Vulnerabilities > Microsoft

DATE CVE VULNERABILITY TITLE RISK
2002-09-05 CVE-2002-0725 Link Following vulnerability in Microsoft Windows 2000 and Windows NT
NTFS file system in Windows NT 4.0 and Windows 2000 SP2 allows local attackers to hide file usage activities via a hard link to the target file, which causes the link to be recorded in the audit trail instead of the target file.
local
low complexity
microsoft CWE-59
5.5
2002-08-12 CVE-2002-0391 Integer Overflow or Wraparound vulnerability in multiple products
Integer overflow in xdr_array function in RPC servers for operating systems that use libc, glibc, or other code based on SunRPC including dietlibc, allows remote attackers to execute arbitrary code by passing a large number of arguments to xdr_array through RPC services such as rpc.cmsd and dmispd.
network
low complexity
openbsd sun freebsd microsoft CWE-190
critical
9.8
2002-06-25 CVE-2002-0367 Unspecified vulnerability in Microsoft Windows 2000 and Windows NT
smss.exe debugging subsystem in Windows NT and Windows 2000 does not properly authenticate programs that connect to other programs, which allows local users to gain administrator or SYSTEM privileges by duplicating a handle to a privileged process, as demonstrated by DebPloit.
local
low complexity
microsoft
7.8
2002-04-04 CVE-2002-0051 Improper Locking vulnerability in Microsoft Windows 2000
Windows 2000 allows local users to prevent the application of new group policy settings by opening Group Policy files with exclusive-read access.
local
low complexity
microsoft CWE-667
7.8
2001-12-31 CVE-2001-1515 Improper Preservation of Permissions vulnerability in Microsoft Windows 2000
Macintosh clients, when using NT file system volumes on Windows 2000 SP1, create subdirectories and automatically modify the inherited NTFS permissions, which may cause the directories to have less restrictive permissions than intended.
network
low complexity
microsoft CWE-281
7.5
2001-08-31 CVE-2001-1452 Origin Validation Error vulnerability in Microsoft Windows 2000 and Windows NT
By default, DNS servers on Windows NT 4.0 and Windows 2000 Server cache glue records received from non-delegated name servers, which allows remote attackers to poison the DNS cache via spoofed DNS responses.
network
low complexity
microsoft CWE-346
7.5
2001-07-16 CVE-2001-1238 Improper Handling of Case Sensitivity vulnerability in Microsoft Windows 2000
Task Manager in Windows 2000 does not allow local users to end processes with uppercase letters named (1) winlogon.exe, (2) csrss.exe, (3) smss.exe and (4) services.exe via the Process tab which could allow local users to install Trojan horses that cannot be stopped with the Task Manager.
local
low complexity
microsoft CWE-178
7.8
2001-06-27 CVE-2001-0334 Incorrect Calculation of Buffer Size vulnerability in Microsoft Internet Information Server
FTP service in IIS 5.0 and earlier allows remote attackers to cause a denial of service via a wildcard sequence that generates a long string when it is expanded.
network
low complexity
microsoft CWE-131
7.5
2001-02-12 CVE-2001-0006 Incorrect Permission Assignment for Critical Resource vulnerability in Microsoft Windows NT 4.0
The Winsock2ProtocolCatalogMutex mutex in Windows NT 4.0 has inappropriate Everyone/Full Control permissions, which allows local users to modify the permissions to "No Access" and disable Winsock network connectivity to cause a denial of service, aka the "Winsock Mutex" vulnerability.
local
low complexity
microsoft CWE-732
7.1
2000-04-14 CVE-2000-1218 Origin Validation Error vulnerability in Microsoft products
The default configuration for the domain name resolver for Microsoft Windows 98, NT 4.0, 2000, and XP sets the QueryIpMatching parameter to 0, which causes Windows to accept DNS updates from hosts that it did not query, which allows remote attackers to poison the DNS cache.
network
low complexity
microsoft CWE-346
critical
9.8