Vulnerabilities > Microsoft
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2003-08-18 | CVE-2003-0526 | Unspecified vulnerability in Microsoft ISA Server 2000 Cross-site scripting (XSS) vulnerability in Microsoft Internet Security and Acceleration (ISA) Server 2000 allows remote attackers to inject arbitrary web script via a URL containing the script in the domain name portion, which is not properly cleansed in the default error pages (1) 500.htm for "500 Internal Server error" or (2) 404.htm for "404 Not Found." network microsoft | 6.8 |
| 2003-08-18 | CVE-2003-0519 | Unspecified vulnerability in Microsoft Internet Explorer 5.0/6.0 Certain versions of Internet Explorer 5 and 6, in certain Windows environments, allow remote attackers to cause a denial of service (freeze) via a URL to C:\aux (MS-DOS device name) and possibly other devices. | 5.0 |
| 2003-08-18 | CVE-2003-0496 | Unspecified vulnerability in Microsoft Windows 2000 and Windows 2000 Terminal Services Microsoft SQL Server before Windows 2000 SP4 allows local users to gain privileges as the SQL Server user by calling the xp_fileexist extended stored procedure with a named pipe as an argument instead of a normal file. | 7.2 |
| 2003-08-18 | CVE-2003-0352 | Buffer Overrun vulnerability in Microsoft Windows DCOM RPC Interface Buffer overflow in a certain DCOM interface for RPC in Microsoft Windows NT 4.0, 2000, XP, and Server 2003 allows remote attackers to execute arbitrary code via a malformed message, as exploited by the Blaster/MSblast/LovSAN and Nachi/Welchia worms. | 7.5 |
| 2003-08-18 | CVE-2003-0350 | Privilege Escalation vulnerability in Microsoft Windows Accessibility Utility Manager The control for listing accessibility options in the Accessibility Utility Manager on Windows 2000 (ListView) does not properly handle Windows messages, which allows local users to execute arbitrary code via a "Shatter" style message to the Utility Manager that references a user-controlled callback function. | 4.6 |
| 2003-08-18 | CVE-2003-0345 | Buffer Overflow vulnerability in Microsoft Windows 2000, Windows NT and Windows XP Buffer overflow in the SMB capability for Microsoft Windows XP, 2000, and NT allows remote attackers to cause a denial of service and possibly execute arbitrary code via an SMB packet that specifies a smaller buffer length than is required. | 7.5 |
| 2003-08-18 | CVE-2001-1410 | Unspecified vulnerability in Microsoft Internet Explorer 5.5/6.0 Internet Explorer 6 and earlier allows remote attackers to create chromeless windows using the Javascript window.createPopup method, which could allow attackers to simulate a victim's display and conduct unauthorized activities or steal sensitive data via social engineering. | 5.0 |
| 2003-08-07 | CVE-2003-0507 | Remote Stack Overflow vulnerability in Microsoft Windows 2000 Active Directory Stack-based buffer overflow in Active Directory in Windows 2000 before SP4 allows remote attackers to cause a denial of service (reboot) and possibly execute arbitrary code via an LDAP version 3 search request with a large number of (1) "AND," (2) "OR," and possibly other statements, which causes LSASS.EXE to crash. | 7.5 |
| 2003-08-07 | CVE-2003-0506 | Denial-Of-Service vulnerability in Microsoft Netmeeting 3.0.1 Microsoft NetMeeting 3.01 2000 before SP4 allows remote attackers to cause a denial of service (shutdown of NetMeeting conference) via malformed packets, as demonstrated via the chat conversation. | 5.0 |
| 2003-08-07 | CVE-2003-0505 | Directory Traversal vulnerability in Microsoft Netmeeting 3.0.1 Directory traversal vulnerability in Microsoft NetMeeting 3.01 2000 before SP4 allows remote attackers to read arbitrary files via "..\.." (dot dot) sequences in a file transfer request. | 5.0 |