VYPR

Windows Nt

by Microsoft

CVEs (279)

  • CVE-2001-0341Jul 21, 2001
    risk 0.05cvss epss 0.45

    Buffer overflow in Microsoft Visual Studio RAD Support sub-component of FrontPage Server Extensions allows remote attackers to execute arbitrary commands via a long registration request (URL) to fp30reg.dll.

  • CVE-2000-0377Jun 8, 2000
    risk 0.05cvss epss 0.19

    The Remote Registry server in Windows NT 4.0 allows local authenticated users to cause a denial of service via a malformed request, which causes the winlogon process to fail, aka the "Remote Registry Access Authentication" vulnerability.

  • CVE-1999-0980May 16, 2000
    risk 0.05cvss epss 0.23

    Windows NT Service Control Manager (SCM) allows remote attackers to cause a denial of service via a malformed argument in a resource enumeration request.

  • CVE-2000-0073Nov 17, 1999
    risk 0.05cvss epss 0.24

    Buffer overflow in Microsoft Rich Text Format (RTF) reader allows attackers to cause a denial of service via a malformed control word.

  • CVE-1999-0886Sep 17, 1999
    risk 0.05cvss epss 0.22

    The security descriptor for RASMAN allows users to point to an alternate location via the Windows NT Service Control Manager.

  • CVE-1999-0918Jul 3, 1999
    risk 0.05cvss epss 0.30

    Denial of service in various Windows systems via malformed, fragmented IGMP packets.

  • CVE-1999-0288Aug 1, 1998
    risk 0.05cvss epss 0.21

    The WINS server in Microsoft Windows NT 4.0 before SP4 allows remote attackers to cause a denial of service (process termination) via invalid UDP frames to port 137 (NETBIOS Name Service), as demonstrated via a flood of random packets.

  • CVE-1999-0153Jul 1, 1997
    risk 0.05cvss epss 0.23

    Windows 95/NT out of band (OOB) data denial of service through NETBIOS port, aka WinNuke.

  • CVE-1999-0612Mar 1, 1997
    risk 0.05cvss epss 0.68

    A version of finger is running that exposes valid user information to any entity on the network.

  • CVE-1999-0077Jan 1, 1995
    risk 0.05cvss epss 0.31

    Predictable TCP sequence numbers allow spoofing.

  • CVE-2007-1912Apr 10, 2007
    risk 0.04cvss epss 0.14

    Heap-based buffer overflow in Microsoft Windows allows user-assisted remote attackers to have an unknown impact via a crafted .HLP file.

  • CVE-2005-4717Dec 31, 2005
    risk 0.04cvss epss 0.19

    Microsoft Internet Explorer 6.0 on Windows NT 4.0 SP6a, Windows 2000 SP4, Windows XP SP1, Windows XP SP2, and Windows Server 2003 SP1 allows remote attackers to cause a denial of service (client crash) via a certain combination of a malformed HTML file and a CSS file that…

  • CVE-2005-0050May 2, 2005
    risk 0.04cvss epss 0.47

    The License Logging service for Windows NT Server, Windows 2000 Server, and Windows Server 2003 does not properly validate the length of messages, which leads to an "unchecked buffer" and allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary…

  • CVE-2004-0201Aug 6, 2004
    risk 0.04cvss epss 0.45

    Heap-based buffer overflow in the HtmlHelp program (hh.exe) in HTML Help for Microsoft Windows 98, Me, NT 4.0, 2000, XP, and Server 2003 allows remote attackers to execute arbitrary commands via a .CHM file with a large length field, a different vulnerability than CVE-2003-1041.

  • CVE-2002-2073Dec 31, 2002
    risk 0.04cvss epss 0.13

    Cross-site scripting (XSS) vulnerability in the default ASP pages on Microsoft Site Server 3.0 on Windows NT 4.0 allows remote attackers to inject arbitrary web script or HTML via the (1) ctr parameter in Default.asp and (2) the query string to formslogin.asp.

  • CVE-2002-0862Oct 4, 2002
    risk 0.04cvss epss 0.19

    The (1) CertGetCertificateChain, (2) CertVerifyCertificateChainPolicy, and (3) WinVerifyTrust APIs within the CryptoAPI for Microsoft products including Microsoft Windows 98 through XP, Office for Mac, Internet Explorer for Mac, and Outlook Express for Mac, do not properly…

  • CVE-2000-1200Aug 31, 2001
    risk 0.04cvss epss 0.48

    Windows NT allows remote attackers to list all users in a domain by obtaining the domain SID with the LsaQueryInformationPolicy policy function via a null session and using the SID to list the users.

  • CVE-2000-1039Jan 9, 2001
    risk 0.04cvss epss 0.46

    Various TCP/IP stacks and network applications allow remote attackers to cause a denial of service by flooding a target host with TCP connection attempts and completing the TCP/IP handshake without maintaining the connection state on the attacker host, aka the "NAPTHA" class of…

  • CVE-2000-0256Apr 19, 2000
    risk 0.04cvss epss 0.12

    Buffer overflows in htimage.exe and Imagemap.exe in FrontPage 97 and 98 Server Extensions allow a user to conduct activities that are not otherwise available through the web site, aka the "Server-Side Image Map Components" vulnerability.

  • CVE-1999-0819Dec 1, 1999
    risk 0.04cvss epss 0.16

    NTMail does not disable the VRFY command, even if the administrator has explicitly disabled it.

Page 4 of 14