Vulnerabilities > Microsoft
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2005-12-01 | CVE-2005-3945 | Remote Denial of Service vulnerability in Microsoft Windows 2000 and Windows 2003 Server The SynAttackProtect protection in Microsoft Windows 2003 before SP1 and Windows 2000 before SP4 with Update Roll-up uses a hash of predictable data, which allows remote attackers to cause a denial of service (CPU consumption) via a flood of SYN packets that produce identical hash values, which slows down the hash table lookups. | 7.8 |
2005-11-29 | CVE-2005-2124 | Unspecified vulnerability in Microsoft Windows 2000, Windows 2003 Server and Windows XP Unspecified vulnerability in the Graphics Rendering Engine (GDI32.DLL) in Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1, related to "An unchecked buffer" and possibly buffer overflows, allows remote attackers to execute arbitrary code via a crafted Windows Metafile (WMF) format image, aka "Windows Metafile Vulnerability." | 7.6 |
2005-11-29 | CVE-2005-2123 | Unspecified vulnerability in Microsoft Windows 2000, Windows 2003 Server and Windows XP Multiple integer overflows in the Graphics Rendering Engine (GDI32.DLL) in Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allow remote attackers to execute arbitrary code via crafted Windows Metafile (WMF) and Enhanced Metafile (EMF) format images that lead to heap-based buffer overflows, as demonstrated using MRBP16::bCheckRecord. | 7.5 |
2005-11-18 | CVE-2005-2940 | Unspecified vulnerability in Microsoft Antispyware 1.0.509 Unquoted Windows search path vulnerability in Microsoft Antispyware 1.0.509 (Beta 1) might allow local users to gain privileges via a malicious "program.exe" file in the C: folder, involving the programs (1) GIANTAntiSpywareMain.exe, (2) gcASNotice.exe, (3) gcasServ.exe, (4) gcasSWUpdater.exe, or (5) GIANTAntiSpywareUpdater.exe. | 7.2 |
2005-11-17 | CVE-2005-3644 | Resource Management Errors vulnerability in Microsoft Windows 2000 and Windows XP PNP_GetDeviceList (upnp_getdevicelist) in UPnP for Microsoft Windows 2000 SP4 and earlier, and possibly Windows XP SP1 and earlier, allows remote attackers to cause a denial of service (memory consumption) via a DCE RPC request that specifies a large output buffer size, a variant of CVE-2006-6296, and a different vulnerability than CVE-2005-2120. | 7.8 |
2005-11-16 | CVE-2005-3595 | Unspecified vulnerability in Microsoft Windows XP Ibmoemversion By default Microsoft Windows XP Home Edition installs with a blank password for the Administrator account, which allows remote attackers to gain control of the computer. | 10.0 |
2005-11-03 | CVE-2005-3483 | Buffer Errors vulnerability in Graphon Go-Global 3.1.0.3270 Buffer overflow in GO-Global for Windows 3.1.0.3270 and earlier allows remote attackers to execute arbitrary code via a data block that is longer than the specified data block size. | 7.5 |
2005-10-26 | CVE-2005-3312 | Unspecified vulnerability in Microsoft Internet Explorer 6.0 The HTML rendering engine in Microsoft Internet Explorer 6.0 allows remote attackers to conduct cross-site scripting (XSS) attacks via HTML in corrupted images and other files such as .GIF, JPG, and WAV, which is rendered as HTML when the user clicks on the link, even though the web server response and file extension indicate that it should be treated as a different file type. network microsoft | 4.3 |
2005-10-21 | CVE-2005-2126 | Unspecified vulnerability in Microsoft products The FTP client in Windows XP SP1 and Server 2003, and Internet Explorer 6 SP1 on Windows 2000 SP4, when "Enable Folder View for FTP Sites" is enabled and the user manually initiates a file transfer, allows user-assisted, remote FTP servers to overwrite files in arbitrary locations via crafted filenames. | 2.6 |
2005-10-21 | CVE-2005-2122 | Remote Code Execution vulnerability in Microsoft Windows 2000, Windows 2003 Server and Windows XP Windows Shell for Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 allows remote attackers to execute arbitrary commands via a shortcut (.lnk) file with long font properties that lead to a buffer overflow in the Client/Server Runtime Server Subsystem (CSRSS), a different vulnerability than CVE-2005-2118. | 10.0 |