Vulnerabilities (CVE)

Filtered by vendor Microsoft Subscribe
Filtered by product Windows 2000
Total 635 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2007-0214 1 Microsoft 3 Windows 2000, Windows 2003 Server, Windows Xp 2025-04-09 9.3 HIGH N/A
The HTML Help ActiveX control (Hhctrl.ocx) in Microsoft Windows 2000 SP3, XP SP2 and Professional, 2003 SP1 allows remote attackers to execute arbitrary code via unspecified functions, related to uninitialized parameters.
CVE-2007-1912 1 Microsoft 4 Windows 2000, Windows 2003 Server, Windows Nt and 1 more 2025-04-09 6.8 MEDIUM N/A
Heap-based buffer overflow in Microsoft Windows allows user-assisted remote attackers to have an unknown impact via a crafted .HLP file.
CVE-2008-4259 1 Microsoft 6 Internet Explorer, Windows 2000, Windows Server 2003 and 3 more 2025-04-09 9.3 HIGH N/A
Microsoft Internet Explorer 7 sometimes attempts to access uninitialized memory locations, which allows remote attackers to execute arbitrary code via a crafted HTML document that triggers memory corruption, related to a WebDAV request for a file with a long name, aka "HTML Objects Memory Corruption Vulnerability."
CVE-2008-1457 1 Microsoft 5 Windows-nt, Windows 2000, Windows 2003 Server and 2 more 2025-04-09 9.0 HIGH N/A
The Event System in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly validate per-user subscriptions, which allows remote authenticated users to execute arbitrary code via a crafted event subscription request.
CVE-2008-4114 1 Microsoft 5 Windows 2000, Windows Server 2003, Windows Server 2008 and 2 more 2025-04-09 7.1 HIGH N/A
srv.sys in the Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to cause a denial of service (system crash) or possibly have unspecified other impact via an SMB WRITE_ANDX packet with an offset that is inconsistent with the packet size, related to "insufficiently validating the buffer size," as demonstrated by a request to the \PIPE\lsarpc named pipe, aka "SMB Validation Denial of Service Vulnerability."
CVE-2007-3028 1 Microsoft 1 Windows 2000 2025-04-09 5.0 MEDIUM N/A
The LDAP service in Windows Active Directory in Microsoft Windows 2000 Server SP4 does not properly check "the number of convertible attributes", which allows remote attackers to cause a denial of service (service unavailability) via a crafted LDAP request, related to "client sent LDAP request logic," aka "Windows Active Directory Denial of Service Vulnerability". NOTE: this is probably a different issue than CVE-2007-0040.
CVE-2009-1537 1 Microsoft 5 Directx, Windows 2000, Windows 2003 Server and 2 more 2025-04-09 9.3 HIGH N/A
Unspecified vulnerability in the QuickTime Movie Parser Filter in quartz.dll in DirectShow in Microsoft DirectX 7.0 through 9.0c on Windows 2000 SP4, Windows XP SP2 and SP3, and Windows Server 2003 SP2 allows remote attackers to execute arbitrary code via a crafted QuickTime media file, as exploited in the wild in May 2009, aka "DirectX NULL Byte Overwrite Vulnerability."
CVE-2009-1920 1 Microsoft 5 Windows 2000, Windows Server 2003, Windows Server 2008 and 2 more 2025-04-09 9.3 HIGH N/A
The JScript scripting engine 5.1, 5.6, 5.7, and 5.8 in JScript.dll in Microsoft Windows, as used in Internet Explorer, does not properly load decoded scripts into memory before execution, which allows remote attackers to execute arbitrary code via a crafted web site that triggers memory corruption, aka "JScript Remote Code Execution Vulnerability."
CVE-2007-3091 1 Microsoft 6 Internet Explorer, Windows 2000, Windows 2003 Server and 3 more 2025-04-09 7.1 HIGH N/A
Race condition in Microsoft Internet Explorer 6 SP1; 6 and 7 for Windows XP SP2 and SP3; 6 and 7 for Server 2003 SP2; 7 for Vista Gold, SP1, and SP2; and 7 for Server 2008 SP2 allows remote attackers to execute arbitrary code or perform other actions upon a page transition, with the permissions of the old page and the content of the new page, as demonstrated by setInterval functions that set location.href within a try/catch expression, aka the "bait & switch vulnerability" or "Race Condition Cross-Domain Information Disclosure Vulnerability."
CVE-2007-5352 1 Microsoft 3 Windows 2000, Windows 2003 Server, Windows Xp 2025-04-09 7.2 HIGH N/A
Unspecified vulnerability in Local Security Authority Subsystem Service (LSASS) in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 and SP2 allows local users to gain privileges via a crafted local procedure call (LPC) request.
CVE-2009-1538 1 Microsoft 4 Directx, Windows 2000, Windows Server 2003 and 1 more 2025-04-09 9.3 HIGH N/A
The QuickTime Movie Parser Filter in quartz.dll in DirectShow in Microsoft DirectX 7.0 through 9.0c on Windows 2000 SP4, Windows XP SP2 and SP3, and Windows Server 2003 SP2 performs updates to pointers without properly validating unspecified data values, which allows remote attackers to execute arbitrary code via a crafted QuickTime media file, aka "DirectX Pointer Validation Vulnerability."
CVE-2008-0088 1 Microsoft 3 Windows 2000, Windows 2003 Server, Windows Xp 2025-04-09 6.8 MEDIUM N/A
Unspecified vulnerability in Active Directory on Microsoft Windows 2000 and Windows Server 2003, and Active Directory Application Mode (ADAM) on XP and Server 2003, allows remote attackers to cause a denial of service (hang and restart) via a crafted LDAP request.
CVE-2007-1645 2 Futuresoft, Microsoft 2 Tftp Server 2000, Windows 2000 2025-04-09 10.0 HIGH N/A
Buffer overflow in FutureSoft TFTP Server 2000 on Microsoft Windows 2000 SP4 allows remote attackers to execute arbitrary code via a long request on UDP port 69. NOTE: this issue might overlap CVE-2006-4781 or CVE-2005-1812.
CVE-2009-2514 1 Microsoft 5 Windows 2000, Windows 2003 Server, Windows Server 2008 and 2 more 2025-04-09 9.3 HIGH N/A
win32k.sys in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 does not correctly parse font code during construction of a directory-entry table, which allows remote attackers to execute arbitrary code via a crafted Embedded OpenType (EOT) font, aka "Win32k EOT Parsing Vulnerability."
CVE-2009-0090 1 Microsoft 7 .net Framework, Windows 2000, Windows 7 and 4 more 2025-04-09 9.3 HIGH N/A
Microsoft .NET Framework 1.0 SP3, 1.1 SP1, and 2.0 SP1 does not properly validate .NET verifiable code, which allows remote attackers to obtain unintended access to stack memory, and execute arbitrary code, via (1) a crafted XAML browser application (XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka "Microsoft .NET Framework Pointer Verification Vulnerability."
CVE-2008-1084 1 Microsoft 5 Windows 2000, Windows 2003 Server, Windows Server 2008 and 2 more 2025-04-09 7.2 HIGH N/A
Unspecified vulnerability in the kernel in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, through Vista SP1, and Server 2008 allows local users to execute arbitrary code via unknown vectors related to improper input validation. NOTE: it was later reported that one affected function is NtUserFnOUTSTRING in win32k.sys.
CVE-2009-0555 1 Microsoft 7 Windows 2000, Windows Media Format Runtime, Windows Media Player and 4 more 2025-04-09 9.3 HIGH N/A
Microsoft Windows Media Runtime, as used in DirectShow WMA Voice Codec, Windows Media Audio Voice Decoder, and Audio Compression Manager (ACM), does not properly process Advanced Systems Format (ASF) files, which allows remote attackers to execute arbitrary code via a crafted audio file that uses the Windows Media Speech codec, aka "Windows Media Runtime Voice Sample Rate Vulnerability."
CVE-2009-2717 2 Microsoft, Sun 2 Windows 2000, Java Se 2025-04-09 6.8 MEDIUM N/A
The Abstract Window Toolkit (AWT) implementation in Sun Java SE 6 before Update 15 on Windows 2000 Professional does not provide a Security Warning Icon, which makes it easier for context-dependent attackers to trick a user into interacting unsafely with an untrusted applet.
CVE-2008-1454 1 Microsoft 4 Windows 2000, Windows Server 2003, Windows Server 2008 and 1 more 2025-04-09 9.4 HIGH N/A
Unspecified vulnerability in Microsoft DNS in Windows 2000 SP4, Server 2003 SP1 and SP2, and Server 2008 allows remote attackers to conduct cache poisoning attacks via unknown vectors related to accepting "records from a response that is outside the remote server's authority," aka "DNS Cache Poisoning Vulnerability," a different vulnerability than CVE-2008-1447.
CVE-2009-0089 1 Microsoft 5 Windows 2000, Windows Server 2003, Windows Server 2008 and 2 more 2025-04-09 5.8 MEDIUM N/A
Windows HTTP Services (aka WinHTTP) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, and Vista Gold allows remote web servers to impersonate arbitrary https web sites by using DNS spoofing to "forward a connection" to a different https web site that has a valid certificate matching its own domain name, but not a certificate matching the domain name of the host requested by the user, aka "Windows HTTP Services Certificate Name Mismatch Vulnerability."