The Remote Desktop client in Windows XP sends the most recent user account name in cleartext, which could allow remote attackers to obtain terminal server user account names via sniffing.
Max CVSS
5.0
EPSS Score
1.57%
Published
2001-12-31
Updated
2008-09-05
Windows XP with fast user switching and account lockout enabled allows local users to deny user account access by setting the fast user switch to the same user (self) multiple times, which causes other accounts to be locked out.
Max CVSS
2.1
EPSS Score
0.04%
Published
2001-12-31
Updated
2008-09-05
Win32k.sys (aka Graphics Device Interface (GDI)) in Windows 2000 and XP allows local users to cause a denial of service (system crash) by calling the ShowWindow function after receiving a WM_NCCREATE message.
Max CVSS
2.1
EPSS Score
0.08%
Published
2001-12-31
Updated
2019-04-30
ssdpsrv.exe in Windows ME allows remote attackers to cause a denial of service by sending multiple newlines in a Simple Service Discovery Protocol (SSDP) message. NOTE: multiple replies to the original post state that the problem could not be reproduced.
Max CVSS
5.0
EPSS Score
2.04%
Published
2001-12-31
Updated
2008-09-10
Outlook Express 6.0, with "Do not allow attachments to be saved or opened that could potentially be a virus" enabled, does not block email attachments from forwarded messages, which could allow remote attackers to execute arbitrary code.
Max CVSS
7.5
EPSS Score
6.82%
Published
2001-12-31
Updated
2008-09-05
Stack consumption vulnerability in Internet Explorer The JavaScript settimeout function in Internet Explorer allows remote attackers to cause a denial of service (crash) via the JavaScript settimeout function. NOTE: the vendor could not reproduce the problem.
Max CVSS
5.0
EPSS Score
1.03%
Published
2001-12-31
Updated
2021-07-23
Microsoft Internet Security and Acceleration (ISA) Server 2000 allows remote attackers to cause a denial of service via a flood of fragmented UDP packets. NOTE: the vendor disputes this issue, saying that it requires high bandwidth to exploit, and the server does not experience any instability. Therefore this "laws of physics" issue might not be included in CVE
Max CVSS
5.0
EPSS Score
5.34%
Published
2001-12-31
Updated
2024-03-21
RunAs (runas.exe) in Windows 2000 allows local users to create a spoofed named pipe when the service is stopped, then capture cleartext usernames and passwords when clients connect to the service. NOTE: the vendor disputes this issue, saying that administrative privileges are already required to exploit it
Max CVSS
3.6
EPSS Score
0.04%
Published
2001-12-31
Updated
2024-03-21
RunAs (runas.exe) in Windows 2000 only creates one session instance at a time, which allows local users to cause a denial of service (RunAs hang) by creating a named pipe session with the authentication server without any request for service. NOTE: the vendor disputes this vulnerability, however the vendor also presents a scenario in which other users could be affected if running on a Terminal Server. Therefore this is a vulnerability.
Max CVSS
2.1
EPSS Score
0.05%
Published
2001-12-31
Updated
2019-04-30
RunAs (runas.exe) in Windows 2000 stores cleartext authentication information in memory, which could allow attackers to obtain usernames and passwords by executing a process that is allocated the same memory page after termination of a RunAs command. NOTE: the vendor disputes this issue, saying that administrative privileges are already required to exploit it, and the original researcher did not respond to requests for additional information
Max CVSS
2.1
EPSS Score
0.08%
Published
2001-12-31
Updated
2024-03-21
Macintosh clients, when using NT file system volumes on Windows 2000 SP1, create subdirectories and automatically modify the inherited NTFS permissions, which may cause the directories to have less restrictive permissions than intended.
Max CVSS
7.5
EPSS Score
11.43%
Published
2001-12-31
Updated
2024-01-25
Microsoft Internet Explorer 4.0 through 6.0 could allow local users to differentiate between alphanumeric and non-alphanumeric characters used in a password by pressing certain control keys that jump between non-alphanumeric characters, which makes it easier to conduct a brute-force password guessing attack.
Max CVSS
2.1
EPSS Score
0.07%
Published
2001-12-31
Updated
2021-07-23
Microsoft Internet Explorer 6 allows remote attackers to cause a denial of service (CPU consumption and memory leak) via a web page with a large number of images.
Max CVSS
5.0
EPSS Score
17.41%
Published
2001-12-31
Updated
2017-07-11
By default, DNS servers on Windows NT 4.0 and Windows 2000 Server cache glue records received from non-delegated name servers, which allows remote attackers to poison the DNS cache via spoofed DNS responses.
Max CVSS
7.5
EPSS Score
1.63%
Published
2001-08-31
Updated
2024-02-08
Microsoft Internet Explorer 5.0 through 6.0 allows attackers to cause a denial of service (browser crash) via a crafted FTP URL such as "/.#./".
Max CVSS
2.6
EPSS Score
0.22%
Published
2001-05-11
Updated
2021-07-23
Windows 2000 allows local users to cause a denial of service and possibly gain privileges by setting a hardware breakpoint that is handled using global debug registers, which could cause other processes to terminate due to an exception, and allow hijacking of resources such as named pipes.
Max CVSS
4.6
EPSS Score
0.05%
Published
2001-05-24
Updated
2019-04-30
Internet Explorer 5.0 and 5.5, and Outlook Express 5.0 and 5.5, allow remote attackers to execute scripts when Active Scripting is disabled by including the scripts in XML stylesheets (XSL) that are referenced using an IFRAME tag, possibly due to a vulnerability in Windows Scripting Host (WSH).
Max CVSS
7.5
EPSS Score
3.94%
Published
2001-04-20
Updated
2021-07-23
Microsoft Exchange 5.5 2000 allows remote attackers to cause a denial of service (hang) via exceptional BER encodings for the LDAP filter type field, as demonstrated by the PROTOS LDAPv3 test suite.
Max CVSS
5.0
EPSS Score
2.69%
Published
2001-07-16
Updated
2020-04-09
The change password option in the Windows Security interface for Windows 2000 allows attackers to use the option to attempt to change passwords of other users on other systems or identify valid accounts by monitoring error messages, possibly due to a problem in the NetuserChangePassword function.
Max CVSS
2.1
EPSS Score
0.13%
Published
2001-07-18
Updated
2019-04-30
Windows 2000 and Windows NT allows local users to cause a denial of service (reboot) by executing a command at the command prompt and pressing the F7 and enter keys several times while the command is executing, possibly related to an exception handling error in csrss.exe.
Max CVSS
2.1
EPSS Score
0.13%
Published
2001-07-27
Updated
2019-04-30
Multiple TCP implementations could allow remote attackers to cause a denial of service (bandwidth and CPU exhaustion) by setting the maximum segment size (MSS) to a very small number and requesting large amounts of data, which generates more packets with less TCP-level data that amplify network traffic and consume more server CPU to process.
Max CVSS
5.0
EPSS Score
1.18%
Published
2001-07-07
Updated
2018-10-30
Scripting.FileSystemObject in asp.dll for Microsoft IIS 4.0 and 5.0 allows local or remote attackers to cause a denial of service (crash) via (1) creating an ASP program that uses Scripting.FileSystemObject to open a file with an MS-DOS device name, or (2) remotely injecting the device name into ASP programs that internally use Scripting.FileSystemObject.
Max CVSS
5.0
EPSS Score
3.15%
Published
2001-07-04
Updated
2018-10-30
Task Manager in Windows 2000 does not allow local users to end processes with uppercase letters named (1) winlogon.exe, (2) csrss.exe, (3) smss.exe and (4) services.exe via the Process tab which could allow local users to install Trojan horses that cannot be stopped with the Task Manager.
Max CVSS
7.8
EPSS Score
0.06%
Published
2001-07-16
Updated
2024-02-02
Microsoft Internet Explorer 6.0 and earlier allows malicious website operators to cause a denial of service (client crash) via JavaScript that continually refreshes the window via self.location.
Max CVSS
5.0
EPSS Score
0.18%
Published
2001-12-20
Updated
2021-07-23
Microsoft Internet Explorer for Unix 5.0SP1 allows local users to possibly cause a denial of service (crash) in CDE or the X server on Solaris 2.6 by rapidly scrolling Chinese characters or maximizing the window.
Max CVSS
2.1
EPSS Score
0.05%
Published
2001-12-20
Updated
2008-09-10
172 vulnerabilities found
1 2 3 4 5 6 7
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!