Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Windows_2003_server
(Microsoft)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 407 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2008-12-10 | CVE-2008-3465 | Heap-based buffer overflow in an API in GDI in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows context-dependent attackers to cause a denial of service or execute arbitrary code via a WMF file with a malformed file-size parameter, which would not be properly handled by a third-party application that uses this API for a copy operation, aka "GDI Heap Overflow Vulnerability." | Windows_2000, Windows_2003_server, Windows_server_2003, Windows_server_2008, Windows_vista, Windows_xp | N/A | ||
| 2013-09-11 | CVE-2013-1342 | win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application, aka "Win32k Multiple Fetch Vulnerability," a different vulnerability than CVE-2013-1343, CVE-2013-1344, CVE-2013-3864, and CVE-2013-3865. | Windows_2003_server, Windows_7, Windows_8, Windows_rt, Windows_server_2008, Windows_server_2012, Windows_vista, Windows_xp | N/A | ||
| 2004-12-31 | CVE-2004-2339 | Microsoft Windows 2000, XP, and possibly 2003 allows local users with the SeDebugPrivilege privilege to execute arbitrary code as kernel and read or write kernel memory via the NtSystemDebugControl function, which does not verify its pointer arguments. Note: this issue has been disputed, since Administrator privileges are typically required to exploit this issue, thus privilege boundaries are not crossed | Windows_2000, Windows_2003_server, Windows_xp | N/A | ||
| 2013-11-28 | CVE-2013-5065 | NDProxy.sys in the kernel in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows local users to gain privileges via a crafted application, as exploited in the wild in November 2013. | Windows_2003_server, Windows_xp | 7.8 | ||
| 2009-08-12 | CVE-2009-1544 | Double free vulnerability in the Workstation service in Microsoft Windows allows remote authenticated users to gain privileges via a crafted RPC message to a Windows XP SP2 or SP3 or Server 2003 SP2 system, or cause a denial of service via a crafted RPC message to a Vista Gold, SP1, or SP2 or Server 2008 Gold or SP2 system, aka "Workstation Service Memory Corruption Vulnerability." | Windows_2003_server, Windows_server_2008, Windows_vista, Windows_xp | N/A | ||
| 2009-10-14 | CVE-2009-2502 | Buffer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007... | \.net_framework, Excel_viewer, Expression_web, Forefront_client_security, Internet_explorer, Office, Office_compatibility_pack, Office_excel_viewer, Office_groove, Office_powerpoint_viewer, Office_word_viewer, Platform_sdk, Project, Report_viewer, Sql_server, Sql_server_reporting_services, Visio, Visual_foxpro, Visual_studio, Visual_studio_\.net, Windows_2003_server, Windows_server_2008, Windows_vista, Windows_xp, Word_viewer, Works | N/A | ||
| 2010-03-31 | CVE-2010-0492 | Use-after-free vulnerability in mstime.dll in Microsoft Internet Explorer 8 allows remote attackers to execute arbitrary code via vectors related to the TIME2 behavior, the CTimeAction object, and destruction of markup, leading to memory corruption, aka "HTML Object Memory Corruption Vulnerability." | Internet_explorer, Windows_2003_server, Windows_7, Windows_server_2003, Windows_server_2008, Windows_vista, Windows_xp | N/A | ||
| 2010-08-11 | CVE-2010-1896 | The Windows kernel-mode drivers in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, and Windows Server 2008 Gold and SP2 do not properly validate user-mode input passed to kernel mode, which allows local users to gain privileges via a crafted application, aka "Win32k User Input Validation Vulnerability." | Windows_2003_server, Windows_server_2003, Windows_server_2008, Windows_vista, Windows_xp | N/A | ||
| 2011-04-13 | CVE-2011-0657 | DNSAPI.dll in the DNS client in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly process DNS queries, which allows remote attackers to execute arbitrary code via (1) a crafted LLMNR broadcast query or (2) a crafted application, aka "DNS Query Vulnerability." | Windows_2003_server, Windows_7, Windows_server_2003, Windows_server_2008, Windows_vista, Windows_xp | N/A | ||
| 2011-04-13 | CVE-2011-0671 | Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability." | Windows_2003_server, Windows_7, Windows_server_2003, Windows_server_2008, Windows_vista, Windows_xp | N/A |