U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): cpe:2.3:o:microsoft:windows_server_2003:r2:sp2:*:*:enterprise:*:x86:*
  • CPE Name Search: true
There are 502 matching records.
Displaying matches 1 through 20.
Vuln ID Summary CVSS Severity
CVE-2019-0708

A remote code execution vulnerability exists in Remote Desktop Services formerly known as Terminal Services when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests, aka 'Remote Desktop Services Remote Code Execution Vulnerability'.

Published: May 16, 2019; 3:29:00 PM -0400
V3.0: 9.8 CRITICAL
V2.0: 10.0 HIGH
CVE-2017-0176

A buffer overflow in Smart Card authentication code in gpkcsp.dll in Microsoft Windows XP through SP3 and Server 2003 through SP2 allows a remote attacker to execute arbitrary code on the target computer, provided that the computer is joined in a Windows domain and has Remote Desktop Protocol connectivity (or Terminal Services) enabled.

Published: June 22, 2017; 10:29:00 AM -0400
V3.0: 8.1 HIGH
V2.0: 9.3 HIGH
CVE-2015-2360

win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application, aka "Win32k Elevation of Privilege Vulnerability."

Published: June 09, 2015; 9:59:38 PM -0400
V3.x:(not available)
V2.0: 7.2 HIGH
CVE-2015-1768

win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2 and R2 SP2 allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application, aka "Win32k Memory Corruption Elevation of Privilege Vulnerability."

Published: June 09, 2015; 9:59:35 PM -0400
V3.x:(not available)
V2.0: 7.2 HIGH
CVE-2015-1727

Buffer overflow in the kernel-mode drivers in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a crafted application, aka "Win32k Pool Buffer Overflow Vulnerability."

Published: June 09, 2015; 9:59:08 PM -0400
V3.x:(not available)
V2.0: 7.2 HIGH
CVE-2015-1726

Use-after-free vulnerability in the kernel-mode drivers in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a crafted application, aka "Microsoft Windows Kernel Brush Object Use After Free Vulnerability."

Published: June 09, 2015; 9:59:07 PM -0400
V3.x:(not available)
V2.0: 7.2 HIGH
CVE-2015-1725

Buffer overflow in the kernel-mode drivers in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a crafted application, aka "Win32k Buffer Overflow Vulnerability."

Published: June 09, 2015; 9:59:06 PM -0400
V3.x:(not available)
V2.0: 7.2 HIGH
CVE-2015-1724

Use-after-free vulnerability in the kernel-mode drivers in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a crafted application, aka "Microsoft Windows Kernel Object Use After Free Vulnerability."

Published: June 09, 2015; 9:59:06 PM -0400
V3.x:(not available)
V2.0: 7.2 HIGH
CVE-2015-1723

Use-after-free vulnerability in the kernel-mode drivers in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a crafted application, aka "Microsoft Windows Station Use After Free Vulnerability."

Published: June 09, 2015; 9:59:05 PM -0400
V3.x:(not available)
V2.0: 7.2 HIGH
CVE-2015-1722

Use-after-free vulnerability in the kernel-mode drivers in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a crafted application, aka "Microsoft Windows Kernel Bitmap Handling Use After Free Vulnerability."

Published: June 09, 2015; 9:59:04 PM -0400
V3.x:(not available)
V2.0: 7.2 HIGH
CVE-2015-1721

The kernel-mode drivers in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) via a crafted application, aka "Win32k Null Pointer Dereference Vulnerability."

Published: June 09, 2015; 9:59:03 PM -0400
V3.x:(not available)
V2.0: 7.2 HIGH
CVE-2015-1720

Use-after-free vulnerability in the kernel-mode drivers in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a crafted application, aka "Microsoft Windows Kernel Use After Free Vulnerability."

Published: June 09, 2015; 9:59:02 PM -0400
V3.x:(not available)
V2.0: 7.2 HIGH
CVE-2015-1719

The kernel-mode drivers in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow local users to obtain sensitive information from kernel memory via a crafted application, aka "Microsoft Windows Kernel Information Disclosure Vulnerability."

Published: June 09, 2015; 9:59:01 PM -0400
V3.x:(not available)
V2.0: 2.1 LOW
CVE-2015-1645

Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allow remote attackers to execute arbitrary code via a crafted Enhanced Metafile (EMF) image, aka "EMF Processing Remote Code Execution Vulnerability."

Published: April 14, 2015; 4:59:08 PM -0400
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2015-1644

Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 do not properly constrain impersonation levels, which allows local users to gain privileges via a crafted application, aka "Windows MS-DOS Device Name Vulnerability."

Published: April 14, 2015; 4:59:07 PM -0400
V3.x:(not available)
V2.0: 7.2 HIGH
CVE-2015-1643

Microsoft Windows Server 2003 R2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 do not properly constrain impersonation levels, which allows local users to gain privileges via a crafted application, aka "NtCreateTransactionManager Type Confusion Vulnerability."

Published: April 14, 2015; 4:59:06 PM -0400
V3.x:(not available)
V2.0: 7.2 HIGH
CVE-2015-0015

Microsoft Windows Server 2003 SP2, Server 2008 SP2 and R2 SP1, and Server 2012 Gold and R2 allow remote attackers to cause a denial of service (system hang and RADIUS outage) via crafted username strings to (1) Internet Authentication Service (IAS) or (2) Network Policy Server (NPS), aka "Network Policy Server RADIUS Implementation Denial of Service Vulnerability."

Published: January 13, 2015; 5:59:06 PM -0500
V3.x:(not available)
V2.0: 7.8 HIGH
CVE-2015-0014

Buffer overflow in the Telnet service in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 allows remote attackers to execute arbitrary code via crafted packets, aka "Windows Telnet Service Buffer Overflow Vulnerability."

Published: January 13, 2015; 5:59:05 PM -0500
V3.x:(not available)
V2.0: 10.0 HIGH
CVE-2015-0011

mrxdav.sys (aka the WebDAV driver) in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to bypass an impersonation protection mechanism, and obtain privileges for redirection of WebDAV requests, via a crafted application, aka "WebDAV Elevation of Privilege Vulnerability."

Published: January 13, 2015; 5:59:04 PM -0500
V3.x:(not available)
V2.0: 4.7 MEDIUM
CVE-2015-0006

The Network Location Awareness (NLA) service in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 does not perform mutual authentication to determine a domain connection, which allows remote attackers to trigger an unintended permissive configuration by spoofing DNS and LDAP responses on a local network, aka "NLA Security Feature Bypass Vulnerability."

Published: January 13, 2015; 5:59:03 PM -0500
V3.x:(not available)
V2.0: 6.1 MEDIUM