Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Windows_2000
(Microsoft)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 517 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2005-11-29 | CVE-2005-2123 | Multiple integer overflows in the Graphics Rendering Engine (GDI32.DLL) in Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allow remote attackers to execute arbitrary code via crafted Windows Metafile (WMF) and Enhanced Metafile (EMF) format images that lead to heap-based buffer overflows, as demonstrated using MRBP16::bCheckRecord. | Windows_2000, Windows_2003_server, Windows_xp | N/A | ||
| 2005-10-13 | CVE-2005-2120 | Stack-based buffer overflow in the Plug and Play (PnP) service (UMPNPMGR.DLL) in Microsoft Windows 2000 SP4, and XP SP1 and SP2, allows remote or local authenticated attackers to execute arbitrary code via a large number of "\" (backslash) characters in a registry key name, which triggers the overflow in a wsprintfW function call. | Windows_2000, Windows_xp | N/A | ||
| 2005-10-12 | CVE-2005-2119 | The MIDL_user_allocate function in the Microsoft Distributed Transaction Coordinator (MSDTC) proxy (MSDTCPRX.DLL) allocates a 4K page of memory regardless of the required size, which allows attackers to overwrite arbitrary memory locations using an incorrect size value that is provided to the NdrAllocate function, which writes management data to memory outside of the allocated buffer. | Windows_2000, Windows_2003_server, Windows_xp | N/A | ||
| 2005-10-21 | CVE-2005-2117 | Web View in Windows Explorer on Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 does not properly handle certain HTML characters in preview fields, which allows remote user-assisted attackers to execute arbitrary code. | Windows_2000, Windows_2003_server, Windows_explorer, Windows_xp | N/A | ||
| 2005-10-13 | CVE-2005-1985 | The Client Service for NetWare (CSNW) on Microsoft Windows 2000 SP4, XP SP1 and Sp2, and Server 2003 SP1 and earlier, allows remote attackers to execute arbitrary code due to an "unchecked buffer" when processing certain crafted network messages. | Windows_2000, Windows_2003_server, Windows_xp | N/A | ||
| 2005-08-10 | CVE-2005-1984 | Buffer overflow in the Print Spooler service (Spoolsv.exe) for Microsoft Windows 2000, Windows XP, and Windows Server 2003 allows remote attackers to execute arbitrary code via a malicious message. | Windows_2000, Windows_2003_server, Windows_xp | N/A | ||
| 2005-08-10 | CVE-2005-1983 | Stack-based buffer overflow in the Plug and Play (PnP) service for Microsoft Windows 2000 and Windows XP Service Pack 1 allows remote attackers to execute arbitrary code via a crafted packet, and local users to gain privileges via a malicious application, as exploited by the Zotob (aka Mytob) worm. | Windows_2000, Windows_xp | N/A | ||
| 2005-10-12 | CVE-2005-1980 | Distributed Transaction Controller in Microsoft Windows allows remote servers to cause a denial of service (MSDTC service hang) via a crafted Transaction Internet Protocol (TIP) message that causes DTC to repeatedly connect to a target IP and port number after an error occurs, aka the "Distributed TIP Vulnerability." | Windows_2000, Windows_2003_server, Windows_xp | N/A | ||
| 2005-10-12 | CVE-2005-1979 | Distributed Transaction Controller in Microsoft Windows allows remote servers to cause a denial of service (MSDTC service exception and exit) via an "unexpected protocol command during the reconnection request," which is not properly handled by the Transaction Internet Protocol (TIP) functionality. | Windows_2000, Windows_2003_server, Windows_xp | N/A | ||
| 2005-10-12 | CVE-2005-1978 | COM+ in Microsoft Windows does not properly "create and use memory structures," which allows local users or remote attackers to execute arbitrary code. | Windows_2000, Windows_2003_server, Windows_xp | N/A |