Vulnerabilities > Microsoft > Windows 2000
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-12-22 | CVE-2006-6696 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft products Double free vulnerability in Microsoft Windows 2000, XP, 2003, and Vista allows local users to gain privileges by calling the MessageBox function with a MB_SERVICE_NOTIFICATION message with crafted data, which sends a HardError message to Client/Server Runtime Server Subsystem (CSRSS) process, which is not properly handled when invoking the UserHardError and GetHardErrorText functions in WINSRV.DLL. | 6.9 |
| 2006-12-13 | CVE-2006-5584 | Remote Installation Service Remote Code Execution vulnerability in Microsoft Windows 2000 The Remote Installation Service (RIS) in Microsoft Windows 2000 SP4 uses a TFTP server that allows anonymous access, which allows remote attackers to upload and overwrite arbitrary files to gain privileges on systems that use RIS. | 7.5 |
| 2006-12-05 | CVE-2006-6296 | Resource Management Errors vulnerability in Microsoft Windows 2000 and Windows XP The RpcGetPrinterData function in the Print Spooler (spoolsv.exe) service in Microsoft Windows 2000 SP4 and earlier, and possibly Windows XP SP1 and earlier, allows remote attackers to cause a denial of service (memory consumption) via an RPC request that specifies a large 'offered' value (output buffer size), a variant of CVE-2005-3644. | 6.1 |
| 2006-12-04 | CVE-2006-6261 | Remote Memory Corruption vulnerability in Quinnware Quintessential Player Playlist Files Buffer overflow in Quintessential Player 4.50.1.82 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted (1) M3u or (2) M3u-8 file; or a (3) crafted PLS file with a long value in the (a) NumberofEntries, (b) Length (aka Length1), (c) Filename (aka File1), (d) Title (aka Title1) field, or other unspecified fields. | 9.3 |
| 2006-11-20 | CVE-2006-5988 | Denial of Service vulnerability in Microsoft Active Directory Unspecified vulnerability in Windows 2000 Advanced Server SP4 running Active Directory allows remote attackers to cause a denial of service via unknown vectors, as demonstrated by a certain VulnDisco Pack module. | 5.0 |
| 2006-11-14 | CVE-2006-4689 | Denial-Of-Service vulnerability in Microsoft Windows 2000, Windows 2003 Server and Windows XP Unspecified vulnerability in the driver for the Client Service for NetWare (CSNW) in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 up to SP1 allows remote attackers to cause a denial of service (hang and reboot) via has unknown attack vectors, aka "NetWare Driver Denial of Service Vulnerability." | 5.0 |
| 2006-11-14 | CVE-2006-4688 | Remote Code Execution vulnerability in Microsoft Windows 2000, Windows 2003 Server and Windows XP Buffer overflow in Client Service for NetWare (CSNW) in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 up to SP1 allows remote attackers to execute arbitrary code via crafted messages, aka "Client Service for NetWare Memory Corruption Vulnerability." | 7.5 |
| 2006-11-14 | CVE-2006-4691 | Remote Code Execution vulnerability in Microsoft Windows 2000 and Windows XP Stack-based buffer overflow in the NetpManageIPCConnect function in the Workstation service (wkssvc.dll) in Microsoft Windows 2000 SP4 and XP SP2 allows remote attackers to execute arbitrary code via NetrJoinDomain2 RPC messages with a long hostname. | 10.0 |
| 2006-11-14 | CVE-2006-3445 | Numeric Errors vulnerability in Microsoft Windows 2000, Windows 2003 Server and Windows XP Integer overflow in the ReadWideString function in agentdpv.dll in Microsoft Agent on Microsoft Windows 2000 SP4, XP SP2, and Server 2003 up to SP1 allows remote attackers to execute arbitrary code via a large length value in an .ACF file, which results in a heap-based buffer overflow. | 7.5 |
| 2006-11-06 | CVE-2006-5758 | Buffer Errors vulnerability in Microsoft Windows 2000 and Windows XP The Graphics Rendering Engine in Microsoft Windows 2000 through 2000 SP4 and Windows XP through SP2 maps GDI Kernel structures on a global shared memory section that is mapped with read-only permissions, but can be remapped by other processes as read-write, which allows local users to cause a denial of service (memory corruption and crash) and gain privileges by modifying the kernel structures. | 7.2 |