CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Microsoft » Windows Nt » 4.0 SP3 * * : Security Vulnerabilities

Cpe Name:cpe:2.3:o:microsoft:windows_nt:4.0:sp3:*:*:*:*:*:*
Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2008-4609 16 DoS 2008-10-20 2021-07-07
7.1
None Remote Medium Not required None None Complete
The TCP implementation in (1) Linux, (2) platforms based on BSD Unix, (3) Microsoft Windows, (4) Cisco products, and probably other operating systems allows remote attackers to cause a denial of service (connection queue exhaustion) via multiple vectors that manipulate information in the TCP state table, as demonstrated by sockstress.
2 CVE-2006-1184 DoS 2006-05-10 2019-04-30
5.0
None Remote Low Not required None None Partial
Microsoft Distributed Transaction Coordinator (MSDTC) for Windows NT 4.0, 2000 SP4, XP SP1 and SP2, and Server 2003 allows remote attackers to cause a denial of service (crash) via a BuildContextW request with a large (1) UuidString or (2) GuidIn of a certain length, which causes an out-of-range memory access, aka the MSDTC Denial of Service Vulnerability. NOTE: this is a variant of CVE-2005-2119.
3 CVE-2006-0034 119 Exec Code Overflow 2006-05-10 2019-04-30
7.5
None Remote Low Not required Partial Partial Partial
Heap-based buffer overflow in the CRpcIoManagerServer::BuildContext function in msdtcprx.dll for Microsoft Distributed Transaction Coordinator (MSDTC) for Windows NT 4.0 and Windows 2000 SP2 and SP3 allows remote attackers to execute arbitrary code via a long fifth argument to the BuildContextW or BuildContext opcode, which triggers a bug in the NdrAllocate function, aka the MSDTC Invalid Memory Access Vulnerability.
4 CVE-2006-0010 119 Exec Code Overflow 2006-01-10 2019-04-30
9.3
None Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in T2EMBED.DLL in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 up to SP1, Windows 98, and Windows ME allows remote attackers to execute arbitrary code via an e-mail message or web page with a crafted Embedded Open Type (EOT) web font that triggers the overflow during decompression.
5 CVE-2004-0900 Exec Code 2005-01-10 2018-10-12
10.0
None Remote Low Not required Complete Complete Complete
The DHCP Server service for Microsoft Windows NT 4.0 Server and Terminal Server Edition does not properly validate the length of certain messages, which allows remote attackers to execute arbitrary code via a malformed DHCP message, aka the "DHCP Request Vulnerability."
6 CVE-2004-0899 DoS 2005-01-10 2018-10-12
5.0
None Remote Low Not required None None Partial
The DHCP Server service for Microsoft Windows NT 4.0 Server and Terminal Server Edition, with DHCP logging enabled, does not properly validate the length of certain messages, which allows remote attackers to cause a denial of service (application crash) via a malformed DHCP message, aka "Logging Vulnerability."
7 CVE-2004-0568 Exec Code Overflow 2005-01-10 2019-04-30
10.0
None Remote Low Not required Complete Complete Complete
HyperTerminal application for Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 does not properly validate the length of a value that is saved in a session file, which allows remote attackers to execute arbitrary code via a malicious HyperTerminal session file (.ht), web site, or Telnet URL contained in an e-mail message, triggering a buffer overflow.
8 CVE-2002-0862 2002-10-04 2021-07-23
7.5
None Remote Low Not required Partial Partial Partial
The (1) CertGetCertificateChain, (2) CertVerifyCertificateChainPolicy, and (3) WinVerifyTrust APIs within the CryptoAPI for Microsoft products including Microsoft Windows 98 through XP, Office for Mac, Internet Explorer for Mac, and Outlook Express for Mac, do not properly verify the Basic Constraints of intermediate CA-signed X.509 certificates, which allows remote attackers to spoof the certificates of trusted sites via a man-in-the-middle attack for SSL sessions, as originally reported for Internet Explorer and IIS.
9 CVE-2001-1244 DoS 2001-07-07 2018-10-30
5.0
None Remote Low Not required None None Partial
Multiple TCP implementations could allow remote attackers to cause a denial of service (bandwidth and CPU exhaustion) by setting the maximum segment size (MSS) to a very small number and requesting large amounts of data, which generates more packets with less TCP-level data that amplify network traffic and consume more server CPU to process.
10 CVE-2001-1122 DoS 2001-08-03 2017-12-19
2.1
None Local Low Not required None None Partial
Windows NT 4.0 SP 6a allows a local user with write access to winnt/system32 to cause a denial of service (crash in lsass.exe) by running the NT4ALL exploit program in 'SPECIAL' mode.
11 CVE-2000-1218 2000-04-14 2019-04-30
7.5
None Remote Low Not required Partial Partial Partial
The default configuration for the domain name resolver for Microsoft Windows 98, NT 4.0, 2000, and XP sets the QueryIpMatching parameter to 0, which causes Windows to accept DNS updates from hosts that it did not query, which allows remote attackers to poison the DNS cache.
12 CVE-2000-1200 +Info 2001-08-31 2017-10-10
5.0
None Remote Low Not required Partial None None
Windows NT allows remote attackers to list all users in a domain by obtaining the domain SID with the LsaQueryInformationPolicy policy function via a null session and using the SID to list the users.
13 CVE-2000-0328 1999-08-24 2018-10-12
5.0
None Remote Low Not required Partial None None
Windows NT 4.0 generates predictable random TCP initial sequence numbers (ISN), which allows remote attackers to perform spoofing and session hijacking.
14 CVE-2000-0121 2000-02-01 2018-10-12
3.6
None Local Low Not required Partial Partial None
The Recycle Bin utility in Windows NT and Windows 2000 allows local users to read or modify files by creating a subdirectory with the victim's SID in the recycler directory, aka the "Recycle Bin Creation" vulnerability.
15 CVE-2000-0070 +Priv 2000-01-12 2018-10-12
7.2
None Local Low Not required Complete Complete Complete
NtImpersonateClientOfPort local procedure call in Windows NT 4.0 allows local users to gain privileges, aka "Spoofed LPC Port Request."
16 CVE-1999-1581 DoS 1997-12-23 2017-07-11
5.0
None Remote Low Not required None None Partial
Memory leak in Simple Network Management Protocol (SNMP) agent (snmp.exe) for Windows NT 4.0 before Service Pack 4 allows remote attackers to cause a denial of service (memory consumption) via a large number of SNMP packets with Object Identifiers (OIDs) that cannot be decoded.
17 CVE-1999-0969 DoS 1998-09-29 2018-10-12
5.0
None Remote Low Not required None None Partial
The Windows NT RPC service allows remote attackers to conduct a denial of service using spoofed malformed RPC packets which generate an error message that is sent to the spoofed host, potentially setting up a loop, aka Snork.
18 CVE-1999-0918 20 DoS 1999-07-03 2018-10-12
7.8
None Remote Low Not required None None Complete
Denial of service in various Windows systems via malformed, fragmented IGMP packets.
19 CVE-1999-0909 264 Bypass 1999-09-20 2018-10-12
7.5
None Remote Low Not required Partial Partial Partial
Multihomed Windows systems allow a remote attacker to bypass IP source routing restrictions via a malformed packet with IP options, aka the "Spoofed Route Pointer" vulnerability.
20 CVE-1999-0899 264 Exec Code 1999-11-04 2018-10-12
7.2
None Local Low Not required Complete Complete Complete
The Windows NT 4.0 print spooler allows a local user to execute arbitrary commands due to inappropriate permissions that allow the user to specify an alternate print provider.
21 CVE-1999-0898 119 DoS Overflow +Priv 1999-11-04 2018-10-12
7.2
None Local Low Not required Complete Complete Complete
Buffer overflows in Windows NT 4.0 print spooler allow remote attackers to gain privileges or cause a denial of service via a malformed spooler request.
22 CVE-1999-0886 16 1999-09-17 2018-10-12
9.0
None Remote Low ??? Complete Complete Complete
The security descriptor for RASMAN allows users to point to an alternate location via the Windows NT Service Control Manager.
23 CVE-1999-0824 1999-11-30 2008-09-09
4.6
None Local Low Not required Partial Partial Partial
A Windows NT user can use SUBST to map a drive letter to a folder, which is not unmapped after the user logs off, potentially allowing that user to modify the location of folders accessed by later users.
24 CVE-1999-0755 255 1999-05-27 2018-10-12
5.0
None Remote Low Not required Partial None None
Windows NT RRAS and RAS clients cache a user's password even if the user has not selected the "Save password" option.
25 CVE-1999-0700 119 Overflow 1999-07-29 2018-10-12
6.2
None Local High Not required Complete Complete Complete
Buffer overflow in Microsoft Phone Dialer (dialer.exe), via a malformed dialer entry in the dialer.ini file.
26 CVE-1999-0391 1999-01-05 2008-09-09
7.5
None Remote Low Not required Partial Partial Partial
The cryptographic challenge of SMB authentication in Windows 95 and Windows 98 can be reused, allowing an attacker to replay the response and impersonate a user.
27 CVE-1999-0382 1999-03-12 2018-10-12
7.2
None Local Low Not required Complete Complete Complete
The screen saver in Windows NT does not verify that its security context has been changed properly, allowing attackers to run programs with elevated privileges.
28 CVE-1999-0376 1999-02-20 2018-10-12
4.6
None Local Low Not required Partial Partial Partial
Local users in Windows NT can obtain administrator privileges by changing the KnownDLLs list to reference malicious programs.
29 CVE-1999-0288 DoS 1998-08-01 2018-05-03
5.0
None Remote Low Not required None None Partial
The WINS server in Microsoft Windows NT 4.0 before SP4 allows remote attackers to cause a denial of service (process termination) via invalid UDP frames to port 137 (NETBIOS Name Service), as demonstrated via a flood of random packets.
30 CVE-1999-0224 DoS 1999-07-23 2008-09-09
5.0
None Remote Low Not required Partial None None
Denial of service in Windows NT messenger service through a long username.
Total number of vulnerabilities : 30   Page : 1 (This Page)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.