VYPR

Windows Nt

by Microsoft

CVEs (279)

  • CVE-2006-1184May 10, 2006
    risk 0.02cvss epss 0.30

    Microsoft Distributed Transaction Coordinator (MSDTC) for Windows NT 4.0, 2000 SP4, XP SP1 and SP2, and Server 2003 allows remote attackers to cause a denial of service (crash) via a BuildContextW request with a large (1) UuidString or (2) GuidIn of a certain length, which…

  • CVE-2005-2150Jul 11, 2005
    risk 0.02cvss epss 0.19

    Windows NT 4.0 and Windows 2000 before URP1 for Windows 2000 SP4 does not properly prevent NULL sessions from accessing certain alternate named pipes, which allows remote attackers to (1) list Windows services via svcctl or (2) read eventlogs via eventlog.

  • CVE-2005-1935Jun 13, 2005
    risk 0.02cvss epss 0.27

    Heap-based buffer overflow in the BERDecBitString function in Microsoft ASN.1 library (MSASN1.DLL) allows remote attackers to execute arbitrary code via nested constructed bit strings, which leads to a realloc of a non-null pointer and causes the function to overwrite previously…

  • CVE-2004-0900Jan 10, 2005
    risk 0.02cvss epss 0.26

    The DHCP Server service for Microsoft Windows NT 4.0 Server and Terminal Server Edition does not properly validate the length of certain messages, which allows remote attackers to execute arbitrary code via a malformed DHCP message, aka the "DHCP Request Vulnerability."

  • CVE-2004-0571Jan 10, 2005
    risk 0.02cvss epss 0.31

    Microsoft Word for Windows 6.0 Converter does not properly validate certain data lengths, which allows remote attackers to execute arbitrary code via a .wri, .rtf, and .doc file sent by email or malicious web site, aka "Table Conversion Vulnerability," a different vulnerability…

  • CVE-2004-1049Dec 31, 2004
    risk 0.02cvss epss 0.30

    Integer overflow in the LoadImage API of the USER32 Lib for Microsoft Windows allows remote attackers to execute arbitrary code via a .bmp, .cur, .ico or .ani file with a large image size field, which leads to a buffer overflow, aka the "Cursor and Icon Format Handling…

  • CVE-2004-1361Dec 23, 2004
    risk 0.02cvss epss 0.20

    Integer underflow in winhlp32.exe in Windows NT, Windows 2000 through SP4, Windows XP through SP2, and Windows 2003 allows remote attackers to execute arbitrary code via a malformed .hlp file, which leads to a heap-based buffer overflow.

  • CVE-2004-0569Nov 3, 2004
    risk 0.02cvss epss 0.19

    The RPC Runtime Library for Microsoft Windows NT 4.0 allows remote attackers to read active memory or cause a denial of service (system crash) via a malicious message, possibly related to improper length values.

  • CVE-2004-0124Jun 1, 2004
    risk 0.02cvss epss 0.21

    The DCOM RPC interface for Microsoft Windows NT 4.0, 2000, XP, and Server 2003 allows remote attackers to cause network communications via an "alter context" call that contains additional data, aka the "Object Identity Vulnerability."

  • CVE-2004-0118Jun 1, 2004
    risk 0.02cvss epss 0.22

    The component for the Virtual DOS Machine (VDM) subsystem in Windows NT 4.0 and Windows 2000 does not properly validate system structures, which allows local users to access protected kernel memory and execute arbitrary code.

  • CVE-2004-0123Jun 1, 2004
    risk 0.02cvss epss 0.30

    Double free vulnerability in the ASN.1 library as used in Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003, allows remote attackers to cause a denial of service and possibly execute arbitrary code.

  • CVE-2003-0906Jun 1, 2004
    risk 0.02cvss epss 0.25

    Buffer overflow in the rendering for (1) Windows Metafile (WMF) or (2) Enhanced Metafile (EMF) image formats in Microsoft Windows NT 4.0 SP6a, 2000 SP2 through SP4, and XP SP1 allows remote attackers to execute arbitrary code via a malformed WMF or EMF image.

  • CVE-2003-0660Nov 17, 2003
    risk 0.02cvss epss 0.23

    The Authenticode capability in Microsoft Windows NT through Server 2003 does not prompt the user to download and install ActiveX controls when the system is low on memory, which could allow remote attackers to execute arbitrary code without user approval.

  • CVE-2003-0661Oct 20, 2003
    risk 0.02cvss epss 0.22

    The NetBT Name Service (NBNS) for NetBIOS in Windows NT 4.0, 2000, XP, and Server 2003 may include random memory in a response to a NBNS query, which could allow remote attackers to obtain sensitive information.

  • CVE-2003-0010Mar 24, 2003
    risk 0.02cvss epss 0.24

    Integer overflow in JsArrayFunctionHeapSort function used by Windows Script Engine for JScript (JScript.dll) on various Windows operating system allows remote attackers to execute arbitrary code via a malicious web page or HTML e-mail that uses a large array index value that…

  • CVE-2002-0863Oct 11, 2002
    risk 0.02cvss epss 0.24

    Remote Data Protocol (RDP) version 5.0 in Microsoft Windows 2000 and RDP 5.1 in Windows XP does not encrypt the checksums of plaintext session data, which could allow a remote attacker to determine the contents of encrypted sessions via sniffing, aka "Weak Encryption in RDP…

  • CVE-2002-0421Aug 12, 2002
    risk 0.02cvss epss 0.20

    IIS 4.0 allows local users to bypass the "User cannot change password" policy for Windows NT by directly calling .htr password changing programs in the /iisadmpwd directory, including (1) aexp2.htr, (2) aexp2b.htr, (3) aexp3.htr , or (4) aexp4.htr.

  • CVE-1999-1579Dec 14, 2000
    risk 0.02cvss epss 0.22

    The Cenroll ActiveX control (xenroll.dll) for Terminal Server Editions of Windows NT 4.0 and Windows NT Server 4.0 before SP6 allows remote attackers to cause a denial of service (resource consumption) by creating a large number of arbitrary files on the target machine.

  • CVE-2000-0858Nov 14, 2000
    risk 0.02cvss epss 0.19

    Vulnerability in Microsoft Windows NT 4.0 allows remote attackers to cause a denial of service in IIS by sending it a series of malformed requests which cause INETINFO.EXE to fail, aka the "Invalid URL" vulnerability.

  • CVE-1999-0995Dec 16, 1999
    risk 0.02cvss epss 0.22

    Windows NT Local Security Authority (LSA) allows remote attackers to cause a denial of service via malformed arguments to the LsaLookupSids function which looks up the SID, aka "Malformed Security Identifier Request."

Page 7 of 14