This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Microsoft First view 2009-10-14
Product Windows Server 2008 Last view 2019-09-11
Version - Type Os
Update sp2  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:o:microsoft:windows_server_2008

Activity : Overall

Related : CVE

  Date Alert Description
7.5 2019-09-11 CVE-2019-1236

A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'VBScript Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1208.

9.3 2009-10-14 CVE-2009-2497

The Common Language Runtime (CLR) in Microsoft .NET Framework 2.0, 2.0 SP1, 2.0 SP2, 3.5, and 3.5 SP1, and Silverlight 2, does not properly handle interfaces, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP), (2) a crafted Silverlight application, (3) a crafted ASP.NET application, or (4) a crafted .NET Framework application, aka "Microsoft Silverlight and Microsoft .NET Framework CLR Vulnerability."

9.3 2009-10-14 CVE-2009-0091

Microsoft .NET Framework 2.0, 2.0 SP1, and 3.5 does not properly enforce a certain type-equality constraint in .NET verifiable code, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka "Microsoft .NET Framework Type Verification Vulnerability."

9.3 2009-10-14 CVE-2009-0090

Microsoft .NET Framework 1.0 SP3, 1.1 SP1, and 2.0 SP1 does not properly validate .NET verifiable code, which allows remote attackers to obtain unintended access to stack memory, and execute arbitrary code, via (1) a crafted XAML browser application (XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka "Microsoft .NET Framework Pointer Verification Vulnerability."

CWE : Common Weakness Enumeration

%idName
50% (2) CWE-94 Failure to Control Generation of Code ('Code Injection')
25% (1) CWE-787 Out-of-bounds Write
25% (1) CWE-264 Permissions, Privileges, and Access Controls

Open Source Vulnerability Database (OSVDB)

id Description
58851 Microsoft .NET Framework / Silverlight Crafted Application Memory Manipulatio...
58850 Microsoft .NET Framework Object Casting Manipulation Arbitrary Code Execution
58849 Microsoft .NET Framework Crafted Application Managed Pointer Access Arbitrary...

OpenVAS Exploits

id Description
2009-10-15 Name : Microsoft .NET Common Language Runtime Code Execution Vulnerability (974378)
File : nvt/secpod_ms09-061.nasl

Snort® IPS/IDS

Date Description
2014-01-10 Microsoft Windows .NET MSIL CombineImpl suspicious usage attempt
RuleID : 16183 - Type : FILE-EXECUTABLE - Revision : 15
2014-01-10 Microsoft .NET MSIL stack corruption attempt
RuleID : 16182 - Type : FILE-EXECUTABLE - Revision : 9
2014-01-10 Microsoft .NET MSIL CLR interface multiple instantiation attempt
RuleID : 16179 - Type : FILE-EXECUTABLE - Revision : 9

Nessus® Vulnerability Scanner

id Description
2009-10-14 Name: The Microsoft .NET Common Language Runtime is affected by multiple vulnerabil...
File: smb_nt_ms09-061.nasl - Type: ACT_GATHER_INFO