Vulnerabilities > Microsoft > Windows Server 2008
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2011-09-15 | CVE-2011-1984 | Permissions, Privileges, and Access Controls vulnerability in Microsoft products WINS in Microsoft Windows Server 2003 SP2 and Server 2008 SP2, R2, and R2 SP1 allows local users to gain privileges by sending crafted packets over the loopback interface, aka "WINS Local Elevation of Privilege Vulnerability." | 7.2 |
2011-08-10 | CVE-2011-1975 | Unspecified vulnerability in Microsoft Windows 7 and Windows Server 2008 Untrusted search path vulnerability in the Data Access Tracing component in Windows Data Access Components (Windows DAC) 6.0 in Microsoft Windows 7 Gold and SP1 and Windows Server 2008 R2 and R2 SP1 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains an Excel .xlsx file, aka "Data Access Components Insecure Library Loading Vulnerability." Per: http://www.microsoft.com/technet/security/Bulletin/MS11-059.mspx Access Vector: Network per "This is a remote code execution vulnerability" Per: http://cwe.mitre.org/data/definitions/426.html 'CWE-426: Untrusted Search Path' | 9.3 |
2011-08-10 | CVE-2011-1970 | Buffer Errors vulnerability in Microsoft products The DNS server in Microsoft Windows Server 2003 SP2 and Windows Server 2008 SP2, R2, and R2 SP1 does not properly initialize memory, which allows remote attackers to cause a denial of service (service outage) via a query for a nonexistent domain, aka "DNS Uninitialized Memory Corruption Vulnerability." | 5.0 |
2011-08-10 | CVE-2011-1966 | Improper Input Validation vulnerability in Microsoft Windows Server 2008 R2 The DNS server in Microsoft Windows Server 2008 SP2, R2, and R2 SP1 does not properly handle NAPTR queries that trigger recursive processing, which allows remote attackers to execute arbitrary code via a crafted query, aka "DNS NAPTR Query Vulnerability." | 10.0 |
2011-08-10 | CVE-2011-1965 | Resource Management Errors vulnerability in Microsoft Windows 7 and Windows Server 2008 Tcpip.sys in the TCP/IP stack in Microsoft Windows 7 Gold and SP1 and Windows Server 2008 R2 and R2 SP1 does not properly implement URL-based QoS, which allows remote attackers to cause a denial of service (reboot) via a crafted URL to a web server, aka "TCP/IP QOS Denial of Service Vulnerability." | 7.1 |
2011-08-10 | CVE-2011-1263 | Cross-Site Scripting vulnerability in Microsoft Windows Server 2008 R2 Cross-site scripting (XSS) vulnerability in the logon page in Remote Desktop Web Access (RD Web Access) in Microsoft Windows Server 2008 R2 and R2 SP1 allows remote attackers to inject arbitrary web script or HTML via the URI, aka "Remote Desktop Web Access Vulnerability." | 4.3 |
2011-06-16 | CVE-2011-1872 | Resource Management Errors vulnerability in Microsoft Windows Server 2008 R2 Hyper-V in Microsoft Windows Server 2008 Gold, SP2, R2, and R2 SP1 allows guest OS users to cause a denial of service (host OS infinite loop) via malformed machine instructions in a VMBus packet, aka "VMBus Persistent DoS Vulnerability." | 4.7 |
2011-06-16 | CVE-2011-1267 | Resource Management Errors vulnerability in Microsoft Windows 7, Windows Server 2008 and Windows Vista The SMB server in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to cause a denial of service (system hang) via a crafted (1) SMBv1 or (2) SMBv2 request, aka "SMB Request Parsing Vulnerability." | 7.8 |
2011-06-16 | CVE-2011-1264 | Cross-Site Scripting vulnerability in Microsoft products Cross-site scripting (XSS) vulnerability in Active Directory Certificate Services Web Enrollment in Microsoft Windows Server 2003 SP2 and Server 2008 Gold, SP2, R2, and R2 SP1 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka "Active Directory Certificate Services Vulnerability." | 4.3 |
2011-06-16 | CVE-2011-1249 | Permissions, Privileges, and Access Controls vulnerability in Microsoft products The Ancillary Function Driver (AFD) in afd.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Ancillary Function Driver Elevation of Privilege Vulnerability." | 7.2 |