Search Results (Refine Search)
- CPE Product Version: cpe:/o:microsoft:windows_server_2008:-:gold
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2012-1194 |
The resolver in the DNS Server service in Microsoft Windows Server 2008 before R2 overwrites cached server names and TTL values in NS records during the processing of a response to an A record query, which allows remote attackers to trigger continued resolvability of revoked domain names via a "ghost domain names" attack. Published: February 17, 2012; 5:55:00 PM -0500 |
V3.x:(not available) V2.0: 6.4 MEDIUM |
CVE-2010-2568 |
Windows Shell in Microsoft Windows XP SP3, Server 2003 SP2, Vista SP1 and SP2, Server 2008 SP2 and R2, and Windows 7 allows local users or remote attackers to execute arbitrary code via a crafted (1) .LNK or (2) .PIF shortcut file, which is not properly handled during icon display in Windows Explorer, as demonstrated in the wild in July 2010, and originally reported for malware that leverages CVE-2010-2772 in Siemens WinCC SCADA systems. Published: July 22, 2010; 1:43:49 AM -0400 |
V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2010-0816 |
Integer overflow in inetcomm.dll in Microsoft Outlook Express 5.5 SP2, 6, and 6 SP1; Windows Live Mail on Windows XP SP2 and SP3, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7; and Windows Mail on Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows remote e-mail servers and man-in-the-middle attackers to execute arbitrary code via a crafted (1) POP3 or (2) IMAP response, as demonstrated by a certain +OK response on TCP port 110, aka "Outlook Express and Windows Mail Integer Overflow Vulnerability." Published: May 12, 2010; 7:46:51 AM -0400 |
V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2010-0719 |
An unspecified API in Microsoft Windows 2000, Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, and Windows 7 does not validate arguments, which allows local users to cause a denial of service (system crash) via a crafted application. Published: February 26, 2010; 2:30:00 PM -0500 |
V3.x:(not available) V2.0: 4.7 MEDIUM |
CVE-2010-0242 |
The TCP/IP implementation in Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2 allows remote attackers to cause a denial of service (system hang) via crafted packets with malformed TCP selective acknowledgement (SACK) values, aka "TCP/IP Selective Acknowledgement Vulnerability." Published: February 10, 2010; 1:30:01 PM -0500 |
V3.x:(not available) V2.0: 7.8 HIGH |
CVE-2010-0241 |
The TCP/IP implementation in Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2, when IPv6 is enabled, does not properly perform bounds checking on ICMPv6 Route Information packets, which allows remote attackers to execute arbitrary code via crafted packets, aka "ICMPv6 Route Information Vulnerability." Published: February 10, 2010; 1:30:01 PM -0500 |
V3.x:(not available) V2.0: 10.0 HIGH |
CVE-2010-0240 |
The TCP/IP implementation in Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2, when a custom network driver is used, does not properly handle local fragmentation of Encapsulating Security Payload (ESP) over UDP packets, which allows remote attackers to execute arbitrary code via crafted packets, aka "Header MDL Fragmentation Vulnerability." Published: February 10, 2010; 1:30:01 PM -0500 |
V3.x:(not available) V2.0: 10.0 HIGH |
CVE-2010-0239 |
The TCP/IP implementation in Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2, when IPv6 is enabled, does not properly perform bounds checking on ICMPv6 Router Advertisement packets, which allows remote attackers to execute arbitrary code via crafted packets, aka "ICMPv6 Router Advertisement Vulnerability." Published: February 10, 2010; 1:30:01 PM -0500 |
V3.x:(not available) V2.0: 10.0 HIGH |
CVE-2009-2514 |
win32k.sys in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 does not correctly parse font code during construction of a directory-entry table, which allows remote attackers to execute arbitrary code via a crafted Embedded OpenType (EOT) font, aka "Win32k EOT Parsing Vulnerability." Published: November 11, 2009; 2:30:00 PM -0500 |
V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2009-2513 |
The Graphics Device Interface (GDI) in win32k.sys in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Win32k Insufficient Data Validation Vulnerability." Published: November 11, 2009; 2:30:00 PM -0500 |
V3.x:(not available) V2.0: 7.2 HIGH |
CVE-2009-1928 |
Stack consumption vulnerability in the LDAP service in Active Directory on Microsoft Windows 2000 SP4, Server 2003 SP2, and Server 2008 Gold and SP2; Active Directory Application Mode (ADAM) on Windows XP SP2 and SP3 and Server 2003 SP2; and Active Directory Lightweight Directory Service (AD LDS) on Windows Server 2008 Gold and SP2 allows remote attackers to cause a denial of service (system hang) via a malformed (1) LDAP or (2) LDAPS request, aka "LSASS Recursive Stack Overflow Vulnerability." Published: November 11, 2009; 2:30:00 PM -0500 |
V3.x:(not available) V2.0: 7.8 HIGH |
CVE-2009-1127 |
win32k.sys in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 does not correctly validate an argument to an unspecified system call, which allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, aka "Win32k NULL Pointer Dereferencing Vulnerability." Published: November 11, 2009; 2:30:00 PM -0500 |
V3.x:(not available) V2.0: 7.2 HIGH |