Filtered by vendor Microsoft
Subscriptions
Filtered by product Windows 2000
Subscriptions
Total
634 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-7039 | 2 Atrium Software, Microsoft | 9 Mercur Messaging 2005, Windows 2000, Windows 2003 Server and 6 more | 2017-07-29 | N/A |
| The IMAP4 service in MERCUR Messaging 2005 before Service Pack 4 allows remote attackers to cause a denial of service (crash) via a message with a long subject field. | ||||
| CVE-2003-1469 | 2 Macromedia, Microsoft | 5 Coldfusion, Coldfusion Professional, Windows 2000 and 2 more | 2017-07-29 | N/A |
| The default configuration of ColdFusion MX has the "Enable Robust Exception Information" option selected, which allows remote attackers to obtain the full path of the web server via a direct request to CFIDE/probe.cfm, which leaks the path in an error message. | ||||
| CVE-2005-2150 | 1 Microsoft | 2 Windows 2000, Windows Nt | 2017-07-11 | N/A |
| Windows NT 4.0 and Windows 2000 before URP1 for Windows 2000 SP4 does not properly prevent NULL sessions from accessing certain alternate named pipes, which allows remote attackers to (1) list Windows services via svcctl or (2) read eventlogs via eventlog. | ||||
| CVE-2005-1935 | 1 Microsoft | 4 Windows 2000, Windows 2003 Server, Windows Nt and 1 more | 2017-07-11 | N/A |
| Heap-based buffer overflow in the BERDecBitString function in Microsoft ASN.1 library (MSASN1.DLL) allows remote attackers to execute arbitrary code via nested constructed bit strings, which leads to a realloc of a non-null pointer and causes the function to overwrite previously freed memory, as demonstrated using a SPNEGO token with a constructed bit string during HTTP authentication, and a different vulnerability than CVE-2003-0818. NOTE: the researcher has claimed that MS:MS04-007 fixes this issue. | ||||
| CVE-2004-1649 | 1 Microsoft | 1 Windows 2000 | 2017-07-11 | N/A |
| Buffer overflow in Microsoft Msinfo32.exe might allow local users to execute arbitrary code via a long filename in the msinfo_file command line parameter. NOTE: this issue might not cross security boundaries, so it may be REJECTED in the future. | ||||
| CVE-2007-6753 | 1 Microsoft | 5 Windows 2000, Windows 7, Windows Server 2008 and 2 more | 2016-11-28 | N/A |
| Untrusted search path vulnerability in Shell32.dll in Microsoft Windows 2000, Windows XP, Windows Vista, Windows Server 2008, and Windows 7, when using an environment configured with a string such as %APPDATA% or %PROGRAMFILES% in a certain way, allows local users to gain privileges via a Trojan horse DLL under the current working directory, as demonstrated by iTunes and Safari. | ||||
| CVE-2003-0507 | 1 Microsoft | 1 Windows 2000 | 2016-10-18 | N/A |
| Stack-based buffer overflow in Active Directory in Windows 2000 before SP4 allows remote attackers to cause a denial of service (reboot) and possibly execute arbitrary code via an LDAP version 3 search request with a large number of (1) "AND," (2) "OR," and possibly other statements, which causes LSASS.EXE to crash. | ||||
| CVE-2003-0503 | 1 Microsoft | 1 Windows 2000 | 2016-10-18 | N/A |
| Buffer overflow in the ShellExecute API function of SHELL32.DLL in Windows 2000 before SP4 may allow attackers to cause a denial of service or execute arbitrary code via a long third argument. | ||||
| CVE-1999-0819 | 1 Microsoft | 2 Windows 2000, Windows Nt | 2016-10-18 | N/A |
| NTMail does not disable the VRFY command, even if the administrator has explicitly disabled it. | ||||
| CVE-2000-0544 | 1 Microsoft | 2 Windows 2000, Windows Nt | 2008-09-10 | N/A |
| Windows NT and Windows 2000 hosts allow a remote attacker to cause a denial of service via malformed DCE/RPC SMBwriteX requests that contain an invalid data length. | ||||
| CVE-2000-0420 | 1 Microsoft | 1 Windows 2000 | 2008-09-10 | N/A |
| The default configuration of SYSKEY in Windows 2000 stores the startup key in the registry, which could allow an attacker tor ecover it and use it to decrypt Encrypted File System (EFS) data. | ||||
| CVE-1999-0153 | 2 Microsoft, Sco | 4 Windows 2000, Windows 95, Windows Nt and 1 more | 2008-09-09 | N/A |
| Windows 95/NT out of band (OOB) data denial of service through NETBIOS port, aka WinNuke. | ||||
| CVE-2001-0324 | 1 Microsoft | 2 Windows 2000, Windows 98 | 2008-09-05 | N/A |
| Windows 98 and Windows 2000 Java clients allow remote attackers to cause a denial of service via a Java applet that opens a large number of UDP sockets, which prevents the host from establishing any additional UDP connections, and possibly causes a crash. | ||||
| CVE-1999-1358 | 1 Microsoft | 2 Windows 2000, Windows Nt | 2008-09-05 | N/A |
| When an administrator in Windows NT or Windows 2000 changes a user policy, the policy is not properly updated if the local ntconfig.pol is not writable by the user, which could allow local users to bypass restrictions that would otherwise be enforced by the policy, possibly by changing the policy file to be read-only. | ||||