Windows 2000
by Microsoft
CVEs (522)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2002-1260 | 0.01 | — | 0.15 | Dec 23, 2002 | The Java Database Connectivity (JDBC) APIs in Microsoft Virtual Machine (VM) 5.0.3805 and earlier allow remote attackers to bypass security checks and access database contents via an untrusted Java applet. | |||
| CVE-2002-1258 | 0.01 | — | 0.15 | Dec 23, 2002 | Two vulnerabilities in Microsoft Virtual Machine (VM) up to and including build 5.0.3805, as used in Internet Explorer and other applications, allow remote attackers to read files via a Java applet with a spoofed location in the CODEBASE parameter in the APPLET tag, possibly due… | |||
| CVE-2002-1325 | 0.01 | — | 0.14 | Dec 23, 2002 | Microsoft Virtual Machine (VM) build 5.0.3805 and earlier allows remote attackers to determine a local user's username via a Java applet that accesses the user.dir system property, aka "User.dir Exposure Vulnerability." | |||
| CVE-2002-1257 | 0.01 | — | 0.15 | Dec 23, 2002 | Microsoft Virtual Machine (VM) up to and including build 5.0.3805 allows remote attackers to execute arbitrary code by including a Java applet that invokes COM (Component Object Model) objects in a web site or an HTML mail. | |||
| CVE-2002-0864 | 0.01 | — | 0.16 | Oct 11, 2002 | The Remote Data Protocol (RDP) version 5.1 in Microsoft Windows XP allows remote attackers to cause a denial of service (crash) when Remote Desktop is enabled via a PDU Confirm Active data packet that does not set the Pattern BLT command, aka "Denial of Service in Remote… | |||
| CVE-2002-0692 | 0.01 | — | 0.18 | Oct 10, 2002 | Buffer overflow in SmartHTML Interpreter (shtml.dll) in Microsoft FrontPage Server Extensions (FPSE) 2000 and 2002 allows remote attackers to cause a denial of service (CPU consumption) or run arbitrary code, respectively, via a certain type of web file request. | |||
| CVE-2002-0694 | 0.01 | — | 0.14 | Oct 10, 2002 | The HTML Help facility in Microsoft Windows 98, 98 Second Edition, Millennium Edition, NT 4.0, NT 4.0 Terminal Server Edition, Windows 2000, and Windows XP uses the Local Computer Security Zone when opening .chm files from the Temporary Internet Files folder, which allows remote… | |||
| CVE-2002-0699 | 0.01 | — | 0.07 | Oct 4, 2002 | Unknown vulnerability in the Certificate Enrollment ActiveX Control in Microsoft Windows 98, Windows 98 Second Edition, Windows Millennium, Windows NT 4.0, Windows 2000, and Windows XP allow remote attackers to delete digital certificates on a user's system via HTML. | |||
| CVE-2002-0070 | 0.01 | — | 0.20 | Mar 15, 2002 | Buffer overflow in Windows Shell (used as the Windows Desktop) allows local and possibly remote attackers to execute arbitrary code via a custom URL handler that has not been removed for an application that has been improperly uninstalled. | |||
| CVE-2002-0018 | 0.01 | — | 0.18 | Mar 8, 2002 | In Microsoft Windows NT and Windows 2000, a trusting domain that receives authorization information from a trusted domain does not verify that the trusted domain is authoritative for all listed SIDs, which allows remote attackers to gain Domain Administrator privileges on the… | |||
| CVE-2002-0020 | 0.01 | — | 0.19 | Mar 8, 2002 | Buffer overflow in telnet server in Windows 2000 and Interix 2.2 allows remote attackers to execute arbitrary code via malformed protocol options. | |||
| CVE-2001-0879 | 0.01 | — | 0.08 | Dec 20, 2001 | Format string vulnerability in the C runtime functions in SQL Server 7.0 and 2000 allows attackers to cause a denial of service. | |||
| CVE-2001-0543 | 0.01 | — | 0.21 | Sep 20, 2001 | Memory leak in NNTP service in Windows NT 4.0 and Windows 2000 allows remote attackers to cause a denial of service (memory exhaustion) via a large number of malformed posts. | |||
| CVE-2001-0659 | 0.01 | — | 0.09 | Sep 20, 2001 | Buffer overflow in IrDA driver providing infrared data exchange on Windows 2000 allows attackers who are physically close to the machine to cause a denial of service (reboot) via a malformed IrDA packet. | |||
| CVE-2001-0509 | 0.01 | — | 0.17 | Sep 20, 2001 | Vulnerabilities in RPC servers in (1) Microsoft Exchange Server 2000 and earlier, (2) Microsoft SQL Server 2000 and earlier, (3) Windows NT 4.0, and (4) Windows 2000 allow remote attackers to cause a denial of service via malformed inputs. | |||
| CVE-2001-0345 | 0.01 | — | 0.07 | Jul 21, 2001 | Microsoft Windows 2000 telnet service allows attackers to prevent idle Telnet sessions from timing out, causing a denial of service by creating a large number of idle sessions. | |||
| CVE-2001-0347 | 0.01 | — | 0.15 | Jul 21, 2001 | Information disclosure vulnerability in Microsoft Windows 2000 telnet service allows remote attackers to determine the existence of user accounts such as Guest, or log in to the server without specifying the domain name, via a malformed userid. | |||
| CVE-2001-0018 | 0.01 | — | 0.20 | Jul 21, 2001 | Windows 2000 domain controller in Windows 2000 Server, Advanced Server, or Datacenter Server allows remote attackers to cause a denial of service via a flood of malformed service requests. | |||
| CVE-2001-0238 | 0.01 | — | 0.16 | Jul 2, 2001 | Microsoft Data Access Component Internet Publishing Provider 8.103.2519.0 and earlier allows remote attackers to bypass Security Zone restrictions via WebDAV requests. | |||
| CVE-2001-0237 | 0.01 | — | 0.20 | Jun 27, 2001 | Memory leak in Microsoft 2000 domain controller allows remote attackers to cause a denial of service by repeatedly connecting to the Kerberos service and then disconnecting without sending any data. |
- CVE-2002-1260Dec 23, 2002risk 0.01cvss —epss 0.15
The Java Database Connectivity (JDBC) APIs in Microsoft Virtual Machine (VM) 5.0.3805 and earlier allow remote attackers to bypass security checks and access database contents via an untrusted Java applet.
- CVE-2002-1258Dec 23, 2002risk 0.01cvss —epss 0.15
Two vulnerabilities in Microsoft Virtual Machine (VM) up to and including build 5.0.3805, as used in Internet Explorer and other applications, allow remote attackers to read files via a Java applet with a spoofed location in the CODEBASE parameter in the APPLET tag, possibly due…
- CVE-2002-1325Dec 23, 2002risk 0.01cvss —epss 0.14
Microsoft Virtual Machine (VM) build 5.0.3805 and earlier allows remote attackers to determine a local user's username via a Java applet that accesses the user.dir system property, aka "User.dir Exposure Vulnerability."
- CVE-2002-1257Dec 23, 2002risk 0.01cvss —epss 0.15
Microsoft Virtual Machine (VM) up to and including build 5.0.3805 allows remote attackers to execute arbitrary code by including a Java applet that invokes COM (Component Object Model) objects in a web site or an HTML mail.
- CVE-2002-0864Oct 11, 2002risk 0.01cvss —epss 0.16
The Remote Data Protocol (RDP) version 5.1 in Microsoft Windows XP allows remote attackers to cause a denial of service (crash) when Remote Desktop is enabled via a PDU Confirm Active data packet that does not set the Pattern BLT command, aka "Denial of Service in Remote…
- CVE-2002-0692Oct 10, 2002risk 0.01cvss —epss 0.18
Buffer overflow in SmartHTML Interpreter (shtml.dll) in Microsoft FrontPage Server Extensions (FPSE) 2000 and 2002 allows remote attackers to cause a denial of service (CPU consumption) or run arbitrary code, respectively, via a certain type of web file request.
- CVE-2002-0694Oct 10, 2002risk 0.01cvss —epss 0.14
The HTML Help facility in Microsoft Windows 98, 98 Second Edition, Millennium Edition, NT 4.0, NT 4.0 Terminal Server Edition, Windows 2000, and Windows XP uses the Local Computer Security Zone when opening .chm files from the Temporary Internet Files folder, which allows remote…
- CVE-2002-0699Oct 4, 2002risk 0.01cvss —epss 0.07
Unknown vulnerability in the Certificate Enrollment ActiveX Control in Microsoft Windows 98, Windows 98 Second Edition, Windows Millennium, Windows NT 4.0, Windows 2000, and Windows XP allow remote attackers to delete digital certificates on a user's system via HTML.
- CVE-2002-0070Mar 15, 2002risk 0.01cvss —epss 0.20
Buffer overflow in Windows Shell (used as the Windows Desktop) allows local and possibly remote attackers to execute arbitrary code via a custom URL handler that has not been removed for an application that has been improperly uninstalled.
- CVE-2002-0018Mar 8, 2002risk 0.01cvss —epss 0.18
In Microsoft Windows NT and Windows 2000, a trusting domain that receives authorization information from a trusted domain does not verify that the trusted domain is authoritative for all listed SIDs, which allows remote attackers to gain Domain Administrator privileges on the…
- CVE-2002-0020Mar 8, 2002risk 0.01cvss —epss 0.19
Buffer overflow in telnet server in Windows 2000 and Interix 2.2 allows remote attackers to execute arbitrary code via malformed protocol options.
- CVE-2001-0879Dec 20, 2001risk 0.01cvss —epss 0.08
Format string vulnerability in the C runtime functions in SQL Server 7.0 and 2000 allows attackers to cause a denial of service.
- CVE-2001-0543Sep 20, 2001risk 0.01cvss —epss 0.21
Memory leak in NNTP service in Windows NT 4.0 and Windows 2000 allows remote attackers to cause a denial of service (memory exhaustion) via a large number of malformed posts.
- CVE-2001-0659Sep 20, 2001risk 0.01cvss —epss 0.09
Buffer overflow in IrDA driver providing infrared data exchange on Windows 2000 allows attackers who are physically close to the machine to cause a denial of service (reboot) via a malformed IrDA packet.
- CVE-2001-0509Sep 20, 2001risk 0.01cvss —epss 0.17
Vulnerabilities in RPC servers in (1) Microsoft Exchange Server 2000 and earlier, (2) Microsoft SQL Server 2000 and earlier, (3) Windows NT 4.0, and (4) Windows 2000 allow remote attackers to cause a denial of service via malformed inputs.
- CVE-2001-0345Jul 21, 2001risk 0.01cvss —epss 0.07
Microsoft Windows 2000 telnet service allows attackers to prevent idle Telnet sessions from timing out, causing a denial of service by creating a large number of idle sessions.
- CVE-2001-0347Jul 21, 2001risk 0.01cvss —epss 0.15
Information disclosure vulnerability in Microsoft Windows 2000 telnet service allows remote attackers to determine the existence of user accounts such as Guest, or log in to the server without specifying the domain name, via a malformed userid.
- CVE-2001-0018Jul 21, 2001risk 0.01cvss —epss 0.20
Windows 2000 domain controller in Windows 2000 Server, Advanced Server, or Datacenter Server allows remote attackers to cause a denial of service via a flood of malformed service requests.
- CVE-2001-0238Jul 2, 2001risk 0.01cvss —epss 0.16
Microsoft Data Access Component Internet Publishing Provider 8.103.2519.0 and earlier allows remote attackers to bypass Security Zone restrictions via WebDAV requests.
- CVE-2001-0237Jun 27, 2001risk 0.01cvss —epss 0.20
Memory leak in Microsoft 2000 domain controller allows remote attackers to cause a denial of service by repeatedly connecting to the Kerberos service and then disconnecting without sending any data.
Page 20 of 27