Vulnerabilities > Microsoft > Windows 2003 Server > sp2

DATE CVE VULNERABILITY TITLE RISK
2009-10-14 CVE-2009-2527 Buffer Errors vulnerability in Microsoft Windows Media Player 6.4
Heap-based buffer overflow in Microsoft Windows Media Player 6.4 allows remote attackers to execute arbitrary code via (1) a crafted ASF file or (2) crafted streaming content, aka "WMP Heap Overflow Vulnerability."
network
microsoft CWE-119
critical
9.3
2009-08-12 CVE-2009-1930 Credentials Management vulnerability in Microsoft products
The Telnet service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote Telnet servers to execute arbitrary code on a client machine by replaying the NTLM credentials of a client user, aka "Telnet Credential Reflection Vulnerability," a related issue to CVE-2000-0834.
network
low complexity
microsoft CWE-255
critical
10.0
2009-08-12 CVE-2009-1929 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft products
Heap-based buffer overflow in the Microsoft Terminal Services Client ActiveX control running RDP 6.1 on Windows XP SP2, Vista SP1 or SP2, or Server 2008 Gold or SP2; or 5.2 or 6.1 on Windows XP SP3; allows remote attackers to execute arbitrary code via unspecified parameters to unknown methods, aka "Remote Desktop Connection ActiveX Control Heap Overflow Vulnerability."
network
microsoft CWE-119
critical
9.3
2009-08-12 CVE-2009-1546 Numeric Errors vulnerability in Microsoft products
Integer overflow in Avifil32.dll in the Windows Media file handling functionality in Microsoft Windows allows remote attackers to execute arbitrary code on a Windows 2000 SP4 system via a crafted AVI file, or cause a denial of service on a Windows XP SP2 or SP3, Server 2003 SP2, Vista Gold, SP1, or SP2, or Server 2008 Gold or SP2 system via a crafted AVI file, aka "AVI Integer Overflow Vulnerability."
network
microsoft CWE-189
8.5
2009-08-12 CVE-2009-1545 Code Injection vulnerability in Microsoft products
Unspecified vulnerability in Avifil32.dll in the Windows Media file handling functionality in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a malformed header in a crafted AVI file, aka "Malformed AVI Header Vulnerability."
network
microsoft CWE-94
critical
9.3
2009-08-12 CVE-2009-1544 Resource Management Errors vulnerability in Microsoft products
Double free vulnerability in the Workstation service in Microsoft Windows allows remote authenticated users to gain privileges via a crafted RPC message to a Windows XP SP2 or SP3 or Server 2003 SP2 system, or cause a denial of service via a crafted RPC message to a Vista Gold, SP1, or SP2 or Server 2008 Gold or SP2 system, aka "Workstation Service Memory Corruption Vulnerability."
network
low complexity
microsoft CWE-399
critical
9.0
2009-06-10 CVE-2009-0229 Information Exposure vulnerability in Microsoft products
The Windows Printing Service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 allows local users to read arbitrary files via a crafted separator page, aka "Print Spooler Read File Vulnerability."
local
low complexity
microsoft CWE-200
4.9
2008-02-12 CVE-2007-0065 Code Injection vulnerability in Microsoft Office and Visual Basic
Heap-based buffer overflow in Object Linking and Embedding (OLE) Automation in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, Vista, Office 2004 for Mac, and Visual basic 6.0 SP6 allows remote attackers to execute arbitrary code via a crafted script request.
network
low complexity
microsoft CWE-94
critical
10.0
2008-02-12 CVE-2008-0088 Improper Input Validation vulnerability in Microsoft Windows 2000, Windows 2003 Server and Windows XP
Unspecified vulnerability in Active Directory on Microsoft Windows 2000 and Windows Server 2003, and Active Directory Application Mode (ADAM) on XP and Server 2003, allows remote attackers to cause a denial of service (hang and restart) via a crafted LDAP request.
network
low complexity
microsoft CWE-20
6.8
2008-01-08 CVE-2007-5352 Permissions, Privileges, and Access Controls vulnerability in Microsoft Windows 2000, Windows 2003 Server and Windows XP
Unspecified vulnerability in Local Security Authority Subsystem Service (LSASS) in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 and SP2 allows local users to gain privileges via a crafted local procedure call (LPC) request.
local
low complexity
microsoft CWE-264
7.2