Vulnerabilities > Microsoft > Windows Server 2008
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2010-04-14 | CVE-2010-0024 | Improper Input Validation vulnerability in Microsoft products The SMTP component in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, and Server 2008 Gold, SP2, and R2, and Exchange Server 2003 SP2, does not properly parse MX records, which allows remote DNS servers to cause a denial of service (service outage) via a crafted response to a DNS MX record query, aka "SMTP Server MX Record Vulnerability." | 5.0 |
2010-03-23 | CVE-2010-0161 | Resource Management Errors vulnerability in Mozilla Seamonkey and Thunderbird The nsAuthSSPI::Unwrap function in extensions/auth/nsAuthSSPI.cpp in Mozilla Thunderbird before 2.0.0.24 and SeaMonkey before 1.1.19 on Windows Vista, Windows Server 2008 R2, and Windows 7 allows remote SMTP, IMAP, and POP servers to cause a denial of service (heap memory corruption and application crash) or possibly execute arbitrary code via crafted data in a session that uses SSPI. | 4.3 |
2010-02-26 | CVE-2010-0719 | Improper Input Validation vulnerability in Microsoft products An unspecified API in Microsoft Windows 2000, Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, and Windows 7 does not validate arguments, which allows local users to cause a denial of service (system crash) via a crafted application. | 4.7 |
2010-02-10 | CVE-2010-0233 | Unspecified vulnerability in Microsoft products Double free vulnerability in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows local users to gain privileges via a crafted application, aka "Windows Kernel Double Free Vulnerability." Per: http://cwe.mitre.org/data/slices/2000.html#d "CWE-415 Double Free" vulnerability | 7.2 |
2010-02-10 | CVE-2010-0035 | Unspecified vulnerability in Microsoft products The Key Distribution Center (KDC) in Kerberos in Microsoft Windows 2000 SP4, Server 2003 SP2, and Server 2008 Gold and SP2, when a trust relationship with a non-Windows Kerberos realm exists, allows remote authenticated users to cause a denial of service (NULL pointer dereference and domain controller outage) via a crafted Ticket Granting Ticket (TGT) renewal request, aka "Kerberos Null Pointer Dereference Vulnerability." Per: http://www.microsoft.com/technet/security/Bulletin/MS10-014.mspx "This vulnerability only affects domain controllers. network microsoft | 6.3 |
2010-02-10 | CVE-2010-0026 | Improper Input Validation vulnerability in Microsoft Windows Server 2008 The Hyper-V server implementation in Microsoft Windows Server 2008 Gold, SP2, and R2 on the x64 platform allows guest OS users to cause a denial of service (host OS hang) via a crafted application that executes a malformed series of machine instructions, aka "Hyper-V Instruction Set Validation Vulnerability." | 4.0 |
2009-12-09 | CVE-2009-2509 | Improper Input Validation vulnerability in Microsoft Windows Server 2003 and Windows Server 2008 Active Directory Federation Services (ADFS) in Microsoft Windows Server 2003 SP2 and Server 2008 Gold and SP2 does not properly validate headers in HTTP requests, which allows remote authenticated users to execute arbitrary code via a crafted request to an IIS web server, aka "Remote Code Execution in ADFS Vulnerability." | 9.0 |
2009-12-09 | CVE-2009-2508 | Credentials Management vulnerability in Microsoft Windows Server 2003 and Windows Server 2008 The single sign-on implementation in Active Directory Federation Services (ADFS) in Microsoft Windows Server 2003 SP2 and Server 2008 Gold and SP2 does not properly remove credentials at the end of a network session, which allows physically proximate attackers to obtain the credentials of a previous user of the same web browser by using data from the browser's cache, aka "Single Sign On Spoofing in ADFS Vulnerability." | 6.9 |
2009-11-13 | CVE-2009-3676 | Resource Management Errors vulnerability in Microsoft Windows 7 and Windows Server 2008 The SMB client in the kernel in Microsoft Windows Server 2008 R2 and Windows 7 allows remote SMB servers and man-in-the-middle attackers to cause a denial of service (infinite loop and system hang) via a (1) SMBv1 or (2) SMBv2 response packet that contains (a) an incorrect length value in a NetBIOS header or (b) an additional length field at the end of this response packet, aka "SMB Client Incomplete Response Vulnerability." | 7.1 |
2009-10-14 | CVE-2009-0555 | Code Injection vulnerability in Microsoft products Microsoft Windows Media Runtime, as used in DirectShow WMA Voice Codec, Windows Media Audio Voice Decoder, and Audio Compression Manager (ACM), does not properly process Advanced Systems Format (ASF) files, which allows remote attackers to execute arbitrary code via a crafted audio file that uses the Windows Media Speech codec, aka "Windows Media Runtime Voice Sample Rate Vulnerability." | 9.3 |