Vulnerabilities > Microsoft > Windows 2000 > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2004-12-15 | CVE-2004-1319 | The DHTML Edit Control (dhtmled.ocx) allows remote attackers to inject arbitrary web script into other domains by setting a name for a window, opening a child page whose target is the window with the given name, then injecting the script from the parent into the child using execScript, as demonstrated by "AbusiveParent" in Internet Explorer 6.0.2900.2180. | 5.0 |
2004-08-18 | CVE-2004-0839 | Internet Explorer in Windows XP SP2, and other versions including 5.01 and 5.5, allows remote attackers to install arbitrary programs via a web page that uses certain styles and the AnchorClick behavior, popup windows, and drag-and-drop capabilities to drop the program in the local startup folder, as demonstrated by "wottapoop.html". | 5.0 |
2004-08-06 | CVE-2004-0202 | Remote Malformed Packet Denial Of Service vulnerability in Microsoft DirectX DirectPlay IDirectPlay4 Application Programming Interface (API) of Microsoft DirectPlay 7.0a thru 9.0b, as used in Windows Server 2003 and earlier allows remote attackers to cause a denial of service (application crash) via a malformed packet. | 5.0 |
2004-06-01 | CVE-2004-0120 | Denial of Service vulnerability in Microsoft Windows 2000, Windows 2003 Server and Windows XP The Microsoft Secure Sockets Layer (SSL) library, as used in Windows 2000, Windows XP, and Windows Server 2003, allows remote attackers to cause a denial of service via malformed SSL messages. | 5.0 |
2004-06-01 | CVE-2004-0116 | Remote Denial Of Service vulnerability in Microsoft Windows 2000, Windows 2003 Server and Windows XP An Activation function in the RPCSS Service involved with DCOM activation for Microsoft Windows 2000, XP, and 2003 allows remote attackers to cause a denial of service (memory consumption) via an activation request with a large length field. | 5.0 |
2004-06-01 | CVE-2003-0807 | Remote Denial Of Service vulnerability in Microsoft Windows COM Internet Service/RPC Over HTTP Buffer overflow in the COM Internet Services and in the RPC over HTTP Proxy components for Microsoft Windows NT Server 4.0, NT 4.0 Terminal Server Edition, 2000, XP, and Server 2003 allows remote attackers to cause a denial of service via a crafted request. | 5.0 |
2004-06-01 | CVE-2003-0663 | Denial Of Service vulnerability in Microsoft Windows 2000 Domain Controller LDAP Unknown vulnerability in the Local Security Authority Subsystem Service (LSASS) in Windows 2000 domain controllers allows remote attackers to cause a denial of service via a crafted LDAP message. | 5.0 |
2003-12-31 | CVE-2003-1544 | Denial Of Service vulnerability in Microsoft Windows MSGINA.DLL Read-Lock Unrestricted critical resource lock in Terminal Services for Windows 2000 before SP4 and Windows XP allows remote authenticated users to cause a denial of service (reboot) by obtaining a read lock on msgina.dll, which prevents msgina.dll from being loaded. | 6.8 |
2003-12-31 | CVE-2003-1469 | Information Exposure vulnerability in Macromedia Coldfusion and Coldfusion Professional The default configuration of ColdFusion MX has the "Enable Robust Exception Information" option selected, which allows remote attackers to obtain the full path of the web server via a direct request to CFIDE/probe.cfm, which leaks the path in an error message. | 5.0 |
2003-12-31 | CVE-2003-1106 | Denial of Service vulnerability in Microsoft SMTP Service Invalid FILETIME The SMTP service in Microsoft Windows 2000 before SP4 allows remote attackers to cause a denial of service (crash or hang) via an e-mail message with a malformed time stamp in the FILETIME attribute. | 5.0 |