Vulnerabilities (CVE)

Filtered by vendor Microsoft Subscribe
Filtered by product Windows 2000
Total 634 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2003-0661 1 Microsoft 4 Windows 2000, Windows 2003 Server, Windows Nt and 1 more 2024-11-20 5.0 MEDIUM N/A
The NetBT Name Service (NBNS) for NetBIOS in Windows NT 4.0, 2000, XP, and Server 2003 may include random memory in a response to a NBNS query, which could allow remote attackers to obtain sensitive information.
CVE-2003-0660 1 Microsoft 4 Windows 2000, Windows 2003 Server, Windows Nt and 1 more 2024-11-20 7.5 HIGH N/A
The Authenticode capability in Microsoft Windows NT through Server 2003 does not prompt the user to download and install ActiveX controls when the system is low on memory, which could allow remote attackers to execute arbitrary code without user approval.
CVE-2003-0659 1 Microsoft 4 Windows 2000, Windows 2003 Server, Windows Nt and 1 more 2024-11-20 7.2 HIGH N/A
Buffer overflow in a function in User32.dll on Windows NT through Server 2003 allows local users to execute arbitrary code via long (1) LB_DIR messages to ListBox or (2) CB_DIR messages to ComboBox controls in a privileged application.
CVE-2003-0605 1 Microsoft 1 Windows 2000 2024-11-20 7.5 HIGH N/A
The RPC DCOM interface in Windows 2000 SP3 and SP4 allows remote attackers to cause a denial of service (crash), and local attackers to use the DoS to hijack the epmapper pipe to gain privileges, via certain messages to the __RemoteGetClassObject interface that cause a NULL pointer to be passed to the PerformScmStage function.
CVE-2003-0533 1 Microsoft 7 Netmeeting, Windows 2000, Windows 2003 Server and 4 more 2024-11-20 7.5 HIGH N/A
Stack-based buffer overflow in certain Active Directory service functions in LSASRV.DLL of the Local Security Authority Subsystem Service (LSASS) in Microsoft Windows NT 4.0 SP6a, 2000 SP2 through SP4, XP SP1, Server 2003, NetMeeting, Windows 98, and Windows ME, allows remote attackers to execute arbitrary code via a packet that causes the DsRolerUpgradeDownlevelServer function to create long debug entries for the DCPROMO.LOG log file, as exploited by the Sasser worm.
CVE-2003-0528 1 Microsoft 4 Windows 2000, Windows 2003 Server, Windows Nt and 1 more 2024-11-20 10.0 HIGH N/A
Heap-based buffer overflow in the Distributed Component Object Model (DCOM) interface in the RPCSS Service allows remote attackers to execute arbitrary code via a malformed RPC request with a long filename parameter, a different vulnerability than CVE-2003-0352 (Blaster/Nachi) and CVE-2003-0715.
CVE-2003-0507 1 Microsoft 1 Windows 2000 2024-11-20 7.5 HIGH N/A
Stack-based buffer overflow in Active Directory in Windows 2000 before SP4 allows remote attackers to cause a denial of service (reboot) and possibly execute arbitrary code via an LDAP version 3 search request with a large number of (1) "AND," (2) "OR," and possibly other statements, which causes LSASS.EXE to crash.
CVE-2003-0503 1 Microsoft 1 Windows 2000 2024-11-20 7.5 HIGH N/A
Buffer overflow in the ShellExecute API function of SHELL32.DLL in Windows 2000 before SP4 may allow attackers to cause a denial of service or execute arbitrary code via a long third argument.
CVE-2003-0496 1 Microsoft 2 Windows 2000, Windows 2000 Terminal Services 2024-11-20 7.2 HIGH N/A
Microsoft SQL Server before Windows 2000 SP4 allows local users to gain privileges as the SQL Server user by calling the xp_fileexist extended stored procedure with a named pipe as an argument instead of a normal file.
CVE-2003-0469 1 Microsoft 7 Windows 2000, Windows 2003 Server, Windows 98 and 4 more 2024-11-20 7.5 HIGH N/A
Buffer overflow in the HTML Converter (HTML32.cnv) on various Windows operating systems allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via cut-and-paste operation, as demonstrated in Internet Explorer 5.0 using a long "align" argument in an HR tag.
CVE-2003-0411 2 Microsoft, Oracle 3 Windows 2000, Windows Xp, Sun One Application Server 2024-11-20 5.0 MEDIUM 7.5 HIGH
Sun ONE Application Server 7.0 for Windows 2000/XP allows remote attackers to obtain JSP source code via a request that uses the uppercase ".JSP" extension instead of the lowercase .jsp extension.
CVE-2003-0352 1 Microsoft 4 Windows 2000, Windows 2003 Server, Windows Nt and 1 more 2024-11-20 7.5 HIGH N/A
Buffer overflow in a certain DCOM interface for RPC in Microsoft Windows NT 4.0, 2000, XP, and Server 2003 allows remote attackers to execute arbitrary code via a malformed message, as exploited by the Blaster/MSblast/LovSAN and Nachi/Welchia worms.
CVE-2003-0350 1 Microsoft 1 Windows 2000 2024-11-20 4.6 MEDIUM N/A
The control for listing accessibility options in the Accessibility Utility Manager on Windows 2000 (ListView) does not properly handle Windows messages, which allows local users to execute arbitrary code via a "Shatter" style message to the Utility Manager that references a user-controlled callback function.
CVE-2003-0349 1 Microsoft 1 Windows 2000 2024-11-20 7.5 HIGH N/A
Buffer overflow in the streaming media component for logging multicast requests in the ISAPI for the logging capability of Microsoft Windows Media Services (nsiislog.dll), as installed in IIS 5.0, allows remote attackers to execute arbitrary code via a large POST request to nsiislog.dll.
CVE-2003-0345 1 Microsoft 3 Windows 2000, Windows Nt, Windows Xp 2024-11-20 7.5 HIGH N/A
Buffer overflow in the SMB capability for Microsoft Windows XP, 2000, and NT allows remote attackers to cause a denial of service and possibly execute arbitrary code via an SMB packet that specifies a smaller buffer length than is required.
CVE-2003-0227 1 Microsoft 2 Windows 2000, Windows Nt 2024-11-20 5.0 MEDIUM N/A
The logging capability for unicast and multicast transmissions in the ISAPI extension for Microsoft Windows Media Services in Microsoft Windows NT 4.0 and 2000, nsiislog.dll, allows remote attackers to cause a denial of service in Internet Information Server (IIS) and execute arbitrary code via a certain network request.
CVE-2003-0112 1 Microsoft 4 Windows 2000, Windows 2000 Terminal Services, Windows Nt and 1 more 2024-11-20 4.6 MEDIUM N/A
Buffer overflow in Windows Kernel allows local users to gain privileges by causing certain error messages to be passed to a debugger.
CVE-2003-0111 1 Microsoft 3 Virtual Machine, Windows 2000, Windows 2000 Terminal Services 2024-11-20 7.5 HIGH N/A
The ByteCode Verifier component of Microsoft Virtual Machine (VM) build 5.0.3809 and earlier, as used in Windows and Internet Explorer, allows remote attackers to bypass security checks and execute arbitrary code via a malicious Java applet, aka "Flaw in Microsoft VM Could Enable System Compromise."
CVE-2003-0109 1 Microsoft 2 Windows 2000, Windows 2000 Terminal Services 2024-11-20 7.5 HIGH N/A
Buffer overflow in ntdll.dll on Microsoft Windows NT 4.0, Windows NT 4.0 Terminal Server Edition, Windows 2000, and Windows XP allows remote attackers to execute arbitrary code, as demonstrated via a WebDAV request to IIS 5.0.
CVE-2003-0010 1 Microsoft 7 Windows 2000, Windows 2000 Terminal Services, Windows 98 and 4 more 2024-11-20 7.5 HIGH N/A
Integer overflow in JsArrayFunctionHeapSort function used by Windows Script Engine for JScript (JScript.dll) on various Windows operating system allows remote attackers to execute arbitrary code via a malicious web page or HTML e-mail that uses a large array index value that enables a heap-based buffer overflow attack.