Filtered by vendor Microsoft
Subscriptions
Filtered by product Windows 2000
Subscriptions
Total
635 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-7031 | 1 Microsoft | 10 Internet Explorer, Windows 2000, Windows 2003 Server and 7 more | 2025-04-09 | 6.5 Medium |
| Microsoft Internet Explorer 6.0.2900 SP2 and earlier allows remote attackers to cause a denial of service (crash) via a table element with a CSS attribute that sets the position, which triggers an "unhandled exception" in mshtml.dll. | ||||
| CVE-2007-0219 | 1 Microsoft | 5 Ie, Internet Explorer, Windows 2000 and 2 more | 2025-04-09 | N/A |
| Microsoft Internet Explorer 5.01, 6, and 7 uses certain COM objects from (1) Msb1fren.dll, (2) Htmlmm.ocx, and (3) Blnmgrps.dll as ActiveX controls, which allows remote attackers to execute arbitrary code via unspecified vectors, a different issue than CVE-2006-4697. | ||||
| CVE-2007-0026 | 1 Microsoft | 3 Windows 2000, Windows 2003 Server, Windows Xp | 2025-04-09 | N/A |
| The OLE Dialog component in Microsoft Windows 2000 SP4, XP SP2, and 2003 SP1 allows user-assisted remote attackers to execute arbitrary code via an RTF file with a malformed OLE object that triggers memory corruption. | ||||
| CVE-2006-5584 | 1 Microsoft | 1 Windows 2000 | 2025-04-09 | N/A |
| The Remote Installation Service (RIS) in Microsoft Windows 2000 SP4 uses a TFTP server that allows anonymous access, which allows remote attackers to upload and overwrite arbitrary files to gain privileges on systems that use RIS. | ||||
| CVE-2006-4691 | 1 Microsoft | 2 Windows 2000, Windows Xp | 2025-04-09 | N/A |
| Stack-based buffer overflow in the NetpManageIPCConnect function in the Workstation service (wkssvc.dll) in Microsoft Windows 2000 SP4 and XP SP2 allows remote attackers to execute arbitrary code via NetrJoinDomain2 RPC messages with a long hostname. | ||||
| CVE-2009-3675 | 1 Microsoft | 3 Windows 2000, Windows 2003 Server, Windows Xp | 2025-04-09 | N/A |
| LSASS.exe in the Local Security Authority Subsystem Service (LSASS) in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote authenticated users to cause a denial of service (CPU consumption) via a malformed ISAKMP request over IPsec, aka "Local Security Authority Subsystem Service Resource Exhaustion Vulnerability." | ||||
| CVE-2006-6261 | 2 Microsoft, Quinnware | 7 Windows 2000, Windows 95, Windows 98 and 4 more | 2025-04-09 | N/A |
| Buffer overflow in Quintessential Player 4.50.1.82 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted (1) M3u or (2) M3u-8 file; or a (3) crafted PLS file with a long value in the (a) NumberofEntries, (b) Length (aka Length1), (c) Filename (aka File1), (d) Title (aka Title1) field, or other unspecified fields. | ||||
| CVE-2007-0041 | 1 Microsoft | 5 .net Framework, Windows 2000, Windows 2003 Server and 2 more | 2025-04-09 | N/A |
| The PE Loader service in Microsoft .NET Framework 1.0, 1.1, and 2.0 for Windows 2000, XP, Server 2003, and Vista allows remote attackers to execute arbitrary code via unspecified vectors involving an "unchecked buffer" and unvalidated message lengths, probably a buffer overflow. | ||||
| CVE-2008-1087 | 1 Microsoft | 5 Windows-nt, Windows 2000, Windows 2003 Server and 2 more | 2025-04-09 | N/A |
| Stack-based buffer overflow in GDI in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, Vista, and Server 2008 allows remote attackers to execute arbitrary code via an EMF image file with crafted filename parameters, aka "GDI Stack Overflow Vulnerability." | ||||
| CVE-2009-4310 | 2 Microsoft, Windows | 4 Windows 2000, Windows 2003 Server, Windows Xp and 1 more | 2025-04-09 | N/A |
| Stack-based buffer overflow in the Intel Indeo41 codec for Windows Media Player in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to execute arbitrary code via crafted compressed video data in an IV41 stream in a media file, leading to many loop iterations, as demonstrated by data in an AVI file. | ||||
| CVE-2009-0568 | 1 Microsoft | 6 Windows 2000, Windows 2003 Server, Windows Server and 3 more | 2025-04-09 | N/A |
| The RPC Marshalling Engine (aka NDR) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 does not properly maintain its internal state, which allows remote attackers to overwrite arbitrary memory locations via a crafted RPC message that triggers incorrect pointer reading, related to "IDL interfaces containing a non-conformant varying array" and FC_SMVARRAY, FC_LGVARRAY, FC_VARIABLE_REPEAT, and FC_VARIABLE_OFFSET, aka "RPC Marshalling Engine Vulnerability." | ||||
| CVE-2008-3010 | 1 Microsoft | 5 Windows 2000, Windows 2003 Server, Windows Media Player and 2 more | 2025-04-09 | N/A |
| Microsoft Windows Media Player 6.4, Windows Media Format Runtime 7.1 through 11, and Windows Media Services 4.1 and 9 incorrectly associate ISATAP addresses with the Local Intranet zone, which allows remote servers to capture NTLM credentials, and execute arbitrary code through credential-reflection attacks, by sending an authentication request, aka "ISATAP Vulnerability." | ||||
| CVE-2009-2519 | 1 Microsoft | 3 Windows 2000, Windows Server 2003, Windows Xp | 2025-04-09 | N/A |
| The DHTML Editing Component ActiveX control in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 does not properly format HTML markup, which allows remote attackers to execute arbitrary code via a crafted web site that triggers "system state" corruption, aka "DHTML Editing Component ActiveX Control Vulnerability." | ||||
| CVE-2008-3009 | 1 Microsoft | 8 Windows 2000, Windows Media Format Runtime, Windows Media Player and 5 more | 2025-04-09 | N/A |
| Microsoft Windows Media Player 6.4, Windows Media Format Runtime 7.1 through 11, and Windows Media Services 4.1, 9, and 2008 do not properly use the Service Principal Name (SPN) identifier when validating replies to authentication requests, which allows remote servers to execute arbitrary code via vectors that employ NTLM credential reflection, aka "SPN Vulnerability." | ||||
| CVE-2009-2523 | 1 Microsoft | 1 Windows 2000 | 2025-04-09 | N/A |
| The License Logging Server (llssrv.exe) in Microsoft Windows 2000 SP4 allows remote attackers to execute arbitrary code via an RPC message containing a string without a null terminator, which triggers a heap-based buffer overflow in the LlsrLicenseRequestW method, aka "License Logging Server Heap Overflow Vulnerability." | ||||
| CVE-2009-3023 | 1 Microsoft | 6 Internet Information Server, Windows 2000, Windows Server 2003 and 3 more | 2025-04-09 | N/A |
| Buffer overflow in the FTP Service in Microsoft Internet Information Services (IIS) 5.0 through 6.0 allows remote authenticated users to execute arbitrary code via a crafted NLST (NAME LIST) command that uses wildcards, leading to memory corruption, aka "IIS FTP Service RCE and DoS Vulnerability." | ||||
| CVE-2009-1530 | 1 Microsoft | 6 Internet Explorer, Windows 2000, Windows Server 2003 and 3 more | 2025-04-09 | N/A |
| Use-after-free vulnerability in Microsoft Internet Explorer 7 for Windows XP SP2 and SP3; 7 for Server 2003 SP2; 7 for Vista Gold, SP1, and SP2; and 7 for Server 2008 SP2 allows remote attackers to execute arbitrary code by repeatedly adding HTML document nodes and calling event handlers, which triggers an access of an object that (1) was not properly initialized or (2) is deleted, aka "HTML Objects Memory Corruption Vulnerability." | ||||
| CVE-2007-0218 | 1 Microsoft | 5 Internet Explorer, Windows 2000, Windows 2003 Server and 2 more | 2025-04-09 | N/A |
| Microsoft Internet Explorer 5.01 and 6 allows remote attackers to execute arbitrary code by instantiating certain COM objects from Urlmon.dll, which triggers memory corruption during a call to the IObjectSafety function. | ||||
| CVE-2009-0233 | 1 Microsoft | 3 Windows 2000, Windows Server 2003, Windows Server 2008 | 2025-04-09 | N/A |
| The DNS Resolver Cache Service (aka DNSCache) in Windows DNS Server in Microsoft Windows 2000 SP4, Server 2003 SP1 and SP2, and Server 2008, when dynamic updates are enabled, does not reuse cached DNS responses in all applicable situations, which makes it easier for remote attackers to predict transaction IDs and poison caches by simultaneously sending crafted DNS queries and responses, aka "DNS Server Query Validation Vulnerability." | ||||
| CVE-2008-2326 | 2 Apple, Microsoft | 6 Bonjour, Windows-nt, Windows 2000 and 3 more | 2025-04-09 | N/A |
| mDNSResponder in the Bonjour Namespace Provider in Apple Bonjour for Windows before 1.0.5 allows attackers to cause a denial of service (NULL pointer dereference and application crash) by resolving a crafted .local domain name that contains a long label. | ||||