Lucene search

K
MicrosoftWindows 2000

25 matches found

CVE
CVE
added 2005/11/16 7:37 a.m.97 views

CVE-2002-2132

Windows File Protection (WFP) in Windows 2000 and XP does not remove old security catalog .CAT files, which could allow local users to replace new files with vulnerable old files that have valid hash codes.

2.1CVSS6.8AI score0.00757EPSS
CVE
CVE
added 2000/07/01 4:0 a.m.72 views

CVE-1999-0585

A Windows NT administrator account has the default name of Administrator.

2.1CVSS7AI score0.00751EPSS
CVE
CVE
added 2000/01/04 5:0 a.m.60 views

CVE-1999-0717

A remote attacker can disable the virus warning mechanism in Microsoft Excel 97.

2.6CVSS7AI score0.06606EPSS
CVE
CVE
added 2005/07/14 4:0 a.m.55 views

CVE-2001-1517

RunAs (runas.exe) in Windows 2000 stores cleartext authentication information in memory, which could allow attackers to obtain usernames and passwords by executing a process that is allocated the same memory page after termination of a RunAs command. NOTE: the vendor disputes this issue, saying tha...

2.1CVSS6.9AI score0.03047EPSS
CVE
CVE
added 2005/07/14 4:0 a.m.55 views

CVE-2001-1560

Win32k.sys (aka Graphics Device Interface (GDI)) in Windows 2000 and XP allows local users to cause a denial of service (system crash) by calling the ShowWindow function after receiving a WM_NCCREATE message.

2.1CVSS6.6AI score0.00206EPSS
CVE
CVE
added 2004/11/03 5:0 a.m.55 views

CVE-2004-0207

"Shatter" style vulnerability in the Window Management application programming interface (API) for Microsoft Windows 98, Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows local users to gain privileges by using certain API functions to change properties of privileged programs...

2.1CVSS6.5AI score0.01588EPSS
CVE
CVE
added 2005/05/02 4:0 a.m.54 views

CVE-2005-0550

Buffer overflow in Microsoft Windows 2000, Windows XP SP1 and SP2, and Windows Server 2003 allows local users to cause a denial of service (i.e., system crash) via a malformed request, aka "Object Management Vulnerability".

2.1CVSS6.4AI score0.00988EPSS
CVE
CVE
added 1999/09/29 4:0 a.m.53 views

CVE-1999-0372

The installer for BackOffice Server includes account names and passwords in a setup file (reboot.ini) which is not deleted.

2.1CVSS7AI score0.04752EPSS
CVE
CVE
added 2000/10/20 4:0 a.m.53 views

CVE-2000-0771

Microsoft Windows 2000 allows local users to cause a denial of service by corrupting the local security policy via malformed RPC traffic, aka the "Local Security Policy Corruption" vulnerability.

2.1CVSS6.2AI score0.00225EPSS
CVE
CVE
added 2005/08/10 4:0 a.m.53 views

CVE-2005-1981

Unknown vulnerability in Microsoft Windows 2000 Server and Windows Server 2003 domain controllers allows remote authenticated users to cause a denial of service (system crash) via a crafted Kerberos message.

2.1CVSS6.1AI score0.02252EPSS
CVE
CVE
added 2000/02/04 5:0 a.m.51 views

CVE-1999-0595

A Windows NT system does not clear the system page file during shutdown, which might allow sensitive information to be recorded.

2.1CVSS6.5AI score0.00751EPSS
CVE
CVE
added 2001/09/18 4:0 a.m.50 views

CVE-2001-0351

Microsoft Windows 2000 telnet service allows a local user to make a certain system call that allows the user to terminate a Telnet session and cause a denial of service.

2.1CVSS6.3AI score0.00442EPSS
CVE
CVE
added 2005/10/21 6:2 p.m.50 views

CVE-2005-2126

The FTP client in Windows XP SP1 and Server 2003, and Internet Explorer 6 SP1 on Windows 2000 SP4, when "Enable Folder View for FTP Sites" is enabled and the user manually initiates a file transfer, allows user-assisted, remote FTP servers to overwrite files in arbitrary locations via crafted filen...

2.6CVSS6.7AI score0.61694EPSS
CVE
CVE
added 2001/05/03 4:0 a.m.48 views

CVE-2001-0324

Windows 98 and Windows 2000 Java clients allow remote attackers to cause a denial of service via a Java applet that opens a large number of UDP sockets, which prevents the host from establishing any additional UDP connections, and possibly causes a crash.

2.6CVSS7.1AI score0.03551EPSS
CVE
CVE
added 2006/05/12 12:2 a.m.47 views

CVE-2006-2334

The RtlDosPathNameToNtPathName_U API function in NTDLL.DLL in Microsoft Windows 2000 SP4 and XP SP2 does not properly convert DOS style paths with trailing spaces into NT style paths, which allows context-dependent attackers to create files that cannot be accessed through the expected DOS path or p...

2.1CVSS6.5AI score0.02858EPSS
CVE
CVE
added 2000/07/12 4:0 a.m.44 views

CVE-2000-0311

The Windows 2000 domain controller allows a malicious user to modify Active Directory information by modifying an unprotected attribute, aka the "Mixed Object Access" vulnerability.

2.1CVSS6.6AI score0.00647EPSS
CVE
CVE
added 2002/05/03 4:0 a.m.43 views

CVE-2001-1288

Windows 2000 and Windows NT allows local users to cause a denial of service (reboot) by executing a command at the command prompt and pressing the F7 and enter keys several times while the command is executing, possibly related to an exception handling error in csrss.exe.

2.1CVSS6.8AI score0.00366EPSS
CVE
CVE
added 2004/06/01 4:0 a.m.43 views

CVE-2004-0124

The DCOM RPC interface for Microsoft Windows NT 4.0, 2000, XP, and Server 2003 allows remote attackers to cause network communications via an "alter context" call that contains additional data, aka the "Object Identity Vulnerability."

2.6CVSS6.5AI score0.36362EPSS
CVE
CVE
added 2004/09/01 4:0 a.m.42 views

CVE-2001-1302

The change password option in the Windows Security interface for Windows 2000 allows attackers to use the option to attempt to change passwords of other users on other systems or identify valid accounts by monitoring error messages, possibly due to a problem in the NetuserChangePassword function.

2.1CVSS7.2AI score0.00417EPSS
CVE
CVE
added 2005/07/14 4:0 a.m.42 views

CVE-2002-2028

The screensaver on Windows NT 4.0, 2000, XP, and 2002 does not verify if a domain account has already been locked when a valid password is provided, which makes it easier for users with physical access to conduct brute force password guessing.

2.1CVSS6.9AI score0.01101EPSS
CVE
CVE
added 2002/03/09 5:0 a.m.41 views

CVE-2001-0373

The default configuration of the Dr. Watson program in Windows NT and Windows 2000 generates user.dmp crash dump files with world-readable permissions, which could allow a local user to gain access to sensitive information.

2.1CVSS6.9AI score0.0126EPSS
CVE
CVE
added 2005/07/14 4:0 a.m.41 views

CVE-2001-1518

RunAs (runas.exe) in Windows 2000 only creates one session instance at a time, which allows local users to cause a denial of service (RunAs hang) by creating a named pipe session with the authentication server without any request for service. NOTE: the vendor disputes this vulnerability, however th...

2.1CVSS6.8AI score0.00588EPSS
CVE
CVE
added 2006/02/01 2:2 a.m.41 views

CVE-2006-0488

The VDM (Virtual DOS Machine) emulation environment for MS-DOS applications in Windows 2000, Windows XP SP2, and Windows Server 2003 allows local users to read the first megabyte of memory and possibly obtain sensitive information, as demonstrated by dumper.asm.

2.1CVSS6.2AI score0.01421EPSS
CVE
CVE
added 2000/06/02 4:0 a.m.40 views

CVE-2000-0232

Microsoft TCP/IP Printing Services, aka Print Services for Unix, allows an attacker to cause a denial of service via a malformed TCP/IP print request.

2.1CVSS6.8AI score0.00801EPSS
CVE
CVE
added 2001/06/02 4:0 a.m.33 views

CVE-2001-0261

Microsoft Windows 2000 Encrypted File System does not properly destroy backups of files that are encrypted, which allows a local attacker to recover the text of encrypted files.

2.1CVSS6.6AI score0.0149EPSS