Skip to main content

Windows Server 2008

3078 CVEs product

Monthly

CVE-2012-0178 HIGH This Week

Race condition in partmgr.sys in Windows Partition Manager in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Microsoft Windows 7 Windows Server 2008 Windows Vista
NVD
CVSS 2.0
7.2
EPSS
0.5%
CVE-2012-0174 LOW Monitor

Windows Firewall in tcpip.sys in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly enforce firewall rules for outbound broadcast. Rated low severity (CVSS 1.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Microsoft Windows 7 Windows Server 2008 Windows Vista
NVD
CVSS 2.0
1.7
EPSS
1.0%
CVE-2012-0165 CRITICAL Emergency

GDI+ in Microsoft Windows Vista SP2 and Server 2008 SP2 and Office 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1 does not properly validate record types in EMF images, which allows remote. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Epss exploitation probability 62.1% and no vendor patch available.

Microsoft RCE Office Windows Server 2008 Windows Vista
NVD
CVSS 2.0
9.3
EPSS
62.1%
CVE-2012-0159 CRITICAL Emergency

Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview; Office 2003 SP3, 2007. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Epss exploitation probability 64.6% and no vendor patch available.

Microsoft RCE Office Windows 7 Windows 8 +4
NVD
CVSS 2.0
9.3
EPSS
64.6%
CVE-2012-0157 HIGH This Week

win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Microsoft Windows 7 Windows Server 2003 Windows Server 2008 +2
NVD
CVSS 3.1
8.4
EPSS
1.4%
CVE-2012-0156 MEDIUM This Month

DirectWrite in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly render Unicode characters, which allows remote attackers to cause a. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Epss exploitation probability 23.2% and no vendor patch available.

Denial Of Service Microsoft Windows 7 Windows Server 2008 Windows Vista
NVD
CVSS 2.0
4.3
EPSS
23.2%
CVE-2012-0152 MEDIUM This Month

The Remote Desktop Protocol (RDP) service in Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 allows remote attackers to cause a denial of service (application hang) via a. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Epss exploitation probability 85.4% and no vendor patch available.

Denial Of Service Microsoft Windows 7 Windows Server 2008
NVD
CVSS 2.0
4.3
EPSS
85.4%
CVE-2012-0006 MEDIUM This Month

The DNS server in Microsoft Windows Server 2003 SP2 and Server 2008 SP2, R2, and R2 SP1 does not properly handle objects in memory during record lookup, which allows remote attackers to cause a. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 62.6% and no vendor patch available.

Denial Of Service Microsoft Windows Server 2003 Windows Server 2008
NVD
CVSS 2.0
5.0
EPSS
62.6%
CVE-2012-0002 CRITICAL POC THREAT Emergency

The Remote Desktop Protocol (RDP) implementation in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 87.4%.

Code Injection Microsoft RCE Windows 7 Windows Server 2003 +3
NVD Exploit-DB
CVSS 2.0
9.3
EPSS
87.4%
Threat
6.0
CVE-2012-1194 MEDIUM POC This Month

The resolver in the DNS Server service in Microsoft Windows Server 2008 before R2 overwrites cached server names and TTL values in NS records during the processing of a response to an A record query,. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Microsoft Windows Server 2008
NVD
CVSS 2.0
6.4
EPSS
9.7%
CVE-2012-0154 HIGH This Week

Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Microsoft Windows 7 Windows Server 2003 Windows Server 2008 +2
NVD
CVSS 2.0
7.2
EPSS
1.3%
CVE-2012-0150 CRITICAL Emergency

Buffer overflow in msvcrt.dll in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted media. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Epss exploitation probability 59.8% and no vendor patch available.

Buffer Overflow Microsoft RCE Windows 7 Windows Server 2008 +1
NVD
CVSS 2.0
9.3
EPSS
59.8%
CVE-2012-0148 HIGH This Week

afd.sys in the Ancillary Function Driver in Microsoft Windows XP SP2, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 on 64-bit. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Microsoft Windows 7 Windows Server 2003 Windows Server 2008 +2
NVD
CVSS 2.0
7.2
EPSS
1.5%
CVE-2012-0013 CRITICAL POC THREAT Emergency

Incomplete blacklist vulnerability in the Windows Packager configuration in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 86.5%.

Microsoft RCE Windows 7 Windows Server 2003 Windows Server 2008 +2
NVD Exploit-DB
CVSS 2.0
9.3
EPSS
86.5%
Threat
6.0
CVE-2012-0005 MEDIUM This Month

The Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP2, and Server 2008 SP2, when a Chinese, Japanese, or Korean. Rated medium severity (CVSS 6.9). No vendor patch available.

Privilege Escalation Microsoft Windows Server 2003 Windows Server 2008 Windows Vista +1
NVD
CVSS 2.0
6.9
EPSS
3.7%
CVE-2012-0004 CRITICAL Emergency

Unspecified vulnerability in DirectShow in DirectX in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Epss exploitation probability 64.4% and no vendor patch available.

Microsoft RCE Windows 7 Windows Server 2003 Windows Server 2008 +2
NVD
CVSS 2.0
9.3
EPSS
64.4%
CVE-2012-0003 HIGH POC THREAT Act Now

Unspecified vulnerability in winmm.dll in Windows Multimedia Library in Windows Media Player (WMP) in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP2, and Server 2008 SP2 allows remote. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and EPSS exploitation probability 88.0%.

Microsoft RCE Windows 7 Windows Server 2003 Windows Server 2008 +2
NVD Exploit-DB
CVSS 3.1
8.1
EPSS
88.0%
Threat
5.8
CVE-2012-0001 CRITICAL Emergency

The kernel in Microsoft Windows XP SP2, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly load structured exception. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Epss exploitation probability 51.2% and no vendor patch available.

Microsoft Authentication Bypass Windows 7 Windows Server 2003 Windows Server 2008 +2
NVD
CVSS 2.0
9.3
EPSS
51.2%
EPSS 0% CVSS 7.2
HIGH This Week

Race condition in partmgr.sys in Windows Partition Manager in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Microsoft Windows 7 +2
NVD
EPSS 1% CVSS 1.7
LOW Monitor

Windows Firewall in tcpip.sys in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly enforce firewall rules for outbound broadcast. Rated low severity (CVSS 1.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Microsoft Windows 7 +2
NVD
EPSS 62% CVSS 9.3
CRITICAL Emergency

GDI+ in Microsoft Windows Vista SP2 and Server 2008 SP2 and Office 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1 does not properly validate record types in EMF images, which allows remote. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Epss exploitation probability 62.1% and no vendor patch available.

Microsoft RCE Office +2
NVD
EPSS 65% CVSS 9.3
CRITICAL Emergency

Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview; Office 2003 SP3, 2007. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Epss exploitation probability 64.6% and no vendor patch available.

Microsoft RCE Office +6
NVD
EPSS 1% CVSS 8.4
HIGH This Week

win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Microsoft Windows 7 +4
NVD
EPSS 23% CVSS 4.3
MEDIUM This Month

DirectWrite in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly render Unicode characters, which allows remote attackers to cause a. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Epss exploitation probability 23.2% and no vendor patch available.

Denial Of Service Microsoft Windows 7 +2
NVD
EPSS 85% CVSS 4.3
MEDIUM This Month

The Remote Desktop Protocol (RDP) service in Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 allows remote attackers to cause a denial of service (application hang) via a. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Epss exploitation probability 85.4% and no vendor patch available.

Denial Of Service Microsoft Windows 7 +1
NVD
EPSS 63% CVSS 5.0
MEDIUM This Month

The DNS server in Microsoft Windows Server 2003 SP2 and Server 2008 SP2, R2, and R2 SP1 does not properly handle objects in memory during record lookup, which allows remote attackers to cause a. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 62.6% and no vendor patch available.

Denial Of Service Microsoft Windows Server 2003 +1
NVD
EPSS 87% 6.0 CVSS 9.3
CRITICAL POC THREAT Emergency

The Remote Desktop Protocol (RDP) implementation in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 87.4%.

Code Injection Microsoft RCE +5
NVD Exploit-DB
EPSS 10% CVSS 6.4
MEDIUM POC This Month

The resolver in the DNS Server service in Microsoft Windows Server 2008 before R2 overwrites cached server names and TTL values in NS records during the processing of a response to an A record query,. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Microsoft Windows Server 2008
NVD
EPSS 1% CVSS 7.2
HIGH This Week

Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Microsoft Windows 7 +4
NVD
EPSS 60% CVSS 9.3
CRITICAL Emergency

Buffer overflow in msvcrt.dll in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted media. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Epss exploitation probability 59.8% and no vendor patch available.

Buffer Overflow Microsoft RCE +3
NVD
EPSS 1% CVSS 7.2
HIGH This Week

afd.sys in the Ancillary Function Driver in Microsoft Windows XP SP2, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 on 64-bit. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Microsoft Windows 7 +4
NVD
EPSS 86% 6.0 CVSS 9.3
CRITICAL POC THREAT Emergency

Incomplete blacklist vulnerability in the Windows Packager configuration in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 86.5%.

Microsoft RCE Windows 7 +4
NVD Exploit-DB
EPSS 4% CVSS 6.9
MEDIUM This Month

The Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP2, and Server 2008 SP2, when a Chinese, Japanese, or Korean. Rated medium severity (CVSS 6.9). No vendor patch available.

Privilege Escalation Microsoft Windows Server 2003 +3
NVD
EPSS 64% CVSS 9.3
CRITICAL Emergency

Unspecified vulnerability in DirectShow in DirectX in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Epss exploitation probability 64.4% and no vendor patch available.

Microsoft RCE Windows 7 +4
NVD
EPSS 88% 5.8 CVSS 8.1
HIGH POC THREAT Act Now

Unspecified vulnerability in winmm.dll in Windows Multimedia Library in Windows Media Player (WMP) in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP2, and Server 2008 SP2 allows remote. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and EPSS exploitation probability 88.0%.

Microsoft RCE Windows 7 +4
NVD Exploit-DB
EPSS 51% CVSS 9.3
CRITICAL Emergency

The kernel in Microsoft Windows XP SP2, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly load structured exception. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Epss exploitation probability 51.2% and no vendor patch available.

Microsoft Authentication Bypass Windows 7 +4
NVD
Prev Page 35 of 35

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy