U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): cpe:2.3:o:microsoft:windows_server_2008:r2:-:*:*:standard:*:x64:*
  • CPE Name Search: true
There are 178 matching records.
Displaying matches 81 through 100.
Vuln ID Summary CVSS Severity
CVE-2012-1537

Heap-based buffer overflow in DirectPlay in DirectX 9.0 through 11.1 in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 allows remote attackers to execute arbitrary code via a crafted Office document, aka "DirectPlay Heap Overflow Vulnerability."

Published: December 11, 2012; 7:55:00 PM -0500
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2012-2532

Microsoft FTP Service 7.0 and 7.5 for Internet Information Services (IIS) processes unspecified commands before TLS is enabled for a session, which allows remote attackers to obtain sensitive information by reading the replies to these commands, aka "FTP Command Injection Vulnerability."

Published: November 13, 2012; 7:55:01 PM -0500
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2012-3324

Directory traversal vulnerability in the UTL_FILE module in IBM DB2 and DB2 Connect 10.1 before FP1 on Windows allows remote authenticated users to modify, delete, or read arbitrary files via a pathname in the file field.

Published: September 25, 2012; 4:55:01 PM -0400
V3.x:(not available)
V2.0: 9.0 HIGH
CVE-2012-4969

Use-after-free vulnerability in the CMshtmlEd::Exec function in mshtml.dll in Microsoft Internet Explorer 6 through 9 allows remote attackers to execute arbitrary code via a crafted web site, as exploited in the wild in September 2012.

Published: September 18, 2012; 6:39:14 AM -0400
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2012-0181

win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview does not properly manage Keyboard Layout files, which allows local users to gain privileges via a crafted application, aka "Keyboard Layout File Vulnerability."

Published: May 08, 2012; 8:55:01 PM -0400
V3.x:(not available)
V2.0: 7.2 HIGH
CVE-2012-0179

Double free vulnerability in tcpip.sys in Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that binds an IPv6 address to a local interface, aka "TCP/IP Double Free Vulnerability."

Published: May 08, 2012; 8:55:01 PM -0400
V3.x:(not available)
V2.0: 7.2 HIGH
CVE-2012-0174

Windows Firewall in tcpip.sys in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly enforce firewall rules for outbound broadcast packets, which allows remote attackers to obtain potentially sensitive information by observing broadcast traffic on a local network, aka "Windows Firewall Bypass Vulnerability."

Published: May 08, 2012; 8:55:01 PM -0400
V3.x:(not available)
V2.0: 1.7 LOW
CVE-2012-0159

Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview; Office 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1; Silverlight 4 before 4.1.10329; and Silverlight 5 before 5.1.10411 allow remote attackers to execute arbitrary code via a crafted TrueType font (TTF) file, aka "TrueType Font Parsing Vulnerability."

Published: May 08, 2012; 8:55:01 PM -0400
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2012-0171

Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "SelectAll Remote Code Execution Vulnerability."

Published: April 10, 2012; 5:55:01 PM -0400
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2012-0169

Microsoft Internet Explorer 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "JScript9 Remote Code Execution Vulnerability."

Published: April 10, 2012; 5:55:01 PM -0400
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2012-0168

Microsoft Internet Explorer 6 through 9 allows user-assisted remote attackers to execute arbitrary code via a crafted HTML document that is not properly handled during a "Print table of links" print operation, aka "Print Feature Remote Code Execution Vulnerability."

Published: April 10, 2012; 5:55:01 PM -0400
V3.x:(not available)
V2.0: 7.6 HIGH
CVE-2012-0155

Microsoft Internet Explorer 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "VML Remote Code Execution Vulnerability."

Published: February 14, 2012; 5:55:02 PM -0500
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2012-0012

Microsoft Internet Explorer 9 does not properly handle the creation and initialization of string objects, which allows remote attackers to read data from arbitrary process-memory locations via a crafted web site, aka "Null Byte Information Disclosure Vulnerability."

Published: February 14, 2012; 5:55:01 PM -0500
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2012-0011

Microsoft Internet Explorer 7 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "HTML Layout Remote Code Execution Vulnerability."

Published: February 14, 2012; 5:55:01 PM -0500
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2012-0010

Microsoft Internet Explorer 6 through 9 does not properly perform copy-and-paste operations, which allows user-assisted remote attackers to read content from a different (1) domain or (2) zone via a crafted web site, aka "Copy and Paste Information Disclosure Vulnerability."

Published: February 14, 2012; 5:55:00 PM -0500
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2011-5046

The Graphics Device Interface (GDI) in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly validate user-mode input, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted data, as demonstrated by a large height attribute of an IFRAME element rendered by Safari, aka "GDI Access Violation Vulnerability."

Published: December 30, 2011; 2:55:01 PM -0500
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2011-3404

Microsoft Internet Explorer 6 through 9 does not properly use the Content-Disposition HTTP header to control rendering of the HTTP response body, which allows remote attackers to read content from a different (1) domain or (2) zone via a crafted web site, aka "Content-Disposition Information Disclosure Vulnerability."

Published: December 13, 2011; 7:55:01 PM -0500
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2011-2019

Untrusted search path vulnerability in Microsoft Internet Explorer 9 on Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains an HTML file, aka "Internet Explorer Insecure Library Loading Vulnerability."

Published: December 13, 2011; 7:55:01 PM -0500
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2011-1992

The XSS Filter in Microsoft Internet Explorer 8 allows remote attackers to read content from a different (1) domain or (2) zone via a "trial and error" attack, aka "XSS Filter Information Disclosure Vulnerability."

Published: December 13, 2011; 7:55:01 PM -0500
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2011-4434

Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 do not properly enforce AppLocker rules, which allows local users to bypass intended access restrictions via a (1) macro or (2) scripting feature in an application, as demonstrated by Microsoft Office applications and the SANDBOX_INERT and LOAD_IGNORE_CODE_AUTHZ_LEVEL flags.

Published: November 11, 2011; 4:55:01 PM -0500
V3.x:(not available)
V2.0: 3.6 LOW