Vulnerabilities > Microsoft > Critical

DATE CVE VULNERABILITY TITLE RISK
2004-02-17 CVE-2003-0903 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft Data Access Components
Buffer overflow in a component of Microsoft Data Access Components (MDAC) 2.5 through 2.8 allows remote attackers to execute arbitrary code via a malformed UDP response to a broadcast request.
network
low complexity
microsoft CWE-119
critical
10.0
2004-02-17 CVE-2003-0819 Buffer Errors vulnerability in Microsoft Proxy Server 2.0
Buffer overflow in the H.323 filter of Microsoft Internet Security and Acceleration Server 2000 allows remote attackers to execute arbitrary code in the Microsoft Firewall Service via certain H.323 traffic, as demonstrated by the NISCC/OUSPG PROTOS test suite for the H.225 protocol.
network
low complexity
microsoft CWE-119
critical
10.0
2004-01-20 CVE-2003-1027 Unspecified vulnerability in Microsoft IE and Internet Explorer
Internet Explorer 5.01 through 6 SP1 allows remote attackers to direct drag and drop behaviors and other mouse click actions to other windows by using method caching (SaveRef) to access the window.moveBy method, which is otherwise inaccessible, as demonstrated by HijackClickV2, a different vulnerability than CVE-2003-0823, aka the "Function Pointer Drag and Drop Vulnerability."
network
low complexity
microsoft
critical
10.0
2004-01-20 CVE-2003-1026 Permissions, Privileges, and Access Controls vulnerability in Microsoft IE and Internet Explorer
Internet Explorer 5.01 through 6 SP1 allows remote attackers to bypass zone restrictions via a javascript protocol URL in a sub-frame, which is added to the history list and executed in the top window's zone when the history.back (back) function is called, as demonstrated by BackToFramedJpu, aka the "Travel Log Cross Domain Vulnerability."
network
microsoft CWE-264
critical
9.3
2003-12-31 CVE-2003-1357 Configuration vulnerability in Replicom Proxyview
ProxyView has a default administrator password of Administrator for Embedded Windows NT, which allows remote attackers to gain access.
network
low complexity
replicom microsoft CWE-16
critical
10.0
2003-11-17 CVE-2003-0662 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft Windows 2000
Buffer overflow in Troubleshooter ActiveX Control (Tshoot.ocx) in Microsoft Windows 2000 SP4 and earlier allows remote attackers to execute arbitrary code via an HTML document with a long argument to the RunQuery2 method.
network
microsoft CWE-119
critical
9.3
2003-10-20 CVE-2003-0347 Buffer Overrun vulnerability in Microsoft Visual Basic For Applications Document Handling
Heap-based buffer overflow in VBE.DLL and VBE6.DLL of Microsoft Visual Basic for Applications (VBA) SDK 5.0 through 6.3 allows remote attackers to execute arbitrary code via a document with a long ID parameter.
network
low complexity
microsoft
critical
10.0
2003-09-17 CVE-2003-0715 Unspecified vulnerability in Microsoft products
Heap-based buffer overflow in the Distributed Component Object Model (DCOM) interface in the RPCSS Service allows remote attackers to execute arbitrary code via a malformed DCERPC DCOM object activation request packet with modified length fields, a different vulnerability than CVE-2003-0352 (Blaster/Nachi) and CVE-2003-0528.
network
low complexity
microsoft
critical
10.0
2003-09-17 CVE-2003-0528 Unspecified vulnerability in Microsoft products
Heap-based buffer overflow in the Distributed Component Object Model (DCOM) interface in the RPCSS Service allows remote attackers to execute arbitrary code via a malformed RPC request with a long filename parameter, a different vulnerability than CVE-2003-0352 (Blaster/Nachi) and CVE-2003-0715.
network
low complexity
microsoft
critical
10.0
2003-06-09 CVE-2003-0224 Unspecified vulnerability in Microsoft Internet Information Services 5.0
Buffer overflow in ssinc.dll for Microsoft Internet Information Services (IIS) 5.0 allows local users to execute arbitrary code via a web page with a Server Side Include (SSI) directive with a long filename, aka "Server Side Include Web Pages Buffer Overrun."
network
low complexity
microsoft
critical
10.0