Vulnerabilities > Microsoft > Windows 2003 Server > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2006-11-14 | CVE-2006-4689 | Denial-Of-Service vulnerability in Microsoft Windows 2000, Windows 2003 Server and Windows XP Unspecified vulnerability in the driver for the Client Service for NetWare (CSNW) in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 up to SP1 allows remote attackers to cause a denial of service (hang and reboot) via has unknown attack vectors, aka "NetWare Driver Denial of Service Vulnerability." | 5.0 |
2006-09-12 | CVE-2006-0032 | Cross-Site Scripting vulnerability in Microsoft Windows 2000, Windows 2003 Server and Windows XP Cross-site scripting (XSS) vulnerability in the Indexing Service in Microsoft Windows 2000, XP, and Server 2003, when the Encoding option is set to Auto Select, allows remote attackers to inject arbitrary web script or HTML via a UTF-7 encoded URL, which is injected into an error message whose charset is set to UTF-7. | 4.3 |
2006-07-06 | CVE-2006-3351 | Denial Of Service vulnerability in Microsoft Windows 2003 Server and Windows XP Buffer overflow in Windows Explorer (explorer.exe) on Windows XP and 2003 allows user-assisted attackers to cause a denial of service (repeated crash) and possibly execute arbitrary code via a .url file with an InternetShortcut tag containing a long URL and a large number of "file:" specifiers. | 5.4 |
2006-06-13 | CVE-2006-2378 | Unspecified vulnerability in Microsoft products Buffer overflow in the ART Image Rendering component (jgdw400.dll) in Microsoft Windows XP SP1 and Sp2, Server 2003 SP1 and earlier, and Windows 98 and Me allows remote attackers to execute arbitrary code via a crafted ART image that causes heap corruption. network microsoft | 6.8 |
2006-06-13 | CVE-2006-2374 | Improper Locking vulnerability in Microsoft Windows 2000, Windows 2003 Server and Windows XP The Server Message Block (SMB) driver (MRXSMB.SYS) in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows local users to cause a denial of service (hang) by calling the MrxSmbCscIoctlCloseForCopyChunk with the file handle of the shadow device, which results in a deadlock, aka the "SMB Invalid Handle Vulnerability." | 5.5 |
2006-06-13 | CVE-2006-1313 | Unspecified vulnerability in Microsoft products Microsoft JScript 5.1, 5.5, and 5.6 on Windows 2000 SP4, and 5.6 on Windows XP, Server 2003, Windows 98 and Windows Me, will "release objects early" in certain cases, which results in memory corruption and allows remote attackers to execute arbitrary code. network microsoft | 6.8 |
2006-05-10 | CVE-2006-1184 | Buffer Overflow vulnerability in Microsoft Windows MSDTC Heap Microsoft Distributed Transaction Coordinator (MSDTC) for Windows NT 4.0, 2000 SP4, XP SP1 and SP2, and Server 2003 allows remote attackers to cause a denial of service (crash) via a BuildContextW request with a large (1) UuidString or (2) GuidIn of a certain length, which causes an out-of-range memory access, aka the MSDTC Denial of Service Vulnerability. | 5.0 |
2006-04-12 | CVE-2006-0012 | Remote Code Execution vulnerability in Microsoft Windows Shell COM Object Unspecified vulnerability in Windows Explorer in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allows remote attackers to execute arbitrary code via attack vectors involving COM objects and "crafted files and directories," aka the "Windows Shell Vulnerability." | 5.1 |
2006-04-03 | CVE-2006-1591 | Heap Overflow vulnerability in Microsoft Windows Help Image Processing Heap-based buffer overflow in Microsoft Windows Help winhlp32.exe allows user-assisted attackers to execute arbitrary code via crafted embedded image data in a .hlp file. | 5.1 |
2006-02-14 | CVE-2006-0013 | Buffer Overflow vulnerability in Microsoft Windows 2003 Server and Windows XP Buffer overflow in the Web Client service (WebClnt.dll) for Microsoft Windows XP SP1 and SP2, and Server 2003 up to SP1, allows remote authenticated users or Guests to execute arbitrary code via crafted RPC requests, a different vulnerability than CVE-2005-1207. | 6.5 |