Vulnerabilities > Microsoft > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2004-02-17 | CVE-2003-0903 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft Data Access Components Buffer overflow in a component of Microsoft Data Access Components (MDAC) 2.5 through 2.8 allows remote attackers to execute arbitrary code via a malformed UDP response to a broadcast request. | 10.0 |
| 2004-02-17 | CVE-2003-0819 | Buffer Errors vulnerability in Microsoft Proxy Server 2.0 Buffer overflow in the H.323 filter of Microsoft Internet Security and Acceleration Server 2000 allows remote attackers to execute arbitrary code in the Microsoft Firewall Service via certain H.323 traffic, as demonstrated by the NISCC/OUSPG PROTOS test suite for the H.225 protocol. | 10.0 |
| 2004-01-20 | CVE-2003-1027 | Unspecified vulnerability in Microsoft IE and Internet Explorer Internet Explorer 5.01 through 6 SP1 allows remote attackers to direct drag and drop behaviors and other mouse click actions to other windows by using method caching (SaveRef) to access the window.moveBy method, which is otherwise inaccessible, as demonstrated by HijackClickV2, a different vulnerability than CVE-2003-0823, aka the "Function Pointer Drag and Drop Vulnerability." | 10.0 |
| 2004-01-20 | CVE-2003-1026 | Permissions, Privileges, and Access Controls vulnerability in Microsoft IE and Internet Explorer Internet Explorer 5.01 through 6 SP1 allows remote attackers to bypass zone restrictions via a javascript protocol URL in a sub-frame, which is added to the history list and executed in the top window's zone when the history.back (back) function is called, as demonstrated by BackToFramedJpu, aka the "Travel Log Cross Domain Vulnerability." | 9.3 |
| 2003-12-31 | CVE-2003-1357 | Configuration vulnerability in Replicom Proxyview ProxyView has a default administrator password of Administrator for Embedded Windows NT, which allows remote attackers to gain access. | 10.0 |
| 2003-11-17 | CVE-2003-0662 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft Windows 2000 Buffer overflow in Troubleshooter ActiveX Control (Tshoot.ocx) in Microsoft Windows 2000 SP4 and earlier allows remote attackers to execute arbitrary code via an HTML document with a long argument to the RunQuery2 method. | 9.3 |
| 2003-10-20 | CVE-2003-0347 | Buffer Overrun vulnerability in Microsoft Visual Basic For Applications Document Handling Heap-based buffer overflow in VBE.DLL and VBE6.DLL of Microsoft Visual Basic for Applications (VBA) SDK 5.0 through 6.3 allows remote attackers to execute arbitrary code via a document with a long ID parameter. | 10.0 |
| 2003-09-17 | CVE-2003-0715 | Unspecified vulnerability in Microsoft products Heap-based buffer overflow in the Distributed Component Object Model (DCOM) interface in the RPCSS Service allows remote attackers to execute arbitrary code via a malformed DCERPC DCOM object activation request packet with modified length fields, a different vulnerability than CVE-2003-0352 (Blaster/Nachi) and CVE-2003-0528. | 10.0 |
| 2003-09-17 | CVE-2003-0528 | Unspecified vulnerability in Microsoft products Heap-based buffer overflow in the Distributed Component Object Model (DCOM) interface in the RPCSS Service allows remote attackers to execute arbitrary code via a malformed RPC request with a long filename parameter, a different vulnerability than CVE-2003-0352 (Blaster/Nachi) and CVE-2003-0715. | 10.0 |
| 2003-06-09 | CVE-2003-0224 | Unspecified vulnerability in Microsoft Internet Information Services 5.0 Buffer overflow in ssinc.dll for Microsoft Internet Information Services (IIS) 5.0 allows local users to execute arbitrary code via a web page with a Server Side Include (SSI) directive with a long filename, aka "Server Side Include Web Pages Buffer Overrun." | 10.0 |