This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Microsoft First view 2008-10-14
Product Windows Server 2008 Last view 2012-02-17
Version * Type Os
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:o:microsoft:windows_server_2008

Activity : Overall

Related : CVE

  Date Alert Description
6.4 2012-02-17 CVE-2012-1194

The resolver in the DNS Server service in Microsoft Windows Server 2008 before R2 overwrites cached server names and TTL values in NS records during the processing of a response to an A record query, which allows remote attackers to trigger continued resolvability of revoked domain names via a "ghost domain names" attack.

9.3 2010-02-04 CVE-2010-0555

Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, 7, and 8 does not prevent rendering of non-HTML local files as HTML documents, which allows remote attackers to bypass intended access restrictions and read arbitrary files via vectors involving the product's use of text/html as the default content type for files that are encountered after a redirection, aka the URLMON sniffing vulnerability, a variant of CVE-2009-1140 and related to CVE-2008-1448.

10 2009-09-08 CVE-2009-3103

Array index error in the SMBv2 protocol implementation in srv2.sys in Microsoft Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold and SP2, and Windows 7 RC allows remote attackers to execute arbitrary code or cause a denial of service (system crash) via an & (ampersand) character in a Process ID High header field in a NEGOTIATE PROTOCOL REQUEST packet, which triggers an attempted dereference of an out-of-bounds memory location, aka "SMBv2 Negotiation Vulnerability." NOTE: some of these details are obtained from third party information.

9 2009-06-10 CVE-2009-0230

The Windows Print Spooler in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 allows remote authenticated users to gain privileges via a crafted RPC message that triggers loading of a DLL file from an arbitrary directory, aka "Print Spooler Load Library Vulnerability."

10 2009-04-15 CVE-2009-0086

Integer underflow in Windows HTTP Services (aka WinHTTP) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote HTTP servers to execute arbitrary code via crafted parameter values in a response, related to error handling, aka "Windows HTTP Services Integer Underflow Vulnerability."

7.2 2009-04-15 CVE-2009-0078

The Windows Management Instrumentation (WMI) provider in Microsoft Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly implement isolation among a set of distinct processes that (1) all run under the NetworkService account or (2) all run under the LocalService account, which allows local users to gain privileges by accessing the resources of one of the processes, aka "Windows WMI Service Isolation Vulnerability."

10 2009-04-01 CVE-2009-1216

Multiple unspecified vulnerabilities in (1) unlzh.c and (2) unpack.c in the gzip libraries in Microsoft Windows Server 2008, Windows Services for UNIX 3.0 and 3.5, and the Subsystem for UNIX-based Applications (SUA); as used in gunzip, gzip, pack, pcat, and unpack 7.x before 7.0.1701.48, 8.x before 8.0.1969.62, and 9.x before 9.0.3790.2076; allow remote attackers to execute arbitrary code via unknown vectors.

6.4 2009-03-11 CVE-2009-0234

The DNS Resolver Cache Service (aka DNSCache) in Windows DNS Server in Microsoft Windows 2000 SP4, Server 2003 SP1 and SP2, and Server 2008 does not properly cache crafted DNS responses, which makes it easier for remote attackers to predict transaction IDs and poison caches by sending many crafted DNS queries that trigger "unnecessary lookups," aka "DNS Server Response Validation Vulnerability."

5.8 2009-03-11 CVE-2009-0233

The DNS Resolver Cache Service (aka DNSCache) in Windows DNS Server in Microsoft Windows 2000 SP4, Server 2003 SP1 and SP2, and Server 2008, when dynamic updates are enabled, does not reuse cached DNS responses in all applicable situations, which makes it easier for remote attackers to predict transaction IDs and poison caches by simultaneously sending crafted DNS queries and responses, aka "DNS Server Query Validation Vulnerability."

5.5 2009-03-11 CVE-2009-0094

The WINS server in Microsoft Windows 2000 SP4 and Server 2003 SP1 and SP2 does not restrict registration of the (1) "wpad" and (2) "isatap" NetBIOS names, which allows remote authenticated users to hijack the Web Proxy Auto-Discovery (WPAD) and Intra-Site Automatic Tunnel Addressing Protocol (ISATAP) features, and conduct man-in-the-middle attacks by spoofing a proxy server or ISATAP route, by registering one of these names in the WINS database, aka "WPAD WINS Server Registration Vulnerability," a related issue to CVE-2007-1692.

3.5 2009-03-11 CVE-2009-0093

Windows DNS Server in Microsoft Windows 2000 SP4, Server 2003 SP1 and SP2, and Server 2008, when dynamic updates are enabled, does not restrict registration of the "wpad" hostname, which allows remote authenticated users to hijack the Web Proxy Auto-Discovery (WPAD) feature, and conduct man-in-the-middle attacks by spoofing a proxy server, via a Dynamic Update request for this hostname, aka "DNS Server Vulnerability in WPAD Registration Vulnerability," a related issue to CVE-2007-1692.

7.1 2009-03-10 CVE-2009-0085

The Secure Channel (aka SChannel) authentication component in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008, when certificate authentication is used, does not properly validate the client's key exchange data in Transport Layer Security (TLS) handshake messages, which allows remote attackers to spoof authentication by crafting a TLS packet based on knowledge of the certificate but not the private key, aka "SChannel Spoofing Vulnerability."

7.2 2009-03-10 CVE-2009-0083

The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 does not properly handle invalid pointers, which allows local users to gain privileges via an application that triggers use of a crafted pointer, aka "Windows Kernel Invalid Pointer Vulnerability."

7.2 2009-03-10 CVE-2009-0082

The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly validate handles, which allows local users to gain privileges via a crafted application that triggers unspecified "actions," aka "Windows Kernel Handle Validation Vulnerability."

9.3 2009-03-10 CVE-2009-0081

The graphics device interface (GDI) implementation in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly validate input received from user mode, which allows remote attackers to execute arbitrary code via a crafted (1) Windows Metafile (aka WMF) or (2) Enhanced Metafile (aka EMF) image file, aka "Windows Kernel Input Validation Vulnerability."

4 2009-01-28 CVE-2009-0320

Microsoft Windows XP, Server 2003 and 2008, and Vista exposes I/O activity measurements of all processes, which allows local users to obtain sensitive information, as demonstrated by reading the I/O Other Bytes column in Task Manager (aka taskmgr.exe) to estimate the number of characters that a different user entered at a runas.exe password prompt, related to a "benchmarking attack."

8.5 2008-12-10 CVE-2008-4269

The search-ms protocol handler in Windows Explorer in Microsoft Windows Vista Gold and SP1 and Server 2008 uses untrusted parameter data obtained from incorrect parsing, which allows remote attackers to execute arbitrary code via a crafted HTML document, aka "Windows Search Parsing Vulnerability."

8.5 2008-12-10 CVE-2008-4268

The Windows Search component in Microsoft Windows Vista Gold and SP1 and Server 2008 does not properly free memory during a save operation for a Windows Search file, which allows remote attackers to execute arbitrary code via a crafted saved-search file, aka "Windows Saved Search Vulnerability."

7.1 2008-10-20 CVE-2008-4609

The TCP implementation in (1) Linux, (2) platforms based on BSD Unix, (3) Microsoft Windows, (4) Cisco products, and probably other operating systems allows remote attackers to cause a denial of service (connection queue exhaustion) via multiple vectors that manipulate information in the TCP state table, as demonstrated by sockstress.

10 2008-10-14 CVE-2008-4038

Buffer underflow in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to execute arbitrary code via a Server Message Block (SMB) request that contains a filename with a crafted length, aka "SMB Buffer Underflow Vulnerability."

7.2 2008-10-14 CVE-2008-4036

Integer overflow in Memory Manager in Microsoft Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows local users to gain privileges via a crafted application that triggers an erroneous decrement of a variable, related to validation of parameters for Virtual Address Descriptors (VADs) and a "memory allocation mapping error," aka "Virtual Address Descriptor Elevation of Privilege Vulnerability."

7.2 2008-10-14 CVE-2008-2251

Double free vulnerability in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows local users to gain privileges via a crafted application that makes system calls within multiple threads, aka "Windows Kernel Unhandled Exception Vulnerability." NOTE: according to Microsoft, this is not a duplicate of CVE-2008-4510.

7.2 2008-10-14 CVE-2008-2250

The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly validate window properties sent from a parent window to a child window during creation of a new window, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Window Creation Vulnerability."

9 2008-10-14 CVE-2008-1446

Integer overflow in the Internet Printing Protocol (IPP) ISAPI extension in Microsoft Internet Information Services (IIS) 5.0 through 7.0 on Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, and Server 2008 allows remote authenticated users to execute arbitrary code via an HTTP POST request that triggers an outbound IPP connection from a web server to a machine operated by the attacker, aka "Integer Overflow in IPP Service Vulnerability."

CWE : Common Weakness Enumeration

%idName
28% (6) CWE-20 Improper Input Validation
19% (4) CWE-399 Resource Management Errors
14% (3) CWE-264 Permissions, Privileges, and Access Controls
14% (3) CWE-189 Numeric Errors
4% (1) CWE-362 Race Condition
4% (1) CWE-287 Improper Authentication
4% (1) CWE-200 Information Exposure
4% (1) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
4% (1) CWE-16 Configuration

SAINT Exploits

Description Link
Windows search-ms protocol handler command execution vulnerability More info here
Windows SMB2 buffer overflow More info here

Open Source Vulnerability Database (OSVDB)

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
62157 Microsoft IE text/html Content Type URLMON Sniffing Arbitrary File Access
62144 F5 Multiple Products TCP/IP Implementation Queue Connection Saturation TCP St...
61133 Citrix Multiple Products TCP/IP Implementation Queue Connection Saturation TC...
59482 Blue Coat Multiple Products TCP/IP Implementation Queue Connection Saturation...
58614 McAfee Email and Web Security Appliance TCP/IP Implementation Queue Connectio...
58321 Check Point Multiple Products TCP/IP Implementation Queue Connection Saturati...
58189 Yamaha RT Series Routers TCP/IP Implementation Queue Connection Saturation TC...
57993 Solaris TCP/IP Implementation Queue Connection Saturation TCP State Table Rem...
57799 Microsoft Windows srv2.sys Kernel Driver SMB2 Malformed NEGOTIATE PROTOCOL RE...
57795 Microsoft Windows TCP/IP Implementation Queue Connection Saturation TCP State...
57794 Multiple BSD TCP/IP Implementation Queue Connection Saturation TCP State Tabl...
57793 Multiple Linux TCP/IP Implementation Queue Connection Saturation TCP State Ta...
56514 Microsoft Windows gzip Libraries Unspecified Remote Code Execution
54934 Microsoft Windows Print Spooler Load Library Crafted RPC Message Arbitrary DL...
53666 Microsoft Windows Management Instrumentation (WMI) Service Isolation Local Pr...
53620 Microsoft Windows HTTP Services Web Server Response Unspecified Integer Under...
53533 Microsoft Windows Task Manager (taskmgr.exe) I/O Activity Local Information D...
52524 Microsoft Windows Invalid Pointer Local Privilege Escalation
52523 Microsoft Windows Handle Validation Local Privilege Escalation
52522 Microsoft Windows GDI Kernel Component Unspecified Remote Code Execution
52521 Microsoft Windows SChannel Certificate Based Authentication Spoofing Bypass
52520 Microsoft Windows WPAD WINS Server Registration Web Proxy MiTM Weakness
52519 Microsoft Windows DNS Server WPAD Registration Dynamic Update MiTM Weakness
52518 Microsoft Windows DNS Server Response Response Validation Transaction ID Pred...
52517 Microsoft Windows DNS Server Query Validation Spoofing

OpenVAS Exploits

id Description
2010-12-14 Name : Microsoft Windows Search Remote Code Execution Vulnerability (959349)
File : nvt/gb_ms08-075.nasl
2009-10-15 Name : Microsoft Windows SMB2 Negotiation Protocol Remote Code Execution Vulnerability
File : nvt/secpod_ms09-050-remote.nasl
2009-10-01 Name : Microsoft Windows SMB2 '_Smb2ValidateProviderCallback()' Remote Code Executio...
File : nvt/ms_smb2_highid.nasl
2009-09-10 Name : Microsoft Windows TCP/IP Remote Code Execution Vulnerability (967723)
File : nvt/secpod_ms09-048.nasl
2009-06-10 Name : Vulnerabilities in Print Spooler Could Allow Remote Code Execution (961501)
File : nvt/secpod_ms09-022.nasl
2009-04-15 Name : Vulnerabilities in Windows Could Allow Elevation of Privilege (959454)
File : nvt/secpod_ms09-012.nasl
2009-04-15 Name : Windows HTTP Services Could Allow Remote Code Execution Vulnerabilities (960803)
File : nvt/secpod_ms09-013.nasl
2009-03-11 Name : Vulnerabilities in Windows Kernel Could Allow Remote Code Execution (958690)
File : nvt/secpod_ms09-006.nasl
2009-03-11 Name : Vulnerability in SChannel Could Allow Spoofing (960225)
File : nvt/secpod_ms09-007.nasl
2009-03-11 Name : Vulnerabilities in DNS and WINS Server Could Allow Spoofing (962238)
File : nvt/secpod_ms09-008.nasl
2009-02-03 Name : MS Windows taskmgr.exe Information Disclosure Vulnerability
File : nvt/secpod_ms_taskmgr_info_disc_vuln.nasl
2008-10-15 Name : Windows Kernel Elevation of Privilege Vulnerability (954211)
File : nvt/secpod_ms08-061_900051.nasl
2008-10-15 Name : Windows Internet Printing Service Allow Remote Code Execution Vulnerability (...
File : nvt/secpod_ms08-062_900052.nasl
2008-10-15 Name : SMB Remote Code Execution Vulnerability (957095)
File : nvt/secpod_ms08-063_900053.nasl
2008-10-15 Name : Virtual Address Descriptor Manipulation Elevation of Privilege Vulnerability ...
File : nvt/secpod_ms08-064_900225.nasl

Information Assurance Vulnerability Management (IAVM)

id Description
2009-A-0034 Microsoft Windows HTTP Services Remote Code Execution Vulnerability
Severity: Category I - VMSKEY: V0018756
2009-A-0019 Microsoft Windows Secure Channel Vulnerability
Severity: Category II - VMSKEY: V0018549
2009-A-0018 Multiple Vulnerabilities in Windows DNS and WINS Servers
Severity: Category I - VMSKEY: V0018553
2008-B-0083 Multiple Windows Search Remote Code Execution Vulnerabilities
Severity: Category II - VMSKEY: V0017913
2008-B-0075 Microsoft Internet Printing Service Remote Code Execution Vulnerability
Severity: Category I - VMSKEY: V0017793

Snort® IPS/IDS

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
Date Description
2019-09-05 Microsoft Windows GDI EMF parsing arbitrary code execution attempt
RuleID : 50885 - Type : FILE-OTHER - Revision : 1
2019-09-05 Microsoft Windows GDI EMF parsing arbitrary code execution attempt
RuleID : 50884 - Type : FILE-OTHER - Revision : 1
2015-01-06 Microsoft Windows search protocol remote command injection attempt
RuleID : 32615 - Type : OS-WINDOWS - Revision : 2
2014-01-10 Microsoft Windows SMB malformed process ID high field denial of service attempt
RuleID : 26643 - Type : OS-WINDOWS - Revision : 6
2014-01-10 Microsoft search file attachment detected
RuleID : 21880 - Type : FILE-IDENTIFY - Revision : 12
2014-01-10 Microsoft search file attachment detected
RuleID : 21879 - Type : FILE-IDENTIFY - Revision : 11
2014-01-10 Microsoft Windows SMB Trans2 Find_First2 filename overflow attempt
RuleID : 21529 - Type : OS-WINDOWS - Revision : 9
2014-01-10 Microsoft Windows wpad dynamic update request
RuleID : 17731 - Type : OS-WINDOWS - Revision : 10
2014-01-10 Microsoft Windows DNS Server ANY query cache weakness
RuleID : 17696 - Type : PROTOCOL-DNS - Revision : 9
2014-01-10 Microsoft Windows IIS SChannel improper certificate verification
RuleID : 17431 - Type : SERVER-IIS - Revision : 12
2014-01-10 Microsoft Internet Explorer 7/8 execute local file in Internet zone redirect ...
RuleID : 16423 - Type : BROWSER-IE - Revision : 14
2014-01-10 Microsoft Windows TCP stack zero window size exploit attempt
RuleID : 16294 - Type : OS-WINDOWS - Revision : 15
2014-01-10 Microsoft Windows SMB malformed process ID high field remote code execution a...
RuleID : 15930 - Type : OS-WINDOWS - Revision : 23
2014-01-10 TCP window closed before receiving data
RuleID : 15912 - Type : OS-WINDOWS - Revision : 9
2014-01-10 Microsoft Windows DCERPC NCACN-IP-TCP spoolss RpcSetPrinterDataEx attempt
RuleID : 15528 - Type : OS-WINDOWS - Revision : 7
2014-01-10 IIS ASP/ASP.NET potentially malicious file upload attempt
RuleID : 15470 - Type : FILE-EXECUTABLE - Revision : 8
2014-01-10 Multiple web browsers HTTP chunked transfer-encoding memory corruption attempt
RuleID : 15462 - Type : BROWSER-OTHER - Revision : 20
2014-01-10 udp WINS WPAD registration attempt
RuleID : 15387 - Type : OS-WINDOWS - Revision : 13
2014-01-10 Microsoft Windows wpad dynamic update request
RuleID : 15386 - Type : OS-WINDOWS - Revision : 10
2014-01-10 Microsoft Internet Explorer EMF polyline overflow attempt
RuleID : 15300 - Type : BROWSER-IE - Revision : 9
2014-01-10 Microsoft Windows search protocol remote command injection attempt
RuleID : 15116 - Type : OS-WINDOWS - Revision : 16
2014-01-10 SMB spoolss EnumJobs response WriteAndX unicode andx attempt
RuleID : 14724 - Type : NETBIOS - Revision : 12
2014-01-10 SMB spoolss EnumJobs response WriteAndX andx attempt
RuleID : 14723 - Type : NETBIOS - Revision : 12
2014-01-10 SMB spoolss EnumJobs response unicode andx attempt
RuleID : 14722 - Type : NETBIOS - Revision : 12
2014-01-10 SMB spoolss EnumJobs response andx attempt
RuleID : 14721 - Type : NETBIOS - Revision : 12

Nessus® Vulnerability Scanner

id Description
2018-04-03 Name: The remote web server may allow remote code execution.
File: iis_7_pci.nasl - Type: ACT_GATHER_INFO
2014-10-10 Name: The remote device is missing a vendor-supplied security patch.
File: f5_bigip_SOL10509.nasl - Type: ACT_GATHER_INFO
2014-03-05 Name: The DNS server running on the remote host is vulnerable to DNS spoofing attacks.
File: ms_dns_kb961063.nasl - Type: ACT_GATHER_INFO
2010-09-01 Name: The remote device is missing a vendor-supplied security patch.
File: cisco-sa-20090908-tcp24http.nasl - Type: ACT_GATHER_INFO
2009-10-13 Name: The remote SMB server can be abused to execute code remotely.
File: smb_nt_ms09-050.nasl - Type: ACT_GATHER_INFO
2009-09-08 Name: Arbitrary code may be executed on the remote host through the SMB port
File: smb2_pid_high_vuln.nasl - Type: ACT_ATTACK
2009-09-08 Name: Multiple vulnerabilities in the Windows TCP/IP implementation could lead to d...
File: smb_nt_ms09-048.nasl - Type: ACT_GATHER_INFO
2009-06-10 Name: Arbitrary code can be executed on the remote host due to a flaw in the Spoole...
File: smb_nt_ms09-022.nasl - Type: ACT_GATHER_INFO
2009-04-15 Name: A local user can elevate his privileges on the remote host.
File: smb_nt_ms09-012.nasl - Type: ACT_GATHER_INFO
2009-04-15 Name: The remote host contains an API that is affected by multiple vulnerabilities.
File: smb_nt_ms09-013.nasl - Type: ACT_GATHER_INFO
2009-03-11 Name: It is possible to execute arbitrary code on the remote host.
File: smb_nt_ms09-006.nasl - Type: ACT_GATHER_INFO
2009-03-11 Name: It may be possible to spoof user identities.
File: smb_nt_ms09-007.nasl - Type: ACT_GATHER_INFO
2009-03-11 Name: The remote host is vulnerable to DNS and/or WINS spoofing attacks.
File: smb_nt_ms09-008.nasl - Type: ACT_GATHER_INFO
2008-12-10 Name: Vulnerabilities in the Windows Shell may allow an attacker to execute privile...
File: smb_nt_ms08-075.nasl - Type: ACT_GATHER_INFO
2008-10-15 Name: A local user can elevate privileges on the remote host.
File: smb_nt_ms08-064.nasl - Type: ACT_GATHER_INFO
2008-10-15 Name: It is possible to crash the remote host due to a flaw in the 'server' service.
File: smb_nt_ms08-063.nasl - Type: ACT_GATHER_INFO
2008-10-15 Name: It is possible to execute arbitrary code on the remote host via the internet ...
File: smb_nt_ms08-062.nasl - Type: ACT_GATHER_INFO
2008-10-15 Name: A local user can elevate his privileges on the remote host.
File: smb_nt_ms08-061.nasl - Type: ACT_GATHER_INFO