Vulnerabilities > Microsoft > Windows 2000 > High

DATE CVE VULNERABILITY TITLE RISK
2010-01-21 CVE-2010-0232 Unspecified vulnerability in Microsoft Windows 2000, Windows 7 and Windows XP
The kernel in Microsoft Windows NT 3.1 through Windows 7, including Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, and Windows Server 2008 Gold and SP2, when access to 16-bit applications is enabled on a 32-bit x86 platform, does not properly validate certain BIOS calls, which allows local users to gain privileges by crafting a VDM_TIB data structure in the Thread Environment Block (TEB), and then calling the NtVdmControl function to start the Windows Virtual DOS Machine (aka NTVDM) subsystem, leading to improperly handled exceptions involving the #GP trap handler (nt!KiTrap0D), aka "Windows Kernel Exception Handler Vulnerability."
local
low complexity
microsoft
7.8
2009-07-15 CVE-2009-0231 Incorrect Conversion between Numeric Types vulnerability in Microsoft products
The Embedded OpenType (EOT) Font Engine (T2EMBED.DLL) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a crafted name table in a data record that triggers an integer truncation and a heap-based buffer overflow, aka "Embedded OpenType Font Heap Overflow Vulnerability."
network
low complexity
microsoft CWE-681
8.8
2009-06-10 CVE-2009-1123 Unspecified vulnerability in Microsoft products
The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 does not properly validate changes to unspecified kernel objects, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Desktop Vulnerability."
local
low complexity
microsoft
7.8
2008-04-08 CVE-2008-0087 Use of Insufficiently Random Values vulnerability in Microsoft products
The DNS client in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, and Vista uses predictable DNS transaction IDs, which allows remote attackers to spoof DNS responses.
network
low complexity
microsoft CWE-330
7.5
2004-08-06 CVE-2004-0213 Missing Authentication for Critical Function vulnerability in Microsoft Windows 2000
Utility Manager in Windows 2000 launches winhlp32.exe while Utility Manager is running with raised privileges, which allows local users to gain system privileges via a "Shatter" style attack that sends a Windows message to cause Utility Manager to launch winhlp32 by directly accessing the context sensitive help and bypassing the GUI, then sending another message to winhlp32 in order to open a user-selected file, a different vulnerability than CVE-2003-0908.
local
low complexity
microsoft CWE-306
7.8
2004-08-06 CVE-2004-0210 Classic Buffer Overflow vulnerability in Microsoft Interix, Windows 2000 and Windows NT
The POSIX component of Microsoft Windows NT and Windows 2000 allows local users to execute arbitrary code via certain parameters, possibly by modifying message length values and causing a buffer overflow.
local
low complexity
microsoft CWE-120
7.8
2004-06-01 CVE-2004-0119 NULL Pointer Dereference vulnerability in Microsoft Windows 2000, Windows Server 2003 and Windows XP
The Negotiate Security Software Provider (SSP) interface in Windows 2000, Windows XP, and Windows Server 2003, allows remote attackers to cause a denial of service (crash from null dereference) or execute arbitrary code via a crafted SPNEGO NegTokenInit request during authentication protocol selection.
network
low complexity
microsoft CWE-476
7.5
2002-06-25 CVE-2002-0367 Unspecified vulnerability in Microsoft Windows 2000 and Windows NT
smss.exe debugging subsystem in Windows NT and Windows 2000 does not properly authenticate programs that connect to other programs, which allows local users to gain administrator or SYSTEM privileges by duplicating a handle to a privileged process, as demonstrated by DebPloit.
local
low complexity
microsoft
7.8
2002-04-04 CVE-2002-0051 Improper Locking vulnerability in Microsoft Windows 2000
Windows 2000 allows local users to prevent the application of new group policy settings by opening Group Policy files with exclusive-read access.
local
low complexity
microsoft CWE-667
7.8
2001-12-31 CVE-2001-1515 Improper Preservation of Permissions vulnerability in Microsoft Windows 2000
Macintosh clients, when using NT file system volumes on Windows 2000 SP1, create subdirectories and automatically modify the inherited NTFS permissions, which may cause the directories to have less restrictive permissions than intended.
network
low complexity
microsoft CWE-281
7.5