Vulnerabilities (CVE)

Filtered by vendor Microsoft Subscribe
Filtered by product Windows 2000
Total 634 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2004-0123 1 Microsoft 7 Windows 2000, Windows 2003 Server, Windows 98 and 4 more 2025-04-03 7.5 HIGH N/A
Double free vulnerability in the ASN.1 library as used in Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003, allows remote attackers to cause a denial of service and possibly execute arbitrary code.
CVE-2005-1979 1 Microsoft 3 Windows 2000, Windows 2003 Server, Windows Xp 2025-04-03 5.0 MEDIUM N/A
Distributed Transaction Controller in Microsoft Windows allows remote servers to cause a denial of service (MSDTC service exception and exit) via an "unexpected protocol command during the reconnection request," which is not properly handled by the Transaction Internet Protocol (TIP) functionality.
CVE-2002-0055 1 Microsoft 3 Exchange Server, Windows 2000, Windows Xp 2025-04-03 5.0 MEDIUM N/A
SMTP service in Microsoft Windows 2000, Windows XP Professional, and Exchange 2000 allows remote attackers to cause a denial of service via a command with a malformed data transfer (BDAT) request.
CVE-2005-1987 1 Microsoft 4 Exchange Server, Windows 2000, Windows Server 2003 and 1 more 2025-04-03 7.5 HIGH N/A
Buffer overflow in Collaboration Data Objects (CDO), as used in Microsoft Windows and Microsoft Exchange Server, allows remote attackers to execute arbitrary code when CDOSYS or CDOEX processes an e-mail message with a large header name, as demonstrated using the "Content-Type" string.
CVE-2002-1258 1 Microsoft 8 Windows 2000, Windows 2000 Terminal Services, Windows 95 and 5 more 2025-04-03 5.0 MEDIUM N/A
Two vulnerabilities in Microsoft Virtual Machine (VM) up to and including build 5.0.3805, as used in Internet Explorer and other applications, allow remote attackers to read files via a Java applet with a spoofed location in the CODEBASE parameter in the APPLET tag, possibly due to a parsing error.
CVE-2006-2374 1 Microsoft 3 Windows 2000, Windows 2003 Server, Windows Xp 2025-04-03 2.1 LOW 5.5 MEDIUM
The Server Message Block (SMB) driver (MRXSMB.SYS) in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows local users to cause a denial of service (hang) by calling the MrxSmbCscIoctlCloseForCopyChunk with the file handle of the shadow device, which results in a deadlock, aka the "SMB Invalid Handle Vulnerability."
CVE-2005-3644 1 Microsoft 2 Windows 2000, Windows Xp 2025-04-03 7.8 HIGH N/A
PNP_GetDeviceList (upnp_getdevicelist) in UPnP for Microsoft Windows 2000 SP4 and earlier, and possibly Windows XP SP1 and earlier, allows remote attackers to cause a denial of service (memory consumption) via a DCE RPC request that specifies a large output buffer size, a variant of CVE-2006-6296, and a different vulnerability than CVE-2005-2120.
CVE-2006-3443 1 Microsoft 1 Windows 2000 2025-04-03 7.2 HIGH N/A
Untrusted search path vulnerability in Winlogon in Microsoft Windows 2000 SP4, when SafeDllSearchMode is disabled, allows local users to gain privileges via a malicious DLL in the UserProfile directory, aka "User Profile Elevation of Privilege Vulnerability."
CVE-2002-0725 1 Microsoft 2 Windows 2000, Windows Nt 2025-04-03 4.6 MEDIUM 5.5 MEDIUM
NTFS file system in Windows NT 4.0 and Windows 2000 SP2 allows local attackers to hide file usage activities via a hard link to the target file, which causes the link to be recorded in the audit trail instead of the target file.
CVE-2005-1184 1 Microsoft 5 Windows 2000, Windows 2003 Server, Windows 98se and 2 more 2025-04-03 5.0 MEDIUM N/A
The TCP/IP stack in multiple operating systems allows remote attackers to cause a denial of service (CPU consumption) via a TCP packet with the correct sequence number but the wrong Acknowledgement number, which generates a large number of "keep alive" packets. NOTE: some followups indicate that this issue could not be replicated.
CVE-1999-0918 1 Microsoft 4 Windows 2000, Windows 95, Windows 98 and 1 more 2025-04-03 7.8 HIGH N/A
Denial of service in various Windows systems via malformed, fragmented IGMP packets.
CVE-2001-0663 1 Microsoft 2 Windows 2000, Windows Nt 2025-04-03 5.0 MEDIUM N/A
Terminal Server in Windows NT and Windows 2000 allows remote attackers to cause a denial of service via a sequence of invalid Remote Desktop Protocol (RDP) packets.
CVE-2001-1517 1 Microsoft 1 Windows 2000 2025-04-03 2.1 LOW N/A
** DISPUTED ** RunAs (runas.exe) in Windows 2000 stores cleartext authentication information in memory, which could allow attackers to obtain usernames and passwords by executing a process that is allocated the same memory page after termination of a RunAs command. NOTE: the vendor disputes this issue, saying that administrative privileges are already required to exploit it, and the original researcher did not respond to requests for additional information.
CVE-2004-1080 1 Microsoft 3 Windows 2000, Windows 2003 Server, Windows Nt 2025-04-03 10.0 HIGH N/A
The WINS service (wins.exe) on Microsoft Windows NT Server 4.0, Windows 2000 Server, and Windows Server 2003 allows remote attackers to write to arbitrary memory locations and possibly execute arbitrary code via a modified memory pointer in a WINS replication packet to TCP port 42, aka the "Association Context Vulnerability."
CVE-2003-0910 1 Microsoft 2 Windows 2000, Windows Nt 2025-04-03 7.2 HIGH N/A
The NtSetLdtEntries function in the programming interface for the Local Descriptor Table (LDT) in Windows NT 4.0 and Windows 2000 allows local attackers to gain access to kernel memory and execute arbitrary code via an expand-down data segment descriptor descriptor that points to protected memory.
CVE-2001-0347 1 Microsoft 1 Windows 2000 2025-04-03 7.5 HIGH N/A
Information disclosure vulnerability in Microsoft Windows 2000 telnet service allows remote attackers to determine the existence of user accounts such as Guest, or log in to the server without specifying the domain name, via a malformed userid.
CVE-2004-1361 1 Microsoft 4 Windows 2000, Windows 2003 Server, Windows Nt and 1 more 2025-04-03 5.0 MEDIUM N/A
Integer underflow in winhlp32.exe in Windows NT, Windows 2000 through SP4, Windows XP through SP2, and Windows 2003 allows remote attackers to execute arbitrary code via a malformed .hlp file, which leads to a heap-based buffer overflow.
CVE-2002-1260 1 Microsoft 8 Windows 2000, Windows 2000 Terminal Services, Windows 95 and 5 more 2025-04-03 7.5 HIGH N/A
The Java Database Connectivity (JDBC) APIs in Microsoft Virtual Machine (VM) 5.0.3805 and earlier allow remote attackers to bypass security checks and access database contents via an untrusted Java applet.
CVE-2003-0345 1 Microsoft 3 Windows 2000, Windows Nt, Windows Xp 2025-04-03 7.5 HIGH N/A
Buffer overflow in the SMB capability for Microsoft Windows XP, 2000, and NT allows remote attackers to cause a denial of service and possibly execute arbitrary code via an SMB packet that specifies a smaller buffer length than is required.
CVE-2003-0995 1 Microsoft 1 Windows 2000 2025-04-03 7.5 HIGH N/A
Buffer overflow in the Microsoft Message Queue Manager (MSQM) allows remote attackers to cause a denial of service (RPC service crash) via a queue registration request.