Vulnerabilities (CVE)

Filtered by vendor Microsoft Subscribe
Filtered by product Windows 2000
Total 634 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2004-0206 1 Microsoft 5 Windows 2000, Windows 2003 Server, Windows 98 and 2 more 2024-02-28 7.5 HIGH N/A
Network Dynamic Data Exchange (NetDDE) services for Microsoft Windows 98, Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows attackers to remotely execute arbitrary code or locally gain privileges via a malicious message or application that involves an "unchecked buffer," possibly a buffer overflow.
CVE-2000-0331 1 Microsoft 3 Terminal Server, Windows 2000, Windows Nt 2024-02-28 5.0 MEDIUM N/A
Buffer overflow in Microsoft command processor (CMD.EXE) for Windows NT and Windows 2000 allows a local user to cause a denial of service via a long environment variable, aka the "Malformed Environment Variable" vulnerability.
CVE-2001-0860 1 Microsoft 2 Windows 2000, Windows Xp 2024-02-28 7.5 HIGH N/A
Terminal Services Manager MMC in Windows 2000 and XP trusts the Client Address (IP address) that is provided by the client instead of obtaining it from the packet headers, which allows clients to spoof their public IP address, e.g. through a Network Address Translation (NAT).
CVE-2001-0351 1 Microsoft 1 Windows 2000 2024-02-28 2.1 LOW N/A
Microsoft Windows 2000 telnet service allows a local user to make a certain system call that allows the user to terminate a Telnet session and cause a denial of service.
CVE-2001-0349 1 Microsoft 1 Windows 2000 2024-02-28 7.2 HIGH N/A
Microsoft Windows 2000 telnet service creates named pipes with predictable names and does not properly verify them, which allows local users to execute arbitrary commands by creating a named pipe with the predictable name and associating a malicious program with it, the first of two variants of this vulnerability.
CVE-2003-0910 1 Microsoft 2 Windows 2000, Windows Nt 2024-02-28 7.2 HIGH N/A
The NtSetLdtEntries function in the programming interface for the Local Descriptor Table (LDT) in Windows NT 4.0 and Windows 2000 allows local attackers to gain access to kernel memory and execute arbitrary code via an expand-down data segment descriptor descriptor that points to protected memory.
CVE-2001-1347 1 Microsoft 1 Windows 2000 2024-02-28 4.6 MEDIUM N/A
Windows 2000 allows local users to cause a denial of service and possibly gain privileges by setting a hardware breakpoint that is handled using global debug registers, which could cause other processes to terminate due to an exception, and allow hijacking of resources such as named pipes.
CVE-2003-1437 6 Bea, Hp, Ibm and 3 more 8 Weblogic Server, Hp-ux, Aix and 5 more 2024-02-28 2.1 LOW N/A
BEA WebLogic Express and WebLogic Server 7.0 and 7.0.0.1, stores passwords in plaintext when a keystore is used to store a private key or trust certificate authorities, which allows local users to gain access.
CVE-1999-0716 1 Microsoft 2 Windows 2000, Windows Nt 2024-02-28 4.6 MEDIUM N/A
Buffer overflow in Windows NT 4.0 help file utility via a malformed help file.
CVE-1999-0700 1 Microsoft 2 Windows 2000, Windows Nt 2024-02-28 6.2 MEDIUM N/A
Buffer overflow in Microsoft Phone Dialer (dialer.exe), via a malformed dialer entry in the dialer.ini file.
CVE-2002-2077 1 Microsoft 1 Windows 2000 2024-02-28 5.0 MEDIUM N/A
The DCOM client in Windows 2000 before SP3 does not properly clear memory before sending an "alter context" request, which may allow remote attackers to obtain sensitive information by sniffing the session.
CVE-2002-1230 1 Microsoft 2 Windows 2000, Windows 2000 Terminal Services 2024-02-28 4.6 MEDIUM N/A
NetDDE Agent on Windows NT 4.0, 4.0 Terminal Server Edition, Windows 2000, and Windows XP allows local users to execute arbitrary code as LocalSystem via "shatter" style attack by sending a WM_COPYDATA message followed by a WM_TIMER message, as demonstrated by GetAd, aka "Flaw in Windows WM_TIMER Message Handling Could Enable Privilege Elevation."
CVE-2003-0825 1 Microsoft 3 Windows 2000, Windows 2003 Server, Windows Nt 2024-02-28 9.3 HIGH N/A
The Windows Internet Naming Service (WINS) for Microsoft Windows Server 2003, and possibly Windows NT and Server 2000, does not properly validate the length of certain packets, which allows attackers to cause a denial of service and possibly execute arbitrary code.
CVE-2000-0311 1 Microsoft 1 Windows 2000 2024-02-28 2.1 LOW N/A
The Windows 2000 domain controller allows a malicious user to modify Active Directory information by modifying an unprotected attribute, aka the "Mixed Object Access" vulnerability.
CVE-2003-0662 1 Microsoft 1 Windows 2000 2024-02-28 9.3 HIGH N/A
Buffer overflow in Troubleshooter ActiveX Control (Tshoot.ocx) in Microsoft Windows 2000 SP4 and earlier allows remote attackers to execute arbitrary code via an HTML document with a long argument to the RunQuery2 method.
CVE-2002-0391 4 Freebsd, Microsoft, Openbsd and 1 more 7 Freebsd, Windows 2000, Windows Nt and 4 more 2024-02-28 10.0 HIGH 9.8 CRITICAL
Integer overflow in xdr_array function in RPC servers for operating systems that use libc, glibc, or other code based on SunRPC including dietlibc, allows remote attackers to execute arbitrary code by passing a large number of arguments to xdr_array through RPC services such as rpc.cmsd and dmispd.
CVE-2003-0717 1 Microsoft 5 Windows 2000, Windows 2003 Server, Windows Me and 2 more 2024-02-28 7.5 HIGH N/A
The Messenger Service for Windows NT through Server 2003 does not properly verify the length of the message, which allows remote attackers to execute arbitrary code via a buffer overflow attack.
CVE-2000-0420 1 Microsoft 1 Windows 2000 2024-02-28 7.2 HIGH N/A
The default configuration of SYSKEY in Windows 2000 stores the startup key in the registry, which could allow an attacker tor ecover it and use it to decrypt Encrypted File System (EFS) data.
CVE-2001-0347 1 Microsoft 1 Windows 2000 2024-02-28 7.5 HIGH N/A
Information disclosure vulnerability in Microsoft Windows 2000 telnet service allows remote attackers to determine the existence of user accounts such as Guest, or log in to the server without specifying the domain name, via a malformed userid.
CVE-2004-1306 1 Microsoft 4 Windows 2000, Windows 2003 Server, Windows Nt and 1 more 2024-02-28 5.1 MEDIUM N/A
Heap-based buffer overflow in winhlp32.exe in Windows NT, Windows 2000 through SP4, Windows XP through SP2, and Windows 2003 allows remote attackers to execute arbitrary code via a crafted .hlp file.