Vulnerabilities > Microsoft > Windows 2000 > Critical

DATE CVE VULNERABILITY TITLE RISK
2008-09-11 CVE-2008-3008 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft products
Stack-based buffer overflow in the WMEncProfileManager ActiveX control in wmex.dll in Microsoft Windows Media Encoder 9 Series allows remote attackers to execute arbitrary code via a long first argument to the GetDetailsString method, aka "Windows Media Encoder Buffer Overrun Vulnerability."
network
microsoft CWE-119
critical
9.3
2008-08-13 CVE-2008-1456 Improper Input Validation vulnerability in Microsoft products
Array index vulnerability in the Event System in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote authenticated users to execute arbitrary code via a crafted event subscription request that is used to access an array of function pointers.
network
low complexity
microsoft CWE-20
critical
9.0
2008-08-13 CVE-2008-1457 Improper Input Validation vulnerability in Microsoft products
The Event System in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly validate per-user subscriptions, which allows remote authenticated users to execute arbitrary code via a crafted event subscription request.
network
low complexity
microsoft CWE-20
critical
9.0
2008-08-13 CVE-2008-2245 Buffer Errors vulnerability in Microsoft Windows 2000, Windows 2003 Server and Windows XP
Heap-based buffer overflow in the InternalOpenColorProfile function in mscms.dll in Microsoft Windows Image Color Management System (MSCMS) in the Image Color Management (ICM) component on Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted image file.
network
microsoft CWE-119
critical
9.3
2008-07-08 CVE-2008-1454 Unspecified vulnerability in Microsoft products
Unspecified vulnerability in Microsoft DNS in Windows 2000 SP4, Server 2003 SP1 and SP2, and Server 2008 allows remote attackers to conduct cache poisoning attacks via unknown vectors related to accepting "records from a response that is outside the remote server's authority," aka "DNS Cache Poisoning Vulnerability," a different vulnerability than CVE-2008-1447.
network
low complexity
microsoft
critical
9.4
2008-06-12 CVE-2008-0011 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft Directx
Microsoft DirectX 8.1 through 9.0c, and DirectX on Microsoft XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008, does not properly perform MJPEG error checking, which allows remote attackers to execute arbitrary code via a crafted MJPEG stream in a (1) AVI or (2) ASF file, aka the "MJPEG Decoder Vulnerability."
network
microsoft CWE-119
critical
9.3
2008-06-12 CVE-2008-1444 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft Directx
Stack-based buffer overflow in Microsoft DirectX 7.0 and 8.1 on Windows 2000 SP4 allows remote attackers to execute arbitrary code via a Synchronized Accessible Media Interchange (SAMI) file with crafted parameters for a Class Name variable, aka the "SAMI Format Parsing Vulnerability."
network
microsoft CWE-119
critical
9.3
2008-04-23 CVE-2007-6255 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft products
Buffer overflow in the Microsoft HeartbeatCtl ActiveX control in HRTBEAT.OCX allows remote attackers to execute arbitrary code via the Host argument to an unspecified method.
network
microsoft CWE-119
critical
9.3
2008-04-08 CVE-2008-0083 Code Injection vulnerability in Microsoft Windows 2000, Windows 2003 Server and Windows XP
The (1) VBScript (VBScript.dll) and (2) JScript (JScript.dll) scripting engines 5.1 and 5.6, as used in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 and SP2, do not properly decode script, which allows remote attackers to execute arbitrary code via unknown vectors.
network
microsoft CWE-94
critical
9.3
2008-04-08 CVE-2008-1087 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft products
Stack-based buffer overflow in GDI in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, Vista, and Server 2008 allows remote attackers to execute arbitrary code via an EMF image file with crafted filename parameters, aka "GDI Stack Overflow Vulnerability."
network
microsoft CWE-119
critical
9.3