📦

windows_server_2008

Vendor: microsoft

Actively Exploited 141 CISA KEV List
PoC / Exploits 454 Code Available
Total RCEs 810 Remote Access
Total CVEs 16698 Total Indexed
Avg. EPSS 8.41% Exploit Prob.
Latest CVE CVE-2026-20940 Jan 13

Security Vulnerability Index

Page 338 / 1670
9.0 CVSS
CVE-2008-1436
Exploit Found

Microsoft Windows XP Professional SP2, Vista, and Server 2003 and 2008 does not properly assign activities to the (1) NetworkService and (2) LocalService accounts, which might allow context-dependent attackers to gain privileges by using one service process to capture a resource from a second service process that has a LocalSystem privilege-escalation ability, related to improper management of the SeImpersonatePrivilege user right, as originally reported for Internet Information Services (IIS), aka Token Kidnapping.

EPSS: 36.83%
7.2 CVSS
CVE-2008-1084
RCE Exploit Found

Unspecified vulnerability in the kernel in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, through Vista SP1, and Server 2008 allows local users to execute arbitrary code via unknown vectors related to improper input validation. NOTE: it was later reported that one affected function is NtUserFnOUTSTRING in win32k.sys.

EPSS: 6.75%
8.1 CVSS
CVE-2008-1083
Exploit Found

Heap-based buffer overflow in the CreateDIBPatternBrushPt function in GDI in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, Vista, and Server 2008 allows remote attackers to execute arbitrary code via an EMF or WMF image file with a malformed header that triggers an integer overflow, aka "GDI Heap Overflow Vulnerability."

EPSS: 57.10%