Vulnerabilities > Microsoft > Windows Server 2003

DATE CVE VULNERABILITY TITLE RISK
2020-02-20 CVE-2012-5364 Resource Exhaustion vulnerability in Microsoft products
The IPv6 implementation in Microsoft Windows 7 and earlier allows remote attackers to cause a denial of service via a flood of ICMPv6 Router Advertisement packets containing multiple Routing entries.
network
low complexity
microsoft CWE-400
7.8
2020-02-20 CVE-2012-5362 Resource Exhaustion vulnerability in Microsoft products
The IPv6 implementation in Microsoft Windows 7 and earlier allows remote attackers to cause a denial of service via a flood of ICMPv6 Neighbor Solicitation messages, a different vulnerability than CVE-2010-4669.
network
low complexity
microsoft CWE-400
7.8
2020-02-11 CVE-2014-9748 Race Condition vulnerability in Libuv
The uv_rwlock_t fallback implementation for Windows XP and Server 2003 in libuv before 1.7.4 does not properly prevent threads from releasing the locks of other threads, which allows attackers to cause a denial of service (deadlock) or possibly have unspecified other impact by leveraging a race condition.
6.8
2019-05-16 CVE-2019-0708 USE After Free vulnerability in Microsoft products
A remote code execution vulnerability exists in Remote Desktop Services formerly known as Terminal Services when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests, aka 'Remote Desktop Services Remote Code Execution Vulnerability'.
network
low complexity
microsoft CWE-416
critical
10.0
2017-06-22 CVE-2017-0176 Classic Buffer Overflow vulnerability in Microsoft Windows Server 2003 and Windows XP
A buffer overflow in Smart Card authentication code in gpkcsp.dll in Microsoft Windows XP through SP3 and Server 2003 through SP2 allows a remote attacker to execute arbitrary code on the target computer, provided that the computer is joined in a Windows domain and has Remote Desktop Protocol connectivity (or Terminal Services) enabled.
network
microsoft CWE-120
critical
9.3
2017-06-15 CVE-2017-8487 Remote Code Execution vulnerability in Microsoft Windows Server 2003 and Windows XP
Windows OLE in Windows XP and Windows Server 2003 allows an attacker to execute code when a victim opens a specially crafted file or program aka "Windows olecnv32.dll Remote Code Execution Vulnerability."
network
microsoft
critical
9.3
2017-06-15 CVE-2017-8461 Unspecified vulnerability in Microsoft Windows Server 2003 and Windows XP
Windows RPC with Routing and Remote Access enabled in Windows XP and Windows Server 2003 allows an attacker to execute code on a targeted RPC server which has Routing and Remote Access enabled via a specially crafted application, aka "Windows RPC Remote Code Execution Vulnerability."
local
microsoft
6.9
2017-03-27 CVE-2017-7269 Buffer Errors vulnerability in Microsoft Internet Information Server 6.0
Buffer overflow in the ScStoragePathFromUrl function in the WebDAV service in Internet Information Services (IIS) 6.0 in Microsoft Windows Server 2003 R2 allows remote attackers to execute arbitrary code via a long header beginning with "If: <http://" in a PROPFIND request, as exploited in the wild in July or August 2016.
network
low complexity
microsoft CWE-119
critical
10.0
2015-06-10 CVE-2015-2360 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft products
win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application, aka "Win32k Elevation of Privilege Vulnerability."
local
low complexity
microsoft CWE-119
7.2
2015-06-10 CVE-2015-1768 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft Windows 2003 Server and Windows Server 2003
win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2 and R2 SP2 allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application, aka "Win32k Memory Corruption Elevation of Privilege Vulnerability."
local
low complexity
microsoft CWE-119
7.2