Lucene search
+L

460 matches found

CVE
CVE
added 2006/08/09 1:0 a.m.55 views

CVE-2006-3443

CVE-2006-3443 affects Windows 2000 SP4 with Winlogon vulnerable to a User Profile Elevation of Privilege when SafeDllSearchMode is disabled. A local attacker can place a malicious DLL in the UserProfile directory to execute code with SYSTEM-level privileges after logon, as described in Microsoft ...

7.2CVSS6.5AI score0.01659EPSS
CVE
CVE
added 2006/10/10 10:0 p.m.55 views

CVE-2006-4696

CVE-2006-4696 is a remote code execution vulnerability in the Windows Server Service (SMB Rename Vulnerability). It affects Windows 2000 SP4, Windows XP SP2 and earlier, and Windows Server 2003 SP1 and earlier, where a crafted SMB Rename request could cause the Server service to dereference an in...

9CVSS7.4AI score0.43485EPSS
CVE
CVE
added 2007/03/26 11:0 p.m.55 views

CVE-2007-1692

CVE-2007-1692 concerns WPAD abuse via name registrations in Windows WINS/DNS. The default Windows config may allow remote attackers to intercept user web traffic by registering a proxy using WINS/DNS and answering WPAD requests (as shown with Internet Explorer). Related entries (CVE-2009-0093/009...

7.5CVSS6.4AI score0.15254EPSS
CVE
CVE
added 2010/02/26 7:0 p.m.55 views

CVE-2010-0719

CVE-2010-0719 affects multiple Windows client/server OSes (Windows 2000, XP, Server 2003, Vista, Server 2008, Windows 7). The root cause is an unspecified API that does not validate arguments, enabling local user privilege to trigger a denial of service (system crash) via a crafted application. T...

4.7CVSS6.4AI score0.01836EPSS
CVE
CVE
added 2002/03/09 5:0 a.m.54 views

CVE-1999-1358

Technical details about CVE-1999-1358 are not publicly provided in the supplied documents. Monitor for updates.

4.6CVSS6.8AI score0.0141EPSS
CVE
CVE
added 2000/10/13 4:0 a.m.54 views

CVE-2000-0737

The CVE-2000-0737 entry describes a vulnerability in the Windows 2000 Service Control Manager (SCM) where SCM creates predictable named pipes for system services. This behavior can be abused by a local user with console access to impersonate services and gain administrator privileges. The impact ...

4.6CVSS6.5AI score0.04411EPSS
CVE
CVE
added 2001/01/22 5:0 a.m.54 views

CVE-2000-0851

The CVE-2000-0851 issue is a buffer overflow in the Windows 2000 Still Image Service that enables local users to escalate privileges via a long WM_USER message. Affected component: Still Image Service on Windows 2000. Root cause: buffer overflow in handling WM_USER message. Impact: local privileg...

4.6CVSS6.8AI score0.08319EPSS
CVE
CVE
added 2002/03/09 5:0 a.m.54 views

CVE-2000-1111

CVE-2000-1111 affects Telnet Service on Windows 2000 Professional. The issue arises because incomplete connection termination is not handled properly, allowing a remote attacker to trigger a denial-of-service by connecting to the server and providing no input. The public records (NVD, CVE list, E...

5CVSS7.1AI score0.14361EPSS
CVE
CVE
added 2001/09/18 4:0 a.m.54 views

CVE-2001-0345

CVE-2001-0345 affects Microsoft Windows 2000 Telnet Service. A denial-of-service occurs when remote attackers establish many idle Telnet sessions to prevent the service from enforcing idle-timeout values, exhausting available sessions. Root cause: the Telnet Service fails to enforce pre-defined t...

5CVSS6.5AI score0.07237EPSS
CVE
CVE
added 2005/07/14 4:0 a.m.54 views

CVE-2001-1519

CVE-2001-1519 affects Windows 2000 RunAs (runas.exe). Multiple sources describe a local-privilege issue where, if the RunAs service is stopped, a local attacker can create a spoofed named pipe and potentially capture cleartext usernames and passwords when clients connect. The Red Hat and CVE/CVE-...

3.6CVSS6.7AI score0.05986EPSS
CVE
CVE
added 2002/06/25 4:0 a.m.54 views

CVE-2002-0020

CVE-2002-0020 affects the Telnet server in Windows 2000 and Interix 2.2, where a buffer overflow in the handling of protocol options allows a remote attacker to execute arbitrary code. The vulnerability is exploitable remotely, without authentication, via crafted telnet sessions. Advisories refer...

7.5CVSS8AI score0.18551EPSS
CVE
CVE
added 2004/09/01 4:0 a.m.54 views

CVE-2002-0443

Technical details about CVE-2002-0443 are not publicly available in the provided documents. The materials include the vulnerability description but do not specify affected products/versions, root cause, exploit details, or remediation.

4.6CVSS6.8AI score0.01828EPSS
CVE
CVE
added 2004/09/01 4:0 a.m.54 views

CVE-2002-1184

The CVE-2002-1184 entry describes that the Windows 2000 system root folder has default Everyone:F permissions and is searched during login or program launch, enabling privilege escalation via Trojan horse programs. Affected software: Microsoft Windows 2000 (system root folder permissions in the s...

4.6CVSS7.2AI score0.01887EPSS
CVE
CVE
added 2005/07/14 4:0 a.m.54 views

CVE-2002-2077

The vulnerability CVE-2002-2077 affects the DCOM client on Windows 2000 prior to SP3. The issue arises because memory is not properly cleared before sending an "alter context" request, which may allow remote attackers to obtain sensitive information by sniffing the session. Connected Red Hat/CVE ...

5CVSS6.5AI score0.15788EPSS
CVE
CVE
added 2006/08/09 12:0 a.m.54 views

CVE-2006-3444

CVE-2006-3444 is a Windows 2000 SP4 kernel elevation-of-privilege vulnerability caused by improper validation of an input buffer (an unchecked buffer). A local attacker who can log on could exploit this to gain full control of the system, including installing programs, altering data, or creating ...

7.5CVSS6.2AI score0.17391EPSS
CVE
CVE
added 2006/07/27 12:0 a.m.54 views

CVE-2006-3880

The CVE affects Microsoft Windows NT 4.0, Windows 2000, Windows XP, and Windows Small Business Server 2003. The issue is a DoS via a continuous stream of TCP port 135 packets carrying incorrect TCP header checksums and random values in certain TCP header fields (demonstrated by the Achilles Windo...

5CVSS7.2AI score0.28197EPSS
CVE
CVE
added 2007/02/13 8:0 p.m.54 views

CVE-2007-0214

CVE-2007-0214 affects the HTML Help ActiveX control (hhctrl.ocx) in Microsoft Windows 2000 SP3, XP SP2/Professional, and Windows Server 2003 SP1. The vulnerability arises from improper input validation in HTML Help ActiveX methods, leading to a remote code execution flaw if a user visits a specia...

9.3CVSS7.4AI score0.26374EPSS
CVE
CVE
added 2007/04/30 11:0 p.m.54 views

CVE-2007-2374

Technical details are not publicly available in the provided documents; no affected products, vulnerable components, vectors, or fixes are specified. Monitor for updates.

9.3CVSS7.4AI score0.17432EPSS
CVE
CVE
added 2000/02/04 5:0 a.m.53 views

CVE-1999-0534

Technical details for CVE-1999-0534 are not publicly provided in the supplied documents. Monitor for updates.

4.6CVSS7.5AI score0.01508EPSS
CVE
CVE
added 2000/06/15 4:0 a.m.53 views

CVE-2000-0420

CVE-2000-0420 concerns Windows 2000 SYSKEY: the default SYSKEY configuration stores the startup key in the registry, which could allow an attacker with local access to recover the key and decrypt EFS data. The linked records reiterate the vulnerability description and do not provide exploit code ...

7.2CVSS6.9AI score0.0149EPSS
CVE
CVE
added 2007/10/26 7:0 p.m.53 views

CVE-2002-2328

Technical details for CVE-2002-2328 are not publicly available in the provided documents. No affected products, versions, or remediation are specified here. Monitor for updates from Red Hat/NVD/CVE sources.

7.1CVSS7.2AI score0.16633EPSS
CVE
CVE
added 2006/02/01 2:0 a.m.53 views

CVE-2006-0488

The CVE-2006-0488 entry concerns the VDM (Virtual DOS Machine) emulation environment in Windows 2000, Windows XP SP2, and Windows Server 2003. The issue allows local users to read the first megabyte of memory, potentially exposing sensitive information, as demonstrated by dumper.asm. This describ...

2.1CVSS6.2AI score0.02146EPSS
CVE
CVE
added 2006/11/14 9:0 p.m.53 views

CVE-2006-3445

Summary (CVE-2006-3445) : A memory corruption and heap-based overflow exists in Microsoft Agent when processing specially crafted .ACF files. The flaw occurs in the ReadWideString handling within agentdpv.dll and can be triggered via a remote attack, typically by convincing a user to view a malic...

7.5CVSS7.8AI score0.40143EPSS
CVE
CVE
added 2007/04/04 4:0 p.m.53 views

CVE-2007-1213

CVE-2007-1213 is a local elevation-of-privilege flaw in the Windows 2000 SP4 TrueType Font Rasterizer. The vulnerability arises when processing defective or modified fonts, which can cause an uninitialized function pointer and allow a logged-on user to gain full control of the system. Public docu...

7.2CVSS6.2AI score0.03997EPSS
CVE
CVE
added 2000/11/29 5:0 a.m.52 views

CVE-2000-0885

CVE-2000-0885 covers multiple buffer overflows in Microsoft Network Monitor (Netmon) parsers. The vulnerabilities occur in browser.dll (CIFS Browse Frame), snmp.dll (SNMP community name), and smb.dll (SMB sessions) where unchecked string handling can overflow stacks, enabling remote arbitrary cod...

7.5CVSS7.5AI score0.12796EPSS
CVE
CVE
added 2001/02/02 5:0 a.m.52 views

CVE-2001-0048

CVE-2001-0048 affects Microsoft Windows 2000 domain controllers; the Configure Your Server tool installs a blank Directory Service Restore Mode password. This allows attackers with physical access to the controller to install malicious software. Root cause is a blank DS Restore Mode password crea...

7.2CVSS6.8AI score0.02007EPSS
CVE
CVE
added 2005/04/21 4:0 a.m.52 views

CVE-2001-1451

CVE-2001-1451 describes a memory leak in the SNMP LAN Manager (LANMAN) MIB extension for Microsoft Windows 2000 before SP3. When the Print Spooler is not running, remote attackers can trigger a denial of service by issuing a large number of GET or GETNEXT requests, leading to memory consumption. ...

5CVSS7AI score0.27762EPSS
CVE
CVE
added 2003/07/04 4:0 a.m.52 views

CVE-2003-0503

The CVE-2003-0503 entry applies to Windows 2000 before SP4, where a buffer overflow in ShellExecute (SHELL32.DLL) can be triggered by a long third argument. This could lead to denial of service or arbitrary code execution. The available documents specify the affected component and the root cause ...

7.5CVSS8.2AI score0.06911EPSS
CVE
CVE
added 2003/07/04 4:0 a.m.52 views

CVE-2003-0507

Summary: CVE-2003-0507 is a stack-based buffer overflow in Microsoft Windows 2000 Active Directory (LSASS.exe) triggered by an LDAP v3 search request with a large number of qualifiers (e.g., multiple AND/OR statements), leading to a denial of service (reboot) and potential arbitrary code executio...

7.5CVSS8.2AI score0.26626EPSS
CVE
CVE
added 2005/10/06 4:0 a.m.52 views

CVE-2005-3177

Affected software : Microsoft Windows 2000 (before Update Rollup 1 for SP4), Windows XP, and Windows Server 2003. Vulnerable component : CHKDSK running in fix mode. Root cause : CHKDSK does not properly handle security descriptors when the master file table contains a large number of files or whe...

4.6CVSS6.9AI score0.01376EPSS
CVE
CVE
added 2006/12/26 8:0 p.m.52 views

CVE-2006-6723

The CVE-2006-6723 issue affects the Workstation service in Microsoft Windows 2000 SP4 and Windows XP SP2, where a crafted NetrWkstaUserEnum RPC request with a large maxlen value can cause a denial of service through memory consumption. The root cause is tied to how the Workstation service process...

7.8CVSS6.6AI score0.37978EPSS
CVE
CVE
added 2000/07/12 4:0 a.m.51 views

CVE-2000-0416

NTMail 5.x contains a vulnerability where network users can bypass proxy restrictions by redirecting requests to NTMail’s web configuration server. Affected product is NTMail 5.x; root cause is improper handling of proxy rules allowing redirection to configuration server. Documented impact: bypas...

5CVSS6.9AI score0.06323EPSS
CVE
CVE
added 2000/10/13 4:0 a.m.51 views

CVE-2000-0475

CVE-2000-0475 pertains to Windows 2000 where a local user process can access another user’s desktop within the same Windows station (the “Desktop Separation” vulnerability). The available documents describe the affected software (Windows 2000) and the nature of the vulnerability (local privilege/...

4.6CVSS6.7AI score0.02045EPSS
CVE
CVE
added 2002/05/03 4:0 a.m.51 views

CVE-2001-1238

Task Manager in Windows 2000 cannot end certain processes with uppercase names (e.g., winlogon.exe, csrss.exe, smss.exe, services.exe) via the Process tab. This could allow local users to install Trojan horses that cannot be stopped with Task Manager. Documents do not provide a fix or patch; PT-S...

7.8CVSS6.7AI score0.01333EPSS
CVE
CVE
added 2001/09/18 4:0 a.m.50 views

CVE-2001-0346

The CVE-2001-0346 entry pertains to Microsoft Windows 2000 Telnet Service, where a handle leak during termination of an excessive number of Telnet sessions can exhaust system handles and cause a denial-of-service across services. Affected component: Windows 2000 Telnet Service; root cause: failur...

5CVSS6.4AI score0.05927EPSS
CVE
CVE
added 2001/09/18 4:0 a.m.50 views

CVE-2001-0348

CVE-2001-0348 affects Microsoft Windows 2000 Telnet Service. A vulnerability in range checking on incoming Telnet session requests can be exploited by sending a long logon sequence including delete (backspace) characters to crash the Telnet Service, causing a denial of service. Microsoft addresse...

5CVSS6.5AI score0.29731EPSS
CVE
CVE
added 2005/10/06 4:0 a.m.50 views

CVE-2005-3173

Microsoft Windows 2000 before Update Rollup 1 for SP4 is affected by CVE-2005-3173, where logging on with a UPN that has a trailing dot causes the system to fail to apply group policies due to mislocation of the domain controller, potentially bypassing restrictions. The NVD entry documents a CVSS...

4.6CVSS6.9AI score0.01297EPSS
CVE
CVE
added 2006/11/20 9:0 p.m.50 views

CVE-2006-5988

The CVE-2006-5988 entry concerns Windows 2000 Advanced Server SP4 running Active Directory. It indicates an unspecified vulnerability that allows remote attackers to cause a denial of service via unknown vectors, demonstrated by a VulnDisco Pack module. Details on the affected component, root cau...

5CVSS7AI score0.12553EPSS
CVE
CVE
added 2000/02/04 5:0 a.m.49 views

CVE-1999-0582

CVE-1999-0582 describes a misconfigured Windows NT account policy with insecure lockout settings (e.g., lockout duration, count of bad logon attempts). The NVD entry classifies impact as partial availability with network access, no confidentiality/integrity impact, and no authentication required,...

5CVSS7.4AI score0.06279EPSS
CVE
CVE
added 2000/07/12 4:0 a.m.49 views

CVE-2000-0487

CVE-2000-0487 : The Protected Store in Windows 2000 does not properly select the strongest available encryption, defaulting to 40-bit instead of 56-bit DES. The description confirms a weak encryption fallback, with referenced advisory MS00-032. No exploitation details are provided in the initial ...

3.6CVSS6.9AI score0.02479EPSS
CVE
CVE
added 2001/05/07 4:0 a.m.49 views

CVE-2001-0014

CVE-2001-0014 affects Windows 2000 Terminal Services (Remote Data Protocol). The vulnerability arises from improper handling of certain malformed RDP packets, allowing remote attackers to cause a denial of service. The provided documents identify the affected component and DoS impact but do not s...

5CVSS7.1AI score0.13344EPSS
CVE
CVE
added 2001/05/07 4:0 a.m.49 views

CVE-2001-0015

CVE-2001-0015 affects Windows 2000 via the Network Dynamic Data Exchange (DDE) component. The vulnerability allows a local attacker to elevate privileges to Local System by sending a WM_COPYDATA message to an invisible DDE window that runs with WINLOGON privileges, enabling arbitrary command exec...

7.2CVSS6.5AI score0.03501EPSS
CVE
CVE
added 2002/03/09 5:0 a.m.49 views

CVE-2001-0502

The CVE-2001-0502 issue affects Windows 2000 LDAP over SSL where a function fails to properly verify permissions when the directory principal is a domain user and the data attribute is the domain password, allowing local users to modify other users’ login passwords. Affected component: LDAP over ...

4.6CVSS6.4AI score0.02004EPSS
CVE
CVE
added 2003/07/10 4:0 a.m.49 views

CVE-2003-0350

CVE-2003-0350 affects Windows 2000’s Accessibility Utility Manager (ListView). The vulnerability arises from improper handling of Windows messages in the ListView control, enabling a local attacker to cause arbitrary code execution via a malicious Shatter-style message that references a user-cont...

4.6CVSS7.3AI score0.01597EPSS
CVE
CVE
added 2005/10/06 4:0 a.m.49 views

CVE-2005-3168

The CVE-2005-3168 issue affects Microsoft Windows 2000 prior to Update Rollup 1 for SP4. The SECEDIT ACL application fails to enforce ACLs on folders that appear after a long folder entry when using a security template, leading to potentially less secure permissions than intended. The concrete im...

7.5CVSS6.6AI score0.03806EPSS
CVE
CVE
added 2007/06/12 8:0 p.m.49 views

CVE-2007-2219

CVE-2007-2219 is a remote code-execution flaw in the Win32 API present on Windows 2000 SP4, XP SP2, and Server 2003 SP1/SP2. The vulnerability stems from improper validation of parameters passed to a Win32 API function, enabling an attacker to execute arbitrary code by convincing a user to view a...

9.3CVSS7.5AI score0.31808EPSS
CVE
CVE
added 2003/04/02 5:0 a.m.48 views

CVE-2002-0720

Windows 2000 Network Connection Manager (NCM) contains a handler routine that, if configured insecurely, can run under LocalSystem and execute attacker-supplied code. A local user can leverage this to gain full system privileges, per multiple sources (e.g., OpenVAS/Nessus descriptions). Affected ...

7.2CVSS6.5AI score0.02165EPSS
CVE
CVE
added 2008/02/13 11:0 p.m.48 views

CVE-2003-1544

CVE-2003-1544 affects Terminal Services on Windows 2000 (pre-SP4) and Windows XP. The vulnerability is an unrestricted critical resource lock that allows remote authenticated users to trigger a denial-of-service (reboot) by obtaining a read lock on msgina.dll, which prevents msgina.dll from loadi...

6.8CVSS6.7AI score0.1727EPSS
CVE
CVE
added 2005/10/06 4:0 a.m.48 views

CVE-2005-3169

CVE-2005-3169 affects Microsoft Windows 2000 prior to Update Rollup 1 for SP4 when the audit directory service access policy is enabled. The vulnerability is that a 565 event message for File Delete Child operations on Active Directory objects is not recorded in the security event log, potentiall...

5CVSS6.9AI score0.03218EPSS
CVE
CVE
added 2000/07/19 4:0 a.m.47 views

CVE-2000-0580

CVE-2000-0580 affects Windows 2000 Server. It enables remote denial of service by sending a continuous stream of binary zeros to various TCP/UDP ports, causing significant CPU utilization. The provided documents do not specify a patch, workaround, affected versions beyond Windows 2000 Server, or ...

5CVSS7AI score0.17347EPSS
Total number of security vulnerabilities460