Microsoft Internet Explorer 5.22, and other 5 through 6 SP1 versions, sends Referer headers containing https:// URLs in requests for http:// URLs, which allows remote attackers to obtain potentially sensitive information by reading Referer log data.
Source: MITRE
Max CVSS
5.0
EPSS Score
2.44%
Published
2003-12-31
Updated
2021-07-23
Unrestricted critical resource lock in Terminal Services for Windows 2000 before SP4 and Windows XP allows remote authenticated users to cause a denial of service (reboot) by obtaining a read lock on msgina.dll, which prevents msgina.dll from being loaded.
Source: MITRE
Max CVSS
6.8
EPSS Score
1.07%
Published
2003-12-31
Updated
2017-08-08
Microsoft Internet Explorer 6.0 allows remote attackers to cause a denial of service (crash) by creating a web page or HTML e-mail with a textarea in a div element whose scrollbar-base-color is modified by a CSS style, which is then moved.
Source: MITRE
Max CVSS
4.3
EPSS Score
11.09%
Published
2003-12-31
Updated
2021-07-23
Microsoft Internet Explorer 6.0 SP1 allows remote attackers to cause a denial of service (crash) by creating a DHTML link that uses the AnchorClick "A" object with a blank href attribute.
Source: MITRE
Max CVSS
4.3
EPSS Score
4.04%
Published
2003-12-31
Updated
2017-07-29
The backup configuration file for Microsoft MN-500 wireless base station stores administrative passwords in plaintext, which allows local users to gain access.
Source: MITRE
Max CVSS
4.6
EPSS Score
0.04%
Published
2003-12-31
Updated
2008-09-05
Memory leak in the Windows 2000 kernel allows remote attackers to cause a denial of service (SMB request hang) via a NetBIOS continuation packet.
Source: MITRE
Max CVSS
7.8
EPSS Score
11.95%
Published
2003-12-31
Updated
2019-04-30
Buffer overflow in cmd.exe in Windows NT 4.0 may allow local users to execute arbitrary code via a long pathname argument to the cd command.
Source: MITRE
Max CVSS
7.2
EPSS Score
0.05%
Published
2003-12-31
Updated
2017-07-29
CryptoBuddy 1.0 and 1.2 does not use the user-supplied passphrase to encrypt data, which could allow local users to use their own passphrase to decrypt the data.
Source: MITRE
Max CVSS
6.6
EPSS Score
0.04%
Published
2003-12-31
Updated
2017-07-29
Microsoft Outlook Express 6.0 and Outlook 2000, with the security zone set to Internet Zone, allows remote attackers to execute arbitrary programs via an HTML email with the CODEBASE parameter set to the program, a vulnerability similar to CAN-2002-0077.
Source: MITRE
Max CVSS
8.8
EPSS Score
24.31%
Published
2003-12-31
Updated
2017-07-29
The showHelp() function in Microsoft Internet Explorer 5.01, 5.5, and 6.0 supports certain types of pluggable protocols that allow remote attackers to bypass the cross-domain security model and execute arbitrary code, aka "Improper Cross Domain Security Validation with ShowHelp functionality."
Source: MITRE
Max CVSS
7.5
EPSS Score
9.22%
Published
2003-02-19
Updated
2021-07-23
Microsoft Internet Explorer 5.5 and 6.0 allows remote attackers to bypass the cross-domain security model to run malicious script or arbitrary programs via dialog boxes, aka "Improper Cross Domain Security Validation with dialog box."
Source: MITRE
Max CVSS
7.5
EPSS Score
0.68%
Published
2003-02-19
Updated
2021-07-23
Pocket Internet Explorer (PIE) 3.0 allows remote attackers to cause a denial of service (crash) via a Javascript function that uses the object.innerHTML function to recursively call that function.
Source: MITRE
Max CVSS
5.0
EPSS Score
8.16%
Published
2003-12-31
Updated
2008-09-05
The DHTML capability in Microsoft Windows Media Player (WMP) 6.4, 7.0, 7.1, and 9 may run certain URL commands from a security zone that is less trusted than the current zone, which allows attackers to bypass intended access restrictions.
Source: MITRE
Max CVSS
5.1
EPSS Score
0.80%
Published
2003-12-31
Updated
2017-07-11
Unknown vulnerability in Internet Explorer 5.01 SP3 through 6.0 SP1 allows remote attackers to cause a denial of service (browser or Outlook Express crash) via HTML with certain input tags that are not properly rendered.
Source: MITRE
Max CVSS
2.6
EPSS Score
1.56%
Published
2003-12-31
Updated
2021-07-23
"Shatter" vulnerability in CommCtl32.dll in Windows XP may allow local users to execute arbitrary code by sending (1) BCM_GETTEXTMARGIN or (2) BCM_SETTEXTMARGIN button control messages to privileged applications.
Source: MITRE
Max CVSS
4.6
EPSS Score
0.04%
Published
2003-11-17
Updated
2017-07-11
Directory traversal vulnerability in the "Shell Folders" capability in Microsoft Windows Server 2003 allows remote attackers to read arbitrary files via .. (dot dot) sequences in a "shell:" link.
Source: MITRE
Max CVSS
5.0
EPSS Score
34.78%
Published
2003-11-17
Updated
2016-10-18
Internet Explorer allows remote attackers to bypass zone restrictions to inject and execute arbitrary programs by creating a popup window and inserting ActiveX object code with a "data" tag pointing to the malicious code, which Internet Explorer treats as HTML or Javascript, but later executes as an HTA application, a different vulnerability than CVE-2003-0532, and as exploited using the QHosts Trojan horse (aka Trojan.Qhosts, QHosts-1, VBS.QHOSTS, or aolfix.exe).
Source: MITRE
Max CVSS
7.5
EPSS Score
95.04%
Published
2003-11-17
Updated
2021-07-23
Unknown vulnerability in the SmartHTML interpreter (shtml.dll) in Microsoft FrontPage Server Extensions 2000 and 2002, and Microsoft SharePoint Team Services 2002, allows remote attackers to cause a denial of service (response failure) via a certain request.
Source: MITRE
Max CVSS
5.0
EPSS Score
41.64%
Published
2003-12-15
Updated
2019-04-30

CVE-2003-0822

Public exploit
Buffer overflow in the debug functionality in fp30reg.dll of Microsoft FrontPage Server Extensions (FPSE) 2000 and 2002 allows remote attackers to execute arbitrary code via a crafted chunked encoded request.
Source: MITRE
Max CVSS
7.5
EPSS Score
97.10%
Published
2003-12-15
Updated
2019-04-30
Microsoft Excel 97, 2000, and 2002 allows remote attackers to execute arbitrary code via a spreadsheet with a malicious XLM (Excel 4) macro that bypasses the macro security model.
Source: MITRE
Max CVSS
7.5
EPSS Score
28.09%
Published
2003-12-15
Updated
2018-10-12
Microsoft Word 97, 98(J), 2000, and 2002, and Microsoft Works Suites 2001 through 2004, do not properly check the length of the "Macro names" data value, which could allow remote attackers to execute arbitrary code via a buffer overflow attack.
Source: MITRE
Max CVSS
7.5
EPSS Score
10.46%
Published
2003-12-15
Updated
2018-10-12
A multi-threaded race condition in the Windows RPC DCOM functionality with the MS03-039 patch installed allows remote attackers to cause a denial of service (crash or reboot) by causing two threads to process the same RPC request, which causes one thread to use memory after it has been freed, a different vulnerability than CVE-2003-0352 (Blaster/Nachi), CVE-2003-0715, and CVE-2003-0528, and as demonstrated by certain exploits against those vulnerabilities.
Source: MITRE
Max CVSS
5.1
EPSS Score
60.83%
Published
2003-11-17
Updated
2024-02-15

CVE-2003-0812

Public exploit
Stack-based buffer overflow in a logging function for Windows Workstation Service (WKSSVC.DLL) allows remote attackers to execute arbitrary code via RPC calls that cause long entries to be written to a debug log file ("NetSetup.LOG"), as demonstrated using the NetAddAlternateComputerName API.
Source: MITRE
Max CVSS
7.5
EPSS Score
96.90%
Published
2003-12-15
Updated
2019-04-30
Internet Explorer 5.01 through 6.0 does not properly handle object tags returned from a Web server during XML data binding, which allows remote attackers to execute arbitrary code via an HTML e-mail message or web page.
Source: MITRE
Max CVSS
7.5
EPSS Score
94.30%
Published
2003-11-17
Updated
2021-07-23
Microsoft ASP.Net 1.1 allows remote attackers to bypass the Cross-Site Scripting (XSS) and Script Injection protection feature via a null character in the beginning of a tag name.
Source: MITRE
Max CVSS
6.8
EPSS Score
95.10%
Published
2003-09-22
Updated
2016-10-18
100 vulnerabilities found
1 2 3 4
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!