Microsoft Windows 2003 Server vulnerabilities

CVE-2005-1218 [MEDIUM] CVE-2005-1218: The Microsoft Windows kernel in Microsoft Windows 2000 Server, Windows XP, and Windows Server 2003 a The Microsoft Windows kernel in Microsoft Windows 2000 Server, Windows XP, and Windows Server 2003 allows remote attackers to cause a denial of service (crash) via crafted Remote Desktop Protocol (RDP) requests.

CVE-2005-1981 [LOW] CVE-2005-1981: Unknown vulnerability in Microsoft Windows 2000 Server and Windows Server 2003 domain controllers al Unknown vulnerability in Microsoft Windows 2000 Server and Windows Server 2003 domain controllers allows remote authenticated users to cause a denial of service (system crash) via a crafted Kerberos message.

CVE-2005-1982 [LOW] CVE-2005-1982: Unknown vulnerability in the PKINIT Protocol for Microsoft Windows 2000, Windows XP, and Windows Ser Unknown vulnerability in the PKINIT Protocol for Microsoft Windows 2000, Windows XP, and Windows Server 2003 could allow a local user to obtain information and spoof a server via a man-in-the-middle (MITM) attack between a client and a domain controller when PKINIT smart card authentication is being used.

CVE-2005-2388 [HIGH] CVE-2005-2388: Buffer overflow in a certain USB driver, as used on Microsoft Windows, allows attackers to execute a Buffer overflow in a certain USB driver, as used on Microsoft Windows, allows attackers to execute arbitrary code.

CVE-2005-1208 [CRITICAL] CVE-2005-1208: Integer overflow in Microsoft Windows 98, 2000, XP SP2 and earlier, and Server 2003 SP1 and earlier Integer overflow in Microsoft Windows 98, 2000, XP SP2 and earlier, and Server 2003 SP1 and earlier allows remote attackers to execute arbitrary code via a crafted compiled Help (.CHM) file with a large size field that triggers a heap-based buffer overflow, as demonstrated using a "ms-its:" URL in Internet Explorer.

CVE-2005-1212 [HIGH] CVE-2005-1212: Buffer overflow in Microsoft Step-by-Step Interactive Training (orun32.exe) allows remote attackers Buffer overflow in Microsoft Step-by-Step Interactive Training (orun32.exe) allows remote attackers to execute arbitrary code via a bookmark link file (.cbo, cbl, or .cbm extension) with a long User field.

CVE-2005-1207 [HIGH] CVE-2005-1207: Buffer overflow in the Web Client service in Microsoft Windows XP and Windows Server 2003 allows rem Buffer overflow in the Web Client service in Microsoft Windows XP and Windows Server 2003 allows remote authenticated users to execute arbitrary code via a crafted WebDAV request containing special parameters.

CVE-2005-1206 [HIGH] CVE-2005-1206: Buffer overflow in the Server Message Block (SMB) functionality for Microsoft Windows 2000, XP SP1 a Buffer overflow in the Server Message Block (SMB) functionality for Microsoft Windows 2000, XP SP1 and SP2, and Server 2003 and SP1 allows remote attackers to execute arbitrary code via unknown vectors, aka the "Server Message Block Vulnerability."

CVE-2005-1214 [MEDIUM] CVE-2005-1214: Microsoft Agent allows remote attackers to spoof trusted Internet content and execute arbitrary code Microsoft Agent allows remote attackers to spoof trusted Internet content and execute arbitrary code by disguising security prompts on a malicious Web page.

CVE-2005-1205 [MEDIUM] CVE-2005-1205: The Telnet client for Microsoft Windows XP, Windows Server 2003, and Windows Services for UNIX allow The Telnet client for Microsoft Windows XP, Windows Server 2003, and Windows Services for UNIX allows remote attackers to read sensitive environment variables via the NEW-ENVIRON option with a SEND ENV_USERVAR command.

CVE-2005-1935 [HIGH] CVE-2005-1935: Heap-based buffer overflow in the BERDecBitString function in Microsoft ASN.1 library (MSASN1.DLL) a Heap-based buffer overflow in the BERDecBitString function in Microsoft ASN.1 library (MSASN1.DLL) allows remote attackers to execute arbitrary code via nested constructed bit strings, which leads to a realloc of a non-null pointer and causes the function to overwrite previously freed memory, as demonstrated using a SPNEGO token with a constructed bit string du

CVE-2005-0356 [MEDIUM] CVE-2005-0356: Multiple TCP implementations with Protection Against Wrapped Sequence Numbers (PAWS) with the timest Multiple TCP implementations with Protection Against Wrapped Sequence Numbers (PAWS) with the timestamps option enabled allow remote attackers to cause a denial of service (connection loss) via a spoofed packet with a large timer value, which causes the host to discard later packets because they appear to be too old.

CVE-2005-1649 [MEDIUM] CVE-2005-1649: The IPv6 support in Windows XP SP2, 2003 Server SP1, and Longhorn, with Windows Firewall turned off, The IPv6 support in Windows XP SP2, 2003 Server SP1, and Longhorn, with Windows Firewall turned off, allows remote attackers to cause a denial of service (CPU consumption) via a TCP packet with the SYN flag set and the same destination and source address and port, a variant of CVE-2005-0688 and a reoccurrence of the "Land" vulnerability (CVE-1999-0016).

CVE-2005-0050 [CRITICAL] CWE-20 CVE-2005-0050: The License Logging service for Windows NT Server, Windows 2000 Server, and Windows Server 2003 does The License Logging service for Windows NT Server, Windows 2000 Server, and Windows Server 2003 does not properly validate the length of messages, which leads to an "unchecked buffer" and allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, aka the "License Logging Service Vulnerability."

CVE-2005-0551 [CRITICAL] CVE-2005-0551: Stack-based buffer overflow in WINSRV.DLL in the Client Server Runtime System (CSRSS) process of Mic Stack-based buffer overflow in WINSRV.DLL in the Client Server Runtime System (CSRSS) process of Microsoft Windows 2000, Windows XP SP1 and SP2, and Windows Server 2003 allows local users to gain privileges via a specially-designed application that provides console window information with a long FaceName value.

CVE-2005-0047 [HIGH] CVE-2005-0047: Windows 2000, XP, and Server 2003 does not properly "validate the use of memory regions" for COM str Windows 2000, XP, and Server 2003 does not properly "validate the use of memory regions" for COM structured storage files, which allows attackers to execute arbitrary code, aka the "COM Structured Storage Vulnerability."

CVE-2005-0044 [HIGH] CVE-2005-0044: The OLE component in Windows 98, 2000, XP, and Server 2003, and Exchange Server 5.0 through 2003, do The OLE component in Windows 98, 2000, XP, and Server 2003, and Exchange Server 5.0 through 2003, does not properly validate the lengths of messages for certain OLE data, which allows remote attackers to execute arbitrary code, aka the "Input Validation Vulnerability."

CVE-2005-0061 [HIGH] CVE-2005-0061: The kernel of Microsoft Windows 2000, Windows XP SP1 and SP2, and Windows Server 2003 allows local u The kernel of Microsoft Windows 2000, Windows XP SP1 and SP2, and Windows Server 2003 allows local users to gain privileges via certain access requests.

CVE-2005-0053 [HIGH] CVE-2005-0053: Internet Explorer 5.01, 5.5, and 6 allows remote attackers to execute arbitrary code via drag and dr Internet Explorer 5.01, 5.5, and 6 allows remote attackers to execute arbitrary code via drag and drop events, aka the "Drag-and-Drop Vulnerability."

CVE-2005-0057 [HIGH] CVE-2005-0057: The Hyperlink Object Library for Windows 98, 2000, XP, and Server 2003 allows remote attackers to ex The Hyperlink Object Library for Windows 98, 2000, XP, and Server 2003 allows remote attackers to execute arbitrary code via a crafted link that triggers an "unchecked buffer" in the library, possibly due to a buffer overflow.