CVE-2003-0659 Exec Code Overflow 2003-11-17 2008-09-10
7.2
Admin Local Low Not required Complete Complete Complete
Buffer overflow in a function in User32.dll on Windows NT through Server 2003 allows local users to execute arbitrary code via long (1) LB_DIR messages to ListBox or (2) CB_DIR messages to ComboBox controls in a privileged application.
19 CVE-2003-0532 Exec Code 2003-08-27 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
Internet Explorer 5.01 SP3 through 6.0 SP1 does not properly determine object types that are returned by web servers, which could allow remote attackers to execute arbitrary code via an object tag with a data parameter to a malicious file hosted on a server that returns an unsafe Content-Type, aka the "Object Type" vulnerability.
20 CVE-2003-0530 Exec Code Overflow 2003-08-27 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Buffer overflow in the BR549.DLL ActiveX control for Internet Explorer 5.01 SP3 through 6.0 SP1 allows remote attackers to execute arbitrary code.
21 CVE-2003-0528 Exec Code Overflow 2003-09-17 2008-09-10
10.0
Admin Remote Low Not required Complete Complete Complete
Heap-based buffer overflow in the Distributed Component Object Model (DCOM) interface in the RPCSS Service allows remote attackers to execute arbitrary code via a malformed RPC request with a long filename parameter, a different vulnerability than CVE-2003-0352 (Blaster/Nachi) and CVE-2003-0715.
22 CVE-2003-0507 DoS Exec Code Overflow 2003-08-07 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Stack-based buffer overflow in Active Directory in Windows 2000 before SP4 allows remote attackers to cause a denial of service (reboot) and possibly execute arbitrary code via an LDAP version 3 search request with a large number of (1) "AND," (2) "OR," and possibly other statements, which causes LSASS.EXE to crash.
23 CVE-2003-0503 DoS Exec Code Overflow 2003-08-07 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Buffer overflow in the ShellExecute API function of SHELL32.DLL in Windows 2000 before SP4 may allow attackers to cause a denial of service or execute arbitrary code via a long third argument.
24 CVE-2003-0469 DoS Exec Code Overflow 2003-08-07 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
Buffer overflow in the HTML Converter (HTML32.cnv) on various Windows operating systems allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via cut-and-paste operation, as demonstrated in Internet Explorer 5.0 using a long "align" argument in an HR tag.
25 CVE-2003-0353 Exec Code Overflow 2003-08-27 2010-08-21
7.5
User Remote Low Not required Partial Partial Partial
Buffer overflow in a component of SQL-DMO for Microsoft Data Access Components (MDAC) 2.5 through 2.7 allows remote attackers to execute arbitrary code via a long response to a broadcast request to UDP port 1434.
26 CVE-2003-0352 Exec Code Overflow 2003-08-18 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
Buffer overflow in a certain DCOM interface for RPC in Microsoft Windows NT 4.0, 2000, XP, and Server 2003 allows remote attackers to execute arbitrary code via a malformed message, as exploited by the Blaster/MSblast/LovSAN and Nachi/Welchia worms.
27 CVE-2003-0350 Exec Code 2003-08-18 2008-09-10
4.6
User Local Low Not required Partial Partial Partial
The control for listing accessibility options in the Accessibility Utility Manager on Windows 2000 (ListView) does not properly handle Windows messages, which allows local users to execute arbitrary code via a "Shatter" style message to the Utility Manager that references a user-controlled callback function.
28 CVE-2003-0349 Exec Code Overflow 2003-07-24 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
Buffer overflow in the streaming media component for logging multicast requests in the ISAPI for the logging capability of Microsoft Windows Media Services (nsiislog.dll), as installed in IIS 5.0, allows remote attackers to execute arbitrary code via a large POST request to nsiislog.dll.
29 CVE-2003-0347 Exec Code Overflow 2003-10-20 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
Heap-based buffer overflow in VBE.DLL and VBE6.DLL of Microsoft Visual Basic for Applications (VBA) SDK 5.0 through 6.3 allows remote attackers to execute arbitrary code via a document with a long ID parameter.
30 CVE-2003-0346 Exec Code Overflow 2003-08-27 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
Multiple integer overflows in a Microsoft Windows DirectX MIDI library (QUARTZ.DLL) allow remote attackers to execute arbitrary code via a MIDI (.mid) file with (1) large length for a Text or Copyright string, or (2) a large number of tracks, which leads to a heap-based buffer overflow.
31 CVE-2003-0345 DoS Exec Code Overflow 2003-08-18 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
Buffer overflow in the SMB capability for Microsoft Windows XP, 2000, and NT allows remote attackers to cause a denial of service and possibly execute arbitrary code via an SMB packet that specifies a smaller buffer length than is required.
32 CVE-2003-0344 Exec Code Overflow 2003-06-16 2008-09-10
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in Microsoft Internet Explorer 5.01, 5.5, and 6.0 allows remote attackers to execute arbitrary code via / (slash) characters in the Type property of an Object tag in a web page.
33 CVE-2003-0306 Exec Code Overflow 2003-06-09 2008-09-10
7.2
Admin Local Low Not required Complete Complete Complete
Buffer overflow in EXPLORER.EXE on Windows XP allows attackers to execute arbitrary code as the XP user via a desktop.ini file with a long .ShellClassInfo parameter.
34 CVE-2003-0233 Exec Code Overflow 2003-05-12 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
Heap-based buffer overflow in plugin.ocx for Internet Explorer 5.01, 5.5 and 6.0 allows remote attackers to execute arbitrary code via the Load() method, a different vulnerability than CVE-2003-0115.
35 CVE-2003-0232 Exec Code Overflow 2003-08-27 2008-09-10
7.2
Admin Local Low Not required Complete Complete Complete
Microsoft SQL Server 7, 2000, and MSDE allows local users to execute arbitrary code via a certain request to the Local Procedure Calls (LPC) port that leads to a buffer overflow.
36 CVE-2003-0228 Exec Code Dir. Trav. 2003-05-27 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
Directory traversal vulnerability in Microsoft Windows Media Player 7.1 and Windows Media Player for Windows XP allows remote attackers to execute arbitrary code via a skins file with a URL containing hex-encoded backslash characters (%5C) that causes an executable to be placed in an arbitrary location.
37 CVE-2003-0227 DoS Exec Code 2003-06-09 2008-09-10
5.0
None Remote Low Not required None None Partial
The logging capability for unicast and multicast transmissions in the ISAPI extension for Microsoft Windows Media Services in Microsoft Windows NT 4.0 and 2000, nsiislog.dll, allows remote attackers to cause a denial of service in Internet Information Server (IIS) and execute arbitrary code via a certain network request.
38 CVE-2003-0224 Exec Code Overflow 2003-06-09 2008-09-10
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in ssinc.dll for Microsoft Internet Information Services (IIS) 5.0 allows local users to execute arbitrary code via a web page with a Server Side Include (SSI) directive with a long filename, aka "Server Side Include Web Pages Buffer Overrun."
39 CVE-2003-0118 Exec Code Sql 2003-05-12 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Document Tracking and Administration (DTA) website of Microsoft BizTalk Server 2000 and 2002 allows remote attackers to execute operating system commands via a request to (1) rawdocdata.asp or (2) RawCustomSearchField.asp containing an embedded SQL statement.
40 CVE-2003-0117 Exec Code Overflow 2003-05-12 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
Buffer overflow in the HTTP receiver function (BizTalkHTTPReceive.dll ISAPI) of Microsoft BizTalk Server 2002 allows attackers to execute arbitrary code via a certain request to the HTTP receiver.
41 CVE-2003-0113 Exec Code Overflow 2003-05-12 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
Buffer overflow in URLMON.DLL in Microsoft Internet Explorer 5.01, 5.5 and 6.0 allows remote attackers to execute arbitrary code via an HTTP response containing long values in (1) Content-type and (2) Content-encoding fields.
42 CVE-2003-0111 Exec Code Bypass 2003-05-05 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
The ByteCode Verifier component of Microsoft Virtual Machine (VM) build 5.0.3809 and earlier, as used in Windows and Internet Explorer, allows remote attackers to bypass security checks and execute arbitrary code via a malicious Java applet, aka "Flaw in Microsoft VM Could Enable System Compromise."
43 CVE-2003-0109 Exec Code Overflow 2003-03-31 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
Buffer overflow in ntdll.dll on Microsoft Windows NT 4.0, Windows NT 4.0 Terminal Server Edition, Windows 2000, and Windows XP allows remote attackers to execute arbitrary code, as demonstrated via a WebDAV request to IIS 5.0.
44 CVE-2003-0010 Exec Code Overflow 2003-03-24 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
Integer overflow in JsArrayFunctionHeapSort function used by Windows Script Engine for JScript (JScript.dll) on various Windows operating system allows remote attackers to execute arbitrary code via a malicious web page or HTML e-mail that uses a large array index value that enables a heap-based buffer overflow attack.
45 CVE-2003-0004 Exec Code Overflow 2003-02-19 2008-09-10
7.2
Admin Local Low Not required Complete Complete Complete
Buffer overflow in the Windows Redirector function in Microsoft Windows XP allows local users to execute arbitrary code via a long parameter.
46 CVE-2003-0003 Exec Code Overflow 2003-02-07 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
Buffer overflow in the RPC Locator service for Microsoft Windows NT 4.0, Windows NT 4.0 Terminal Server Edition, Windows 2000, and Windows XP allows local users to execute arbitrary code via an RPC call to the service containing certain parameter information.
Total number of vulnerabilities : 46   Page : 1 (This Page)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.