Filtered by vendor Microsoft
Subscriptions
Filtered by product Windows 2000
Subscriptions
Total
635 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2005-2124 | 1 Microsoft | 3 Windows 2000, Windows 2003 Server, Windows Xp | 2026-04-16 | N/A |
| Unspecified vulnerability in the Graphics Rendering Engine (GDI32.DLL) in Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1, related to "An unchecked buffer" and possibly buffer overflows, allows remote attackers to execute arbitrary code via a crafted Windows Metafile (WMF) format image, aka "Windows Metafile Vulnerability." | ||||
| CVE-2005-4717 | 1 Microsoft | 6 Ie, Internet Explorer, Windows 2000 and 3 more | 2026-04-16 | N/A |
| Microsoft Internet Explorer 6.0 on Windows NT 4.0 SP6a, Windows 2000 SP4, Windows XP SP1, Windows XP SP2, and Windows Server 2003 SP1 allows remote attackers to cause a denial of service (client crash) via a certain combination of a malformed HTML file and a CSS file that triggers a null dereference, probably related to rendering of a DIV element that contains a malformed IMG tag, as demonstrated by IEcrash.htm and IEcrash.rar. | ||||
| CVE-2005-2388 | 1 Microsoft | 7 Windows 2000, Windows 2003 Server, Windows 95 and 4 more | 2026-04-16 | N/A |
| Buffer overflow in a certain USB driver, as used on Microsoft Windows, allows attackers to execute arbitrary code. | ||||
| CVE-2005-1987 | 1 Microsoft | 4 Exchange Server, Windows 2000, Windows Server 2003 and 1 more | 2026-04-16 | N/A |
| Buffer overflow in Collaboration Data Objects (CDO), as used in Microsoft Windows and Microsoft Exchange Server, allows remote attackers to execute arbitrary code when CDOSYS or CDOEX processes an e-mail message with a large header name, as demonstrated using the "Content-Type" string. | ||||
| CVE-2001-1452 | 1 Microsoft | 2 Windows 2000, Windows Nt | 2026-04-16 | 7.5 High |
| By default, DNS servers on Windows NT 4.0 and Windows 2000 Server cache glue records received from non-delegated name servers, which allows remote attackers to poison the DNS cache via spoofed DNS responses. | ||||
| CVE-2006-2374 | 1 Microsoft | 3 Windows 2000, Windows 2003 Server, Windows Xp | 2026-04-16 | 5.5 Medium |
| The Server Message Block (SMB) driver (MRXSMB.SYS) in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows local users to cause a denial of service (hang) by calling the MrxSmbCscIoctlCloseForCopyChunk with the file handle of the shadow device, which results in a deadlock, aka the "SMB Invalid Handle Vulnerability." | ||||
| CVE-2002-0151 | 1 Microsoft | 3 Windows 2000, Windows Nt, Windows Xp | 2026-04-16 | N/A |
| Buffer overflow in Multiple UNC Provider (MUP) in Microsoft Windows operating systems allows local users to cause a denial of service or possibly gain SYSTEM privileges via a long UNC request. | ||||
| CVE-2006-0005 | 1 Microsoft | 7 Windows-nt, Windows 2000, Windows 2000 Advanced Server and 4 more | 2026-04-16 | N/A |
| Buffer overflow in the plug-in for Microsoft Windows Media Player (WMP) 9 and 10, when used in browsers other than Internet Explorer and set as the default application to handle media files, allows remote attackers to execute arbitrary code via HTML with an EMBED element containing a long src attribute. | ||||
| CVE-2006-0010 | 1 Microsoft | 7 Windows 2000, Windows 2003 Server, Windows 98 and 4 more | 2026-04-16 | N/A |
| Heap-based buffer overflow in T2EMBED.DLL in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 up to SP1, Windows 98, and Windows ME allows remote attackers to execute arbitrary code via an e-mail message or web page with a crafted Embedded Open Type (EOT) web font that triggers the overflow during decompression. | ||||
| CVE-2006-0020 | 1 Microsoft | 6 Windows 2000, Windows 2003 Server, Windows 98 and 3 more | 2026-04-16 | N/A |
| An unspecified Microsoft WMF parsing application, as used in Internet Explorer 5.01 SP4 on Windows 2000 SP4, and 5.5 SP2 on Windows Millennium, and possibly other versions, allows attackers to cause a denial of service (crash) and possibly execute code via a crafted WMF file with a manipulated WMF header size, possibly involving an integer overflow, a different vulnerability than CVE-2005-4560, and aka "WMF Image Parsing Memory Corruption Vulnerability." | ||||
| CVE-2006-0032 | 1 Microsoft | 3 Windows 2000, Windows 2003 Server, Windows Xp | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in the Indexing Service in Microsoft Windows 2000, XP, and Server 2003, when the Encoding option is set to Auto Select, allows remote attackers to inject arbitrary web script or HTML via a UTF-7 encoded URL, which is injected into an error message whose charset is set to UTF-7. | ||||
| CVE-2005-3168 | 1 Microsoft | 1 Windows 2000 | 2026-04-16 | N/A |
| The SECEDIT command on Microsoft Windows 2000 before Update Rollup 1 for SP4, when using a security template to set Access Control Lists (ACLs) on folders, does not apply ACLs on folders that are listed after a long folder entry, which could result in less secure permissions than specified by the template. | ||||
| CVE-2006-0143 | 1 Microsoft | 6 Windows 2000, Windows 2003 Server, Windows 98 and 3 more | 2026-04-16 | N/A |
| Microsoft Windows Graphics Rendering Engine (GRE) allows remote attackers to corrupt memory and cause a denial of service (crash) via a WMF file containing (1) ExtCreateRegion or (2) ExtEscape function calls with arguments with inconsistent lengths. | ||||
| CVE-2006-3440 | 1 Microsoft | 3 Windows 2000, Windows 2003 Server, Windows Xp | 2026-04-16 | N/A |
| Buffer overflow in the Winsock API in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allows remote attackers to execute arbitrary code via unknown vectors, aka "Winsock Hostname Vulnerability." | ||||
| CVE-2006-0376 | 1 Microsoft | 3 Windows 2000, Windows 2003 Server, Windows Xp | 2026-04-16 | N/A |
| The 802.11 wireless client in certain operating systems including Windows 2000, Windows XP, and Windows Server 2003 does not warn the user when (1) it establishes an association with a station in ad hoc (aka peer-to-peer) mode or (2) a station in ad hoc mode establishes an association with it, which allows remote attackers to put unexpected wireless communication into place. | ||||
| CVE-2005-3169 | 1 Microsoft | 1 Windows 2000 | 2026-04-16 | N/A |
| Microsoft Windows 2000 before Update Rollup 1 for SP4, when the "audit directory service access" policy is enabled, does not record a 565 event message for File Delete Child operations on an Active Directory object in the security event log, which could allow attackers to conduct unauthorized activities without detection. | ||||
| CVE-2006-0488 | 1 Microsoft | 3 Windows 2000, Windows 2003 Server, Windows Xp | 2026-04-16 | N/A |
| The VDM (Virtual DOS Machine) emulation environment for MS-DOS applications in Windows 2000, Windows XP SP2, and Windows Server 2003 allows local users to read the first megabyte of memory and possibly obtain sensitive information, as demonstrated by dumper.asm. | ||||
| CVE-2005-3173 | 1 Microsoft | 1 Windows 2000 | 2026-04-16 | N/A |
| Microsoft Windows 2000 before Update Rollup 1 for SP4 does not apply group policies if the user logs on using UPN credentials with a trailing dot, which prevents Windows 2000 from finding the correct domain controller and could allow the user to bypass intended restrictions. | ||||
| CVE-2005-3175 | 1 Microsoft | 1 Windows 2000 | 2026-04-16 | N/A |
| Microsoft Windows 2000 before Update Rollup 1 for SP4 allows a local administrator to unlock a computer even if it has been locked by a domain administrator, which allows the local administrator to access the session as the domain administrator. | ||||
| CVE-2004-0893 | 1 Microsoft | 4 Windows 2000, Windows 2003 Server, Windows Nt and 1 more | 2026-04-16 | N/A |
| The Local Procedure Call (LPC) interface of the Windows Kernel for Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 does not properly validate the lengths of messages sent to the LPC port, which allows local users to gain privileges, aka "Windows Kernel Vulnerability." | ||||