Product:

Windows_2000

(Microsoft)
Repositories

Unknown:

This might be proprietary software.
#Vulnerabilities 517
Date Id Summary Products Score Patch Annotated
2007-03-26 CVE-2007-1692 The default configuration of Microsoft Windows uses the Web Proxy Autodiscovery Protocol (WPAD) without static WPAD entries, which might allow remote attackers to intercept web traffic by registering a proxy server using WINS or DNS, then responding to WPAD requests, as demonstrated using Internet Explorer. NOTE: it could be argued that if an attacker already has control over WINS/DNS, then web traffic could already be intercepted by modifying WINS or DNS records, so this would not cross... Windows_2000, Windows_2003_server N/A
2007-04-04 CVE-2007-1215 Buffer overflow in the Graphics Device Interface (GDI) in Microsoft Windows 2000 SP4; XP SP2; Server 2003 Gold, SP1, and SP2; and Vista allows local users to gain privileges via certain "color-related parameters" in crafted images. Windows_2000, Windows_2003_server, Windows_vista, Windows_xp N/A
2007-04-04 CVE-2007-1212 Buffer overflow in the Graphics Device Interface (GDI) in Microsoft Windows 2000 SP4; XP SP2; Server 2003 Gold, SP1, and SP2; and Vista allows local users to gain privileges via a crafted Enhanced Metafile (EMF) image format file. Windows_2000, Windows_2003_server, Windows_vista, Windows_xp N/A
2007-04-04 CVE-2007-1211 Unspecified kernel GDI functions in Microsoft Windows 2000 SP4; XP SP2; and Server 2003 Gold, SP1, and SP2 allows user-assisted remote attackers to cause a denial of service (possibly persistent restart) via a crafted Windows Metafile (WMF) image that causes an invalid dereference of an offset in a kernel structure, a related issue to CVE-2005-4560. Windows_2000, Windows_2003_server, Windows_xp N/A
2007-04-10 CVE-2007-1206 The Virtual DOS Machine (VDM) in the Windows Kernel in Microsoft Windows NT 4.0; 2000 SP4; XP SP2; Server 2003, 2003 SP1, and 2003 SP2; and Windows Vista before June 2006; uses insecure permissions (PAGE_READWRITE) for a physical memory view, which allows local users to gain privileges by modifying the "zero page" during a race condition before the view is unmapped. Windows_2000, Windows_2003_server, Windows_xp N/A
2007-04-10 CVE-2007-1205 Unspecified vulnerability in Microsoft Agent (msagent\agentsvr.exe) in Windows 2000 SP4, XP SP2, and Server 2003, 2003 SP1, and 2003 SP2 allows remote attackers to execute arbitrary code via crafted URLs, which result in memory corruption. Windows_2000, Windows_2003_server, Windows_xp N/A
2007-02-13 CVE-2007-0214 The HTML Help ActiveX control (Hhctrl.ocx) in Microsoft Windows 2000 SP3, XP SP2 and Professional, 2003 SP1 allows remote attackers to execute arbitrary code via unspecified functions, related to uninitialized parameters. Windows_2000, Windows_2003_server, Windows_xp N/A
2007-03-30 CVE-2007-0038 Stack-based buffer overflow in the animated cursor code in Microsoft Windows 2000 SP4 through Vista allows remote attackers to execute arbitrary code or cause a denial of service (persistent reboot) via a large length value in the second (or later) anih block of a RIFF .ANI, cur, or .ico file, which results in memory corruption when processing cursors, animated cursors, and icons, a variant of CVE-2005-0416, as originally demonstrated using Internet Explorer 6 and 7. NOTE: this might be a... Windows_2000, Windows_2003_server, Windows_vista, Windows_xp N/A
2007-02-13 CVE-2007-0026 The OLE Dialog component in Microsoft Windows 2000 SP4, XP SP2, and 2003 SP1 allows user-assisted remote attackers to execute arbitrary code via an RTF file with a malformed OLE object that triggers memory corruption. Windows_2000, Windows_2003_server, Windows_xp N/A
2007-06-27 CVE-2006-7210 Microsoft Windows 2000, XP, and Server 2003 allows remote attackers to cause a denial of service (cpu consumption) via a PNG image with crafted (1) Width and (2) Height values in the IHDR block. Windows_2000, Windows_2003_server, Windows_xp N/A