7.5

CVE-2003-0660

The Authenticode capability in Microsoft Windows NT through Server 2003 does not prompt the user to download and install ActiveX controls when the system is low on memory, which could allow remote attackers to execute arbitrary code without user approval.

Data is provided by the National Vulnerability Database (NVD)
MicrosoftWindows 2000 Updatesp1
MicrosoftWindows 2000 Updatesp2
MicrosoftWindows 2000 Updatesp3
MicrosoftWindows 2000 Updatesp4
MicrosoftWindows 2003 Server Versionenterprise Edition64-bit
MicrosoftWindows 2003 Server Versionenterprise_64-bit
MicrosoftWindows 2003 Server Versionr2 Edition64-bit
MicrosoftWindows 2003 Server Versionr2 Editiondatacenter_64-bit
MicrosoftWindows 2003 Server Versionstandard Edition64-bit
MicrosoftWindows Nt Version4.0 Editionenterprise_server
MicrosoftWindows Nt Version4.0 Editionserver
MicrosoftWindows Nt Version4.0 Editionterminal_server
MicrosoftWindows Nt Version4.0 Editionworkstation
MicrosoftWindows Nt Version4.0 Updatesp1 Editionenterprise_server
MicrosoftWindows Nt Version4.0 Updatesp1 Editionserver
MicrosoftWindows Nt Version4.0 Updatesp1 Editionterminal_server
MicrosoftWindows Nt Version4.0 Updatesp1 Editionworkstation
MicrosoftWindows Nt Version4.0 Updatesp2 Editionenterprise_server
MicrosoftWindows Nt Version4.0 Updatesp2 Editionserver
MicrosoftWindows Nt Version4.0 Updatesp2 Editionterminal_server
MicrosoftWindows Nt Version4.0 Updatesp2 Editionworkstation
MicrosoftWindows Nt Version4.0 Updatesp3 Editionenterprise_server
MicrosoftWindows Nt Version4.0 Updatesp3 Editionserver
MicrosoftWindows Nt Version4.0 Updatesp3 Editionterminal_server
MicrosoftWindows Nt Version4.0 Updatesp3 Editionworkstation
MicrosoftWindows Nt Version4.0 Updatesp4 Editionenterprise_server
MicrosoftWindows Nt Version4.0 Updatesp4 Editionserver
MicrosoftWindows Nt Version4.0 Updatesp4 Editionterminal_server
MicrosoftWindows Nt Version4.0 Updatesp4 Editionworkstation
MicrosoftWindows Nt Version4.0 Updatesp5 Editionenterprise_server
MicrosoftWindows Nt Version4.0 Updatesp5 Editionserver
MicrosoftWindows Nt Version4.0 Updatesp5 Editionterminal_server
MicrosoftWindows Nt Version4.0 Updatesp5 Editionworkstation
MicrosoftWindows Nt Version4.0 Updatesp6 Editionenterprise_server
MicrosoftWindows Nt Version4.0 Updatesp6 Editionserver
MicrosoftWindows Nt Version4.0 Updatesp6 Editionterminal_server
MicrosoftWindows Nt Version4.0 Updatesp6 Editionworkstation
MicrosoftWindows Nt Version4.0 Updatesp6a Editionenterprise_server
MicrosoftWindows Nt Version4.0 Updatesp6a Editionserver
MicrosoftWindows Nt Version4.0 Updatesp6a Editionworkstation
MicrosoftWindows Xp Edition64-bit
MicrosoftWindows Xp Editionembedded
MicrosoftWindows Xp Editionhome
MicrosoftWindows Xp Updategold Editionprofessional
MicrosoftWindows Xp Updatesp1 Edition64-bit
MicrosoftWindows Xp Updatesp1 Editionembedded
MicrosoftWindows Xp Updatesp1 Editionhome
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 43.7% 0.974
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 7.5 10 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:P
http://www.kb.cert.org/vuls/id/838572
Patch
Third Party Advisory
US Government Resource