The default configuration for the domain name resolver for Microsoft Windows 98, NT 4.0, 2000, and XP sets the QueryIpMatching parameter to 0, which causes Windows to accept DNS updates from hosts that it did not query, which allows remote attackers to poison the DNS cache.
Max CVSS
9.8
EPSS Score
0.64%
Published
2000-04-14
Updated
2024-02-08
Buffer overflow in the System Monitor ActiveX control in Windows 2000 allows remote attackers to execute arbitrary commands via a long LogFileName parameter in HTML source code, aka the "ActiveX Parameter Validation" vulnerability.
Max CVSS
10.0
EPSS Score
0.11%
Published
2000-12-11
Updated
2018-10-12
When a Microsoft Office 2000 document is launched, the directory of that document is first used to locate DLL's such as riched20.dll and msi.dll, which could allow an attacker to execute arbitrary commands by inserting a Trojan Horse DLL into the same directory as the document.
Max CVSS
10.0
EPSS Score
1.81%
Published
2000-11-14
Updated
2017-10-10
The Mail Merge tool in Microsoft Word does not prompt the user before executing Visual Basic (VBA) scripts in an Access database, which could allow an attacker to execute arbitrary commands.
Max CVSS
10.0
EPSS Score
0.92%
Published
2000-10-20
Updated
2018-10-12
The installation for Windows 2000 does not activate the Administrator password until the system has rebooted, which allows remote attackers to connect to the ADMIN$ share without a password until the reboot occurs.
Max CVSS
10.0
EPSS Score
2.72%
Published
2000-02-15
Updated
2019-04-30
Hotmail does not properly filter JavaScript code from a user's mailbox, which allows a remote attacker to execute the code by using hexadecimal codes to specify the javascript: protocol, e.g. jAvascript.
Max CVSS
10.0
EPSS Score
1.17%
Published
2000-01-10
Updated
2022-08-17
Internet Explorer 5 does not modify the security zone for a document that is being loaded into a window until after the document has been loaded, which could allow remote attackers to execute Javascript in a different security context while the document is loading.
Max CVSS
10.0
EPSS Score
1.17%
Published
2000-01-07
Updated
2021-07-23
Buffer overflow in Internet Explorer 4.0 via EMBED tag.
Max CVSS
10.0
EPSS Score
1.00%
Published
2000-01-04
Updated
2021-07-22
A system does not present an appropriate legal message or warning to a user who is accessing it.
Max CVSS
10.0
EPSS Score
0.30%
Published
2000-06-01
Updated
2022-08-17
9 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!