Vulnerabilities > Microsoft > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2003-09-17 | CVE-2003-0715 | Unspecified vulnerability in Microsoft products Heap-based buffer overflow in the Distributed Component Object Model (DCOM) interface in the RPCSS Service allows remote attackers to execute arbitrary code via a malformed DCERPC DCOM object activation request packet with modified length fields, a different vulnerability than CVE-2003-0352 (Blaster/Nachi) and CVE-2003-0528. | 10.0 |
| 2003-09-17 | CVE-2003-0528 | Unspecified vulnerability in Microsoft products Heap-based buffer overflow in the Distributed Component Object Model (DCOM) interface in the RPCSS Service allows remote attackers to execute arbitrary code via a malformed RPC request with a long filename parameter, a different vulnerability than CVE-2003-0352 (Blaster/Nachi) and CVE-2003-0715. | 10.0 |
| 2003-06-09 | CVE-2003-0224 | Unspecified vulnerability in Microsoft Internet Information Services 5.0 Buffer overflow in ssinc.dll for Microsoft Internet Information Services (IIS) 5.0 allows local users to execute arbitrary code via a web page with a Server Side Include (SSI) directive with a long filename, aka "Server Side Include Web Pages Buffer Overrun." | 10.0 |
| 2002-12-31 | CVE-2002-1918 | Buffer Overflow vulnerability in Microsoft Data Access Components 2.5/2.6/2.7 Buffer overflow in Microsoft Active Data Objects (ADO) in Microsoft MDAC 2.5 through 2.7 allows remote attackers to have unknown impact with unknown attack vectors. | 10.0 |
| 2002-12-23 | CVE-2002-1257 | Unspecified vulnerability in Microsoft products Microsoft Virtual Machine (VM) up to and including build 5.0.3805 allows remote attackers to execute arbitrary code by including a Java applet that invokes COM (Component Object Model) objects in a web site or an HTML mail. | 10.0 |
| 2002-10-28 | CVE-2002-1145 | Privilege Escalation vulnerability in Microsoft Data Engine and SQL Server The xp_runwebtask stored procedure in the Web Tasks component of Microsoft SQL Server 7.0 and 2000, Microsoft Data Engine (MSDE) 1.0, and Microsoft Desktop Engine (MSDE) 2000 can be executed by PUBLIC, which allows an attacker to gain privileges by updating a webtask that is owned by the database owner through the msdb.dbo.mswebtasks table, which does not have strong permissions. | 10.0 |
| 2002-09-05 | CVE-2002-0721 | Unspecified vulnerability in Microsoft Data Engine and SQL Server Microsoft SQL Server 7.0 and 2000 installs with weak permissions for extended stored procedures that are associated with helper functions, which could allow unprivileged users, and possibly remote attackers, to run stored procedures with administrator privileges via (1) xp_execresultset, (2) xp_printstatements, or (3) xp_displayparamstmt. | 10.0 |
| 2002-08-12 | CVE-2002-0736 | Authentication Bypass vulnerability in Microsoft BackOffice Server Web Administration Microsoft BackOffice 4.0 and 4.5, when configured to be accessible by other systems, allows remote attackers to bypass authentication and access the administrative ASP pages via an HTTP request with an authorization type (auth_type) that is not blank. | 10.0 |
| 2002-08-12 | CVE-2002-0697 | Remote LDAP Client Administration vulnerability in Microsoft Metadirectory Services 2.2 Microsoft Metadirectory Services (MMS) 2.2 allows remote attackers to bypass authentication and modify sensitive data by using an LDAP client to directly connect to MMS and bypass the checks for MMS credentials. | 10.0 |
| 2002-08-12 | CVE-2002-0391 | Integer Overflow or Wraparound vulnerability in multiple products Integer overflow in xdr_array function in RPC servers for operating systems that use libc, glibc, or other code based on SunRPC including dietlibc, allows remote attackers to execute arbitrary code by passing a large number of arguments to xdr_array through RPC services such as rpc.cmsd and dmispd. | 9.8 |