Windows 2000
by Microsoft
CVEs (522)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2004-0213 | Hig | 0.54 | 7.8 | 0.21 | Aug 6, 2004 | Utility Manager in Windows 2000 launches winhlp32.exe while Utility Manager is running with raised privileges, which allows local users to gain system privileges via a "Shatter" style attack that sends a Windows message to cause Utility Manager to launch winhlp32 by directly… | ||
| CVE-2004-0119 | Hig | 0.52 | 7.5 | 0.40 | Jun 1, 2004 | The Negotiate Security Software Provider (SSP) interface in Windows 2000, Windows XP, and Windows Server 2003, allows remote attackers to cause a denial of service (crash from null dereference) or execute arbitrary code via a crafted SPNEGO NegTokenInit request during… | ||
| CVE-2010-0485 | Hig | 0.51 | 7.8 | 0.01 | Jun 8, 2010 | The Windows kernel-mode drivers in win32k.sys in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, Server 2008 Gold and SP2, Windows 7, and Server 2008 R2 "do not properly validate all callback parameters when creating a new window," which allows… | ||
| CVE-2009-0082 | Hig | 0.51 | 7.8 | 0.01 | Mar 10, 2009 | The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly validate handles, which allows local users to gain privileges via a crafted application that triggers unspecified "actions," aka "Windows… | ||
| CVE-2008-0087 | Hig | 0.51 | 7.5 | 0.31 | Apr 8, 2008 | The DNS client in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, and Vista uses predictable DNS transaction IDs, which allows remote attackers to spoof DNS responses. | ||
| CVE-2002-0051 | Hig | 0.51 | 7.8 | 0.01 | Apr 4, 2002 | Windows 2000 allows local users to prevent the application of new group policy settings by opening Group Policy files with exclusive-read access. | ||
| CVE-2001-1238 | Hig | 0.51 | 7.8 | 0.01 | Jul 16, 2001 | Task Manager in Windows 2000 does not allow local users to end processes with uppercase letters named (1) winlogon.exe, (2) csrss.exe, (3) smss.exe and (4) services.exe via the Process tab which could allow local users to install Trojan horses that cannot be stopped with the… | ||
| CVE-2001-1452 | Hig | 0.50 | 7.5 | 0.09 | Aug 31, 2001 | By default, DNS servers on Windows NT 4.0 and Windows 2000 Server cache glue records received from non-delegated name servers, which allows remote attackers to poison the DNS cache via spoofed DNS responses. | ||
| CVE-2001-1515 | Hig | 0.49 | 7.5 | 0.04 | Dec 31, 2001 | Macintosh clients, when using NT file system volumes on Windows 2000 SP1, create subdirectories and automatically modify the inherited NTFS permissions, which may cause the directories to have less restrictive permissions than intended. | ||
| CVE-2009-2516 | Hig | 0.46 | 7.1 | 0.01 | Oct 14, 2009 | The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold and SP1, and Server 2008 Gold does not properly validate data sent from user mode, which allows local users to gain privileges via a crafted PE .exe file that triggers a NULL pointer… | ||
| CVE-2010-0488 | Med | 0.45 | 6.5 | 0.29 | Mar 31, 2010 | Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, and 7 does not properly handle unspecified "encoding strings," which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site, aka "Post Encoding Information Disclosure… | ||
| CVE-2010-0021 | Med | 0.40 | 5.9 | 0.14 | Feb 10, 2010 | Multiple race conditions in the SMB implementation in the Server service in Microsoft Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allow remote attackers to cause a denial of service (system hang) via a crafted (1) SMBv1 or (2) SMBv2… | ||
| CVE-2006-2374 | Med | 0.39 | 5.5 | 0.02 | Jun 13, 2006 | The Server Message Block (SMB) driver (MRXSMB.SYS) in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows local users to cause a denial of service (hang) by calling the MrxSmbCscIoctlCloseForCopyChunk with the file handle of the shadow device,… | ||
| CVE-2002-0725 | Med | 0.36 | 5.5 | 0.01 | Sep 5, 2002 | NTFS file system in Windows NT 4.0 and Windows 2000 SP2 allows local attackers to hide file usage activities via a hard link to the target file, which causes the link to be recorded in the audit trail instead of the target file. | ||
| CVE-2005-3170 | Med | 0.33 | 5.0 | 0.01 | Oct 6, 2005 | The LDAP client on Microsoft Windows 2000 before Update Rollup 1 for SP4 accepts certificates using LDAP Secure Sockets Layer (LDAPS) even when the Certificate Authority (CA) is not trusted, which could allow attackers to trick users into believing that they are accessing a… | ||
| CVE-2003-0352 | 0.11 | — | 0.99 | Aug 18, 2003 | Buffer overflow in a certain DCOM interface for RPC in Microsoft Windows NT 4.0, 2000, XP, and Server 2003 allows remote attackers to execute arbitrary code via a malformed message, as exploited by the Blaster/MSblast/LovSAN and Nachi/Welchia worms. | |||
| CVE-2010-0483 | 0.10 | — | 0.86 | Mar 3, 2010 | vbscript.dll in VBScript 5.1, 5.6, 5.7, and 5.8 in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2, when Internet Explorer is used, allows user-assisted remote attackers to execute arbitrary code by referencing a (1) local pathname, (2) UNC share pathname, or (3)… | |||
| CVE-2006-3439 | 0.10 | — | 0.84 | Aug 9, 2006 | Buffer overflow in the Server Service in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allows remote attackers, including anonymous users, to execute arbitrary code via a crafted RPC message, a different vulnerability than CVE-2006-1314. | |||
| CVE-2005-1983 | 0.10 | — | 0.93 | Aug 10, 2005 | Stack-based buffer overflow in the Plug and Play (PnP) service for Microsoft Windows 2000 and Windows XP Service Pack 1 allows remote attackers to execute arbitrary code via a crafted packet, and local users to gain privileges via a malicious application, as exploited by the… | |||
| CVE-2005-0356 | 0.10 | — | 0.83 | May 31, 2005 | Multiple TCP implementations with Protection Against Wrapped Sequence Numbers (PAWS) with the timestamps option enabled allow remote attackers to cause a denial of service (connection loss) via a spoofed packet with a large timer value, which causes the host to discard later… |
- risk 0.54cvss 7.8epss 0.21
Utility Manager in Windows 2000 launches winhlp32.exe while Utility Manager is running with raised privileges, which allows local users to gain system privileges via a "Shatter" style attack that sends a Windows message to cause Utility Manager to launch winhlp32 by directly…
- risk 0.52cvss 7.5epss 0.40
The Negotiate Security Software Provider (SSP) interface in Windows 2000, Windows XP, and Windows Server 2003, allows remote attackers to cause a denial of service (crash from null dereference) or execute arbitrary code via a crafted SPNEGO NegTokenInit request during…
- risk 0.51cvss 7.8epss 0.01
The Windows kernel-mode drivers in win32k.sys in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, Server 2008 Gold and SP2, Windows 7, and Server 2008 R2 "do not properly validate all callback parameters when creating a new window," which allows…
- risk 0.51cvss 7.8epss 0.01
The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly validate handles, which allows local users to gain privileges via a crafted application that triggers unspecified "actions," aka "Windows…
- risk 0.51cvss 7.5epss 0.31
The DNS client in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, and Vista uses predictable DNS transaction IDs, which allows remote attackers to spoof DNS responses.
- risk 0.51cvss 7.8epss 0.01
Windows 2000 allows local users to prevent the application of new group policy settings by opening Group Policy files with exclusive-read access.
- risk 0.51cvss 7.8epss 0.01
Task Manager in Windows 2000 does not allow local users to end processes with uppercase letters named (1) winlogon.exe, (2) csrss.exe, (3) smss.exe and (4) services.exe via the Process tab which could allow local users to install Trojan horses that cannot be stopped with the…
- risk 0.50cvss 7.5epss 0.09
By default, DNS servers on Windows NT 4.0 and Windows 2000 Server cache glue records received from non-delegated name servers, which allows remote attackers to poison the DNS cache via spoofed DNS responses.
- risk 0.49cvss 7.5epss 0.04
Macintosh clients, when using NT file system volumes on Windows 2000 SP1, create subdirectories and automatically modify the inherited NTFS permissions, which may cause the directories to have less restrictive permissions than intended.
- risk 0.46cvss 7.1epss 0.01
The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold and SP1, and Server 2008 Gold does not properly validate data sent from user mode, which allows local users to gain privileges via a crafted PE .exe file that triggers a NULL pointer…
- risk 0.45cvss 6.5epss 0.29
Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, and 7 does not properly handle unspecified "encoding strings," which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site, aka "Post Encoding Information Disclosure…
- risk 0.40cvss 5.9epss 0.14
Multiple race conditions in the SMB implementation in the Server service in Microsoft Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allow remote attackers to cause a denial of service (system hang) via a crafted (1) SMBv1 or (2) SMBv2…
- risk 0.39cvss 5.5epss 0.02
The Server Message Block (SMB) driver (MRXSMB.SYS) in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows local users to cause a denial of service (hang) by calling the MrxSmbCscIoctlCloseForCopyChunk with the file handle of the shadow device,…
- risk 0.36cvss 5.5epss 0.01
NTFS file system in Windows NT 4.0 and Windows 2000 SP2 allows local attackers to hide file usage activities via a hard link to the target file, which causes the link to be recorded in the audit trail instead of the target file.
- risk 0.33cvss 5.0epss 0.01
The LDAP client on Microsoft Windows 2000 before Update Rollup 1 for SP4 accepts certificates using LDAP Secure Sockets Layer (LDAPS) even when the Certificate Authority (CA) is not trusted, which could allow attackers to trick users into believing that they are accessing a…
- CVE-2003-0352Aug 18, 2003risk 0.11cvss —epss 0.99
Buffer overflow in a certain DCOM interface for RPC in Microsoft Windows NT 4.0, 2000, XP, and Server 2003 allows remote attackers to execute arbitrary code via a malformed message, as exploited by the Blaster/MSblast/LovSAN and Nachi/Welchia worms.
- CVE-2010-0483Mar 3, 2010risk 0.10cvss —epss 0.86
vbscript.dll in VBScript 5.1, 5.6, 5.7, and 5.8 in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2, when Internet Explorer is used, allows user-assisted remote attackers to execute arbitrary code by referencing a (1) local pathname, (2) UNC share pathname, or (3)…
- CVE-2006-3439Aug 9, 2006risk 0.10cvss —epss 0.84
Buffer overflow in the Server Service in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allows remote attackers, including anonymous users, to execute arbitrary code via a crafted RPC message, a different vulnerability than CVE-2006-1314.
- CVE-2005-1983Aug 10, 2005risk 0.10cvss —epss 0.93
Stack-based buffer overflow in the Plug and Play (PnP) service for Microsoft Windows 2000 and Windows XP Service Pack 1 allows remote attackers to execute arbitrary code via a crafted packet, and local users to gain privileges via a malicious application, as exploited by the…
- CVE-2005-0356May 31, 2005risk 0.10cvss —epss 0.83
Multiple TCP implementations with Protection Against Wrapped Sequence Numbers (PAWS) with the timestamps option enabled allow remote attackers to cause a denial of service (connection loss) via a spoofed packet with a large timer value, which causes the host to discard later…
Page 2 of 27