CVE-2000-0331

Published: Apr 20, 2000Modified: Apr 16, 2026

5.0

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:P

Exploitability: 10.0 / Impact: 2.9

Source: NVD

Description

Buffer overflow in Microsoft command processor (CMD.EXE) for Windows NT and Windows 2000 allows a local user to cause a denial of service via a long environment variable, aka the "Malformed Environment Variable" vulnerability.

Affected (3)

Products: Microsoft: Terminal Server, Windows 2000, Windows Nt

3 products

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Microsoft Terminal Server	All versions

Configuration B

2 vulnerable

Vulnerable Software	Affected Versions
Microsoft Windows 2000	All versions
Microsoft Windows Nt	Version 4.0

References (6)

http://archives.neohapsis.com/archives/bugtraq/2000-04/0147.html

Source: cve@mitre.org

http://www.securityfocus.com/bid/1135

Source: cve@mitre.org

PatchVendor Advisory

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-027

Source: cve@mitre.org

http://archives.neohapsis.com/archives/bugtraq/2000-04/0147.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/1135

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-027

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.