Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2005-05-02 | CVE-2005-0050 | Improper Input Validation vulnerability in Microsoft Windows 2000, Windows 2003 Server and Windows NT The License Logging service for Windows NT Server, Windows 2000 Server, and Windows Server 2003 does not properly validate the length of messages, which leads to an "unchecked buffer" and allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, aka the "License Logging Service Vulnerability." | 10.0 |
| 2005-05-02 | CVE-2005-0049 | Unspecified vulnerability in Microsoft Sharepoint Portal Server and Sharepoint Team Services Windows SharePoint Services and SharePoint Team Services for Windows Server 2003 does not properly validate an HTTP redirection query, which allows remote attackers to inject arbitrary HTML and web script via a cross-site scripting (XSS) attack, or to spoof the web cache. network microsoft | 4.3 |
| 2005-05-02 | CVE-2005-0048 | Unspecified vulnerability in Microsoft Windows 2000 and Windows XP Microsoft Windows XP SP2 and earlier, 2000 SP3 and SP4, Server 2003, and older operating systems allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted IP packets with malformed options, aka the "IP Validation Vulnerability." | 7.5 |
| 2005-05-02 | CVE-2005-0047 | Unspecified vulnerability in Microsoft Windows 2000, Windows 2003 Server and Windows XP Windows 2000, XP, and Server 2003 does not properly "validate the use of memory regions" for COM structured storage files, which allows attackers to execute arbitrary code, aka the "COM Structured Storage Vulnerability." | 7.2 |
| 2005-05-02 | CVE-2005-0045 | Remote Buffer Overflow vulnerability in Microsoft Windows Server Message Block Handlers The Server Message Block (SMB) implementation for Windows NT 4.0, 2000, XP, and Server 2003 does not properly validate certain SMB packets, which allows remote attackers to execute arbitrary code via Transaction responses containing (1) Trans or (2) Trans2 commands, aka the "Server Message Block Vulnerability," and as demonstrated using Trans2 FIND_FIRST2 responses with large file name length fields. | 7.5 |
| 2005-05-02 | CVE-2005-0044 | Unspecified vulnerability in Microsoft products The OLE component in Windows 98, 2000, XP, and Server 2003, and Exchange Server 5.0 through 2003, does not properly validate the lengths of messages for certain OLE data, which allows remote attackers to execute arbitrary code, aka the "Input Validation Vulnerability." | 7.5 |
| 2005-05-02 | CVE-2005-0043 | Buffer Overflow vulnerability in Apple Itunes 4.7 Buffer overflow in Apple iTunes 4.7 allows remote attackers to execute arbitrary code via a long URL in (1) .m3u or (2) .pls playlist files. | 7.5 |
| 2005-05-02 | CVE-2005-0035 | Information Disclosure vulnerability in Adobe Acrobat Reader ActiveX Control LoadFile The Acrobat web control in Adobe Acrobat and Acrobat Reader 7.0 and earlier, when used with Internet Explorer, allows remote attackers to determine the existence of arbitrary files via the LoadFile ActiveX method. | 5.1 |
| 2005-05-02 | CVE-2005-0034 | Remote Denial Of Service vulnerability in ISC Bind 9.3.0 An "incorrect assumption" in the authvalidated validator function in BIND 9.3.0, when DNSSEC is enabled, allows remote attackers to cause a denial of service (named server exit) via crafted DNS packets that cause an internal consistency test (self-check) to fail. network isc | 4.3 |
| 2005-05-02 | CVE-2005-0033 | Remote Buffer Overflow vulnerability in ISC Bind 8.4.4/8.4.5 Buffer overflow in the code for recursion and glue fetching in BIND 8.4.4 and 8.4.5 allows remote attackers to cause a denial of service (crash) via queries that trigger the overflow in the q_usedns array that tracks nameservers and addresses. | 5.0 |