Search Results (Refine Search)
- CPE Product Version: cpe:/o:microsoft:windows_server_2008:-:sp2
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2012-1875 |
Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "Same ID Property Remote Code Execution Vulnerability." Published: June 12, 2012; 6:55:01 PM -0400 |
V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2012-1874 |
Microsoft Internet Explorer 8 and 9 does not properly handle objects in memory, which allows user-assisted remote attackers to execute arbitrary code by accessing a deleted object, aka "Developer Toolbar Remote Code Execution Vulnerability." Published: June 12, 2012; 6:55:01 PM -0400 |
V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2012-1873 |
Microsoft Internet Explorer 7 through 9 does not properly create and initialize string data, which allows remote attackers to obtain sensitive information from process memory via a crafted HTML document, aka "Null Byte Information Disclosure Vulnerability." Published: June 12, 2012; 6:55:01 PM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2012-1867 |
Integer overflow in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted TrueType font file that triggers incorrect memory allocation, aka "Font Resource Refcount Integer Overflow Vulnerability." Published: June 12, 2012; 6:55:01 PM -0400 |
V3.x:(not available) V2.0: 7.2 HIGH |
CVE-2012-1855 |
Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly handle function pointers, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP) or (2) a crafted .NET Framework application, aka ".NET Framework Memory Access Vulnerability." Published: June 12, 2012; 6:55:01 PM -0400 |
V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2012-1523 |
Microsoft Internet Explorer 6 through 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "Center Element Remote Code Execution Vulnerability." Published: June 12, 2012; 6:55:01 PM -0400 |
V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2012-0173 |
The Remote Desktop Protocol (RDP) implementation in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly process packets in memory, which allows remote attackers to execute arbitrary code by sending crafted RDP packets triggering access to an object that (1) was not properly initialized or (2) is deleted, aka "Remote Desktop Protocol Vulnerability," a different vulnerability than CVE-2012-0002. Published: June 12, 2012; 6:55:01 PM -0400 |
V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2012-0181 |
win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview does not properly manage Keyboard Layout files, which allows local users to gain privileges via a crafted application, aka "Keyboard Layout File Vulnerability." Published: May 08, 2012; 8:55:01 PM -0400 |
V3.x:(not available) V2.0: 7.2 HIGH |
CVE-2012-0178 |
Race condition in partmgr.sys in Windows Partition Manager in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that makes multiple simultaneous Plug and Play (PnP) Configuration Manager function calls, aka "Plug and Play (PnP) Configuration Manager Vulnerability." Published: May 08, 2012; 8:55:01 PM -0400 |
V3.x:(not available) V2.0: 7.2 HIGH |
CVE-2012-0174 |
Windows Firewall in tcpip.sys in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly enforce firewall rules for outbound broadcast packets, which allows remote attackers to obtain potentially sensitive information by observing broadcast traffic on a local network, aka "Windows Firewall Bypass Vulnerability." Published: May 08, 2012; 8:55:01 PM -0400 |
V3.x:(not available) V2.0: 1.7 LOW |
CVE-2012-0165 |
GDI+ in Microsoft Windows Vista SP2 and Server 2008 SP2 and Office 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1 does not properly validate record types in EMF images, which allows remote attackers to execute arbitrary code via a crafted image, aka "GDI+ Record Type Vulnerability." Published: May 08, 2012; 8:55:01 PM -0400 |
V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2012-0171 |
Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "SelectAll Remote Code Execution Vulnerability." Published: April 10, 2012; 5:55:01 PM -0400 |
V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2012-0169 |
Microsoft Internet Explorer 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "JScript9 Remote Code Execution Vulnerability." Published: April 10, 2012; 5:55:01 PM -0400 |
V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2012-0168 |
Microsoft Internet Explorer 6 through 9 allows user-assisted remote attackers to execute arbitrary code via a crafted HTML document that is not properly handled during a "Print table of links" print operation, aka "Print Feature Remote Code Execution Vulnerability." Published: April 10, 2012; 5:55:01 PM -0400 |
V3.x:(not available) V2.0: 7.6 HIGH |
CVE-2012-0157 |
win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle window messaging, which allows local users to gain privileges via a crafted application that calls the PostMessage function, aka "PostMessage Function Vulnerability." Published: March 13, 2012; 5:55:01 PM -0400 |
V3.x:(not available) V2.0: 7.2 HIGH |
CVE-2012-0002 |
The Remote Desktop Protocol (RDP) implementation in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly process packets in memory, which allows remote attackers to execute arbitrary code by sending crafted RDP packets triggering access to an object that (1) was not properly initialized or (2) is deleted, aka "Remote Desktop Protocol Vulnerability." Published: March 13, 2012; 5:55:01 PM -0400 |
V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2012-1194 |
The resolver in the DNS Server service in Microsoft Windows Server 2008 before R2 overwrites cached server names and TTL values in NS records during the processing of a response to an A record query, which allows remote attackers to trigger continued resolvability of revoked domain names via a "ghost domain names" attack. Published: February 17, 2012; 5:55:00 PM -0500 |
V3.x:(not available) V2.0: 6.4 MEDIUM |
CVE-2012-0155 |
Microsoft Internet Explorer 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "VML Remote Code Execution Vulnerability." Published: February 14, 2012; 5:55:02 PM -0500 |
V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2012-0012 |
Microsoft Internet Explorer 9 does not properly handle the creation and initialization of string objects, which allows remote attackers to read data from arbitrary process-memory locations via a crafted web site, aka "Null Byte Information Disclosure Vulnerability." Published: February 14, 2012; 5:55:01 PM -0500 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2012-0011 |
Microsoft Internet Explorer 7 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "HTML Layout Remote Code Execution Vulnerability." Published: February 14, 2012; 5:55:01 PM -0500 |
V3.x:(not available) V2.0: 9.3 HIGH |