Unrestricted critical resource lock in Terminal Services for Windows 2000 before SP4 and Windows XP allows remote authenticated users to cause a denial of service (reboot) by obtaining a read lock on msgina.dll, which prevents msgina.dll from being loaded.
Max CVSS
6.8
EPSS Score
1.07%
Published
2003-12-31
Updated
2017-08-08
Memory leak in the Windows 2000 kernel allows remote attackers to cause a denial of service (SMB request hang) via a NetBIOS continuation packet.
Max CVSS
7.8
EPSS Score
12.38%
Published
2003-12-31
Updated
2019-04-30
Buffer overflow in cmd.exe in Windows NT 4.0 may allow local users to execute arbitrary code via a long pathname argument to the cd command.
Max CVSS
7.2
EPSS Score
0.05%
Published
2003-12-31
Updated
2017-07-29
CryptoBuddy 1.0 and 1.2 does not use the user-supplied passphrase to encrypt data, which could allow local users to use their own passphrase to decrypt the data.
Max CVSS
6.6
EPSS Score
0.04%
Published
2003-12-31
Updated
2017-07-29
Microsoft Outlook Express 6.0 and Outlook 2000, with the security zone set to Internet Zone, allows remote attackers to execute arbitrary programs via an HTML email with the CODEBASE parameter set to the program, a vulnerability similar to CAN-2002-0077.
Max CVSS
8.8
EPSS Score
14.14%
Published
2003-12-31
Updated
2017-07-29
The showHelp() function in Microsoft Internet Explorer 5.01, 5.5, and 6.0 supports certain types of pluggable protocols that allow remote attackers to bypass the cross-domain security model and execute arbitrary code, aka "Improper Cross Domain Security Validation with ShowHelp functionality."
Max CVSS
7.5
EPSS Score
9.22%
Published
2003-02-19
Updated
2021-07-23
Microsoft Internet Explorer 5.5 and 6.0 allows remote attackers to bypass the cross-domain security model to run malicious script or arbitrary programs via dialog boxes, aka "Improper Cross Domain Security Validation with dialog box."
Max CVSS
7.5
EPSS Score
0.68%
Published
2003-02-19
Updated
2021-07-23
Internet Explorer allows remote attackers to bypass zone restrictions to inject and execute arbitrary programs by creating a popup window and inserting ActiveX object code with a "data" tag pointing to the malicious code, which Internet Explorer treats as HTML or Javascript, but later executes as an HTA application, a different vulnerability than CVE-2003-0532, and as exploited using the QHosts Trojan horse (aka Trojan.Qhosts, QHosts-1, VBS.QHOSTS, or aolfix.exe).
Max CVSS
7.5
EPSS Score
95.04%
Published
2003-11-17
Updated
2021-07-23

CVE-2003-0822

Public exploit
Buffer overflow in the debug functionality in fp30reg.dll of Microsoft FrontPage Server Extensions (FPSE) 2000 and 2002 allows remote attackers to execute arbitrary code via a crafted chunked encoded request.
Max CVSS
7.5
EPSS Score
97.04%
Published
2003-12-15
Updated
2019-04-30
Microsoft Excel 97, 2000, and 2002 allows remote attackers to execute arbitrary code via a spreadsheet with a malicious XLM (Excel 4) macro that bypasses the macro security model.
Max CVSS
7.5
EPSS Score
25.11%
Published
2003-12-15
Updated
2018-10-12
Microsoft Word 97, 98(J), 2000, and 2002, and Microsoft Works Suites 2001 through 2004, do not properly check the length of the "Macro names" data value, which could allow remote attackers to execute arbitrary code via a buffer overflow attack.
Max CVSS
7.5
EPSS Score
10.46%
Published
2003-12-15
Updated
2018-10-12

CVE-2003-0812

Public exploit
Stack-based buffer overflow in a logging function for Windows Workstation Service (WKSSVC.DLL) allows remote attackers to execute arbitrary code via RPC calls that cause long entries to be written to a debug log file ("NetSetup.LOG"), as demonstrated using the NetAddAlternateComputerName API.
Max CVSS
7.5
EPSS Score
96.96%
Published
2003-12-15
Updated
2019-04-30
Internet Explorer 5.01 through 6.0 does not properly handle object tags returned from a Web server during XML data binding, which allows remote attackers to execute arbitrary code via an HTML e-mail message or web page.
Max CVSS
7.5
EPSS Score
94.30%
Published
2003-11-17
Updated
2021-07-23
Microsoft ASP.Net 1.1 allows remote attackers to bypass the Cross-Site Scripting (XSS) and Script Injection protection feature via a null character in the beginning of a tag name.
Max CVSS
6.8
EPSS Score
95.10%
Published
2003-09-22
Updated
2016-10-18
The Messenger Service for Windows NT through Server 2003 does not properly verify the length of the message, which allows remote attackers to execute arbitrary code via a buffer overflow attack.
Max CVSS
7.5
EPSS Score
97.11%
Published
2003-11-17
Updated
2019-04-30
Heap-based buffer overflow in the Distributed Component Object Model (DCOM) interface in the RPCSS Service allows remote attackers to execute arbitrary code via a malformed DCERPC DCOM object activation request packet with modified length fields, a different vulnerability than CVE-2003-0352 (Blaster/Nachi) and CVE-2003-0528.
Max CVSS
10.0
EPSS Score
70.33%
Published
2003-09-17
Updated
2019-04-30

CVE-2003-0714

Public exploit
The Internet Mail Service in Exchange Server 5.5 and Exchange 2000 allows remote attackers to cause a denial of service (memory exhaustion) by directly connecting to the SMTP service and sending a certain extended verb request, possibly triggering a buffer overflow in Exchange 2000.
Max CVSS
7.5
EPSS Score
9.16%
Published
2003-11-17
Updated
2020-04-09
Stack-based buffer overflow in the PCHealth system in the Help and Support Center function in Windows XP and Windows Server 2003 allows remote attackers to execute arbitrary code via a long query in an HCP URL.
Max CVSS
7.5
EPSS Score
55.76%
Published
2003-11-17
Updated
2019-04-30
Buffer overflow in Internet Explorer 6 SP1 for certain languages that support double-byte encodings (e.g., Japanese) allows remote attackers to execute arbitrary code via the Type property of an Object tag, a variant of CVE-2003-0344.
Max CVSS
7.5
EPSS Score
7.72%
Published
2003-08-27
Updated
2021-07-23
Buffer overflow in Microsoft Wordperfect Converter allows remote attackers to execute arbitrary code via modified data offset and data size parameters in a Corel WordPerfect file.
Max CVSS
7.5
EPSS Score
9.29%
Published
2003-10-20
Updated
2018-10-12
Buffer overflow in the ActiveX control for Microsoft Access Snapshot Viewer for Access 97, 2000, and 2002 allows remote attackers to execute arbitrary code via long parameters to the control.
Max CVSS
7.5
EPSS Score
7.72%
Published
2003-10-20
Updated
2018-10-12
Microsoft Word 2002, 2000, 97, and 98(J) does not properly check certain properties of a document, which allows attackers to bypass the macro security model and automatically execute arbitrary macros via a malicious document.
Max CVSS
7.5
EPSS Score
0.86%
Published
2003-10-20
Updated
2018-10-12
Buffer overflow in Troubleshooter ActiveX Control (Tshoot.ocx) in Microsoft Windows 2000 SP4 and earlier allows remote attackers to execute arbitrary code via an HTML document with a long argument to the RunQuery2 method.
Max CVSS
9.3
EPSS Score
96.60%
Published
2003-11-17
Updated
2019-04-30
The Authenticode capability in Microsoft Windows NT through Server 2003 does not prompt the user to download and install ActiveX controls when the system is low on memory, which could allow remote attackers to execute arbitrary code without user approval.
Max CVSS
7.5
EPSS Score
10.39%
Published
2003-11-17
Updated
2019-04-30
Buffer overflow in a function in User32.dll on Windows NT through Server 2003 allows local users to execute arbitrary code via long (1) LB_DIR messages to ListBox or (2) CB_DIR messages to ComboBox controls in a privileged application.
Max CVSS
7.2
EPSS Score
0.06%
Published
2003-11-17
Updated
2019-04-30
63 vulnerabilities found
1 2 3
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!