CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Microsoft : Security Vulnerabilities Published In 2003 (Overflow)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2003-1484 119 DoS Overflow 2003-12-31 2008-09-05
4.3
None Remote Medium Not required None None Partial
Microsoft Internet Explorer 6.0 SP1 allows remote attackers to cause a denial of service (crash) by creating a DHTML link that uses the AnchorClick "A" object with a blank href attribute.
2 CVE-2003-1407 119 Exec Code Overflow 2003-12-31 2008-09-05
7.2
Admin Local Low Not required Complete Complete Complete
Buffer overflow in cmd.exe in Windows NT 4.0 may allow local users to execute arbitrary code via a long pathname argument to the cd command.
3 CVE-2003-0822 Exec Code Overflow 2003-12-15 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
Buffer overflow in the debug functionality in fp30reg.dll of Microsoft FrontPage Server Extensions (FPSE) 2000 and 2002 allows remote attackers to execute arbitrary code via a crafted chunked encoded request.
4 CVE-2003-0820 Exec Code Overflow 2003-12-15 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
Microsoft Word 97, 98(J), 2000, and 2002, and Microsoft Works Suites 2001 through 2004, do not properly check the length of the "Macro names" data value, which could allow remote attackers to execute arbitrary code via a buffer overflow attack.
5 CVE-2003-0812 Exec Code Overflow 2003-12-15 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
Stack-based buffer overflow in a logging function for Windows Workstation Service (WKSSVC.DLL) allows remote attackers to execute arbitrary code via RPC calls that cause long entries to be written to a debug log file ("NetSetup.LOG"), as demonstrated using the NetAddAlternateComputerName API.
6 CVE-2003-0717 Exec Code Overflow 2003-11-17 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
The Messenger Service for Windows NT through Server 2003 does not properly verify the length of the message, which allows remote attackers to execute arbitrary code via a buffer overflow attack.
7 CVE-2003-0715 Exec Code Overflow 2003-09-17 2008-09-10
10.0
Admin Remote Low Not required Complete Complete Complete
Heap-based buffer overflow in the Distributed Component Object Model (DCOM) interface in the RPCSS Service allows remote attackers to execute arbitrary code via a malformed DCERPC DCOM object activation request packet with modified length fields, a different vulnerability than CVE-2003-0352 (Blaster/Nachi) and CVE-2003-0528.
8 CVE-2003-0714 DoS Overflow 2003-11-17 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
The Internet Mail Service in Exchange Server 5.5 and Exchange 2000 allows remote attackers to cause a denial of service (memory exhaustion) by directly connecting to the SMTP service and sending a certain extended verb request, possibly triggering a buffer overflow in Exchange 2000.
9 CVE-2003-0711 Exec Code Overflow 2003-11-17 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
Stack-based buffer overflow in the PCHealth system in the Help and Support Center function in Windows XP and Windows Server 2003 allows remote attackers to execute arbitrary code via a long query in an HCP URL.
10 CVE-2003-0701 Exec Code Overflow 2003-08-27 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Buffer overflow in Internet Explorer 6 SP1 for certain languages that support double-byte encodings (e.g., Japanese) allows remote attackers to execute arbitrary code via the Type property of an Object tag, a variant of CVE-2003-0344.
11 CVE-2003-0666 Exec Code Overflow 2003-10-20 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Buffer overflow in Microsoft Wordperfect Converter allows remote attackers to execute arbitrary code via modified data offset and data size parameters in a Corel WordPerfect file.
12 CVE-2003-0665 Exec Code Overflow 2003-10-20 2012-09-12
7.5
User Remote Low Not required Partial Partial Partial
Buffer overflow in the ActiveX control for Microsoft Access Snapshot Viewer for Access 97, 2000, and 2002 allows remote attackers to execute arbitrary code via long parameters to the control.
13 CVE-2003-0662 119 Exec Code Overflow 2003-11-17 2008-09-10
9.3
Admin Remote Medium Not required Complete Complete Complete
Buffer overflow in Troubleshooter ActiveX Control (Tshoot.ocx) in Microsoft Windows 2000 SP4 and earlier allows remote attackers to execute arbitrary code via an HTML document with a long argument to the RunQuery2 method.
14 CVE-2003-0659 Exec Code Overflow 2003-11-17 2008-09-10
7.2
Admin Local Low Not required Complete Complete Complete
Buffer overflow in a function in User32.dll on Windows NT through Server 2003 allows local users to execute arbitrary code via long (1) LB_DIR messages to ListBox or (2) CB_DIR messages to ComboBox controls in a privileged application.
15 CVE-2003-0530 Exec Code Overflow 2003-08-27 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Buffer overflow in the BR549.DLL ActiveX control for Internet Explorer 5.01 SP3 through 6.0 SP1 allows remote attackers to execute arbitrary code.
16 CVE-2003-0528 Exec Code Overflow 2003-09-17 2008-09-10
10.0
Admin Remote Low Not required Complete Complete Complete
Heap-based buffer overflow in the Distributed Component Object Model (DCOM) interface in the RPCSS Service allows remote attackers to execute arbitrary code via a malformed RPC request with a long filename parameter, a different vulnerability than CVE-2003-0352 (Blaster/Nachi) and CVE-2003-0715.
17 CVE-2003-0507 DoS Exec Code Overflow 2003-08-07 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Stack-based buffer overflow in Active Directory in Windows 2000 before SP4 allows remote attackers to cause a denial of service (reboot) and possibly execute arbitrary code via an LDAP version 3 search request with a large number of (1) "AND," (2) "OR," and possibly other statements, which causes LSASS.EXE to crash.
18 CVE-2003-0503 DoS Exec Code Overflow 2003-08-07 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Buffer overflow in the ShellExecute API function of SHELL32.DLL in Windows 2000 before SP4 may allow attackers to cause a denial of service or execute arbitrary code via a long third argument.
19 CVE-2003-0469 DoS Exec Code Overflow 2003-08-07 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
Buffer overflow in the HTML Converter (HTML32.cnv) on various Windows operating systems allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via cut-and-paste operation, as demonstrated in Internet Explorer 5.0 using a long "align" argument in an HR tag.
20 CVE-2003-0353 Exec Code Overflow 2003-08-27 2010-08-21
7.5
User Remote Low Not required Partial Partial Partial
Buffer overflow in a component of SQL-DMO for Microsoft Data Access Components (MDAC) 2.5 through 2.7 allows remote attackers to execute arbitrary code via a long response to a broadcast request to UDP port 1434.
21 CVE-2003-0352 Exec Code Overflow 2003-08-18 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
Buffer overflow in a certain DCOM interface for RPC in Microsoft Windows NT 4.0, 2000, XP, and Server 2003 allows remote attackers to execute arbitrary code via a malformed message, as exploited by the Blaster/MSblast/LovSAN and Nachi/Welchia worms.
22 CVE-2003-0349 Exec Code Overflow 2003-07-24 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
Buffer overflow in the streaming media component for logging multicast requests in the ISAPI for the logging capability of Microsoft Windows Media Services (nsiislog.dll), as installed in IIS 5.0, allows remote attackers to execute arbitrary code via a large POST request to nsiislog.dll.
23 CVE-2003-0347 Exec Code Overflow 2003-10-20 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
Heap-based buffer overflow in VBE.DLL and VBE6.DLL of Microsoft Visual Basic for Applications (VBA) SDK 5.0 through 6.3 allows remote attackers to execute arbitrary code via a document with a long ID parameter.
24 CVE-2003-0346 Exec Code Overflow 2003-08-27 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
Multiple integer overflows in a Microsoft Windows DirectX MIDI library (QUARTZ.DLL) allow remote attackers to execute arbitrary code via a MIDI (.mid) file with (1) large length for a Text or Copyright string, or (2) a large number of tracks, which leads to a heap-based buffer overflow.
25 CVE-2003-0345 DoS Exec Code Overflow 2003-08-18 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
Buffer overflow in the SMB capability for Microsoft Windows XP, 2000, and NT allows remote attackers to cause a denial of service and possibly execute arbitrary code via an SMB packet that specifies a smaller buffer length than is required.
26 CVE-2003-0344 Exec Code Overflow 2003-06-16 2008-09-10
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in Microsoft Internet Explorer 5.01, 5.5, and 6.0 allows remote attackers to execute arbitrary code via / (slash) characters in the Type property of an Object tag in a web page.
27 CVE-2003-0306 Exec Code Overflow 2003-06-09 2008-09-10
7.2
Admin Local Low Not required Complete Complete Complete
Buffer overflow in EXPLORER.EXE on Windows XP allows attackers to execute arbitrary code as the XP user via a desktop.ini file with a long .ShellClassInfo parameter.
28 CVE-2003-0301 DoS Overflow 2003-06-16 2008-09-05
5.0
None Remote Low Not required None None Partial
The IMAP Client for Outlook Express 6.00.2800.1106 allows remote malicious IMAP servers to cause a denial of service (crash) via certain large literal size values that cause either integer signedness errors or integer overflow errors.
29 CVE-2003-0300 DoS Overflow 2003-06-16 2008-09-05
5.0
None Remote Low Not required None None Partial
The IMAP Client for Sylpheed 0.8.11 allows remote malicious IMAP servers to cause a denial of service (crash) via certain large literal size values that cause either integer signedness errors or integer overflow errors.
30 CVE-2003-0233 Exec Code Overflow 2003-05-12 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
Heap-based buffer overflow in plugin.ocx for Internet Explorer 5.01, 5.5 and 6.0 allows remote attackers to execute arbitrary code via the Load() method, a different vulnerability than CVE-2003-0115.
31 CVE-2003-0232 Exec Code Overflow 2003-08-27 2008-09-10
7.2
Admin Local Low Not required Complete Complete Complete
Microsoft SQL Server 7, 2000, and MSDE allows local users to execute arbitrary code via a certain request to the Local Procedure Calls (LPC) port that leads to a buffer overflow.
32 CVE-2003-0224 Exec Code Overflow 2003-06-09 2008-09-10
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in ssinc.dll for Microsoft Internet Information Services (IIS) 5.0 allows local users to execute arbitrary code via a web page with a Server Side Include (SSI) directive with a long filename, aka "Server Side Include Web Pages Buffer Overrun."
33 CVE-2003-0117 Exec Code Overflow 2003-05-12 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
Buffer overflow in the HTTP receiver function (BizTalkHTTPReceive.dll ISAPI) of Microsoft BizTalk Server 2002 allows attackers to execute arbitrary code via a certain request to the HTTP receiver.
34 CVE-2003-0113 Exec Code Overflow 2003-05-12 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
Buffer overflow in URLMON.DLL in Microsoft Internet Explorer 5.01, 5.5 and 6.0 allows remote attackers to execute arbitrary code via an HTTP response containing long values in (1) Content-type and (2) Content-encoding fields.
35 CVE-2003-0112 Overflow +Priv 2003-05-12 2008-09-10
4.6
User Local Low Not required Partial Partial Partial
Buffer overflow in Windows Kernel allows local users to gain privileges by causing certain error messages to be passed to a debugger.
36 CVE-2003-0109 Exec Code Overflow 2003-03-31 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
Buffer overflow in ntdll.dll on Microsoft Windows NT 4.0, Windows NT 4.0 Terminal Server Edition, Windows 2000, and Windows XP allows remote attackers to execute arbitrary code, as demonstrated via a WebDAV request to IIS 5.0.
37 CVE-2003-0010 Exec Code Overflow 2003-03-24 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
Integer overflow in JsArrayFunctionHeapSort function used by Windows Script Engine for JScript (JScript.dll) on various Windows operating system allows remote attackers to execute arbitrary code via a malicious web page or HTML e-mail that uses a large array index value that enables a heap-based buffer overflow attack.
38 CVE-2003-0004 Exec Code Overflow 2003-02-19 2008-09-10
7.2
Admin Local Low Not required Complete Complete Complete
Buffer overflow in the Windows Redirector function in Microsoft Windows XP allows local users to execute arbitrary code via a long parameter.
39 CVE-2003-0003 Exec Code Overflow 2003-02-07 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
Buffer overflow in the RPC Locator service for Microsoft Windows NT 4.0, Windows NT 4.0 Terminal Server Edition, Windows 2000, and Windows XP allows local users to execute arbitrary code via an RPC call to the service containing certain parameter information.
Total number of vulnerabilities : 39   Page : 1 (This Page)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.