VYPR

Windows 2000

by Microsoft

CVEs (522)

  • CVE-2007-2374Apr 30, 2007
    risk 0.01cvss epss 0.17

    Unspecified vulnerability in Microsoft Windows 2000, XP, and Server 2003 allows user-assisted remote attackers to execute arbitrary code via unspecified vectors. NOTE: this information is based upon a vague pre-advisory with no actionable information. However, the advisory is…

  • CVE-2007-1692Mar 26, 2007
    risk 0.01cvss epss 0.15

    The default configuration of Microsoft Windows uses the Web Proxy Autodiscovery Protocol (WPAD) without static WPAD entries, which might allow remote attackers to intercept web traffic by registering a proxy server using WINS or DNS, then responding to WPAD requests, as…

  • CVE-2006-5988Nov 20, 2006
    risk 0.01cvss epss 0.13

    Unspecified vulnerability in Windows 2000 Advanced Server SP4 running Active Directory allows remote attackers to cause a denial of service via unknown vectors, as demonstrated by a certain VulnDisco Pack module. NOTE: the provenance of this information is unknown; the details…

  • CVE-2006-2380Jun 13, 2006
    risk 0.01cvss epss 0.18

    Microsoft Windows 2000 SP4 does not properly validate an RPC server during mutual authentication over SSL, which allows remote attackers to spoof an RPC server, aka the "RPC Mutual Authentication Vulnerability."

  • CVE-2006-1591Apr 3, 2006
    risk 0.01cvss epss 0.07

    Heap-based buffer overflow in Microsoft Windows Help winhlp32.exe allows user-assisted attackers to execute arbitrary code via crafted embedded image data in a .hlp file.

  • CVE-2006-0376Jan 22, 2006
    risk 0.01cvss epss 0.18

    The 802.11 wireless client in certain operating systems including Windows 2000, Windows XP, and Windows Server 2003 does not warn the user when (1) it establishes an association with a station in ad hoc (aka peer-to-peer) mode or (2) a station in ad hoc mode establishes an…

  • CVE-2005-3945Dec 1, 2005
    risk 0.01cvss epss 0.12

    The SynAttackProtect protection in Microsoft Windows 2003 before SP1 and Windows 2000 before SP4 with Update Roll-up uses a hash of predictable data, which allows remote attackers to cause a denial of service (CPU consumption) via a flood of SYN packets that produce identical…

  • CVE-2005-2126Oct 21, 2005
    risk 0.01cvss epss 0.14

    The FTP client in Windows XP SP1 and Server 2003, and Internet Explorer 6 SP1 on Windows 2000 SP4, when "Enable Folder View for FTP Sites" is enabled and the user manually initiates a file transfer, allows user-assisted, remote FTP servers to overwrite files in arbitrary…

  • CVE-2005-1981Aug 10, 2005
    risk 0.01cvss epss 0.07

    Unknown vulnerability in Microsoft Windows 2000 Server and Windows Server 2003 domain controllers allows remote authenticated users to cause a denial of service (system crash) via a crafted Kerberos message.

  • CVE-2005-1214Jun 14, 2005
    risk 0.01cvss epss 0.13

    Microsoft Agent allows remote attackers to spoof trusted Internet content and execute arbitrary code by disguising security prompts on a malicious Web page.

  • CVE-2004-0726Jul 27, 2004
    risk 0.01cvss epss 0.11

    The Windows Media Player control in Microsoft Windows 2000 allows remote attackers to execute arbitrary script in the local computer zone via an ASX filename that contains javascript, which is executed in the local context in a preview panel.

  • CVE-2003-0825Mar 3, 2004
    risk 0.01cvss epss 0.12

    The Windows Internet Naming Service (WINS) for Microsoft Windows Server 2003, and possibly Windows NT and Server 2000, does not properly validate the length of certain packets, which allows attackers to cause a denial of service and possibly execute arbitrary code.

  • CVE-2003-0995Jan 5, 2004
    risk 0.01cvss epss 0.10

    Buffer overflow in the Microsoft Message Queue Manager (MSQM) allows remote attackers to cause a denial of service (RPC service crash) via a queue registration request.

  • CVE-2003-1544Dec 31, 2003
    risk 0.01cvss epss 0.17

    Unrestricted critical resource lock in Terminal Services for Windows 2000 before SP4 and Windows XP allows remote authenticated users to cause a denial of service (reboot) by obtaining a read lock on msgina.dll, which prevents msgina.dll from being loaded.

  • CVE-2003-1448Dec 31, 2003
    risk 0.01cvss epss 0.15

    Memory leak in the Windows 2000 kernel allows remote attackers to cause a denial of service (SMB request hang) via a NetBIOS continuation packet.

  • CVE-2003-0813Nov 17, 2003
    risk 0.01cvss epss 0.15

    A multi-threaded race condition in the Windows RPC DCOM functionality with the MS03-039 patch installed allows remote attackers to cause a denial of service (crash or reboot) by causing two threads to process the same RPC request, which causes one thread to use memory after it…

  • CVE-2003-0503Aug 7, 2003
    risk 0.01cvss epss 0.07

    Buffer overflow in the ShellExecute API function of SHELL32.DLL in Windows 2000 before SP4 may allow attackers to cause a denial of service or execute arbitrary code via a long third argument.

  • CVE-2002-1932Dec 31, 2002
    risk 0.01cvss epss 0.13

    Microsoft Windows XP and Windows 2000, when configured to send administrative alerts and the "Do not overwrite events (clear log manually)" option is set, does not notify the administrator when the log reaches its maximum size, which allows local users and remote attackers to…

  • CVE-2002-2328Dec 31, 2002
    risk 0.01cvss epss 0.17

    Active Directory in Windows 2000, when supporting Kerberos V authentication and GSSAPI, allows remote attackers to cause a denial of service (hang) via an LDAP client that sets the page length to zero during a large request.

  • CVE-2002-2077Dec 31, 2002
    risk 0.01cvss epss 0.16

    The DCOM client in Windows 2000 before SP3 does not properly clear memory before sending an "alter context" request, which may allow remote attackers to obtain sensitive information by sniffing the session.

Page 19 of 27