Windows 2000 Security Vulnerabilities and Issues — Windows 2000 CVE List

Lucene search

MicrosoftWindows 2000

9 matches found

CVE•added 2010/03/10 10:30 p.m.•158 views

CVE-2010-0806

Use-after-free vulnerability in the Peer Objects component (aka iepeers.dll) in Microsoft Internet Explorer 6, 6 SP1, and 7 allows remote attackers to execute arbitrary code via vectors involving access to an invalid pointer after the deletion of an object, as exploited in the wild in March 2010, a...

9.3CVSS7.3AI score0.91165EPSS

CVE•added 2010/03/31 7:30 p.m.•87 views

CVE-2010-0805

The Tabular Data Control (TDC) ActiveX control in Microsoft Internet Explorer 5.01 SP4, 6 on Windows XP SP2 and SP3, and 6 SP1 allows remote attackers to execute arbitrary code via a long URL (DataURL parameter) that triggers memory corruption in the CTDCCtl::SecurityCHeckDataURL function, aka "Mem...

9.3CVSS7.5AI score0.89321EPSS

CVE•added 2010/03/31 7:30 p.m.•64 views

CVE-2010-0267

Microsoft Internet Explorer 6, 6 SP1, and 7 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerab...

9.3CVSS7.6AI score0.63927EPSS

CVE•added 2010/03/31 7:30 p.m.•60 views

CVE-2010-0488

Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, and 7 does not properly handle unspecified "encoding strings," which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site, aka "Post Encoding Information Disclosure Vulnerability."

6.5CVSS5.9AI score0.09851EPSS

CVE•added 2010/03/31 7:30 p.m.•58 views

CVE-2010-0494

Cross-domain vulnerability in Microsoft Internet Explorer 6, 6 SP1, 7, and 8 allows user-assisted remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via a crafted HTML document in a situation where the client user drags one browser window across another...

4.3CVSS5.4AI score0.46282EPSS

CVE•added 2010/03/31 7:30 p.m.•56 views

CVE-2010-0489

Race condition in Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, and 7 allows remote attackers to execute arbitrary code via a crafted HTML document that triggers memory corruption, aka "Race Condition Memory Corruption Vulnerability."

9.3CVSS7.3AI score0.32817EPSS

CVE•added 2010/03/31 7:30 p.m.•51 views

CVE-2010-0491

Use-after-free vulnerability in Microsoft Internet Explorer 5.01 SP4, 6, and 6 SP1 allows remote attackers to execute arbitrary code by changing unspecified properties of an HTML object that has an onreadystatechange event handler, aka "HTML Object Memory Corruption Vulnerability."

9.3CVSS7.5AI score0.58996EPSS

CVE•added 2010/03/03 7:30 p.m.•50 views

CVE-2010-0483

vbscript.dll in VBScript 5.1, 5.6, 5.7, and 5.8 in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2, when Internet Explorer is used, allows user-assisted remote attackers to execute arbitrary code by referencing a (1) local pathname, (2) UNC share pathname, or (3) WebDAV server with ...

7.6CVSS7.4AI score0.81699EPSS

CVE•added 2010/03/03 7:30 p.m.•44 views

CVE-2010-0917

Stack-based buffer overflow in VBScript in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2, when Internet Explorer is used, might allow user-assisted remote attackers to execute arbitrary code via a long string in the fourth argument (aka helpfile argument) to the MsgBox function, l...

7.6CVSS8AI score0.81699EPSS