Vulnerabilities > Microsoft > Windows 2000

DATE CVE VULNERABILITY TITLE RISK
2009-08-12 CVE-2009-1924 Numeric Errors vulnerability in Microsoft Windows 2000 and Windows 2003 Server
Integer overflow in the Windows Internet Name Service (WINS) component for Microsoft Windows 2000 SP4 allows remote WINS replication partners to execute arbitrary code via crafted data structures in a packet, aka "WINS Integer Overflow Vulnerability."
network
microsoft CWE-189
critical
9.3
2009-08-12 CVE-2009-1923 Buffer Errors vulnerability in Microsoft Windows 2000 and Windows 2003 Server
Heap-based buffer overflow in the Windows Internet Name Service (WINS) component for Microsoft Windows 2000 SP4 and Server 2003 SP2 allows remote attackers to execute arbitrary code via a crafted WINS replication packet that triggers an incorrect buffer-length calculation, aka "WINS Heap Overflow Vulnerability."
network
microsoft CWE-119
critical
9.3
2009-08-12 CVE-2009-1922 Permissions, Privileges, and Access Controls vulnerability in Microsoft products
The Message Queuing (aka MSMQ) service for Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP2, and Vista Gold does not properly validate unspecified IOCTL request data from user mode before passing this data to kernel mode, which allows local users to gain privileges via a crafted request, aka "MSMQ Null Pointer Vulnerability."
6.9
2009-08-10 CVE-2009-2717 Permissions, Privileges, and Access Controls vulnerability in SUN Java SE
The Abstract Window Toolkit (AWT) implementation in Sun Java SE 6 before Update 15 on Windows 2000 Professional does not provide a Security Warning Icon, which makes it easier for context-dependent attackers to trick a user into interacting unsafely with an untrusted applet.
6.8
2009-07-29 CVE-2009-2493 Permissions, Privileges, and Access Controls vulnerability in Microsoft products
The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold and SP1, and Visual C++ 2005 SP1 and 2008 Gold and SP1; and Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2; does not properly restrict use of OleLoadFromStream in instantiating objects from data streams, which allows remote attackers to execute arbitrary code via a crafted HTML document with an ATL (1) component or (2) control, related to ATL headers and bypassing security policies, aka "ATL COM Initialization Vulnerability."
network
microsoft CWE-264
critical
9.3
2009-07-15 CVE-2009-1539 Code Injection vulnerability in Microsoft products
The QuickTime Movie Parser Filter in quartz.dll in DirectShow in Microsoft DirectX 7.0 through 9.0c on Windows 2000 SP4, Windows XP SP2 and SP3, and Windows Server 2003 SP2 does not properly validate unspecified size fields in QuickTime media files, which allows remote attackers to execute arbitrary code via a crafted file, aka "DirectX Size Validation Vulnerability."
network
microsoft CWE-94
critical
9.3
2009-07-15 CVE-2009-1538 Improper Input Validation vulnerability in Microsoft products
The QuickTime Movie Parser Filter in quartz.dll in DirectShow in Microsoft DirectX 7.0 through 9.0c on Windows 2000 SP4, Windows XP SP2 and SP3, and Windows Server 2003 SP2 performs updates to pointers without properly validating unspecified data values, which allows remote attackers to execute arbitrary code via a crafted QuickTime media file, aka "DirectX Pointer Validation Vulnerability."
network
microsoft CWE-20
critical
9.3
2009-07-15 CVE-2009-0231 Incorrect Conversion between Numeric Types vulnerability in Microsoft products
The Embedded OpenType (EOT) Font Engine (T2EMBED.DLL) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a crafted name table in a data record that triggers an integer truncation and a heap-based buffer overflow, aka "Embedded OpenType Font Heap Overflow Vulnerability."
network
low complexity
microsoft CWE-681
8.8
2009-06-10 CVE-2009-1123 Unspecified vulnerability in Microsoft products
The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 does not properly validate changes to unspecified kernel objects, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Desktop Vulnerability."
local
low complexity
microsoft
7.8
2009-06-10 CVE-2009-1139 Resource Management Errors vulnerability in Microsoft Adam, Windows 2000 and Windows Server 2003
Memory leak in the LDAP service in Active Directory on Microsoft Windows 2000 SP4 and Server 2003 SP2, and Active Directory Application Mode (ADAM) on Windows XP SP2 and SP3 and Server 2003 SP2, allows remote attackers to cause a denial of service (memory consumption and service outage) via (1) LDAP or (2) LDAPS requests with unspecified OID filters, aka "Active Directory Memory Leak Vulnerability."
network
low complexity
microsoft CWE-399
7.8