Vulnerabilities > Microsoft > Windows 2000 > Critical

DATE CVE VULNERABILITY TITLE RISK
2005-08-10 CVE-2005-1983 Buffer Overflow vulnerability in Microsoft Windows 2000 and Windows XP
Stack-based buffer overflow in the Plug and Play (PnP) service for Microsoft Windows 2000 and Windows XP Service Pack 1 allows remote attackers to execute arbitrary code via a crafted packet, and local users to gain privileges via a malicious application, as exploited by the Zotob (aka Mytob) worm.
network
low complexity
microsoft
critical
10.0
2005-06-14 CVE-2005-1208 Remote Code Execution vulnerability in Microsoft Windows HTML Help
Integer overflow in Microsoft Windows 98, 2000, XP SP2 and earlier, and Server 2003 SP1 and earlier allows remote attackers to execute arbitrary code via a crafted compiled Help (.CHM) file with a large size field that triggers a heap-based buffer overflow, as demonstrated using a "ms-its:" URL in Internet Explorer.
network
low complexity
microsoft
critical
10.0
2005-05-02 CVE-2005-0050 Improper Input Validation vulnerability in Microsoft Windows 2000, Windows 2003 Server and Windows NT
The License Logging service for Windows NT Server, Windows 2000 Server, and Windows Server 2003 does not properly validate the length of messages, which leads to an "unchecked buffer" and allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, aka the "License Logging Service Vulnerability."
network
low complexity
microsoft CWE-20
critical
10.0
2005-05-02 CVE-2005-0059 Unspecified vulnerability in Microsoft products
Buffer overflow in the Message Queuing component of Microsoft Windows 2000 and Windows XP SP1 allows remote attackers to execute arbitrary code via a crafted message.
network
low complexity
microsoft
critical
10.0
2005-05-02 CVE-2005-0551 Unspecified vulnerability in Microsoft Windows 2000, Windows 2003 Server and Windows XP
Stack-based buffer overflow in WINSRV.DLL in the Client Server Runtime System (CSRSS) process of Microsoft Windows 2000, Windows XP SP1 and SP2, and Windows Server 2003 allows local users to gain privileges via a specially-designed application that provides console window information with a long FaceName value.
network
low complexity
microsoft
critical
10.0
2005-01-10 CVE-2004-0568 Unspecified vulnerability in Microsoft products
HyperTerminal application for Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 does not properly validate the length of a value that is saved in a session file, which allows remote attackers to execute arbitrary code via a malicious HyperTerminal session file (.ht), web site, or Telnet URL contained in an e-mail message, triggering a buffer overflow.
network
low complexity
microsoft
critical
10.0
2005-01-10 CVE-2004-0571 Unspecified vulnerability in Microsoft products
Microsoft Word for Windows 6.0 Converter does not properly validate certain data lengths, which allows remote attackers to execute arbitrary code via a .wri, .rtf, and .doc file sent by email or malicious web site, aka "Table Conversion Vulnerability," a different vulnerability than CVE-2004-0901.
network
low complexity
microsoft
critical
10.0
2005-01-10 CVE-2004-0901 Unspecified vulnerability in Microsoft products
Microsoft Word for Windows 6.0 Converter (MSWRD632.WPC), as used in WordPad, does not properly validate certain data lengths, which allows remote attackers to execute arbitrary code via a .wri, .rtf, and .doc file sent by email or malicious web site, aka "Font Conversion Vulnerability," a different vulnerability than CVE-2004-0571.
network
low complexity
microsoft
critical
10.0
2005-01-10 CVE-2004-1080 Remote Memory Corruption vulnerability in Microsoft Windows 2000, Windows 2003 Server and Windows NT
The WINS service (wins.exe) on Microsoft Windows NT Server 4.0, Windows 2000 Server, and Windows Server 2003 allows remote attackers to write to arbitrary memory locations and possibly execute arbitrary code via a modified memory pointer in a WINS replication packet to TCP port 42, aka the "Association Context Vulnerability."
network
low complexity
microsoft
critical
10.0
2004-11-03 CVE-2004-0209 Remote Buffer Overflow vulnerability in Microsoft Windows 2000, Windows 2003 Server and Windows XP
Unknown vulnerability in the Graphics Rendering Engine processes of Microsoft Windows 2000, Windows XP, and Windows Server 2003 allows remote attackers to execute arbitrary code via (1) Windows Metafile (WMF) or (2) Enhanced Metafile (EMF) image formats that involve "an unchecked buffer."
network
low complexity
microsoft
critical
10.0