Summary
| Detail | |||
|---|---|---|---|
| Vendor | Microsoft | First view | 2007-09-27 |
| Product | Windows 2003 Server | Last view | 2010-05-06 |
| Version | * | Type | Os |
| Update | gold | ||
| Edition | x64 | ||
| Language | * | ||
| Sofware Edition | * | ||
| Target Software | * | ||
| Target Hardware | * | ||
| Other | * | ||
| CPE Product | cpe:2.3:o:microsoft:windows_2003_server | ||
Activity : Overall
Related : CVE
| Date | Alert | Description | |
|---|---|---|---|
| 4.9 | 2010-05-06 | CVE-2010-1735 | The SfnLOGONNOTIFY function in win32k.sys in the kernel in Microsoft Windows 2000, XP, and Server 2003 allows local users to cause a denial of service (system crash) via a 0x4c value in the second argument (aka the Msg argument) of a PostMessage function call for the DDEMLEvent window. |
| 4.9 | 2010-05-06 | CVE-2010-1734 | The SfnINSTRING function in win32k.sys in the kernel in Microsoft Windows 2000, XP, and Server 2003 allows local users to cause a denial of service (system crash) via a 0x18d value in the second argument (aka the Msg argument) of a PostMessage function call for the DDEMLEvent window. |
| 6.4 | 2007-11-13 | CVE-2007-3898 | The DNS server in Microsoft Windows 2000 Server SP4, and Server 2003 SP1 and SP2, uses predictable transaction IDs when querying other DNS servers, which allows remote attackers to spoof DNS replies, poison the DNS cache, and facilitate further attack vectors. |
| 7.1 | 2007-09-27 | CVE-2007-5133 | Microsoft Windows Explorer (explorer.exe) allows user-assisted remote attackers to cause a denial of service (CPU consumption) via a certain PNG file with a large tEXt chunk that possibly triggers an integer overflow in PNG chunk size handling, as demonstrated by badlycrafted.png. |
CWE : Common Weakness Enumeration
| % | id | Name |
|---|---|---|
| 40% (2) | CWE-20 | Improper Input Validation |
| 20% (1) | CWE-399 | Resource Management Errors |
| 20% (1) | CWE-189 | Numeric Errors |
| 20% (1) | CWE-16 | Configuration |
Open Source Vulnerability Database (OSVDB)
| id | Description |
|---|---|
| 64058 | Microsoft Windows win32k.sys SfnINSTRING() Local DoS |
| 64057 | Microsoft Windows win32k.sys SfnLOGONNOTIFY() Local DoS |
| 45521 | Microsoft Windows Explorer (explorer.exe) Malformed PNG Handling Remote DoS |
| 41092 | Microsoft Windows DNS Service Predictable Transaction ID Weakness |
OpenVAS Exploits
| id | Description |
|---|---|
| 2010-05-13 | Name : Microsoft Windows Kernel 'win32k.sys' Multiple DOS Vulnerabilities File : nvt/gb_ms_win_kernel_win32k_sys_mult_dos_vuln.nasl |
Snort® IPS/IDS
| Date | Description |
|---|---|
| 2014-01-10 | Microsoft Windows DNS server spoofing attempt RuleID : 16206 - Type : OS-WINDOWS - Revision : 12 |
| 2014-01-10 | dns cache poisoning attempt RuleID : 13667 - Type : PROTOCOL-DNS - Revision : 19 |
Nessus® Vulnerability Scanner
| id | Description |
|---|---|
| 2014-03-05 | Name: The DNS server running on the remote host is vulnerable to DNS spoofing attacks. File: ms_dns_kb941672.nasl - Type: ACT_GATHER_INFO |
| 2007-11-13 | Name: Remote DNS server is vulnerable to spoofing attacks. File: smb_nt_ms07-062.nasl - Type: ACT_GATHER_INFO |
