Filtered by vendor Microsoft
Subscriptions
Total
20425 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2003-0348 | 1 Microsoft | 1 Windows Media Player | 2024-11-20 | N/A |
| A certain Microsoft Windows Media Player 9 Series ActiveX control allows remote attackers to view and manipulate the Media Library on the local system via HTML script. | ||||
| CVE-2003-0347 | 1 Microsoft | 4 Office, Project, Visio and 1 more | 2024-11-20 | N/A |
| Heap-based buffer overflow in VBE.DLL and VBE6.DLL of Microsoft Visual Basic for Applications (VBA) SDK 5.0 through 6.3 allows remote attackers to execute arbitrary code via a document with a long ID parameter. | ||||
| CVE-2003-0346 | 1 Microsoft | 1 Directx | 2024-11-20 | N/A |
| Multiple integer overflows in a Microsoft Windows DirectX MIDI library (QUARTZ.DLL) allow remote attackers to execute arbitrary code via a MIDI (.mid) file with (1) large length for a Text or Copyright string, or (2) a large number of tracks, which leads to a heap-based buffer overflow. | ||||
| CVE-2003-0345 | 1 Microsoft | 3 Windows 2000, Windows Nt, Windows Xp | 2024-11-20 | N/A |
| Buffer overflow in the SMB capability for Microsoft Windows XP, 2000, and NT allows remote attackers to cause a denial of service and possibly execute arbitrary code via an SMB packet that specifies a smaller buffer length than is required. | ||||
| CVE-2003-0344 | 1 Microsoft | 2 Ie, Internet Explorer | 2024-11-20 | N/A |
| Buffer overflow in Microsoft Internet Explorer 5.01, 5.5, and 6.0 allows remote attackers to execute arbitrary code via / (slash) characters in the Type property of an Object tag in a web page. | ||||
| CVE-2003-0309 | 1 Microsoft | 1 Internet Explorer | 2024-11-20 | N/A |
| Internet Explorer 5.01, 5.5, and 6.0 allows remote attackers to bypass security zone restrictions and execute arbitrary programs via a web document with a large number of duplicate file:// or other requests that point to the program and open multiple file download dialogs, which eventually cause Internet Explorer to execute the program, as demonstrated using a large number of FRAME or IFRAME tags, aka the "File Download Dialog Vulnerability." | ||||
| CVE-2003-0306 | 1 Microsoft | 1 Windows Xp | 2024-11-20 | N/A |
| Buffer overflow in EXPLORER.EXE on Windows XP allows attackers to execute arbitrary code as the XP user via a desktop.ini file with a long .ShellClassInfo parameter. | ||||
| CVE-2003-0301 | 1 Microsoft | 1 Outlook Express | 2024-11-20 | N/A |
| The IMAP Client for Outlook Express 6.00.2800.1106 allows remote malicious IMAP servers to cause a denial of service (crash) via certain large literal size values that cause either integer signedness errors or integer overflow errors. | ||||
| CVE-2003-0300 | 8 Microsoft, Mozilla, Mutt and 5 more | 8 Outlook Express, Mozilla, Mutt and 5 more | 2024-11-20 | N/A |
| The IMAP Client for Sylpheed 0.8.11 allows remote malicious IMAP servers to cause a denial of service (crash) via certain large literal size values that cause either integer signedness errors or integer overflow errors. | ||||
| CVE-2003-0233 | 1 Microsoft | 2 Ie, Internet Explorer | 2024-11-20 | N/A |
| Heap-based buffer overflow in plugin.ocx for Internet Explorer 5.01, 5.5 and 6.0 allows remote attackers to execute arbitrary code via the Load() method, a different vulnerability than CVE-2003-0115. | ||||
| CVE-2003-0232 | 1 Microsoft | 2 Data Engine, Sql Server | 2024-11-20 | N/A |
| Microsoft SQL Server 7, 2000, and MSDE allows local users to execute arbitrary code via a certain request to the Local Procedure Calls (LPC) port that leads to a buffer overflow. | ||||
| CVE-2003-0231 | 1 Microsoft | 2 Data Engine, Sql Server | 2024-11-20 | N/A |
| Microsoft SQL Server 7, 2000, and MSDE allows local or remote authenticated users to cause a denial of service (crash or hang) via a long request to a named pipe. | ||||
| CVE-2003-0230 | 1 Microsoft | 2 Data Engine, Sql Server | 2024-11-20 | N/A |
| Microsoft SQL Server 7, 2000, and MSDE allows local users to gain privileges by hijacking a named pipe during the authentication of another user, aka the "Named Pipe Hijacking" vulnerability. | ||||
| CVE-2003-0228 | 1 Microsoft | 1 Windows Media Player | 2024-11-20 | N/A |
| Directory traversal vulnerability in Microsoft Windows Media Player 7.1 and Windows Media Player for Windows XP allows remote attackers to execute arbitrary code via a skins file with a URL containing hex-encoded backslash characters (%5C) that causes an executable to be placed in an arbitrary location. | ||||
| CVE-2003-0227 | 1 Microsoft | 2 Windows 2000, Windows Nt | 2024-11-20 | N/A |
| The logging capability for unicast and multicast transmissions in the ISAPI extension for Microsoft Windows Media Services in Microsoft Windows NT 4.0 and 2000, nsiislog.dll, allows remote attackers to cause a denial of service in Internet Information Server (IIS) and execute arbitrary code via a certain network request. | ||||
| CVE-2003-0226 | 1 Microsoft | 1 Internet Information Services | 2024-11-20 | N/A |
| Microsoft Internet Information Services (IIS) 5.0 and 5.1 allows remote attackers to cause a denial of service via a long WebDAV request with a (1) PROPFIND or (2) SEARCH method, which generates an error condition that is not properly handled. | ||||
| CVE-2003-0225 | 1 Microsoft | 2 Internet Information Server, Internet Information Services | 2024-11-20 | N/A |
| The ASP function Response.AddHeader in Microsoft Internet Information Server (IIS) 4.0 and 5.0 does not limit memory requests when constructing headers, which allow remote attackers to generate a large header to cause a denial of service (memory consumption) with an ASP page. | ||||
| CVE-2003-0224 | 1 Microsoft | 1 Internet Information Services | 2024-11-20 | N/A |
| Buffer overflow in ssinc.dll for Microsoft Internet Information Services (IIS) 5.0 allows local users to execute arbitrary code via a web page with a Server Side Include (SSI) directive with a long filename, aka "Server Side Include Web Pages Buffer Overrun." | ||||
| CVE-2003-0223 | 1 Microsoft | 2 Internet Information Server, Internet Information Services | 2024-11-20 | N/A |
| Cross-site scripting vulnerability (XSS) in the ASP function responsible for redirection in Microsoft Internet Information Server (IIS) 4.0, 5.0, and 5.1 allows remote attackers to embed a URL containing script in a redirection message. | ||||
| CVE-2003-0118 | 1 Microsoft | 1 Biztalk Server | 2024-11-20 | N/A |
| SQL injection vulnerability in the Document Tracking and Administration (DTA) website of Microsoft BizTalk Server 2000 and 2002 allows remote attackers to execute operating system commands via a request to (1) rawdocdata.asp or (2) RawCustomSearchField.asp containing an embedded SQL statement. | ||||