National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Contains Software Flaws (CVE)
  • CPE Product Version: cpe:/o:microsoft:windows_2000:-:sp1:~~advanced_server~~~
There are 323 matching records.
Displaying matches 201 through 220.
Vuln ID Summary CVSS Severity
CVE-2002-0724

Buffer overflow in SMB (Server Message Block) protocol in Microsoft Windows NT, Windows 2000, and Windows XP allows attackers to cause a denial of service (crash) via a SMB_COM_TRANSACTION packet with a request for the (1) NetShareEnum, (2) NetServerEnum2, or (3) NetServerEnum3, aka "Unchecked Buffer in Network Share Provider Can Lead to Denial of Service".

Published: September 24, 2002; 12:00:00 AM -04:00
    V2: 7.5 HIGH
CVE-2002-0720

A handler routine for the Network Connection Manager (NCM) in Windows 2000 allows local users to gain privileges via a complex attack that causes the handler to run in the LocalSystem context with user-specified code.

Published: September 05, 2002; 12:00:00 AM -04:00
    V2: 7.2 HIGH
CVE-2002-0725

NTFS file system in Windows NT 4.0 and Windows 2000 SP2 allows local attackers to hide file usage activities via a hard link to the target file, which causes the link to be recorded in the audit trail instead of the target file.

Published: September 05, 2002; 12:00:00 AM -04:00
    V2: 4.6 MEDIUM
CVE-2002-0823

Buffer overflow in Winhlp32.exe allows remote attackers to execute arbitrary code via an HTML document that calls the HTML Help ActiveX control (HHCtrl.ocx) with a long pathname in the Item parameter.

Published: August 12, 2002; 12:00:00 AM -04:00
    V2: 7.5 HIGH
CVE-2002-0443

Microsoft Windows 2000 allows local users to bypass the policy that prohibits reusing old passwords by changing the current password before it expires, which does not enable the check for previous passwords.

Published: July 26, 2002; 12:00:00 AM -04:00
    V2: 4.6 MEDIUM
CVE-2002-0366

Buffer overflow in Remote Access Service (RAS) phonebook for Windows NT 4.0, 2000, XP, and Routing and Remote Access Server (RRAS) allows local users to execute arbitrary code by modifying the rasphone.pbk file to use a long dial-up entry.

Published: July 03, 2002; 12:00:00 AM -04:00
    V2: 7.2 HIGH
CVE-2002-0367

smss.exe debugging subsystem in Windows NT and Windows 2000 does not properly authenticate programs that connect to other programs, which allows local users to gain administrator or SYSTEM privileges by duplicating a handle to a privileged process, as demonstrated by DebPloit.

Published: June 25, 2002; 12:00:00 AM -04:00
    V2: 7.2 HIGH
CVE-2002-0597

LANMAN service on Microsoft Windows 2000 allows remote attackers to cause a denial of service (CPU/memory exhaustion) via a stream of malformed data to microsoft-ds port 445.

Published: June 18, 2002; 12:00:00 AM -04:00
    V2: 5.0 MEDIUM
CVE-2002-0224

The MSDTC (Microsoft Distributed Transaction Service Coordinator) for Microsoft Windows 2000, Microsoft IIS 5.0 and SQL Server 6.5 through SQL 2000 0.0 allows remote attackers to cause a denial of service (crash or hang) via malformed (random) input.

Published: May 16, 2002; 12:00:00 AM -04:00
    V2: 5.0 MEDIUM
CVE-2002-0051

Windows 2000 allows local users to prevent the application of new group policy settings by opening Group Policy files with exclusive-read access.

Published: April 04, 2002; 12:00:00 AM -05:00
    V2: 4.6 MEDIUM
CVE-2002-0151

Buffer overflow in Multiple UNC Provider (MUP) in Microsoft Windows operating systems allows local users to cause a denial of service or possibly gain SYSTEM privileges via a long UNC request.

Published: April 04, 2002; 12:00:00 AM -05:00
    V2: 7.2 HIGH
CVE-2002-0070

Buffer overflow in Windows Shell (used as the Windows Desktop) allows local and possibly remote attackers to execute arbitrary code via a custom URL handler that has not been removed for an application that has been improperly uninstalled.

Published: March 15, 2002; 12:00:00 AM -05:00
    V2: 7.6 HIGH
CVE-2002-0018

In Microsoft Windows NT and Windows 2000, a trusting domain that receives authorization information from a trusted domain does not verify that the trusted domain is authoritative for all listed SIDs, which allows remote attackers to gain Domain Administrator privileges on the trusting domain by injecting SIDs from untrusted domains into the authorization data that comes from from the trusted domain.

Published: March 08, 2002; 12:00:00 AM -05:00
    V2: 10.0 HIGH
CVE-2002-0020

Buffer overflow in telnet server in Windows 2000 and Interix 2.2 allows remote attackers to execute arbitrary code via malformed protocol options.

Published: March 08, 2002; 12:00:00 AM -05:00
    V2: 7.5 HIGH
CVE-2002-0053

Buffer overflow in SNMP agent service in Windows 95/98/98SE, Windows NT 4.0, Windows 2000, and Windows XP allows remote attackers to cause a denial of service or execute arbitrary code via a malformed management request. NOTE: this candidate may be split or merged with other candidates. This and other PROTOS-related candidates, especially CVE-2002-0012 and CVE-2002-0013, will be updated when more accurate information is available.

Published: March 08, 2002; 12:00:00 AM -05:00
    V2: 7.5 HIGH
CVE-2002-0054

SMTP service in (1) Microsoft Windows 2000 and (2) Internet Mail Connector (IMC) in Exchange Server 5.5 does not properly handle responses to NTLM authentication, which allows remote attackers to perform mail relaying via an SMTP AUTH command using null session credentials.

Published: March 08, 2002; 12:00:00 AM -05:00
    V2: 7.5 HIGH
CVE-2002-0055

SMTP service in Microsoft Windows 2000, Windows XP Professional, and Exchange 2000 allows remote attackers to cause a denial of service via a command with a malformed data transfer (BDAT) request.

Published: March 08, 2002; 12:00:00 AM -05:00
    V2: 5.0 MEDIUM
CVE-2001-1515

Macintosh clients, when using NT file system volumes on Windows 2000 SP1, create subdirectories and automatically modify the inherited NTFS permissions, which may cause the directories to have less restrictive permissions than intended.

Published: December 31, 2001; 12:00:00 AM -05:00
    V2: 5.0 MEDIUM
CVE-2001-1517

** DISPUTED ** RunAs (runas.exe) in Windows 2000 stores cleartext authentication information in memory, which could allow attackers to obtain usernames and passwords by executing a process that is allocated the same memory page after termination of a RunAs command. NOTE: the vendor disputes this issue, saying that administrative privileges are already required to exploit it, and the original researcher did not respond to requests for additional information.

Published: December 31, 2001; 12:00:00 AM -05:00
    V2: 2.1 LOW
CVE-2001-1518

RunAs (runas.exe) in Windows 2000 only creates one session instance at a time, which allows local users to cause a denial of service (RunAs hang) by creating a named pipe session with the authentication server without any request for service. NOTE: the vendor disputes this vulnerability, however the vendor also presents a scenario in which other users could be affected if running on a Terminal Server. Therefore this is a vulnerability.

Published: December 31, 2001; 12:00:00 AM -05:00
    V2: 2.1 LOW