National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Contains Software Flaws (CVE)
  • CPE Product Version: cpe:/o:microsoft:windows_2000:-:sp3:datacenter_server
There are 327 matching records.
Displaying matches 81 through 100.
Vuln ID Summary CVSS Severity
CVE-2005-2307

netman.dll in Microsoft Windows Connections Manager Library allows local users to cause a denial of service (Network Connections Service crash) via a large integer argument to a particular function, aka "Network Connection Manager Vulnerability."

Published: July 19, 2005; 12:00:00 AM -04:00
    V2: 5.0 MEDIUM
CVE-2005-2150

Windows NT 4.0 and Windows 2000 before URP1 for Windows 2000 SP4 does not properly prevent NULL sessions from accessing certain alternate named pipes, which allows remote attackers to (1) list Windows services via svcctl or (2) read eventlogs via eventlog.

Published: July 11, 2005; 12:00:00 AM -04:00
    V2: 5.0 MEDIUM
CVE-2005-1206

Buffer overflow in the Server Message Block (SMB) functionality for Microsoft Windows 2000, XP SP1 and SP2, and Server 2003 and SP1 allows remote attackers to execute arbitrary code via unknown vectors, aka the "Server Message Block Vulnerability."

Published: June 14, 2005; 12:00:00 AM -04:00
    V2: 7.5 HIGH
CVE-2005-1208

Integer overflow in Microsoft Windows 98, 2000, XP SP2 and earlier, and Server 2003 SP1 and earlier allows remote attackers to execute arbitrary code via a crafted compiled Help (.CHM) file with a large size field that triggers a heap-based buffer overflow, as demonstrated using a "ms-its:" URL in Internet Explorer.

Published: June 14, 2005; 12:00:00 AM -04:00
    V2: 10.0 HIGH
CVE-2005-1212

Buffer overflow in Microsoft Step-by-Step Interactive Training (orun32.exe) allows remote attackers to execute arbitrary code via a bookmark link file (.cbo, cbl, or .cbm extension) with a long User field.

Published: June 14, 2005; 12:00:00 AM -04:00
    V2: 7.5 HIGH
CVE-2005-1214

Microsoft Agent allows remote attackers to spoof trusted Internet content and execute arbitrary code by disguising security prompts on a malicious Web page.

Published: June 14, 2005; 12:00:00 AM -04:00
    V2: 5.1 MEDIUM
CVE-2005-1935

Heap-based buffer overflow in the BERDecBitString function in Microsoft ASN.1 library (MSASN1.DLL) allows remote attackers to execute arbitrary code via nested constructed bit strings, which leads to a realloc of a non-null pointer and causes the function to overwrite previously freed memory, as demonstrated using a SPNEGO token with a constructed bit string during HTTP authentication, and a different vulnerability than CVE-2003-0818. NOTE: the researcher has claimed that MS:MS04-007 fixes this issue.

Published: June 13, 2005; 12:00:00 AM -04:00
    V2: 7.5 HIGH
CVE-2005-0356

Multiple TCP implementations with Protection Against Wrapped Sequence Numbers (PAWS) with the timestamps option enabled allow remote attackers to cause a denial of service (connection loss) via a spoofed packet with a large timer value, which causes the host to discard later packets because they appear to be too old.

Published: May 31, 2005; 12:00:00 AM -04:00
    V2: 5.0 MEDIUM
CVE-2005-0044

The OLE component in Windows 98, 2000, XP, and Server 2003, and Exchange Server 5.0 through 2003, does not properly validate the lengths of messages for certain OLE data, which allows remote attackers to execute arbitrary code, aka the "Input Validation Vulnerability."

Published: May 02, 2005; 12:00:00 AM -04:00
    V2: 7.5 HIGH
CVE-2005-0045

The Server Message Block (SMB) implementation for Windows NT 4.0, 2000, XP, and Server 2003 does not properly validate certain SMB packets, which allows remote attackers to execute arbitrary code via Transaction responses containing (1) Trans or (2) Trans2 commands, aka the "Server Message Block Vulnerability," and as demonstrated using Trans2 FIND_FIRST2 responses with large file name length fields.

Published: May 02, 2005; 12:00:00 AM -04:00
    V2: 7.5 HIGH
CVE-2005-0047

Windows 2000, XP, and Server 2003 does not properly "validate the use of memory regions" for COM structured storage files, which allows attackers to execute arbitrary code, aka the "COM Structured Storage Vulnerability."

Published: May 02, 2005; 12:00:00 AM -04:00
    V2: 7.2 HIGH
CVE-2005-0048

Microsoft Windows XP SP2 and earlier, 2000 SP3 and SP4, Server 2003, and older operating systems allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted IP packets with malformed options, aka the "IP Validation Vulnerability."

Published: May 02, 2005; 12:00:00 AM -04:00
    V2: 7.5 HIGH
CVE-2005-0050

The License Logging service for Windows NT Server, Windows 2000 Server, and Windows Server 2003 does not properly validate the length of messages, which leads to an "unchecked buffer" and allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, aka the "License Logging Service Vulnerability."

Published: May 02, 2005; 12:00:00 AM -04:00
    V2: 10.0 HIGH
CVE-2005-0053

Internet Explorer 5.01, 5.5, and 6 allows remote attackers to execute arbitrary code via drag and drop events, aka the "Drag-and-Drop Vulnerability."

Published: May 02, 2005; 12:00:00 AM -04:00
    V2: 7.5 HIGH
CVE-2005-0057

The Hyperlink Object Library for Windows 98, 2000, XP, and Server 2003 allows remote attackers to execute arbitrary code via a crafted link that triggers an "unchecked buffer" in the library, possibly due to a buffer overflow.

Published: May 02, 2005; 12:00:00 AM -04:00
    V2: 7.5 HIGH
CVE-2005-0059

Buffer overflow in the Message Queuing component of Microsoft Windows 2000 and Windows XP SP1 allows remote attackers to execute arbitrary code via a crafted message.

Published: May 02, 2005; 12:00:00 AM -04:00
    V2: 10.0 HIGH
CVE-2005-0060

Buffer overflow in the font processing component of Microsoft Windows 2000, Windows XP SP1 and SP2, and Windows Server 2003 allows local users to gain privileges via a specially-designed application.

Published: May 02, 2005; 12:00:00 AM -04:00
    V2: 7.2 HIGH
CVE-2005-0061

The kernel of Microsoft Windows 2000, Windows XP SP1 and SP2, and Windows Server 2003 allows local users to gain privileges via certain access requests.

Published: May 02, 2005; 12:00:00 AM -04:00
    V2: 7.2 HIGH
CVE-2005-0063

The document processing application used by the Windows Shell in Microsoft Windows 2000, Windows XP, and Windows Server 2003 allows remote attackers to execute arbitrary code by modifying the CLSID stored in a file so that it is processed by HTML Application Host (MSHTA), as demonstrated using a Microsoft Word document.

Published: May 02, 2005; 12:00:00 AM -04:00
    V2: 7.5 HIGH
CVE-2005-0545

Microsoft Windows XP Pro SP2 and Windows 2000 Server SP4 running Active Directory allow local users to bypass group policies that restrict access to hidden drives by using the browse feature in Office 10 applications such as Word or Excel, or using a flash drive. NOTE: this issue has been disputed in a followup post.

Published: May 02, 2005; 12:00:00 AM -04:00
    V2: 7.2 HIGH