Microsoft Windows Nt vulnerabilities

CVE-2004-0901 [CRITICAL] CVE-2004-0901: Microsoft Word for Windows 6.0 Converter (MSWRD632.WPC), as used in WordPad, does not properly valid Microsoft Word for Windows 6.0 Converter (MSWRD632.WPC), as used in WordPad, does not properly validate certain data lengths, which allows remote attackers to execute arbitrary code via a .wri, .rtf, and .doc file sent by email or malicious web site, aka "Font Conversion Vulnerability," a different vulnerability than CVE-2004-0571.

CVE-2004-1080 [CRITICAL] CVE-2004-1080: The WINS service (wins.exe) on Microsoft Windows NT Server 4.0, Windows 2000 Server, and Windows Ser The WINS service (wins.exe) on Microsoft Windows NT Server 4.0, Windows 2000 Server, and Windows Server 2003 allows remote attackers to write to arbitrary memory locations and possibly execute arbitrary code via a modified memory pointer in a WINS replication packet to TCP port 42, aka the "Association Context Vulnerability."

CVE-2004-0893 [HIGH] CVE-2004-0893: The Local Procedure Call (LPC) interface of the Windows Kernel for Windows NT 4.0, Windows 2000, Win The Local Procedure Call (LPC) interface of the Windows Kernel for Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 does not properly validate the lengths of messages sent to the LPC port, which allows local users to gain privileges, aka "Windows Kernel Vulnerability."

CVE-2004-0899 [MEDIUM] CVE-2004-0899: The DHCP Server service for Microsoft Windows NT 4.0 Server and Terminal Server Edition, with DHCP l The DHCP Server service for Microsoft Windows NT 4.0 Server and Terminal Server Edition, with DHCP logging enabled, does not properly validate the length of certain messages, which allows remote attackers to cause a denial of service (application crash) via a malformed DHCP message, aka "Logging Vulnerability."

CVE-2004-0567 [HIGH] CVE-2004-0567: The Windows Internet Naming Service (WINS) in Windows NT Server 4.0 SP 6a, NT Terminal Server 4.0 SP The Windows Internet Naming Service (WINS) in Windows NT Server 4.0 SP 6a, NT Terminal Server 4.0 SP 6, Windows 2000 Server SP3 and SP4, and Windows Server 2003 does not properly validate the computer name value in a WINS packet, which allows remote attackers to execute arbitrary code or cause a denial of service (server crash), which results in an "unchecked b

CVE-2004-1306 [MEDIUM] CVE-2004-1306: Heap-based buffer overflow in winhlp32.exe in Windows NT, Windows 2000 through SP4, Windows XP throu Heap-based buffer overflow in winhlp32.exe in Windows NT, Windows 2000 through SP4, Windows XP through SP2, and Windows 2003 allows remote attackers to execute arbitrary code via a crafted .hlp file.

CVE-2004-1305 [MEDIUM] CVE-2004-1305: The Windows Animated Cursor (ANI) capability in Windows NT, Windows 2000 through SP4, Windows XP thr The Windows Animated Cursor (ANI) capability in Windows NT, Windows 2000 through SP4, Windows XP through SP1, and Windows 2003 allow remote attackers to cause a denial of service via (1) the frame number set to zero, which causes an invalid memory address to be used and leads to a kernel crash, or (2) the rate number set to zero, which leads to resource exhau

CVE-2004-1361 [MEDIUM] CVE-2004-1361: Integer underflow in winhlp32.exe in Windows NT, Windows 2000 through SP4, Windows XP through SP2, a Integer underflow in winhlp32.exe in Windows NT, Windows 2000 through SP4, Windows XP through SP2, and Windows 2003 allows remote attackers to execute arbitrary code via a malformed .hlp file, which leads to a heap-based buffer overflow.

CVE-2004-0574 [CRITICAL] CWE-787 CVE-2004-0574: The Network News Transfer Protocol (NNTP) component of Microsoft Windows NT Server 4.0, Windows 2000 The Network News Transfer Protocol (NNTP) component of Microsoft Windows NT Server 4.0, Windows 2000 Server, Windows Server 2003, Exchange 2000 Server, and Exchange Server 2003 allows remote attackers to execute arbitrary code via XPAT patterns, possibly related to improper length validation and an "unchecked buffer," leading to off-by-one and heap-

CVE-2004-0208 [HIGH] CVE-2004-0208: The Virtual DOS Machine (VDM) subsystem of Microsoft Windows NT 4.0, Windows 2000, Windows XP, and W The Virtual DOS Machine (VDM) subsystem of Microsoft Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows local users to access kernel memory and gain privileges via a malicious program that modified some system structures in a way that is not properly validated by privileged operating system functions.

CVE-2004-0206 [HIGH] CVE-2004-0206: Network Dynamic Data Exchange (NetDDE) services for Microsoft Windows 98, Windows NT 4.0, Windows 20 Network Dynamic Data Exchange (NetDDE) services for Microsoft Windows 98, Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows attackers to remotely execute arbitrary code or locally gain privileges via a malicious message or application that involves an "unchecked buffer," possibly a buffer overflow.

CVE-2004-0569 [HIGH] CVE-2004-0569: The RPC Runtime Library for Microsoft Windows NT 4.0 allows remote attackers to read active memory o The RPC Runtime Library for Microsoft Windows NT 4.0 allows remote attackers to read active memory or cause a denial of service (system crash) via a malicious message, possibly related to improper length values.

CVE-2004-0207 [LOW] CVE-2004-0207: "Shatter" style vulnerability in the Window Management application programming interface (API) for M "Shatter" style vulnerability in the Window Management application programming interface (API) for Microsoft Windows 98, Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows local users to gain privileges by using certain API functions to change properties of privileged programs using the SetWindowLong and SetWIndowLongPtr API functions.

CVE-2004-0201 [CRITICAL] CVE-2004-0201: Heap-based buffer overflow in the HtmlHelp program (hh.exe) in HTML Help for Microsoft Windows 98, M Heap-based buffer overflow in the HtmlHelp program (hh.exe) in HTML Help for Microsoft Windows 98, Me, NT 4.0, 2000, XP, and Server 2003 allows remote attackers to execute arbitrary commands via a .CHM file with a large length field, a different vulnerability than CVE-2003-1041.

CVE-2004-0212 [CRITICAL] CVE-2004-0212: Stack-based buffer overflow in the Task Scheduler for Windows 2000 and XP, and Internet Explorer 6 o Stack-based buffer overflow in the Task Scheduler for Windows 2000 and XP, and Internet Explorer 6 on Windows NT 4.0, allows local or remote attackers to execute arbitrary code via a .job file containing long parameters, as demonstrated using Internet Explorer and accessing a .job file on an anonymous share.

CVE-2004-0210 [HIGH] CWE-120 CVE-2004-0210: The POSIX component of Microsoft Windows NT and Windows 2000 allows local users to execute arbitrary The POSIX component of Microsoft Windows NT and Windows 2000 allows local users to execute arbitrary code via certain parameters, possibly by modifying message length values and causing a buffer overflow.

CVE-2003-1048 [HIGH] CWE-415 CVE-2003-1048: Double free vulnerability in mshtml.dll for certain versions of Internet Explorer 6.x allows remote Double free vulnerability in mshtml.dll for certain versions of Internet Explorer 6.x allows remote attackers to cause a denial of service (application crash) via a malformed GIF image.

CVE-2003-0906 [HIGH] CVE-2003-0906: Buffer overflow in the rendering for (1) Windows Metafile (WMF) or (2) Enhanced Metafile (EMF) image Buffer overflow in the rendering for (1) Windows Metafile (WMF) or (2) Enhanced Metafile (EMF) image formats in Microsoft Windows NT 4.0 SP6a, 2000 SP2 through SP4, and XP SP1 allows remote attackers to execute arbitrary code via a malformed WMF or EMF image.

CVE-2004-0118 [HIGH] CVE-2004-0118: The component for the Virtual DOS Machine (VDM) subsystem in Windows NT 4.0 and Windows 2000 does no The component for the Virtual DOS Machine (VDM) subsystem in Windows NT 4.0 and Windows 2000 does not properly validate system structures, which allows local users to access protected kernel memory and execute arbitrary code.

CVE-2004-0123 [HIGH] CWE-119 CVE-2004-0123: Double free vulnerability in the ASN.1 library as used in Windows NT 4.0, Windows 2000, Windows XP, Double free vulnerability in the ASN.1 library as used in Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003, allows remote attackers to cause a denial of service and possibly execute arbitrary code.