Windows 2000
by Microsoft
CVEs (522)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2003-0715 | 0.03 | — | 0.37 | Sep 17, 2003 | Heap-based buffer overflow in the Distributed Component Object Model (DCOM) interface in the RPCSS Service allows remote attackers to execute arbitrary code via a malformed DCERPC DCOM object activation request packet with modified length fields, a different vulnerability than… | |||
| CVE-2003-0496 | 0.03 | — | 0.05 | Aug 18, 2003 | Microsoft SQL Server before Windows 2000 SP4 allows local users to gain privileges as the SQL Server user by calling the xp_fileexist extended stored procedure with a named pipe as an argument instead of a normal file. | |||
| CVE-2003-0345 | 0.03 | — | 0.34 | Aug 18, 2003 | Buffer overflow in the SMB capability for Microsoft Windows XP, 2000, and NT allows remote attackers to cause a denial of service and possibly execute arbitrary code via an SMB packet that specifies a smaller buffer length than is required. | |||
| CVE-2002-1230 | 0.03 | — | 0.02 | Nov 4, 2002 | NetDDE Agent on Windows NT 4.0, 4.0 Terminal Server Edition, Windows 2000, and Windows XP allows local users to execute arbitrary code as LocalSystem via "shatter" style attack by sending a WM_COPYDATA message followed by a WM_TIMER message, as demonstrated by GetAd, aka "Flaw… | |||
| CVE-2002-0055 | 0.03 | — | 0.38 | Mar 8, 2002 | SMTP service in Microsoft Windows 2000, Windows XP Professional, and Exchange 2000 allows remote attackers to cause a denial of service via a command with a malformed data transfer (BDAT) request. | |||
| CVE-2002-0053 | 0.03 | — | 0.38 | Mar 8, 2002 | Buffer overflow in SNMP agent service in Windows 95/98/98SE, Windows NT 4.0, Windows 2000, and Windows XP allows remote attackers to cause a denial of service or execute arbitrary code via a malformed management request. NOTE: this candidate may be split or merged with other… | |||
| CVE-2001-1519 | 0.03 | — | 0.06 | Dec 31, 2001 | RunAs (runas.exe) in Windows 2000 allows local users to create a spoofed named pipe when the service is stopped, then capture cleartext usernames and passwords when clients connect to the service. NOTE: the vendor disputes this issue, saying that administrative privileges are… | |||
| CVE-2001-1560 | 0.03 | — | 0.05 | Dec 31, 2001 | Win32k.sys (aka Graphics Device Interface (GDI)) in Windows 2000 and XP allows local users to cause a denial of service (system crash) by calling the ShowWindow function after receiving a WM_NCCREATE message. | |||
| CVE-2001-1518 | 0.03 | — | 0.06 | Dec 31, 2001 | RunAs (runas.exe) in Windows 2000 only creates one session instance at a time, which allows local users to cause a denial of service (RunAs hang) by creating a named pipe session with the authentication server without any request for service. NOTE: the vendor disputes this… | |||
| CVE-2001-1347 | 0.03 | — | 0.05 | May 24, 2001 | Windows 2000 allows local users to cause a denial of service and possibly gain privileges by setting a hardware breakpoint that is handled using global debug registers, which could cause other processes to terminate due to an exception, and allow hijacking of resources such as… | |||
| CVE-2000-0737 | 0.03 | — | 0.04 | Oct 20, 2000 | The Service Control Manager (SCM) in Windows 2000 creates predictable named pipes, which allows a local user with console access to gain administrator privileges, aka the "Service Control Manager Named Pipe Impersonation" vulnerability. | |||
| CVE-2000-0232 | 0.03 | — | 0.04 | Mar 30, 2000 | Microsoft TCP/IP Printing Services, aka Print Services for Unix, allows an attacker to cause a denial of service via a malformed TCP/IP print request. | |||
| CVE-2000-0121 | 0.03 | — | 0.05 | Feb 1, 2000 | The Recycle Bin utility in Windows NT and Windows 2000 allows local users to read or modify files by creating a subdirectory with the victim's SID in the recycler directory, aka the "Recycle Bin Creation" vulnerability. | |||
| CVE-1999-0700 | 0.03 | — | 0.05 | Jul 29, 1999 | Buffer overflow in Microsoft Phone Dialer (dialer.exe), via a malformed dialer entry in the dialer.ini file. | |||
| CVE-1999-0715 | 0.03 | — | 0.06 | May 20, 1999 | Buffer overflow in Remote Access Service (RAS) client allows an attacker to execute commands or cause a denial of service via a malformed phonebook entry. | |||
| CVE-1999-0716 | 0.03 | — | 0.06 | May 17, 1999 | Buffer overflow in Windows NT 4.0 help file utility via a malformed help file. | |||
| CVE-1999-0372 | 0.03 | — | 0.05 | Feb 12, 1999 | The installer for BackOffice Server includes account names and passwords in a setup file (reboot.ini) which is not deleted. | |||
| CVE-2010-0487 | 0.02 | — | 0.24 | Apr 14, 2010 | The Authenticode Signature verification functionality in cabview.dll in Cabinet File Viewer Shell Extension 5.1, 6.0, and 6.1 in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2,… | |||
| CVE-2010-0486 | 0.02 | — | 0.22 | Apr 14, 2010 | The WinVerifyTrust function in Authenticode Signature Verification 5.1, 6.0, and 6.1 in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly use… | |||
| CVE-2010-0268 | 0.02 | — | 0.20 | Apr 14, 2010 | Unspecified vulnerability in the Windows Media Player ActiveX control in Windows Media Player (WMP) 9 on Microsoft Windows 2000 SP4 and XP SP2 and SP3 allows remote attackers to execute arbitrary code via crafted media content, aka "Media Player Remote Code Execution… |
- CVE-2003-0715Sep 17, 2003risk 0.03cvss —epss 0.37
Heap-based buffer overflow in the Distributed Component Object Model (DCOM) interface in the RPCSS Service allows remote attackers to execute arbitrary code via a malformed DCERPC DCOM object activation request packet with modified length fields, a different vulnerability than…
- CVE-2003-0496Aug 18, 2003risk 0.03cvss —epss 0.05
Microsoft SQL Server before Windows 2000 SP4 allows local users to gain privileges as the SQL Server user by calling the xp_fileexist extended stored procedure with a named pipe as an argument instead of a normal file.
- CVE-2003-0345Aug 18, 2003risk 0.03cvss —epss 0.34
Buffer overflow in the SMB capability for Microsoft Windows XP, 2000, and NT allows remote attackers to cause a denial of service and possibly execute arbitrary code via an SMB packet that specifies a smaller buffer length than is required.
- CVE-2002-1230Nov 4, 2002risk 0.03cvss —epss 0.02
NetDDE Agent on Windows NT 4.0, 4.0 Terminal Server Edition, Windows 2000, and Windows XP allows local users to execute arbitrary code as LocalSystem via "shatter" style attack by sending a WM_COPYDATA message followed by a WM_TIMER message, as demonstrated by GetAd, aka "Flaw…
- CVE-2002-0055Mar 8, 2002risk 0.03cvss —epss 0.38
SMTP service in Microsoft Windows 2000, Windows XP Professional, and Exchange 2000 allows remote attackers to cause a denial of service via a command with a malformed data transfer (BDAT) request.
- CVE-2002-0053Mar 8, 2002risk 0.03cvss —epss 0.38
Buffer overflow in SNMP agent service in Windows 95/98/98SE, Windows NT 4.0, Windows 2000, and Windows XP allows remote attackers to cause a denial of service or execute arbitrary code via a malformed management request. NOTE: this candidate may be split or merged with other…
- CVE-2001-1519Dec 31, 2001risk 0.03cvss —epss 0.06
RunAs (runas.exe) in Windows 2000 allows local users to create a spoofed named pipe when the service is stopped, then capture cleartext usernames and passwords when clients connect to the service. NOTE: the vendor disputes this issue, saying that administrative privileges are…
- CVE-2001-1560Dec 31, 2001risk 0.03cvss —epss 0.05
Win32k.sys (aka Graphics Device Interface (GDI)) in Windows 2000 and XP allows local users to cause a denial of service (system crash) by calling the ShowWindow function after receiving a WM_NCCREATE message.
- CVE-2001-1518Dec 31, 2001risk 0.03cvss —epss 0.06
RunAs (runas.exe) in Windows 2000 only creates one session instance at a time, which allows local users to cause a denial of service (RunAs hang) by creating a named pipe session with the authentication server without any request for service. NOTE: the vendor disputes this…
- CVE-2001-1347May 24, 2001risk 0.03cvss —epss 0.05
Windows 2000 allows local users to cause a denial of service and possibly gain privileges by setting a hardware breakpoint that is handled using global debug registers, which could cause other processes to terminate due to an exception, and allow hijacking of resources such as…
- CVE-2000-0737Oct 20, 2000risk 0.03cvss —epss 0.04
The Service Control Manager (SCM) in Windows 2000 creates predictable named pipes, which allows a local user with console access to gain administrator privileges, aka the "Service Control Manager Named Pipe Impersonation" vulnerability.
- CVE-2000-0232Mar 30, 2000risk 0.03cvss —epss 0.04
Microsoft TCP/IP Printing Services, aka Print Services for Unix, allows an attacker to cause a denial of service via a malformed TCP/IP print request.
- CVE-2000-0121Feb 1, 2000risk 0.03cvss —epss 0.05
The Recycle Bin utility in Windows NT and Windows 2000 allows local users to read or modify files by creating a subdirectory with the victim's SID in the recycler directory, aka the "Recycle Bin Creation" vulnerability.
- CVE-1999-0700Jul 29, 1999risk 0.03cvss —epss 0.05
Buffer overflow in Microsoft Phone Dialer (dialer.exe), via a malformed dialer entry in the dialer.ini file.
- CVE-1999-0715May 20, 1999risk 0.03cvss —epss 0.06
Buffer overflow in Remote Access Service (RAS) client allows an attacker to execute commands or cause a denial of service via a malformed phonebook entry.
- CVE-1999-0716May 17, 1999risk 0.03cvss —epss 0.06
Buffer overflow in Windows NT 4.0 help file utility via a malformed help file.
- CVE-1999-0372Feb 12, 1999risk 0.03cvss —epss 0.05
The installer for BackOffice Server includes account names and passwords in a setup file (reboot.ini) which is not deleted.
- CVE-2010-0487Apr 14, 2010risk 0.02cvss —epss 0.24
The Authenticode Signature verification functionality in cabview.dll in Cabinet File Viewer Shell Extension 5.1, 6.0, and 6.1 in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2,…
- CVE-2010-0486Apr 14, 2010risk 0.02cvss —epss 0.22
The WinVerifyTrust function in Authenticode Signature Verification 5.1, 6.0, and 6.1 in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly use…
- CVE-2010-0268Apr 14, 2010risk 0.02cvss —epss 0.20
Unspecified vulnerability in the Windows Media Player ActiveX control in Windows Media Player (WMP) 9 on Microsoft Windows 2000 SP4 and XP SP2 and SP3 allows remote attackers to execute arbitrary code via crafted media content, aka "Media Player Remote Code Execution…
Page 13 of 27