Vulnerabilities > Microsoft > Windows 2000 > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2007-02-23 | CVE-2006-7037 | Local Security vulnerability in Mathsoft Mathcad 12/13/13.1 Mathcad 12 through 13.1 allows local users to bypass the security features by directly accessing or editing the XML representation of the worksheet with a text editor or other program, which allows attackers to (1) bypass password protection by replacing the password field with a hash of a known password, (2) modify timestamps to avoid detection of modifications, (3) remove locks by removing the "is-locked" attribute, and (4) view locked data, which is stored in plaintext. | 4.4 |
| 2007-02-23 | CVE-2006-7030 | Denial of Service vulnerability in Microsoft IE 6.0 Microsoft Internet Explorer 6 SP2 and earlier allows remote attackers to cause a denial of service (crash) via certain malformed HTML, possibly involving applet and base tags without required arguments, which triggers a null pointer dereference in mshtml.dll. | 5.0 |
| 2007-02-23 | CVE-2007-0843 | Permissions, Privileges, and Access Controls vulnerability in Microsoft products The ReadDirectoryChangesW API function on Microsoft Windows 2000, XP, Server 2003, and Vista does not check permissions for child objects, which allows local users to bypass permissions by opening a directory with LIST (READ) access and using ReadDirectoryChangesW to monitor changes of files that do not have LIST permissions, which can be leveraged to determine filenames, access times, and other sensitive information. | 4.6 |
| 2006-12-22 | CVE-2006-6696 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft products Double free vulnerability in Microsoft Windows 2000, XP, 2003, and Vista allows local users to gain privileges by calling the MessageBox function with a MB_SERVICE_NOTIFICATION message with crafted data, which sends a HardError message to Client/Server Runtime Server Subsystem (CSRSS) process, which is not properly handled when invoking the UserHardError and GetHardErrorText functions in WINSRV.DLL. | 6.9 |
| 2006-12-05 | CVE-2006-6296 | Resource Management Errors vulnerability in Microsoft Windows 2000 and Windows XP The RpcGetPrinterData function in the Print Spooler (spoolsv.exe) service in Microsoft Windows 2000 SP4 and earlier, and possibly Windows XP SP1 and earlier, allows remote attackers to cause a denial of service (memory consumption) via an RPC request that specifies a large 'offered' value (output buffer size), a variant of CVE-2005-3644. | 6.1 |
| 2006-11-20 | CVE-2006-5988 | Denial of Service vulnerability in Microsoft Active Directory Unspecified vulnerability in Windows 2000 Advanced Server SP4 running Active Directory allows remote attackers to cause a denial of service via unknown vectors, as demonstrated by a certain VulnDisco Pack module. | 5.0 |
| 2006-11-14 | CVE-2006-4689 | Denial-Of-Service vulnerability in Microsoft Windows 2000, Windows 2003 Server and Windows XP Unspecified vulnerability in the driver for the Client Service for NetWare (CSNW) in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 up to SP1 allows remote attackers to cause a denial of service (hang and reboot) via has unknown attack vectors, aka "NetWare Driver Denial of Service Vulnerability." | 5.0 |
| 2006-09-12 | CVE-2006-0032 | Cross-Site Scripting vulnerability in Microsoft Windows 2000, Windows 2003 Server and Windows XP Cross-site scripting (XSS) vulnerability in the Indexing Service in Microsoft Windows 2000, XP, and Server 2003, when the Encoding option is set to Auto Select, allows remote attackers to inject arbitrary web script or HTML via a UTF-7 encoded URL, which is injected into an error message whose charset is set to UTF-7. | 4.3 |
| 2006-06-13 | CVE-2006-2380 | Improper Authentication vulnerability in Microsoft Windows 2000 Microsoft Windows 2000 SP4 does not properly validate an RPC server during mutual authentication over SSL, which allows remote attackers to spoof an RPC server, aka the "RPC Mutual Authentication Vulnerability." | 4.3 |
| 2006-06-13 | CVE-2006-2374 | Improper Locking vulnerability in Microsoft Windows 2000, Windows 2003 Server and Windows XP The Server Message Block (SMB) driver (MRXSMB.SYS) in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows local users to cause a denial of service (hang) by calling the MrxSmbCscIoctlCloseForCopyChunk with the file handle of the shadow device, which results in a deadlock, aka the "SMB Invalid Handle Vulnerability." | 5.5 |