Vulnerabilities > Microsoft > Windows Server 2012 > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2014-07-08 | CVE-2014-2780 | Permissions, Privileges, and Access Controls vulnerability in Microsoft products DirectShow in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 allows local users to gain privileges by leveraging control over a low-integrity process to execute a crafted application, aka "DirectShow Elevation of Privilege Vulnerability." | 6.9 |
| 2014-06-11 | CVE-2014-1811 | Resource Management Errors vulnerability in Microsoft products The TCP implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to cause a denial of service (non-paged pool memory consumption and system hang) via malformed data in the Options field of a TCP header, aka "TCP Denial of Service Vulnerability." | 5.0 |
| 2014-06-11 | CVE-2014-0296 | Cryptographic Issues vulnerability in Microsoft products The Remote Desktop Protocol (RDP) implementation in Microsoft Windows 7 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 does not properly encrypt sessions, which makes it easier for man-in-the-middle attackers to obtain sensitive information by sniffing the network or modify session content by sending crafted RDP packets, aka "RDP MAC Vulnerability." | 5.1 |
| 2014-05-14 | CVE-2014-0256 | Improper Input Validation vulnerability in Microsoft Windows Server 2008 and Windows Server 2012 Microsoft Windows Server 2008 SP2 and R2 SP1 and Server 2012 Gold allow remote attackers to cause a denial of service (iSCSI service outage) by sending many crafted packets, aka "iSCSI Target Remote Denial of Service Vulnerability." | 5.0 |
| 2014-05-14 | CVE-2014-0255 | Improper Input Validation vulnerability in Microsoft Windows Server 2008 and Windows Server 2012 Microsoft Windows Server 2008 SP2 and R2 SP1 and Server 2012 Gold and R2 allow remote attackers to cause a denial of service (iSCSI service outage) by sending many crafted packets, aka "iSCSI Target Remote Denial of Service Vulnerability." | 5.0 |
| 2014-04-08 | CVE-2014-0315 | Untrusted Search Path vulnerability in Microsoft products Untrusted search path vulnerability in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a Trojan horse cmd.exe file in the current working directory, as demonstrated by a directory that contains a .bat or .cmd file, aka "Windows File Handling Vulnerability." Per: http://cwe.mitre.org/data/definitions/426.html "CWE-426: Untrusted Search Path" | 6.9 |
| 2014-03-12 | CVE-2014-0323 | Information Exposure vulnerability in Microsoft products win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to obtain sensitive information from kernel memory or cause a denial of service (system hang) via a crafted application, aka "Win32k Information Disclosure Vulnerability." | 6.6 |
| 2014-02-26 | CVE-2013-7331 | Information Exposure vulnerability in Microsoft Internet Explorer The Microsoft.XMLDOM ActiveX control in Microsoft Windows 8.1 and earlier allows remote attackers to determine the existence of local pathnames, UNC share pathnames, intranet hostnames, and intranet IP addresses by examining error codes, as demonstrated by a res:// URL, and exploited in the wild in February 2014. | 4.3 |
| 2013-12-11 | CVE-2013-5058 | Integer Overflow OR Wraparound vulnerability in Microsoft products Integer overflow in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 allows local users to gain privileges via a crafted application, aka "Win32k Integer Overflow Vulnerability." Per: http://technet.microsoft.com/en-us/security/bulletin/ms13-101 "Win32k Integer Overflow Vulnerability - CVE-2013-5058 A denial of service vulnerability exists in the way that the Win32k.sys kernel-mode driver handles objects in memory. | 6.9 |
| 2013-12-11 | CVE-2013-3903 | Improper Input Validation vulnerability in Microsoft products Array index error in win32k.sys in the kernel-mode drivers in Microsoft Windows 8, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to cause a denial of service (reboot) via a crafted TrueType font (TTF) file, aka "TrueType Font Parsing Vulnerability." | 4.7 |