Microsoft: >> Project Server >> 2003 Security Vulnerabilities
Microsoft Project 2000 SR1 and 2002 SP1, and Office Project 2003 SP3, does not properly handle memory allocation for Project files, which allows remote attackers to execute arbitrary code via a malformed file, aka "Project Memory Validation Vulnerability."
CVSS Score
9.3
EPSS Score
0.663
Published
2009-12-09
projectserver/logon/pdsrequest.asp in Microsoft Project Server 2003 allows remote authenticated users to obtain the MSProjectUser password for a SQL database via a GetInitializationData request, which includes the information in the UserName and Password tags of the response.
CVSS Score
6.5
EPSS Score
0.314
Published
2006-12-18