Windows Server 2008@- Security Vulnerabilities and Issues — Windows Server 2008@- CVE List

Lucene search

MicrosoftWindows Server 2008-

21 matches found

CVE•added 2012/04/10 9:55 p.m.•1060 views

CVE-2012-0151

The Authenticode Signature Verification function in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview does not properly validate the digest of a signed portable executable (PE...

9.3CVSS5.8AI score0.88546EPSS

CVE•added 2012/03/13 9:55 p.m.•303 views

CVE-2012-0002

The Remote Desktop Protocol (RDP) implementation in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly process packets in memory, which allows remote attackers to execute arbitrary code ...

9.3CVSS9.5AI score0.87223EPSS

CVE•added 2012/05/09 12:55 a.m.•164 views

CVE-2012-0165

GDI+ in Microsoft Windows Vista SP2 and Server 2008 SP2 and Office 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1 does not properly validate record types in EMF images, which allows remote attackers to execute arbitrary code via a crafted image, aka "GDI+ Record Type Vulnerability."

9.3CVSS7.5AI score0.62114EPSS

CVE•added 2012/01/10 9:55 p.m.•154 views

CVE-2012-0004

Unspecified vulnerability in DirectShow in DirectX in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted media file, related to Quartz.dll, ...

9.3CVSS8AI score0.5796EPSS

CVE•added 2012/01/10 9:55 p.m.•153 views

CVE-2012-0013

Incomplete blacklist vulnerability in the Windows Packager configuration in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted ClickOnce app...

9.3CVSS7.4AI score0.87476EPSS

CVE•added 2012/07/10 9:55 p.m.•135 views

CVE-2012-0175

The Shell in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted name for a (1) file or (2) directory, aka "Command Injection Vulnerability."

9.3CVSS7.8AI score0.47895EPSS

CVE•added 2012/01/17 7:55 p.m.•113 views

CVE-2010-5082

Untrusted search path vulnerability in colorcpl.exe 6.0.6000.16386 in the Color Control Panel in Microsoft Windows Server 2008 SP2, R2, and R2 SP1 allows local users to gain privileges via a Trojan horse sti.dll file in the current working directory, as demonstrated by a directory that contains a ....

9.3CVSS6.3AI score0.52839EPSS

CVE•added 2012/05/09 12:55 a.m.•103 views

CVE-2012-0181

win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview does not properly manage Keyboard Layout files, which allows local users to gain pri...

7.2CVSS6.2AI score0.05275EPSS

CVE•added 2012/06/12 10:55 p.m.•99 views

CVE-2012-0173

9.3CVSS9.4AI score0.87223EPSS

CVE•added 2012/01/10 9:55 p.m.•78 views

CVE-2012-0003

Unspecified vulnerability in winmm.dll in Windows Multimedia Library in Windows Media Player (WMP) in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP2, and Server 2008 SP2 allows remote attackers to execute arbitrary code via a crafted MIDI file, aka "MIDI Remote Code Execution Vulnerab...

9.3CVSS7.8AI score0.88426EPSS

CVE•added 2012/09/26 10:56 a.m.•78 views

CVE-2012-2897

The kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT, as used by Google Chrome before 22.0.1229.79 and other programs, do not properly ...

10CVSS7.3AI score0.31315EPSS

CVE•added 2012/03/28 7:55 p.m.•73 views

CVE-2007-6753

Untrusted search path vulnerability in Shell32.dll in Microsoft Windows 2000, Windows XP, Windows Vista, Windows Server 2008, and Windows 7, when using an environment configured with a string such as %APPDATA% or %PROGRAMFILES% in a certain way, allows local users to gain privileges via a Trojan ho...

6.2CVSS6.7AI score0.01742EPSS

CVE•added 2012/12/12 12:55 a.m.•73 views

CVE-2012-2556

The OpenType Font (OTF) driver in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows remote attackers to execute arbitrary cod...

9.3CVSS7.5AI score0.43491EPSS

CVE•added 2012/05/09 12:55 a.m.•63 views

CVE-2012-0178

Race condition in partmgr.sys in Windows Partition Manager in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that makes multiple simultaneous Plug and Play (PnP) Configuration Manager f...

7.2CVSS6.4AI score0.00479EPSS

CVE•added 2012/02/02 5:55 p.m.•62 views

CVE-2010-4562

Microsoft Windows 2008, 7, Vista, 2003, 2000, and XP, when using IPv6, allows remote attackers to determine whether a host is sniffing the network by sending an ICMPv6 Echo Request to a multicast address and determining whether an Echo Reply is sent, as demonstrated by thcping. NOTE: due to a typo,...

4.3CVSS6.3AI score0.17321EPSS

CVE•added 2012/01/10 9:55 p.m.•58 views

CVE-2012-0001

The kernel in Microsoft Windows XP SP2, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly load structured exception handling tables, which allows context-dependent attackers to bypass the SafeSEH security feature by lev...

9.3CVSS6.3AI score0.56051EPSS

CVE•added 2012/01/10 9:55 p.m.•53 views

CVE-2012-0005

The Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP2, and Server 2008 SP2, when a Chinese, Japanese, or Korean system locale is used, can access uninitialized memory during the processing of Unicode characters, which...

6.9CVSS6.6AI score0.0435EPSS

CVE•added 2012/05/09 12:55 a.m.•52 views

CVE-2012-0174

Windows Firewall in tcpip.sys in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly enforce firewall rules for outbound broadcast packets, which allows remote attackers to obtain potentially sensitive information by observing broadcast...

1.7CVSS6AI score0.00957EPSS

CVE•added 2012/03/13 9:55 p.m.•47 views

CVE-2012-0157

win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle window messaging, which allows local users to gain privileges via a crafted application...

8.4CVSS6.3AI score0.01588EPSS

CVE•added 2012/06/12 10:55 p.m.•47 views

CVE-2012-1867

Integer overflow in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted TrueType font file that triggers incorre...

8.4CVSS6.7AI score0.01124EPSS

CVE•added 2012/02/17 10:55 p.m.•39 views

CVE-2012-1194

The resolver in the DNS Server service in Microsoft Windows Server 2008 before R2 overwrites cached server names and TTL values in NS records during the processing of a response to an A record query, which allows remote attackers to trigger continued resolvability of revoked domain names via a "gho...

6.4CVSS6.7AI score0.09678EPSS