Vulnerabilities > Microsoft

DATE CVE VULNERABILITY TITLE RISK
2004-11-03 CVE-2004-0216 Unspecified vulnerability in Microsoft IE and Internet Explorer
Integer overflow in the Install Engine (inseng.dll) for Internet Explorer 5.01, 5.5, and 6 allows remote attackers to execute arbitrary code via a malicious website or HTML email with a long .CAB file name, which triggers the integer overflow when calculating a buffer length and leads to a heap-based buffer overflow.
network
low complexity
microsoft
critical
10.0
2004-11-03 CVE-2004-0211 Unspecified vulnerability in Microsoft Windows 2003 Server R2
The kernel for Microsoft Windows Server 2003 does not reset certain values in CPU data structures, which allows local users to cause a denial of service (system crash) via a malicious program.
local
low complexity
microsoft
2.1
2004-11-03 CVE-2004-0209 Remote Buffer Overflow vulnerability in Microsoft Windows 2000, Windows 2003 Server and Windows XP
Unknown vulnerability in the Graphics Rendering Engine processes of Microsoft Windows 2000, Windows XP, and Windows Server 2003 allows remote attackers to execute arbitrary code via (1) Windows Metafile (WMF) or (2) Enhanced Metafile (EMF) image formats that involve "an unchecked buffer."
network
low complexity
microsoft
critical
10.0
2004-11-03 CVE-2004-0208 Unspecified vulnerability in Microsoft products
The Virtual DOS Machine (VDM) subsystem of Microsoft Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows local users to access kernel memory and gain privileges via a malicious program that modified some system structures in a way that is not properly validated by privileged operating system functions.
local
low complexity
microsoft
7.2
2004-11-03 CVE-2004-0207 Unspecified vulnerability in Microsoft products
"Shatter" style vulnerability in the Window Management application programming interface (API) for Microsoft Windows 98, Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows local users to gain privileges by using certain API functions to change properties of privileged programs using the SetWindowLong and SetWIndowLongPtr API functions.
local
low complexity
microsoft
2.1
2004-11-03 CVE-2004-0206 Remote Buffer Overflow vulnerability in Microsoft Windows NetDDE
Network Dynamic Data Exchange (NetDDE) services for Microsoft Windows 98, Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows attackers to remotely execute arbitrary code or locally gain privileges via a malicious message or application that involves an "unchecked buffer," possibly a buffer overflow.
network
low complexity
microsoft
7.5
2004-11-03 CVE-2003-0718 Unspecified vulnerability in Microsoft products
The WebDAV Message Handler for Internet Information Services (IIS) 5.0, 5.1, and 6.0 allows remote attackers to cause a denial of service (memory and CPU exhaustion, application crash) via a PROPFIND request with an XML message containing XML elements with a large number of attributes.
network
low complexity
microsoft
5.0
2004-10-22 CVE-2004-1623 Denial Of Service vulnerability in Microsoft Windows XP WAV File Handler
The WAV file property handler in Windows XP SP1 allows remote attackers to cause a denial of service (infinite loop in Explorer) via a WAV file with an invalid file header whose fmt chunk length is set to 0xFFFFFFFF.
network
low complexity
microsoft
5.0
2004-09-28 CVE-2004-0573 Unspecified vulnerability in Microsoft products
Buffer overflow in the converter for Microsoft WordPerfect 5.x on Office 2000, Office XP, Office 2003, and Works Suites 2001 through 2004 allows remote attackers to execute arbitrary code via a malicious document or website.
network
low complexity
microsoft
7.5
2004-09-28 CVE-2004-0200 Unspecified vulnerability in Microsoft products
Buffer overflow in the JPEG (JPG) parsing engine in the Microsoft Graphic Device Interface Plus (GDI+) component, GDIPlus.dll, allows remote attackers to execute arbitrary code via a JPEG image with a small JPEG COM field length that is normalized to a large integer length before a memory copy operation.
network
microsoft
critical
9.3