Vulnerabilities > Microsoft > Windows 2000 > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2005-10-12 | CVE-2005-1979 | Denial Of Service vulnerability in Microsoft Windows 2000, Windows 2003 Server and Windows XP Distributed Transaction Controller in Microsoft Windows allows remote servers to cause a denial of service (MSDTC service exception and exit) via an "unexpected protocol command during the reconnection request," which is not properly handled by the Transaction Internet Protocol (TIP) functionality. | 5.0 |
| 2005-10-06 | CVE-2005-3177 | Local Security vulnerability in Microsoft Windows 2000, Windows 2003 Server and Windows XP CHKDSK in Microsoft Windows 2000 before Update Rollup 1 for SP4, Windows XP, and Windows Server 2003, when running in fix mode, does not properly handle security descriptors if the master file table contains a large number of files or if the descriptors do not satisfy certain NTFS conventions, which could cause ACLs for some files to be reverted to less secure defaults, or cause security descriptors to be removed. | 4.6 |
| 2005-10-06 | CVE-2005-3174 | Local Security vulnerability in Windows 2000 Advanced Server Microsoft Windows 2000 before Update Rollup 1 for SP4 allows users to log on to the domain, even when their password has expired, if the fully qualified domain name (FQDN) is 8 characters long. | 4.6 |
| 2005-10-06 | CVE-2005-3173 | Local Security vulnerability in Windows 2000 Advanced Server Microsoft Windows 2000 before Update Rollup 1 for SP4 does not apply group policies if the user logs on using UPN credentials with a trailing dot, which prevents Windows 2000 from finding the correct domain controller and could allow the user to bypass intended restrictions. | 4.6 |
| 2005-10-06 | CVE-2005-3172 | Remote Security vulnerability in Microsoft Windows 2000 The WideCharToMultiByte function in Microsoft Windows 2000 before Update Rollup 1 for SP4 does not properly convert strings with Japanese composite characters in the last character, which could prevent the string from being null terminated and lead to data corruption or enable buffer overflow attacks. | 5.0 |
| 2005-10-06 | CVE-2005-3171 | Local Security vulnerability in Windows 2000 Advanced Server Microsoft Windows 2000 before Update Rollup 1 for SP4 records Event ID 1704 to indicate that Group Policy security settings were successfully updated, even when the processing fails such as when Ntuser.pol cannot be accessed, which could cause system administrators to believe that the system is compliant with the specified settings. | 4.6 |
| 2005-10-06 | CVE-2005-3169 | Remote Security vulnerability in Windows 2000 Advanced Server Microsoft Windows 2000 before Update Rollup 1 for SP4, when the "audit directory service access" policy is enabled, does not record a 565 event message for File Delete Child operations on an Active Directory object in the security event log, which could allow attackers to conduct unauthorized activities without detection. | 5.0 |
| 2005-08-10 | CVE-2005-1218 | Remote Desktop Protocol Denial Of Service vulnerability in Microsoft Windows 2000, Windows 2003 Server and Windows XP The Microsoft Windows kernel in Microsoft Windows 2000 Server, Windows XP, and Windows Server 2003 allows remote attackers to cause a denial of service (crash) via crafted Remote Desktop Protocol (RDP) requests. | 5.0 |
| 2005-07-19 | CVE-2005-2307 | Local Denial of Service vulnerability in Microsoft Windows 2000 and Windows XP netman.dll in Microsoft Windows Connections Manager Library allows local users to cause a denial of service (Network Connections Service crash) via a large integer argument to a particular function, aka "Network Connection Manager Vulnerability." | 5.0 |
| 2005-07-11 | CVE-2005-2150 | Unspecified vulnerability in Microsoft Windows 2000 and Windows NT Windows NT 4.0 and Windows 2000 before URP1 for Windows 2000 SP4 does not properly prevent NULL sessions from accessing certain alternate named pipes, which allows remote attackers to (1) list Windows services via svcctl or (2) read eventlogs via eventlog. | 5.0 |