Vulnerabilities (CVE)

Filtered by vendor Microsoft Subscribe
Filtered by product Windows Server 2012
Total 3849 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2013-0090 1 Microsoft 9 Internet Explorer, Windows 7, Windows 8 and 6 more 2025-04-11 9.3 HIGH 8.8 HIGH
Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer CCaret Use After Free Vulnerability."
CVE-2013-0092 1 Microsoft 9 Internet Explorer, Windows 7, Windows 8 and 6 more 2025-04-11 9.3 HIGH N/A
Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer GetMarkupPtr Use After Free Vulnerability."
CVE-2013-3173 1 Microsoft 8 Windows 7, Windows 8, Windows Rt and 5 more 2025-04-11 7.2 HIGH N/A
Buffer overflow in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application that leverages improper handling of objects in memory, aka "Win32k Buffer Overwrite Vulnerability."
CVE-2013-1287 1 Microsoft 7 Windows 7, Windows 8, Windows Server 2003 and 4 more 2025-04-11 7.2 HIGH N/A
The USB kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 do not properly handle objects in memory, which allows physically proximate attackers to execute arbitrary code by connecting a crafted USB device, aka "Windows USB Descriptor Vulnerability," a different vulnerability than CVE-2013-1285 and CVE-2013-1286.
CVE-2013-3128 1 Microsoft 9 .net Framework, Windows 7, Windows 8 and 6 more 2025-04-11 9.3 HIGH N/A
The kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT, and .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, and 4.5, allow remote attackers to execute arbitrary code via a crafted OpenType font (OTF) file, aka "OpenType Font Parsing Vulnerability."
CVE-2013-3864 1 Microsoft 8 Windows 2003 Server, Windows 7, Windows 8 and 5 more 2025-04-11 7.2 HIGH N/A
win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application, aka "Win32k Multiple Fetch Vulnerability," a different vulnerability than CVE-2013-1342, CVE-2013-1343, CVE-2013-1344, and CVE-2013-3865.
CVE-2012-2897 2 Google, Microsoft 9 Chrome, Windows 7, Windows 8 and 6 more 2025-04-11 10.0 HIGH 7.8 HIGH
The kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT, as used by Google Chrome before 22.0.1229.79 and other programs, do not properly handle objects in memory, which allows remote attackers to execute arbitrary code via a crafted TrueType font file, aka "Windows Font Parsing Vulnerability" or "TrueType Font Parsing Vulnerability."
CVE-2013-0005 1 Microsoft 9 .net Framework, Management Odata Iis Extension, Windows 7 and 6 more 2025-04-11 7.8 HIGH N/A
The WCF Replace function in the Open Data (aka OData) protocol implementation in Microsoft .NET Framework 3.5, 3.5 SP1, 3.5.1, and 4, and the Management OData IIS Extension on Windows Server 2012, allows remote attackers to cause a denial of service (resource consumption and daemon restart) via crafted values in HTTP requests, aka "Replace Denial of Service Vulnerability."
CVE-2013-3129 1 Microsoft 14 .net Framework, Lync, Lync Basic and 11 more 2025-04-11 9.3 HIGH 7.8 HIGH
Microsoft .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, and 4.5; Silverlight 5 before 5.1.20513.0; win32k.sys in the kernel-mode drivers, and GDI+, DirectWrite, and Journal, in Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT; GDI+ in Office 2003 SP3, 2007 SP3, and 2010 SP1; GDI+ in Visual Studio .NET 2003 SP1; and GDI+ in Lync 2010, 2010 Attendee, 2013, and Basic 2013 allow remote attackers to execute arbitrary code via a crafted TrueType Font (TTF) file, aka "TrueType Font Parsing Vulnerability."
CVE-2013-3897 1 Microsoft 10 Internet Explorer, Windows 7, Windows 8 and 7 more 2025-04-11 9.3 HIGH 8.8 HIGH
Use-after-free vulnerability in the CDisplayPointer class in mshtml.dll in Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted JavaScript code that uses the onpropertychange event handler, as exploited in the wild in September and October 2013, aka "Internet Explorer Memory Corruption Vulnerability."
CVE-2013-0008 1 Microsoft 6 Windows 7, Windows 8, Windows Rt and 3 more 2025-04-11 7.2 HIGH N/A
win32k.sys in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle window broadcast messages, which allows local users to gain privileges via a crafted application, aka "Win32k Improper Message Handling Vulnerability."
CVE-2013-1292 1 Microsoft 6 Windows 7, Windows 8, Windows Rt and 3 more 2025-04-11 6.9 MEDIUM 7.4 HIGH
Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application that leverages improper handling of objects in memory, aka "Win32k Race Condition Vulnerability."
CVE-2013-3880 1 Microsoft 3 Windows 8, Windows Rt, Windows Server 2012 2025-04-11 3.5 LOW N/A
The App Container feature in the kernel-mode drivers in Microsoft Windows 8, Windows Server 2012, and Windows RT allows remote attackers to bypass intended access restrictions and obtain sensitive information from a different container via a Trojan horse application, aka "App Container Elevation of Privilege Vulnerability."
CVE-2013-3879 1 Microsoft 8 Windows 7, Windows 8, Windows Rt and 5 more 2025-04-11 7.2 HIGH N/A
Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application, aka "Win32k Use After Free Vulnerability."
CVE-2013-2251 5 Apache, Fujitsu, Microsoft and 2 more 21 Archiva, Struts, Gp-s and 18 more 2025-04-11 9.3 HIGH 9.8 CRITICAL
Apache Struts 2.0.0 through 2.3.15 allows remote attackers to execute arbitrary OGNL expressions via a parameter with a crafted (1) action:, (2) redirect:, or (3) redirectAction: prefix.
CVE-2013-3182 1 Microsoft 1 Windows Server 2012 2025-04-11 7.8 HIGH N/A
The Windows NAT Driver (aka winnat) service in Microsoft Windows Server 2012 does not properly validate memory addresses during the processing of ICMP packets, which allows remote attackers to cause a denial of service (memory corruption and system hang) via crafted packets, aka "Windows NAT Denial of Service Vulnerability."
CVE-2013-1712 2 Microsoft, Mozilla 7 Windows 7, Windows 8, Windows Server 2008 and 4 more 2025-04-11 6.9 MEDIUM N/A
Multiple untrusted search path vulnerabilities in updater.exe in Mozilla Updater in Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, and Thunderbird ESR 17.x before 17.0.8 on Windows 7, Windows Server 2008 R2, Windows 8, and Windows Server 2012 allow local users to gain privileges via a Trojan horse DLL in (1) the update directory or (2) the current working directory.
CVE-2012-1528 1 Microsoft 7 Windows 7, Windows 8, Windows Server 2003 and 4 more 2025-04-11 9.3 HIGH N/A
Integer overflow in Windows Shell in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 allows local users to gain privileges via a crafted briefcase, aka "Windows Briefcase Integer Overflow Vulnerability."
CVE-2013-5058 1 Microsoft 10 Windows 7, Windows 8, Windows 8.1 and 7 more 2025-04-11 6.9 MEDIUM N/A
Integer overflow in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 allows local users to gain privileges via a crafted application, aka "Win32k Integer Overflow Vulnerability."
CVE-2013-3868 1 Microsoft 6 Active Directory Lightweight Directory Service, Windows 7, Windows 8 and 3 more 2025-04-11 5.0 MEDIUM N/A
Microsoft Active Directory Lightweight Directory Service (AD LDS) on Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, and Windows 8 and Active Directory Services on Windows Server 2008 SP2 and R2 SP1 and Server 2012 allow remote attackers to cause a denial of service (LDAP directory-service outage) via a crafted LDAP query, aka "Remote Anonymous DoS Vulnerability."