Filtered by vendor Microsoft
Subscriptions
Filtered by product Windows Server 2008
Subscriptions
Total
3583 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2010-1896 | 1 Microsoft | 5 Windows 2003 Server, Windows Server 2003, Windows Server 2008 and 2 more | 2024-11-21 | 8.4 High |
The Windows kernel-mode drivers in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, and Windows Server 2008 Gold and SP2 do not properly validate user-mode input passed to kernel mode, which allows local users to gain privileges via a crafted application, aka "Win32k User Input Validation Vulnerability." | ||||
CVE-2010-1893 | 1 Microsoft | 3 Windows 7, Windows Server 2008, Windows Vista | 2024-11-21 | N/A |
Integer overflow in the TCP/IP stack in Microsoft Windows Vista SP1, Windows Server 2008 Gold and R2, and Windows 7 allows local users to gain privileges via a buffer of user-mode data that is copied to kernel mode, aka "Integer Overflow in Windows Networking Vulnerability." | ||||
CVE-2010-1892 | 1 Microsoft | 3 Windows 7, Windows Server 2008, Windows Vista | 2024-11-21 | N/A |
The TCP/IP stack in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly handle malformed IPv6 packets, which allows remote attackers to cause a denial of service (system hang) via multiple crafted packets, aka "IPv6 Memory Corruption Vulnerability." | ||||
CVE-2010-1890 | 1 Microsoft | 3 Windows 7, Windows Server 2008, Windows Vista | 2024-11-21 | N/A |
The kernel in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate ACLs on kernel objects, which allows local users to cause a denial of service (reboot) via a crafted application, aka "Windows Kernel Improper Validation Vulnerability." | ||||
CVE-2010-1889 | 1 Microsoft | 2 Windows Server 2008, Windows Vista | 2024-11-21 | N/A |
Double free vulnerability in the kernel in Microsoft Windows Vista SP1 and SP2, and Windows Server 2008 Gold and SP2, allows local users to gain privileges via a crafted application, related to object initialization during error handling, aka "Windows Kernel Double Free Vulnerability." | ||||
CVE-2010-1887 | 1 Microsoft | 6 Windows 2003 Server, Windows 7, Windows Server 2003 and 3 more | 2024-11-21 | N/A |
The Windows kernel-mode drivers in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 do not properly validate an unspecified system-call argument, which allows local users to cause a denial of service (system hang) via a crafted application, aka "Win32k Bounds Checking Vulnerability." | ||||
CVE-2010-1886 | 1 Microsoft | 5 Windows 2003 Server, Windows 7, Windows Server 2008 and 2 more | 2024-11-21 | N/A |
Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 SP2 and R2, and Windows 7 allow local users to gain privileges by leveraging access to a process with NetworkService credentials, as demonstrated by TAPI Server, SQL Server, and IIS processes, and related to the Windows Service Isolation feature. NOTE: the vendor states that privilege escalation from NetworkService to LocalSystem does not cross a "security boundary." | ||||
CVE-2010-1883 | 1 Microsoft | 6 Windows 2003 Server, Windows 7, Windows Server 2003 and 3 more | 2024-11-21 | N/A |
Integer overflow in the Embedded OpenType (EOT) Font Engine in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows remote attackers to execute arbitrary code via a crafted table in an embedded font, aka "Embedded OpenType Font Integer Overflow Vulnerability." | ||||
CVE-2010-1880 | 1 Microsoft | 6 Directx, Windows 2000, Windows 2003 Server and 3 more | 2024-11-21 | N/A |
Unspecified vulnerability in Quartz.dll for DirectShow on Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista SP1, and Server 2008 allows remote attackers to execute arbitrary code via a media file with crafted compression data, aka "MJPEG Media Decompression Vulnerability." | ||||
CVE-2010-1690 | 1 Microsoft | 5 Exchange Server, Windows 2000, Windows Server 2003 and 2 more | 2024-11-21 | N/A |
The DNS implementation in smtpsvc.dll before 6.0.2600.5949 in Microsoft Windows 2000 SP4 and earlier, Windows XP SP3 and earlier, Windows Server 2003 SP2 and earlier, Windows Server 2008 SP2 and earlier, Windows Server 2008 R2, Exchange Server 2003 SP3 and earlier, Exchange Server 2007 SP2 and earlier, and Exchange Server 2010 does not verify that transaction IDs of responses match transaction IDs of queries, which makes it easier for man-in-the-middle attackers to spoof DNS responses, a different vulnerability than CVE-2010-0024 and CVE-2010-0025. | ||||
CVE-2010-1689 | 1 Microsoft | 5 Exchange Server, Windows 2000, Windows Server 2003 and 2 more | 2024-11-21 | N/A |
The DNS implementation in smtpsvc.dll before 6.0.2600.5949 in Microsoft Windows 2000 SP4 and earlier, Windows XP SP3 and earlier, Windows Server 2003 SP2 and earlier, Windows Server 2008 SP2 and earlier, Windows Server 2008 R2, Exchange Server 2003 SP3 and earlier, Exchange Server 2007 SP2 and earlier, and Exchange Server 2010 uses predictable transaction IDs that are formed by incrementing a previous ID by 1, which makes it easier for man-in-the-middle attackers to spoof DNS responses, a different vulnerability than CVE-2010-0024 and CVE-2010-0025. | ||||
CVE-2010-1292 | 3 Adobe, Apple, Microsoft | 7 Shockwave Player, Macos, Windows and 4 more | 2024-11-21 | N/A |
The implementation of pami RIFF chunk parsing in Adobe Shockwave Player before 11.5.7.609 does not validate a certain value from a file before using it in file-pointer calculations, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted .dir (aka Director) file. | ||||
CVE-2010-1291 | 3 Adobe, Apple, Microsoft | 7 Shockwave Player, Macos, Windows and 4 more | 2024-11-21 | N/A |
Adobe Shockwave Player before 11.5.7.609 allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-1284, CVE-2010-1286, CVE-2010-1287, CVE-2010-1289, and CVE-2010-1290. | ||||
CVE-2010-1289 | 3 Adobe, Apple, Microsoft | 7 Shockwave Player, Macos, Windows and 4 more | 2024-11-21 | N/A |
Adobe Shockwave Player before 11.5.7.609 allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-1284, CVE-2010-1286, CVE-2010-1287, CVE-2010-1290, and CVE-2010-1291. | ||||
CVE-2010-1288 | 3 Adobe, Apple, Microsoft | 7 Shockwave Player, Macos, Windows and 4 more | 2024-11-21 | N/A |
Buffer overflow in Adobe Shockwave Player before 11.5.7.609 might allow attackers to execute arbitrary code via unspecified vectors. | ||||
CVE-2010-1287 | 3 Adobe, Apple, Microsoft | 7 Shockwave Player, Macos, Windows and 4 more | 2024-11-21 | N/A |
Adobe Shockwave Player before 11.5.7.609 allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-1284, CVE-2010-1286, CVE-2010-1289, CVE-2010-1290, and CVE-2010-1291. | ||||
CVE-2010-1286 | 3 Adobe, Apple, Microsoft | 7 Shockwave Player, Macos, Windows and 4 more | 2024-11-21 | N/A |
Adobe Shockwave Player before 11.5.7.609 allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-1284, CVE-2010-1287, CVE-2010-1289, CVE-2010-1290, and CVE-2010-1291. | ||||
CVE-2010-1284 | 3 Adobe, Apple, Microsoft | 7 Shockwave Player, Macos, Windows and 4 more | 2024-11-21 | N/A |
Adobe Shockwave Player before 11.5.7.609 allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-1286, CVE-2010-1287, CVE-2010-1289, CVE-2010-1290, and CVE-2010-1291. | ||||
CVE-2010-1262 | 1 Microsoft | 7 Internet Explorer, Windows 2000, Windows 2003 Server and 4 more | 2024-11-21 | N/A |
Microsoft Internet Explorer 6 SP1 and SP2, 7, and 8 allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, related to the CStyleSheet object and a free of the root container, aka "Memory Corruption Vulnerability." | ||||
CVE-2010-1261 | 1 Microsoft | 6 Internet Explorer, Windows 2003 Server, Windows 7 and 3 more | 2024-11-21 | N/A |
The IE8 Developer Toolbar in Microsoft Internet Explorer 8 SP1, SP2, and SP3 allows user-assisted remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability." |