Microsoft: >> Windows 2000 Security Vulnerabilities
The MSDTC (Microsoft Distributed Transaction Service Coordinator) for Microsoft Windows 2000, Microsoft IIS 5.0 and SQL Server 6.5 through SQL 2000 0.0 allows remote attackers to cause a denial of service (crash or hang) via malformed (random) input.
CVSS Score
5.0
EPSS Score
0.583
Published
2002-05-16
Windows 2000 allows local users to prevent the application of new group policy settings by opening Group Policy files with exclusive-read access.
CVSS Score
7.8
EPSS Score
0.008
Published
2002-04-04
Buffer overflow in Multiple UNC Provider (MUP) in Microsoft Windows operating systems allows local users to cause a denial of service or possibly gain SYSTEM privileges via a long UNC request.
CVSS Score
7.2
EPSS Score
0.027
Published
2002-04-04
Buffer overflow in Windows Shell (used as the Windows Desktop) allows local and possibly remote attackers to execute arbitrary code via a custom URL handler that has not been removed for an application that has been improperly uninstalled.
CVSS Score
7.6
EPSS Score
0.323
Published
2002-03-15
In Microsoft Windows NT and Windows 2000, a trusting domain that receives authorization information from a trusted domain does not verify that the trusted domain is authoritative for all listed SIDs, which allows remote attackers to gain Domain Administrator privileges on the trusting domain by injecting SIDs from untrusted domains into the authorization data that comes from from the trusted domain.
CVSS Score
10.0
EPSS Score
0.362
Published
2002-03-08
Buffer overflow in telnet server in Windows 2000 and Interix 2.2 allows remote attackers to execute arbitrary code via malformed protocol options.
CVSS Score
7.5
EPSS Score
0.264
Published
2002-03-08
Buffer overflow in SNMP agent service in Windows 95/98/98SE, Windows NT 4.0, Windows 2000, and Windows XP allows remote attackers to cause a denial of service or execute arbitrary code via a malformed management request. NOTE: this candidate may be split or merged with other candidates. This and other PROTOS-related candidates, especially CVE-2002-0012 and CVE-2002-0013, will be updated when more accurate information is available.
CVSS Score
7.5
EPSS Score
0.491
Published
2002-03-08
SMTP service in (1) Microsoft Windows 2000 and (2) Internet Mail Connector (IMC) in Exchange Server 5.5 does not properly handle responses to NTLM authentication, which allows remote attackers to perform mail relaying via an SMTP AUTH command using null session credentials.
CVSS Score
7.5
EPSS Score
0.125
Published
2002-03-08
SMTP service in Microsoft Windows 2000, Windows XP Professional, and Exchange 2000 allows remote attackers to cause a denial of service via a command with a malformed data transfer (BDAT) request.
CVSS Score
5.0
EPSS Score
0.484
Published
2002-03-08
Macintosh clients, when using NT file system volumes on Windows 2000 SP1, create subdirectories and automatically modify the inherited NTFS permissions, which may cause the directories to have less restrictive permissions than intended.
CVSS Score
7.5
EPSS Score
0.009
Published
2001-12-31