Microsoft Windows Server 2008 vulnerabilities

CVE-2010-0485 [HIGH] CWE-20 CVE-2010-0485: The Windows kernel-mode drivers in win32k.sys in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server The Windows kernel-mode drivers in win32k.sys in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, Server 2008 Gold and SP2, Windows 7, and Server 2008 R2 "do not properly validate all callback parameters when creating a new window," which allows local users to execute arbitrary code, aka "Win32k Window Creation Vulnerability

CVE-2010-0819 [HIGH] CWE-20 CVE-2010-0819: Unspecified vulnerability in the Windows OpenType Compact Font Format (CFF) driver in Microsoft Wind Unspecified vulnerability in the Windows OpenType Compact Font Format (CFF) driver in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, Server 2008 SP2 and R2, and Windows 7 allows local users to execute arbitrary code via unknown vectors related to improper validation when copying data from user mode to kernel mode, aka "Op

CVE-2010-1255 [MEDIUM] CWE-94 CVE-2010-1255: The Windows kernel-mode drivers in win32k.sys in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server The Windows kernel-mode drivers in win32k.sys in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, Server 2008 Gold and SP2, Windows 7, and Server 2008 R2 allows local users to execute arbitrary code via vectors related to "glyph outline information" and TrueType fonts, aka "Win32k TrueType Font Parsing Vulnerability."

CVE-2009-3678 [CRITICAL] CWE-189 CVE-2009-3678: Integer overflow in cdd.dll in the Canonical Display Driver (CDD) in Microsoft Windows Server 2008 R Integer overflow in cdd.dll in the Canonical Display Driver (CDD) in Microsoft Windows Server 2008 R2 and Windows 7 on 64-bit platforms, when the Windows Aero theme is installed, allows context-dependent attackers to cause a denial of service (reboot) or possibly execute arbitrary code via a crafted image file that triggers incorrect data parsing af

CVE-2010-1690 [MEDIUM] CVE-2010-1690: The DNS implementation in smtpsvc.dll before 6.0.2600.5949 in Microsoft Windows 2000 SP4 and earlier The DNS implementation in smtpsvc.dll before 6.0.2600.5949 in Microsoft Windows 2000 SP4 and earlier, Windows XP SP3 and earlier, Windows Server 2003 SP2 and earlier, Windows Server 2008 SP2 and earlier, Windows Server 2008 R2, Exchange Server 2003 SP3 and earlier, Exchange Server 2007 SP2 and earlier, and Exchange Server 2010 does not verify that transaction

CVE-2010-1689 [MEDIUM] CVE-2010-1689: The DNS implementation in smtpsvc.dll before 6.0.2600.5949 in Microsoft Windows 2000 SP4 and earlier The DNS implementation in smtpsvc.dll before 6.0.2600.5949 in Microsoft Windows 2000 SP4 and earlier, Windows XP SP3 and earlier, Windows Server 2003 SP2 and earlier, Windows Server 2008 SP2 and earlier, Windows Server 2008 R2, Exchange Server 2003 SP3 and earlier, Exchange Server 2007 SP2 and earlier, and Exchange Server 2010 uses predictable transaction IDs

CVE-2010-0017 [CRITICAL] CWE-362 CVE-2010-0017: Race condition in the SMB client implementation in Microsoft Windows Server 2008 R2 and Windows 7 al Race condition in the SMB client implementation in Microsoft Windows Server 2008 R2 and Windows 7 allows remote SMB servers and man-in-the-middle attackers to execute arbitrary code, and in the SMB client implementation in Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2 allows local users to gain privileges, via a crafted SMB Negotiate

CVE-2010-0250 [CRITICAL] CWE-119 CVE-2010-0250: Heap-based buffer overflow in DirectShow in Microsoft DirectX, as used in the AVI Filter on Windows Heap-based buffer overflow in DirectShow in Microsoft DirectX, as used in the AVI Filter on Windows 2000 SP4, Windows XP SP2 and SP3, and Windows Server 2003 SP2, and in Quartz on Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7, allows remote att

CVE-2010-0252 [CRITICAL] CWE-94 CVE-2010-0252: The Microsoft Data Analyzer ActiveX control (aka the Office Excel ActiveX control for Data Analysis) The Microsoft Data Analyzer ActiveX control (aka the Office Excel ActiveX control for Data Analysis) in max3activex.dll in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows remote attackers to execute arbitrary code via a crafted w

CVE-2010-0233 [HIGH] CVE-2010-0233: Double free vulnerability in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 S Double free vulnerability in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows local users to gain privileges via a crafted application, aka "Windows Kernel Double Free Vulnerability."

CVE-2009-2505 [CRITICAL] CWE-287 CVE-2009-2505: The Internet Authentication Service (IAS) in Microsoft Windows Vista SP2 and Server 2008 SP2 does no The Internet Authentication Service (IAS) in Microsoft Windows Vista SP2 and Server 2008 SP2 does not properly validate MS-CHAP v2 Protected Extensible Authentication Protocol (PEAP) authentication requests, which allows remote attackers to execute arbitrary code via crafted structures in a malformed request, aka "Internet Authentication Service Mem

CVE-2009-3676 [HIGH] CWE-399 CVE-2009-3676: The SMB client in the kernel in Microsoft Windows Server 2008 R2 and Windows 7 allows remote SMB ser The SMB client in the kernel in Microsoft Windows Server 2008 R2 and Windows 7 allows remote SMB servers and man-in-the-middle attackers to cause a denial of service (infinite loop and system hang) via a (1) SMBv1 or (2) SMBv2 response packet that contains (a) an incorrect length value in a NetBIOS header or (b) an additional length field at the end of

CVE-2009-3103 [CRITICAL] CWE-399 CVE-2009-3103: Array index error in the SMBv2 protocol implementation in srv2.sys in Microsoft Windows Vista Gold, Array index error in the SMBv2 protocol implementation in srv2.sys in Microsoft Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold and SP2, and Windows 7 RC allows remote attackers to execute arbitrary code or cause a denial of service (system crash) via an & (ampersand) character in a Process ID High header field in a NEGOTIATE PROTOCOL REQU

CVE-2009-1124 [HIGH] CWE-20 CVE-2009-1124: The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 does not properly validate user-mode pointers in unspecified error conditions, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Pointer Validation Vulnerability."

CVE-2009-1126 [HIGH] CWE-20 CVE-2009-1126: The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 does not properly vali The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 does not properly validate the user-mode input associated with the editing of an unspecified desktop parameter, which allows local users to gain privileges via a crafted application, aka "Windows Desktop Parameter Edit Vulnerability."

CVE-2009-1125 [HIGH] CWE-20 CVE-2009-1125: The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 does not properly validate an argument to an unspecified system call, which allows local users to gain privileges via a crafted application, aka "Windows Driver Class Registration Vulnerability."

CVE-2009-0229 [MEDIUM] CWE-200 CVE-2009-0229: The Windows Printing Service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista G The Windows Printing Service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 allows local users to read arbitrary files via a crafted separator page, aka "Print Spooler Read File Vulnerability."