Microsoft : Security Vulnerabilities, CVEs, Published In 2003 (Denial of service) CVSS score >= 2
Unrestricted critical resource lock in Terminal Services for Windows 2000 before SP4 and Windows XP allows remote authenticated users to cause a denial of service (reboot) by obtaining a read lock on msgina.dll, which prevents msgina.dll from being loaded.
Max CVSS
6.8
EPSS Score
1.07%
Published
2003-12-31
Updated
2017-08-08
Microsoft Internet Explorer 6.0 allows remote attackers to cause a denial of service (crash) by creating a web page or HTML e-mail with a textarea in a div element whose scrollbar-base-color is modified by a CSS style, which is then moved.
Max CVSS
4.3
EPSS Score
11.09%
Published
2003-12-31
Updated
2021-07-23
Microsoft Internet Explorer 6.0 SP1 allows remote attackers to cause a denial of service (crash) by creating a DHTML link that uses the AnchorClick "A" object with a blank href attribute.
Max CVSS
4.3
EPSS Score
1.40%
Published
2003-12-31
Updated
2017-07-29
Memory leak in the Windows 2000 kernel allows remote attackers to cause a denial of service (SMB request hang) via a NetBIOS continuation packet.
Max CVSS
7.8
EPSS Score
12.38%
Published
2003-12-31
Updated
2019-04-30
Pocket Internet Explorer (PIE) 3.0 allows remote attackers to cause a denial of service (crash) via a Javascript function that uses the object.innerHTML function to recursively call that function.
Max CVSS
5.0
EPSS Score
5.91%
Published
2003-12-31
Updated
2008-09-05
Unknown vulnerability in Internet Explorer 5.01 SP3 through 6.0 SP1 allows remote attackers to cause a denial of service (browser or Outlook Express crash) via HTML with certain input tags that are not properly rendered.
Max CVSS
2.6
EPSS Score
1.56%
Published
2003-12-31
Updated
2021-07-23
Unknown vulnerability in the SmartHTML interpreter (shtml.dll) in Microsoft FrontPage Server Extensions 2000 and 2002, and Microsoft SharePoint Team Services 2002, allows remote attackers to cause a denial of service (response failure) via a certain request.
Max CVSS
5.0
EPSS Score
40.20%
Published
2003-12-15
Updated
2019-04-30
A multi-threaded race condition in the Windows RPC DCOM functionality with the MS03-039 patch installed allows remote attackers to cause a denial of service (crash or reboot) by causing two threads to process the same RPC request, which causes one thread to use memory after it has been freed, a different vulnerability than CVE-2003-0352 (Blaster/Nachi), CVE-2003-0715, and CVE-2003-0528, and as demonstrated by certain exploits against those vulnerabilities.
Max CVSS
5.1
EPSS Score
60.83%
Published
2003-11-17
Updated
2024-02-15
CVE-2003-0714
Public exploit
The Internet Mail Service in Exchange Server 5.5 and Exchange 2000 allows remote attackers to cause a denial of service (memory exhaustion) by directly connecting to the SMTP service and sending a certain extended verb request, possibly triggering a buffer overflow in Exchange 2000.
Max CVSS
7.5
EPSS Score
9.16%
Published
2003-11-17
Updated
2020-04-09
The RPC DCOM interface in Windows 2000 SP3 and SP4 allows remote attackers to cause a denial of service (crash), and local attackers to use the DoS to hijack the epmapper pipe to gain privileges, via certain messages to the __RemoteGetClassObject interface that cause a NULL pointer to be passed to the PerformScmStage function.
Max CVSS
7.5
EPSS Score
96.78%
Published
2003-08-27
Updated
2019-04-30
The getCanonicalPath function in Windows NT 4.0 may free memory that it does not own and cause heap corruption, which allows attackers to cause a denial of service (crash) via requests that cause a long file name to be passed to getCanonicalPath, as demonstrated on the IBM JVM using a long string to the java.io.getCanonicalPath Java method.
Max CVSS
5.0
EPSS Score
0.34%
Published
2003-08-27
Updated
2018-10-12
Certain versions of Internet Explorer 5 and 6, in certain Windows environments, allow remote attackers to cause a denial of service (freeze) via a URL to C:\aux (MS-DOS device name) and possibly other devices.
Max CVSS
5.0
EPSS Score
2.70%
Published
2003-08-18
Updated
2021-07-23
Stack-based buffer overflow in Active Directory in Windows 2000 before SP4 allows remote attackers to cause a denial of service (reboot) and possibly execute arbitrary code via an LDAP version 3 search request with a large number of (1) "AND," (2) "OR," and possibly other statements, which causes LSASS.EXE to crash.
Max CVSS
7.5
EPSS Score
6.75%
Published
2003-08-07
Updated
2016-10-18
Microsoft NetMeeting 3.01 2000 before SP4 allows remote attackers to cause a denial of service (shutdown of NetMeeting conference) via malformed packets, as demonstrated via the chat conversation.
Max CVSS
5.0
EPSS Score
2.70%
Published
2003-08-07
Updated
2016-10-18
Buffer overflow in the ShellExecute API function of SHELL32.DLL in Windows 2000 before SP4 may allow attackers to cause a denial of service or execute arbitrary code via a long third argument.
Max CVSS
7.5
EPSS Score
1.68%
Published
2003-08-07
Updated
2016-10-18
Buffer overflow in the HTML Converter (HTML32.cnv) on various Windows operating systems allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via cut-and-paste operation, as demonstrated in Internet Explorer 5.0 using a long "align" argument in an HR tag.
Max CVSS
7.5
EPSS Score
13.03%
Published
2003-08-07
Updated
2018-10-12
Buffer overflow in the SMB capability for Microsoft Windows XP, 2000, and NT allows remote attackers to cause a denial of service and possibly execute arbitrary code via an SMB packet that specifies a smaller buffer length than is required.
Max CVSS
7.5
EPSS Score
32.67%
Published
2003-08-18
Updated
2019-04-30
The IMAP Client for Outlook Express 6.00.2800.1106 allows remote malicious IMAP servers to cause a denial of service (crash) via certain large literal size values that cause either integer signedness errors or integer overflow errors.
Max CVSS
5.0
EPSS Score
0.54%
Published
2003-06-16
Updated
2016-10-18
The IMAP Client for Sylpheed 0.8.11 allows remote malicious IMAP servers to cause a denial of service (crash) via certain large literal size values that cause either integer signedness errors or integer overflow errors.
Max CVSS
5.0
EPSS Score
0.46%
Published
2003-06-16
Updated
2016-10-18
Microsoft SQL Server 7, 2000, and MSDE allows local or remote authenticated users to cause a denial of service (crash or hang) via a long request to a named pipe.
Max CVSS
5.0
EPSS Score
11.46%
Published
2003-08-27
Updated
2018-10-12
The logging capability for unicast and multicast transmissions in the ISAPI extension for Microsoft Windows Media Services in Microsoft Windows NT 4.0 and 2000, nsiislog.dll, allows remote attackers to cause a denial of service in Internet Information Server (IIS) and execute arbitrary code via a certain network request.
Max CVSS
5.0
EPSS Score
95.93%
Published
2003-06-09
Updated
2020-11-13
Microsoft Internet Information Services (IIS) 5.0 and 5.1 allows remote attackers to cause a denial of service via a long WebDAV request with a (1) PROPFIND or (2) SEARCH method, which generates an error condition that is not properly handled.
Max CVSS
5.0
EPSS Score
5.93%
Published
2003-06-09
Updated
2020-11-23
The ASP function Response.AddHeader in Microsoft Internet Information Server (IIS) 4.0 and 5.0 does not limit memory requests when constructing headers, which allow remote attackers to generate a large header to cause a denial of service (memory consumption) with an ASP page.
Max CVSS
5.0
EPSS Score
9.27%
Published
2003-06-09
Updated
2018-10-30
The Winsock Proxy service in Microsoft Proxy Server 2.0 and the Microsoft Firewall service in Internet Security and Acceleration (ISA) Server 2000 allow remote attackers to cause a denial of service (CPU consumption or packet storm) via a spoofed, malformed packet to UDP port 1745.
Max CVSS
5.0
EPSS Score
1.34%
Published
2003-05-05
Updated
2018-10-12
Unknown vulnerability in the DNS intrusion detection application filter for Microsoft Internet Security and Acceleration (ISA) Server 2000 allows remote attackers to cause a denial of service (blocked traffic to DNS servers) via a certain type of incoming DNS request that is not properly handled.
Max CVSS
5.0
EPSS Score
0.50%
Published
2003-03-24
Updated
2018-10-12