The RtlDosPathNameToNtPathName_U API function in NTDLL.DLL in Microsoft Windows 2000 SP4 and XP SP2 does not properly convert DOS style paths with trailing spaces into NT style paths, which allows context-dependent attackers to create files that cannot be accessed through the expected DOS path or prevent access to other similarly named files in the same directory, which prevents those files from being detected or disinfected by certain anti-virus and anti-spyware software.
Max CVSS
2.1
EPSS Score
0.08%
Published
2006-05-12
Updated
2018-10-18
The VDM (Virtual DOS Machine) emulation environment for MS-DOS applications in Windows 2000, Windows XP SP2, and Windows Server 2003 allows local users to read the first megabyte of memory and possibly obtain sensitive information, as demonstrated by dumper.asm.
Max CVSS
2.1
EPSS Score
0.04%
Published
2006-02-01
Updated
2018-10-19
The FTP client in Windows XP SP1 and Server 2003, and Internet Explorer 6 SP1 on Windows 2000 SP4, when "Enable Folder View for FTP Sites" is enabled and the user manually initiates a file transfer, allows user-assisted, remote FTP servers to overwrite files in arbitrary locations via crafted filenames.
Max CVSS
2.6
EPSS Score
9.43%
Published
2005-10-21
Updated
2018-10-12
Unknown vulnerability in Microsoft Windows 2000 Server and Windows Server 2003 domain controllers allows remote authenticated users to cause a denial of service (system crash) via a crafted Kerberos message.
Max CVSS
2.1
EPSS Score
0.30%
Published
2005-08-10
Updated
2019-04-30
Buffer overflow in Microsoft Windows 2000, Windows XP SP1 and SP2, and Windows Server 2003 allows local users to cause a denial of service (i.e., system crash) via a malformed request, aka "Object Management Vulnerability".
Max CVSS
2.1
EPSS Score
0.04%
Published
2005-05-02
Updated
2018-10-12
"Shatter" style vulnerability in the Window Management application programming interface (API) for Microsoft Windows 98, Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows local users to gain privileges by using certain API functions to change properties of privileged programs using the SetWindowLong and SetWIndowLongPtr API functions.
Max CVSS
2.1
EPSS Score
0.08%
Published
2004-11-03
Updated
2018-10-12
The DCOM RPC interface for Microsoft Windows NT 4.0, 2000, XP, and Server 2003 allows remote attackers to cause network communications via an "alter context" call that contains additional data, aka the "Object Identity Vulnerability."
Max CVSS
2.6
EPSS Score
0.74%
Published
2004-06-01
Updated
2018-10-12
Windows File Protection (WFP) in Windows 2000 and XP does not remove old security catalog .CAT files, which could allow local users to replace new files with vulnerable old files that have valid hash codes.
Max CVSS
2.1
EPSS Score
0.06%
Published
2002-12-31
Updated
2017-11-21
The screensaver on Windows NT 4.0, 2000, XP, and 2002 does not verify if a domain account has already been locked when a valid password is provided, which makes it easier for users with physical access to conduct brute force password guessing.
Max CVSS
2.1
EPSS Score
0.08%
Published
2002-12-31
Updated
2019-04-30
Win32k.sys (aka Graphics Device Interface (GDI)) in Windows 2000 and XP allows local users to cause a denial of service (system crash) by calling the ShowWindow function after receiving a WM_NCCREATE message.
Max CVSS
2.1
EPSS Score
0.08%
Published
2001-12-31
Updated
2019-04-30
RunAs (runas.exe) in Windows 2000 only creates one session instance at a time, which allows local users to cause a denial of service (RunAs hang) by creating a named pipe session with the authentication server without any request for service. NOTE: the vendor disputes this vulnerability, however the vendor also presents a scenario in which other users could be affected if running on a Terminal Server. Therefore this is a vulnerability.
Max CVSS
2.1
EPSS Score
0.05%
Published
2001-12-31
Updated
2019-04-30
** DISPUTED ** RunAs (runas.exe) in Windows 2000 stores cleartext authentication information in memory, which could allow attackers to obtain usernames and passwords by executing a process that is allocated the same memory page after termination of a RunAs command. NOTE: the vendor disputes this issue, saying that administrative privileges are already required to exploit it, and the original researcher did not respond to requests for additional information.
Max CVSS
2.1
EPSS Score
0.08%
Published
2001-12-31
Updated
2019-04-30
The change password option in the Windows Security interface for Windows 2000 allows attackers to use the option to attempt to change passwords of other users on other systems or identify valid accounts by monitoring error messages, possibly due to a problem in the NetuserChangePassword function.
Max CVSS
2.1
EPSS Score
0.13%
Published
2001-07-18
Updated
2019-04-30
Windows 2000 and Windows NT allows local users to cause a denial of service (reboot) by executing a command at the command prompt and pressing the F7 and enter keys several times while the command is executing, possibly related to an exception handling error in csrss.exe.
Max CVSS
2.1
EPSS Score
0.13%
Published
2001-07-27
Updated
2019-04-30
The default configuration of the Dr. Watson program in Windows NT and Windows 2000 generates user.dmp crash dump files with world-readable permissions, which could allow a local user to gain access to sensitive information.
Max CVSS
2.1
EPSS Score
0.05%
Published
2001-06-18
Updated
2017-10-10
Microsoft Windows 2000 telnet service allows a local user to make a certain system call that allows the user to terminate a Telnet session and cause a denial of service.
Max CVSS
2.1
EPSS Score
0.05%
Published
2001-07-21
Updated
2018-10-12
Windows 98 and Windows 2000 Java clients allow remote attackers to cause a denial of service via a Java applet that opens a large number of UDP sockets, which prevents the host from establishing any additional UDP connections, and possibly causes a crash.
Max CVSS
2.6
EPSS Score
0.52%
Published
2001-05-03
Updated
2008-09-05
Microsoft Windows 2000 Encrypted File System does not properly destroy backups of files that are encrypted, which allows a local attacker to recover the text of encrypted files.
Max CVSS
2.1
EPSS Score
0.05%
Published
2001-06-02
Updated
2017-12-19
Microsoft Windows 2000 allows local users to cause a denial of service by corrupting the local security policy via malformed RPC traffic, aka the "Local Security Policy Corruption" vulnerability.
Max CVSS
2.1
EPSS Score
0.05%
Published
2000-10-20
Updated
2018-10-12
The Windows 2000 domain controller allows a malicious user to modify Active Directory information by modifying an unprotected attribute, aka the "Mixed Object Access" vulnerability.
Max CVSS
2.1
EPSS Score
0.05%
Published
2000-04-20
Updated
2018-10-12
Microsoft TCP/IP Printing Services, aka Print Services for Unix, allows an attacker to cause a denial of service via a malformed TCP/IP print request.
Max CVSS
2.1
EPSS Score
0.07%
Published
2000-03-30
Updated
2018-10-12
A remote attacker can disable the virus warning mechanism in Microsoft Excel 97.
Max CVSS
2.6
EPSS Score
0.58%
Published
1999-05-07
Updated
2018-10-12
A Windows NT system does not clear the system page file during shutdown, which might allow sensitive information to be recorded.
Max CVSS
2.1
EPSS Score
0.04%
Published
2000-01-20
Updated
2022-08-17
A Windows NT administrator account has the default name of Administrator.
Max CVSS
2.1
EPSS Score
0.04%
Published
2000-07-01
Updated
2022-08-17
The installer for BackOffice Server includes account names and passwords in a setup file (reboot.ini) which is not deleted.
Max CVSS
2.1
EPSS Score
0.16%
Published
1999-02-12
Updated
2018-10-12
25 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!