Lucene search
+L

460 matches found

cve
cve
added 2008/10/15 12:0 a.m.60 views

CVE-2008-2251

CVE-2008-2251 describes a kernel double-free vulnerability in Windows that allows local privilege escalation when a crafted multi-threaded system-call flow mishandles user-supplied data. Affected products include Windows 2000 SP4, XP SP2/SP3, Server 2003 SP1/SP2, Windows Vista (Gold/SP1), and Win...

7.2CVSS6AI score0.01501EPSS
cve
cve
added 2009/12/13 1:0 a.m.60 views

CVE-2009-4311

CVE-2009-4311 describes an unspecified vulnerability in Microsoft's Indeo codec used by Windows 2000 SP4, XP SP2/SP3, and Server 2003 SP2, enabling remote code execution via crafted media content. Connected documents reference multiple SoCs (OpenVAS/NVD) and Microsoft security advisories (KB95575...

9.3CVSS7.2AI score0.21947EPSS
cve
cve
added 2010/03/03 7:0 p.m.60 views

CVE-2010-0917

CVE-2010-0917 is a distinct VBScript vulnerability causing a stack-based buffer overflow via the MsgBox fourth argument when Internet Explorer is used, affecting VBScript.dll on Windows 2000 SP4, XP SP2/SP3, and Windows Server 2003 SP2. An attacker-user interaction in IE could enable code executi...

7.6CVSS8AI score0.24316EPSS
cve
cve
added 2002/03/09 5:0 a.m.59 views

CVE-2001-0018

The CVE-2001-0018 entry affects Windows 2000 domain controllers (Windows 2000 Server, Advanced Server, or Datacenter Server). It describes a denial-of-service vulnerability caused by remote attackers sending a flood of malformed service requests to the DC, leading to partial availability impact. ...

5CVSS7AI score0.20025EPSS
cve
cve
added 2002/03/09 5:0 a.m.59 views

CVE-2001-0659

CVE-2001-0659 describes a buffer overflow in the Windows 2000 IrDA driver (infrared data exchange). A malformed IrDA packet can be used by a physically proximate attacker to trigger a denial of service reboot. Technical details in connected sources identify the affected component as the IrDA driv...

5CVSS6.7AI score0.0875EPSS
cve
cve
added 2004/09/01 4:0 a.m.59 views

CVE-2001-0951

CVE-2001-0951 : Windows 2000 is affected. Vulnerability allows remote attackers to cause a denial of service by flooding the IKE UDP port 500 with packets containing a large number of dot characters, leading to CPU consumption. The connected records confirm Windows 2000 as the affected platform a...

5CVSS7AI score0.40757EPSS
cve
cve
added 2003/10/17 4:0 a.m.59 views

CVE-2003-0662

CVE-2003-0662 describes a buffer overflow in the Windows 2000 Troubleshooter ActiveX Control (Tshoot.ocx). The vulnerability exists in Windows 2000 SP4 and earlier and allows a remote attacker to execute arbitrary code by delivering a crafted HTML document with a long argument to the RunQuery2 me...

9.3CVSS7.7AI score0.33889EPSS
cve
cve
added 2004/04/16 4:0 a.m.59 views

CVE-2004-0124

CVE-2004-0124 describes an information disclosure flaw in how Microsoft Windows COM object identifiers are created, enabling an attacker to coax a system into opening network ports via specially crafted RPC messages. This is part of MS04-012 RPC/DCOM updates; the impact is described as enabling a...

2.6CVSS6.5AI score0.21337EPSS
cve
cve
added 2006/06/13 7:0 p.m.59 views

CVE-2006-2371

The CVE-2006-2371 issue is a buffer overflow in the Windows RRAS RASMAN RPC server (RASMAN) that affects Windows 2000 SP4, XP SP1/SP2, and Server 2003 SP1 and earlier. A remote attacker can trigger arbitrary code execution via crafted RPC-related requests, resulting in registry corruption and sta...

7.5CVSS7.7AI score0.21943EPSS
cve
cve
added 2009/11/11 7:0 p.m.59 views

CVE-2009-2523

CVE-2009-2523 affects Microsoft Windows 2000 SP4 License Logging Server (llssrv.exe). The vulnerability is a remote code execution via a heap-based buffer overflow in the LlsrLicenseRequestW RPC handler when processing an RPC string that lacks a terminating null. Exploitation is unauthenticated a...

10CVSS7.7AI score0.26456EPSS
cve
cve
added 2009/12/13 1:0 a.m.59 views

CVE-2009-4310

CVE-2009-4310 concerns the Intel Indeo41 codec used by Windows Media Player. The issue is a stack-based buffer overflow in IV41 streams within AVI containers that allows remote code execution on Windows 2000 SP4, XP SP2/XP SP3, and Server 2003 SP2 when processing crafted video data. Affected comp...

9.3CVSS7.8AI score0.24111EPSS
cve
cve
added 2000/02/04 5:0 a.m.58 views

CVE-1999-0249

The CVE-1999-0249 entry concerns Windows NT RSHSVC, where the RSHSVC program may allow remote users to execute arbitrary commands. The connected documents confirm the affected component (RSHSVC) and the impact (arbitrary command execution), but do not provide additional technical details such as ...

7.2CVSS8.1AI score0.07196EPSS
cve
cve
added 2000/01/04 5:0 a.m.58 views

CVE-1999-0723

The Windows NT Client Server Runtime Subsystem (CSRSS) can be subjected to a denial-of-service when all worker threads are waiting for user input. Connected records confirm CSRSS as the vulnerable component and describe the impact as availability-related DoS, CVSS v2 base score 7.1. No concrete d...

7.1CVSS6.9AI score0.08084EPSS
cve
cve
added 2000/06/02 4:0 a.m.58 views

CVE-1999-0819

NTMail contains a vulnerability where the VRFY command is not disabled even when an administrator disables it. This can expose user verification handling to the network, with partial confidentiality impact as indicated in the CVSS metrics (Network access, low attack complexity, no authentication ...

5CVSS7AI score0.16051EPSS
cve
cve
added 2000/06/02 4:0 a.m.58 views

CVE-2000-0232

CVE-2000-0232 affects Microsoft TCP/IP Printing Services (Print Services for Unix). The vulnerability is that a malformed TCP/IP print request can be used to cause a denial of service. It is a local-attack, low-severity issue (CVSS v2 base score 2.1, availability impact PARTIAL). The documentatio...

2.1CVSS6.8AI score0.0413EPSS
cve
cve
added 2002/05/03 4:0 a.m.58 views

CVE-2001-1288

CVE-2001-1288 affects Windows 2000 and Windows NT. Local users can trigger a denial of service (reboot) by executing a command and repeatedly pressing F7 + Enter during execution, likely tied to an exception handling issue in csrss.exe. No remediation or exploit details are provided in the connec...

2.1CVSS6.8AI score0.06062EPSS
cve
cve
added 2005/07/14 4:0 a.m.58 views

CVE-2002-2028

The CVE-2002-2028 entry concerns the Windows screensaver on Windows NT 4.0, 2000, XP, and 2002. The issue is that the screensaver does not verify whether a domain account has already been locked when a valid password is supplied, enabling easier brute-force attempts by users with physical access....

2.1CVSS6.9AI score0.0196EPSS
cve
cve
added 2005/02/25 5:0 a.m.58 views

CVE-2005-0545

CVE-2005-0545 affects Microsoft Windows XP Pro SP2 and Windows 2000 Server SP4 in Active Directory environments. The issue allows local users to bypass group policies that restrict access to hidden drives by using Office 10 applications (Word/Excel) Browse feature or via a flash drive. The vulner...

7.2CVSS6.3AI score0.01818EPSS
cve
cve
added 2005/06/14 4:0 a.m.58 views

CVE-2005-1214

CVE-2005-1214 involves a spoofing flaw in Microsoft Agent that could allow remote attackers to impersonate trusted Internet content and potentially execute arbitrary code when a user visits a malicious Web page. Connected docs confirm the vulnerability (CAN-2005-1214) exists in Microsoft Agent an...

5.1CVSS7.5AI score0.12773EPSS
cve
cve
added 2005/08/10 4:0 a.m.58 views

CVE-2005-1982

CVE-2005-1982 is a PKINIT vulnerability in Kerberos used by smart card logon on Windows 2000/XP/Server 2003. The flaw allows information disclosure and spoofing by injecting into an authentication session between a client and a domain controller, potentially enabling a malicious server to imperso...

3.6CVSS6AI score0.01648EPSS
cve
cve
added 2006/07/31 11:0 p.m.58 views

CVE-2006-3942

CVE-2006-3942 is a denial-of-service vulnerability in the Windows Server Service (SRV.SYS) affecting Windows NT 4.0, 2000, XP, and Server 2003. A crafted SMB_COM_TRANSACTION SMB message containing a non-terminated string can cause a NULL dereference in ExecuteTransaction, crashing the system. The...

7.8CVSS6.6AI score0.75742EPSS
cve
cve
added 2000/01/04 5:0 a.m.57 views

CVE-1999-0755

CVE-1999-0755 affects Windows NT RRAS and RAS clients, where a user's password can be cached even if the user did not choose "Save password." The connected Red Hat, CVE, NVD, and CVE List entries describe the same issue but do not provide deeper root-cause details, exploit status, or remediation/...

5CVSS7.2AI score0.16192EPSS
cve
cve
added 2002/03/09 5:0 a.m.57 views

CVE-2000-0298

CVE-2000-0298 concerns Windows 2000 unattended installations using the OEMPreinstall option. The provided sources state that this setup creates insecure permissions on the All Users and Default Users directories, enabling potential local compromise with complete confidentiality, integrity, and av...

7.2CVSS7.1AI score0.01858EPSS
cve
cve
added 2002/03/09 5:0 a.m.57 views

CVE-2000-0581

The affected component is Windows 2000 Telnet Server. The vulnerability arises when the Telnet Server processes a continuous stream of binary zeros from a remote attacker, which leads to a denial-of-service and causes the server to crash. There are no additional details on affected subcomponents,...

5CVSS7AI score0.2377EPSS
cve
cve
added 2000/10/13 4:0 a.m.57 views

CVE-2000-0663

The CVE-2000-0663 issue concerns Windows NT/2000 where the registry entry for Explorer.exe uses a relative path name, enabling a local user to cause arbitrary commands to run by placing a Trojan named Explorer.exe in the %Systemdrive% directory (the “Relative Shell Path” vulnerability). Affected ...

4.6CVSS7.2AI score0.0216EPSS
cve
cve
added 2003/04/15 4:0 a.m.57 views

CVE-2003-0111

The CVE-2003-0111 issue affects the ByteCode Verifier component of Microsoft Virtual Machine (VM) used in Windows/Internet Explorer, specifically build 5.0.3809 and earlier. The underlying flaw is that the VM bytecode verifier fails to properly check certain Java applets, allowing remote attacker...

7.5CVSS7.6AI score0.41212EPSS
cve
cve
added 2004/07/23 4:0 a.m.57 views

CVE-2004-0726

The CVE-2004-0726 entry concerns the Windows Media Player control in Microsoft Windows 2000. Affected component: Windows Media Player control. Vulnerability: remote attackers can cause JavaScript in an ASX filename to be executed within the local computer zone, specifically in a preview panel, le...

7.5CVSS7.6AI score0.11359EPSS
cve
cve
added 2005/04/19 4:0 a.m.57 views

CVE-2005-1184

The CVE-2005-1184 entry describes a DoS in the TCP/IP stack across multiple operating systems: a remote attacker sends a TCP packet with the correct sequence number but an incorrect Acknowledgement number, triggering a flood of keep-alive packets and CPU consumption. The impact is listed as Parti...

5CVSS6.9AI score0.36998EPSS
cve
cve
added 2005/04/19 4:0 a.m.57 views

CVE-2005-1191

Summary : CVE-2005-1191 affects the Web View DLL (webvw.dll) used by Windows Explorer on Windows 2000. The flaw arises from insufficient validation of the Author field in file metadata, allowing an attacker to craft a name that, when Web View creates a mailto: link in the preview pane, results in...

5CVSS7.2AI score0.19617EPSS
cve
cve
added 2005/06/14 4:0 a.m.57 views

CVE-2005-1212

CVE-2005-1212 is a buffer overflow in Microsoft Step-by-Step Interactive Training (orun32.exe). A crafted bookmark link file with a long User field in extensions .cbo/.cbl/.cbm allows remote code execution, running with the caller’s privileges. The issue affects Step-by-Step Interactive Training ...

7.5CVSS7.8AI score0.24804EPSS
cve
cve
added 2005/10/13 4:0 a.m.57 views

CVE-2005-1985

Summary : CVE-2005-1985 describes a remote code execution vulnerability in the Microsoft Windows Client Service for NetWare (CSNW/Gateway Service for NetWare). Affected products/versions : Windows 2000 SP4, Windows XP SP1/SP2, and Windows Server 2003 SP1 and earlier, where CSNW is installed (by d...

7.5CVSS7.6AI score0.36334EPSS
cve
cve
added 2006/08/09 1:0 a.m.57 views

CVE-2006-3648

CVE-2006-3648 describes an unhandled exception vulnerability in the Windows kernel/execution environment that could enable remote code execution on affected systems. The issue arises from improper exception handling in memory-resident applications, allowing a remote attacker to gain the same priv...

7.6CVSS7.6AI score0.23437EPSS
cve
cve
added 2007/04/04 4:0 p.m.57 views

CVE-2006-5586

CVE-2006-5586 is a GDI-based local privilege-elevation vulnerability in the Graphics Rendering Engine of Microsoft Windows 2000 SP4 and Windows XP SP2 (and related Windows variants). The flaw stems from processing invalid application window sizes when rendering layered windows, allowing a logged-...

7.2CVSS6.5AI score0.02884EPSS
cve
cve
added 2009/12/13 1:0 a.m.57 views

CVE-2009-4312

CVE-2009-4312 concerns the Microsoft Windows Indeo codec and, per the provided documents, describes an unspecified vulnerability in the Indeo codec on Windows 2000 SP4, XP SP2/SP3, and Server 2003 SP2 that could allow remote code execution via crafted media content. The OpenVAS entries also refer...

9.3CVSS7.5AI score0.20731EPSS
cve
cve
added 2000/07/12 4:0 a.m.56 views

CVE-2000-0404

The CVE-2000-0404 issue affects the CIFS Computer Browser service and allows remote denial of service by sending a ResetBrowser frame to the Master Browser ("ResetBrowser Frame" vulnerability). Connected sources confirm the vulnerability impact is a network-denial of service and describe two rela...

5CVSS6.7AI score0.19621EPSS
cve
cve
added 2001/05/07 4:0 a.m.56 views

CVE-2001-0003

The CVE-2001-0003 entry concerns Web Extender Client (WEC) in Microsoft Office 2000, Windows 2000, and Windows Me. The issue is that WEC does not correctly process Internet Explorer security settings for NTLM authentication, which can allow an attacker to obtain NTLM credentials and potentially o...

5CVSS7AI score0.08099EPSS
cve
cve
added 2001/02/02 5:0 a.m.56 views

CVE-2001-0046

CVE-2001-0046 involves a registry permissions weakness in Windows NT 4.0 where the key HKLM\SYSTEM\CurrentControlSet\Services\SNMP\Parameters can be modified by users outside the admin group. This write access enables an unprivileged (non-admin) user to gain additional privileges, constituting a ...

4.6CVSS6.4AI score0.05473EPSS
cve
cve
added 2004/09/01 4:0 a.m.56 views

CVE-2001-1302

CVE-2001-1302 relates to Windows 2000 where the Change Password option in the Windows Security UI can be misused to attempt to change passwords for other accounts on remote systems or to identify valid accounts via error messages. The vulnerability is attributed to a potential problem in the NetU...

2.1CVSS7.2AI score0.01499EPSS
cve
cve
added 2003/12/17 5:0 a.m.56 views

CVE-2003-0995

CVE-2003-0995 : A buffer overflow in the Microsoft Message Queue Manager (MSQM) allows remote attackers to cause a denial-of-service (RPC service crash) by sending a queue registration request. The issue is network‑based with a base CVSSv2 score of 7.5 (HIGH) and partial impact on confidentiality...

7.5CVSS7.2AI score0.10045EPSS
cve
cve
added 2005/12/04 11:0 a.m.56 views

CVE-2005-3981

Microsoft Windows XP, 2000, and 2003 are affected by a local-privilege issue where a user can kill a writable process by calling CreateRemoteThread on a process opened via OpenProcess, using certain arguments and potentially an invalid start routine address. The underlying cause involves manipula...

4.9CVSS6.8AI score0.04086EPSS
cve
cve
added 2006/12/13 1:0 a.m.56 views

CVE-2006-5584

CVE-2006-5584 affects Microsoft Windows 2000 SP4 with the Remote Installation Service (RIS) TFTP server, which is by default allowed to accept anonymous writes. The vulnerability arises from anonymous access to the RIS TFTP file structure, enabling remote attackers to upload and overwrite operati...

7.5CVSS7AI score0.31291EPSS
cve
cve
added 2007/04/04 4:0 p.m.56 views

CVE-2007-1212

The CVE-2007-1212 entry concerns a buffer overflow in the Graphics Device Interface (GDI) when processing Enhanced Metafile (EMF) images. Affected products listed in the initial description are Windows 2000 SP4; XP SP2; Server 2003 Gold, SP1, SP2; and Windows Vista. The underlying issue is a GDI ...

6.6CVSS6.3AI score0.02129EPSS
cve
cve
added 2007/04/10 11:0 p.m.56 views

CVE-2007-1912

CVE-2007-1912 relates to a heap-based buffer overflow in Microsoft Windows’ Help system (WinHelp) triggered by specially crafted .HLP files. The connected advisory CPAI-2007-254 describes a boundary/heap overflow in handling HLP files that could allow a remote attacker to inject and execute arbit...

6.8CVSS7AI score0.13935EPSS
cve
cve
added 2000/02/04 5:0 a.m.55 views

CVE-1999-0572

CVE-1999-0572 concerns the association of .reg files with the Windows NT registry editor (regedit). The root cause is that registering .reg files with regedit can enable Trojan Horse-style attacks by tricking users into running or importing a malformed registry script. The documents consistently ...

9.3CVSS7.3AI score0.05198EPSS
cve
cve
added 2002/03/09 5:0 a.m.55 views

CVE-2001-0373

Technical details about CVE-2001-0373 are not publicly provided in the supplied documents; only the general description is present. Monitor for updates.

2.1CVSS6.9AI score0.02562EPSS
cve
cve
added 2005/06/21 4:0 a.m.55 views

CVE-2002-1712

Microsoft Windows 2000 is affected by CVE-2002-1712: a remote attacker can cause a denial of service via memory consumption by flooding the NetBIOS port (TCP/139) with empty TCP/IP packets that have ACK and FIN bits set, as shown by stream3. Impact is described as partial availability. The provid...

5CVSS7AI score0.29334EPSS
cve
cve
added 2005/07/27 4:0 a.m.55 views

CVE-2005-2388

CVE-2005-2388 describes a buffer overflow in a USB driver used on Microsoft Windows that could allow an attacker to execute arbitrary code. The provided documents do not specify the affected product name, exact driver version, or root cause details beyond the general buffer overflow. Exploit info...

7.2CVSS7.8AI score0.01796EPSS
cve
cve
added 2006/01/09 8:0 p.m.55 views

CVE-2006-0143

The Connected advisory CPAI-2006-171 documents a denial-of-service flaw in Microsoft Windows’ Graphics Rendering Engine (GRE) when parsing certain WMF files. Specifically, a crafted WMF with ExtCreateRegion or ExtEscape calls can trigger a memory read/parse error in GRE, causing the host applicat...

7.5CVSS6.7AI score0.39042EPSS
cve
cve
added 2006/10/10 10:0 p.m.55 views

CVE-2006-4696

CVE-2006-4696 is a remote code execution vulnerability in the Windows Server Service (SMB Rename Vulnerability). It affects Windows 2000 SP4, Windows XP SP2 and earlier, and Windows Server 2003 SP1 and earlier, where a crafted SMB Rename request could cause the Server service to dereference an in...

9CVSS7.4AI score0.43485EPSS
cve
cve
added 2007/03/26 11:0 p.m.55 views

CVE-2007-1692

CVE-2007-1692 concerns WPAD abuse via name registrations in Windows WINS/DNS. The default Windows config may allow remote attackers to intercept user web traffic by registering a proxy using WINS/DNS and answering WPAD requests (as shown with Internet Explorer). Related entries (CVE-2009-0093/009...

7.5CVSS6.4AI score0.15254EPSS
Total number of security vulnerabilities460