U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • Keyword (text search): cpe:2.3:o:microsoft:windows_server_2003:r2:sp2:*:*:compute_cluster:*:itanium:*
  • CPE Name Search: true
There are 501 matching records.
Displaying matches 301 through 320.
Vuln ID Summary CVSS Severity
CVE-2010-3970

Stack-based buffer overflow in the CreateSizedDIBSECTION function in shimgvw.dll in the Windows Shell graphics processor (aka graphics rendering engine) in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a crafted .MIC or unspecified Office document containing a thumbnail bitmap with a negative biClrUsed value, as reported by Moti and Xu Hao, aka "Windows Shell Graphics Processing Overrun Vulnerability."

Published: December 22, 2010; 4:00:16 PM -0500
V4.0:(not available)
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2010-3965

Untrusted search path vulnerability in Windows Media Encoder 9 on Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, and Windows Server 2008 Gold and SP2 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a Windows Media Profile (PRX) file, aka "Insecure Library Loading Vulnerability."

Published: December 16, 2010; 2:33:03 PM -0500
V4.0:(not available)
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2010-3963

Buffer overflow in the Routing and Remote Access NDProxy component in the kernel in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows local users to gain privileges via a crafted application, related to the Routing and Remote Access service (RRAS) and improper copying from user mode to the kernel, aka "Kernel NDProxy Buffer Overflow Vulnerability."

Published: December 16, 2010; 2:33:03 PM -0500
V4.0:(not available)
V3.x:(not available)
V2.0: 7.2 HIGH
CVE-2010-3959

The OpenType Font (OTF) driver in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges via a crafted CMAP table in an OpenType font, aka "OpenType CMAP Table Vulnerability."

Published: December 16, 2010; 2:33:03 PM -0500
V4.0:(not available)
V3.x:(not available)
V2.0: 6.9 MEDIUM
CVE-2010-3957

Double free vulnerability in the OpenType Font (OTF) driver in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges via a crafted OpenType font, aka "OpenType Font Double Free Vulnerability."

Published: December 16, 2010; 2:33:03 PM -0500
V4.0:(not available)
V3.x:(not available)
V2.0: 6.9 MEDIUM
CVE-2010-3956

The OpenType Font (OTF) driver in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly perform array indexing, which allows local users to gain privileges via a crafted OpenType font, aka "OpenType Font Index Vulnerability."

Published: December 16, 2010; 2:33:03 PM -0500
V4.0:(not available)
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2010-3943

win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly link driver objects, which allows local users to gain privileges via a crafted application that triggers linked-list corruption, aka "Win32k Cursor Linking Vulnerability."

Published: December 16, 2010; 2:33:02 PM -0500
V4.0:(not available)
V3.x:(not available)
V2.0: 7.2 HIGH
CVE-2010-3942

win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly allocate memory for copies from user mode, which allows local users to gain privileges via a crafted application, aka "Win32k WriteAV Vulnerability."

Published: December 16, 2010; 2:33:02 PM -0500
V4.0:(not available)
V3.x:(not available)
V2.0: 7.2 HIGH
CVE-2010-3941

Double free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold and SP2, and Windows 7 allows local users to gain privileges via a crafted application, aka "Win32k Double Free Vulnerability."

Published: December 16, 2010; 2:33:02 PM -0500
V4.0:(not available)
V3.x:(not available)
V2.0: 7.2 HIGH
CVE-2010-3940

Double free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges via a crafted application, aka "Win32k PFE Pointer Double Free Vulnerability."

Published: December 16, 2010; 2:33:02 PM -0500
V4.0:(not available)
V3.x:(not available)
V2.0: 7.2 HIGH
CVE-2010-3939

Buffer overflow in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges via vectors related to improper memory allocation for copies from user mode, aka "Win32k Buffer Overflow Vulnerability."

Published: December 16, 2010; 2:33:02 PM -0500
V4.0:(not available)
V3.x:(not available)
V2.0: 7.2 HIGH
CVE-2010-3340

Microsoft Internet Explorer 6 and 7 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "HTML Object Memory Corruption Vulnerability."

Published: December 16, 2010; 2:33:02 PM -0500
V4.0:(not available)
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2010-2742

The Netlogon RPC Service in Microsoft Windows Server 2003 SP2 and Server 2008 Gold, SP2, and R2, when the domain controller role is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and reboot) via a crafted RPC packet, aka "Netlogon RPC Null dereference DOS Vulnerability."

Published: December 16, 2010; 2:33:02 PM -0500
V4.0:(not available)
V3.x:(not available)
V2.0: 5.4 MEDIUM
CVE-2010-3331

Microsoft Internet Explorer 6 through 8 does not properly handle objects in memory in certain circumstances involving use of Microsoft Word to read Word documents, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability."

Published: October 13, 2010; 3:00:46 PM -0400
V4.0:(not available)
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2010-3330

Microsoft Internet Explorer 6 through 8 does not properly restrict script access to content from a different (1) domain or (2) zone, which allows remote attackers to obtain sensitive information via a crafted web site, aka "Cross-Domain Information Disclosure Vulnerability."

Published: October 13, 2010; 3:00:46 PM -0400
V4.0:(not available)
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2010-3329

mshtmled.dll in Microsoft Internet Explorer 7 and 8 allows remote attackers to execute arbitrary code via a crafted Microsoft Office document that causes the HtmlDlgHelper class destructor to access uninitialized memory, aka "Uninitialized Memory Corruption Vulnerability."

Published: October 13, 2010; 3:00:46 PM -0400
V4.0:(not available)
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2010-3327

The implementation of HTML content creation in Microsoft Internet Explorer 6 through 8 does not remove the Anchor element during pasting and editing, which might allow remote attackers to obtain sensitive deleted information by visiting a web page, aka "Anchor Element Information Disclosure Vulnerability."

Published: October 13, 2010; 3:00:46 PM -0400
V4.0:(not available)
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2010-3326

Microsoft Internet Explorer 6 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability."

Published: October 13, 2010; 3:00:46 PM -0400
V4.0:(not available)
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2010-3325

Microsoft Internet Explorer 6 through 8 does not properly handle unspecified special characters in Cascading Style Sheets (CSS) documents, which allows remote attackers to obtain sensitive information from a different (1) domain or (2) zone via a crafted web site, aka "CSS Special Character Information Disclosure Vulnerability."

Published: October 13, 2010; 3:00:46 PM -0400
V4.0:(not available)
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2010-3243

Cross-site scripting (XSS) vulnerability in the toStaticHTML function in Microsoft Internet Explorer 8, and the SafeHTML function in Microsoft Windows SharePoint Services 3.0 SP2 and Office SharePoint Server 2007 SP2, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "HTML Sanitization Vulnerability."

Published: October 13, 2010; 3:00:46 PM -0400
V4.0:(not available)
V3.x:(not available)
V2.0: 4.3 MEDIUM