| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| A Windows NT system's file audit policy does not log an event success or failure for non-critical files or directories. |
| Denial of service in Windows NT DNS servers through malicious packet which contains a response to a query that wasn't made. |
| Windows NT 4.0 allows remote attackers to cause a denial of service via a malformed SMB logon request in which the actual data size does not match the specified size. |
| Local users in Windows NT can obtain administrator privileges by changing the KnownDLLs list to reference malicious programs. |
| A Windows NT system's file audit policy does not log an event success or failure for security-critical files or directories. |
| The Forms 2.0 ActiveX control (included with Visual Basic for Applications 5.0) can be used to read text from a user's clipboard when the user accesses documents with ActiveX content. |
| A legacy credential caching mechanism used in Windows 95 and Windows 98 systems allows attackers to read plaintext network passwords. |
| Heap-based buffer overflow in the CRpcIoManagerServer::BuildContext function in msdtcprx.dll for Microsoft Distributed Transaction Coordinator (MSDTC) for Windows NT 4.0 and Windows 2000 SP2 and SP3 allows remote attackers to execute arbitrary code via a long fifth argument to the BuildContextW or BuildContext opcode, which triggers a bug in the NdrAllocate function, aka the MSDTC Invalid Memory Access Vulnerability. |
| The HKEY_CLASSES_ROOT key in a Windows NT system has inappropriate, system-critical permissions. |
| A Windows NT account policy has inappropriate, security-critical settings for lockout, e.g. lockout duration, lockout after bad logon attempts, etc. |
| A Windows NT administrator account has the default name of Administrator. |
| A system does not present an appropriate legal message or warning to a user who is accessing it. |
| The default setting for the Winlogon key entry ShutdownWithoutLogon in Windows NT allows users with physical access to shut down a Windows NT system without logging in. |
| A Windows NT system does not clear the system page file during shutdown, which might allow sensitive information to be recorded. |
| A version of finger is running that exposes valid user information to any entity on the network. |
| Buffer overflow in Microsoft Phone Dialer (dialer.exe), via a malformed dialer entry in the dialer.ini file. |
| After an unattended installation of Windows NT 4.0, an installation file could include sensitive information such as the local Administrator password. |
| Buffer overflow in Remote Access Service (RAS) client allows an attacker to execute commands or cause a denial of service via a malformed phonebook entry. |
| Buffer overflow in Windows NT 4.0 help file utility via a malformed help file. |
| A remote attacker can disable the virus warning mechanism in Microsoft Excel 97. |
