) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.
Search Results (Refine Search)
- CPE Product Version: cpe:/a:microsoft:exchange_server:2000
| Vuln ID | Summary | CVSS Severity |
|---|---|---|
| CVE-2002-0049 |
Microsoft Exchange Server 2000 System Attendant gives "Everyone" group privileges to the WinReg key, which could allow remote attackers to read or modify registry keys. Published: March 08, 2002; 12:00:00 AM -0500 |
V3.x:(not available) V2.0: 6.4 MEDIUM |
| CVE-2002-0055 |
SMTP service in Microsoft Windows 2000, Windows XP Professional, and Exchange 2000 allows remote attackers to cause a denial of service via a command with a malformed data transfer (BDAT) request. Published: March 08, 2002; 12:00:00 AM -0500 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
| CVE-2001-0666 |
Outlook Web Access (OWA) in Microsoft Exchange 2000 allows an authenticated user to cause a denial of service (CPU consumption) via a malformed OWA request for a deeply nested folder within the user's mailbox. Published: October 30, 2001; 12:00:00 AM -0500 |
V3.x:(not available) V2.0: 2.1 LOW |
| CVE-2001-0509 |
Vulnerabilities in RPC servers in (1) Microsoft Exchange Server 2000 and earlier, (2) Microsoft SQL Server 2000 and earlier, (3) Windows NT 4.0, and (4) Windows 2000 allow remote attackers to cause a denial of service via malformed inputs. Published: September 20, 2001; 12:00:00 AM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
| CVE-2001-0543 |
Memory leak in NNTP service in Windows NT 4.0 and Windows 2000 allows remote attackers to cause a denial of service (memory exhaustion) via a large number of malformed posts. Published: September 20, 2001; 12:00:00 AM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
| CVE-2001-1099 |
The default configuration of Norton AntiVirus for Microsoft Exchange 2000 2.x allows remote attackers to identify the recipient's INBOX file path by sending an email with an attachment containing malicious content, which includes the path in the rejection notice. Published: September 07, 2001; 12:00:00 AM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
| CVE-2001-0340 |
An interaction between the Outlook Web Access (OWA) service in Microsoft Exchange 2000 Server and Internet Explorer allows attackers to execute malicious script code against a user's mailbox via a message attachment that contains HTML code, which is executed automatically. Published: July 21, 2001; 12:00:00 AM -0400 |
V3.x:(not available) V2.0: 7.5 HIGH |
| CVE-2001-1319 |
Microsoft Exchange 5.5 2000 allows remote attackers to cause a denial of service (hang) via exceptional BER encodings for the LDAP filter type field, as demonstrated by the PROTOS LDAPv3 test suite. Published: July 16, 2001; 12:00:00 AM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
| CVE-2001-0146 |
IIS 5.0 and Microsoft Exchange 2000 allow remote attackers to cause a denial of service (memory allocation error) by repeatedly sending a series of specially formatted URL's. Published: June 02, 2001; 12:00:00 AM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
| CVE-2000-1139 |
The installation of Microsoft Exchange 2000 before Rev. A creates a user account with a known password, which could allow attackers to gain privileges, aka the "Exchange User Account" vulnerability. Published: January 09, 2001; 12:00:00 AM -0500 |
V3.x:(not available) V2.0: 7.5 HIGH |