Vulnerabilities > Microsoft
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2003-08-27 | CVE-2003-0525 | Unspecified vulnerability in Microsoft Windows NT 4.0 The getCanonicalPath function in Windows NT 4.0 may free memory that it does not own and cause heap corruption, which allows attackers to cause a denial of service (crash) via requests that cause a long file name to be passed to getCanonicalPath, as demonstrated on the IBM JVM using a long string to the java.io.getCanonicalPath Java method. | 5.0 |
| 2003-08-27 | CVE-2003-0353 | Buffer Overflow vulnerability in Microsoft Data Access Components ODBC Buffer overflow in a component of SQL-DMO for Microsoft Data Access Components (MDAC) 2.5 through 2.7 allows remote attackers to execute arbitrary code via a long response to a broadcast request to UDP port 1434. | 7.5 |
| 2003-08-27 | CVE-2003-0346 | Unspecified vulnerability in Microsoft Directx Multiple integer overflows in a Microsoft Windows DirectX MIDI library (QUARTZ.DLL) allow remote attackers to execute arbitrary code via a MIDI (.mid) file with (1) large length for a Text or Copyright string, or (2) a large number of tracks, which leads to a heap-based buffer overflow. | 7.5 |
| 2003-08-27 | CVE-2003-0232 | Unspecified vulnerability in Microsoft Data Engine and SQL Server Microsoft SQL Server 7, 2000, and MSDE allows local users to execute arbitrary code via a certain request to the Local Procedure Calls (LPC) port that leads to a buffer overflow. | 7.2 |
| 2003-08-27 | CVE-2003-0231 | Unspecified vulnerability in Microsoft Data Engine and SQL Server Microsoft SQL Server 7, 2000, and MSDE allows local or remote authenticated users to cause a denial of service (crash or hang) via a long request to a named pipe. | 5.0 |
| 2003-08-27 | CVE-2003-0230 | Permissions, Privileges, and Access Controls vulnerability in Microsoft Data Engine and SQL Server Microsoft SQL Server 7, 2000, and MSDE allows local users to gain privileges by hijacking a named pipe during the authentication of another user, aka the "Named Pipe Hijacking" vulnerability. | 7.2 |
| 2003-08-18 | CVE-2003-0526 | Unspecified vulnerability in Microsoft ISA Server 2000 Cross-site scripting (XSS) vulnerability in Microsoft Internet Security and Acceleration (ISA) Server 2000 allows remote attackers to inject arbitrary web script via a URL containing the script in the domain name portion, which is not properly cleansed in the default error pages (1) 500.htm for "500 Internal Server error" or (2) 404.htm for "404 Not Found." network microsoft | 6.8 |
| 2003-08-18 | CVE-2003-0519 | Unspecified vulnerability in Microsoft Internet Explorer 5.0/6.0 Certain versions of Internet Explorer 5 and 6, in certain Windows environments, allow remote attackers to cause a denial of service (freeze) via a URL to C:\aux (MS-DOS device name) and possibly other devices. | 5.0 |
| 2003-08-18 | CVE-2003-0496 | Unspecified vulnerability in Microsoft Windows 2000 and Windows 2000 Terminal Services Microsoft SQL Server before Windows 2000 SP4 allows local users to gain privileges as the SQL Server user by calling the xp_fileexist extended stored procedure with a named pipe as an argument instead of a normal file. | 7.2 |
| 2003-08-18 | CVE-2003-0352 | Buffer Overrun vulnerability in Microsoft Windows DCOM RPC Interface Buffer overflow in a certain DCOM interface for RPC in Microsoft Windows NT 4.0, 2000, XP, and Server 2003 allows remote attackers to execute arbitrary code via a malformed message, as exploited by the Blaster/MSblast/LovSAN and Nachi/Welchia worms. | 7.5 |