Vulnerabilities > Microsoft > Windows 2000
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2010-04-14 | CVE-2010-0238 | Improper Input Validation vulnerability in Microsoft products Unspecified vulnerability in registry-key validation in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, and Vista Gold allows local users to cause a denial of service (reboot) via a crafted application, aka "Windows Kernel Registry Key Vulnerability." | 4.9 |
| 2010-04-14 | CVE-2010-0237 | Permissions, Privileges, and Access Controls vulnerability in Microsoft Windows 2000 and Windows XP The kernel in Microsoft Windows 2000 SP4 and XP SP2 and SP3 allows local users to gain privileges by creating a symbolic link from an untrusted registry hive to a trusted registry hive, aka "Windows Kernel Symbolic Link Creation Vulnerability." | 6.9 |
| 2010-04-14 | CVE-2010-0236 | Resource Management Errors vulnerability in Microsoft products The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, and Vista Gold does not properly allocate memory for the destination key associated with a symbolic-link registry key, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Memory Allocation Vulnerability." | 7.2 |
| 2010-04-14 | CVE-2010-0235 | Improper Input Validation vulnerability in Microsoft products The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, and Vista Gold does not perform the expected validation before creating a symbolic link, which allows local users to cause a denial of service (reboot) via a crafted application, aka "Windows Kernel Symbolic Link Value Vulnerability." | 4.7 |
| 2010-04-14 | CVE-2010-0025 | Information Exposure vulnerability in Microsoft products The SMTP component in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, and Server 2008 Gold, SP2, and R2, and Exchange Server 2000 SP3, does not properly allocate memory for SMTP command replies, which allows remote attackers to read fragments of e-mail messages by sending a series of invalid commands and then sending a STARTTLS command, aka "SMTP Memory Allocation Vulnerability." | 5.0 |
| 2010-04-14 | CVE-2010-0024 | Improper Input Validation vulnerability in Microsoft products The SMTP component in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, and Server 2008 Gold, SP2, and R2, and Exchange Server 2003 SP2, does not properly parse MX records, which allows remote DNS servers to cause a denial of service (service outage) via a crafted response to a DNS MX record query, aka "SMTP Server MX Record Vulnerability." | 5.0 |
| 2010-03-31 | CVE-2010-0805 | Code Injection vulnerability in Microsoft Internet Explorer, Windows 2000 and Windows XP The Tabular Data Control (TDC) ActiveX control in Microsoft Internet Explorer 5.01 SP4, 6 on Windows XP SP2 and SP3, and 6 SP1 allows remote attackers to execute arbitrary code via a long URL (DataURL parameter) that triggers memory corruption in the CTDCCtl::SecurityCHeckDataURL function, aka "Memory Corruption Vulnerability." | 9.3 |
| 2010-03-31 | CVE-2010-0491 | Resource Management Errors vulnerability in Microsoft products Use-after-free vulnerability in Microsoft Internet Explorer 5.01 SP4, 6, and 6 SP1 allows remote attackers to execute arbitrary code by changing unspecified properties of an HTML object that has an onreadystatechange event handler, aka "HTML Object Memory Corruption Vulnerability." | 9.3 |
| 2010-03-03 | CVE-2010-0917 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft products Stack-based buffer overflow in VBScript in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2, when Internet Explorer is used, might allow user-assisted remote attackers to execute arbitrary code via a long string in the fourth argument (aka helpfile argument) to the MsgBox function, leading to code execution when the F1 key is pressed, a different vulnerability than CVE-2010-0483. | 7.6 |
| 2010-03-03 | CVE-2010-0483 | Code Injection vulnerability in Microsoft products vbscript.dll in VBScript 5.1, 5.6, 5.7, and 5.8 in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2, when Internet Explorer is used, allows user-assisted remote attackers to execute arbitrary code by referencing a (1) local pathname, (2) UNC share pathname, or (3) WebDAV server with a crafted .hlp file in the fourth argument (aka helpfile argument) to the MsgBox function, leading to code execution involving winhlp32.exe when the F1 key is pressed, aka "VBScript Help Keypress Vulnerability." | 7.6 |