Vulnerabilities > Microsoft > Windows 2003 Server > sp1
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2008-03-25 | CVE-2008-1092 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft Word Buffer overflow in msjet40.dll before 4.0.9505.0 in Microsoft Jet Database Engine allows remote attackers to execute arbitrary code via a crafted Word file, as exploited in the wild in March 2008. | 9.3 |
| 2008-02-12 | CVE-2007-0065 | Code Injection vulnerability in Microsoft Office and Visual Basic Heap-based buffer overflow in Object Linking and Embedding (OLE) Automation in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, Vista, Office 2004 for Mac, and Visual basic 6.0 SP6 allows remote attackers to execute arbitrary code via a crafted script request. | 10.0 |
| 2008-02-12 | CVE-2008-0088 | Improper Input Validation vulnerability in Microsoft Windows 2000, Windows 2003 Server and Windows XP Unspecified vulnerability in Active Directory on Microsoft Windows 2000 and Windows Server 2003, and Active Directory Application Mode (ADAM) on XP and Server 2003, allows remote attackers to cause a denial of service (hang and restart) via a crafted LDAP request. | 6.8 |
| 2008-01-08 | CVE-2007-5352 | Permissions, Privileges, and Access Controls vulnerability in Microsoft Windows 2000, Windows 2003 Server and Windows XP Unspecified vulnerability in Local Security Authority Subsystem Service (LSASS) in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 and SP2 allows local users to gain privileges via a crafted local procedure call (LPC) request. | 7.2 |
| 2007-06-12 | CVE-2007-2227 | Information Disclosure vulnerability in Microsoft Outlook Express and Windows Mail The MHTML protocol handler in Microsoft Outlook Express 6 and Windows Mail in Windows Vista does not properly handle Content-Disposition "notifications," which allows remote attackers to obtain sensitive information from other Internet Explorer domains, aka "Content Disposition Parsing Cross Domain Information Disclosure Vulnerability." network microsoft | 4.3 |
| 2007-06-12 | CVE-2007-2225 | Information Disclosure vulnerability in Microsoft Outlook Express and Windows Mail A component in Microsoft Outlook Express 6 and Windows Mail in Windows Vista does not properly handle certain HTTP headers when processing MHTML protocol URLs, which allows remote attackers to obtain sensitive information from other Internet Explorer domains, aka "URL Parsing Cross Domain Information Disclosure Vulnerability." network microsoft | 4.3 |
| 2007-06-12 | CVE-2007-2219 | Remote Code Execution vulnerability in Microsoft Windows 2000, Windows 2003 Server and Windows XP Unspecified vulnerability in the Win32 API on Microsoft Windows 2000, XP SP2, and Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via certain parameters to an unspecified function. | 9.3 |
| 2007-06-12 | CVE-2007-2218 | Remote Code Execution vulnerability in Microsoft Windows 2000, Windows 2003 Server and Windows XP Unspecified vulnerability in the Windows Schannel Security Package for Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 and SP2, allows remote servers to execute arbitrary code or cause a denial of service via crafted digital signatures that are processed during an SSL handshake. | 9.3 |
| 2007-06-04 | CVE-2007-2999 | Unspecified vulnerability in Microsoft Windows 2003 Server Gold/Sp1/Sp2 Microsoft Windows Server 2003, when time restrictions are in effect for user accounts, generates different error messages for failed login attempts with a valid user name than for those with an invalid user name, which allows context-dependent attackers to determine valid Active Directory account names. high complexity microsoft | 1.8 |
| 2007-04-13 | CVE-2007-1748 | Buffer Errors vulnerability in Microsoft Windows 2000 and Windows 2003 Server Stack-based buffer overflow in the RPC interface in the Domain Name System (DNS) Server Service in Microsoft Windows 2000 Server SP 4, Server 2003 SP 1, and Server 2003 SP 2 allows remote attackers to execute arbitrary code via a long zone name containing character constants represented by escape sequences. | 10.0 |