| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2005-0560 |
787 |
|
Exec Code Overflow |
2005-05-02 |
2020-04-09 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Heap-based buffer overflow in the SvrAppendReceivedChunk function in xlsasink.dll in the SMTP service of Exchange Server 2000 and 2003 allows remote attackers to execute arbitrary code via a crafted X-LINK2STATE extended verb request to the SMTP port. |
|
2 |
CVE-2004-0574 |
787 |
|
Exec Code Overflow |
2004-11-03 |
2020-04-09 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
The Network News Transfer Protocol (NNTP) component of Microsoft Windows NT Server 4.0, Windows 2000 Server, Windows Server 2003, Exchange 2000 Server, and Exchange Server 2003 allows remote attackers to execute arbitrary code via XPAT patterns, possibly related to improper length validation and an "unchecked buffer," leading to off-by-one and heap-based buffer overflows. |
|
3 |
CVE-2003-0714 |
400 |
|
DoS Overflow |
2003-11-17 |
2020-04-09 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
The Internet Mail Service in Exchange Server 5.5 and Exchange 2000 allows remote attackers to cause a denial of service (memory exhaustion) by directly connecting to the SMTP service and sending a certain extended verb request, possibly triggering a buffer overflow in Exchange 2000. |
|
4 |
CVE-2002-1876 |
400 |
|
DoS |
2002-12-31 |
2020-04-09 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
Microsoft Exchange 2000 allows remote authenticated attackers to cause a denial of service via a large number of rapid requests, which consumes all of the licenses that are granted to Exchange by IIS. |
|
5 |
CVE-2002-1873 |
400 |
|
DoS |
2002-12-31 |
2020-04-09 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Microsoft Exchange 2000, when used with Microsoft Remote Procedure Call (MSRPC), allows remote attackers to cause a denial of service (crash or memory consumption) via malformed MSRPC calls. |
|
6 |
CVE-2002-0507 |
287 |
|
Bypass |
2002-08-12 |
2020-04-02 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
|
An interaction between Microsoft Outlook Web Access (OWA) with RSA SecurID allows local users to bypass the SecurID authentication for a previous user via several submissions of an OWA Authentication request with the proper OWA password for the previous user, which is eventually accepted by OWA. |
|
7 |
CVE-2002-0368 |
400 |
|
DoS |
2002-06-18 |
2020-04-09 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The Store Service in Microsoft Exchange 2000 allows remote attackers to cause a denial of service (CPU consumption) via a mail message with a malformed RFC message attribute, aka "Malformed Mail Attribute can Cause Exchange 2000 to Exhaust CPU Resources." |
|
8 |
CVE-2002-0055 |
669 |
|
DoS |
2002-03-08 |
2020-04-09 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
SMTP service in Microsoft Windows 2000, Windows XP Professional, and Exchange 2000 allows remote attackers to cause a denial of service via a command with a malformed data transfer (BDAT) request. |
|
9 |
CVE-2002-0049 |
269 |
|
|
2002-03-08 |
2020-04-02 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
None |
|
Microsoft Exchange Server 2000 System Attendant gives "Everyone" group privileges to the WinReg key, which could allow remote attackers to read or modify registry keys. |
|
10 |
CVE-2001-1319 |
|
|
DoS |
2001-07-16 |
2020-04-09 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Microsoft Exchange 5.5 2000 allows remote attackers to cause a denial of service (hang) via exceptional BER encodings for the LDAP filter type field, as demonstrated by the PROTOS LDAPv3 test suite. |
|
11 |
CVE-2001-0666 |
400 |
|
DoS |
2001-10-30 |
2020-04-02 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
Outlook Web Access (OWA) in Microsoft Exchange 2000 allows an authenticated user to cause a denial of service (CPU consumption) via a malformed OWA request for a deeply nested folder within the user's mailbox. |
|
12 |
CVE-2001-0543 |
401 |
|
DoS |
2001-09-20 |
2020-04-02 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Memory leak in NNTP service in Windows NT 4.0 and Windows 2000 allows remote attackers to cause a denial of service (memory exhaustion) via a large number of malformed posts. |
|
13 |
CVE-2001-0509 |
20 |
|
DoS |
2001-09-20 |
2020-04-02 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Vulnerabilities in RPC servers in (1) Microsoft Exchange Server 2000 and earlier, (2) Microsoft SQL Server 2000 and earlier, (3) Windows NT 4.0, and (4) Windows 2000 allow remote attackers to cause a denial of service via malformed inputs. |
|
14 |
CVE-2001-0340 |
434 |
|
Exec Code |
2001-07-21 |
2020-04-02 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
An interaction between the Outlook Web Access (OWA) service in Microsoft Exchange 2000 Server and Internet Explorer allows attackers to execute malicious script code against a user's mailbox via a message attachment that contains HTML code, which is executed automatically. |
|
15 |
CVE-2001-0146 |
|
|
DoS |
2001-06-02 |
2020-04-02 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
IIS 5.0 and Microsoft Exchange 2000 allow remote attackers to cause a denial of service (memory allocation error) by repeatedly sending a series of specially formatted URL's. |
|
16 |
CVE-2000-1139 |
798 |
|
+Priv |
2001-01-09 |
2020-04-02 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
The installation of Microsoft Exchange 2000 before Rev. A creates a user account with a known password, which could allow attackers to gain privileges, aka the "Exchange User Account" vulnerability. |
