| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
651 |
CVE-2004-0212 |
|
|
Exec Code Overflow |
2004-08-06 |
2019-04-30 |
10.0 |
Admin |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Stack-based buffer overflow in the Task Scheduler for Windows 2000
and XP, and Internet Explorer 6 on Windows NT 4.0, allows local or
remote attackers to execute arbitrary code via a .job file containing
long parameters, as demonstrated using Internet Explorer and accessing a
.job file on an anonymous share. |
|
652 |
CVE-2004-0209 |
|
|
Exec Code |
2004-11-03 |
2018-10-12 |
10.0 |
Admin |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Unknown vulnerability in the Graphics Rendering Engine processes
of Microsoft Windows 2000, Windows XP, and Windows Server 2003 allows
remote attackers to execute arbitrary code via (1) Windows Metafile
(WMF) or (2) Enhanced Metafile (EMF) image formats that involve "an
unchecked buffer." |
|
653 |
CVE-2004-0208 |
|
|
+Priv |
2004-11-03 |
2018-10-12 |
7.2 |
Admin |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
The Virtual DOS Machine (VDM) subsystem of Microsoft Windows NT
4.0, Windows 2000, Windows XP, and Windows Server 2003 allows local
users to access kernel memory and gain privileges via a malicious
program that modified some system structures in a way that is not
properly validated by privileged operating system functions. |
|
654 |
CVE-2004-0207 |
|
|
+Priv |
2004-11-03 |
2018-10-12 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
|
"Shatter" style vulnerability in the Window Management application
programming interface (API) for Microsoft Windows 98, Windows NT 4.0,
Windows 2000, Windows XP, and Windows Server 2003 allows local users to
gain privileges by using certain API functions to change properties of
privileged programs using the SetWindowLong and SetWIndowLongPtr API
functions. |
|
655 |
CVE-2004-0206 |
|
|
Exec Code Overflow +Priv |
2004-11-03 |
2018-10-12 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Network Dynamic Data Exchange (NetDDE) services for Microsoft
Windows 98, Windows NT 4.0, Windows 2000, Windows XP, and Windows Server
2003 allows attackers to remotely execute arbitrary code or locally
gain privileges via a malicious message or application that involves an
"unchecked buffer," possibly a buffer overflow. |
|
656 |
CVE-2004-0202 |
|
|
DoS |
2004-08-06 |
2019-04-30 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
IDirectPlay4 Application Programming Interface (API) of Microsoft
DirectPlay 7.0a thru 9.0b, as used in Windows Server 2003 and earlier
allows remote attackers to cause a denial of service (application crash)
via a malformed packet. |
|
657 |
CVE-2004-0201 |
|
|
Exec Code Overflow |
2004-08-06 |
2019-04-30 |
10.0 |
Admin |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Heap-based buffer overflow in the HtmlHelp program (hh.exe) in
HTML Help for Microsoft Windows 98, Me, NT 4.0, 2000, XP, and Server
2003 allows remote attackers to execute arbitrary commands via a .CHM
file with a large length field, a different vulnerability than
CVE-2003-1041. |
|
658 |
CVE-2004-0200 |
|
|
Exec Code Overflow |
2004-09-28 |
2018-10-30 |
9.3 |
Admin |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Buffer overflow in the JPEG (JPG) parsing engine in the Microsoft
Graphic Device Interface Plus (GDI+) component, GDIPlus.dll, allows
remote attackers to execute arbitrary code via a JPEG image with a small
JPEG COM field length that is normalized to a large integer length
before a memory copy operation. |
|
659 |
CVE-2004-0199 |
|
|
Exec Code |
2004-06-14 |
2018-10-12 |
5.1 |
User |
Remote |
High |
Not required |
Partial |
Partial |
Partial |
|
Help and Support Center in Microsoft Windows XP and Windows Server
2003 SP1 does not properly validate HCP URLs, which allows remote
attackers to execute arbitrary code, as demonstrated using certain
hcp:// URLs that access the DVD Upgrade capability (dvdupgrd.htm). |
|
660 |
CVE-2004-0124 |
|
|
|
2004-06-01 |
2018-10-12 |
2.6 |
None |
Remote |
High |
Not required |
Partial |
None |
None |
|
The DCOM RPC interface for Microsoft Windows NT 4.0, 2000, XP, and
Server 2003 allows remote attackers to cause network communications via
an "alter context" call that contains additional data, aka the "Object
Identity Vulnerability." |
|
661 |
CVE-2004-0123 |
119 |
|
DoS Exec Code Overflow |
2004-06-01 |
2018-10-12 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Double free vulnerability in the ASN.1 library as used in Windows
NT 4.0, Windows 2000, Windows XP, and Windows Server 2003, allows remote
attackers to cause a denial of service and possibly execute arbitrary
code. |
|
662 |
CVE-2004-0120 |
|
|
DoS |
2004-06-01 |
2018-10-12 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The Microsoft Secure Sockets Layer (SSL) library, as used in
Windows 2000, Windows XP, and Windows Server 2003, allows remote
attackers to cause a denial of service via malformed SSL messages. |
|
663 |
CVE-2004-0119 |
|
|
DoS Exec Code |
2004-06-01 |
2018-10-12 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
The Negotiate Security Software Provider (SSP) interface in
Windows 2000, Windows XP, and Windows Server 2003, allows remote
attackers to cause a denial of service (crash from null dereference) or
execute arbitrary code via a crafted SPNEGO NegTokenInit request during
authentication protocol selection. |
|
664 |
CVE-2004-0117 |
|
|
Exec Code |
2004-06-01 |
2018-10-12 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Unknown vulnerability in the H.323 protocol implementation in
Windows 98, Windows 2000, Windows XP, and Windows Server 2003 allows
remote attackers to execute arbitrary code. |
|
665 |
CVE-2004-0116 |
|
|
DoS |
2004-06-01 |
2018-10-12 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
An Activation function in the RPCSS Service involved with DCOM
activation for Microsoft Windows 2000, XP, and 2003 allows remote
attackers to cause a denial of service (memory consumption) via an
activation request with a large length field. |
|
666 |
CVE-2003-0909 |
|
|
Exec Code |
2004-06-01 |
2018-10-12 |
7.2 |
Admin |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Windows XP allows local users to execute arbitrary programs by
creating a task at an elevated privilege level through the
eventtriggers.exe command-line tool or the Task Scheduler service, aka
"Windows Management Vulnerability." |
|
667 |
CVE-2003-0907 |
|
|
Exec Code |
2004-06-01 |
2018-10-12 |
5.1 |
User |
Remote |
High |
Not required |
Partial |
Partial |
Partial |
|
Help and Support Center in Microsoft Windows XP SP1 does not
properly validate HCP URLs, which allows remote attackers to execute
arbitrary code via quotation marks in an hcp:// URL, which are not
quoted when constructing the argument list to HelpCtr.exe. |
|
668 |
CVE-2003-0906 |
|
|
Exec Code Overflow |
2004-06-01 |
2018-10-12 |
7.6 |
Admin |
Remote |
High |
Not required |
Complete |
Complete |
Complete |
|
Buffer overflow in the rendering for (1) Windows Metafile (WMF) or
(2) Enhanced Metafile (EMF) image formats in Microsoft Windows NT 4.0
SP6a, 2000 SP2 through SP4, and XP SP1 allows remote attackers to
execute arbitrary code via a malformed WMF or EMF image. |
|
669 |
CVE-2003-0897 |
|
|
Exec Code |
2003-11-17 |
2017-07-10 |
4.6 |
User |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
"Shatter" vulnerability in CommCtl32.dll in Windows XP may allow
local users to execute arbitrary code by sending (1) BCM_GETTEXTMARGIN
or (2) BCM_SETTEXTMARGIN button control messages to privileged
applications. |
|
670 |
CVE-2003-0824 |
|
|
DoS |
2003-12-15 |
2019-04-30 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Unknown vulnerability in the SmartHTML interpreter (shtml.dll) in
Microsoft FrontPage Server Extensions 2000 and 2002, and Microsoft
SharePoint Team Services 2002, allows remote attackers to cause a denial
of service (response failure) via a certain request. |
|
671 |
CVE-2003-0822 |
|
|
Exec Code Overflow |
2003-12-15 |
2019-04-30 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Buffer overflow in the debug functionality in fp30reg.dll of
Microsoft FrontPage Server Extensions (FPSE) 2000 and 2002 allows remote
attackers to execute arbitrary code via a crafted chunked encoded
request. |
|
672 |
CVE-2003-0818 |
|
|
Exec Code Overflow |
2004-03-03 |
2019-04-30 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Multiple integer overflows in Microsoft ASN.1 library
(MSASN1.DLL), as used in LSASS.EXE, CRYPT32.DLL, and other Microsoft
executables and libraries on Windows NT 4.0, 2000, and XP, allow remote
attackers to execute arbitrary code via ASN.1 BER encodings with (1)
very large length fields that cause arbitrary heap data to be
overwritten, or (2) modified bit strings. |
|
673 |
CVE-2003-0813 |
|
|
DoS |
2003-11-17 |
2019-04-30 |
5.1 |
User |
Remote |
High |
Not required |
Partial |
Partial |
Partial |
|
A multi-threaded race condition in the Windows RPC DCOM
functionality with the MS03-039 patch installed allows remote attackers
to cause a denial of service (crash or reboot) by causing two threads to
process the same RPC request, which causes one thread to use memory
after it has been freed, a different vulnerability than CVE-2003-0352
(Blaster/Nachi), CVE-2003-0715, and CVE-2003-0528, and as demonstrated
by certain exploits against those vulnerabilities. |
|
674 |
CVE-2003-0812 |
|
|
Exec Code Overflow |
2003-12-15 |
2019-04-30 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Stack-based buffer overflow in a logging function for Windows
Workstation Service (WKSSVC.DLL) allows remote attackers to execute
arbitrary code via RPC calls that cause long entries to be written to a
debug log file ("NetSetup.LOG"), as demonstrated using the
NetAddAlternateComputerName API. |
|
675 |
CVE-2003-0807 |
|
|
DoS Overflow |
2004-06-01 |
2018-10-12 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Buffer overflow in the COM Internet Services and in the RPC over
HTTP Proxy components for Microsoft Windows NT Server 4.0, NT 4.0
Terminal Server Edition, 2000, XP, and Server 2003 allows remote
attackers to cause a denial of service via a crafted request. |
|
676 |
CVE-2003-0806 |
|
|
Exec Code Overflow |
2004-06-01 |
2018-10-12 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Buffer overflow in the Windows logon process (winlogon) in
Microsoft Windows NT 4.0 SP6a, 2000 SP2 through SP4, and XP SP1, when a
member of a domain, allows remote attackers to execute arbitrary code.
|
|
677 |
CVE-2003-0719 |
|
|
Exec Code Overflow |
2004-06-01 |
2018-10-12 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Buffer overflow in the Private Communications Transport (PCT)
protocol implementation in the Microsoft SSL library, as used in
Microsoft Windows NT 4.0 SP6a, 2000 SP2 through SP4, XP SP1, Server
2003, NetMeeting, Windows 98, and Windows ME, allows remote attackers to
execute arbitrary code via PCT 1.0 handshake packets. |
|
678 |
CVE-2003-0717 |
|
|
Exec Code Overflow |
2003-11-17 |
2019-04-30 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
The Messenger Service for Windows NT through Server 2003 does not
properly verify the length of the message, which allows remote attackers
to execute arbitrary code via a buffer overflow attack. |
|
679 |
CVE-2003-0715 |
|
|
Exec Code Overflow |
2003-09-17 |
2019-04-30 |
10.0 |
Admin |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Heap-based buffer overflow in the Distributed Component Object
Model (DCOM) interface in the RPCSS Service allows remote attackers to
execute arbitrary code via a malformed DCERPC DCOM object activation
request packet with modified length fields, a different vulnerability
than CVE-2003-0352 (Blaster/Nachi) and CVE-2003-0528. |
|
680 |
CVE-2003-0711 |
|
|
Exec Code Overflow |
2003-11-17 |
2019-04-30 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Stack-based buffer overflow in the PCHealth system in the Help and
Support Center function in Windows XP and Windows Server 2003 allows
remote attackers to execute arbitrary code via a long query in an HCP
URL. |
|
681 |
CVE-2003-0661 |
|
|
+Info |
2003-10-20 |
2019-04-30 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The NetBT Name Service (NBNS) for NetBIOS in Windows NT 4.0, 2000,
XP, and Server 2003 may include random memory in a response to a NBNS
query, which could allow remote attackers to obtain sensitive
information. |
|
682 |
CVE-2003-0660 |
|
|
Exec Code |
2003-11-17 |
2019-04-30 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
The Authenticode capability in Microsoft Windows NT through Server
2003 does not prompt the user to download and install ActiveX controls
when the system is low on memory, which could allow remote attackers to
execute arbitrary code without user approval. |
|
683 |
CVE-2003-0659 |
|
|
Exec Code Overflow |
2003-11-17 |
2019-04-30 |
7.2 |
Admin |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Buffer overflow in a function in User32.dll on Windows NT through
Server 2003 allows local users to execute arbitrary code via long (1)
LB_DIR messages to ListBox or (2) CB_DIR messages to ComboBox controls
in a privileged application. |
|
684 |
CVE-2003-0533 |
|
|
Exec Code Overflow |
2004-06-01 |
2018-10-12 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Stack-based buffer overflow in certain Active Directory service
functions in LSASRV.DLL of the Local Security Authority Subsystem
Service (LSASS) in Microsoft Windows NT 4.0 SP6a, 2000 SP2 through SP4,
XP SP1, Server 2003, NetMeeting, Windows 98, and Windows ME, allows
remote attackers to execute arbitrary code via a packet that causes the
DsRolerUpgradeDownlevelServer function to create long debug entries for
the DCPROMO.LOG log file, as exploited by the Sasser worm. |
|
685 |
CVE-2003-0528 |
|
|
Exec Code Overflow |
2003-09-17 |
2019-04-30 |
10.0 |
Admin |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Heap-based buffer overflow in the Distributed Component Object
Model (DCOM) interface in the RPCSS Service allows remote attackers to
execute arbitrary code via a malformed RPC request with a long filename
parameter, a different vulnerability than CVE-2003-0352 (Blaster/Nachi)
and CVE-2003-0715. |
|
686 |
CVE-2003-0469 |
|
|
DoS Exec Code Overflow |
2003-08-07 |
2018-10-12 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Buffer overflow in the HTML Converter (HTML32.cnv) on various
Windows operating systems allows remote attackers to cause a denial of
service (crash) and possibly execute arbitrary code via cut-and-paste
operation, as demonstrated in Internet Explorer 5.0 using a long "align"
argument in an HR tag. |
|
687 |
CVE-2003-0352 |
|
|
Exec Code Overflow |
2003-08-18 |
2019-04-30 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Buffer overflow in a certain DCOM interface for RPC in Microsoft
Windows NT 4.0, 2000, XP, and Server 2003 allows remote attackers to
execute arbitrary code via a malformed message, as exploited by the
Blaster/MSblast/LovSAN and Nachi/Welchia worms. |
|
688 |
CVE-2003-0345 |
|
|
DoS Exec Code Overflow |
2003-08-18 |
2019-04-30 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Buffer overflow in the SMB capability for Microsoft Windows XP,
2000, and NT allows remote attackers to cause a denial of service and
possibly execute arbitrary code via an SMB packet that specifies a
smaller buffer length than is required. |
|
689 |
CVE-2003-0306 |
|
|
Exec Code Overflow |
2003-06-09 |
2018-10-12 |
7.2 |
Admin |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Buffer overflow in EXPLORER.EXE on Windows XP allows attackers to
execute arbitrary code as the XP user via a desktop.ini file with a long
.ShellClassInfo parameter. |
|
690 |
CVE-2003-0112 |
|
|
Overflow +Priv |
2003-05-12 |
2019-04-30 |
4.6 |
User |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Buffer overflow in Windows Kernel allows local users to gain
privileges by causing certain error messages to be passed to a debugger.
|
|
691 |
CVE-2003-0010 |
|
|
Exec Code Overflow |
2003-03-24 |
2019-04-30 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Integer overflow in JsArrayFunctionHeapSort function used by
Windows Script Engine for JScript (JScript.dll) on various Windows
operating system allows remote attackers to execute arbitrary code via a
malicious web page or HTML e-mail that uses a large array index value
that enables a heap-based buffer overflow attack. |
|
692 |
CVE-2003-0009 |
|
|
XSS |
2003-03-07 |
2018-10-12 |
6.8 |
User |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Cross-site scripting (XSS) vulnerability in Help and Support
Center for Microsoft Windows Me allows remote attackers to execute
arbitrary script in the Local Computer security context via an hcp://
URL with the malicious script in the topic parameter. |
|
693 |
CVE-2003-0004 |
|
|
Exec Code Overflow |
2003-02-19 |
2018-10-12 |
7.2 |
Admin |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Buffer overflow in the Windows Redirector function in Microsoft
Windows XP allows local users to execute arbitrary code via a long
parameter. |
|
694 |
CVE-2003-0003 |
|
|
Exec Code Overflow |
2003-02-07 |
2019-04-30 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Buffer overflow in the RPC Locator service for Microsoft Windows
NT 4.0, Windows NT 4.0 Terminal Server Edition, Windows 2000, and
Windows XP allows local users to execute arbitrary code via an RPC call
to the service containing certain parameter information. |
|
695 |
CVE-2002-2401 |
264 |
|
Bypass |
2002-12-31 |
2019-04-30 |
3.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
None |
|
NT Virtual DOS Machine (NTVDM.EXE) in Windows 2000, NT and XP does
not verify user execution permissions for 16-bit executable files,
which allows local users to bypass the loader and execute arbitrary
programs. |
|
696 |
CVE-2002-2324 |
264 |
|
|
2002-12-31 |
2008-09-05 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
The "System Restore" directory and subdirectories, and possibly
other subdirectories in the "System Volume Information" directory on
Windows XP Professional, have insecure access control list (ACL)
permissions, which allows local users to access restricted files and
modify registry settings. |
|
697 |
CVE-2002-2283 |
264 |
|
|
2002-12-31 |
2017-08-16 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
Microsoft Windows XP with Fast User Switching (FUS) enabled does
not remove the "show processes from all users" privilege when the user
is removed from the administrator group, which allows that user to view
processes of other users. |
|
698 |
CVE-2002-2185 |
|
|
DoS |
2002-12-31 |
2018-10-19 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
The Internet Group Management Protocol (IGMP) allows local users
to cause a denial of service via an IGMP membership report to a target's
Ethernet address instead of the Multicast group address, which causes
the target to stop sending reports to the router and effectively
disconnect the group from the network. |
|
699 |
CVE-2002-2132 |
|
|
|
2002-12-31 |
2017-11-21 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
|
Windows File Protection (WFP) in Windows 2000 and XP does not
remove old security catalog .CAT files, which could allow local users to
replace new files with vulnerable old files that have valid hash codes.
|
|
700 |
CVE-2002-2117 |
|
|
DoS |
2002-12-31 |
2008-09-05 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Microsoft Windows XP allows remote attackers to cause a denial of
service (CPU consumption) by flooding UDP port 500 (ISAKMP). |
