VYPR

Windows Server 2003

by Microsoft

Source repositories

CVEs (4,760)

  • CVE-2013-3660HigKEVMay 24, 2013
    risk 0.69cvss 7.8epss 0.40

    The EPATHOBJ::pprFlattenRec function in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, and Windows Server 2012 does not properly initialize a…

  • CVE-2013-5065HigKEVNov 28, 2013
    risk 0.68cvss 7.8epss 0.35

    NDProxy.sys in the kernel in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows local users to gain privileges via a crafted application, as exploited in the wild in November 2013.

  • CVE-2011-2005HigKEVOct 12, 2011
    risk 0.68cvss 7.8epss 0.32

    afd.sys in the Ancillary Function Driver in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly validate user-mode input passed to kernel mode, which allows local users to gain privileges via a crafted application, aka "Ancillary Function Driver Elevation of…

  • CVE-2014-4077HigKEVNov 11, 2014
    risk 0.67cvss 7.8epss 0.48

    Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, and Office 2007 SP3, when IMJPDCT.EXE (aka IME for Japanese) is installed, allow remote attackers to bypass a sandbox protection mechanism via a crafted PDF document, aka…

  • CVE-2009-2494CriAug 12, 2009
    risk 0.67cvss 9.8epss 0.42

    The Active Template Library (ATL) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via vectors related to erroneous free operations after reading a variant…

  • CVE-2008-4835CriJan 14, 2009
    risk 0.67cvss 9.8epss 0.45

    SMB in the Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to execute arbitrary code via malformed values of unspecified "fields inside the SMB packets" in an NT Trans2 request,…

  • CVE-2023-38545CriOct 18, 2023
    risk 0.66cvss 9.8epss 0.78

    This flaw makes curl overflow a heap based buffer in the SOCKS5 proxy handshake. When curl is asked to pass along the host name to the SOCKS5 proxy to allow that to resolve the address instead of it getting done by curl itself, the maximum length that host name can be is 255…

  • CVE-2015-2387HigKEVJul 14, 2015
    risk 0.66cvss 7.8epss 0.37

    ATMFD.DLL in the Adobe Type Manager Font Driver in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges…

  • CVE-2010-4398HigKEVDec 6, 2010
    risk 0.66cvss 7.8epss 0.09

    Stack-based buffer overflow in the RtlQueryRegistryValues function in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges, and bypass the…

  • CVE-2023-44487HigKEVOct 10, 2023
    risk 0.65cvss 7.5epss 1.00

    The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.

  • CVE-2008-3465CriDec 10, 2008
    risk 0.65cvss 9.8epss 0.14

    Heap-based buffer overflow in an API in GDI in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows context-dependent attackers to cause a denial of service or execute arbitrary code via a WMF file with a malformed…

  • CVE-2026-47291CriJun 9, 2026
    risk 0.64cvss 9.8epss 0.22

    Integer overflow or wraparound in Windows HTTP.sys allows an unauthorized attacker to execute code over a network.

  • CVE-2026-45657CriJun 9, 2026
    risk 0.64cvss 9.8epss 0.15

    Use after free in Windows Kernel allows an unauthorized attacker to execute code over a network.

  • CVE-2026-44815CriJun 9, 2026
    risk 0.64cvss 9.8epss 0.01

    Stack-based buffer overflow in Windows DHCP Client allows an unauthorized attacker to execute code over a network.

  • CVE-2026-41089CriMay 12, 2026
    risk 0.64cvss 9.8epss 0.72

    Stack-based buffer overflow in Windows Netlogon allows an unauthorized attacker to execute code over a network.

  • CVE-2026-33824CriApr 14, 2026
    risk 0.64cvss 9.8epss 0.56

    Double free in Windows IKE Extension allows an unauthorized attacker to execute code over a network.

  • CVE-2025-60724CriNov 11, 2025
    risk 0.64cvss 9.8epss 0.06

    Heap-based buffer overflow in Microsoft Graphics Component allows an unauthorized attacker to execute code over a network.

  • CVE-2025-53766CriAug 12, 2025
    risk 0.64cvss 9.8epss 0.07

    Heap-based buffer overflow in Windows GDI+ allows an unauthorized attacker to execute code over a network.

  • CVE-2023-36424HigKEVNov 14, 2023
    risk 0.63cvss 7.8epss 0.12

    Windows Common Log File System Driver Elevation of Privilege Vulnerability

  • CVE-2009-1547HigOct 14, 2009
    risk 0.63cvss 8.8epss 0.37

    Unspecified vulnerability in Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, and 7 allows remote attackers to execute arbitrary code via a crafted data stream header that triggers memory corruption, aka "Data Stream Header Corruption Vulnerability."

Page 2 of 238