Search Results (Refine Search)
- Keyword (text search): cpe:2.3:o:microsoft:windows_server_2008:-:r2:x64:*:*:*:*:*
- CPE Name Search: true
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2013-1250 |
Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. Published: February 13, 2013; 7:04:12 AM -0500 |
V3.x:(not available) V2.0: 4.9 MEDIUM |
CVE-2013-1249 |
Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. Published: February 13, 2013; 7:04:12 AM -0500 |
V3.x:(not available) V2.0: 4.9 MEDIUM |
CVE-2013-1248 |
Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. Published: February 13, 2013; 7:04:12 AM -0500 |
V3.x:(not available) V2.0: 4.9 MEDIUM |
CVE-2013-0076 |
The Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "Reference Count Vulnerability." Published: February 13, 2013; 7:04:12 AM -0500 |
V3.x:(not available) V2.0: 7.2 HIGH |
CVE-2013-0030 |
The Vector Markup Language (VML) implementation in Microsoft Internet Explorer 6 through 10 does not properly allocate buffers, which allows remote attackers to execute arbitrary code via a crafted web site, aka "VML Memory Corruption Vulnerability." Published: February 13, 2013; 7:04:12 AM -0500 |
V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2013-0029 |
Use-after-free vulnerability in Microsoft Internet Explorer 6 through 9 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer CHTML Use After Free Vulnerability." Published: February 13, 2013; 7:04:12 AM -0500 |
V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2013-0026 |
Use-after-free vulnerability in Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer InsertElement Use After Free Vulnerability." Published: February 13, 2013; 7:04:12 AM -0500 |
V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2013-0024 |
Use-after-free vulnerability in Microsoft Internet Explorer 8 and 9 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer pasteHTML Use After Free Vulnerability." Published: February 13, 2013; 7:04:11 AM -0500 |
V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2013-0023 |
Use-after-free vulnerability in Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer CDispNode Use After Free Vulnerability." Published: February 13, 2013; 7:04:11 AM -0500 |
V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2013-0022 |
Use-after-free vulnerability in Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer LsGetTrailInfo Use After Free Vulnerability." Published: February 13, 2013; 7:04:11 AM -0500 |
V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2013-0020 |
Use-after-free vulnerability in Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer CMarkup Use After Free Vulnerability." Published: February 13, 2013; 7:04:11 AM -0500 |
V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2013-0019 |
Use-after-free vulnerability in Microsoft Internet Explorer 7 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer COmWindowProxy Use After Free Vulnerability." Published: February 13, 2013; 7:04:11 AM -0500 |
V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2013-0013 |
The SSL provider component in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle encrypted packets, which allows man-in-the-middle attackers to conduct SSLv2 downgrade attacks against (1) SSLv3 sessions or (2) TLS sessions by intercepting handshakes and injecting content, aka "Microsoft SSL Version 3 and TLS Protocol Security Feature Bypass Vulnerability." Published: January 09, 2013; 1:09:40 PM -0500 |
V3.x:(not available) V2.0: 5.8 MEDIUM |
CVE-2013-0011 |
The Print Spooler in Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted print job, aka "Windows Print Spooler Components Vulnerability." Published: January 09, 2013; 1:09:40 PM -0500 |
V3.x:(not available) V2.0: 10.0 HIGH |
CVE-2013-0004 |
Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly validate the permissions of objects in memory, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application, aka "Double Construction Vulnerability." Published: January 09, 2013; 1:09:40 PM -0500 |
V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2013-0003 |
Buffer overflow in a System.DirectoryServices.Protocols (S.DS.P) namespace method in Microsoft .NET Framework 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4, and 4.5 allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application that leverages a missing array-size check during a memory copy operation, aka "S.DS.P Buffer Overflow Vulnerability." Published: January 09, 2013; 1:09:40 PM -0500 |
V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2013-0002 |
Buffer overflow in the Windows Forms (aka WinForms) component in Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4, and 4.5 allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application that leverages improper counting of objects during a memory copy operation, aka "WinForms Buffer Overflow Vulnerability." Published: January 09, 2013; 1:09:39 PM -0500 |
V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2013-0001 |
The Windows Forms (aka WinForms) component in Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 4, and 4.5 does not properly initialize memory arrays, which allows remote attackers to obtain sensitive information via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application that leverages a pointer to an unmanaged memory location, aka "System Drawing Information Disclosure Vulnerability." Published: January 09, 2013; 1:09:37 PM -0500 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2012-4792 |
Use-after-free vulnerability in Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to an object that (1) was not properly allocated or (2) is deleted, as demonstrated by a CDwnBindInfo object, and exploited in the wild in December 2012. Published: December 30, 2012; 1:55:01 PM -0500 |
V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2012-4787 |
Use-after-free vulnerability in Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to an object that (1) was not properly initialized or (2) is deleted, aka "Improper Ref Counting Use After Free Vulnerability." Published: December 11, 2012; 7:55:01 PM -0500 |
V3.x:(not available) V2.0: 9.3 HIGH |