Lucene search

K
MicrosoftWindows 2000

181 matches found

CVE
CVE
added 2010/01/21 7:30 p.m.985 views

CVE-2010-0232

The kernel in Microsoft Windows NT 3.1 through Windows 7, including Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, and Windows Server 2008 Gold and SP2, when access to 16-bit applications is enabled on a 32-bit x86 platform, does not properly va...

7.8CVSS6.2AI score0.73257EPSS
CVE
CVE
added 2003/04/02 5:0 a.m.982 views

CVE-2002-0367

smss.exe debugging subsystem in Windows NT and Windows 2000 does not properly authenticate programs that connect to other programs, which allows local users to gain administrator or SYSTEM privileges by duplicating a handle to a privileged process, as demonstrated by DebPloit.

7.8CVSS8.9AI score0.01396EPSS
CVE
CVE
added 2004/08/06 4:0 a.m.972 views

CVE-2004-0210

The POSIX component of Microsoft Windows NT and Windows 2000 allows local users to execute arbitrary code via certain parameters, possibly by modifying message length values and causing a buffer overflow.

7.8CVSS7.3AI score0.0633EPSS
CVE
CVE
added 2009/06/10 6:30 p.m.948 views

CVE-2009-1123

The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 does not properly validate changes to unspecified kernel objects, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Desktop Vulnerability...

7.8CVSS6.2AI score0.04402EPSS
CVE
CVE
added 2000/02/04 5:0 a.m.652 views

CVE-1999-0519

A NETBIOS/SMB share password is the default, null, or missing.

7.5CVSS6.8AI score0.08661EPSS
CVE
CVE
added 2008/10/20 5:59 p.m.481 views

CVE-2008-4609

The TCP implementation in (1) Linux, (2) platforms based on BSD Unix, (3) Microsoft Windows, (4) Cisco products, and probably other operating systems allows remote attackers to cause a denial of service (connection queue exhaustion) via multiple vectors that manipulate information in the TCP state ...

7.1CVSS8.8AI score0.00461EPSS
CVE
CVE
added 2000/02/04 5:0 a.m.378 views

CVE-1999-0511

IP forwarding is enabled on a machine which is not a router or firewall.

7.5CVSS6.8AI score0.0596EPSS
CVE
CVE
added 2003/08/18 4:0 a.m.204 views

CVE-2003-0352

Buffer overflow in a certain DCOM interface for RPC in Microsoft Windows NT 4.0, 2000, XP, and Server 2003 allows remote attackers to execute arbitrary code via a malformed message, as exploited by the Blaster/MSblast/LovSAN and Nachi/Welchia worms.

7.5CVSS7.5AI score0.89814EPSS
CVE
CVE
added 2004/06/01 4:0 a.m.202 views

CVE-2003-0533

Stack-based buffer overflow in certain Active Directory service functions in LSASRV.DLL of the Local Security Authority Subsystem Service (LSASS) in Microsoft Windows NT 4.0 SP6a, 2000 SP2 through SP4, XP SP1, Server 2003, NetMeeting, Windows 98, and Windows ME, allows remote attackers to execute a...

7.5CVSS7.8AI score0.8878EPSS
CVE
CVE
added 2008/09/16 11:0 p.m.154 views

CVE-2008-4114

srv.sys in the Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to cause a denial of service (system crash) or possibly have unspecified other impact via an SMB WRITE_ANDX packet with an offset that is...

7.1CVSS7.4AI score0.82059EPSS
CVE
CVE
added 2000/02/04 5:0 a.m.137 views

CVE-1999-0505

A Windows NT domain user or administrator account has a guessable password.

7.2CVSS6.7AI score0.00683EPSS
CVE
CVE
added 2000/02/04 5:0 a.m.135 views

CVE-1999-0506

A Windows NT domain user or administrator account has a default, null, blank, or missing password.

7.2CVSS6.7AI score0.07551EPSS
CVE
CVE
added 2009/09/08 10:30 p.m.124 views

CVE-2009-1926

Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allow remote attackers to cause a denial of service (TCP outage) via a series of TCP sessions that have pending data and a (1) small or (2) zero receive window size, and remain in the...

7.8CVSS6.4AI score0.70368EPSS
CVE
CVE
added 2003/08/27 4:0 a.m.122 views

CVE-2003-0605

The RPC DCOM interface in Windows 2000 SP3 and SP4 allows remote attackers to cause a denial of service (crash), and local attackers to use the DoS to hijack the epmapper pipe to gain privileges, via certain messages to the __RemoteGetClassObject interface that cause a NULL pointer to be passed to ...

7.5CVSS6.4AI score0.76112EPSS
CVE
CVE
added 2003/03/31 5:0 a.m.116 views

CVE-2003-0109

Buffer overflow in ntdll.dll on Microsoft Windows NT 4.0, Windows NT 4.0 Terminal Server Edition, Windows 2000, and Windows XP allows remote attackers to execute arbitrary code, as demonstrated via a WebDAV request to IIS 5.0.

7.5CVSS7.2AI score0.88715EPSS
CVE
CVE
added 2010/02/10 6:30 p.m.106 views

CVE-2010-0022

The SMB implementation in the Server service in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate the share and servername fields in SMB packets, which allows...

7.8CVSS6.3AI score0.79033EPSS
CVE
CVE
added 2006/03/03 11:2 a.m.104 views

CVE-2006-0988

The default configuration of the DNS Server service on Windows Server 2003 and Windows 2000, and the Microsoft DNS Server service on Windows NT 4.0, allows recursive queries and provides additional delegation information to arbitrary IP addresses, which allows remote attackers to cause a denial of ...

7.8CVSS6.8AI score0.69541EPSS
CVE
CVE
added 2010/02/10 6:30 p.m.99 views

CVE-2010-0021

Multiple race conditions in the SMB implementation in the Server service in Microsoft Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allow remote attackers to cause a denial of service (system hang) via a crafted (1) SMBv1 or (2) SMBv2 Negotiate packet, aka "...

7.1CVSS6.4AI score0.1244EPSS
CVE
CVE
added 2009/01/15 1:30 a.m.98 views

CVE-1999-1593

Windows Internet Naming Service (WINS) allows remote attackers to cause a denial of service (connectivity loss) or steal credentials via a 1Ch registration that causes WINS to change the domain controller to point to a malicious server. NOTE: this problem may be limited when Windows 95/98 clients a...

7.6CVSS6.9AI score0.042EPSS
CVE
CVE
added 2004/03/03 5:0 a.m.94 views

CVE-2003-0818

Multiple integer overflows in Microsoft ASN.1 library (MSASN1.DLL), as used in LSASS.EXE, CRYPT32.DLL, and other Microsoft executables and libraries on Windows NT 4.0, 2000, and XP, allow remote attackers to execute arbitrary code via ASN.1 BER encodings with (1) very large length fields that cause...

7.5CVSS7.4AI score0.89651EPSS
CVE
CVE
added 2003/12/15 5:0 a.m.91 views

CVE-2003-0822

Buffer overflow in the debug functionality in fp30reg.dll of Microsoft FrontPage Server Extensions (FPSE) 2000 and 2002 allows remote attackers to execute arbitrary code via a crafted chunked encoded request.

7.5CVSS7.4AI score0.89141EPSS
CVE
CVE
added 2004/06/01 4:0 a.m.90 views

CVE-2004-0117

Unknown vulnerability in the H.323 protocol implementation in Windows 98, Windows 2000, Windows XP, and Windows Server 2003 allows remote attackers to execute arbitrary code.

7.5CVSS7.8AI score0.41605EPSS
CVE
CVE
added 2002/03/08 5:0 a.m.88 views

CVE-2002-0053

Buffer overflow in SNMP agent service in Windows 95/98/98SE, Windows NT 4.0, Windows 2000, and Windows XP allows remote attackers to cause a denial of service or execute arbitrary code via a malformed management request. NOTE: this candidate may be split or merged with other candidates. This and ot...

7.5CVSS7.8AI score0.63395EPSS
CVE
CVE
added 2005/06/15 4:0 a.m.87 views

CVE-2005-1206

Buffer overflow in the Server Message Block (SMB) functionality for Microsoft Windows 2000, XP SP1 and SP2, and Server 2003 and SP1 allows remote attackers to execute arbitrary code via unknown vectors, aka the "Server Message Block Vulnerability."

7.5CVSS7.8AI score0.57969EPSS
CVE
CVE
added 2000/02/04 5:0 a.m.79 views

CVE-1999-0499

NETBIOS share information may be published through SNMP registry keys in NT.

7.5CVSS6.5AI score0.04001EPSS
CVE
CVE
added 2004/06/01 4:0 a.m.77 views

CVE-2003-0906

Buffer overflow in the rendering for (1) Windows Metafile (WMF) or (2) Enhanced Metafile (EMF) image formats in Microsoft Windows NT 4.0 SP6a, 2000 SP2 through SP4, and XP SP1 allows remote attackers to execute arbitrary code via a malformed WMF or EMF image.

7.6CVSS7.9AI score0.45302EPSS
CVE
CVE
added 2000/02/04 5:0 a.m.76 views

CVE-1999-0503

A Windows NT local user or administrator account has a guessable password.

7.2CVSS6.5AI score0.00644EPSS
CVE
CVE
added 2000/02/04 5:0 a.m.76 views

CVE-1999-0504

A Windows NT local user or administrator account has a default, null, blank, or missing password.

7.5CVSS6.2AI score0.35999EPSS
CVE
CVE
added 2003/11/17 5:0 a.m.75 views

CVE-2003-0717

The Messenger Service for Windows NT through Server 2003 does not properly verify the length of the message, which allows remote attackers to execute arbitrary code via a buffer overflow attack.

7.5CVSS7.9AI score0.79831EPSS
CVE
CVE
added 2007/06/06 9:30 p.m.75 views

CVE-2007-3091

Race condition in Microsoft Internet Explorer 6 SP1; 6 and 7 for Windows XP SP2 and SP3; 6 and 7 for Server 2003 SP2; 7 for Vista Gold, SP1, and SP2; and 7 for Server 2008 SP2 allows remote attackers to execute arbitrary code or perform other actions upon a page transition, with the permissions of ...

7.1CVSS7.2AI score0.18448EPSS
CVE
CVE
added 2002/09/24 4:0 a.m.74 views

CVE-2002-0724

Buffer overflow in SMB (Server Message Block) protocol in Microsoft Windows NT, Windows 2000, and Windows XP allows attackers to cause a denial of service (crash) via a SMB_COM_TRANSACTION packet with a request for the (1) NetShareEnum, (2) NetServerEnum2, or (3) NetServerEnum3, aka "Unchecked Buff...

7.5CVSS6.5AI score0.40265EPSS
CVE
CVE
added 1999/09/29 4:0 a.m.73 views

CVE-1999-0391

The cryptographic challenge of SMB authentication in Windows 95 and Windows 98 can be reused, allowing an attacker to replay the response and impersonate a user.

7.5CVSS7.1AI score0.03809EPSS
CVE
CVE
added 2006/07/11 9:5 p.m.73 views

CVE-2006-1314

Heap-based buffer overflow in the Server Service (SRV.SYS driver) in Microsoft Windows 2000 SP4, XP SP1 and SP2, Server 2003 up to SP1, and other products, allows remote attackers to execute arbitrary code via crafted first-class Mailslot messages that triggers memory corruption and bypasses size r...

7.5CVSS7.8AI score0.76532EPSS
CVE
CVE
added 2003/08/18 4:0 a.m.72 views

CVE-2003-0345

Buffer overflow in the SMB capability for Microsoft Windows XP, 2000, and NT allows remote attackers to cause a denial of service and possibly execute arbitrary code via an SMB packet that specifies a smaller buffer length than is required.

7.5CVSS8.1AI score0.46218EPSS
CVE
CVE
added 2006/06/13 7:6 p.m.72 views

CVE-2006-2370

Buffer overflow in the Routing and Remote Access service (RRAS) in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows remote unauthenticated or authenticated attackers to execute arbitrary code via certain crafted "RPC related requests," aka the "RRAS Memory Corrupti...

7.5CVSS9.7AI score0.79591EPSS
CVE
CVE
added 2007/10/09 10:17 p.m.72 views

CVE-2007-2228

rpcrt4.dll (aka the RPC runtime library) in Microsoft Windows XP SP2, XP Professional x64 Edition, Server 2003 SP1 and SP2, Server 2003 x64 Edition and x64 Edition SP2, and Vista and Vista x64 Edition allows remote attackers to cause a denial of service (RPCSS service stop and system restart) via a...

7.8CVSS6.4AI score0.71221EPSS
CVE
CVE
added 2004/06/01 4:0 a.m.71 views

CVE-2003-0806

Buffer overflow in the Windows logon process (winlogon) in Microsoft Windows NT 4.0 SP6a, 2000 SP2 through SP4, and XP SP1, when a member of a domain, allows remote attackers to execute arbitrary code.

7.5CVSS7.9AI score0.491EPSS
CVE
CVE
added 2004/11/03 5:0 a.m.71 views

CVE-2004-0206

Network Dynamic Data Exchange (NetDDE) services for Microsoft Windows 98, Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows attackers to remotely execute arbitrary code or locally gain privileges via a malicious message or application that involves an "unchecked buffer," poss...

7.5CVSS7.5AI score0.80399EPSS
CVE
CVE
added 2004/08/06 4:0 a.m.71 views

CVE-2004-0213

Utility Manager in Windows 2000 launches winhlp32.exe while Utility Manager is running with raised privileges, which allows local users to gain system privileges via a "Shatter" style attack that sends a Windows message to cause Utility Manager to launch winhlp32 by directly accessing the context s...

7.8CVSS7.6AI score0.04323EPSS
CVE
CVE
added 2000/01/04 5:0 a.m.70 views

CVE-1999-0918

Denial of service in various Windows systems via malformed, fragmented IGMP packets.

7.8CVSS6.6AI score0.34126EPSS
CVE
CVE
added 2004/06/01 4:0 a.m.70 views

CVE-2003-0719

Buffer overflow in the Private Communications Transport (PCT) protocol implementation in the Microsoft SSL library, as used in Microsoft Windows NT 4.0 SP6a, 2000 SP2 through SP4, XP SP1, Server 2003, NetMeeting, Windows 98, and Windows ME, allows remote attackers to execute arbitrary code via PCT ...

7.5CVSS7.8AI score0.70967EPSS
CVE
CVE
added 2004/12/31 5:0 a.m.69 views

CVE-2004-0567

The Windows Internet Naming Service (WINS) in Windows NT Server 4.0 SP 6a, NT Terminal Server 4.0 SP 6, Windows 2000 Server SP3 and SP4, and Windows Server 2003 does not properly validate the computer name value in a WINS packet, which allows remote attackers to execute arbitrary code or cause a de...

7.5CVSS7.9AI score0.55EPSS
CVE
CVE
added 2005/04/27 4:0 a.m.67 views

CVE-2005-0416

The Windows Animated Cursor (ANI) capability in Windows NT, Windows 2000 through SP4, Windows XP through SP1, and Windows 2003 allows remote attackers to execute arbitrary code via the AnimationHeaderBlock length field, which leads to a stack-based buffer overflow.

7.5CVSS7.6AI score0.47317EPSS
CVE
CVE
added 2010/06/08 10:30 p.m.67 views

CVE-2010-0485

The Windows kernel-mode drivers in win32k.sys in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, Server 2008 Gold and SP2, Windows 7, and Server 2008 R2 "do not properly validate all callback parameters when creating a new window," which allows local users to execute...

7.8CVSS6.7AI score0.00965EPSS
CVE
CVE
added 2004/09/01 4:0 a.m.66 views

CVE-2003-0003

Buffer overflow in the RPC Locator service for Microsoft Windows NT 4.0, Windows NT 4.0 Terminal Server Edition, Windows 2000, and Windows XP allows local users to execute arbitrary code via an RPC call to the service containing certain parameter information.

7.5CVSS7.5AI score0.21852EPSS
CVE
CVE
added 2003/08/07 4:0 a.m.66 views

CVE-2003-0469

Buffer overflow in the HTML Converter (HTML32.cnv) on various Windows operating systems allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via cut-and-paste operation, as demonstrated in Internet Explorer 5.0 using a long "align" argument in an HR tag.

7.5CVSS7.8AI score0.51219EPSS
CVE
CVE
added 2009/10/14 10:30 a.m.66 views

CVE-2009-2511

Integer overflow in the CryptoAPI component in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows man-in-the-middle attackers to spoof arbitrary SSL servers and other entities via...

7.5CVSS6.5AI score0.07123EPSS
CVE
CVE
added 2009/03/10 8:30 p.m.64 views

CVE-2009-0085

The Secure Channel (aka SChannel) authentication component in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008, when certificate authentication is used, does not properly validate the client's key exchange data in Transport Layer Security (TLS...

7.1CVSS6.6AI score0.21096EPSS
CVE
CVE
added 2010/02/10 6:30 p.m.64 views

CVE-2010-0233

Double free vulnerability in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows local users to gain privileges via a crafted application, aka "Windows Kernel Double Free Vulnerability."

7.2CVSS6.2AI score0.00512EPSS
CVE
CVE
added 2002/06/25 4:0 a.m.63 views

CVE-2002-0151

Buffer overflow in Multiple UNC Provider (MUP) in Microsoft Windows operating systems allows local users to cause a denial of service or possibly gain SYSTEM privileges via a long UNC request.

7.2CVSS6.9AI score0.0281EPSS
Total number of security vulnerabilities181