Product:

Windows_2000

(Microsoft)
Repositories

Unknown:

This might be proprietary software.
#Vulnerabilities 516
Date Id Summary Products Score Patch Annotated
2005-01-10 CVE-2004-0894 LSASS (Local Security Authority Subsystem Service) of Windows 2000 Server and Windows Server 2003 does not properly validate connection information, which allows local users to gain privileges via a specially-designed program. Windows_2000, Windows_2003_server, Windows_xp N/A
2005-01-10 CVE-2004-0893 The Local Procedure Call (LPC) interface of the Windows Kernel for Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 does not properly validate the lengths of messages sent to the LPC port, which allows local users to gain privileges, aka "Windows Kernel Vulnerability." Windows_2000, Windows_2003_server, Windows_nt, Windows_xp N/A
2004-07-27 CVE-2004-0726 The Windows Media Player control in Microsoft Windows 2000 allows remote attackers to execute arbitrary script in the local computer zone via an ASX filename that contains javascript, which is executed in the local context in a preview panel. Windows_2000 N/A
2005-01-10 CVE-2004-0571 Microsoft Word for Windows 6.0 Converter does not properly validate certain data lengths, which allows remote attackers to execute arbitrary code via a .wri, .rtf, and .doc file sent by email or malicious web site, aka "Table Conversion Vulnerability," a different vulnerability than CVE-2004-0901. Windows_2000, Windows_2003_server, Windows_98, Windows_98se, Windows_me, Windows_nt, Windows_xp N/A
2005-01-10 CVE-2004-0568 HyperTerminal application for Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 does not properly validate the length of a value that is saved in a session file, which allows remote attackers to execute arbitrary code via a malicious HyperTerminal session file (.ht), web site, or Telnet URL contained in an e-mail message, triggering a buffer overflow. Windows_2000, Windows_2003_server, Windows_nt, Windows_xp N/A
2004-12-31 CVE-2004-0567 The Windows Internet Naming Service (WINS) in Windows NT Server 4.0 SP 6a, NT Terminal Server 4.0 SP 6, Windows 2000 Server SP3 and SP4, and Windows Server 2003 does not properly validate the computer name value in a WINS packet, which allows remote attackers to execute arbitrary code or cause a denial of service (server crash), which results in an "unchecked buffer" and possibly triggers a buffer overflow, aka the "Name Validation Vulnerability." Windows_2000, Windows_2003_server, Windows_nt N/A
2004-08-06 CVE-2004-0212 Stack-based buffer overflow in the Task Scheduler for Windows 2000 and XP, and Internet Explorer 6 on Windows NT 4.0, allows local or remote attackers to execute arbitrary code via a .job file containing long parameters, as demonstrated using Internet Explorer and accessing a .job file on an anonymous share. Definity_one_media_server, Ip600_media_servers, Modular_messaging_message_storage_server, S8100, Ie, Windows_2000, Windows_nt, Windows_xp N/A
2004-08-06 CVE-2004-0202 IDirectPlay4 Application Programming Interface (API) of Microsoft DirectPlay 7.0a thru 9.0b, as used in Windows Server 2003 and earlier allows remote attackers to cause a denial of service (application crash) via a malformed packet. Directx, Windows_2000, Windows_2003_server, Windows_98, Windows_98se, Windows_me, Windows_xp N/A
2004-08-06 CVE-2004-0201 Heap-based buffer overflow in the HtmlHelp program (hh.exe) in HTML Help for Microsoft Windows 98, Me, NT 4.0, 2000, XP, and Server 2003 allows remote attackers to execute arbitrary commands via a .CHM file with a large length field, a different vulnerability than CVE-2003-1041. Definity_one_media_server, Ip600_media_servers, Modular_messaging_message_storage_server, S8100, Windows_2000, Windows_2003_server, Windows_98, Windows_98se, Windows_me, Windows_nt, Windows_xp N/A
2003-12-31 CVE-2003-1448 Memory leak in the Windows 2000 kernel allows remote attackers to cause a denial of service (SMB request hang) via a NetBIOS continuation packet. Windows_2000 N/A