Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Microsoft Subscribe
Filtered by product Windows 2000
Total 632 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2007-2186 2 Foxit, Microsoft 9 Pdf Reader, Windows 2000, Windows 2003 Server and 6 more 2017-10-10 5.0 MEDIUM N/A
Foxit Reader 2.0 allows remote attackers to cause a denial of service (application crash) via a crafted PDF document.
CVE-2007-1912 1 Microsoft 4 Windows 2000, Windows 2003 Server, Windows Nt and 1 more 2017-10-10 6.8 MEDIUM N/A
Heap-based buffer overflow in Microsoft Windows allows user-assisted remote attackers to have an unknown impact via a crafted .HLP file.
CVE-2007-1347 1 Microsoft 3 Windows 2000, Windows Explorer, Windows Xp 2017-10-10 7.1 HIGH N/A
Microsoft Windows Explorer on Windows 2000 SP4 FR and XP SP2 FR, and possibly other versions and platforms, allows remote attackers to cause a denial of service (memory corruption and crash) via an Office file with crafted document summary information, which causes an error in Ole32.dll.
CVE-2007-1645 2 Futuresoft, Microsoft 2 Tftp Server 2000, Windows 2000 2017-10-10 10.0 HIGH N/A
Buffer overflow in FutureSoft TFTP Server 2000 on Microsoft Windows 2000 SP4 allows remote attackers to execute arbitrary code via a long request on UDP port 69. NOTE: this issue might overlap CVE-2006-4781 or CVE-2005-1812.
CVE-2006-7210 1 Microsoft 3 Windows 2000, Windows 2003 Server, Windows Xp 2017-10-10 5.0 MEDIUM N/A
Microsoft Windows 2000, XP, and Server 2003 allows remote attackers to cause a denial of service (cpu consumption) via a PNG image with crafted (1) Width and (2) Height values in the IHDR block.
CVE-2001-0860 1 Microsoft 2 Windows 2000, Windows Xp 2017-10-09 7.5 HIGH N/A
Terminal Services Manager MMC in Windows 2000 and XP trusts the Client Address (IP address) that is provided by the client instead of obtaining it from the packet headers, which allows clients to spoof their public IP address, e.g. through a Network Address Translation (NAT).
CVE-2001-0373 1 Microsoft 2 Windows 2000, Windows Nt 2017-10-09 2.1 LOW N/A
The default configuration of the Dr. Watson program in Windows NT and Windows 2000 generates user.dmp crash dump files with world-readable permissions, which could allow a local user to gain access to sensitive information.
CVE-2000-1111 1 Microsoft 1 Windows 2000 2017-10-09 5.0 MEDIUM N/A
Telnet Service for Windows 2000 Professional does not properly terminate incomplete connection attempts, which allows remote attackers to cause a denial of service by connecting to the server and not providing any input.
CVE-2000-0790 1 Microsoft 3 Windows 2000, Windows 98, Windows 98se 2017-10-09 4.6 MEDIUM N/A
The web-based folder display capability in Microsoft Internet Explorer 5.5 on Windows 98 allows local users to insert Trojan horse programs by modifying the Folder.htt file and using the InvokeVerb method in the ShellDefView ActiveX control to specify a default execute option for the first file that is listed in the folder.
CVE-2000-0298 1 Microsoft 1 Windows 2000 2017-10-09 7.2 HIGH N/A
The unattended installation of Windows 2000 with the OEMPreinstall option sets insecure permissions for the All Users and Default Users directories.
CVE-2001-0951 1 Microsoft 1 Windows 2000 2017-10-09 5.0 MEDIUM N/A
Windows 2000 allows remote attackers to cause a denial of service (CPU consumption) by flooding Internet Key Exchange (IKE) UDP port 500 with packets that contain a large number of dot characters.
CVE-2009-4313 1 Microsoft 3 Windows 2000, Windows 2003 Server, Windows Xp 2017-09-18 9.3 HIGH N/A
ir32_32.dll 3.24.15.3 in the Indeo32 codec in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to cause a denial of service (heap corruption) or execute arbitrary code via malformed data in a stream in a media file, as demonstrated by an AVI file.
CVE-2009-4312 1 Microsoft 3 Windows 2000, Windows 2003 Server, Windows Xp 2017-09-18 9.3 HIGH N/A
Unspecified vulnerability in the Indeo codec in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to execute arbitrary code via crafted media content, as reported to Microsoft by Dave Lenoe of Adobe.
CVE-2009-4311 1 Microsoft 3 Windows 2000, Windows 2003 Server, Windows Xp 2017-09-18 9.3 HIGH N/A
Unspecified vulnerability in the Indeo codec in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to execute arbitrary code via crafted media content, as reported to Microsoft by Paul Byrne of NGS Software. NOTE: this might overlap CVE-2008-3615.
CVE-2012-3324 2 Ibm, Microsoft 8 Db2, Db2 Connect, Windows 2000 and 5 more 2017-08-28 9.0 HIGH N/A
Directory traversal vulnerability in the UTL_FILE module in IBM DB2 and DB2 Connect 10.1 before FP1 on Windows allows remote authenticated users to modify, delete, or read arbitrary files via a pathname in the file field.
CVE-2010-0719 1 Microsoft 6 Windows 2000, Windows 2003 Server, Windows 7 and 3 more 2017-08-16 4.7 MEDIUM N/A
An unspecified API in Microsoft Windows 2000, Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, and Windows 7 does not validate arguments, which allows local users to cause a denial of service (system crash) via a crafted application.
CVE-2003-1544 1 Microsoft 1 Windows 2000 2017-08-07 6.8 MEDIUM N/A
Unrestricted critical resource lock in Terminal Services for Windows 2000 before SP4 and Windows XP allows remote authenticated users to cause a denial of service (reboot) by obtaining a read lock on msgina.dll, which prevents msgina.dll from being loaded.
CVE-2007-1945 5 Hp, Ibm, Linux and 2 more 9 Hp-ux, Aix, I5os and 6 more 2017-07-28 7.5 HIGH N/A
Unspecified vulnerability in the Servlet Engine/Web Container in IBM WebSphere Application Server (WAS) before 6.1.0.7 has unknown impact and attack vectors.
CVE-2007-1692 1 Microsoft 2 Windows 2000, Windows 2003 Server 2017-07-28 7.5 HIGH N/A
The default configuration of Microsoft Windows uses the Web Proxy Autodiscovery Protocol (WPAD) without static WPAD entries, which might allow remote attackers to intercept web traffic by registering a proxy server using WINS or DNS, then responding to WPAD requests, as demonstrated using Internet Explorer. NOTE: it could be argued that if an attacker already has control over WINS/DNS, then web traffic could already be intercepted by modifying WINS or DNS records, so this would not cross privilege boundaries and would not be a vulnerability. It has also been reported that DHCP is an alternate attack vector.
CVE-2007-1727 4 Hp, Linux, Microsoft and 1 more 7 Hp-ux, Openview Network Node Manager, Linux Kernel and 4 more 2017-07-28 6.5 MEDIUM N/A
Unspecified vulnerability in HP OpenView Network Node Manager (OV NNM) 6.20, 6.4x, 7.01, 7.50, and 7.51 allows remote authenticated users to access certain privileged "facilities" via unspecified vectors.