Vulnerabilities > Microsoft > Windows 2000 > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2001-08-14 | CVE-2001-0504 | Authentication vulnerability in Microsoft Windows 2000 SMTP Improper Vulnerability in authentication process for SMTP service in Microsoft Windows 2000 allows remote attackers to use incorrect credentials to gain privileges and conduct activities such as mail relaying. | 7.5 |
| 2001-07-21 | CVE-2001-0349 | Privilege Escalation vulnerability in Microsoft Windows 2000 Telnet Microsoft Windows 2000 telnet service creates named pipes with predictable names and does not properly verify them, which allows local users to execute arbitrary commands by creating a named pipe with the predictable name and associating a malicious program with it, the first of two variants of this vulnerability. | 7.2 |
| 2001-07-21 | CVE-2001-0347 | Unspecified vulnerability in Microsoft Windows 2000 Information disclosure vulnerability in Microsoft Windows 2000 telnet service allows remote attackers to determine the existence of user accounts such as Guest, or log in to the server without specifying the domain name, via a malformed userid. | 7.5 |
| 2001-07-21 | CVE-2001-0341 | Buffer Overflow vulnerability in Microsoft products Buffer overflow in Microsoft Visual Studio RAD Support sub-component of FrontPage Server Extensions allows remote attackers to execute arbitrary commands via a long registration request (URL) to fp30reg.dll. | 7.5 |
| 2001-07-16 | CVE-2001-1238 | Improper Handling of Case Sensitivity vulnerability in Microsoft Windows 2000 Task Manager in Windows 2000 does not allow local users to end processes with uppercase letters named (1) winlogon.exe, (2) csrss.exe, (3) smss.exe and (4) services.exe via the Process tab which could allow local users to install Trojan horses that cannot be stopped with the Task Manager. | 7.8 |
| 2001-07-02 | CVE-2001-0238 | Unspecified vulnerability in Microsoft products Microsoft Data Access Component Internet Publishing Provider 8.103.2519.0 and earlier allows remote attackers to bypass Security Zone restrictions via WebDAV requests. | 7.5 |
| 2001-03-12 | CVE-2001-0015 | Unspecified vulnerability in Microsoft Windows 2000 Network Dynamic Data Exchange (DDE) in Windows 2000 allows local users to gain SYSTEM privileges via a "WM_COPYDATA" message to an invisible window that is running with the privileges of the WINLOGON process. | 7.2 |
| 2001-02-12 | CVE-2001-0048 | Unspecified vulnerability in Microsoft Windows 2000 The "Configure Your Server" tool in Microsoft 2000 domain controllers installs a blank password for the Directory Service Restore Mode, which allows attackers with physical access to the controller to install malicious programs, aka the "Directory Service Restore Mode Password" vulnerability. | 7.2 |
| 2000-12-19 | CVE-2000-0885 | Unspecified vulnerability in Microsoft Systems Management Server, Windows 2000 and Windows NT Buffer overflows in Microsoft Network Monitor (Netmon) allow remote attackers to execute arbitrary commands via a long Browser Name in a CIFS Browse Frame, a long SNMP community name, or a long username or filename in an SMB session, aka the "Netmon Protocol Parsing" vulnerability. | 7.5 |
| 2000-11-14 | CVE-2000-0834 | Unspecified vulnerability in Microsoft Windows 2000 The Windows 2000 telnet client attempts to perform NTLM authentication by default, which allows remote attackers to capture and replay the NTLM challenge/response via a telnet:// URL that points to the malicious server, aka the "Windows 2000 Telnet Client NTLM Authentication" vulnerability. | 7.5 |