Windows 2000 Security Vulnerabilities and Issues — Windows 2000 CVE List

Lucene search

MicrosoftWindows 2000

10 matches found

CVE•added 2005/06/15 4:0 a.m.•87 views

CVE-2005-1206

Buffer overflow in the Server Message Block (SMB) functionality for Microsoft Windows 2000, XP SP1 and SP2, and Server 2003 and SP1 allows remote attackers to execute arbitrary code via unknown vectors, aka the "Server Message Block Vulnerability."

7.5CVSS7.8AI score0.57969EPSS

CVE•added 2005/06/15 4:0 a.m.•65 views

CVE-2005-1208

Integer overflow in Microsoft Windows 98, 2000, XP SP2 and earlier, and Server 2003 SP1 and earlier allows remote attackers to execute arbitrary code via a crafted compiled Help (.CHM) file with a large size field that triggers a heap-based buffer overflow, as demonstrated using a "ms-its:" URL in ...

10CVSS7.9AI score0.44792EPSS

CVE•added 2005/06/21 4:0 a.m.•57 views

CVE-2002-1700

Cross-site scripting vulnerability (XSS) in the missing template handler in Macromedia ColdFusion MX allows remote attackers to execute arbitrary script as other users by injecting script into the HTTP request for the name of a template, which is not filtered in the resulting 404 error message.

4.3CVSS6.4AI score0.30367EPSS

CVE•added 2005/06/13 4:0 a.m.•53 views

CVE-2005-1935

Heap-based buffer overflow in the BERDecBitString function in Microsoft ASN.1 library (MSASN1.DLL) allows remote attackers to execute arbitrary code via nested constructed bit strings, which leads to a realloc of a non-null pointer and causes the function to overwrite previously freed memory, as de...

7.5CVSS7.9AI score0.89651EPSS

CVE•added 2005/06/28 4:0 a.m.•51 views

CVE-2002-1932

Microsoft Windows XP and Windows 2000, when configured to send administrative alerts and the "Do not overwrite events (clear log manually)" option is set, does not notify the administrator when the log reaches its maximum size, which allows local users and remote attackers to avoid detection.

7.5CVSS6.9AI score0.21544EPSS

CVE•added 2005/06/28 4:0 a.m.•46 views

CVE-2000-1227

Windows NT 4.0 and Windows 2000 hosts allow remote attackers to cause a denial of service (unavailable connections) by sending multiple SMB SMBnegprots requests but not reading the response that is sent back.

5CVSS7AI score0.15629EPSS

CVE•added 2005/06/14 4:0 a.m.•45 views

CVE-2005-1212

Buffer overflow in Microsoft Step-by-Step Interactive Training (orun32.exe) allows remote attackers to execute arbitrary code via a bookmark link file (.cbo, cbl, or .cbm extension) with a long User field.

7.5CVSS7.8AI score0.34917EPSS

CVE•added 2005/06/21 4:0 a.m.•42 views

CVE-2002-1712

Microsoft Windows 2000 allows remote attackers to cause a denial of service (memory consumption) by sending a flood of empty TCP/IP packets with the ACK and FIN bits set to the NetBIOS port (TCP/139), as demonstrated by stream3.

5CVSS7AI score0.32922EPSS

CVE•added 2005/06/14 4:0 a.m.•42 views

CVE-2005-1214

Microsoft Agent allows remote attackers to spoof trusted Internet content and execute arbitrary code by disguising security prompts on a malicious Web page.

5.1CVSS7.5AI score0.24133EPSS

CVE•added 2005/06/21 4:0 a.m.•36 views

CVE-2002-1749

Windows 2000 Terminal Services, when using the disconnect feature of the client, does not properly lock itself if it is left idle until the screen saver activates and the user disconnects, which could allow attackers to gain administrator privileges.

7.2CVSS7.2AI score0.00533EPSS