Microsoft » Windows 2000 : Security Vulnerabilities, CVEs, (Gain Privilege) CVSS score >= 9
CVE-2008-4037
Public exploit
Microsoft Windows 2000 Gold through SP4, XP Gold through SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote SMB servers to execute arbitrary code on a client machine by replaying the NTLM credentials of a client user, as demonstrated by backrush, aka "SMB Credential Reflection Vulnerability." NOTE: some reliable sources report that this vulnerability exists because of an insufficient fix for CVE-2000-0834.
Max CVSS
9.3
EPSS Score
11.59%
Published
2008-11-12
Updated
2023-12-07
The Server Message Block (SMB) driver (MRXSMB.SYS) in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows local users to execute arbitrary code by calling the MrxSmbCscIoctlOpenForCopyChunk function with the METHOD_NEITHER method flag and an arbitrary address, possibly for kernel memory, aka the "SMB Driver Elevation of Privilege Vulnerability."
Max CVSS
10.0
EPSS Score
0.63%
Published
2006-06-13
Updated
2019-03-26
2 vulnerabilities found