ReportizFlow
Filtered by vendor Microsoft
Subscriptions
Filtered by product Windows Server 2008
Subscriptions
Total
4074 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2009-2502 | 1 Microsoft | 27 .net Framework, Excel Viewer, Expression Web and 24 more | 2026-04-23 | 8.1 High |
| Buffer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a crafted TIFF image file, aka "GDI+ TIFF Buffer Overflow Vulnerability." | ||||
| CVE-2009-0554 | 1 Microsoft | 6 Internet Explorer, Windows 2000, Windows Server 2003 and 3 more | 2026-04-23 | 8.8 High |
| Microsoft Internet Explorer 5.01 SP4, 6 SP1, 6 and 7 on Windows XP SP2 and SP3, 6 and 7 on Windows Server 2003 SP1 and SP2, 7 on Windows Vista Gold and SP1, and 7 on Windows Server 2008 allows remote attackers to execute arbitrary code via a web page that triggers presence of an object in memory that was (1) not properly initialized or (2) deleted, aka "Uninitialized Memory Corruption Vulnerability." | ||||
| CVE-2009-1125 | 1 Microsoft | 5 Windows 2000, Windows Server 2003, Windows Server 2008 and 2 more | 2026-04-23 | N/A |
| The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 does not properly validate an argument to an unspecified system call, which allows local users to gain privileges via a crafted application, aka "Windows Driver Class Registration Vulnerability." | ||||
| CVE-2009-0233 | 1 Microsoft | 3 Windows 2000, Windows Server 2003, Windows Server 2008 | 2026-04-23 | N/A |
| The DNS Resolver Cache Service (aka DNSCache) in Windows DNS Server in Microsoft Windows 2000 SP4, Server 2003 SP1 and SP2, and Server 2008, when dynamic updates are enabled, does not reuse cached DNS responses in all applicable situations, which makes it easier for remote attackers to predict transaction IDs and poison caches by simultaneously sending crafted DNS queries and responses, aka "DNS Server Query Validation Vulnerability." | ||||
| CVE-2009-0230 | 1 Microsoft | 6 Windows 2000, Windows 2003 Server, Windows Server and 3 more | 2026-04-23 | N/A |
| The Windows Print Spooler in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 allows remote authenticated users to gain privileges via a crafted RPC message that triggers loading of a DLL file from an arbitrary directory, aka "Print Spooler Load Library Vulnerability." | ||||
| CVE-2009-0229 | 1 Microsoft | 5 Windows 2000, Windows 2003 Server, Windows Server 2008 and 2 more | 2026-04-23 | N/A |
| The Windows Printing Service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 allows local users to read arbitrary files via a crafted separator page, aka "Print Spooler Read File Vulnerability." | ||||
| CVE-2009-1529 | 1 Microsoft | 7 Ie, Internet Explorer, Windows 2000 and 4 more | 2026-04-23 | 8.1 High |
| Microsoft Internet Explorer 7 for Windows XP SP2 and SP3; 7 for Server 2003 SP2; 7 for Vista Gold, SP1, and SP2; and 7 for Server 2008 SP2 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by calling the setCapture method on a collection of crafted objects, aka "Uninitialized Memory Corruption Vulnerability." | ||||
| CVE-2009-0243 | 1 Microsoft | 5 Windows 2000, Windows Server 2003, Windows Server 2008 and 2 more | 2026-04-23 | N/A |
| Microsoft Windows does not properly enforce the Autorun and NoDriveTypeAutoRun registry values, which allows physically proximate attackers to execute arbitrary code by (1) inserting CD-ROM media, (2) inserting DVD media, (3) connecting a USB device, and (4) connecting a Firewire device; (5) allows user-assisted remote attackers to execute arbitrary code by mapping a network drive; and allows user-assisted attackers to execute arbitrary code by clicking on (6) an icon under My Computer\Devices with Removable Storage and (7) an option in an AutoPlay dialog, related to the Autorun.inf file. NOTE: vectors 1 and 3 on Vista are already covered by CVE-2008-0951. | ||||
| CVE-2009-0551 | 1 Microsoft | 7 Ie, Internet Explorer, Windows 2000 and 4 more | 2026-04-23 | 8.1 High |
| Microsoft Internet Explorer 6 SP1, 6 and 7 on Windows XP SP2 and SP3, 6 and 7 on Windows Server 2003 SP1 and SP2, 7 on Windows Vista Gold and SP1, and 7 on Windows Server 2008 does not properly handle transition errors in a request for one HTTP document followed by a request for a second HTTP document, which allows remote attackers to execute arbitrary code via vectors involving (1) multiple crafted pages on a web site or (2) a web page with crafted inline content such as banner advertisements, aka "Page Transition Memory Corruption Vulnerability." | ||||
| CVE-2009-1216 | 1 Microsoft | 4 Subsystem For Unix-based Applications, Windows Server 2008, Windows Services For Unix and 1 more | 2026-04-23 | N/A |
| Multiple unspecified vulnerabilities in (1) unlzh.c and (2) unpack.c in the gzip libraries in Microsoft Windows Server 2008, Windows Services for UNIX 3.0 and 3.5, and the Subsystem for UNIX-based Applications (SUA); as used in gunzip, gzip, pack, pcat, and unpack 7.x before 7.0.1701.48, 8.x before 8.0.1969.62, and 9.x before 9.0.3790.2076; allow remote attackers to execute arbitrary code via unknown vectors. | ||||
| CVE-2009-0090 | 1 Microsoft | 7 .net Framework, Windows 2000, Windows 7 and 4 more | 2026-04-23 | N/A |
| Microsoft .NET Framework 1.0 SP3, 1.1 SP1, and 2.0 SP1 does not properly validate .NET verifiable code, which allows remote attackers to obtain unintended access to stack memory, and execute arbitrary code, via (1) a crafted XAML browser application (XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka "Microsoft .NET Framework Pointer Verification Vulnerability." | ||||
| CVE-2009-2529 | 1 Microsoft | 8 Ie, Internet Explorer, Windows 2000 and 5 more | 2026-04-23 | 8.1 High |
| Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, 7, and 8 does not properly handle argument validation for unspecified variables, which allows remote attackers to execute arbitrary code via a crafted HTML document, aka "HTML Component Handling Vulnerability." | ||||
| CVE-2009-1528 | 1 Microsoft | 5 Internet Explorer, Windows Server 2003, Windows Server 2008 and 2 more | 2026-04-23 | N/A |
| Microsoft Internet Explorer 6 and 7 for Windows XP SP2 and SP3; 6 and 7 for Server 2003 SP2; 7 for Vista Gold, SP1, and SP2; and 7 for Server 2008 SP2 does not properly synchronize AJAX requests, which allows allows remote attackers to execute arbitrary code via a large number of concurrent, asynchronous XMLHttpRequest calls, aka "HTML Object Memory Corruption Vulnerability." | ||||
| CVE-2009-0555 | 1 Microsoft | 7 Windows 2000, Windows Media Format Runtime, Windows Media Player and 4 more | 2026-04-23 | N/A |
| Microsoft Windows Media Runtime, as used in DirectShow WMA Voice Codec, Windows Media Audio Voice Decoder, and Audio Compression Manager (ACM), does not properly process Advanced Systems Format (ASF) files, which allows remote attackers to execute arbitrary code via a crafted audio file that uses the Windows Media Speech codec, aka "Windows Media Runtime Voice Sample Rate Vulnerability." | ||||
| CVE-2009-2498 | 1 Microsoft | 8 Media Foundation Sdk, Windows 2000, Windows Media Format Runtime and 5 more | 2026-04-23 | N/A |
| Microsoft Windows Media Format Runtime 9.0, 9.5, and 11 and Windows Media Services 9.1 and 2008 do not properly parse malformed headers in Advanced Systems Format (ASF) files, which allows remote attackers to execute arbitrary code via a crafted (1) .asf, (2) .wmv, or (3) .wma file, aka "Windows Media Header Parsing Invalid Free Vulnerability." | ||||
| CVE-2009-1536 | 1 Microsoft | 3 .net Framework, Windows Server 2008, Windows Vista | 2026-04-23 | N/A |
| ASP.NET in Microsoft .NET Framework 2.0 SP1 and SP2 and 3.5 Gold and SP1, when ASP 2.0 is used in integrated mode on IIS 7.0, does not properly manage request scheduling, which allows remote attackers to cause a denial of service (daemon outage) via a series of crafted HTTP requests, aka "Remote Unauthenticated Denial of Service in ASP.NET Vulnerability." | ||||
| CVE-2009-1532 | 1 Microsoft | 5 Internet Explorer, Windows Server 2003, Windows Server 2008 and 2 more | 2026-04-23 | 8.8 High |
| Microsoft Internet Explorer 8 for Windows XP SP2 and SP3; 8 for Server 2003 SP2; 8 for Vista Gold, SP1, and SP2; and 8 for Server 2008 SP2 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code via "malformed row property references" that trigger an access of an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "HTML Objects Memory Corruption Vulnerability" or "HTML Object Memory Corruption Vulnerability." | ||||
| CVE-2009-2497 | 1 Microsoft | 7 .net Framework, Windows 2000, Windows 7 and 4 more | 2026-04-23 | N/A |
| The Common Language Runtime (CLR) in Microsoft .NET Framework 2.0, 2.0 SP1, 2.0 SP2, 3.5, and 3.5 SP1, and Silverlight 2, does not properly handle interfaces, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP), (2) a crafted Silverlight application, (3) a crafted ASP.NET application, or (4) a crafted .NET Framework application, aka "Microsoft Silverlight and Microsoft .NET Framework CLR Vulnerability." | ||||
| CVE-2009-2503 | 1 Microsoft | 27 .net Framework, Excel Viewer, Expression Web and 24 more | 2026-04-23 | N/A |
| GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Windows Server 2003 SP2, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 does not properly allocate an unspecified buffer, which allows remote attackers to execute arbitrary code via a crafted TIFF image file that triggers memory corruption, aka "GDI+ TIFF Memory Corruption Vulnerability." | ||||
| CVE-2009-2516 | 1 Microsoft | 5 Windows 2000, Windows Server 2003, Windows Server 2008 and 2 more | 2026-04-23 | 7.1 High |
| The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold and SP1, and Server 2008 Gold does not properly validate data sent from user mode, which allows local users to gain privileges via a crafted PE .exe file that triggers a NULL pointer dereference during chain traversal, aka "Windows Kernel NULL Pointer Dereference Vulnerability." | ||||