CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Microsoft » Windows Server 2003 » SP2 X64 : Security Vulnerabilities (Overflow)

Cpe Name:cpe:/o:microsoft:windows_server_2003::sp2:x64
Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2013-3878 119 Overflow +Priv 2013-12-10 2018-10-12
6.9
None Local Medium Not required Complete Complete Complete
Stack-based buffer overflow in the LRPC client in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows local users to gain privileges by operating an LRPC server that sends a crafted LPC port message, aka "LRPC Client Buffer Overrun Vulnerability."
2 CVE-2013-3863 119 Exec Code Overflow 2013-09-11 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allow remote attackers to execute arbitrary code via a crafted OLE object in a file, aka "OLE Property Vulnerability."
3 CVE-2013-3195 399 Exec Code Overflow 2013-10-09 2018-10-12
10.0
None Remote Low Not required Complete Complete Complete
The DSA_InsertItem function in Comctl32.dll in the Windows common control library in Microsoft Windows XP SP2, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly allocate memory, which allows remote attackers to execute arbitrary code via a crafted value in an argument to an ASP.NET web application, aka "Comctl32 Integer Overflow Vulnerability."
4 CVE-2013-3181 119 Exec Code Overflow Mem. Corr. 2013-08-14 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
usp10.dll in the Unicode Scripts Processor in Microsoft Windows XP SP2 and SP3 and Windows Server 2003 SP2 allows remote attackers to execute arbitrary code via a crafted OpenType font, aka "Uniscribe Font Parsing Engine Memory Corruption Vulnerability."
5 CVE-2013-3173 119 Overflow +Priv 2013-07-09 2018-10-12
7.2
None Local Low Not required Complete Complete Complete
Buffer overflow in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application that leverages improper handling of objects in memory, aka "Win32k Buffer Overwrite Vulnerability."
6 CVE-2013-3172 119 DoS Overflow 2013-07-09 2018-10-12
4.9
None Local Low Not required None None Complete
Buffer overflow in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows local users to cause a denial of service (system hang) via a crafted application that leverages improper handling of objects in memory, aka "Win32k Buffer Overflow Vulnerability."
7 CVE-2013-1334 119 Overflow +Priv 2013-05-14 2018-10-12
7.2
None Local Low Not required Complete Complete Complete
win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "Win32k Window Handle Vulnerability."
8 CVE-2013-1295 119 Overflow +Priv Mem. Corr. 2013-04-09 2018-10-12
7.2
None Local Low Not required Complete Complete Complete
The Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP2, and Server 2008 SP2 does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "CSRSS Memory Corruption Vulnerability."
9 CVE-2012-2897 119 Exec Code Overflow 2012-09-26 2018-10-30
10.0
None Remote Low Not required Complete Complete Complete
The kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT, as used by Google Chrome before 22.0.1229.79 and other programs, do not properly handle objects in memory, which allows remote attackers to execute arbitrary code via a crafted TrueType font file, aka "Windows Font Parsing Vulnerability" or "TrueType Font Parsing Vulnerability."
10 CVE-2012-2529 189 Overflow +Priv 2012-10-09 2018-10-12
7.2
None Local Low Not required Complete Complete Complete
Integer overflow in the kernel in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages improper handling of objects in memory, aka "Windows Kernel Integer Overflow Vulnerability."
11 CVE-2012-1867 399 Overflow +Priv 2012-06-12 2018-10-30
7.2
None Local Low Not required Complete Complete Complete
Integer overflow in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted TrueType font file that triggers incorrect memory allocation, aka "Font Resource Refcount Integer Overflow Vulnerability."
12 CVE-2012-1528 189 Overflow +Priv 2012-11-13 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Integer overflow in Windows Shell in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 allows local users to gain privileges via a crafted briefcase, aka "Windows Briefcase Integer Overflow Vulnerability."
13 CVE-2011-3406 119 Exec Code Overflow 2011-12-13 2018-10-30
9.0
None Remote Low Single system Complete Complete Complete
Buffer overflow in Active Directory, Active Directory Application Mode (ADAM), and Active Directory Lightweight Directory Service (AD LDS) in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote authenticated users to execute arbitrary code via a crafted query that leverages incorrect memory initialization, aka "Active Directory Buffer Overflow Vulnerability."
14 CVE-2011-2003 119 Exec Code Overflow 2011-10-11 2018-10-30
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted .fon file, aka "Font Library File Buffer Overrun Vulnerability."
15 CVE-2011-1970 119 DoS Overflow Mem. Corr. 2011-08-10 2018-10-12
5.0
None Remote Low Not required None None Partial
The DNS server in Microsoft Windows Server 2003 SP2 and Windows Server 2008 SP2, R2, and R2 SP1 does not properly initialize memory, which allows remote attackers to cause a denial of service (service outage) via a query for a nonexistent domain, aka "DNS Uninitialized Memory Corruption Vulnerability."
16 CVE-2011-1870 189 DoS Overflow +Priv Mem. Corr. 2011-07-13 2018-10-12
7.2
None Local Low Not required Complete Complete Complete
Integer overflow in the Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, and Windows Server 2003 SP2, allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application that triggers an incorrect memory assignment for a user transaction, aka "CSRSS Local EOP SrvWriteConsoleOutputString Vulnerability."
17 CVE-2011-1868 119 Exec Code Overflow Mem. Corr. 2011-06-16 2018-10-12
10.0
None Remote Low Not required Complete Complete Complete
The Distributed File System (DFS) implementation in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly validate fields in DFS responses, which allows remote DFS servers to execute arbitrary code via a crafted response, aka "DFS Memory Corruption Vulnerability."
18 CVE-2011-1284 189 DoS Overflow +Priv Mem. Corr. 2011-07-13 2018-10-30
7.2
None Local Low Not required Complete Complete Complete
Integer overflow in the Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application that triggers an incorrect memory assignment for a user transaction, aka "CSRSS Local EOP SrvWriteConsoleOutput Vulnerability."
19 CVE-2011-1283 119 DoS Overflow +Priv Mem. Corr. 2011-07-13 2018-10-12
7.2
None Local Low Not required Complete Complete Complete
The Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, and Windows Server 2008 Gold and SP2 does not ensure that an unspecified array index has a non-negative value before performing read and write operations, which allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application that triggers an incorrect memory assignment for a user transaction, aka "CSRSS Local EOP SrvSetConsoleNumberOfCommand Vulnerability."
20 CVE-2011-1282 119 DoS Overflow +Priv Mem. Corr. 2011-07-13 2018-10-30
7.2
None Local Low Not required Complete Complete Complete
The Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly initialize memory and consequently uses a NULL pointer in an unspecified function call, which allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application that triggers an incorrect memory assignment for a user transaction, aka "CSRSS Local EOP SrvSetConsoleLocalEUDC Vulnerability."
21 CVE-2011-1281 119 DoS Overflow +Priv Mem. Corr. 2011-07-13 2018-10-30
7.2
None Local Low Not required Complete Complete Complete
The Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly restrict the number of console objects for a process, which allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application that triggers an incorrect memory assignment for a user transaction, aka "CSRSS Local EOP AllocConsole Vulnerability."
22 CVE-2011-0654 119 1 DoS Exec Code Overflow 2011-02-15 2018-10-12
10.0
None Remote Low Not required Complete Complete Complete
Integer underflow in the BowserWriteErrorLogEntry function in the Common Internet File System (CIFS) browser service in Mrxsmb.sys or bowser.sys in Active Directory in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code or cause a denial of service (system crash) via a malformed BROWSER ELECTION message, leading to a heap-based buffer overflow, aka "Browser Pool Corruption Vulnerability." NOTE: some of these details are obtained from third party information.
23 CVE-2011-0041 189 Exec Code Overflow 2011-04-13 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Integer overflow in gdiplus.dll in GDI+ in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold and SP2, and Office XP SP3 allows remote attackers to execute arbitrary code via a crafted EMF image, aka "GDI+ Integer Overflow Vulnerability."
24 CVE-2011-0034 119 Exec Code Overflow 2011-04-13 2018-10-30
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in the OpenType Compact Font Format (aka OTF or CFF) driver in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via crafted parameter values in an OpenType font, aka "OpenType Font Stack Overflow Vulnerability."
25 CVE-2010-3974 119 Exec Code Overflow Mem. Corr. 2011-04-13 2018-10-30
7.6
None Remote High Not required Complete Complete Complete
fxscover.exe in the Fax Cover Page Editor in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly parse FAX cover pages, which allows remote attackers to execute arbitrary code via a crafted .cov file, aka "Fax Cover Page Editor Memory Corruption Vulnerability."
26 CVE-2010-3970 119 1 Exec Code Overflow 2010-12-22 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in the CreateSizedDIBSECTION function in shimgvw.dll in the Windows Shell graphics processor (aka graphics rendering engine) in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a crafted .MIC or unspecified Office document containing a thumbnail bitmap with a negative biClrUsed value, as reported by Moti and Xu Hao, aka "Windows Shell Graphics Processing Overrun Vulnerability."
27 CVE-2010-3963 119 Overflow +Priv 2010-12-16 2018-10-12
7.2
None Local Low Not required Complete Complete Complete
Buffer overflow in the Routing and Remote Access NDProxy component in the kernel in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows local users to gain privileges via a crafted application, related to the Routing and Remote Access service (RRAS) and improper copying from user mode to the kernel, aka "Kernel NDProxy Buffer Overflow Vulnerability."
28 CVE-2010-3942 119 Overflow +Priv 2010-12-16 2018-10-30
7.2
None Local Low Not required Complete Complete Complete
win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly allocate memory for copies from user mode, which allows local users to gain privileges via a crafted application, aka "Win32k WriteAV Vulnerability."
29 CVE-2010-3939 119 Overflow +Priv 2010-12-16 2018-10-30
7.2
None Local Low Not required Complete Complete Complete
Buffer overflow in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges via vectors related to improper memory allocation for copies from user mode, aka "Win32k Buffer Overflow Vulnerability."
30 CVE-2010-3222 119 Overflow +Priv 2010-10-13 2018-10-12
7.2
None Local Low Not required Complete Complete Complete
Stack-based buffer overflow in the Remote Procedure Call Subsystem (RPCSS) in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows local users to gain privileges via a crafted LPC message that requests an LRPC connection from an LPC server to a client, aka "LPC Message Buffer Overrun Vulnerability."
31 CVE-2010-2746 119 Exec Code Overflow 2010-10-13 2018-10-30
7.6
None Remote High Not required Complete Complete Complete
Heap-based buffer overflow in Comctl32.dll (aka the common control library) in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7, when a third-party SVG viewer is used, allows remote attackers to execute arbitrary code via a crafted HTML document that triggers unspecified messages from this viewer, aka "Comctl32 Heap Overflow Vulnerability."
32 CVE-2010-2550 20 Exec Code Overflow 2010-08-11 2018-10-30
10.0
Admin Remote Low Not required Complete Complete Complete
The SMB Server in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate fields in an SMB request, which allows remote attackers to execute arbitrary code via a crafted SMB packet, aka "SMB Pool Overflow Vulnerability."
33 CVE-2010-1895 264 Overflow +Priv 2010-08-11 2018-10-12
7.2
Admin Local Low Not required Complete Complete Complete
The Windows kernel-mode drivers in win32k.sys in Microsoft Windows XP SP2 and SP3, and Windows Server 2003 SP2, do not properly perform memory allocation before copying user-mode data to kernel mode, which allows local users to gain privileges via a crafted application, aka "Win32k Pool Overflow Vulnerability."
34 CVE-2010-1883 189 Exec Code Overflow 2010-10-13 2018-10-30
9.3
Admin Remote Medium Not required Complete Complete Complete
Integer overflow in the Embedded OpenType (EOT) Font Engine in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows remote attackers to execute arbitrary code via a crafted table in an embedded font, aka "Embedded OpenType Font Integer Overflow Vulnerability."
35 CVE-2010-1882 119 Exec Code Overflow 2010-08-11 2018-10-12
9.3
Admin Remote Medium Not required Complete Complete Complete
Multiple buffer overflows in the MPEG Layer-3 Audio Codec for Microsoft DirectShow in l3codecx.ax in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allow remote attackers to execute arbitrary code via an MPEG Layer-3 audio stream in (1) a crafted media file or (2) crafted streaming content, aka "MPEG Layer-3 Audio Decoder Buffer Overflow Vulnerability."
36 CVE-2010-0917 119 Exec Code Overflow 2010-03-03 2017-08-16
7.6
None Remote High Not required Complete Complete Complete
Stack-based buffer overflow in VBScript in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2, when Internet Explorer is used, might allow user-assisted remote attackers to execute arbitrary code via a long string in the fourth argument (aka helpfile argument) to the MsgBox function, leading to code execution when the F1 key is pressed, a different vulnerability than CVE-2010-0483.
37 CVE-2010-0820 119 Exec Code Overflow 2010-09-15 2018-10-30
9.0
None Remote Low Single system Complete Complete Complete
Heap-based buffer overflow in the Local Security Authority Subsystem Service (LSASS), as used in Active Directory in Microsoft Windows Server 2003 SP2 and Windows Server 2008 Gold, SP2, and R2; Active Directory Application Mode (ADAM) in Windows XP SP2 and SP3 and Windows Server 2003 SP2; and Active Directory Lightweight Directory Service (AD LDS) in Windows Vista SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7, allows remote authenticated users to execute arbitrary code via malformed LDAP messages, aka "LSASS Heap Overflow Vulnerability."
38 CVE-2010-0480 119 Exec Code Overflow 2010-04-14 2018-10-30
9.3
None Remote Medium Not required Complete Complete Complete
Multiple stack-based buffer overflows in the MPEG Layer-3 audio codecs in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allow remote attackers to execute arbitrary code via a crafted AVI file, aka "MPEG Layer-3 Audio Decoder Stack Overflow Vulnerability."
39 CVE-2010-0028 189 Exec Code Overflow 2010-02-10 2018-10-12
9.3
Admin Remote Medium Not required Complete Complete Complete
Integer overflow in Microsoft Paint in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to execute arbitrary code via a crafted JPEG (.JPG) file, aka "MS Paint Integer Overflow Vulnerability."
40 CVE-2009-2511 189 Overflow 2009-10-14 2018-10-30
7.5
None Remote Low Not required Partial Partial Partial
Integer overflow in the CryptoAPI component in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows man-in-the-middle attackers to spoof arbitrary SSL servers and other entities via an X.509 certificate that has a malformed ASN.1 Object Identifier (OID) and was issued by a legitimate Certification Authority, aka "Integer Overflow in X.509 Object Identifiers Vulnerability."
41 CVE-2009-2506 189 Exec Code Overflow 2009-12-09 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Integer overflow in the text converters in Microsoft Office Word 2002 SP3 and 2003 SP3; Works 8.5; Office Converter Pack; and WordPad in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to execute arbitrary code via a DOC file with an invalid number of property names in the DocumentSummaryInformation stream, which triggers a heap-based buffer overflow.
42 CVE-2009-1133 119 Exec Code Overflow 2009-08-12 2018-10-12
9.3
Admin Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in Microsoft Remote Desktop Connection (formerly Terminal Services Client) running RDP 5.0 through 6.1 on Windows, and Remote Desktop Connection Client for Mac 2.0, allows remote attackers to execute arbitrary code via unspecified parameters, aka "Remote Desktop Connection Heap Overflow Vulnerability."
43 CVE-2009-0232 189 Exec Code Overflow 2009-07-15 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Integer overflow in the Embedded OpenType (EOT) Font Engine in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a crafted name table, aka "Embedded OpenType Font Integer Overflow Vulnerability."
44 CVE-2009-0231 119 Exec Code Overflow 2009-07-15 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
The Embedded OpenType (EOT) Font Engine (T2EMBED.DLL) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a crafted name table in a data record that triggers an integer truncation and a heap-based buffer overflow, aka "Embedded OpenType Font Heap Overflow Vulnerability."
45 CVE-2008-4834 119 Exec Code Overflow 2009-01-14 2018-10-12
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in SMB in the Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via malformed values of unspecified "fields inside the SMB packets" in an NT Trans request, aka "SMB Buffer Overflow Remote Code Execution Vulnerability."
46 CVE-2008-4250 94 Exec Code Overflow 2008-10-23 2018-10-12
10.0
Admin Remote Low Not required Complete Complete Complete
The Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, and 7 Pre-Beta allows remote attackers to execute arbitrary code via a crafted RPC request that triggers the overflow during path canonicalization, as exploited in the wild by Gimmiv.A in October 2008, aka "Server Service Vulnerability."
47 CVE-2008-4038 119 Exec Code Overflow 2008-10-14 2018-10-12
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer underflow in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to execute arbitrary code via a Server Message Block (SMB) request that contains a filename with a crafted length, aka "SMB Buffer Underflow Vulnerability."
48 CVE-2008-4036 189 Overflow +Priv 2008-10-14 2018-10-12
7.2
None Local Low Not required Complete Complete Complete
Integer overflow in Memory Manager in Microsoft Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows local users to gain privileges via a crafted application that triggers an erroneous decrement of a variable, related to validation of parameters for Virtual Address Descriptors (VADs) and a "memory allocation mapping error," aka "Virtual Address Descriptor Elevation of Privilege Vulnerability."
Total number of vulnerabilities : 48   Page : 1 (This Page)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.