Vulnerabilities > Microsoft > Exchange Server > 2000
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2010-04-14 | CVE-2010-0025 | Information Exposure vulnerability in Microsoft products The SMTP component in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, and Server 2008 Gold, SP2, and R2, and Exchange Server 2000 SP3, does not properly allocate memory for SMTP command replies, which allows remote attackers to read fragments of e-mail messages by sending a series of invalid commands and then sending a STARTTLS command, aka "SMTP Memory Allocation Vulnerability." | 5.0 |
| 2010-04-14 | CVE-2010-0024 | Improper Input Validation vulnerability in Microsoft products The SMTP component in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, and Server 2008 Gold, SP2, and R2, and Exchange Server 2003 SP2, does not properly parse MX records, which allows remote DNS servers to cause a denial of service (service outage) via a crafted response to a DNS MX record query, aka "SMTP Server MX Record Vulnerability." | 5.0 |
| 2009-05-05 | CVE-2009-1491 | Improper Input Validation vulnerability in Mcafee Groupshield McAfee GroupShield for Microsoft Exchange on Exchange Server 2000, and possibly other anti-virus or anti-spam products from McAfee or other vendors, does not scan X- headers for malicious content, which allows remote attackers to bypass virus detection via a crafted message, as demonstrated by a message with an X-Testing header and no message body. | 9.3 |
| 2009-02-10 | CVE-2009-0099 | Improper Input Validation vulnerability in Microsoft Exchange Server 2000/2003/2007 The Electronic Messaging System Microsoft Data Base (EMSMDB32) provider in Microsoft Exchange 2000 Server SP3 and Exchange Server 2003 SP2, as used in Exchange System Attendant, allows remote attackers to cause a denial of service (application outage) via a malformed MAPI command, aka "Literal Processing Vulnerability." | 5.0 |
| 2009-02-10 | CVE-2009-0098 | Resource Management Errors vulnerability in Microsoft Exchange Server 2000/2003/2007 Microsoft Exchange 2000 Server SP3, Exchange Server 2003 SP2, and Exchange Server 2007 SP1 do not properly interpret Transport Neutral Encapsulation (TNEF) properties, which allows remote attackers to execute arbitrary code via a crafted TNEF message, aka "Memory Corruption Vulnerability." | 9.3 |
| 2007-05-08 | CVE-2007-0221 | Integer Overflow OR Wraparound vulnerability in Microsoft Exchange Server 2000 Integer overflow in the IMAP (IMAP4) support in Microsoft Exchange Server 2000 SP3 allows remote attackers to cause a denial of service (service hang) via crafted literals in an IMAP command, aka the "IMAP Literal Processing Vulnerability." | 7.8 |
| 2007-05-08 | CVE-2007-0220 | Cross-Site Scripting vulnerability in Microsoft Exchange Server 2000/2003 Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) in Microsoft Exchange Server 2000 SP3, and 2003 SP1 and SP2 allows remote attackers to execute arbitrary scripts, spoof content, or obtain sensitive information via certain UTF-encoded, script-based e-mail attachments, involving an "incorrectly handled UTF character set label". | 6.8 |
| 2007-05-08 | CVE-2007-0213 | Improper Input Validation vulnerability in Microsoft Exchange Server 2000/2003/2007 Microsoft Exchange Server 2000 SP3, 2003 SP1 and SP2, and 2007 does not properly decode certain MIME encoded e-mails, which allows remote attackers to execute arbitrary code via a crafted base64-encoded MIME e-mail message. | 10.0 |
| 2007-05-08 | CVE-2007-0039 | Null Pointer Dereference vulnerability in Microsoft Exchange Server 2000/2003/2007 The Exchange Collaboration Data Objects (EXCDO) functionality in Microsoft Exchange Server 2000 SP3, 2003 SP1 and SP2, and 2007 allows remote attackers to cause a denial of service (crash) via an Internet Calendar (iCal) file containing multiple X-MICROSOFT-CDO-MODPROPS (MODPROPS) properties in which the second MODPROPS is longer than the first, which triggers a NULL pointer dereference and an unhandled exception. | 7.8 |
| 2006-06-13 | CVE-2006-1193 | Cross-Site Scripting vulnerability in Microsoft Exchange Server 2000 Cross-site scripting (XSS) vulnerability in Microsoft Exchange Server 2000 SP1 through SP3, when running Outlook Web Access (OWA), allows user-assisted remote attackers to inject arbitrary HTML or web script via unknown vectors related to "HTML parsing." | 2.6 |