Windows Nt
by Microsoft
CVEs (279)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2004-0206 | 0.09 | — | 0.77 | Nov 3, 2004 | Network Dynamic Data Exchange (NetDDE) services for Microsoft Windows 98, Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows attackers to remotely execute arbitrary code or locally gain privileges via a malicious message or application that involves an… | |||
| CVE-2003-0719 | 0.09 | — | 0.83 | Jun 1, 2004 | Buffer overflow in the Private Communications Transport (PCT) protocol implementation in the Microsoft SSL library, as used in Microsoft Windows NT 4.0 SP6a, 2000 SP2 through SP4, XP SP1, Server 2003, NetMeeting, Windows 98, and Windows ME, allows remote attackers to execute… | |||
| CVE-2000-1089 | 0.09 | — | 0.77 | Jan 9, 2001 | Buffer overflow in Microsoft Phone Book Service allows local users to execute arbitrary commands, aka the "Phone Book Service Buffer Overflow" vulnerability. | |||
| CVE-1999-0874 | 0.09 | — | 0.78 | Jun 16, 1999 | Buffer overflow in IIS 4.0 allows remote attackers to cause a denial of service via a malformed request for files with .HTR, .IDC, or .STM extensions. | |||
| CVE-1999-0256 | 0.09 | — | 0.72 | Feb 1, 1998 | Buffer overflow in War FTP allows remote execution of commands. | |||
| CVE-2008-1087 | 0.08 | — | 0.57 | Apr 8, 2008 | Stack-based buffer overflow in GDI in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, Vista, and Server 2008 allows remote attackers to execute arbitrary code via an EMF image file with crafted filename parameters, aka "GDI Stack Overflow Vulnerability." | |||
| CVE-2004-0567 | 0.08 | — | 0.72 | Dec 31, 2004 | The Windows Internet Naming Service (WINS) in Windows NT Server 4.0 SP 6a, NT Terminal Server 4.0 SP 6, Windows 2000 Server SP3 and SP4, and Windows Server 2003 does not properly validate the computer name value in a WINS packet, which allows remote attackers to execute… | |||
| CVE-2004-1305 | 0.08 | — | 0.62 | Dec 23, 2004 | The Windows Animated Cursor (ANI) capability in Windows NT, Windows 2000 through SP4, Windows XP through SP1, and Windows 2003 allow remote attackers to cause a denial of service via (1) the frame number set to zero, which causes an invalid memory address to be used and leads to… | |||
| CVE-2004-0574 | 0.08 | — | 0.68 | Nov 3, 2004 | The Network News Transfer Protocol (NNTP) component of Microsoft Windows NT Server 4.0, Windows 2000 Server, Windows Server 2003, Exchange 2000 Server, and Exchange Server 2003 allows remote attackers to execute arbitrary code via XPAT patterns, possibly related to improper… | |||
| CVE-2004-0212 | 0.08 | — | 0.67 | Aug 6, 2004 | Stack-based buffer overflow in the Task Scheduler for Windows 2000 and XP, and Internet Explorer 6 on Windows NT 4.0, allows local or remote attackers to execute arbitrary code via a .job file containing long parameters, as demonstrated using Internet Explorer and accessing a… | |||
| CVE-2003-0717 | 0.08 | — | 0.63 | Nov 17, 2003 | The Messenger Service for Windows NT through Server 2003 does not properly verify the length of the message, which allows remote attackers to execute arbitrary code via a buffer overflow attack. | |||
| CVE-1999-0278 | 0.08 | — | 0.65 | Jun 1, 1998 | In IIS, remote attackers can obtain source code for ASP files by appending "::$DATA" to the URL. | |||
| CVE-1999-0504 | 0.08 | — | 0.64 | Jan 1, 1997 | A Windows NT local user or administrator account has a default, null, blank, or missing password. | |||
| CVE-2008-3008 | 0.07 | — | 0.55 | Sep 11, 2008 | Stack-based buffer overflow in the WMEncProfileManager ActiveX control in wmex.dll in Microsoft Windows Media Encoder 9 Series allows remote attackers to execute arbitrary code via a long first argument to the GetDetailsString method, aka "Windows Media Encoder Buffer Overrun… | |||
| CVE-2007-5348 | 0.07 | — | 0.53 | Sep 11, 2008 | Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8,… | |||
| CVE-2006-2379 | 0.07 | — | 0.58 | Jun 13, 2006 | Buffer overflow in the TCP/IP Protocol driver in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows remote attackers to execute arbitrary code via unknown vectors related to IP source routing. | |||
| CVE-2006-0988 | 0.07 | — | 0.55 | Mar 3, 2006 | The default configuration of the DNS Server service on Windows Server 2003 and Windows 2000, and the Microsoft DNS Server service on Windows NT 4.0, allows recursive queries and provides additional delegation information to arbitrary IP addresses, which allows remote attackers… | |||
| CVE-2003-0469 | 0.07 | — | 0.50 | Aug 7, 2003 | Buffer overflow in the HTML Converter (HTML32.cnv) on various Windows operating systems allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via cut-and-paste operation, as demonstrated in Internet Explorer 5.0 using a long "align"… | |||
| CVE-2008-5232 | 0.06 | — | 0.36 | Nov 26, 2008 | Buffer overflow in the CallHTMLHelp method in the Microsoft Windows Media Services ActiveX control in nskey.dll 4.1.00.3917 in Windows Media Services on Microsoft Windows NT and 2000, and Avaya Media and Message Application servers, allows remote attackers to execute arbitrary… | |||
| CVE-2008-1436 | 0.06 | — | 0.37 | Apr 21, 2008 | Microsoft Windows XP Professional SP2, Vista, and Server 2003 and 2008 does not properly assign activities to the (1) NetworkService and (2) LocalService accounts, which might allow context-dependent attackers to gain privileges by using one service process to capture a resource… |
- CVE-2004-0206Nov 3, 2004risk 0.09cvss —epss 0.77
Network Dynamic Data Exchange (NetDDE) services for Microsoft Windows 98, Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows attackers to remotely execute arbitrary code or locally gain privileges via a malicious message or application that involves an…
- CVE-2003-0719Jun 1, 2004risk 0.09cvss —epss 0.83
Buffer overflow in the Private Communications Transport (PCT) protocol implementation in the Microsoft SSL library, as used in Microsoft Windows NT 4.0 SP6a, 2000 SP2 through SP4, XP SP1, Server 2003, NetMeeting, Windows 98, and Windows ME, allows remote attackers to execute…
- CVE-2000-1089Jan 9, 2001risk 0.09cvss —epss 0.77
Buffer overflow in Microsoft Phone Book Service allows local users to execute arbitrary commands, aka the "Phone Book Service Buffer Overflow" vulnerability.
- CVE-1999-0874Jun 16, 1999risk 0.09cvss —epss 0.78
Buffer overflow in IIS 4.0 allows remote attackers to cause a denial of service via a malformed request for files with .HTR, .IDC, or .STM extensions.
- CVE-1999-0256Feb 1, 1998risk 0.09cvss —epss 0.72
Buffer overflow in War FTP allows remote execution of commands.
- CVE-2008-1087Apr 8, 2008risk 0.08cvss —epss 0.57
Stack-based buffer overflow in GDI in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, Vista, and Server 2008 allows remote attackers to execute arbitrary code via an EMF image file with crafted filename parameters, aka "GDI Stack Overflow Vulnerability."
- CVE-2004-0567Dec 31, 2004risk 0.08cvss —epss 0.72
The Windows Internet Naming Service (WINS) in Windows NT Server 4.0 SP 6a, NT Terminal Server 4.0 SP 6, Windows 2000 Server SP3 and SP4, and Windows Server 2003 does not properly validate the computer name value in a WINS packet, which allows remote attackers to execute…
- CVE-2004-1305Dec 23, 2004risk 0.08cvss —epss 0.62
The Windows Animated Cursor (ANI) capability in Windows NT, Windows 2000 through SP4, Windows XP through SP1, and Windows 2003 allow remote attackers to cause a denial of service via (1) the frame number set to zero, which causes an invalid memory address to be used and leads to…
- CVE-2004-0574Nov 3, 2004risk 0.08cvss —epss 0.68
The Network News Transfer Protocol (NNTP) component of Microsoft Windows NT Server 4.0, Windows 2000 Server, Windows Server 2003, Exchange 2000 Server, and Exchange Server 2003 allows remote attackers to execute arbitrary code via XPAT patterns, possibly related to improper…
- CVE-2004-0212Aug 6, 2004risk 0.08cvss —epss 0.67
Stack-based buffer overflow in the Task Scheduler for Windows 2000 and XP, and Internet Explorer 6 on Windows NT 4.0, allows local or remote attackers to execute arbitrary code via a .job file containing long parameters, as demonstrated using Internet Explorer and accessing a…
- CVE-2003-0717Nov 17, 2003risk 0.08cvss —epss 0.63
The Messenger Service for Windows NT through Server 2003 does not properly verify the length of the message, which allows remote attackers to execute arbitrary code via a buffer overflow attack.
- CVE-1999-0278Jun 1, 1998risk 0.08cvss —epss 0.65
In IIS, remote attackers can obtain source code for ASP files by appending "::$DATA" to the URL.
- CVE-1999-0504Jan 1, 1997risk 0.08cvss —epss 0.64
A Windows NT local user or administrator account has a default, null, blank, or missing password.
- CVE-2008-3008Sep 11, 2008risk 0.07cvss —epss 0.55
Stack-based buffer overflow in the WMEncProfileManager ActiveX control in wmex.dll in Microsoft Windows Media Encoder 9 Series allows remote attackers to execute arbitrary code via a long first argument to the GetDetailsString method, aka "Windows Media Encoder Buffer Overrun…
- CVE-2007-5348Sep 11, 2008risk 0.07cvss —epss 0.53
Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8,…
- CVE-2006-2379Jun 13, 2006risk 0.07cvss —epss 0.58
Buffer overflow in the TCP/IP Protocol driver in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows remote attackers to execute arbitrary code via unknown vectors related to IP source routing.
- CVE-2006-0988Mar 3, 2006risk 0.07cvss —epss 0.55
The default configuration of the DNS Server service on Windows Server 2003 and Windows 2000, and the Microsoft DNS Server service on Windows NT 4.0, allows recursive queries and provides additional delegation information to arbitrary IP addresses, which allows remote attackers…
- CVE-2003-0469Aug 7, 2003risk 0.07cvss —epss 0.50
Buffer overflow in the HTML Converter (HTML32.cnv) on various Windows operating systems allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via cut-and-paste operation, as demonstrated in Internet Explorer 5.0 using a long "align"…
- CVE-2008-5232Nov 26, 2008risk 0.06cvss —epss 0.36
Buffer overflow in the CallHTMLHelp method in the Microsoft Windows Media Services ActiveX control in nskey.dll 4.1.00.3917 in Windows Media Services on Microsoft Windows NT and 2000, and Avaya Media and Message Application servers, allows remote attackers to execute arbitrary…
- CVE-2008-1436Apr 21, 2008risk 0.06cvss —epss 0.37
Microsoft Windows XP Professional SP2, Vista, and Server 2003 and 2008 does not properly assign activities to the (1) NetworkService and (2) LocalService accounts, which might allow context-dependent attackers to gain privileges by using one service process to capture a resource…
Page 2 of 14