Total
634 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2004-0214 | 1 Microsoft | 5 Internet Explorer, Windows 2000, Windows 98 and 2 more | 2024-11-20 | 10.0 HIGH | N/A |
Buffer overflow in Microsoft Internet Explorer and Explorer on Windows XP SP1, WIndows 2000, Windows 98, and Windows Me may allow remote malicious servers to cause a denial of service (application crash) and possibly execute arbitrary code via long share names, as demonstrated using Samba. | |||||
CVE-2004-0213 | 1 Microsoft | 1 Windows 2000 | 2024-11-20 | 7.2 HIGH | 7.8 HIGH |
Utility Manager in Windows 2000 launches winhlp32.exe while Utility Manager is running with raised privileges, which allows local users to gain system privileges via a "Shatter" style attack that sends a Windows message to cause Utility Manager to launch winhlp32 by directly accessing the context sensitive help and bypassing the GUI, then sending another message to winhlp32 in order to open a user-selected file, a different vulnerability than CVE-2003-0908. | |||||
CVE-2004-0212 | 2 Avaya, Microsoft | 8 Definity One Media Server, Ip600 Media Servers, Modular Messaging Message Storage Server and 5 more | 2024-11-20 | 10.0 HIGH | N/A |
Stack-based buffer overflow in the Task Scheduler for Windows 2000 and XP, and Internet Explorer 6 on Windows NT 4.0, allows local or remote attackers to execute arbitrary code via a .job file containing long parameters, as demonstrated using Internet Explorer and accessing a .job file on an anonymous share. | |||||
CVE-2004-0210 | 1 Microsoft | 3 Interix, Windows 2000, Windows Nt | 2024-11-20 | 7.2 HIGH | 7.8 HIGH |
The POSIX component of Microsoft Windows NT and Windows 2000 allows local users to execute arbitrary code via certain parameters, possibly by modifying message length values and causing a buffer overflow. | |||||
CVE-2004-0209 | 1 Microsoft | 3 Windows 2000, Windows 2003 Server, Windows Xp | 2024-11-20 | 10.0 HIGH | N/A |
Unknown vulnerability in the Graphics Rendering Engine processes of Microsoft Windows 2000, Windows XP, and Windows Server 2003 allows remote attackers to execute arbitrary code via (1) Windows Metafile (WMF) or (2) Enhanced Metafile (EMF) image formats that involve "an unchecked buffer." | |||||
CVE-2004-0208 | 1 Microsoft | 4 Windows 2000, Windows 2003 Server, Windows Nt and 1 more | 2024-11-20 | 7.2 HIGH | N/A |
The Virtual DOS Machine (VDM) subsystem of Microsoft Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows local users to access kernel memory and gain privileges via a malicious program that modified some system structures in a way that is not properly validated by privileged operating system functions. | |||||
CVE-2004-0207 | 1 Microsoft | 5 Windows 2000, Windows 2003 Server, Windows 98 and 2 more | 2024-11-20 | 2.1 LOW | N/A |
"Shatter" style vulnerability in the Window Management application programming interface (API) for Microsoft Windows 98, Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows local users to gain privileges by using certain API functions to change properties of privileged programs using the SetWindowLong and SetWIndowLongPtr API functions. | |||||
CVE-2004-0206 | 1 Microsoft | 5 Windows 2000, Windows 2003 Server, Windows 98 and 2 more | 2024-11-20 | 7.5 HIGH | N/A |
Network Dynamic Data Exchange (NetDDE) services for Microsoft Windows 98, Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows attackers to remotely execute arbitrary code or locally gain privileges via a malicious message or application that involves an "unchecked buffer," possibly a buffer overflow. | |||||
CVE-2004-0202 | 1 Microsoft | 7 Directx, Windows 2000, Windows 2003 Server and 4 more | 2024-11-20 | 5.0 MEDIUM | N/A |
IDirectPlay4 Application Programming Interface (API) of Microsoft DirectPlay 7.0a thru 9.0b, as used in Windows Server 2003 and earlier allows remote attackers to cause a denial of service (application crash) via a malformed packet. | |||||
CVE-2004-0201 | 2 Avaya, Microsoft | 11 Definity One Media Server, Ip600 Media Servers, Modular Messaging Message Storage Server and 8 more | 2024-11-20 | 10.0 HIGH | N/A |
Heap-based buffer overflow in the HtmlHelp program (hh.exe) in HTML Help for Microsoft Windows 98, Me, NT 4.0, 2000, XP, and Server 2003 allows remote attackers to execute arbitrary commands via a .CHM file with a large length field, a different vulnerability than CVE-2003-1041. | |||||
CVE-2004-0124 | 1 Microsoft | 4 Windows 2000, Windows 2003 Server, Windows Nt and 1 more | 2024-11-20 | 2.6 LOW | N/A |
The DCOM RPC interface for Microsoft Windows NT 4.0, 2000, XP, and Server 2003 allows remote attackers to cause network communications via an "alter context" call that contains additional data, aka the "Object Identity Vulnerability." | |||||
CVE-2004-0123 | 1 Microsoft | 7 Windows 2000, Windows 2003 Server, Windows 98 and 4 more | 2024-11-20 | 7.5 HIGH | N/A |
Double free vulnerability in the ASN.1 library as used in Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003, allows remote attackers to cause a denial of service and possibly execute arbitrary code. | |||||
CVE-2004-0120 | 1 Microsoft | 3 Windows 2000, Windows 2003 Server, Windows Xp | 2024-11-20 | 5.0 MEDIUM | N/A |
The Microsoft Secure Sockets Layer (SSL) library, as used in Windows 2000, Windows XP, and Windows Server 2003, allows remote attackers to cause a denial of service via malformed SSL messages. | |||||
CVE-2004-0119 | 1 Microsoft | 3 Windows 2000, Windows Server 2003, Windows Xp | 2024-11-20 | 7.5 HIGH | 7.5 HIGH |
The Negotiate Security Software Provider (SSP) interface in Windows 2000, Windows XP, and Windows Server 2003, allows remote attackers to cause a denial of service (crash from null dereference) or execute arbitrary code via a crafted SPNEGO NegTokenInit request during authentication protocol selection. | |||||
CVE-2004-0118 | 1 Microsoft | 2 Windows 2000, Windows Nt | 2024-11-20 | 7.2 HIGH | N/A |
The component for the Virtual DOS Machine (VDM) subsystem in Windows NT 4.0 and Windows 2000 does not properly validate system structures, which allows local users to access protected kernel memory and execute arbitrary code. | |||||
CVE-2004-0117 | 1 Microsoft | 6 Netmeeting, Windows 2000, Windows 2003 Server and 3 more | 2024-11-20 | 7.5 HIGH | N/A |
Unknown vulnerability in the H.323 protocol implementation in Windows 98, Windows 2000, Windows XP, and Windows Server 2003 allows remote attackers to execute arbitrary code. | |||||
CVE-2004-0116 | 1 Microsoft | 3 Windows 2000, Windows 2003 Server, Windows Xp | 2024-11-20 | 5.0 MEDIUM | N/A |
An Activation function in the RPCSS Service involved with DCOM activation for Microsoft Windows 2000, XP, and 2003 allows remote attackers to cause a denial of service (memory consumption) via an activation request with a large length field. | |||||
CVE-2003-1544 | 1 Microsoft | 1 Windows 2000 | 2024-11-20 | 6.8 MEDIUM | N/A |
Unrestricted critical resource lock in Terminal Services for Windows 2000 before SP4 and Windows XP allows remote authenticated users to cause a denial of service (reboot) by obtaining a read lock on msgina.dll, which prevents msgina.dll from being loaded. | |||||
CVE-2003-1469 | 2 Macromedia, Microsoft | 5 Coldfusion, Coldfusion Professional, Windows 2000 and 2 more | 2024-11-20 | 5.0 MEDIUM | N/A |
The default configuration of ColdFusion MX has the "Enable Robust Exception Information" option selected, which allows remote attackers to obtain the full path of the web server via a direct request to CFIDE/probe.cfm, which leaks the path in an error message. | |||||
CVE-2003-1448 | 1 Microsoft | 1 Windows 2000 | 2024-11-20 | 7.8 HIGH | N/A |
Memory leak in the Windows 2000 kernel allows remote attackers to cause a denial of service (SMB request hang) via a NetBIOS continuation packet. |