Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Windows_2000
(Microsoft)Repositories |
Unknown: This might be proprietary software. |
#Vulnerabilities | 516 |
Date | Id | Summary | Products | Score | Patch | Annotated |
---|---|---|---|---|---|---|
2002-12-23 | CVE-2002-1258 | Two vulnerabilities in Microsoft Virtual Machine (VM) up to and including build 5.0.3805, as used in Internet Explorer and other applications, allow remote attackers to read files via a Java applet with a spoofed location in the CODEBASE parameter in the APPLET tag, possibly due to a parsing error. | Windows_2000, Windows_2000_terminal_services, Windows_95, Windows_98, Windows_98se, Windows_me, Windows_nt, Windows_xp | N/A | ||
2002-12-23 | CVE-2002-1257 | Microsoft Virtual Machine (VM) up to and including build 5.0.3805 allows remote attackers to execute arbitrary code by including a Java applet that invokes COM (Component Object Model) objects in a web site or an HTML mail. | Windows_2000, Windows_2000_terminal_services, Windows_95, Windows_98, Windows_98se, Windows_me, Windows_nt, Windows_xp | N/A | ||
2002-12-23 | CVE-2002-1256 | The SMB signing capability in the Server Message Block (SMB) protocol in Microsoft Windows 2000 and Windows XP allows attackers to disable the digital signing settings in an SMB session to force the data to be sent unsigned, then inject data into the session without detection, e.g. by modifying group policy information sent from a domain controller. | Windows_2000, Windows_2000_terminal_services, Windows_xp | N/A | ||
2002-11-04 | CVE-2002-1230 | NetDDE Agent on Windows NT 4.0, 4.0 Terminal Server Edition, Windows 2000, and Windows XP allows local users to execute arbitrary code as LocalSystem via "shatter" style attack by sending a WM_COPYDATA message followed by a WM_TIMER message, as demonstrated by GetAd, aka "Flaw in Windows WM_TIMER Message Handling Could Enable Privilege Elevation." | Windows_2000, Windows_2000_terminal_services | N/A | ||
2002-10-28 | CVE-2002-1214 | Buffer overflow in Microsoft PPTP Service on Windows XP and Windows 2000 allows remote attackers to cause a denial of service (hang) and possibly execute arbitrary code via a certain PPTP packet with malformed control data. | Windows_2000, Windows_2000_terminal_services, Windows_xp | N/A | ||
2002-11-12 | CVE-2002-1184 | The system root folder of Microsoft Windows 2000 has default permissions of Everyone group with Full access (Everyone:F) and is in the search path when locating programs during login or application launch from the desktop, which could allow attackers to gain privileges as other users via Trojan horse programs. | Windows_2000, Windows_nt | N/A | ||
2002-10-11 | CVE-2002-0864 | The Remote Data Protocol (RDP) version 5.1 in Microsoft Windows XP allows remote attackers to cause a denial of service (crash) when Remote Desktop is enabled via a PDU Confirm Active data packet that does not set the Pattern BLT command, aka "Denial of Service in Remote Desktop." | \.net_windows_server, Windows_2000, Windows_2000_terminal_services, Windows_xp | N/A | ||
2002-10-11 | CVE-2002-0863 | Remote Data Protocol (RDP) version 5.0 in Microsoft Windows 2000 and RDP 5.1 in Windows XP does not encrypt the checksums of plaintext session data, which could allow a remote attacker to determine the contents of encrypted sessions via sniffing, aka "Weak Encryption in RDP Protocol." | \.net_windows_server, Windows_2000, Windows_2000_terminal_services, Windows_nt, Windows_xp | N/A | ||
2002-09-24 | CVE-2002-0724 | Buffer overflow in SMB (Server Message Block) protocol in Microsoft Windows NT, Windows 2000, and Windows XP allows attackers to cause a denial of service (crash) via a SMB_COM_TRANSACTION packet with a request for the (1) NetShareEnum, (2) NetServerEnum2, or (3) NetServerEnum3, aka "Unchecked Buffer in Network Share Provider Can Lead to Denial of Service". | Windows_2000, Windows_nt, Windows_xp | N/A | ||
2002-09-05 | CVE-2002-0720 | A handler routine for the Network Connection Manager (NCM) in Windows 2000 allows local users to gain privileges via a complex attack that causes the handler to run in the LocalSystem context with user-specified code. | Windows_2000, Windows_2000_terminal_services | N/A |