Vulnerabilities > Microsoft > Windows 2003 Server > r2
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2005-01-10 | CVE-2004-0894 | Unspecified vulnerability in Microsoft Windows 2000, Windows 2003 Server and Windows XP LSASS (Local Security Authority Subsystem Service) of Windows 2000 Server and Windows Server 2003 does not properly validate connection information, which allows local users to gain privileges via a specially-designed program. | 7.2 |
2005-01-10 | CVE-2004-0893 | Unspecified vulnerability in Microsoft products The Local Procedure Call (LPC) interface of the Windows Kernel for Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 does not properly validate the lengths of messages sent to the LPC port, which allows local users to gain privileges, aka "Windows Kernel Vulnerability." | 7.2 |
2005-01-10 | CVE-2004-0571 | Unspecified vulnerability in Microsoft products Microsoft Word for Windows 6.0 Converter does not properly validate certain data lengths, which allows remote attackers to execute arbitrary code via a .wri, .rtf, and .doc file sent by email or malicious web site, aka "Table Conversion Vulnerability," a different vulnerability than CVE-2004-0901. | 10.0 |
2005-01-10 | CVE-2004-0568 | Unspecified vulnerability in Microsoft products HyperTerminal application for Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 does not properly validate the length of a value that is saved in a session file, which allows remote attackers to execute arbitrary code via a malicious HyperTerminal session file (.ht), web site, or Telnet URL contained in an e-mail message, triggering a buffer overflow. | 10.0 |
2004-12-31 | CVE-2004-2527 | The local and remote desktop login screens in Microsoft Windows XP before SP2 and 2003 allow remote attackers to cause a denial of service (CPU and memory consumption) by repeatedly using the WinKey+"U" key combination, which causes multiple copies of Windows Utility Manager to be loaded more quickly than they can be closed when the copies detect that another instance is running. | 5.4 |
2004-12-31 | CVE-2004-2365 | Denial-Of-Service vulnerability in Microsoft Windows 2003 Server and Windows XP Memory leak in Microsoft Windows XP and Windows Server 2003 allows local users to cause a denial of service (memory exhaustion) by repeatedly creating and deleting directories using a non-standard tool such as smbmount. | 2.1 |
2004-12-31 | CVE-2004-1306 | Heap Overflow vulnerability in Microsoft Windows winhlp32 Phrase Heap-based buffer overflow in winhlp32.exe in Windows NT, Windows 2000 through SP4, Windows XP through SP2, and Windows 2003 allows remote attackers to execute arbitrary code via a crafted .hlp file. | 5.1 |
2004-12-31 | CVE-2004-1049 | Integer Overflow vulnerability in Microsoft Windows LoadImage API Function Integer overflow in the LoadImage API of the USER32 Lib for Microsoft Windows allows remote attackers to execute arbitrary code via a .bmp, .cur, .ico or .ani file with a large image size field, which leads to a buffer overflow, aka the "Cursor and Icon Format Handling Vulnerability." | 5.1 |
2004-12-31 | CVE-2004-0567 | Remote Buffer Overflow vulnerability in Microsoft Windows 2000, Windows 2003 Server and Windows NT The Windows Internet Naming Service (WINS) in Windows NT Server 4.0 SP 6a, NT Terminal Server 4.0 SP 6, Windows 2000 Server SP3 and SP4, and Windows Server 2003 does not properly validate the computer name value in a WINS packet, which allows remote attackers to execute arbitrary code or cause a denial of service (server crash), which results in an "unchecked buffer" and possibly triggers a buffer overflow, aka the "Name Validation Vulnerability." | 7.5 |
2004-12-23 | CVE-2004-1361 | Integer Overflow vulnerability in Microsoft Windows winhlp32 Phrase Integer underflow in winhlp32.exe in Windows NT, Windows 2000 through SP4, Windows XP through SP2, and Windows 2003 allows remote attackers to execute arbitrary code via a malformed .hlp file, which leads to a heap-based buffer overflow. | 5.0 |