This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Microsoft First view 2011-11-11
Product Windows Server 2008 Last view 2020-11-11
Version r2 Type Os
Update sp1  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:o:microsoft:windows_server_2008

Activity : Overall

Related : CVE

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
  Date Alert Description
9.8 2020-11-11 CVE-2020-17051

Windows Network File System Remote Code Execution Vulnerability

7.5 2020-11-11 CVE-2020-17047

Windows Network File System Denial of Service Vulnerability

5.5 2020-11-11 CVE-2020-17045

Windows KernelStream Information Disclosure Vulnerability

8.8 2020-11-11 CVE-2020-17042

Windows Print Spooler Remote Code Execution Vulnerability

7.8 2020-11-11 CVE-2020-17038

Win32k Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-17010.

5.5 2020-11-11 CVE-2020-17036

Windows Function Discovery SSDP Provider Information Disclosure Vulnerability

5.5 2020-11-11 CVE-2020-17029

Windows Canonical Display Driver Information Disclosure Vulnerability

7.8 2020-10-16 CVE-2020-16902

An elevation of privilege vulnerability exists in the Windows Installer when the Windows Installer fails to properly sanitize input leading to an insecure library loading behavior.A locally authenticated attacker could run arbitrary code with elevated system privileges, aka 'Windows Installer Elevation of Privilege Vulnerability'.

7.8 2020-10-16 CVE-2020-16900

An elevation of privilege vulnerability exists when the Windows Event System improperly handles objects in memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Event System Elevation of Privilege Vulnerability'.

7.8 2020-08-17 CVE-2020-1584

An elevation of privilege vulnerability exists in the way that the dnsrslvr.dll handles objects in memory, aka 'Windows dnsrslvr.dll Elevation of Privilege Vulnerability'.

7.8 2020-07-14 CVE-2020-1437

An elevation of privilege vulnerability exists in the way that the Windows Network Location Awareness Service handles objects in memory, aka 'Windows Network Location Awareness Service Elevation of Privilege Vulnerability'.

8.8 2020-07-14 CVE-2020-1436

A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted fonts.For all systems except Windows 10, an attacker who successfully exploited the vulnerability could execute code remotely, aka 'Windows Font Library Remote Code Execution Vulnerability'.

8.8 2020-07-14 CVE-2020-1435

A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory, aka 'GDI+ Remote Code Execution Vulnerability'.

7.8 2020-04-15 CVE-2020-0907

A remote code execution vulnerability exists in the way that Microsoft Graphics Components handle objects in memory, aka 'Microsoft Graphics Components Remote Code Execution Vulnerability'.

6.5 2020-03-12 CVE-2020-0774

An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-0874, CVE-2020-0879, CVE-2020-0880, CVE-2020-0882.

7.5 2020-03-12 CVE-2020-0645

A tampering vulnerability exists when Microsoft IIS Server improperly handles malformed request headers, aka 'Microsoft IIS Server Tampering Vulnerability'.

7.8 2019-10-10 CVE-2019-1339

An elevation of privilege vulnerability exists when Windows Error Reporting manager improperly handles hard links, aka 'Windows Error Reporting Manager Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1315, CVE-2019-1342.

7.8 2019-08-14 CVE-2019-1178

An elevation of privilege vulnerability exists in the way that the ssdpsrv.dll handles objects in memory, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1173, CVE-2019-1174, CVE-2019-1175, CVE-2019-1177, CVE-2019-1179, CVE-2019-1180, CVE-2019-1184, CVE-2019-1186.

8.8 2019-08-14 CVE-2019-1152

A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts, aka 'Microsoft Graphics Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1144, CVE-2019-1145, CVE-2019-1149, CVE-2019-1150, CVE-2019-1151.

8.8 2019-08-14 CVE-2019-1151

A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts, aka 'Microsoft Graphics Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1144, CVE-2019-1145, CVE-2019-1149, CVE-2019-1150, CVE-2019-1152.

8.8 2019-08-14 CVE-2019-1150

A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts, aka 'Microsoft Graphics Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1144, CVE-2019-1145, CVE-2019-1149, CVE-2019-1151, CVE-2019-1152.

8.8 2019-08-14 CVE-2019-1149

A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts, aka 'Microsoft Graphics Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1144, CVE-2019-1145, CVE-2019-1150, CVE-2019-1151, CVE-2019-1152.

8.8 2019-08-14 CVE-2019-1145

A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts, aka 'Microsoft Graphics Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1144, CVE-2019-1149, CVE-2019-1150, CVE-2019-1151, CVE-2019-1152.

8.8 2019-08-14 CVE-2019-1144

A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts, aka 'Microsoft Graphics Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1145, CVE-2019-1149, CVE-2019-1150, CVE-2019-1151, CVE-2019-1152.

5.5 2019-03-05 CVE-2019-0636

An information vulnerability exists when Windows improperly discloses file information, aka 'Windows Information Disclosure Vulnerability'.

CWE : Common Weakness Enumeration

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
%idName
34% (133) CWE-200 Information Exposure
18% (73) CWE-264 Permissions, Privileges, and Access Controls
12% (47) CWE-20 Improper Input Validation
11% (44) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
3% (13) CWE-281 Improper Preservation of Permissions
2% (9) CWE-284 Access Control (Authorization) Issues
2% (8) CWE-665 Improper Initialization
1% (7) CWE-404 Improper Resource Shutdown or Release
1% (7) CWE-94 Failure to Control Generation of Code ('Code Injection')
1% (7) CWE-19 Data Handling
1% (5) CWE-269 Improper Privilege Management
1% (5) CWE-254 Security Features
1% (4) CWE-787 Out-of-bounds Write
0% (3) CWE-611 Information Leak Through XML External Entity File Disclosure
0% (2) CWE-415 Double Free
0% (2) CWE-401 Failure to Release Memory Before Removing Last Reference ('Memory L...
0% (2) CWE-399 Resource Management Errors
0% (2) CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflo...
0% (2) CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path ...
0% (1) CWE-755 Improper Handling of Exceptional Conditions
0% (1) CWE-732 Incorrect Permission Assignment for Critical Resource
0% (1) CWE-416 Use After Free
0% (1) CWE-362 Race Condition
0% (1) CWE-352 Cross-Site Request Forgery (CSRF)
0% (1) CWE-287 Improper Authentication

SAINT Exploits

Description Link
Windows OLE Package Manager CPackage::DoVerb() INF File Download Vulnerability More info here
Microsoft Word and WordPad RTF HTA handler command execution More info here

Open Source Vulnerability Database (OSVDB)

id Description
77908 Microsoft Windows win32k.sys Safari IFRAME Height Attribute Handling Remote M...
77213 Microsoft Windows AppLocker Rule Weakness Local Access Restriction Bypass

ExploitDB Exploits

id Description
35236 MS14-064 Microsoft Windows OLE Package Manager Code Execution
35235 MS14-064 Microsoft Windows OLE Package Manager Code Execution Through Python
35216 MS Office 2007 and 2010 - OLE Arbitrary Command Execution
35101 Windows TrackPopupMenu Win32k NULL Pointer Dereference
35055 Windows OLE - Remote Code Execution "Sandworm" Exploit (MS14-060)
35020 MS14-060 Microsoft Windows OLE Package Manager Code Execution
35019 Windows OLE Package Manager SandWorm Exploit
26554 Windows EPATHOBJ::pprFlattenRec Local Privilege Escalation

OpenVAS Exploits

id Description
2012-12-12 Name : Microsoft Windows Kernel-Mode Drivers Remote Code Execution Vulnerabilities (...
File : nvt/secpod_ms12-078.nasl
2012-12-12 Name : Microsoft Windows File Handling Component Remote Code Execution Vulnerability...
File : nvt/secpod_ms12-081.nasl
2012-06-13 Name : Microsoft Lync Remote Code Execution Vulnerabilities (2707956)
File : nvt/secpod_ms12-039.nasl
2012-05-14 Name : Microsoft Silverlight Code Execution Vulnerabilities - 2681578 (Mac OS X)
File : nvt/secpod_ms12-034_macosx.nasl
2012-05-09 Name : Microsoft Windows TCP/IP Privilege Elevation Vulnerabilities (2688338)
File : nvt/secpod_ms12-032.nasl
2012-05-09 Name : MS Security Update For Microsoft Office, .NET Framework, and Silverlight (268...
File : nvt/secpod_ms12-034.nasl
2012-02-15 Name : Windows Kernel-Mode Drivers Remote Code Execution Vulnerabilities (2660465)
File : nvt/secpod_ms12-008.nasl
0000-00-00 Name : Microsoft Windows Kernel 'win32k.sys' Memory Corruption Vulnerability
File : nvt/gb_ms_win_kernel_win32k_sys_mem_corruption_vuln.nasl

Information Assurance Vulnerability Management (IAVM)

id Description
2015-B-0110 Microsoft Active Directory Service Denial of Service Vulnerability (MS15-096)
Severity: Category II - VMSKEY: V0061369
2015-A-0190 Multiple Vulnerabilities in Microsoft Remote Desktop Protocol (RDP) (MS15-082)
Severity: Category II - VMSKEY: V0061299
2015-A-0167 Multiple Vulnerabilities in Microsoft Windows (MS15-069)
Severity: Category II - VMSKEY: V0061129
2015-B-0091 Multiple Vulnerabilities in Microsoft Hyper-V (MS15-068)
Severity: Category II - VMSKEY: V0061119
2015-A-0173 Microsoft Windows Netlogon Privilege Escalation Vulnerability (MS15-071)
Severity: Category II - VMSKEY: V0061111
2015-A-0168 Microsoft Graphics Component Privilege Escalation Vulnerability (MS15-072)
Severity: Category II - VMSKEY: V0061105
2015-A-0169 Multiple Vulnerabilities in Microsoft OLE (MS15-075)
Severity: Category II - VMSKEY: V0061103
2015-A-0162 Multiple Vulnerabilities in Microsoft Windows Kernel-Mode Driver (MS15-073)
Severity: Category II - VMSKEY: V0061097
2015-A-0164 Microsoft Windows Installer Privilege Escalation Vulnerability (MS15-074)
Severity: Category II - VMSKEY: V0061095
2015-A-0165 Microsoft Remote Procedure Call (RPC) Privilege Escalation Vulnerability (MS1...
Severity: Category II - VMSKEY: V0061093
2015-A-0122 Microsoft Windows Kernel Elevation of Privilege Vulnerability (MS15-063)
Severity: Category II - VMSKEY: V0060961
2015-A-0088 Microsoft Windows Task Scheduler Privilege Escalation Vulnerability (MS15-037)
Severity: Category II - VMSKEY: V0059891
2015-A-0048 Multiple Vulnerabilities in Windows Kernel (MS15-025)
Severity: Category II - VMSKEY: V0058995
2015-A-0008 Microsoft Windows User Profile Service Privilege Escalation Vulnerability (MS...
Severity: Category II - VMSKEY: V0058209
2015-A-0007 Microsoft Windows Network Policy Server Remote Denial of Service Vulnerabilit...
Severity: Category I - VMSKEY: V0058207
2015-A-0006 Microsoft Windows Kernel-Mode Driver Privilege Escalation Vulnerability (MS15...
Severity: Category II - VMSKEY: V0058205
2015-A-0010 Microsoft Windows Remote Privilege Escalation Vulnerability (MS15-004)
Severity: Category II - VMSKEY: V0058203
2015-B-0004 Microsoft Network Location Awareness Service Security Bypass Vulnerability (M...
Severity: Category II - VMSKEY: V0058201
2015-B-0006 Microsoft Windows Telnet Buffer Overflow Vulnerability (MS15-002)
Severity: Category I - VMSKEY: V0058199
2014-A-0180 Microsoft Windows Kerberos Privilege Escalation Vulnerability
Severity: Category I - VMSKEY: V0057571
2014-A-0171 Multiple Vulnerabilities in Windows OLE
Severity: Category I - VMSKEY: V0057379
2014-B-0093 Microsoft Ancillary Function Driver Privilege Escalation Vulnerability
Severity: Category II - VMSKEY: V0052955
2014-B-0059 Multiple Vulnerabilities in Microsoft Windows
Severity: Category I - VMSKEY: V0050447
2012-A-0196 Microsoft Windows File Handling Component Remote Code Execution Vulnerability
Severity: Category II - VMSKEY: V0035488

Snort® IPS/IDS

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
Date Description
2020-10-13 Microsoft Windows NDIS.SYS driver buffer overflow attempt
RuleID : 55198 - Type : OS-WINDOWS - Revision : 1
2020-10-13 Microsoft Windows NDIS.SYS driver buffer overflow attempt
RuleID : 55197 - Type : OS-WINDOWS - Revision : 1
2020-09-15 Microsoft Windows DNS Resolver local privilege escalation attempt
RuleID : 54736 - Type : OS-WINDOWS - Revision : 1
2020-09-15 Microsoft Windows DNS Resolver local privilege escalation attempt
RuleID : 54735 - Type : OS-WINDOWS - Revision : 1
2020-01-16 Microsoft Word internal OLE object update attempt
RuleID : 52482 - Type : INDICATOR-COMPROMISE - Revision : 1
2020-01-16 Microsoft Word internal OLE object update attempt
RuleID : 52481 - Type : INDICATOR-COMPROMISE - Revision : 1
2019-12-05 Microsoft JET Database ExcelExtractString stack buffer overflow attempt
RuleID : 52073 - Type : SERVER-OTHER - Revision : 1
2019-12-05 Microsoft JET Database ExcelExtractString stack buffer overflow attempt
RuleID : 52072 - Type : SERVER-OTHER - Revision : 1
2019-09-24 Microsoft Excel Jet Database Engine code execution attempt
RuleID : 51183 - Type : FILE-OFFICE - Revision : 1
2019-09-24 Microsoft Excel Jet Database Engine code execution attempt
RuleID : 51182 - Type : FILE-OFFICE - Revision : 1
2019-04-18 Microsoft Windows TTF parsing counter overflow attempt
RuleID : 49483 - Type : FILE-OTHER - Revision : 1
2019-04-18 Microsoft Windows TTF parsing counter overflow attempt
RuleID : 49482 - Type : FILE-OTHER - Revision : 1
2019-03-12 Microsoft Windows SMB remote code execution attempt
RuleID : 49177 - Type : OS-WINDOWS - Revision : 1
2019-03-12 Microsoft Windows SMB remote code execution attempt
RuleID : 49176 - Type : OS-WINDOWS - Revision : 1
2019-03-12 Microsoft Windows SMB remote code execution attempt
RuleID : 49175 - Type : OS-WINDOWS - Revision : 1
2019-03-12 Microsoft Windows SMB remote code execution attempt
RuleID : 49174 - Type : OS-WINDOWS - Revision : 1
2019-03-12 Microsoft Windows SMB named pipe buffer overflow attempt
RuleID : 49146 - Type : OS-WINDOWS - Revision : 2
2019-02-07 Microsoft Windows arbitrary file read attempt
RuleID : 48800 - Type : OS-WINDOWS - Revision : 2
2019-02-07 Microsoft Windows arbitrary file read attempt
RuleID : 48799 - Type : OS-WINDOWS - Revision : 2
2019-02-07 Microsoft Windows kernel out of bounds read attempt
RuleID : 48790 - Type : OS-WINDOWS - Revision : 1
2019-02-07 Microsoft Windows kernel out of bounds read attempt
RuleID : 48789 - Type : OS-WINDOWS - Revision : 1
2018-12-14 Microsoft Internet Explorer DirectX information disclosure attempt
RuleID : 48371 - Type : BROWSER-IE - Revision : 1
2018-12-14 Microsoft Internet Explorer DirectX information disclosure attempt
RuleID : 48370 - Type : BROWSER-IE - Revision : 1
2018-11-10 Microsoft Windows privilege escalation attempt
RuleID : 48129 - Type : OS-WINDOWS - Revision : 1
2018-11-10 Microsoft Windows privilege escalation attempt
RuleID : 48128 - Type : OS-WINDOWS - Revision : 1

Nessus® Vulnerability Scanner

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2018-10-22 Name: An application installed on the remote macOS or Mac OS X host is affected by ...
File: macos_ms18_oct_office.nasl - Type: ACT_GATHER_INFO
2017-12-12 Name: The remote Windows host is affected by multiple vulnerabilities.
File: smb_nt_ms17_dec_4053578.nasl - Type: ACT_GATHER_INFO
2017-12-12 Name: The remote Windows host is affected by multiple vulnerabilities.
File: smb_nt_ms17_dec_4053579.nasl - Type: ACT_GATHER_INFO
2017-12-12 Name: The remote Windows host is affected by multiple vulnerabilities.
File: smb_nt_ms17_dec_4053580.nasl - Type: ACT_GATHER_INFO
2017-12-12 Name: The remote Windows host is affected by multiple vulnerabilities.
File: smb_nt_ms17_dec_4053581.nasl - Type: ACT_GATHER_INFO
2017-12-12 Name: The remote Windows host is affected by multiple vulnerabilities.
File: smb_nt_ms17_dec_4054517.nasl - Type: ACT_GATHER_INFO
2017-12-12 Name: The remote Windows host is affected by multiple vulnerabilities.
File: smb_nt_ms17_dec_4054518.nasl - Type: ACT_GATHER_INFO
2017-12-12 Name: The remote Windows host is affected by multiple vulnerabilities.
File: smb_nt_ms17_dec_4054519.nasl - Type: ACT_GATHER_INFO
2017-12-12 Name: The remote Windows host is affected by multiple vulnerabilities.
File: smb_nt_ms17_dec_4054520.nasl - Type: ACT_GATHER_INFO
2017-12-12 Name: The remote Windows host is affected by multiple vulnerabilities.
File: smb_nt_ms17_dec_win2008.nasl - Type: ACT_GATHER_INFO
2017-11-30 Name: The Internet Explorer installation on the remote host is affected by multiple...
File: smb_nt_ms17_jul_internet_explorer.nasl - Type: ACT_GATHER_INFO
2017-11-14 Name: The remote Windows host is affected by multiple vulnerabilities.
File: smb_nt_ms17_nov_4048952.nasl - Type: ACT_GATHER_INFO
2017-11-14 Name: The remote Windows host is affected by multiple vulnerabilities.
File: smb_nt_ms17_nov_4048953.nasl - Type: ACT_GATHER_INFO
2017-11-14 Name: The remote Windows host is affected by multiple vulnerabilities.
File: smb_nt_ms17_nov_4048954.nasl - Type: ACT_GATHER_INFO
2017-11-14 Name: The remote Windows host is affected by multiple vulnerabilities.
File: smb_nt_ms17_nov_4048955.nasl - Type: ACT_GATHER_INFO
2017-11-14 Name: The remote Windows host is affected by multiple vulnerabilities.
File: smb_nt_ms17_nov_4048956.nasl - Type: ACT_GATHER_INFO
2017-11-14 Name: The remote Windows host is affected by multiple vulnerabilities.
File: smb_nt_ms17_nov_4048957.nasl - Type: ACT_GATHER_INFO
2017-11-14 Name: The remote Windows host is affected by multiple vulnerabilities.
File: smb_nt_ms17_nov_4048958.nasl - Type: ACT_GATHER_INFO
2017-11-14 Name: The remote Windows host is affected by multiple vulnerabilities.
File: smb_nt_ms17_nov_4048959.nasl - Type: ACT_GATHER_INFO
2017-11-14 Name: The remote Windows host is affected by multiple vulnerabilities.
File: smb_nt_ms17_nov_win2008.nasl - Type: ACT_GATHER_INFO
2017-11-03 Name: The remote Windows host is affected by multiple vulnerabilities.
File: smb_nt_ms17_aug_4034668.nasl - Type: ACT_GATHER_INFO
2017-11-03 Name: The remote Windows host is affected by multiple vulnerabilities.
File: smb_nt_ms17_jul_4025338.nasl - Type: ACT_GATHER_INFO
2017-11-03 Name: The remote Windows host is affected by multiple vulnerabilities.
File: smb_nt_ms17_oct_4042895.nasl - Type: ACT_GATHER_INFO
2017-11-03 Name: The remote Windows host is affected by multiple vulnerabilities.
File: smb_nt_ms17_sep_4038781.nasl - Type: ACT_GATHER_INFO
2017-10-20 Name: The remote Windows host is affected by an information disclosure vulnerability.
File: smb_nt_ms17_apr_3217841.nasl - Type: ACT_GATHER_INFO