CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Microsoft » Windows 2000 : Security Vulnerabilities (CVSS score between 4 and 4.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2010-4562 200 +Info 2012-02-02 2012-02-03
4.3
None Remote Medium Not required Partial None None
Microsoft Windows 2008, 7, Vista, 2003, 2000, and XP, when using IPv6, allows remote attackers to determine whether a host is sniffing the network by sending an ICMPv6 Echo Request to a multicast address and determining whether an Echo Reply is sent, as demonstrated by thcping. NOTE: due to a typo, some sources map CVE-2010-4562 to a ProFTPd mod_sql vulnerability, but that issue is covered by CVE-2010-4652.
2 CVE-2010-1735 20 DoS 2010-05-06 2010-05-11
4.9
None Local Low Not required None None Complete
The SfnLOGONNOTIFY function in win32k.sys in the kernel in Microsoft Windows 2000, XP, and Server 2003 allows local users to cause a denial of service (system crash) via a 0x4c value in the second argument (aka the Msg argument) of a PostMessage function call for the DDEMLEvent window.
3 CVE-2010-1734 20 DoS 2010-05-06 2010-05-11
4.9
None Local Low Not required None None Complete
The SfnINSTRING function in win32k.sys in the kernel in Microsoft Windows 2000, XP, and Server 2003 allows local users to cause a denial of service (system crash) via a 0x18d value in the second argument (aka the Msg argument) of a PostMessage function call for the DDEMLEvent window.
4 CVE-2010-0719 20 DoS 2010-02-26 2010-06-05
4.7
None Local Medium Not required None None Complete
An unspecified API in Microsoft Windows 2000, Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, and Windows 7 does not validate arguments, which allows local users to cause a denial of service (system crash) via a crafted application.
5 CVE-2010-0494 200 XSS Bypass +Info 2010-03-31 2012-09-14
4.3
None Remote Medium Not required Partial None None
Cross-domain vulnerability in Microsoft Internet Explorer 6, 6 SP1, 7, and 8 allows user-assisted remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via a crafted HTML document in a situation where the client user drags one browser window across another browser window, aka "HTML Element Cross-Domain Vulnerability."
6 CVE-2010-0488 200 Bypass +Info 2010-03-31 2010-08-21
4.3
None Remote Medium Not required Partial None None
Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, and 7 does not properly handle unspecified "encoding strings," which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site, aka "Post Encoding Information Disclosure Vulnerability."
7 CVE-2010-0238 20 DoS 2010-04-14 2010-08-21
4.9
None Local Low Not required None None Complete
Unspecified vulnerability in registry-key validation in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, and Vista Gold allows local users to cause a denial of service (reboot) via a crafted application, aka "Windows Kernel Registry Key Vulnerability."
8 CVE-2010-0235 20 DoS 2010-04-14 2010-08-21
4.7
None Local Medium Not required None None Complete
The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, and Vista Gold does not perform the expected validation before creating a symbolic link, which allows local users to cause a denial of service (reboot) via a crafted application, aka "Windows Kernel Symbolic Link Value Vulnerability."
9 CVE-2010-0234 20 DoS 2010-04-14 2010-08-21
4.7
None Local Medium Not required None None Complete
The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 does not properly validate a registry-key argument to an unspecified system call, which allows local users to cause a denial of service (reboot) via a crafted application, aka "Windows Kernel Null Pointer Vulnerability."
10 CVE-2009-0229 200 +Info 2009-06-10 2010-08-21
4.9
None Local Low Not required Complete None None
The Windows Printing Service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 allows local users to read arbitrary files via a crafted separator page, aka "Print Spooler Read File Vulnerability."
11 CVE-2007-0843 264 Bypass 2007-02-22 2011-06-16
4.6
User Local Low Not required Partial Partial Partial
The ReadDirectoryChangesW API function on Microsoft Windows 2000, XP, Server 2003, and Vista does not check permissions for child objects, which allows local users to bypass permissions by opening a directory with LIST (READ) access and using ReadDirectoryChangesW to monitor changes of files that do not have LIST permissions, which can be leveraged to determine filenames, access times, and other sensitive information.
12 CVE-2006-2380 287 2006-06-13 2008-09-05
4.3
None Remote Medium Not required None Partial None
Microsoft Windows 2000 SP4 does not properly validate an RPC server during mutual authentication over SSL, which allows remote attackers to spoof an RPC server, aka the "RPC Mutual Authentication Vulnerability."
13 CVE-2006-0032 79 XSS 2006-09-12 2008-09-05
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the Indexing Service in Microsoft Windows 2000, XP, and Server 2003, when the Encoding option is set to Auto Select, allows remote attackers to inject arbitrary web script or HTML via a UTF-7 encoded URL, which is injected into an error message whose charset is set to UTF-7.
14 CVE-2005-3981 2005-12-04 2008-09-05
4.9
None Local Low Not required None None Complete
** DISPUTED ** NOTE: this issue has been disputed by third parties. Microsoft Windows XP, 2000, and 2003 allows local users to kill a writable process by using the CreateRemoteThread function with certain arguments on a process that has been opened using the OpenProcess function, possibly involving an invalid address for the start routine. NOTE: followup posts have disputed this issue, saying that if a user already has privileges to write to a process, then other functions could be called or the process could be terminated using PROCESS_TERMINATE.
15 CVE-2005-3177 2005-10-06 2008-09-05
4.6
None Local Low Not required Partial Partial Partial
CHKDSK in Microsoft Windows 2000 before Update Rollup 1 for SP4, Windows XP, and Windows Server 2003, when running in fix mode, does not properly handle security descriptors if the master file table contains a large number of files or if the descriptors do not satisfy certain NTFS conventions, which could cause ACLs for some files to be reverted to less secure defaults, or cause security descriptors to be removed.
16 CVE-2005-3174 2005-10-06 2008-09-05
4.6
None Local Low Not required Partial Partial Partial
Microsoft Windows 2000 before Update Rollup 1 for SP4 allows users to log on to the domain, even when their password has expired, if the fully qualified domain name (FQDN) is 8 characters long.
17 CVE-2005-3173 Bypass 2005-10-06 2008-09-05
4.6
None Local Low Not required Partial Partial Partial
Microsoft Windows 2000 before Update Rollup 1 for SP4 does not apply group policies if the user logs on using UPN credentials with a trailing dot, which prevents Windows 2000 from finding the correct domain controller and could allow the user to bypass intended restrictions.
18 CVE-2005-3171 2005-10-06 2008-09-05
4.6
None Local Low Not required Partial Partial Partial
Microsoft Windows 2000 before Update Rollup 1 for SP4 records Event ID 1704 to indicate that Group Policy security settings were successfully updated, even when the processing fails such as when Ntuser.pol cannot be accessed, which could cause system administrators to believe that the system is compliant with the specified settings.
19 CVE-2003-0350 Exec Code 2003-08-18 2008-09-10
4.6
User Local Low Not required Partial Partial Partial
The control for listing accessibility options in the Accessibility Utility Manager on Windows 2000 (ListView) does not properly handle Windows messages, which allows local users to execute arbitrary code via a "Shatter" style message to the Utility Manager that references a user-controlled callback function.
20 CVE-2003-0112 Overflow +Priv 2003-05-12 2008-09-10
4.6
User Local Low Not required Partial Partial Partial
Buffer overflow in Windows Kernel allows local users to gain privileges by causing certain error messages to be passed to a debugger.
21 CVE-2002-1700 79 XSS 2002-12-31 2014-04-15
4.3
None Remote Medium Not required None Partial None
Cross-site scripting vulnerability (XSS) in the missing template handler in Macromedia ColdFusion MX allows remote attackers to execute arbitrary script as other users by injecting script into the HTTP request for the name of a template, which is not filtered in the resulting 404 error message.
22 CVE-2002-1230 Exec Code 2002-11-04 2008-09-10
4.6
User Local Low Not required Partial Partial Partial
NetDDE Agent on Windows NT 4.0, 4.0 Terminal Server Edition, Windows 2000, and Windows XP allows local users to execute arbitrary code as LocalSystem via "shatter" style attack by sending a WM_COPYDATA message followed by a WM_TIMER message, as demonstrated by GetAd, aka "Flaw in Windows WM_TIMER Message Handling Could Enable Privilege Elevation."
23 CVE-2002-1184 +Priv 2002-11-12 2008-09-10
4.6
User Local Low Not required Partial Partial Partial
The system root folder of Microsoft Windows 2000 has default permissions of Everyone group with Full access (Everyone:F) and is in the search path when locating programs during login or application launch from the desktop, which could allow attackers to gain privileges as other users via Trojan horse programs.
24 CVE-2002-0725 2002-09-05 2008-09-10
4.6
User Local Low Not required Partial Partial Partial
NTFS file system in Windows NT 4.0 and Windows 2000 SP2 allows local attackers to hide file usage activities via a hard link to the target file, which causes the link to be recorded in the audit trail instead of the target file.
25 CVE-2002-0443 Bypass 2002-07-26 2008-09-05
4.6
User Local Low Not required Partial Partial Partial
Microsoft Windows 2000 allows local users to bypass the policy that prohibits reusing old passwords by changing the current password before it expires, which does not enable the check for previous passwords.
26 CVE-2002-0051 2002-04-04 2008-09-05
4.6
User Local Low Not required Partial Partial Partial
Windows 2000 allows local users to prevent the application of new group policy settings by opening Group Policy files with exclusive-read access.
27 CVE-2002-0034 2004-02-03 2008-09-10
4.6
User Local Low Not required Partial Partial Partial
The Microsoft CONVERT.EXE program, when used on Windows 2000 and Windows XP systems, does not apply the default NTFS permissions when converting a FAT32 file system, which could cause the conversion to produce a file system with less secure permissions than expected.
28 CVE-2001-1347 DoS +Priv 2001-05-24 2008-09-05
4.6
User Local Low Not required Partial Partial Partial
Windows 2000 allows local users to cause a denial of service and possibly gain privileges by setting a hardware breakpoint that is handled using global debug registers, which could cause other processes to terminate due to an exception, and allow hijacking of resources such as named pipes.
29 CVE-2001-1238 2001-07-16 2008-09-05
4.6
User Local Low Not required Partial Partial Partial
Task Manager in Windows 2000 does not allow local users to end processes with uppercase letters named (1) winlogon.exe, (2) csrss.exe, (3) smss.exe and (4) services.exe via the Process tab which could allow local users to install Trojan horses that cannot be stopped with the Task Manager.
30 CVE-2001-0502 2001-07-21 2008-09-05
4.6
User Local Low Not required Partial Partial Partial
Running Windows 2000 LDAP Server over SSL, a function does not properly check the permissions of a user request when the directory principal is a domain user and the data attribute is the domain password, which allows local users to modify the login password of other users.
31 CVE-2001-0350 Exec Code 2001-07-21 2008-09-05
4.6
None Local Low Not required Partial Partial Partial
Microsoft Windows 2000 telnet service creates named pipes with predictable names and does not properly verify them, which allows local users to execute arbitrary commands by creating a named pipe with the predictable name and associating a malicious program with it, the second of two variants of this vulnerability.
32 CVE-2001-0046 +Info 2001-02-16 2008-09-10
4.6
User Local Low Not required Partial Partial Partial
The default permissions for the SNMP Parameters registry key in Windows NT 4.0 allows remote attackers to read and possibly modify the SNMP community strings to obtain sensitive information or modify network configuration, aka one of the "Registry Permissions" vulnerabilities.
33 CVE-2000-1217 Bypass 2000-11-21 2008-09-05
4.6
None Local Low Not required Partial Partial Partial
Microsoft Windows 2000 before Service Pack 2 (SP2), when running in a non-Windows 2000 domain and using NTLM authentication, and when credentials of an account are locally cached, allows local users to bypass account lockout policies and make an unlimited number of login attempts, aka the "Domain Account Lockout" vulnerability.
34 CVE-2000-0933 +Priv 2000-12-19 2008-09-05
4.6
User Local Low Not required Partial Partial Partial
The Input Method Editor (IME) in the Simplified Chinese version of Windows 2000 does not disable access to privileged functionality that should normally be restricted, which allows local users to gain privileges, aka the "Simplified Chinese IME State Recognition" vulnerability.
35 CVE-2000-0851 Overflow +Priv 2000-11-14 2013-07-06
4.6
User Local Low Not required Partial Partial Partial
Buffer overflow in the Still Image Service in Windows 2000 allows local users to gain additional privileges via a long WM_USER message, aka the "Still Image Service Privilege Escalation" vulnerability.
36 CVE-2000-0790 2000-10-20 2008-09-05
4.6
User Local Low Not required Partial Partial Partial
The web-based folder display capability in Microsoft Internet Explorer 5.5 on Windows 98 allows local users to insert Trojan horse programs by modifying the Folder.htt file and using the InvokeVerb method in the ShellDefView ActiveX control to specify a default execute option for the first file that is listed in the folder.
37 CVE-2000-0737 +Priv 2000-10-20 2008-09-05
4.6
User Local Low Not required Partial Partial Partial
The Service Control Manager (SCM) in Windows 2000 creates predictable named pipes, which allows a local user with console access to gain administrator privileges, aka the "Service Control Manager Named Pipe Impersonation" vulnerability.
38 CVE-2000-0663 Exec Code 2000-07-25 2008-09-05
4.6
User Local Low Not required Partial Partial Partial
The registry entry for the Windows Shell executable (Explorer.exe) in Windows NT and Windows 2000 uses a relative path name, which allows local users to execute arbitrary commands by inserting a Trojan Horse named Explorer.exe into the %Systemdrive% directory, aka the "Relative Shell Path" vulnerability.
39 CVE-2000-0475 2000-06-15 2008-09-05
4.6
User Local Low Not required Partial Partial Partial
Windows 2000 allows a local user process to access another user's desktop within the same windows station, aka the "Desktop Separation" vulnerability.
40 CVE-1999-1358 Bypass 1999-12-31 2008-09-05
4.6
User Local Low Not required Partial Partial Partial
When an administrator in Windows NT or Windows 2000 changes a user policy, the policy is not properly updated if the local ntconfig.pol is not writable by the user, which could allow local users to bypass restrictions that would otherwise be enforced by the policy, possibly by changing the policy file to be read-only.
41 CVE-1999-0716 Overflow 1999-05-17 2008-09-09
4.6
User Local Low Not required Partial Partial Partial
Buffer overflow in Windows NT 4.0 help file utility via a malformed help file.
42 CVE-1999-0715 DoS Exec Code Overflow 1999-05-20 2008-09-09
4.6
User Local Low Not required Partial Partial Partial
Buffer overflow in Remote Access Service (RAS) client allows an attacker to execute commands or cause a denial of service via a malformed phonebook entry.
43 CVE-1999-0534 1997-01-01 2008-09-09
4.6
User Local Low Not required Partial Partial Partial
A Windows NT user has inappropriate rights or privileges, e.g. Act as System, Add Workstation, Backup, Change System Time, Create Pagefile, Create Permanent Object, Create Token Name, Debug, Generate Security Audit, Increase Priority, Increase Quota, Load Driver, Lock Memory, Profile Single Process, Remote Shutdown, Replace Process Token, Restore, System Environment, Take Ownership, or Unsolicited Input.
44 CVE-1999-0384 1999-01-01 2008-09-09
4.6
User Local Low Not required Partial Partial Partial
The Forms 2.0 ActiveX control (included with Visual Basic for Applications 5.0) can be used to read text from a user's clipboard when the user accesses documents with ActiveX content.
Total number of vulnerabilities : 44   Page : 1 (This Page)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.