Vulnerabilities > Microsoft > Windows 2000 Terminal Services
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2005-06-14 | CVE-2005-1214 | Unspecified vulnerability in Microsoft products Microsoft Agent allows remote attackers to spoof trusted Internet content and execute arbitrary code by disguising security prompts on a malicious Web page. | 5.1 |
| 2005-06-14 | CVE-2005-1212 | Buffer Overflow vulnerability in Microsoft Step-By-Step Interactive Training Bookmark Link Buffer overflow in Microsoft Step-by-Step Interactive Training (orun32.exe) allows remote attackers to execute arbitrary code via a bookmark link file (.cbo, cbl, or .cbm extension) with a long User field. | 7.5 |
| 2003-08-18 | CVE-2003-0496 | Unspecified vulnerability in Microsoft Windows 2000 and Windows 2000 Terminal Services Microsoft SQL Server before Windows 2000 SP4 allows local users to gain privileges as the SQL Server user by calling the xp_fileexist extended stored procedure with a named pipe as an argument instead of a normal file. | 7.2 |
| 2003-05-12 | CVE-2003-0112 | Buffer Overflow vulnerability in Microsoft Windows Kernel Message Handling Buffer overflow in Windows Kernel allows local users to gain privileges by causing certain error messages to be passed to a debugger. | 4.6 |
| 2003-05-05 | CVE-2003-0111 | Unspecified vulnerability in Microsoft products The ByteCode Verifier component of Microsoft Virtual Machine (VM) build 5.0.3809 and earlier, as used in Windows and Internet Explorer, allows remote attackers to bypass security checks and execute arbitrary code via a malicious Java applet, aka "Flaw in Microsoft VM Could Enable System Compromise." | 7.5 |
| 2003-04-02 | CVE-2002-1561 | Denial of Service vulnerability in Microsoft Windows RPC Service The RPC component in Windows 2000, Windows NT 4.0, and Windows XP allows remote attackers to cause a denial of service (disabled RPC service) via a malformed packet to the RPC Endpoint Mapper at TCP port 135, which triggers a null pointer dereference. | 5.0 |
| 2003-03-24 | CVE-2003-0010 | Heap Overflow vulnerability in Microsoft Windows Script Engine JScript.DLL Integer overflow in JsArrayFunctionHeapSort function used by Windows Script Engine for JScript (JScript.dll) on various Windows operating system allows remote attackers to execute arbitrary code via a malicious web page or HTML e-mail that uses a large array index value that enables a heap-based buffer overflow attack. | 7.5 |
| 2003-02-07 | CVE-2003-0003 | Buffer Overflow vulnerability in Microsoft Windows Locator Service Buffer overflow in the RPC Locator service for Microsoft Windows NT 4.0, Windows NT 4.0 Terminal Server Edition, Windows 2000, and Windows XP allows local users to execute arbitrary code via an RPC call to the service containing certain parameter information. | 7.5 |
| 2003-01-17 | CVE-2003-0001 | Information Exposure vulnerability in multiple products Multiple ethernet Network Interface Card (NIC) device drivers do not pad frames with null bytes, which allows remote attackers to obtain information from previous packets or kernel memory by using malformed packets, as demonstrated by Etherleak. | 5.0 |
| 2002-12-31 | CVE-2002-1933 | Unspecified vulnerability in Microsoft Windows 2000 Terminal Services The terminal services screensaver for Microsoft Windows 2000 does not automatically lock the terminal window if the window is minimized, which could allow local users to gain access to the terminal server window. | 7.2 |