This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Microsoft First view 2015-07-14
Product Windows 2003 Server Last view 2015-07-14
Version r2 Type Os
Update sp2  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:o:microsoft:windows_2003_server

Activity : Overall

Related : CVE

  Date Alert Description
5 2015-07-14 CVE-2015-2417

OLE in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to gain privileges via crafted input, as demonstrated by a transition from Low Integrity to Medium Integrity, aka "OLE Elevation of Privilege Vulnerability," a different vulnerability than CVE-2015-2416.

5 2015-07-14 CVE-2015-2416

OLE in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to gain privileges via crafted input, as demonstrated by a transition from Low Integrity to Medium Integrity, aka "OLE Elevation of Privilege Vulnerability," a different vulnerability than CVE-2015-2417.

7.2 2015-07-14 CVE-2015-2387

ATMFD.DLL in the Adobe Type Manager Font Driver in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a crafted application, aka "ATMFD.DLL Memory Corruption Vulnerability."

3.3 2015-07-14 CVE-2015-2374

The Netlogon service in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Server 2008 SP2 and R2 SP1, and Windows Server 2012 Gold and R2 does not properly implement domain-controller communication, which allows remote attackers to discover credentials by leveraging certain PDC access and spoofing the BDC role in a PDC communication channel, aka "Elevation of Privilege Vulnerability in Netlogon."

6.9 2015-07-14 CVE-2015-2371

The Windows Installer service in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a custom action script associated with a .msi package, aka "Windows Installer EoP Vulnerability."

7.2 2015-07-14 CVE-2015-2370

The authentication implementation in the RPC subsystem in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not prevent DCE/RPC connection reflection, which allows local users to gain privileges via a crafted application, aka "Windows RPC Elevation of Privilege Vulnerability."

2.1 2015-07-14 CVE-2015-2367

win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to obtain sensitive information from uninitialized kernel memory via a crafted application, aka "Win32k Information Disclosure Vulnerability."

7.2 2015-07-14 CVE-2015-2365

win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability."

7.2 2015-07-14 CVE-2015-2364

The graphics component in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a crafted application that leverages an incorrect bitmap conversion, aka "Graphics Component EOP Vulnerability."

7.2 2015-07-14 CVE-2015-2363

win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability."

CWE : Common Weakness Enumeration

%idName
60% (6) CWE-264 Permissions, Privileges, and Access Controls
20% (2) CWE-200 Information Exposure
20% (2) CWE-20 Improper Input Validation

Information Assurance Vulnerability Management (IAVM)

id Description
2015-A-0165 Microsoft Remote Procedure Call (RPC) Privilege Escalation Vulnerability (MS1...
Severity: Category II - VMSKEY: V0061093
2015-A-0164 Microsoft Windows Installer Privilege Escalation Vulnerability (MS15-074)
Severity: Category II - VMSKEY: V0061095
2015-A-0162 Multiple Vulnerabilities in Microsoft Windows Kernel-Mode Driver (MS15-073)
Severity: Category II - VMSKEY: V0061097
2015-A-0169 Multiple Vulnerabilities in Microsoft OLE (MS15-075)
Severity: Category II - VMSKEY: V0061103
2015-A-0168 Microsoft Graphics Component Privilege Escalation Vulnerability (MS15-072)
Severity: Category II - VMSKEY: V0061105
2015-A-0173 Microsoft Windows Netlogon Privilege Escalation Vulnerability (MS15-071)
Severity: Category II - VMSKEY: V0061111

Snort® IPS/IDS

Date Description
2015-08-14 Adobe Flash Player Microsoft Internet Explorer sandbox escape attempt
RuleID : 35189 - Type : FILE-FLASH - Revision : 3
2015-08-14 Adobe Flash Player Microsoft Internet Explorer sandbox escape attempt
RuleID : 35188 - Type : FILE-FLASH - Revision : 3
2015-08-14 Adobe Flash Player Microsoft Internet Explorer sandbox escape attempt
RuleID : 35187 - Type : FILE-FLASH - Revision : 3
2015-08-14 Adobe Flash Player Microsoft Internet Explorer sandbox escape attempt
RuleID : 35186 - Type : FILE-FLASH - Revision : 3
2015-08-14 DCOM DCE/RPC NTLM reflection elevation of privilege attempt
RuleID : 35175 - Type : OS-WINDOWS - Revision : 3
2015-08-14 DCOM DCE/RPC NTLM reflection elevation of privilege attempt
RuleID : 35174 - Type : OS-WINDOWS - Revision : 3
2015-08-14 Microsoft Internet Explorer IDataObject bitmap data conversion integer overfl...
RuleID : 35163 - Type : FILE-FLASH - Revision : 3
2015-08-14 Microsoft Internet Explorer IDataObject bitmap data conversion integer overfl...
RuleID : 35162 - Type : FILE-FLASH - Revision : 3
2015-08-14 Microsoft Internet Explorer IDataObject bitmap data conversion integer overfl...
RuleID : 35161 - Type : FILE-FLASH - Revision : 3
2015-08-14 Microsoft Internet Explorer IDataObject bitmap data conversion integer overfl...
RuleID : 35160 - Type : FILE-FLASH - Revision : 3
2015-08-14 Microsoft Windows DeferWindowPos access after release code injection attempt
RuleID : 35136 - Type : OS-WINDOWS - Revision : 3
2015-08-14 Microsoft Windows DeferWindowPos access after release code injection attempt
RuleID : 35135 - Type : OS-WINDOWS - Revision : 3
2015-08-14 Microsoft Windows NtUserDisableProcessWindowFiltering information disclosure ...
RuleID : 35132 - Type : OS-WINDOWS - Revision : 3
2015-08-14 Microsoft Windows NtUserDisableProcessWindowFiltering information disclosure ...
RuleID : 35131 - Type : OS-WINDOWS - Revision : 3
2015-08-11 Microsoft Windows ATMFD.dll open font type privilege escalation attempt
RuleID : 35108 - Type : OS-WINDOWS - Revision : 3
2015-08-11 Microsoft Windows ATMFD.dll open font type privilege escalation attempt
RuleID : 35107 - Type : OS-WINDOWS - Revision : 3
2015-08-11 Microsoft Windows ATMFD.dll open font type privilege escalation attempt
RuleID : 35106 - Type : OS-WINDOWS - Revision : 3
2015-08-11 Microsoft Windows ATMFD.dll open font type privilege escalation attempt
RuleID : 35105 - Type : OS-WINDOWS - Revision : 3

Nessus® Vulnerability Scanner

id Description
2015-07-14 Name: The remote Windows host is affected by a privilege escalation vulnerability.
File: smb_nt_ms15-071.nasl - Type: ACT_GATHER_INFO
2015-07-14 Name: The remote Windows host is affected by a privilege escalation vulnerability.
File: smb_nt_ms15-072.nasl - Type: ACT_GATHER_INFO
2015-07-14 Name: The remote Windows host is affected by multiple vulnerabilities.
File: smb_nt_ms15-073.nasl - Type: ACT_GATHER_INFO
2015-07-14 Name: The remote Windows host is affected by a privilege escalation vulnerability.
File: smb_nt_ms15-074.nasl - Type: ACT_GATHER_INFO
2015-07-14 Name: The remote Windows host is affected by multiple elevation of privilege vulner...
File: smb_nt_ms15-075.nasl - Type: ACT_GATHER_INFO
2015-07-14 Name: The remote Windows host is affected by a privilege escalation vulnerability.
File: smb_nt_ms15-076.nasl - Type: ACT_GATHER_INFO
2015-07-14 Name: The Adobe Font driver on the remote host is affected by a privilege escalatio...
File: smb_nt_ms15-077.nasl - Type: ACT_GATHER_INFO