Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Windows_2000
(Microsoft)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 516 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2006-05-10 | CVE-2006-1184 | Microsoft Distributed Transaction Coordinator (MSDTC) for Windows NT 4.0, 2000 SP4, XP SP1 and SP2, and Server 2003 allows remote attackers to cause a denial of service (crash) via a BuildContextW request with a large (1) UuidString or (2) GuidIn of a certain length, which causes an out-of-range memory access, aka the MSDTC Denial of Service Vulnerability. NOTE: this is a variant of CVE-2005-2119. | Distributed_transaction_coordinator, Windows_2000, Windows_2003_server, Windows_nt, Windows_xp | N/A | ||
| 2006-01-09 | CVE-2006-0143 | Microsoft Windows Graphics Rendering Engine (GRE) allows remote attackers to corrupt memory and cause a denial of service (crash) via a WMF file containing (1) ExtCreateRegion or (2) ExtEscape function calls with arguments with inconsistent lengths. | Windows_2000, Windows_2003_server, Windows_98, Windows_98se, Windows_me, Windows_xp | N/A | ||
| 2006-05-10 | CVE-2006-0034 | Heap-based buffer overflow in the CRpcIoManagerServer::BuildContext function in msdtcprx.dll for Microsoft Distributed Transaction Coordinator (MSDTC) for Windows NT 4.0 and Windows 2000 SP2 and SP3 allows remote attackers to execute arbitrary code via a long fifth argument to the BuildContextW or BuildContext opcode, which triggers a bug in the NdrAllocate function, aka the MSDTC Invalid Memory Access Vulnerability. | Distributed_transaction_coordinator, Windows_2000, Windows_2003_server, Windows_nt, Windows_xp | N/A | ||
| 2006-09-12 | CVE-2006-0032 | Cross-site scripting (XSS) vulnerability in the Indexing Service in Microsoft Windows 2000, XP, and Server 2003, when the Encoding option is set to Auto Select, allows remote attackers to inject arbitrary web script or HTML via a UTF-7 encoded URL, which is injected into an error message whose charset is set to UTF-7. | Windows_2000, Windows_2003_server, Windows_xp | N/A | ||
| 2006-04-12 | CVE-2006-0012 | Unspecified vulnerability in Windows Explorer in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allows remote attackers to execute arbitrary code via attack vectors involving COM objects and "crafted files and directories," aka the "Windows Shell Vulnerability." | Windows_2000, Windows_2003_server, Windows_98, Windows_98se, Windows_me, Windows_xp | N/A | ||
| 2006-01-10 | CVE-2006-0010 | Heap-based buffer overflow in T2EMBED.DLL in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 up to SP1, Windows 98, and Windows ME allows remote attackers to execute arbitrary code via an e-mail message or web page with a crafted Embedded Open Type (EOT) web font that triggers the overflow during decompression. | Windows_2000, Windows_2003_server, Windows_98, Windows_98se, Windows_me, Windows_nt, Windows_xp | N/A | ||
| 2006-02-14 | CVE-2006-0005 | Buffer overflow in the plug-in for Microsoft Windows Media Player (WMP) 9 and 10, when used in browsers other than Internet Explorer and set as the default application to handle media files, allows remote attackers to execute arbitrary code via HTML with an EMBED element containing a long src attribute. | Windows\-Nt, Windows_2000, Windows_2000_advanced_server, Windows_2003_server, Windows_server_2000, Windows_server_2003, Windows_xp | N/A | ||
| 2005-12-01 | CVE-2005-3945 | The SynAttackProtect protection in Microsoft Windows 2003 before SP1 and Windows 2000 before SP4 with Update Roll-up uses a hash of predictable data, which allows remote attackers to cause a denial of service (CPU consumption) via a flood of SYN packets that produce identical hash values, which slows down the hash table lookups. | Windows_2000, Windows_2003_server | N/A | ||
| 2005-11-17 | CVE-2005-3644 | PNP_GetDeviceList (upnp_getdevicelist) in UPnP for Microsoft Windows 2000 SP4 and earlier, and possibly Windows XP SP1 and earlier, allows remote attackers to cause a denial of service (memory consumption) via a DCE RPC request that specifies a large output buffer size, a variant of CVE-2006-6296, and a different vulnerability than CVE-2005-2120. | Windows_2000, Windows_xp | N/A | ||
| 2005-12-14 | CVE-2005-2827 | The thread termination routine in the kernel for Windows NT 4.0 and 2000 (NTOSKRNL.EXE) allows local users to modify kernel memory and execution flow via steps in which a terminating thread causes Asynchronous Procedure Call (APC) entries to free the wrong data, aka the "Windows Kernel Vulnerability." | Windows_2000, Windows_nt | N/A |