Vulnerabilities > Microsoft

DATE CVE VULNERABILITY TITLE RISK
2003-06-09 CVE-2003-0306 Local Security vulnerability in Windows XP Gold
Buffer overflow in EXPLORER.EXE on Windows XP allows attackers to execute arbitrary code as the XP user via a desktop.ini file with a long .ShellClassInfo parameter.
local
low complexity
microsoft
7.2
2003-06-09 CVE-2003-0227 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft Windows 2000 and Windows NT
The logging capability for unicast and multicast transmissions in the ISAPI extension for Microsoft Windows Media Services in Microsoft Windows NT 4.0 and 2000, nsiislog.dll, allows remote attackers to cause a denial of service in Internet Information Server (IIS) and execute arbitrary code via a certain network request.
network
low complexity
microsoft CWE-119
5.0
2003-06-09 CVE-2003-0226 Unspecified vulnerability in Microsoft Internet Information Services 5.0
Microsoft Internet Information Services (IIS) 5.0 and 5.1 allows remote attackers to cause a denial of service via a long WebDAV request with a (1) PROPFIND or (2) SEARCH method, which generates an error condition that is not properly handled.
network
low complexity
microsoft
5.0
2003-06-09 CVE-2003-0225 Unspecified vulnerability in Microsoft products
The ASP function Response.AddHeader in Microsoft Internet Information Server (IIS) 4.0 and 5.0 does not limit memory requests when constructing headers, which allow remote attackers to generate a large header to cause a denial of service (memory consumption) with an ASP page.
network
low complexity
microsoft
5.0
2003-06-09 CVE-2003-0224 Unspecified vulnerability in Microsoft Internet Information Services 5.0
Buffer overflow in ssinc.dll for Microsoft Internet Information Services (IIS) 5.0 allows local users to execute arbitrary code via a web page with a Server Side Include (SSI) directive with a long filename, aka "Server Side Include Web Pages Buffer Overrun."
network
low complexity
microsoft
critical
10.0
2003-06-09 CVE-2003-0223 Unspecified vulnerability in Microsoft products
Cross-site scripting vulnerability (XSS) in the ASP function responsible for redirection in Microsoft Internet Information Server (IIS) 4.0, 5.0, and 5.1 allows remote attackers to embed a URL containing script in a redirection message.
network
microsoft
6.8
2003-06-09 CVE-2002-1564 Unspecified vulnerability in Microsoft Internet Explorer 5.01/5.5/6.0
Internet Explorer 5.5 and 6.0 allows remote attackers to steal potentially sensitive information from cookies via a cookie that contains script which is executed when a page is loaded, aka the "Script within Cookies Reading Cookies" vulnerability.
network
low complexity
microsoft
5.0
2003-05-27 CVE-2003-0228 Unspecified vulnerability in Microsoft Windows Media Player 7.1
Directory traversal vulnerability in Microsoft Windows Media Player 7.1 and Windows Media Player for Windows XP allows remote attackers to execute arbitrary code via a skins file with a URL containing hex-encoded backslash characters (%5C) that causes an executable to be placed in an arbitrary location.
network
low complexity
microsoft
7.5
2003-05-12 CVE-2003-0233 Unspecified vulnerability in Microsoft IE and Internet Explorer
Heap-based buffer overflow in plugin.ocx for Internet Explorer 5.01, 5.5 and 6.0 allows remote attackers to execute arbitrary code via the Load() method, a different vulnerability than CVE-2003-0115.
network
low complexity
microsoft
7.5
2003-05-12 CVE-2003-0118 Unspecified vulnerability in Microsoft Biztalk Server 2000/2002
SQL injection vulnerability in the Document Tracking and Administration (DTA) website of Microsoft BizTalk Server 2000 and 2002 allows remote attackers to execute operating system commands via a request to (1) rawdocdata.asp or (2) RawCustomSearchField.asp containing an embedded SQL statement.
network
low complexity
microsoft
7.5