VYPR

Windows 2000

by Microsoft

CVEs (522)

  • CVE-2004-0213HigAug 6, 2004
    risk 0.54cvss 7.8epss 0.21

    Utility Manager in Windows 2000 launches winhlp32.exe while Utility Manager is running with raised privileges, which allows local users to gain system privileges via a "Shatter" style attack that sends a Windows message to cause Utility Manager to launch winhlp32 by directly…

  • CVE-2004-0119HigJun 1, 2004
    risk 0.52cvss 7.5epss 0.40

    The Negotiate Security Software Provider (SSP) interface in Windows 2000, Windows XP, and Windows Server 2003, allows remote attackers to cause a denial of service (crash from null dereference) or execute arbitrary code via a crafted SPNEGO NegTokenInit request during…

  • CVE-2010-0485HigJun 8, 2010
    risk 0.51cvss 7.8epss 0.01

    The Windows kernel-mode drivers in win32k.sys in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, Server 2008 Gold and SP2, Windows 7, and Server 2008 R2 "do not properly validate all callback parameters when creating a new window," which allows…

  • CVE-2009-0082HigMar 10, 2009
    risk 0.51cvss 7.8epss 0.01

    The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly validate handles, which allows local users to gain privileges via a crafted application that triggers unspecified "actions," aka "Windows…

  • CVE-2008-0087HigApr 8, 2008
    risk 0.51cvss 7.5epss 0.31

    The DNS client in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, and Vista uses predictable DNS transaction IDs, which allows remote attackers to spoof DNS responses.

  • CVE-2002-0051HigApr 4, 2002
    risk 0.51cvss 7.8epss 0.01

    Windows 2000 allows local users to prevent the application of new group policy settings by opening Group Policy files with exclusive-read access.

  • CVE-2001-1238HigJul 16, 2001
    risk 0.51cvss 7.8epss 0.01

    Task Manager in Windows 2000 does not allow local users to end processes with uppercase letters named (1) winlogon.exe, (2) csrss.exe, (3) smss.exe and (4) services.exe via the Process tab which could allow local users to install Trojan horses that cannot be stopped with the…

  • CVE-2001-1452HigAug 31, 2001
    risk 0.50cvss 7.5epss 0.09

    By default, DNS servers on Windows NT 4.0 and Windows 2000 Server cache glue records received from non-delegated name servers, which allows remote attackers to poison the DNS cache via spoofed DNS responses.

  • CVE-2001-1515HigDec 31, 2001
    risk 0.49cvss 7.5epss 0.04

    Macintosh clients, when using NT file system volumes on Windows 2000 SP1, create subdirectories and automatically modify the inherited NTFS permissions, which may cause the directories to have less restrictive permissions than intended.

  • CVE-2009-2516HigOct 14, 2009
    risk 0.46cvss 7.1epss 0.01

    The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold and SP1, and Server 2008 Gold does not properly validate data sent from user mode, which allows local users to gain privileges via a crafted PE .exe file that triggers a NULL pointer…

  • CVE-2010-0488MedMar 31, 2010
    risk 0.45cvss 6.5epss 0.29

    Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, and 7 does not properly handle unspecified "encoding strings," which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site, aka "Post Encoding Information Disclosure…

  • CVE-2010-0021MedFeb 10, 2010
    risk 0.40cvss 5.9epss 0.14

    Multiple race conditions in the SMB implementation in the Server service in Microsoft Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allow remote attackers to cause a denial of service (system hang) via a crafted (1) SMBv1 or (2) SMBv2…

  • CVE-2006-2374MedJun 13, 2006
    risk 0.39cvss 5.5epss 0.02

    The Server Message Block (SMB) driver (MRXSMB.SYS) in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows local users to cause a denial of service (hang) by calling the MrxSmbCscIoctlCloseForCopyChunk with the file handle of the shadow device,…

  • CVE-2002-0725MedSep 5, 2002
    risk 0.36cvss 5.5epss 0.01

    NTFS file system in Windows NT 4.0 and Windows 2000 SP2 allows local attackers to hide file usage activities via a hard link to the target file, which causes the link to be recorded in the audit trail instead of the target file.

  • CVE-2005-3170MedOct 6, 2005
    risk 0.33cvss 5.0epss 0.01

    The LDAP client on Microsoft Windows 2000 before Update Rollup 1 for SP4 accepts certificates using LDAP Secure Sockets Layer (LDAPS) even when the Certificate Authority (CA) is not trusted, which could allow attackers to trick users into believing that they are accessing a…

  • CVE-2003-0352Aug 18, 2003
    risk 0.11cvss epss 0.99

    Buffer overflow in a certain DCOM interface for RPC in Microsoft Windows NT 4.0, 2000, XP, and Server 2003 allows remote attackers to execute arbitrary code via a malformed message, as exploited by the Blaster/MSblast/LovSAN and Nachi/Welchia worms.

  • CVE-2010-0483Mar 3, 2010
    risk 0.10cvss epss 0.86

    vbscript.dll in VBScript 5.1, 5.6, 5.7, and 5.8 in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2, when Internet Explorer is used, allows user-assisted remote attackers to execute arbitrary code by referencing a (1) local pathname, (2) UNC share pathname, or (3)…

  • CVE-2006-3439Aug 9, 2006
    risk 0.10cvss epss 0.84

    Buffer overflow in the Server Service in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allows remote attackers, including anonymous users, to execute arbitrary code via a crafted RPC message, a different vulnerability than CVE-2006-1314.

  • CVE-2005-1983Aug 10, 2005
    risk 0.10cvss epss 0.93

    Stack-based buffer overflow in the Plug and Play (PnP) service for Microsoft Windows 2000 and Windows XP Service Pack 1 allows remote attackers to execute arbitrary code via a crafted packet, and local users to gain privileges via a malicious application, as exploited by the…

  • CVE-2005-0356May 31, 2005
    risk 0.10cvss epss 0.83

    Multiple TCP implementations with Protection Against Wrapped Sequence Numbers (PAWS) with the timestamps option enabled allow remote attackers to cause a denial of service (connection loss) via a spoofed packet with a large timer value, which causes the host to discard later…

Page 2 of 27