This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Microsoft First view 2004-11-03
Product Windows Server 2003 Last view 2015-06-09
Version r2 Type Os
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:o:microsoft:windows_server_2003

Activity : Overall

Related : CVE

  Date Alert Description
2.1 2015-06-09 CVE-2015-1719

The kernel-mode drivers in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow local users to obtain sensitive information from kernel memory via a crafted application, aka "Microsoft Windows Kernel Information Disclosure Vulnerability."

7.5 2005-10-13 CVE-2005-1987

Buffer overflow in Collaboration Data Objects (CDO), as used in Microsoft Windows and Microsoft Exchange Server, allows remote attackers to execute arbitrary code when CDOSYS or CDOEX processes an e-mail message with a large header name, as demonstrated using the "Content-Type" string.

10 2004-11-03 CVE-2004-0840

The SMTP (Simple Mail Transfer Protocol) component of Microsoft Windows XP 64-bit Edition, Windows Server 2003, Windows Server 2003 64-bit Edition, and the Exchange Routing Engine component of Exchange Server 2003, allows remote attackers to execute arbitrary code via a malicious DNS response message containing length values that are not properly validated.

10 2004-11-03 CVE-2004-0574

The Network News Transfer Protocol (NNTP) component of Microsoft Windows NT Server 4.0, Windows 2000 Server, Windows Server 2003, Exchange 2000 Server, and Exchange Server 2003 allows remote attackers to execute arbitrary code via XPAT patterns, possibly related to improper length validation and an "unchecked buffer," leading to off-by-one and heap-based buffer overflows.

CWE : Common Weakness Enumeration

%idName
25% (1) CWE-787 Out-of-bounds Write
25% (1) CWE-200 Information Exposure
25% (1) CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflo...
25% (1) CWE-20 Improper Input Validation

Open Source Vulnerability Database (OSVDB)

id Description
19905 Microsoft Collaboration Data Objects Remote Overflow
10697 Microsoft Windows/Exchange NNTP Component Remote Overflow
10696 Microsoft Windows/Exchange SMTP DNS Lookup Overflow

OpenVAS Exploits

id Description
2010-04-26 Name : Microsoft SMTP Service and Exchange Routing Engine Buffer Overflow Vulnerability
File : nvt/gb_ms04_035.nasl
2010-04-26 Name : Windows NT NNTP Component Buffer Overflow
File : nvt/gb_ms04_036.nasl

Snort® IPS/IDS

Date Description
2015-07-13 Microsoft Windows NtUserMessageCall information disclosure attempt
RuleID : 34777 - Type : OS-WINDOWS - Revision : 3
2015-07-13 Microsoft Windows NtUserMessageCall information disclosure attempt
RuleID : 34776 - Type : OS-WINDOWS - Revision : 3
2015-02-05 Microsoft SMTP excessive answer records buffer overflow attempt
RuleID : 32959 - Type : PROTOCOL-DNS - Revision : 2
2014-01-10 Microsoft Windows SEARCH pattern overflow attempt
RuleID : 3078-community - Type : PROTOCOL-NNTP - Revision : 12
2014-01-10 Microsoft Windows SEARCH pattern overflow attempt
RuleID : 3078 - Type : PROTOCOL-NNTP - Revision : 12
2014-01-10 Microsoft Windows XPAT pattern overflow attempt
RuleID : 2927-community - Type : OS-WINDOWS - Revision : 12
2014-01-10 Microsoft Windows XPAT pattern overflow attempt
RuleID : 2927 - Type : OS-WINDOWS - Revision : 12
2014-01-10 Microsoft collaboration data objects buffer overflow attempt
RuleID : 17737 - Type : SERVER-MAIL - Revision : 8
2014-01-10 Microsoft Windows Exchange CDO long header name
RuleID : 12423 - Type : SERVER-MAIL - Revision : 7

Nessus® Vulnerability Scanner

id Description
2015-06-09 Name: The remote Windows host is affected by multiple vulnerabilities.
File: smb_nt_ms15-061.nasl - Type: ACT_GATHER_INFO
2005-10-11 Name: A flaw in the Microsoft Collaboration Data Object could allow an attacker to ...
File: smb_nt_ms05-048.nasl - Type: ACT_GATHER_INFO
2005-04-06 Name: Arbitrary code can be executed on the remote host.
File: smb_nt_ms04-035.nasl - Type: ACT_GATHER_INFO
2004-10-12 Name: The remote NNTP server is susceptible to a buffer overflow attack.
File: msnntp_code_execution.nasl - Type: ACT_GATHER_INFO
2004-10-12 Name: The remote SMTP server is affected by a buffer overflow vulnerability.
File: mssmtp_code_execution.nasl - Type: ACT_GATHER_INFO