U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • Keyword (text search): cpe:/o:microsoft:windows_server_2012:-
There are 2,854 matching records.
Displaying matches 2,841 through 2,854.
Vuln ID Summary CVSS Severity
CVE-2013-0004

Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly validate the permissions of objects in memory, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application, aka "Double Construction Vulnerability."

Published: January 09, 2013; 1:09:40 PM -0500
V4.0:(not available)
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2013-0003

Buffer overflow in a System.DirectoryServices.Protocols (S.DS.P) namespace method in Microsoft .NET Framework 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4, and 4.5 allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application that leverages a missing array-size check during a memory copy operation, aka "S.DS.P Buffer Overflow Vulnerability."

Published: January 09, 2013; 1:09:40 PM -0500
V4.0:(not available)
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2013-0002

Buffer overflow in the Windows Forms (aka WinForms) component in Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4, and 4.5 allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application that leverages improper counting of objects during a memory copy operation, aka "WinForms Buffer Overflow Vulnerability."

Published: January 09, 2013; 1:09:39 PM -0500
V4.0:(not available)
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2013-0001

The Windows Forms (aka WinForms) component in Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 4, and 4.5 does not properly initialize memory arrays, which allows remote attackers to obtain sensitive information via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application that leverages a pointer to an unmanaged memory location, aka "System Drawing Information Disclosure Vulnerability."

Published: January 09, 2013; 1:09:37 PM -0500
V4.0:(not available)
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2012-4787

Use-after-free vulnerability in Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to an object that (1) was not properly initialized or (2) is deleted, aka "Improper Ref Counting Use After Free Vulnerability."

Published: December 11, 2012; 7:55:01 PM -0500
V4.0:(not available)
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2012-4782

Use-after-free vulnerability in Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "CMarkup Use After Free Vulnerability."

Published: December 11, 2012; 7:55:01 PM -0500
V4.0:(not available)
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2012-2556

The OpenType Font (OTF) driver in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows remote attackers to execute arbitrary code via a crafted OpenType font file, aka "OpenType Font Parsing Vulnerability."

Published: December 11, 2012; 7:55:01 PM -0500
V4.0:(not available)
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2012-2549

The IP-HTTPS server in Windows Server 2008 R2 and R2 SP1 and Server 2012 does not properly validate certificates, which allows remote attackers to bypass intended access restrictions via a revoked certificate, aka "Revoked Certificate Bypass Vulnerability."

Published: December 11, 2012; 7:55:01 PM -0500
V4.0:(not available)
V3.x:(not available)
V2.0: 5.8 MEDIUM
CVE-2012-4777

The code-optimization feature in the reflection implementation in Microsoft .NET Framework 4 and 4.5 does not properly enforce object permissions, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP) or (2) a crafted .NET Framework application, aka "WPF Reflection Optimization Vulnerability."

Published: November 13, 2012; 7:55:01 PM -0500
V4.0:(not available)
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2012-4776

The Web Proxy Auto-Discovery (WPAD) functionality in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not validate configuration data that is returned during acquisition of proxy settings, which allows remote attackers to execute arbitrary JavaScript code by providing crafted data during execution of (1) an XAML browser application (aka XBAP) or (2) a .NET Framework application, aka "Web Proxy Auto-Discovery Vulnerability."

Published: November 13, 2012; 7:55:01 PM -0500
V4.0:(not available)
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2012-2519

Untrusted search path vulnerability in Entity Framework in ADO.NET in Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, and 4 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .NET application, aka ".NET Framework Insecure Library Loading Vulnerability."

Published: November 13, 2012; 7:55:01 PM -0500
V4.0:(not available)
V3.x:(not available)
V2.0: 7.9 HIGH
CVE-2012-1528

Integer overflow in Windows Shell in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 allows local users to gain privileges via a crafted briefcase, aka "Windows Briefcase Integer Overflow Vulnerability."

Published: November 13, 2012; 7:55:01 PM -0500
V4.0:(not available)
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2012-1527

Integer underflow in Windows Shell in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 allows local users to gain privileges via a crafted briefcase, aka "Windows Briefcase Integer Underflow Vulnerability."

Published: November 13, 2012; 7:55:01 PM -0500
V4.0:(not available)
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2012-2897

The kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT, as used by Google Chrome before 22.0.1229.79 and other programs, do not properly handle objects in memory, which allows remote attackers to execute arbitrary code via a crafted TrueType font file, aka "Windows Font Parsing Vulnerability" or "TrueType Font Parsing Vulnerability."

Published: September 26, 2012; 6:56:05 AM -0400
V4.0:(not available)
V3.x:(not available)
V2.0: 10.0 HIGH