VYPR

Windows 2000

by Microsoft

CVEs (522)

  • CVE-2002-0366Jul 3, 2002
    risk 0.00cvss epss 0.03

    Buffer overflow in Remote Access Service (RAS) phonebook for Windows NT 4.0, 2000, XP, and Routing and Remote Access Server (RRAS) allows local users to execute arbitrary code by modifying the rasphone.pbk file to use a long dial-up entry.

  • CVE-2002-0151Apr 4, 2002
    risk 0.00cvss epss 0.04

    Buffer overflow in Multiple UNC Provider (MUP) in Microsoft Windows operating systems allows local users to cause a denial of service or possibly gain SYSTEM privileges via a long UNC request.

  • CVE-2001-1517Dec 31, 2001
    risk 0.00cvss epss 0.02

    RunAs (runas.exe) in Windows 2000 stores cleartext authentication information in memory, which could allow attackers to obtain usernames and passwords by executing a process that is allocated the same memory page after termination of a RunAs command. NOTE: the vendor disputes…

  • CVE-2001-0860Dec 6, 2001
    risk 0.00cvss epss 0.05

    Terminal Services Manager MMC in Windows 2000 and XP trusts the Client Address (IP address) that is provided by the client instead of obtaining it from the packet headers, which allows clients to spoof their public IP address, e.g. through a Network Address Translation (NAT).

  • CVE-2001-1288Jul 27, 2001
    risk 0.00cvss epss 0.06

    Windows 2000 and Windows NT allows local users to cause a denial of service (reboot) by executing a command at the command prompt and pressing the F7 and enter keys several times while the command is executing, possibly related to an exception handling error in csrss.exe.

  • CVE-2001-0346Jul 21, 2001
    risk 0.00cvss epss 0.06

    Handle leak in Microsoft Windows 2000 telnet service allows attackers to cause a denial of service by starting a large number of sessions and terminating them.

  • CVE-2001-0350Jul 21, 2001
    risk 0.00cvss epss 0.01

    Microsoft Windows 2000 telnet service creates named pipes with predictable names and does not properly verify them, which allows local users to execute arbitrary commands by creating a named pipe with the predictable name and associating a malicious program with it, the second…

  • CVE-2001-0502Jul 21, 2001
    risk 0.00cvss epss 0.02

    Running Windows 2000 LDAP Server over SSL, a function does not properly check the permissions of a user request when the directory principal is a domain user and the data attribute is the domain password, which allows local users to modify the login password of other users.

  • CVE-2001-0349Jul 21, 2001
    risk 0.00cvss epss 0.02

    Microsoft Windows 2000 telnet service creates named pipes with predictable names and does not properly verify them, which allows local users to execute arbitrary commands by creating a named pipe with the predictable name and associating a malicious program with it, the first of…

  • CVE-2001-0351Jul 21, 2001
    risk 0.00cvss epss 0.02

    Microsoft Windows 2000 telnet service allows a local user to make a certain system call that allows the user to terminate a Telnet session and cause a denial of service.

  • CVE-2001-1302Jul 18, 2001
    risk 0.00cvss epss 0.01

    The change password option in the Windows Security interface for Windows 2000 allows attackers to use the option to attempt to change passwords of other users on other systems or identify valid accounts by monitoring error messages, possibly due to a problem in the…

  • CVE-2001-1244Jul 7, 2001
    risk 0.00cvss epss 0.35

    Multiple TCP implementations could allow remote attackers to cause a denial of service (bandwidth and CPU exhaustion) by setting the maximum segment size (MSS) to a very small number and requesting large amounts of data, which generates more packets with less TCP-level data that…

  • CVE-2001-0373Jun 18, 2001
    risk 0.00cvss epss 0.03

    The default configuration of the Dr. Watson program in Windows NT and Windows 2000 generates user.dmp crash dump files with world-readable permissions, which could allow a local user to gain access to sensitive information.

  • CVE-2001-0261Jun 2, 2001
    risk 0.00cvss epss 0.03

    Microsoft Windows 2000 Encrypted File System does not properly destroy backups of files that are encrypted, which allows a local attacker to recover the text of encrypted files.

  • CVE-2001-0015Mar 12, 2001
    risk 0.00cvss epss 0.04

    Network Dynamic Data Exchange (DDE) in Windows 2000 allows local users to gain SYSTEM privileges via a "WM_COPYDATA" message to an invisible window that is running with the privileges of the WINLOGON process.

  • CVE-2001-0046Feb 16, 2001
    risk 0.00cvss epss 0.05

    The default permissions for the SNMP Parameters registry key in Windows NT 4.0 allows remote attackers to read and possibly modify the SNMP community strings to obtain sensitive information or modify network configuration, aka one of the "Registry Permissions" vulnerabilities.

  • CVE-2001-0048Feb 12, 2001
    risk 0.00cvss epss 0.02

    The "Configure Your Server" tool in Microsoft 2000 domain controllers installs a blank password for the Directory Service Restore Mode, which allows attackers with physical access to the controller to install malicious programs, aka the "Directory Service Restore Mode Password"…

  • CVE-2000-0933Dec 19, 2000
    risk 0.00cvss epss 0.02

    The Input Method Editor (IME) in the Simplified Chinese version of Windows 2000 does not disable access to privileged functionality that should normally be restricted, which allows local users to gain privileges, aka the "Simplified Chinese IME State Recognition" vulnerability.

  • CVE-2000-1217Nov 21, 2000
    risk 0.00cvss epss 0.02

    Microsoft Windows 2000 before Service Pack 2 (SP2), when running in a non-Windows 2000 domain and using NTLM authentication, and when credentials of an account are locally cached, allows local users to bypass account lockout policies and make an unlimited number of login…

  • CVE-2000-0771Oct 20, 2000
    risk 0.00cvss epss 0.02

    Microsoft Windows 2000 allows local users to cause a denial of service by corrupting the local security policy via malformed RPC traffic, aka the "Local Security Policy Corruption" vulnerability.