Vulnerabilities (CVE)

Filtered by vendor Microsoft Subscribe
Filtered by product Windows 2000
Total 634 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2005-0551 1 Microsoft 3 Windows 2000, Windows 2003 Server, Windows Xp 2024-02-28 10.0 HIGH N/A
Stack-based buffer overflow in WINSRV.DLL in the Client Server Runtime System (CSRSS) process of Microsoft Windows 2000, Windows XP SP1 and SP2, and Windows Server 2003 allows local users to gain privileges via a specially-designed application that provides console window information with a long FaceName value.
CVE-2006-2380 1 Microsoft 1 Windows 2000 2024-02-28 4.3 MEDIUM N/A
Microsoft Windows 2000 SP4 does not properly validate an RPC server during mutual authentication over SSL, which allows remote attackers to spoof an RPC server, aka the "RPC Mutual Authentication Vulnerability."
CVE-2005-2120 1 Microsoft 2 Windows 2000, Windows Xp 2024-02-28 6.5 MEDIUM N/A
Stack-based buffer overflow in the Plug and Play (PnP) service (UMPNPMGR.DLL) in Microsoft Windows 2000 SP4, and XP SP1 and SP2, allows remote or local authenticated attackers to execute arbitrary code via a large number of "\" (backslash) characters in a registry key name, which triggers the overflow in a wsprintfW function call.
CVE-2005-0057 1 Microsoft 6 Windows 2000, Windows 2003 Server, Windows 98 and 3 more 2024-02-28 7.5 HIGH N/A
The Hyperlink Object Library for Windows 98, 2000, XP, and Server 2003 allows remote attackers to execute arbitrary code via a crafted link that triggers an "unchecked buffer" in the library, possibly due to a buffer overflow.
CVE-2004-0568 1 Microsoft 4 Windows 2000, Windows 2003 Server, Windows Nt and 1 more 2024-02-28 10.0 HIGH N/A
HyperTerminal application for Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 does not properly validate the length of a value that is saved in a session file, which allows remote attackers to execute arbitrary code via a malicious HyperTerminal session file (.ht), web site, or Telnet URL contained in an e-mail message, triggering a buffer overflow.
CVE-2005-1191 1 Microsoft 4 Windows 2000, Windows 98, Windows 98se and 1 more 2024-02-28 5.0 MEDIUM N/A
The Web View DLL (webvw.dll), as used in Windows Explorer on Windows 2000 systems, does not properly filter an apostrophe ("'") in the author name in a document, which allows attackers to execute arbitrary script via extra attributes when Web View constructs a mailto: link for the preview pane when the user selects the file.
CVE-2006-2370 1 Microsoft 3 Windows 2000, Windows 2003 Server, Windows Xp 2024-02-28 7.5 HIGH N/A
Buffer overflow in the Routing and Remote Access service (RRAS) in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows remote unauthenticated or authenticated attackers to execute arbitrary code via certain crafted "RPC related requests," aka the "RRAS Memory Corruption Vulnerability."
CVE-2004-0978 1 Microsoft 7 Internet Explorer, Windows 2000, Windows 98se and 4 more 2024-02-28 10.0 HIGH N/A
Heap-based buffer overflow in the Hrtbeat.ocx (Heartbeat) ActiveX control for Internet Explorer 5.01 through 6, when users who visit online gaming sites that are associated with MSN, allows remote attackers to execute arbitrary code via the SetupData parameter.
CVE-2006-3942 1 Microsoft 3 Windows 2000, Windows 2003 Server, Windows Xp 2024-02-28 7.8 HIGH N/A
The server driver (srv.sys) in Microsoft Windows NT 4.0, 2000, XP, and Server 2003 allows remote attackers to cause a denial of service (system crash) via an SMB_COM_TRANSACTION SMB message that contains a string without null character termination, which leads to a NULL dereference in the ExecuteTransaction function, possibly related to an "SMB PIPE," aka the "Mailslot DOS" vulnerability. NOTE: the name "Mailslot DOS" was derived from incomplete initial research; the vulnerability is not associated with a mailslot.
CVE-2006-0005 1 Microsoft 7 Windows-nt, Windows 2000, Windows 2000 Advanced Server and 4 more 2024-02-28 9.3 HIGH N/A
Buffer overflow in the plug-in for Microsoft Windows Media Player (WMP) 9 and 10, when used in browsers other than Internet Explorer and set as the default application to handle media files, allows remote attackers to execute arbitrary code via HTML with an EMBED element containing a long src attribute.
CVE-2005-3171 1 Microsoft 1 Windows 2000 2024-02-28 4.6 MEDIUM N/A
Microsoft Windows 2000 before Update Rollup 1 for SP4 records Event ID 1704 to indicate that Group Policy security settings were successfully updated, even when the processing fails such as when Ntuser.pol cannot be accessed, which could cause system administrators to believe that the system is compliant with the specified settings.
CVE-2005-1208 1 Microsoft 4 Windows 2000, Windows 2003 Server, Windows 98 and 1 more 2024-02-28 10.0 HIGH N/A
Integer overflow in Microsoft Windows 98, 2000, XP SP2 and earlier, and Server 2003 SP1 and earlier allows remote attackers to execute arbitrary code via a crafted compiled Help (.CHM) file with a large size field that triggers a heap-based buffer overflow, as demonstrated using a "ms-its:" URL in Internet Explorer.
CVE-2005-2123 1 Microsoft 3 Windows 2000, Windows 2003 Server, Windows Xp 2024-02-28 7.5 HIGH N/A
Multiple integer overflows in the Graphics Rendering Engine (GDI32.DLL) in Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allow remote attackers to execute arbitrary code via crafted Windows Metafile (WMF) and Enhanced Metafile (EMF) format images that lead to heap-based buffer overflows, as demonstrated using MRBP16::bCheckRecord.
CVE-2005-1983 1 Microsoft 2 Windows 2000, Windows Xp 2024-02-28 10.0 HIGH N/A
Stack-based buffer overflow in the Plug and Play (PnP) service for Microsoft Windows 2000 and Windows XP Service Pack 1 allows remote attackers to execute arbitrary code via a crafted packet, and local users to gain privileges via a malicious application, as exploited by the Zotob (aka Mytob) worm.
CVE-2005-1982 1 Microsoft 3 Windows 2000, Windows 2003 Server, Windows Xp 2024-02-28 3.6 LOW N/A
Unknown vulnerability in the PKINIT Protocol for Microsoft Windows 2000, Windows XP, and Windows Server 2003 could allow a local user to obtain information and spoof a server via a man-in-the-middle (MITM) attack between a client and a domain controller when PKINIT smart card authentication is being used.
CVE-2006-0032 1 Microsoft 3 Windows 2000, Windows 2003 Server, Windows Xp 2024-02-28 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the Indexing Service in Microsoft Windows 2000, XP, and Server 2003, when the Encoding option is set to Auto Select, allows remote attackers to inject arbitrary web script or HTML via a UTF-7 encoded URL, which is injected into an error message whose charset is set to UTF-7.
CVE-2005-2307 1 Microsoft 2 Windows 2000, Windows Xp 2024-02-28 5.0 MEDIUM N/A
netman.dll in Microsoft Windows Connections Manager Library allows local users to cause a denial of service (Network Connections Service crash) via a large integer argument to a particular function, aka "Network Connection Manager Vulnerability."
CVE-2006-3897 1 Microsoft 2 Internet Explorer, Windows 2000 2024-02-28 5.0 MEDIUM N/A
Stack overflow in Microsoft Internet Explorer 6 on Windows 2000 allows remote attackers to cause a denial of service (application crash) by creating an NMSA.ASFSourceMediaDescription.1 ActiveX object with a long dispValue property.
CVE-2004-0894 1 Microsoft 3 Windows 2000, Windows 2003 Server, Windows Xp 2024-02-28 7.2 HIGH N/A
LSASS (Local Security Authority Subsystem Service) of Windows 2000 Server and Windows Server 2003 does not properly validate connection information, which allows local users to gain privileges via a specially-designed program.
CVE-2005-0058 1 Microsoft 6 Windows 2000, Windows 2003 Server, Windows 98 and 3 more 2024-02-28 7.5 HIGH N/A
Buffer overflow in the Telephony Application Programming Interface (TAPI) for Microsoft Windows 98, Windows 98 SE, Windows ME, Windows 2000, Windows XP, and Windows Server 2003 allows attackers to elevate privileges or execute arbitrary code via a crafted message.