Search Results (Refine Search)

Search Parameters:
  • CPE Product Version: cpe:/o:microsoft:windows_server_2008:r2:sp1:~~standard~~itanium~
There are 1,549 matching records.
Displaying matches 1,521 through 1,540.
Vuln ID Summary CVSS Severity
CVE-2010-3229

The Secure Channel (aka SChannel) security package in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7, when IIS 7.x is used, does not properly process client certificates during SSL and TLS handshakes, which allows remote attackers to cause a denial of service (LSASS outage and reboot) via a crafted packet, aka "TLSv1 Denial of Service Vulnerability."

Published: October 13, 2010; 3:00:45 PM -0400
V3.x:(not available)
V2.0: 7.1 HIGH
CVE-2010-3228

The JIT compiler in Microsoft .NET Framework 4.0 on 64-bit platforms does not properly perform optimizations, which allows remote attackers to execute arbitrary code via a crafted .NET application that triggers memory corruption, aka ".NET Framework x64 JIT Compiler Vulnerability."

Published: October 13, 2010; 3:00:45 PM -0400
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2010-3223

The user interface in Microsoft Cluster Service (MSCS) in Microsoft Windows Server 2008 R2 does not properly set administrative-share permissions for new cluster disks that are shared as part of a failover cluster, which allows remote attackers to read or modify data on these disks via requests to the associated share, aka "Permissions on New Cluster Disks Vulnerability."

Published: October 13, 2010; 3:00:45 PM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2010-2746

Heap-based buffer overflow in Comctl32.dll (aka the common control library) in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7, when a third-party SVG viewer is used, allows remote attackers to execute arbitrary code via a crafted HTML document that triggers unspecified messages from this viewer, aka "Comctl32 Heap Overflow Vulnerability."

Published: October 13, 2010; 3:00:44 PM -0400
V3.x:(not available)
V2.0: 7.6 HIGH
CVE-2010-2745

Microsoft Windows Media Player (WMP) 9 through 12 does not properly deallocate objects during a browser reload action, which allows user-assisted remote attackers to execute arbitrary code via crafted media content referenced in an HTML document, aka "Windows Media Player Memory Corruption Vulnerability."

Published: October 13, 2010; 3:00:44 PM -0400
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2010-1883

Integer overflow in the Embedded OpenType (EOT) Font Engine in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows remote attackers to execute arbitrary code via a crafted table in an embedded font, aka "Embedded OpenType Font Integer Overflow Vulnerability."

Published: October 13, 2010; 3:00:18 PM -0400
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2010-2729

The Print Spooler service in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7, when printer sharing is enabled, does not properly validate spooler access permissions, which allows remote attackers to create files in a system directory, and consequently execute arbitrary code, by sending a crafted print request over RPC, as exploited in the wild in September 2010, aka "Print Spooler Service Impersonation Vulnerability."

Published: September 15, 2010; 3:00:19 PM -0400
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2010-0820

Heap-based buffer overflow in the Local Security Authority Subsystem Service (LSASS), as used in Active Directory in Microsoft Windows Server 2003 SP2 and Windows Server 2008 Gold, SP2, and R2; Active Directory Application Mode (ADAM) in Windows XP SP2 and SP3 and Windows Server 2003 SP2; and Active Directory Lightweight Directory Service (AD LDS) in Windows Vista SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7, allows remote authenticated users to execute arbitrary code via malformed LDAP messages, aka "LSASS Heap Overflow Vulnerability."

Published: September 15, 2010; 3:00:18 PM -0400
V3.x:(not available)
V2.0: 9.0 HIGH
CVE-2010-1886

Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 SP2 and R2, and Windows 7 allow local users to gain privileges by leveraging access to a process with NetworkService credentials, as demonstrated by TAPI Server, SQL Server, and IIS processes, and related to the Windows Service Isolation feature. NOTE: the vendor states that privilege escalation from NetworkService to LocalSystem does not cross a "security boundary."

Published: August 16, 2010; 2:39:40 PM -0400
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2010-2568

Windows Shell in Microsoft Windows XP SP3, Server 2003 SP2, Vista SP1 and SP2, Server 2008 SP2 and R2, and Windows 7 allows local users or remote attackers to execute arbitrary code via a crafted (1) .LNK or (2) .PIF shortcut file, which is not properly handled during icon display in Windows Explorer, as demonstrated in the wild in July 2010, and originally reported for malware that leverages CVE-2010-2772 in Siemens WinCC SCADA systems.

Published: July 22, 2010; 1:43:49 AM -0400
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2010-1262

Microsoft Internet Explorer 6 SP1 and SP2, 7, and 8 allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, related to the CStyleSheet object and a free of the root container, aka "Memory Corruption Vulnerability."

Published: June 08, 2010; 6:30:01 PM -0400
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2010-1261

The IE8 Developer Toolbar in Microsoft Internet Explorer 8 SP1, SP2, and SP3 allows user-assisted remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability."

Published: June 08, 2010; 6:30:01 PM -0400
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2010-1260

The IE8 Developer Toolbar in Microsoft Internet Explorer 8 SP1, SP2, and SP3 allows user-assisted remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "HTML Element Memory Corruption Vulnerability."

Published: June 08, 2010; 6:30:01 PM -0400
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2010-1259

Microsoft Internet Explorer 6 SP1 and SP2, 7, and 8 allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability."

Published: June 08, 2010; 6:30:01 PM -0400
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2010-1255

The Windows kernel-mode drivers in win32k.sys in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, Server 2008 Gold and SP2, Windows 7, and Server 2008 R2 allows local users to execute arbitrary code via vectors related to "glyph outline information" and TrueType fonts, aka "Win32k TrueType Font Parsing Vulnerability."

Published: June 08, 2010; 6:30:01 PM -0400
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2010-0811

Multiple unspecified vulnerabilities in the Microsoft Internet Explorer 8 Developer Tools ActiveX control in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allow remote attackers to execute arbitrary code via unknown vectors that "corrupt the system state," aka "Microsoft Internet Explorer 8 Developer Tools Vulnerability."

Published: June 08, 2010; 6:30:01 PM -0400
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2010-0485

The Windows kernel-mode drivers in win32k.sys in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, Server 2008 Gold and SP2, Windows 7, and Server 2008 R2 "do not properly validate all callback parameters when creating a new window," which allows local users to execute arbitrary code, aka "Win32k Window Creation Vulnerability."

Published: June 08, 2010; 6:30:01 PM -0400
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2010-1257

Cross-site scripting (XSS) vulnerability in the toStaticHTML API, as used in Microsoft Office InfoPath 2003 SP3, 2007 SP1, and 2007 SP2; Office SharePoint Server 2007 SP1 and SP2; SharePoint Services 3.0 SP1 and SP2; and Internet Explorer 8 allows remote attackers to inject arbitrary web script or HTML via vectors related to sanitization.

Published: June 08, 2010; 4:30:02 PM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2010-1256

Unspecified vulnerability in Microsoft IIS 6.0, 7.0, and 7.5, when Extended Protection for Authentication is enabled, allows remote authenticated users to execute arbitrary code via unknown vectors related to "token checking" that trigger memory corruption, aka "IIS Authentication Memory Corruption Vulnerability."

Published: June 08, 2010; 4:30:02 PM -0400
V3.x:(not available)
V2.0: 8.5 HIGH
CVE-2010-0819

Unspecified vulnerability in the Windows OpenType Compact Font Format (CFF) driver in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, Server 2008 SP2 and R2, and Windows 7 allows local users to execute arbitrary code via unknown vectors related to improper validation when copying data from user mode to kernel mode, aka "OpenType CFF Font Driver Memory Corruption Vulnerability."

Published: June 08, 2010; 4:30:01 PM -0400
V3.x:(not available)
V2.0: 7.2 HIGH