Vulnerabilities > Microsoft > Windows 2003 Server > r2
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2005-05-02 | CVE-2005-0050 | Improper Input Validation vulnerability in Microsoft Windows 2000, Windows 2003 Server and Windows NT The License Logging service for Windows NT Server, Windows 2000 Server, and Windows Server 2003 does not properly validate the length of messages, which leads to an "unchecked buffer" and allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, aka the "License Logging Service Vulnerability." | 10.0 |
| 2005-05-02 | CVE-2005-0047 | Unspecified vulnerability in Microsoft Windows 2000, Windows 2003 Server and Windows XP Windows 2000, XP, and Server 2003 does not properly "validate the use of memory regions" for COM structured storage files, which allows attackers to execute arbitrary code, aka the "COM Structured Storage Vulnerability." | 7.2 |
| 2005-05-02 | CVE-2005-0045 | Remote Buffer Overflow vulnerability in Microsoft Windows Server Message Block Handlers The Server Message Block (SMB) implementation for Windows NT 4.0, 2000, XP, and Server 2003 does not properly validate certain SMB packets, which allows remote attackers to execute arbitrary code via Transaction responses containing (1) Trans or (2) Trans2 commands, aka the "Server Message Block Vulnerability," and as demonstrated using Trans2 FIND_FIRST2 responses with large file name length fields. | 7.5 |
| 2005-05-02 | CVE-2005-0044 | Unspecified vulnerability in Microsoft products The OLE component in Windows 98, 2000, XP, and Server 2003, and Exchange Server 5.0 through 2003, does not properly validate the lengths of messages for certain OLE data, which allows remote attackers to execute arbitrary code, aka the "Input Validation Vulnerability." | 7.5 |
| 2005-04-27 | CVE-2005-0416 | Buffer Overflow vulnerability in Microsoft Windows User32.DLL ANI File Header Handling Stack-Based The Windows Animated Cursor (ANI) capability in Windows NT, Windows 2000 through SP4, Windows XP through SP1, and Windows 2003 allows remote attackers to execute arbitrary code via the AnimationHeaderBlock length field, which leads to a stack-based buffer overflow. | 7.5 |
| 2005-04-12 | CVE-2004-0790 | Remote Denial Of Service vulnerability in Multiple Vendor TCP/IP Implementation ICMP Multiple TCP/IP and ICMP implementations allow remote attackers to cause a denial of service (reset TCP connections) via spoofed ICMP error messages, aka the "blind connection-reset attack." NOTE: CVE-2004-0790, CVE-2004-0791, and CVE-2004-1060 have been SPLIT based on different attacks; CVE-2005-0065, CVE-2005-0066, CVE-2005-0067, and CVE-2005-0068 are related identifiers that are SPLIT based on the underlying vulnerability. | 5.0 |
| 2005-03-05 | CVE-2005-0688 | Unspecified vulnerability in Microsoft Windows 2003 Server and Windows XP Windows Server 2003 and XP SP2, with Windows Firewall turned off, allows remote attackers to cause a denial of service (CPU consumption) via a TCP packet with the SYN flag set and the same destination and source address and port, aka a reoccurrence of the "Land" vulnerability (CVE-1999-0016). | 5.0 |
| 2005-01-11 | CVE-2004-0897 | Buffer Overflow vulnerability in Microsoft Windows 2003 Server and Windows XP The Indexing Service for Microsoft Windows XP and Server 2003 does not properly validate the length of a message, which allows remote attackers to execute arbitrary code via a buffer overflow attack. | 10.0 |
| 2005-01-10 | CVE-2004-1080 | Remote Memory Corruption vulnerability in Microsoft Windows 2000, Windows 2003 Server and Windows NT The WINS service (wins.exe) on Microsoft Windows NT Server 4.0, Windows 2000 Server, and Windows Server 2003 allows remote attackers to write to arbitrary memory locations and possibly execute arbitrary code via a modified memory pointer in a WINS replication packet to TCP port 42, aka the "Association Context Vulnerability." | 10.0 |
| 2005-01-10 | CVE-2004-0901 | Unspecified vulnerability in Microsoft products Microsoft Word for Windows 6.0 Converter (MSWRD632.WPC), as used in WordPad, does not properly validate certain data lengths, which allows remote attackers to execute arbitrary code via a .wri, .rtf, and .doc file sent by email or malicious web site, aka "Font Conversion Vulnerability," a different vulnerability than CVE-2004-0571. | 10.0 |