Vulnerabilities > Microsoft > Windows 2000 > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2002-12-23 | CVE-2002-1256 | Unspecified vulnerability in Microsoft products The SMB signing capability in the Server Message Block (SMB) protocol in Microsoft Windows 2000 and Windows XP allows attackers to disable the digital signing settings in an SMB session to force the data to be sent unsigned, then inject data into the session without detection, e.g. | 5.0 |
| 2002-11-12 | CVE-2002-1184 | Unspecified vulnerability in Microsoft Windows 2000 and Windows NT The system root folder of Microsoft Windows 2000 has default permissions of Everyone group with Full access (Everyone:F) and is in the search path when locating programs during login or application launch from the desktop, which could allow attackers to gain privileges as other users via Trojan horse programs. | 4.6 |
| 2002-11-04 | CVE-2002-1230 | Privilege Escalation vulnerability in Microsoft Windows 2000 and Windows 2000 Terminal Services NetDDE Agent on Windows NT 4.0, 4.0 Terminal Server Edition, Windows 2000, and Windows XP allows local users to execute arbitrary code as LocalSystem via "shatter" style attack by sending a WM_COPYDATA message followed by a WM_TIMER message, as demonstrated by GetAd, aka "Flaw in Windows WM_TIMER Message Handling Could Enable Privilege Elevation." | 4.6 |
| 2002-10-11 | CVE-2002-0864 | Remote Desktop Denial Of Service vulnerability in Microsoft Windows XP Professional The Remote Data Protocol (RDP) version 5.1 in Microsoft Windows XP allows remote attackers to cause a denial of service (crash) when Remote Desktop is enabled via a PDU Confirm Active data packet that does not set the Pattern BLT command, aka "Denial of Service in Remote Desktop." | 5.0 |
| 2002-10-11 | CVE-2002-0863 | Unspecified vulnerability in Microsoft products Remote Data Protocol (RDP) version 5.0 in Microsoft Windows 2000 and RDP 5.1 in Windows XP does not encrypt the checksums of plaintext session data, which could allow a remote attacker to determine the contents of encrypted sessions via sniffing, aka "Weak Encryption in RDP Protocol." | 5.0 |
| 2002-10-04 | CVE-2002-0699 | Unspecified vulnerability in Microsoft products Unknown vulnerability in the Certificate Enrollment ActiveX Control in Microsoft Windows 98, Windows 98 Second Edition, Windows Millennium, Windows NT 4.0, Windows 2000, and Windows XP allow remote attackers to delete digital certificates on a user's system via HTML. | 5.0 |
| 2002-09-05 | CVE-2002-0725 | Link Following vulnerability in Microsoft Windows 2000 and Windows NT NTFS file system in Windows NT 4.0 and Windows 2000 SP2 allows local attackers to hide file usage activities via a hard link to the target file, which causes the link to be recorded in the audit trail instead of the target file. | 5.5 |
| 2002-07-26 | CVE-2002-0443 | Unspecified vulnerability in Microsoft Windows 2000 Microsoft Windows 2000 allows local users to bypass the policy that prohibits reusing old passwords by changing the current password before it expires, which does not enable the check for previous passwords. | 4.6 |
| 2002-05-16 | CVE-2002-0224 | Denial of Service vulnerability in Microsoft products The MSDTC (Microsoft Distributed Transaction Service Coordinator) for Microsoft Windows 2000, Microsoft IIS 5.0 and SQL Server 6.5 through SQL 2000 0.0 allows remote attackers to cause a denial of service (crash or hang) via malformed (random) input. | 5.0 |
| 2002-03-08 | CVE-2002-0055 | Incorrect Resource Transfer Between Spheres vulnerability in Microsoft Exchange Server, Windows 2000 and Windows XP SMTP service in Microsoft Windows 2000, Windows XP Professional, and Exchange 2000 allows remote attackers to cause a denial of service via a command with a malformed data transfer (BDAT) request. | 5.0 |