Terminal Server
by Microsoft
CVEs (13)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2005-1794 | Hig | 0.49 | 7.4 | 0.16 | Jun 1, 2005 | Microsoft Terminal Server using Remote Desktop Protocol (RDP) 5.2 stores an RSA private key in mstlsapi.dll and uses it to sign a certificate, which allows remote attackers to spoof public keys of legitimate servers and conduct man-in-the-middle attacks. | ||
| CVE-2000-0305 | 0.06 | — | 0.44 | May 19, 2000 | Windows 95, Windows 98, Windows 2000, Windows NT 4.0, and Terminal Server systems allow a remote attacker to cause a denial of service by sending a large number of identical fragmented IP packets, aka jolt2 or the "IP Fragment Reassembly" vulnerability. | |||
| CVE-2001-0540 | 0.05 | — | 0.71 | Oct 30, 2001 | Memory leak in Terminal servers in Windows NT and Windows 2000 allows remote attackers to cause a denial of service (memory exhaustion) via a large number of malformed Remote Desktop Protocol (RDP) requests to port 3389. | |||
| CVE-2000-0232 | 0.03 | — | 0.04 | Mar 30, 2000 | Microsoft TCP/IP Printing Services, aka Print Services for Unix, allows an attacker to cause a denial of service via a malformed TCP/IP print request. | |||
| CVE-2007-2593 | 0.01 | — | 0.09 | May 11, 2007 | The Terminal Server in Microsoft Windows 2003 Server, when using TLS, allows remote attackers to bypass SSL and self-signed certificate requirements, downgrade the server security, and possibly conduct man-in-the-middle attacks via unspecified vectors, as demonstrated using the… | |||
| CVE-2006-4465 | 0.01 | — | 0.09 | Aug 31, 2006 | Microsoft Terminal Server, when running an application session with the "Start program at logon" and "Override settings from user profile and Client Connection Manager wizard" options, allows local users to execute arbitrary code by forcing an Explorer error. NOTE: a… | |||
| CVE-2000-0404 | 0.01 | — | 0.20 | May 25, 2000 | The CIFS Computer Browser service allows remote attackers to cause a denial of service by sending a ResetBrowser frame to the Master Browser, aka the "ResetBrowser Frame" vulnerability. | |||
| CVE-2000-0331 | 0.01 | — | 0.08 | Apr 20, 2000 | Buffer overflow in Microsoft command processor (CMD.EXE) for Windows NT and Windows 2000 allows a local user to cause a denial of service via a long environment variable, aka the "Malformed Environment Variable" vulnerability. | |||
| CVE-1999-0909 | 0.01 | — | 0.12 | Sep 20, 1999 | Multihomed Windows systems allow a remote attacker to bypass IP source routing restrictions via a malformed packet with IP options, aka the "Spoofed Route Pointer" vulnerability. | |||
| CVE-2000-0259 | 0.00 | — | 0.01 | Apr 12, 2000 | The default permissions for the Cryptography\Offload registry key used by the OffloadModExpo in Windows NT 4.0 allows local users to obtain compromise the cryptographic keys of other users. | |||
| CVE-2000-0089 | 0.00 | — | 0.02 | Feb 4, 2000 | The rdisk utility in Microsoft Terminal Server Edition and Windows NT 4.0 stores registry hive information in a temporary file with permissions that allow local users to read it, aka the "RDISK Registry Enumeration File" vulnerability. | |||
| CVE-1999-0680 | 0.00 | — | 0.06 | Aug 9, 1999 | Windows NT Terminal Server performs extra work when a client opens a new connection but before it is authenticated, allowing for a denial of service. | |||
| CVE-1999-0391 | 0.00 | — | 0.05 | Jan 5, 1999 | The cryptographic challenge of SMB authentication in Windows 95 and Windows 98 can be reused, allowing an attacker to replay the response and impersonate a user. |
- risk 0.49cvss 7.4epss 0.16
Microsoft Terminal Server using Remote Desktop Protocol (RDP) 5.2 stores an RSA private key in mstlsapi.dll and uses it to sign a certificate, which allows remote attackers to spoof public keys of legitimate servers and conduct man-in-the-middle attacks.
- CVE-2000-0305May 19, 2000risk 0.06cvss —epss 0.44
Windows 95, Windows 98, Windows 2000, Windows NT 4.0, and Terminal Server systems allow a remote attacker to cause a denial of service by sending a large number of identical fragmented IP packets, aka jolt2 or the "IP Fragment Reassembly" vulnerability.
- CVE-2001-0540Oct 30, 2001risk 0.05cvss —epss 0.71
Memory leak in Terminal servers in Windows NT and Windows 2000 allows remote attackers to cause a denial of service (memory exhaustion) via a large number of malformed Remote Desktop Protocol (RDP) requests to port 3389.
- CVE-2000-0232Mar 30, 2000risk 0.03cvss —epss 0.04
Microsoft TCP/IP Printing Services, aka Print Services for Unix, allows an attacker to cause a denial of service via a malformed TCP/IP print request.
- CVE-2007-2593May 11, 2007risk 0.01cvss —epss 0.09
The Terminal Server in Microsoft Windows 2003 Server, when using TLS, allows remote attackers to bypass SSL and self-signed certificate requirements, downgrade the server security, and possibly conduct man-in-the-middle attacks via unspecified vectors, as demonstrated using the…
- CVE-2006-4465Aug 31, 2006risk 0.01cvss —epss 0.09
Microsoft Terminal Server, when running an application session with the "Start program at logon" and "Override settings from user profile and Client Connection Manager wizard" options, allows local users to execute arbitrary code by forcing an Explorer error. NOTE: a…
- CVE-2000-0404May 25, 2000risk 0.01cvss —epss 0.20
The CIFS Computer Browser service allows remote attackers to cause a denial of service by sending a ResetBrowser frame to the Master Browser, aka the "ResetBrowser Frame" vulnerability.
- CVE-2000-0331Apr 20, 2000risk 0.01cvss —epss 0.08
Buffer overflow in Microsoft command processor (CMD.EXE) for Windows NT and Windows 2000 allows a local user to cause a denial of service via a long environment variable, aka the "Malformed Environment Variable" vulnerability.
- CVE-1999-0909Sep 20, 1999risk 0.01cvss —epss 0.12
Multihomed Windows systems allow a remote attacker to bypass IP source routing restrictions via a malformed packet with IP options, aka the "Spoofed Route Pointer" vulnerability.
- CVE-2000-0259Apr 12, 2000risk 0.00cvss —epss 0.01
The default permissions for the Cryptography\Offload registry key used by the OffloadModExpo in Windows NT 4.0 allows local users to obtain compromise the cryptographic keys of other users.
- CVE-2000-0089Feb 4, 2000risk 0.00cvss —epss 0.02
The rdisk utility in Microsoft Terminal Server Edition and Windows NT 4.0 stores registry hive information in a temporary file with permissions that allow local users to read it, aka the "RDISK Registry Enumeration File" vulnerability.
- CVE-1999-0680Aug 9, 1999risk 0.00cvss —epss 0.06
Windows NT Terminal Server performs extra work when a client opens a new connection but before it is authenticated, allowing for a denial of service.
- CVE-1999-0391Jan 5, 1999risk 0.00cvss —epss 0.05
The cryptographic challenge of SMB authentication in Windows 95 and Windows 98 can be reused, allowing an attacker to replay the response and impersonate a user.