Windows 2000 Security Vulnerabilities and Issues — Windows 2000 CVE List

Lucene search

MicrosoftWindows 2000

10 matches found

CVE•added 2005/07/11 4:0 a.m.•65 views

CVE-2005-2150

Windows NT 4.0 and Windows 2000 before URP1 for Windows 2000 SP4 does not properly prevent NULL sessions from accessing certain alternate named pipes, which allows remote attackers to (1) list Windows services via svcctl or (2) read eventlogs via eventlog.

5CVSS6.7AI score0.41473EPSS

CVE•added 2005/07/14 4:0 a.m.•55 views

CVE-2001-1517

RunAs (runas.exe) in Windows 2000 stores cleartext authentication information in memory, which could allow attackers to obtain usernames and passwords by executing a process that is allocated the same memory page after termination of a RunAs command. NOTE: the vendor disputes this issue, saying tha...

2.1CVSS6.9AI score0.03047EPSS

CVE•added 2005/07/14 4:0 a.m.•55 views

CVE-2001-1560

Win32k.sys (aka Graphics Device Interface (GDI)) in Windows 2000 and XP allows local users to cause a denial of service (system crash) by calling the ShowWindow function after receiving a WM_NCCREATE message.

2.1CVSS6.6AI score0.00206EPSS

CVE•added 2005/07/19 4:0 a.m.•50 views

CVE-2005-2307

netman.dll in Microsoft Windows Connections Manager Library allows local users to cause a denial of service (Network Connections Service crash) via a large integer argument to a particular function, aka "Network Connection Manager Vulnerability."

5CVSS6.2AI score0.40005EPSS

CVE•added 2005/07/14 4:0 a.m.•46 views

CVE-2001-1515

Macintosh clients, when using NT file system volumes on Windows 2000 SP1, create subdirectories and automatically modify the inherited NTFS permissions, which may cause the directories to have less restrictive permissions than intended.

7.5CVSS7AI score0.00784EPSS

CVE•added 2005/07/27 4:0 a.m.•44 views

CVE-2005-2388

Buffer overflow in a certain USB driver, as used on Microsoft Windows, allows attackers to execute arbitrary code.

7.2CVSS7.8AI score0.0143EPSS

CVE•added 2005/07/14 4:0 a.m.•42 views

CVE-2002-2028

The screensaver on Windows NT 4.0, 2000, XP, and 2002 does not verify if a domain account has already been locked when a valid password is provided, which makes it easier for users with physical access to conduct brute force password guessing.

2.1CVSS6.9AI score0.01101EPSS

CVE•added 2005/07/14 4:0 a.m.•42 views

CVE-2002-2077

The DCOM client in Windows 2000 before SP3 does not properly clear memory before sending an "alter context" request, which may allow remote attackers to obtain sensitive information by sniffing the session.

5CVSS6.5AI score0.31291EPSS

CVE•added 2005/07/14 4:0 a.m.•41 views

CVE-2001-1518

RunAs (runas.exe) in Windows 2000 only creates one session instance at a time, which allows local users to cause a denial of service (RunAs hang) by creating a named pipe session with the authentication server without any request for service. NOTE: the vendor disputes this vulnerability, however th...

2.1CVSS6.8AI score0.00588EPSS

CVE•added 2005/07/14 4:0 a.m.•38 views

CVE-2001-1519

RunAs (runas.exe) in Windows 2000 allows local users to create a spoofed named pipe when the service is stopped, then capture cleartext usernames and passwords when clients connect to the service. NOTE: the vendor disputes this issue, saying that administrative privileges are already required to ex...

3.6CVSS6.7AI score0.02625EPSS