Windows 2000 Security Vulnerabilities and Issues — Windows 2000 CVE List

Lucene search

MicrosoftWindows 2000

8 matches found

CVE•added 2003/04/02 5:0 a.m.•992 views

CVE-2002-0367

smss.exe debugging subsystem in Windows NT and Windows 2000 does not properly authenticate programs that connect to other programs, which allows local users to gain administrator or SYSTEM privileges by duplicating a handle to a privileged process, as demonstrated by DebPloit.

7.8CVSS8.9AI score0.01396EPSS

CVE•added 2003/04/02 5:0 a.m.•148 views

CVE-2002-1561

The RPC component in Windows 2000, Windows NT 4.0, and Windows XP allows remote attackers to cause a denial of service (disabled RPC service) via a malformed packet to the RPC Endpoint Mapper at TCP port 135, which triggers a null pointer dereference.

5CVSS6.6AI score0.60671EPSS

CVE•added 2003/04/02 5:0 a.m.•81 views

CVE-2002-0391

Integer overflow in xdr_array function in RPC servers for operating systems that use libc, glibc, or other code based on SunRPC including dietlibc, allows remote attackers to execute arbitrary code by passing a large number of arguments to xdr_array through RPC services such as rpc.cmsd and dmispd.

10CVSS9.9AI score0.0457EPSS

CVE•added 2003/04/02 5:0 a.m.•61 views

CVE-2002-0366

Buffer overflow in Remote Access Service (RAS) phonebook for Windows NT 4.0, 2000, XP, and Routing and Remote Access Server (RRAS) allows local users to execute arbitrary code by modifying the rasphone.pbk file to use a long dial-up entry.

7.2CVSS7.6AI score0.00477EPSS

CVE•added 2003/04/02 5:0 a.m.•57 views

CVE-2002-0054

SMTP service in (1) Microsoft Windows 2000 and (2) Internet Mail Connector (IMC) in Exchange Server 5.5 does not properly handle responses to NTLM authentication, which allows remote attackers to perform mail relaying via an SMTP AUTH command using null session credentials.

7.5CVSS6.8AI score0.08515EPSS

CVE•added 2003/04/02 5:0 a.m.•49 views

CVE-2002-0597

LANMAN service on Microsoft Windows 2000 allows remote attackers to cause a denial of service (CPU/memory exhaustion) via a stream of malformed data to microsoft-ds port 445.

5CVSS6.6AI score0.55576EPSS

CVE•added 2003/04/02 5:0 a.m.•48 views

CVE-2002-0823

Buffer overflow in Winhlp32.exe allows remote attackers to execute arbitrary code via an HTML document that calls the HTML Help ActiveX control (HHCtrl.ocx) with a long pathname in the Item parameter.

7.5CVSS7.8AI score0.35181EPSS

CVE•added 2003/04/02 5:0 a.m.•35 views

CVE-2002-0720

A handler routine for the Network Connection Manager (NCM) in Windows 2000 allows local users to gain privileges via a complex attack that causes the handler to run in the LocalSystem context with user-specified code.

7.2CVSS6.5AI score0.01694EPSS