Vulnerabilities > Microsoft > Critical

DATE CVE VULNERABILITY TITLE RISK
2003-09-17 CVE-2003-0715 Unspecified vulnerability in Microsoft products
Heap-based buffer overflow in the Distributed Component Object Model (DCOM) interface in the RPCSS Service allows remote attackers to execute arbitrary code via a malformed DCERPC DCOM object activation request packet with modified length fields, a different vulnerability than CVE-2003-0352 (Blaster/Nachi) and CVE-2003-0528.
network
low complexity
microsoft
critical
10.0
2003-09-17 CVE-2003-0528 Unspecified vulnerability in Microsoft products
Heap-based buffer overflow in the Distributed Component Object Model (DCOM) interface in the RPCSS Service allows remote attackers to execute arbitrary code via a malformed RPC request with a long filename parameter, a different vulnerability than CVE-2003-0352 (Blaster/Nachi) and CVE-2003-0715.
network
low complexity
microsoft
critical
10.0
2003-06-09 CVE-2003-0224 Unspecified vulnerability in Microsoft Internet Information Services 5.0
Buffer overflow in ssinc.dll for Microsoft Internet Information Services (IIS) 5.0 allows local users to execute arbitrary code via a web page with a Server Side Include (SSI) directive with a long filename, aka "Server Side Include Web Pages Buffer Overrun."
network
low complexity
microsoft
critical
10.0
2002-12-31 CVE-2002-1918 Buffer Overflow vulnerability in Microsoft Data Access Components 2.5/2.6/2.7
Buffer overflow in Microsoft Active Data Objects (ADO) in Microsoft MDAC 2.5 through 2.7 allows remote attackers to have unknown impact with unknown attack vectors.
network
low complexity
microsoft
critical
10.0
2002-12-23 CVE-2002-1257 Unspecified vulnerability in Microsoft products
Microsoft Virtual Machine (VM) up to and including build 5.0.3805 allows remote attackers to execute arbitrary code by including a Java applet that invokes COM (Component Object Model) objects in a web site or an HTML mail.
network
low complexity
microsoft
critical
10.0
2002-10-28 CVE-2002-1145 Privilege Escalation vulnerability in Microsoft Data Engine and SQL Server
The xp_runwebtask stored procedure in the Web Tasks component of Microsoft SQL Server 7.0 and 2000, Microsoft Data Engine (MSDE) 1.0, and Microsoft Desktop Engine (MSDE) 2000 can be executed by PUBLIC, which allows an attacker to gain privileges by updating a webtask that is owned by the database owner through the msdb.dbo.mswebtasks table, which does not have strong permissions.
network
low complexity
microsoft
critical
10.0
2002-09-05 CVE-2002-0721 Unspecified vulnerability in Microsoft Data Engine and SQL Server
Microsoft SQL Server 7.0 and 2000 installs with weak permissions for extended stored procedures that are associated with helper functions, which could allow unprivileged users, and possibly remote attackers, to run stored procedures with administrator privileges via (1) xp_execresultset, (2) xp_printstatements, or (3) xp_displayparamstmt.
network
low complexity
microsoft
critical
10.0
2002-08-12 CVE-2002-0736 Authentication Bypass vulnerability in Microsoft BackOffice Server Web Administration
Microsoft BackOffice 4.0 and 4.5, when configured to be accessible by other systems, allows remote attackers to bypass authentication and access the administrative ASP pages via an HTTP request with an authorization type (auth_type) that is not blank.
network
low complexity
microsoft
critical
10.0
2002-08-12 CVE-2002-0697 Remote LDAP Client Administration vulnerability in Microsoft Metadirectory Services 2.2
Microsoft Metadirectory Services (MMS) 2.2 allows remote attackers to bypass authentication and modify sensitive data by using an LDAP client to directly connect to MMS and bypass the checks for MMS credentials.
network
low complexity
microsoft
critical
10.0
2002-08-12 CVE-2002-0391 Integer Overflow or Wraparound vulnerability in multiple products
Integer overflow in xdr_array function in RPC servers for operating systems that use libc, glibc, or other code based on SunRPC including dietlibc, allows remote attackers to execute arbitrary code by passing a large number of arguments to xdr_array through RPC services such as rpc.cmsd and dmispd.
network
low complexity
openbsd sun freebsd microsoft CWE-190
critical
9.8