Product:

Windows_2000

(Microsoft)
Repositories

Unknown:

This might be proprietary software.

#Vulnerabilities 516
Date Id Summary Products Score Patch Annotated
2005-10-06 CVE-2005-3170 The LDAP client on Microsoft Windows 2000 before Update Rollup 1 for SP4 accepts certificates using LDAP Secure Sockets Layer (LDAPS) even when the Certificate Authority (CA) is not trusted, which could allow attackers to trick users into believing that they are accessing a trusted site. Windows_2000 N/A
2002-10-04 CVE-2002-0862 The (1) CertGetCertificateChain, (2) CertVerifyCertificateChainPolicy, and (3) WinVerifyTrust APIs within the CryptoAPI for Microsoft products including Microsoft Windows 98 through XP, Office for Mac, Internet Explorer for Mac, and Outlook Express for Mac, do not properly verify the Basic Constraints of intermediate CA-signed X.509 certificates, which allows remote attackers to spoof the certificates of trusted sites via a man-in-the-middle attack for SSL sessions, as originally reported... Internet_explorer, Office, Outlook_express, Windows_2000, Windows_98, Windows_98se, Windows_me, Windows_nt, Windows_xp N/A
2007-04-04 CVE-2007-1213 The TrueType Fonts rasterizer in Microsoft Windows 2000 SP4 allows local users to gain privileges via crafted TrueType fonts, which result in an uninitialized function pointer. Windows_2000 N/A
2009-11-11 CVE-2009-2523 The License Logging Server (llssrv.exe) in Microsoft Windows 2000 SP4 allows remote attackers to execute arbitrary code via an RPC message containing a string without a null terminator, which triggers a heap-based buffer overflow in the LlsrLicenseRequestW method, aka "License Logging Server Heap Overflow Vulnerability." Windows_2000 N/A
2002-08-12 CVE-2002-0391 Integer overflow in xdr_array function in RPC servers for operating systems that use libc, glibc, or other code based on SunRPC including dietlibc, allows remote attackers to execute arbitrary code by passing a large number of arguments to xdr_array through RPC services such as rpc.cmsd and dmispd. Freebsd, Windows_2000, Windows_nt, Windows_xp, Openbsd, Solaris, Sunos 9.8
2000-04-14 CVE-2000-1218 The default configuration for the domain name resolver for Microsoft Windows 98, NT 4.0, 2000, and XP sets the QueryIpMatching parameter to 0, which causes Windows to accept DNS updates from hosts that it did not query, which allows remote attackers to poison the DNS cache. Windows_2000, Windows_98, Windows_98se, Windows_nt, Windows_xp 9.8
2001-08-31 CVE-2001-1452 By default, DNS servers on Windows NT 4.0 and Windows 2000 Server cache glue records received from non-delegated name servers, which allows remote attackers to poison the DNS cache via spoofed DNS responses. Windows_2000, Windows_nt 7.5
2002-04-04 CVE-2002-0051 Windows 2000 allows local users to prevent the application of new group policy settings by opening Group Policy files with exclusive-read access. Windows_2000 7.8
2009-07-15 CVE-2009-0231 The Embedded OpenType (EOT) Font Engine (T2EMBED.DLL) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a crafted name table in a data record that triggers an integer truncation and a heap-based buffer overflow, aka "Embedded OpenType Font Heap Overflow Vulnerability." Windows_2000, Windows_server_2003, Windows_server_2008, Windows_vista, Windows_xp 8.8
2001-07-16 CVE-2001-1238 Task Manager in Windows 2000 does not allow local users to end processes with uppercase letters named (1) winlogon.exe, (2) csrss.exe, (3) smss.exe and (4) services.exe via the Process tab which could allow local users to install Trojan horses that cannot be stopped with the Task Manager. Windows_2000 7.8