As much fun as Android is, I don't _think_ there's any public RCEs that recent, while I can think of a couple of recent Windows XP+ RCEs that are probably also doable-but-unpatched on Win2k:
(Those were just the ones I quickly found that allow RCE on XP SP2 (the oldest thing that they still provided patches for, so most likely to be shared code with Win2k) without requiring active interaction on the target's behalf, e.g. not including "convince target to open X malformed file, receive payload")
Well, the most common voting machines are iVotronics from ten years ago, which are pretty laughable. Dr. Appel at Princeton already hacked these systems back in 2006. There's even a flash card on the top of the machine, which even the state's hand-picked pen tester had to admit could be accessed even with a tamper-proof lock in place.
It's starting to bother me that the PA election officials keep saying that the voting machines aren't connected networked together, and that one would need 4,500 cards to compromise an election. It's just flatly false, since every county feeds into a central system such as Unity or GEMS, which themselves are provably insecure, and can be infected via the compact flash cards when they're collected. You would only need a few people in key counties to swing an entire election.
What I would give for the days of hanging chads...
[1] - https://www.cvedetails.com/cve/CVE-2013-3175/
[2] - https://www.cvedetails.com/cve/CVE-2012-1852/
[3] - https://www.cvedetails.com/cve/CVE-2012-0173/
[4] - https://www.cvedetails.com/cve/CVE-2012-0002/
(Those were just the ones I quickly found that allow RCE on XP SP2 (the oldest thing that they still provided patches for, so most likely to be shared code with Win2k) without requiring active interaction on the target's behalf, e.g. not including "convince target to open X malformed file, receive payload")