Exchange 2000
by Microsoft
CVEs (14)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2006-0027 | 0.09 | — | 0.79 | May 10, 2006 | Unspecified vulnerability in Microsoft Exchange allows remote attackers to execute arbitrary code via e-mail messages with crafted (1) vCal or (2) iCal Calendar properties. | |||
| CVE-2003-0714 | 0.09 | — | 0.76 | Nov 17, 2003 | The Internet Mail Service in Exchange Server 5.5 and Exchange 2000 allows remote attackers to cause a denial of service (memory exhaustion) by directly connecting to the SMTP service and sending a certain extended verb request, possibly triggering a buffer overflow in Exchange… | |||
| CVE-2002-0055 | 0.03 | — | 0.38 | Mar 8, 2002 | SMTP service in Microsoft Windows 2000, Windows XP Professional, and Exchange 2000 allows remote attackers to cause a denial of service via a command with a malformed data transfer (BDAT) request. | |||
| CVE-2001-0146 | 0.03 | — | 0.37 | Jun 2, 2001 | IIS 5.0 and Microsoft Exchange 2000 allow remote attackers to cause a denial of service (memory allocation error) by repeatedly sending a series of specially formatted URL's. | |||
| CVE-2001-1319 | 0.02 | — | 0.29 | Jul 16, 2001 | Microsoft Exchange 5.5 2000 allows remote attackers to cause a denial of service (hang) via exceptional BER encodings for the LDAP filter type field, as demonstrated by the PROTOS LDAPv3 test suite. | |||
| CVE-2019-1373 | 0.01 | — | 0.18 | Nov 12, 2019 | A remote code execution vulnerability exists in Microsoft Exchange through the deserialization of metadata via PowerShell, aka 'Microsoft Exchange Remote Code Execution Vulnerability'. | |||
| CVE-2003-0904 | 0.01 | — | 0.08 | Jan 20, 2004 | Microsoft Exchange 2003 and Outlook Web Access (OWA), when configured to use NTLM authentication, does not properly reuse HTTP connections, which can cause OWA users to view mailboxes of other users when Kerberos has been disabled as an authentication method for IIS 6.0, e.g.… | |||
| CVE-2002-1873 | 0.01 | — | 0.14 | Dec 31, 2002 | Microsoft Exchange 2000, when used with Microsoft Remote Procedure Call (MSRPC), allows remote attackers to cause a denial of service (crash or memory consumption) via malformed MSRPC calls. | |||
| CVE-2002-0368 | 0.01 | — | 0.15 | Jun 18, 2002 | The Store Service in Microsoft Exchange 2000 allows remote attackers to cause a denial of service (CPU consumption) via a mail message with a malformed RFC message attribute, aka "Malformed Mail Attribute can Cause Exchange 2000 to Exhaust CPU Resources." | |||
| CVE-1999-0993 | 0.01 | — | 0.07 | Dec 13, 1999 | Modifications to ACLs (Access Control Lists) in Microsoft Exchange 5.5 do not take effect until the directory store cache is refreshed. | |||
| CVE-2026-26137 | 0.00 | — | 0.01 | Mar 19, 2026 | Server-side request forgery (ssrf) in Microsoft Exchange allows an authorized attacker to elevate privileges over a network. | |||
| CVE-2002-1876 | 0.00 | — | 0.05 | Dec 31, 2002 | Microsoft Exchange 2000 allows remote authenticated attackers to cause a denial of service via a large number of rapid requests, which consumes all of the licenses that are granted to Exchange by IIS. | |||
| CVE-2000-1139 | 0.00 | — | 0.05 | Jan 9, 2001 | The installation of Microsoft Exchange 2000 before Rev. A creates a user account with a known password, which could allow attackers to gain privileges, aka the "Exchange User Account" vulnerability. | |||
| CVE-2000-0216 | 0.00 | — | 0.05 | Feb 29, 2000 | Microsoft email clients in Outlook, Exchange, and Windows Messaging automatically respond to Read Receipt and Delivery Receipt tags, which could allow an attacker to flood a mail system with responses by forging a Read Receipt request that is redirected to a large distribution… |
- CVE-2006-0027May 10, 2006risk 0.09cvss —epss 0.79
Unspecified vulnerability in Microsoft Exchange allows remote attackers to execute arbitrary code via e-mail messages with crafted (1) vCal or (2) iCal Calendar properties.
- CVE-2003-0714Nov 17, 2003risk 0.09cvss —epss 0.76
The Internet Mail Service in Exchange Server 5.5 and Exchange 2000 allows remote attackers to cause a denial of service (memory exhaustion) by directly connecting to the SMTP service and sending a certain extended verb request, possibly triggering a buffer overflow in Exchange…
- CVE-2002-0055Mar 8, 2002risk 0.03cvss —epss 0.38
SMTP service in Microsoft Windows 2000, Windows XP Professional, and Exchange 2000 allows remote attackers to cause a denial of service via a command with a malformed data transfer (BDAT) request.
- CVE-2001-0146Jun 2, 2001risk 0.03cvss —epss 0.37
IIS 5.0 and Microsoft Exchange 2000 allow remote attackers to cause a denial of service (memory allocation error) by repeatedly sending a series of specially formatted URL's.
- CVE-2001-1319Jul 16, 2001risk 0.02cvss —epss 0.29
Microsoft Exchange 5.5 2000 allows remote attackers to cause a denial of service (hang) via exceptional BER encodings for the LDAP filter type field, as demonstrated by the PROTOS LDAPv3 test suite.
- CVE-2019-1373Nov 12, 2019risk 0.01cvss —epss 0.18
A remote code execution vulnerability exists in Microsoft Exchange through the deserialization of metadata via PowerShell, aka 'Microsoft Exchange Remote Code Execution Vulnerability'.
- CVE-2003-0904Jan 20, 2004risk 0.01cvss —epss 0.08
Microsoft Exchange 2003 and Outlook Web Access (OWA), when configured to use NTLM authentication, does not properly reuse HTTP connections, which can cause OWA users to view mailboxes of other users when Kerberos has been disabled as an authentication method for IIS 6.0, e.g.…
- CVE-2002-1873Dec 31, 2002risk 0.01cvss —epss 0.14
Microsoft Exchange 2000, when used with Microsoft Remote Procedure Call (MSRPC), allows remote attackers to cause a denial of service (crash or memory consumption) via malformed MSRPC calls.
- CVE-2002-0368Jun 18, 2002risk 0.01cvss —epss 0.15
The Store Service in Microsoft Exchange 2000 allows remote attackers to cause a denial of service (CPU consumption) via a mail message with a malformed RFC message attribute, aka "Malformed Mail Attribute can Cause Exchange 2000 to Exhaust CPU Resources."
- CVE-1999-0993Dec 13, 1999risk 0.01cvss —epss 0.07
Modifications to ACLs (Access Control Lists) in Microsoft Exchange 5.5 do not take effect until the directory store cache is refreshed.
- CVE-2026-26137Mar 19, 2026risk 0.00cvss —epss 0.01
Server-side request forgery (ssrf) in Microsoft Exchange allows an authorized attacker to elevate privileges over a network.
- CVE-2002-1876Dec 31, 2002risk 0.00cvss —epss 0.05
Microsoft Exchange 2000 allows remote authenticated attackers to cause a denial of service via a large number of rapid requests, which consumes all of the licenses that are granted to Exchange by IIS.
- CVE-2000-1139Jan 9, 2001risk 0.00cvss —epss 0.05
The installation of Microsoft Exchange 2000 before Rev. A creates a user account with a known password, which could allow attackers to gain privileges, aka the "Exchange User Account" vulnerability.
- CVE-2000-0216Feb 29, 2000risk 0.00cvss —epss 0.05
Microsoft email clients in Outlook, Exchange, and Windows Messaging automatically respond to Read Receipt and Delivery Receipt tags, which could allow an attacker to flood a mail system with responses by forging a Read Receipt request that is redirected to a large distribution…