Search Results (Refine Search)
- CPE Product Version: cpe:/o:microsoft:windows_server_2008:-:sp2:itanium
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2013-0003 |
Buffer overflow in a System.DirectoryServices.Protocols (S.DS.P) namespace method in Microsoft .NET Framework 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4, and 4.5 allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application that leverages a missing array-size check during a memory copy operation, aka "S.DS.P Buffer Overflow Vulnerability." Published: January 09, 2013; 1:09:40 PM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2013-0002 |
Buffer overflow in the Windows Forms (aka WinForms) component in Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4, and 4.5 allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application that leverages improper counting of objects during a memory copy operation, aka "WinForms Buffer Overflow Vulnerability." Published: January 09, 2013; 1:09:39 PM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2013-0001 |
The Windows Forms (aka WinForms) component in Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 4, and 4.5 does not properly initialize memory arrays, which allows remote attackers to obtain sensitive information via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application that leverages a pointer to an unmanaged memory location, aka "System Drawing Information Disclosure Vulnerability." Published: January 09, 2013; 1:09:37 PM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2012-4792 |
Use-after-free vulnerability in Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to an object that (1) was not properly allocated or (2) is deleted, as demonstrated by a CDwnBindInfo object, and exploited in the wild in December 2012. Published: December 30, 2012; 1:55:01 PM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2012-2556 |
The OpenType Font (OTF) driver in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows remote attackers to execute arbitrary code via a crafted OpenType font file, aka "OpenType Font Parsing Vulnerability." Published: December 11, 2012; 7:55:01 PM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2012-2897 |
The kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT, as used by Google Chrome before 22.0.1229.79 and other programs, do not properly handle objects in memory, which allows remote attackers to execute arbitrary code via a crafted TrueType font file, aka "Windows Font Parsing Vulnerability" or "TrueType Font Parsing Vulnerability." Published: September 26, 2012; 6:56:05 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 10.0 HIGH |
CVE-2012-0175 |
The Shell in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted name for a (1) file or (2) directory, aka "Command Injection Vulnerability." Published: July 10, 2012; 5:55:05 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2012-1889 |
Microsoft XML Core Services 3.0, 4.0, 5.0, and 6.0 accesses uninitialized memory locations, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site. Published: June 13, 2012; 12:46:46 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2012-1882 |
Microsoft Internet Explorer 6 through 9 does not block cross-domain scrolling events, which allows remote attackers to read content from a different (1) domain or (2) zone via a crafted web site, aka "Scrolling Events Information Disclosure Vulnerability." Published: June 12, 2012; 6:55:02 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2012-1881 |
Microsoft Internet Explorer 8 and 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "OnRowsInserted Event Remote Code Execution Vulnerability." Published: June 12, 2012; 6:55:02 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2012-1880 |
Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "insertRow Remote Code Execution Vulnerability." Published: June 12, 2012; 6:55:02 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2012-1879 |
Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by attempting to access an undefined memory location, aka "insertAdjacentText Remote Code Execution Vulnerability." Published: June 12, 2012; 6:55:02 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2012-1878 |
Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "OnBeforeDeactivate Event Remote Code Execution Vulnerability." Published: June 12, 2012; 6:55:02 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2012-1877 |
Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "Title Element Change Remote Code Execution Vulnerability." Published: June 12, 2012; 6:55:01 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2012-1876 |
Microsoft Internet Explorer 6 through 9, and 10 Consumer Preview, does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by attempting to access a nonexistent object, leading to a heap-based buffer overflow, aka "Col Element Remote Code Execution Vulnerability," as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2012. Published: June 12, 2012; 6:55:01 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2012-1875 |
Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "Same ID Property Remote Code Execution Vulnerability." Published: June 12, 2012; 6:55:01 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2012-1874 |
Microsoft Internet Explorer 8 and 9 does not properly handle objects in memory, which allows user-assisted remote attackers to execute arbitrary code by accessing a deleted object, aka "Developer Toolbar Remote Code Execution Vulnerability." Published: June 12, 2012; 6:55:01 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2012-1873 |
Microsoft Internet Explorer 7 through 9 does not properly create and initialize string data, which allows remote attackers to obtain sensitive information from process memory via a crafted HTML document, aka "Null Byte Information Disclosure Vulnerability." Published: June 12, 2012; 6:55:01 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2012-1867 |
Integer overflow in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted TrueType font file that triggers incorrect memory allocation, aka "Font Resource Refcount Integer Overflow Vulnerability." Published: June 12, 2012; 6:55:01 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 7.2 HIGH |
CVE-2012-1855 |
Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly handle function pointers, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP) or (2) a crafted .NET Framework application, aka ".NET Framework Memory Access Vulnerability." Published: June 12, 2012; 6:55:01 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 9.3 HIGH |