Vulnerabilities > Microsoft > Windows Server 2008 > r2
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2011-11-11 | CVE-2011-4434 | Permissions, Privileges, and Access Controls vulnerability in Microsoft Windows 7 and Windows Server 2008 Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 do not properly enforce AppLocker rules, which allows local users to bypass intended access restrictions via a (1) macro or (2) scripting feature in an application, as demonstrated by Microsoft Office applications and the SANDBOX_INERT and LOAD_IGNORE_CODE_AUTHZ_LEVEL flags. | 3.6 |
| 2011-11-08 | CVE-2011-2004 | Improper Input Validation vulnerability in Microsoft Windows 7 and Windows Server 2008 Array index error in win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 allows remote attackers to cause a denial of service (reboot) via a crafted TrueType font file, aka "TrueType Font Parsing Vulnerability," a different vulnerability than CVE-2011-3402. | 7.1 |
| 2011-09-15 | CVE-2011-1984 | Permissions, Privileges, and Access Controls vulnerability in Microsoft products WINS in Microsoft Windows Server 2003 SP2 and Server 2008 SP2, R2, and R2 SP1 allows local users to gain privileges by sending crafted packets over the loopback interface, aka "WINS Local Elevation of Privilege Vulnerability." | 7.2 |
| 2011-08-10 | CVE-2011-1975 | Unspecified vulnerability in Microsoft Windows 7 and Windows Server 2008 Untrusted search path vulnerability in the Data Access Tracing component in Windows Data Access Components (Windows DAC) 6.0 in Microsoft Windows 7 Gold and SP1 and Windows Server 2008 R2 and R2 SP1 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains an Excel .xlsx file, aka "Data Access Components Insecure Library Loading Vulnerability." Per: http://www.microsoft.com/technet/security/Bulletin/MS11-059.mspx Access Vector: Network per "This is a remote code execution vulnerability" Per: http://cwe.mitre.org/data/definitions/426.html 'CWE-426: Untrusted Search Path' | 9.3 |
| 2011-08-10 | CVE-2011-1970 | Buffer Errors vulnerability in Microsoft products The DNS server in Microsoft Windows Server 2003 SP2 and Windows Server 2008 SP2, R2, and R2 SP1 does not properly initialize memory, which allows remote attackers to cause a denial of service (service outage) via a query for a nonexistent domain, aka "DNS Uninitialized Memory Corruption Vulnerability." | 5.0 |
| 2011-08-10 | CVE-2011-1966 | Improper Input Validation vulnerability in Microsoft Windows Server 2008 R2 The DNS server in Microsoft Windows Server 2008 SP2, R2, and R2 SP1 does not properly handle NAPTR queries that trigger recursive processing, which allows remote attackers to execute arbitrary code via a crafted query, aka "DNS NAPTR Query Vulnerability." | 10.0 |
| 2011-08-10 | CVE-2011-1965 | Resource Management Errors vulnerability in Microsoft Windows 7 and Windows Server 2008 Tcpip.sys in the TCP/IP stack in Microsoft Windows 7 Gold and SP1 and Windows Server 2008 R2 and R2 SP1 does not properly implement URL-based QoS, which allows remote attackers to cause a denial of service (reboot) via a crafted URL to a web server, aka "TCP/IP QOS Denial of Service Vulnerability." | 7.1 |
| 2011-08-10 | CVE-2011-1263 | Cross-Site Scripting vulnerability in Microsoft Windows Server 2008 R2 Cross-site scripting (XSS) vulnerability in the logon page in Remote Desktop Web Access (RD Web Access) in Microsoft Windows Server 2008 R2 and R2 SP1 allows remote attackers to inject arbitrary web script or HTML via the URI, aka "Remote Desktop Web Access Vulnerability." | 4.3 |
| 2011-06-16 | CVE-2011-1872 | Resource Management Errors vulnerability in Microsoft Windows Server 2008 R2 Hyper-V in Microsoft Windows Server 2008 Gold, SP2, R2, and R2 SP1 allows guest OS users to cause a denial of service (host OS infinite loop) via malformed machine instructions in a VMBus packet, aka "VMBus Persistent DoS Vulnerability." | 4.7 |
| 2011-06-16 | CVE-2011-1267 | Resource Management Errors vulnerability in Microsoft Windows 7, Windows Server 2008 and Windows Vista The SMB server in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to cause a denial of service (system hang) via a crafted (1) SMBv1 or (2) SMBv2 request, aka "SMB Request Parsing Vulnerability." | 7.8 |