# |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
1 |
CVE-2010-4562 |
200 |
|
+Info |
2012-02-02 |
2012-02-03 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
Microsoft Windows 2008, 7, Vista, 2003, 2000, and XP, when using IPv6, allows remote attackers to determine whether a host is sniffing the network by sending an ICMPv6 Echo Request to a multicast address and determining whether an Echo Reply is sent, as demonstrated by thcping. NOTE: due to a typo, some sources map CVE-2010-4562 to a ProFTPd mod_sql vulnerability, but that issue is covered by CVE-2010-4652. |
2 |
CVE-2010-1735 |
20 |
|
DoS |
2010-05-06 |
2018-10-30 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
The SfnLOGONNOTIFY function in win32k.sys in the kernel in Microsoft Windows 2000, XP, and Server 2003 allows local users to cause a denial of service (system crash) via a 0x4c value in the second argument (aka the Msg argument) of a PostMessage function call for the DDEMLEvent window. |
3 |
CVE-2010-1734 |
20 |
|
DoS |
2010-05-06 |
2018-10-30 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
The SfnINSTRING function in win32k.sys in the kernel in Microsoft Windows 2000, XP, and Server 2003 allows local users to cause a denial of service (system crash) via a 0x18d value in the second argument (aka the Msg argument) of a PostMessage function call for the DDEMLEvent window. |
4 |
CVE-2010-0719 |
20 |
|
DoS |
2010-02-26 |
2017-08-16 |
4.7 |
None |
Local |
Medium |
Not required |
None |
None |
Complete |
An unspecified API in Microsoft Windows 2000, Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, and Windows 7 does not validate arguments, which allows local users to cause a denial of service (system crash) via a crafted application. |
5 |
CVE-2010-0494 |
200 |
|
XSS Bypass +Info |
2010-03-31 |
2018-10-30 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
Cross-domain vulnerability in Microsoft Internet Explorer 6, 6 SP1, 7, and 8 allows user-assisted remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via a crafted HTML document in a situation where the client user drags one browser window across another browser window, aka "HTML Element Cross-Domain Vulnerability." |
6 |
CVE-2010-0488 |
200 |
|
Bypass +Info |
2010-03-31 |
2018-10-12 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, and 7 does not properly handle unspecified "encoding strings," which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site, aka "Post Encoding Information Disclosure Vulnerability." |
7 |
CVE-2010-0238 |
20 |
|
DoS |
2010-04-14 |
2018-10-12 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
Unspecified vulnerability in registry-key validation in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, and Vista Gold allows local users to cause a denial of service (reboot) via a crafted application, aka "Windows Kernel Registry Key Vulnerability." |
8 |
CVE-2010-0235 |
20 |
|
DoS |
2010-04-14 |
2018-10-12 |
4.7 |
None |
Local |
Medium |
Not required |
None |
None |
Complete |
The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, and Vista Gold does not perform the expected validation before creating a symbolic link, which allows local users to cause a denial of service (reboot) via a crafted application, aka "Windows Kernel Symbolic Link Value Vulnerability." |
9 |
CVE-2010-0234 |
20 |
|
DoS |
2010-04-14 |
2018-10-30 |
4.7 |
None |
Local |
Medium |
Not required |
None |
None |
Complete |
The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 does not properly validate a registry-key argument to an unspecified system call, which allows local users to cause a denial of service (reboot) via a crafted application, aka "Windows Kernel Null Pointer Vulnerability." |
10 |
CVE-2009-0229 |
200 |
|
+Info |
2009-06-10 |
2018-10-30 |
4.9 |
None |
Local |
Low |
Not required |
Complete |
None |
None |
The Windows Printing Service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 allows local users to read arbitrary files via a crafted separator page, aka "Print Spooler Read File Vulnerability." |
11 |
CVE-2007-0843 |
264 |
|
Bypass |
2007-02-22 |
2018-10-16 |
4.6 |
User |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
The ReadDirectoryChangesW API function on Microsoft Windows 2000, XP, Server 2003, and Vista does not check permissions for child objects, which allows local users to bypass permissions by opening a directory with LIST (READ) access and using ReadDirectoryChangesW to monitor changes of files that do not have LIST permissions, which can be leveraged to determine filenames, access times, and other sensitive information. |
12 |
CVE-2006-2380 |
287 |
|
|
2006-06-13 |
2018-10-12 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Microsoft Windows 2000 SP4 does not properly validate an RPC server during mutual authentication over SSL, which allows remote attackers to spoof an RPC server, aka the "RPC Mutual Authentication Vulnerability." |
13 |
CVE-2006-0032 |
79 |
|
XSS |
2006-09-12 |
2018-10-19 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Cross-site scripting (XSS) vulnerability in the Indexing Service in Microsoft Windows 2000, XP, and Server 2003, when the Encoding option is set to Auto Select, allows remote attackers to inject arbitrary web script or HTML via a UTF-7 encoded URL, which is injected into an error message whose charset is set to UTF-7. |
14 |
CVE-2005-3981 |
|
|
|
2005-12-04 |
2018-10-19 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
** DISPUTED ** NOTE: this issue has been disputed by third parties. Microsoft Windows XP, 2000, and 2003 allows local users to kill a writable process by using the CreateRemoteThread function with certain arguments on a process that has been opened using the OpenProcess function, possibly involving an invalid address for the start routine. NOTE: followup posts have disputed this issue, saying that if a user already has privileges to write to a process, then other functions could be called or the process could be terminated using PROCESS_TERMINATE. |
15 |
CVE-2005-3177 |
|
|
|
2005-10-06 |
2008-09-05 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
CHKDSK in Microsoft Windows 2000 before Update Rollup 1 for SP4, Windows XP, and Windows Server 2003, when running in fix mode, does not properly handle security descriptors if the master file table contains a large number of files or if the descriptors do not satisfy certain NTFS conventions, which could cause ACLs for some files to be reverted to less secure defaults, or cause security descriptors to be removed. |
16 |
CVE-2005-3174 |
|
|
|
2005-10-06 |
2008-09-05 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
Microsoft Windows 2000 before Update Rollup 1 for SP4 allows users to log on to the domain, even when their password has expired, if the fully qualified domain name (FQDN) is 8 characters long. |
17 |
CVE-2005-3173 |
|
|
Bypass |
2005-10-06 |
2008-09-05 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
Microsoft Windows 2000 before Update Rollup 1 for SP4 does not apply group policies if the user logs on using UPN credentials with a trailing dot, which prevents Windows 2000 from finding the correct domain controller and could allow the user to bypass intended restrictions. |
18 |
CVE-2005-3171 |
|
|
|
2005-10-06 |
2008-09-05 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
Microsoft Windows 2000 before Update Rollup 1 for SP4 records Event ID 1704 to indicate that Group Policy security settings were successfully updated, even when the processing fails such as when Ntuser.pol cannot be accessed, which could cause system administrators to believe that the system is compliant with the specified settings. |
19 |
CVE-2003-0350 |
|
|
Exec Code |
2003-08-18 |
2018-10-12 |
4.6 |
User |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
The control for listing accessibility options in the Accessibility Utility Manager on Windows 2000 (ListView) does not properly handle Windows messages, which allows local users to execute arbitrary code via a "Shatter" style message to the Utility Manager that references a user-controlled callback function. |
20 |
CVE-2003-0112 |
|
|
Overflow +Priv |
2003-05-12 |
2018-10-12 |
4.6 |
User |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
Buffer overflow in Windows Kernel allows local users to gain privileges by causing certain error messages to be passed to a debugger. |
21 |
CVE-2002-1700 |
79 |
|
XSS |
2002-12-31 |
2018-10-30 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Cross-site scripting vulnerability (XSS) in the missing template handler in Macromedia ColdFusion MX allows remote attackers to execute arbitrary script as other users by injecting script into the HTTP request for the name of a template, which is not filtered in the resulting 404 error message. |
22 |
CVE-2002-1230 |
|
|
Exec Code |
2002-11-04 |
2018-10-12 |
4.6 |
User |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
NetDDE Agent on Windows NT 4.0, 4.0 Terminal Server Edition, Windows 2000, and Windows XP allows local users to execute arbitrary code as LocalSystem via "shatter" style attack by sending a WM_COPYDATA message followed by a WM_TIMER message, as demonstrated by GetAd, aka "Flaw in Windows WM_TIMER Message Handling Could Enable Privilege Elevation." |
23 |
CVE-2002-1184 |
|
|
+Priv |
2002-11-12 |
2018-10-12 |
4.6 |
User |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
The system root folder of Microsoft Windows 2000 has default permissions of Everyone group with Full access (Everyone:F) and is in the search path when locating programs during login or application launch from the desktop, which could allow attackers to gain privileges as other users via Trojan horse programs. |
24 |
CVE-2002-0725 |
|
|
|
2002-09-05 |
2008-09-10 |
4.6 |
User |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
NTFS file system in Windows NT 4.0 and Windows 2000 SP2 allows local attackers to hide file usage activities via a hard link to the target file, which causes the link to be recorded in the audit trail instead of the target file. |
25 |
CVE-2002-0443 |
|
|
Bypass |
2002-07-26 |
2008-09-05 |
4.6 |
User |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
Microsoft Windows 2000 allows local users to bypass the policy that prohibits reusing old passwords by changing the current password before it expires, which does not enable the check for previous passwords. |
26 |
CVE-2002-0051 |
|
|
|
2002-04-04 |
2018-10-12 |
4.6 |
User |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
Windows 2000 allows local users to prevent the application of new group policy settings by opening Group Policy files with exclusive-read access. |
27 |
CVE-2002-0034 |
|
|
|
2004-02-03 |
2018-08-13 |
4.6 |
User |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
The Microsoft CONVERT.EXE program, when used on Windows 2000 and Windows XP systems, does not apply the default NTFS permissions when converting a FAT32 file system, which could cause the conversion to produce a file system with less secure permissions than expected. |
28 |
CVE-2001-1347 |
|
|
DoS +Priv |
2001-05-24 |
2008-09-05 |
4.6 |
User |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
Windows 2000 allows local users to cause a denial of service and possibly gain privileges by setting a hardware breakpoint that is handled using global debug registers, which could cause other processes to terminate due to an exception, and allow hijacking of resources such as named pipes. |
29 |
CVE-2001-1238 |
|
|
|
2001-07-16 |
2017-12-18 |
4.6 |
User |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
Task Manager in Windows 2000 does not allow local users to end processes with uppercase letters named (1) winlogon.exe, (2) csrss.exe, (3) smss.exe and (4) services.exe via the Process tab which could allow local users to install Trojan horses that cannot be stopped with the Task Manager. |
30 |
CVE-2001-0502 |
|
|
|
2001-07-21 |
2018-10-12 |
4.6 |
User |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
Running Windows 2000 LDAP Server over SSL, a function does not properly check the permissions of a user request when the directory principal is a domain user and the data attribute is the domain password, which allows local users to modify the login password of other users. |
31 |
CVE-2001-0350 |
|
|
Exec Code |
2001-07-21 |
2018-10-12 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
Microsoft Windows 2000 telnet service creates named pipes with predictable names and does not properly verify them, which allows local users to execute arbitrary commands by creating a named pipe with the predictable name and associating a malicious program with it, the second of two variants of this vulnerability. |
32 |
CVE-2001-0046 |
|
|
+Info |
2001-02-16 |
2018-10-12 |
4.6 |
User |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
The default permissions for the SNMP Parameters registry key in Windows NT 4.0 allows remote attackers to read and possibly modify the SNMP community strings to obtain sensitive information or modify network configuration, aka one of the "Registry Permissions" vulnerabilities. |
33 |
CVE-2000-1217 |
|
|
Bypass |
2000-11-21 |
2018-10-12 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
Microsoft Windows 2000 before Service Pack 2 (SP2), when running in a non-Windows 2000 domain and using NTLM authentication, and when credentials of an account are locally cached, allows local users to bypass account lockout policies and make an unlimited number of login attempts, aka the "Domain Account Lockout" vulnerability. |
34 |
CVE-2000-0933 |
|
|
+Priv |
2000-12-19 |
2018-10-12 |
4.6 |
User |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
The Input Method Editor (IME) in the Simplified Chinese version of Windows 2000 does not disable access to privileged functionality that should normally be restricted, which allows local users to gain privileges, aka the "Simplified Chinese IME State Recognition" vulnerability. |
35 |
CVE-2000-0851 |
|
|
Overflow +Priv |
2000-11-14 |
2018-10-12 |
4.6 |
User |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
Buffer overflow in the Still Image Service in Windows 2000 allows local users to gain additional privileges via a long WM_USER message, aka the "Still Image Service Privilege Escalation" vulnerability. |
36 |
CVE-2000-0790 |
|
|
|
2000-10-20 |
2017-10-09 |
4.6 |
User |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
The web-based folder display capability in Microsoft Internet Explorer 5.5 on Windows 98 allows local users to insert Trojan horse programs by modifying the Folder.htt file and using the InvokeVerb method in the ShellDefView ActiveX control to specify a default execute option for the first file that is listed in the folder. |
37 |
CVE-2000-0737 |
|
|
+Priv |
2000-10-20 |
2018-10-12 |
4.6 |
User |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
The Service Control Manager (SCM) in Windows 2000 creates predictable named pipes, which allows a local user with console access to gain administrator privileges, aka the "Service Control Manager Named Pipe Impersonation" vulnerability. |
38 |
CVE-2000-0663 |
|
|
Exec Code |
2000-07-25 |
2018-10-12 |
4.6 |
User |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
The registry entry for the Windows Shell executable (Explorer.exe) in Windows NT and Windows 2000 uses a relative path name, which allows local users to execute arbitrary commands by inserting a Trojan Horse named Explorer.exe into the %Systemdrive% directory, aka the "Relative Shell Path" vulnerability. |
39 |
CVE-2000-0475 |
|
|
|
2000-06-15 |
2018-10-12 |
4.6 |
User |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
Windows 2000 allows a local user process to access another user's desktop within the same windows station, aka the "Desktop Separation" vulnerability. |
40 |
CVE-1999-1358 |
|
|
Bypass |
1999-12-31 |
2008-09-05 |
4.6 |
User |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
When an administrator in Windows NT or Windows 2000 changes a user policy, the policy is not properly updated if the local ntconfig.pol is not writable by the user, which could allow local users to bypass restrictions that would otherwise be enforced by the policy, possibly by changing the policy file to be read-only. |
41 |
CVE-1999-0716 |
|
|
Overflow |
1999-05-17 |
2018-10-12 |
4.6 |
User |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
Buffer overflow in Windows NT 4.0 help file utility via a malformed help file. |
42 |
CVE-1999-0715 |
|
|
DoS Exec Code Overflow |
1999-05-20 |
2018-10-12 |
4.6 |
User |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
Buffer overflow in Remote Access Service (RAS) client allows an attacker to execute commands or cause a denial of service via a malformed phonebook entry. |
43 |
CVE-1999-0534 |
|
|
|
1997-01-01 |
2008-09-09 |
4.6 |
User |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
A Windows NT user has inappropriate rights or privileges, e.g. Act as System, Add Workstation, Backup, Change System Time, Create Pagefile, Create Permanent Object, Create Token Name, Debug, Generate Security Audit, Increase Priority, Increase Quota, Load Driver, Lock Memory, Profile Single Process, Remote Shutdown, Replace Process Token, Restore, System Environment, Take Ownership, or Unsolicited Input. |
44 |
CVE-1999-0384 |
|
|
|
1999-01-01 |
2018-10-12 |
4.6 |
User |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
The Forms 2.0 ActiveX control (included with Visual Basic for Applications 5.0) can be used to read text from a user's clipboard when the user accesses documents with ActiveX content. |