VYPR

Windows 2000

by Microsoft

CVEs (522)

  • CVE-2004-0209Nov 3, 2004
    risk 0.08cvss epss 0.62

    Unknown vulnerability in the Graphics Rendering Engine processes of Microsoft Windows 2000, Windows XP, and Windows Server 2003 allows remote attackers to execute arbitrary code via (1) Windows Metafile (WMF) or (2) Enhanced Metafile (EMF) image formats that involve "an…

  • CVE-2004-0212Aug 6, 2004
    risk 0.08cvss epss 0.67

    Stack-based buffer overflow in the Task Scheduler for Windows 2000 and XP, and Internet Explorer 6 on Windows NT 4.0, allows local or remote attackers to execute arbitrary code via a .job file containing long parameters, as demonstrated using Internet Explorer and accessing a…

  • CVE-2003-0717Nov 17, 2003
    risk 0.08cvss epss 0.63

    The Messenger Service for Windows NT through Server 2003 does not properly verify the length of the message, which allows remote attackers to execute arbitrary code via a buffer overflow attack.

  • CVE-2003-0605Aug 27, 2003
    risk 0.08cvss epss 0.61

    The RPC DCOM interface in Windows 2000 SP3 and SP4 allows remote attackers to cause a denial of service (crash), and local attackers to use the DoS to hijack the epmapper pipe to gain privileges, via certain messages to the __RemoteGetClassObject interface that cause a NULL…

  • CVE-1999-0504Jan 1, 1997
    risk 0.08cvss epss 0.64

    A Windows NT local user or administrator account has a default, null, blank, or missing password.

  • CVE-2010-0028Feb 10, 2010
    risk 0.07cvss epss 0.48

    Integer overflow in Microsoft Paint in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to execute arbitrary code via a crafted JPEG (.JPG) file, aka "MS Paint Integer Overflow Vulnerability."

  • CVE-2009-2514Nov 11, 2009
    risk 0.07cvss epss 0.47

    win32k.sys in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 does not correctly parse font code during construction of a directory-entry table, which allows remote attackers to execute arbitrary code via a crafted Embedded OpenType (EOT) font, aka…

  • CVE-2008-4114Sep 16, 2008
    risk 0.07cvss epss 0.49

    srv.sys in the Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to cause a denial of service (system crash) or possibly have unspecified other impact via an SMB WRITE_ANDX packet…

  • CVE-2008-3008Sep 11, 2008
    risk 0.07cvss epss 0.55

    Stack-based buffer overflow in the WMEncProfileManager ActiveX control in wmex.dll in Microsoft Windows Media Encoder 9 Series allows remote attackers to execute arbitrary code via a long first argument to the GetDetailsString method, aka "Windows Media Encoder Buffer Overrun…

  • CVE-2008-2245Aug 13, 2008
    risk 0.07cvss epss 0.46

    Heap-based buffer overflow in the InternalOpenColorProfile function in mscms.dll in Microsoft Windows Image Color Management System (MSCMS) in the Image Color Management (ICM) component on Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2 allows remote attackers to…

  • CVE-2007-3898Nov 14, 2007
    risk 0.07cvss epss 0.55

    The DNS server in Microsoft Windows 2000 Server SP4, and Server 2003 SP1 and SP2, uses predictable transaction IDs when querying other DNS servers, which allows remote attackers to spoof DNS replies, poison the DNS cache, and facilitate further attack vectors.

  • CVE-2007-3034Aug 14, 2007
    risk 0.07cvss epss 0.55

    Integer overflow in the AttemptWrite function in Graphics Rendering Engine (GDI) on Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a crafted metafile (image) with a large record length value, which triggers a…

  • CVE-2007-1765Mar 30, 2007
    risk 0.07cvss epss 0.54

    Unspecified vulnerability in Microsoft Windows 2000 SP4 through Vista allows remote attackers to execute arbitrary code or cause a denial of service (persistent reboot) via a malformed ANI file, which results in memory corruption when processing cursors, animated cursors, and…

  • CVE-2006-1315Jul 11, 2006
    risk 0.07cvss epss 0.49

    The Server Service (SRV.SYS driver) in Microsoft Windows 2000 SP4, XP SP1 and SP2, Server 2003 up to SP1, and other products, allows remote attackers to obtain sensitive information via crafted requests that leak information in SMB buffers, which are not properly initialized,…

  • CVE-2006-2379Jun 13, 2006
    risk 0.07cvss epss 0.58

    Buffer overflow in the TCP/IP Protocol driver in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows remote attackers to execute arbitrary code via unknown vectors related to IP source routing.

  • CVE-2006-0988Mar 3, 2006
    risk 0.07cvss epss 0.55

    The default configuration of the DNS Server service on Windows Server 2003 and Windows 2000, and the Microsoft DNS Server service on Windows NT 4.0, allows recursive queries and provides additional delegation information to arbitrary IP addresses, which allows remote attackers…

  • CVE-2006-0006Feb 14, 2006
    risk 0.07cvss epss 0.54

    Heap-based buffer overflow in the bitmap processing routine in Microsoft Windows Media Player 7.1 on Windows 2000 SP4, Media Player 9 on Windows 2000 SP4 and XP SP1, and Media Player 10 on XP SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted bitmap…

  • CVE-2005-2124Nov 29, 2005
    risk 0.07cvss epss 0.60

    Unspecified vulnerability in the Graphics Rendering Engine (GDI32.DLL) in Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1, related to "An unchecked buffer" and possibly buffer overflows, allows remote attackers to execute arbitrary code via a crafted Windows Metafile (WMF)…

  • CVE-2005-1978Oct 12, 2005
    risk 0.07cvss epss 0.57

    COM+ in Microsoft Windows does not properly "create and use memory structures," which allows local users or remote attackers to execute arbitrary code.

  • CVE-2005-0058Aug 10, 2005
    risk 0.07cvss epss 0.50

    Buffer overflow in the Telephony Application Programming Interface (TAPI) for Microsoft Windows 98, Windows 98 SE, Windows ME, Windows 2000, Windows XP, and Windows Server 2003 allows attackers to elevate privileges or execute arbitrary code via a crafted message.

Page 5 of 27