Microsoft Windows Server 2003 vulnerabilities

CVE-2015-1724 [HIGH] CWE-416 CVE-2015-1724: Use-after-free vulnerability in the kernel-mode drivers in Microsoft Windows Server 2003 SP2 and R2 Use-after-free vulnerability in the kernel-mode drivers in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a crafted application, aka "Microsoft Windows Kernel O

CVE-2015-1727 [HIGH] CWE-119 CVE-2015-1727: Buffer overflow in the kernel-mode drivers in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Buffer overflow in the kernel-mode drivers in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a crafted application, aka "Win32k Pool Buffer Overflow Vulnerabili

CVE-2015-2360 [HIGH] CWE-119 CVE-2015-2360: win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Vista win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application,

CVE-2015-1723 [HIGH] CWE-416 CVE-2015-1723: Use-after-free vulnerability in the kernel-mode drivers in Microsoft Windows Server 2003 SP2 and R2 Use-after-free vulnerability in the kernel-mode drivers in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a crafted application, aka "Microsoft Windows Station

CVE-2015-1721 [HIGH] CWE-476 CVE-2015-1721: The kernel-mode drivers in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Vista SP2, Windows The kernel-mode drivers in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) via a crafted appl

CVE-2015-1722 [HIGH] CWE-416 CVE-2015-1722: Use-after-free vulnerability in the kernel-mode drivers in Microsoft Windows Server 2003 SP2 and R2 Use-after-free vulnerability in the kernel-mode drivers in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a crafted application, aka "Microsoft Windows Kernel B

CVE-2015-1726 [HIGH] CWE-416 CVE-2015-1726: Use-after-free vulnerability in the kernel-mode drivers in Microsoft Windows Server 2003 SP2 and R2 Use-after-free vulnerability in the kernel-mode drivers in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a crafted application, aka "Microsoft Windows Kernel B

CVE-2015-1720 [HIGH] CWE-416 CVE-2015-1720: Use-after-free vulnerability in the kernel-mode drivers in Microsoft Windows Server 2003 SP2 and R2 Use-after-free vulnerability in the kernel-mode drivers in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a crafted application, aka "Microsoft Windows Kernel U

CVE-2015-1725 [HIGH] CWE-119 CVE-2015-1725: Buffer overflow in the kernel-mode drivers in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Buffer overflow in the kernel-mode drivers in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a crafted application, aka "Win32k Buffer Overflow Vulnerability."

CVE-2015-1719 [LOW] CWE-200 CVE-2015-1719: The kernel-mode drivers in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Vista SP2, Windows The kernel-mode drivers in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow local users to obtain sensitive information from kernel memory via a crafted application, aka "Microsoft Windows Kernel Inf

CVE-2015-1644 [HIGH] CWE-264 CVE-2015-1644: Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 do not properly constrain impersonation levels, which allows local users to gain privileges via a crafted application, aka "Windows MS-DOS Device Name Vulnerability."

CVE-2015-1643 [HIGH] CWE-264 CVE-2015-1643: Microsoft Windows Server 2003 R2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 S Microsoft Windows Server 2003 R2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 do not properly constrain impersonation levels, which allows local users to gain privileges via a crafted application, aka "NtCreateTransactionManager Type Confusion

CVE-2006-0005 [CRITICAL] CWE-119 CVE-2006-0005: Buffer overflow in the plug-in for Microsoft Windows Media Player (WMP) 9 and 10, when used in brows Buffer overflow in the plug-in for Microsoft Windows Media Player (WMP) 9 and 10, when used in browsers other than Internet Explorer and set as the default application to handle media files, allows remote attackers to execute arbitrary code via HTML with an EMBED element containing a long src attribute.

CVE-2005-1987 [HIGH] CWE-120 CVE-2005-1987: Buffer overflow in Collaboration Data Objects (CDO), as used in Microsoft Windows and Microsoft Exch Buffer overflow in Collaboration Data Objects (CDO), as used in Microsoft Windows and Microsoft Exchange Server, allows remote attackers to execute arbitrary code when CDOSYS or CDOEX processes an e-mail message with a large header name, as demonstrated using the "Content-Type" string.

CVE-2004-0574 [CRITICAL] CWE-787 CVE-2004-0574: The Network News Transfer Protocol (NNTP) component of Microsoft Windows NT Server 4.0, Windows 2000 The Network News Transfer Protocol (NNTP) component of Microsoft Windows NT Server 4.0, Windows 2000 Server, Windows Server 2003, Exchange 2000 Server, and Exchange Server 2003 allows remote attackers to execute arbitrary code via XPAT patterns, possibly related to improper length validation and an "unchecked buffer," leading to off-by-one and heap-

CVE-2004-0840 [CRITICAL] CWE-20 CVE-2004-0840: The SMTP (Simple Mail Transfer Protocol) component of Microsoft Windows XP 64-bit Edition, Windows S The SMTP (Simple Mail Transfer Protocol) component of Microsoft Windows XP 64-bit Edition, Windows Server 2003, Windows Server 2003 64-bit Edition, and the Exchange Routing Engine component of Exchange Server 2003, allows remote attackers to execute arbitrary code via a malicious DNS response message containing length values that are not properly val

CVE-2003-0904 [MEDIUM] CWE-200 CVE-2003-0904: Microsoft Exchange 2003 and Outlook Web Access (OWA), when configured to use NTLM authentication, do Microsoft Exchange 2003 and Outlook Web Access (OWA), when configured to use NTLM authentication, does not properly reuse HTTP connections, which can cause OWA users to view mailboxes of other users when Kerberos has been disabled as an authentication method for IIS 6.0, e.g. when SharePoint Services 2.0 is installed.