Windows NT 4.0

CVEs (40)

CVE	Vendor / Product	Risk	CVSS	EPSS	Published	Description
CVE-2000-0858	Microsoft Internet Information Server	0.02	—	0.20	Nov 14, 2000	Vulnerability in Microsoft Windows NT 4.0 allows remote attackers to cause a denial of service in IIS by sending it a series of malformed requests which cause INETINFO.EXE to fail, aka the "Invalid URL" vulnerability.
CVE-1999-1132	Microsoft Windows Nt	0.02	—	0.19	Dec 31, 1999	Windows NT 4.0 allows remote attackers to cause a denial of service (crash) via extra source routing data such as (1) a Routing Information Field (RIF) field with a hop count greater than 7, or (2) a list containing duplicate Token Ring IDs.
CVE-2004-0118	Microsoft Windows Nt	0.01	—	0.13	Jun 1, 2004	The component for the Virtual DOS Machine (VDM) subsystem in Windows NT 4.0 and Windows 2000 does not properly validate system structures, which allows local users to access protected kernel memory and execute arbitrary code.
CVE-2001-0543	Microsoft Exchange Server	0.01	—	0.09	Sep 20, 2001	Memory leak in NNTP service in Windows NT 4.0 and Windows 2000 allows remote attackers to cause a denial of service (memory exhaustion) via a large number of malformed posts.
CVE-2001-0509	Microsoft Exchange Server	0.01	—	0.13	Sep 20, 2001	Vulnerabilities in RPC servers in (1) Microsoft Exchange Server 2000 and earlier, (2) Microsoft SQL Server 2000 and earlier, (3) Windows NT 4.0, and (4) Windows 2000 allow remote attackers to cause a denial of service via malformed inputs.
CVE-2000-1227	Microsoft Windows Nt	0.01	—	0.17	Dec 31, 2000	Windows NT 4.0 and Windows 2000 hosts allow remote attackers to cause a denial of service (unavailable connections) by sending multiple SMB SMBnegprots requests but not reading the response that is sent back.
CVE-2000-0403	Microsoft Windows Nt	0.01	—	0.13	May 25, 2000	The CIFS Computer Browser service on Windows NT 4.0 allows a remote attacker to cause a denial of service by sending a large number of host announcement requests to the master browse tables, aka the "HostAnnouncement Flooding" or "HostAnnouncement Frame" vulnerability.
CVE-1999-1157	Microsoft Windows Nt	0.01	—	0.14	Dec 31, 1999	Tcpip.sys in Windows NT 4.0 before SP4 allows remote attackers to cause a denial of service via an ICMP Subnet Mask Address Request packet, when certain multiple IP addresses are bound to the same network interface.
CVE-1999-0815	Microsoft Windows Nt	0.01	—	0.17	Dec 31, 1999	Memory leak in SNMP agent in Windows NT 4.0 before SP5 allows remote attackers to conduct a denial of service (memory exhaustion) via a large number of queries.
CVE-1999-1291	Microsoft Windows 95	0.01	—	0.08	Oct 5, 1998	TCP/IP implementation in Microsoft Windows 95, Windows NT 4.0, and possibly others, allows remote attackers to reset connections by forcing a reset (RST) via a PSH ACK or other means, obtaining the target's last sequence number from the resulting packet, then spoofing a reset to…
CVE-2007-1973	Microsoft Windows Nt	0.00	—	0.01	Apr 11, 2007	Race condition in the Virtual DOS Machine (VDM) in the Windows Kernel in Microsoft Windows NT 4.0 allows local users to modify memory and gain privileges via the temporary \Device\PhysicalMemory section handle, a related issue to CVE-2007-1206.
CVE-2007-1206	Microsoft Windows 2000	0.00	—	0.02	Apr 10, 2007	The Virtual DOS Machine (VDM) in the Windows Kernel in Microsoft Windows NT 4.0; 2000 SP4; XP SP2; Server 2003, 2003 SP1, and 2003 SP2; and Windows Vista before June 2006; uses insecure permissions (PAGE_READWRITE) for a physical memory view, which allows local users to gain…
CVE-2003-0525	Microsoft Windows Nt	0.00	—	0.04	Aug 27, 2003	The getCanonicalPath function in Windows NT 4.0 may free memory that it does not own and cause heap corruption, which allows attackers to cause a denial of service (crash) via requests that cause a long file name to be passed to getCanonicalPath, as demonstrated on the IBM JVM…
CVE-2002-2028	Microsoft Windows Nt	0.00	—	0.01	Dec 31, 2002	The screensaver on Windows NT 4.0, 2000, XP, and 2002 does not verify if a domain account has already been locked when a valid password is provided, which makes it easier for users with physical access to conduct brute force password guessing.
CVE-2002-0366	Microsoft Windows Nt	0.00	—	0.01	Jul 3, 2002	Buffer overflow in Remote Access Service (RAS) phonebook for Windows NT 4.0, 2000, XP, and Routing and Remote Access Server (RRAS) allows local users to execute arbitrary code by modifying the rasphone.pbk file to use a long dial-up entry.
CVE-2000-0259	Microsoft Windows Nt	0.00	—	0.00	Apr 12, 2000	The default permissions for the Cryptography\Offload registry key used by the OffloadModExpo in Windows NT 4.0 allows local users to obtain compromise the cryptographic keys of other users.
CVE-2000-0089	Microsoft Windows Nt	0.00	—	0.02	Feb 4, 2000	The rdisk utility in Microsoft Terminal Server Edition and Windows NT 4.0 stores registry hive information in a temporary file with permissions that allow local users to read it, aka the "RDISK Registry Enumeration File" vulnerability.
CVE-1999-0898	Microsoft Windows Nt	0.00	—	0.04	Nov 4, 1999	Buffer overflows in Windows NT 4.0 print spooler allow remote attackers to gain privileges or cause a denial of service via a malformed spooler request.
CVE-1999-0366	Microsoft Windows Nt	0.00	—	0.06	Feb 8, 1999	In some cases, Service Pack 4 for Windows NT 4.0 can allow access to network shares using a blank password, through a problem with a null NT hash value.
CVE-1999-0496	Microsoft Windows Nt	0.00	—	0.00	Jan 1, 1997	A Windows NT 4.0 user can gain administrative rights by forcing NtOpenProcessToken to succeed regardless of the user's permissions, aka GetAdmin.

CVE-2000-0858Nov 14, 2000
Microsoft
Internet Information Server
risk 0.02cvss —epss 0.20
Vulnerability in Microsoft Windows NT 4.0 allows remote attackers to cause a denial of service in IIS by sending it a series of malformed requests which cause INETINFO.EXE to fail, aka the "Invalid URL" vulnerability.
CVE-1999-1132Dec 31, 1999
Microsoft
Windows Nt
risk 0.02cvss —epss 0.19
Windows NT 4.0 allows remote attackers to cause a denial of service (crash) via extra source routing data such as (1) a Routing Information Field (RIF) field with a hop count greater than 7, or (2) a list containing duplicate Token Ring IDs.
CVE-2004-0118Jun 1, 2004
Microsoft
Windows Nt
risk 0.01cvss —epss 0.13
The component for the Virtual DOS Machine (VDM) subsystem in Windows NT 4.0 and Windows 2000 does not properly validate system structures, which allows local users to access protected kernel memory and execute arbitrary code.
CVE-2001-0543Sep 20, 2001
Microsoft
Exchange Server
risk 0.01cvss —epss 0.09
Memory leak in NNTP service in Windows NT 4.0 and Windows 2000 allows remote attackers to cause a denial of service (memory exhaustion) via a large number of malformed posts.
CVE-2001-0509Sep 20, 2001
Microsoft
Exchange Server
risk 0.01cvss —epss 0.13
Vulnerabilities in RPC servers in (1) Microsoft Exchange Server 2000 and earlier, (2) Microsoft SQL Server 2000 and earlier, (3) Windows NT 4.0, and (4) Windows 2000 allow remote attackers to cause a denial of service via malformed inputs.
CVE-2000-1227Dec 31, 2000
Microsoft
Windows Nt
risk 0.01cvss —epss 0.17
Windows NT 4.0 and Windows 2000 hosts allow remote attackers to cause a denial of service (unavailable connections) by sending multiple SMB SMBnegprots requests but not reading the response that is sent back.
CVE-2000-0403May 25, 2000
Microsoft
Windows Nt
risk 0.01cvss —epss 0.13
The CIFS Computer Browser service on Windows NT 4.0 allows a remote attacker to cause a denial of service by sending a large number of host announcement requests to the master browse tables, aka the "HostAnnouncement Flooding" or "HostAnnouncement Frame" vulnerability.
CVE-1999-1157Dec 31, 1999
Microsoft
Windows Nt
risk 0.01cvss —epss 0.14
Tcpip.sys in Windows NT 4.0 before SP4 allows remote attackers to cause a denial of service via an ICMP Subnet Mask Address Request packet, when certain multiple IP addresses are bound to the same network interface.
CVE-1999-0815Dec 31, 1999
Microsoft
Windows Nt
risk 0.01cvss —epss 0.17
Memory leak in SNMP agent in Windows NT 4.0 before SP5 allows remote attackers to conduct a denial of service (memory exhaustion) via a large number of queries.
CVE-1999-1291Oct 5, 1998
Microsoft
Windows 95
risk 0.01cvss —epss 0.08
TCP/IP implementation in Microsoft Windows 95, Windows NT 4.0, and possibly others, allows remote attackers to reset connections by forcing a reset (RST) via a PSH ACK or other means, obtaining the target's last sequence number from the resulting packet, then spoofing a reset to…
CVE-2007-1973Apr 11, 2007
Microsoft
Windows Nt
risk 0.00cvss —epss 0.01
Race condition in the Virtual DOS Machine (VDM) in the Windows Kernel in Microsoft Windows NT 4.0 allows local users to modify memory and gain privileges via the temporary \Device\PhysicalMemory section handle, a related issue to CVE-2007-1206.
CVE-2007-1206Apr 10, 2007
Microsoft
Windows 2000
risk 0.00cvss —epss 0.02
The Virtual DOS Machine (VDM) in the Windows Kernel in Microsoft Windows NT 4.0; 2000 SP4; XP SP2; Server 2003, 2003 SP1, and 2003 SP2; and Windows Vista before June 2006; uses insecure permissions (PAGE_READWRITE) for a physical memory view, which allows local users to gain…
CVE-2003-0525Aug 27, 2003
Microsoft
Windows Nt
risk 0.00cvss —epss 0.04
The getCanonicalPath function in Windows NT 4.0 may free memory that it does not own and cause heap corruption, which allows attackers to cause a denial of service (crash) via requests that cause a long file name to be passed to getCanonicalPath, as demonstrated on the IBM JVM…
CVE-2002-2028Dec 31, 2002
Microsoft
Windows Nt
risk 0.00cvss —epss 0.01
The screensaver on Windows NT 4.0, 2000, XP, and 2002 does not verify if a domain account has already been locked when a valid password is provided, which makes it easier for users with physical access to conduct brute force password guessing.
CVE-2002-0366Jul 3, 2002
Microsoft
Windows Nt
risk 0.00cvss —epss 0.01
Buffer overflow in Remote Access Service (RAS) phonebook for Windows NT 4.0, 2000, XP, and Routing and Remote Access Server (RRAS) allows local users to execute arbitrary code by modifying the rasphone.pbk file to use a long dial-up entry.
CVE-2000-0259Apr 12, 2000
Microsoft
Windows Nt
risk 0.00cvss —epss 0.00
The default permissions for the Cryptography\Offload registry key used by the OffloadModExpo in Windows NT 4.0 allows local users to obtain compromise the cryptographic keys of other users.
CVE-2000-0089Feb 4, 2000
Microsoft
Windows Nt
risk 0.00cvss —epss 0.02
The rdisk utility in Microsoft Terminal Server Edition and Windows NT 4.0 stores registry hive information in a temporary file with permissions that allow local users to read it, aka the "RDISK Registry Enumeration File" vulnerability.
CVE-1999-0898Nov 4, 1999
Microsoft
Windows Nt
risk 0.00cvss —epss 0.04
Buffer overflows in Windows NT 4.0 print spooler allow remote attackers to gain privileges or cause a denial of service via a malformed spooler request.
CVE-1999-0366Feb 8, 1999
Microsoft
Windows Nt
risk 0.00cvss —epss 0.06
In some cases, Service Pack 4 for Windows NT 4.0 can allow access to network shares using a blank password, through a problem with a null NT hash value.
CVE-1999-0496Jan 1, 1997
Microsoft
Windows Nt
risk 0.00cvss —epss 0.00
A Windows NT 4.0 user can gain administrative rights by forcing NtOpenProcessToken to succeed regardless of the user's permissions, aka GetAdmin.

Page 2 of 2