Vulnerabilities > Microsoft > Windows Server 2008
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2011-05-13 | CVE-2011-1248 | Improper Input Validation vulnerability in Microsoft Windows Server 2003 and Windows Server 2008 WINS in Microsoft Windows Server 2003 SP2 and Server 2008 Gold, SP2, R2, and R2 SP1 does not properly handle socket send exceptions, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted packets, related to unintended stack-frame values and buffer passing, aka "WINS Service Failed Response Vulnerability." | 9.3 |
2011-04-13 | CVE-2011-1229 | Null Pointer Dereference vulnerability in multiple products win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability." | 7.2 |
2011-02-10 | CVE-2011-0091 | Improper Authentication vulnerability in Microsoft Windows 7 and Windows Server 2008 Kerberos in Microsoft Windows Server 2008 R2 and Windows 7 does not prevent a session from changing from strong encryption to DES encryption, which allows man-in-the-middle attackers to spoof network traffic and obtain sensitive information via a DES downgrade, aka "Kerberos Spoofing Vulnerability." | 6.4 |
2011-02-09 | CVE-2011-0031 | Information Exposure vulnerability in Microsoft Windows 7 and Windows Server 2008 The (1) JScript 5.8 and (2) VBScript 5.8 scripting engines in Microsoft Windows Server 2008 R2 and Windows 7 do not properly load decoded scripts obtained from web pages, which allows remote attackers to trigger memory corruption and consequently obtain sensitive information via a crafted web site, aka "Scripting Engines Information Disclosure Vulnerability." | 4.3 |
2011-01-07 | CVE-2010-4669 | Resource Management Errors vulnerability in Microsoft products The Neighbor Discovery (ND) protocol implementation in the IPv6 stack in Microsoft Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, and Windows 7 allows remote attackers to cause a denial of service (CPU consumption and system hang) by sending many Router Advertisement (RA) messages with different source addresses, as demonstrated by the flood_router6 program in the thc-ipv6 package. | 7.8 |
2010-12-16 | CVE-2010-3966 | DLL Loading Arbitrary Code Execution vulnerability in Microsoft Windows BranchCache Untrusted search path vulnerability in Microsoft Windows Server 2008 R2 and Windows 7, when BranchCache is supported, allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains an EML file, an RSS file, or a WPOST file, aka "BranchCache Insecure Library Loading Vulnerability." Per: http://www.microsoft.com/technet/security/Bulletin/MS10-095.mspx 'This is a remote code execution vulnerability.' Per: http://cwe.mitre.org/data/definitions/426.html 'CWE-426: Untrusted Search Path' | 9.3 |
2010-12-16 | CVE-2010-3960 | Improper Input Validation vulnerability in Microsoft Windows Server 2008 R2 Hyper-V in Microsoft Windows Server 2008 Gold, SP2, and R2 allows guest OS users to cause a denial of service (host OS hang) by sending a crafted encapsulated packet over the VMBus, aka "Hyper-V VMBus Vulnerability." | 4.9 |
2010-12-16 | CVE-2010-3944 | Improper Input Validation vulnerability in Microsoft Windows 7 and Windows Server 2008 win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2008 R2 and Windows 7 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Win32k Memory Corruption Vulnerability." | 7.2 |
2010-12-16 | CVE-2010-2742 | Unspecified vulnerability in Microsoft products The Netlogon RPC Service in Microsoft Windows Server 2003 SP2 and Server 2008 Gold, SP2, and R2, when the domain controller role is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and reboot) via a crafted RPC packet, aka "Netlogon RPC Null dereference DOS Vulnerability." Per: http://cwe.mitre.org/data/definitions/476.html 'CWE-476 NULL pointer dereference' | 5.4 |
2010-12-06 | CVE-2010-4398 | Out-of-bounds Write vulnerability in Microsoft products Stack-based buffer overflow in the RtlQueryRegistryValues function in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges, and bypass the User Account Control (UAC) feature, via a crafted REG_BINARY value for a SystemDefaultEUDCFont registry key, aka "Driver Improper Interaction with Windows Kernel Vulnerability." | 7.8 |